Quick Android demo being managed by Intune

 :: Posted by John Savill on 09-12-2016

Follow on to my iOS demo video being managed by Intune and Configuration Manager. This time its an Android device showing same data protection and also a non-Microsoft app. Available at https://youtu.be/U8p2N3Plzdk.

New video on publishing corporate apps to iOS with Intune and Configuration Manager

 :: Posted by John Savill on 09-10-2016

Decided to create a video that walked through the exact process to deploy corporate applications to iOS (and Android) through Intune while actually performing the management with Configuration Manager. Additionally I lock it down so corporate data cannot flow from corporate apps to personal apps. Available at https://youtu.be/wfWoLLx8WeA.

 

Automating deployments to Azure IaaS with custom actions

 :: Posted by John Savill on 08-10-2016

Firstly the final scripts of all the content discussed are available here. A video walkthrough is available at https://youtu.be/7bobbg91cQc and included below.

In this post I want to document the results of a POC (proof of concept) I was engaged in for a very large customer. The customer wanted to create single/multi VM environments in Azure for dev/test/QA purposes. The goal was a single command execution that would create the VM and in this case make it a domain controller, install SQL Server 2012 then install SharePoint 2010. For this scenario I decided to use PowerShell rather than JSON just to demonstrate the PowerShell approach since there are already many JSON templates in the gallery around SharePoint deployment.

To enable this solution the high level workflow would be:

  1. Create a new resource group and in that create a new storage account and virtual network (since each environment was to be isolated and by placing in their own resource group the lifecycle management, i.e. deletion, would be simple)
  2. Create a new VM using the created resources
  3. Execute PowerShell inside the VM via the Azure VM Agent to promote the VM to a domain controller then reboot it
  4. After the reboot execute additional PowerShell to create accounts, open firewall exceptions, install SQL Server 2012 then install SharePoint 2010

The unattended installation of a domain controller via PowerShell is very simple. Below is an example that creates a pocdom.local domain.

You will notice in the code I write the AD to the E: drive. This is because in Azure the OS disk by default is read/write cache enabled which is not desirable for databases. Therefore for the VM I add two data disks with no caching; one for AD and one for SQL and SharePoint. The code below is what I use to change the drive letter of the DVD device then initialize and format the two data disks.

The two pieces of code above would be combined into the first boot PowerShell code (with the disk initialization block before the DC promotion code). Once the reboot has completed firewall exceptions for SQL and SharePoint need to be enabled.

Next I need the SQL Server and SharePoint media along with unattended commands to install. I decided to use Azure Files as the store for the installation media. Azure Files presents an SMB file share to the VMs with only the storage account key and name required to access. In my example I place this in the PowerShell script however it could also be injected in at runtime or stored more securely if required. Create a storage account then create an Azure Files share through the portal and take a note of the access key and storage account name.

storaccountkey

Into this share I will copy the SQL Server and SharePoint installation files. The easiest way to upload content is using the free Azure Storage Explorer tool from http://storageexplorer.com/.

Now the details of performing unattended installations of SQL and SharePoint are outside the scope of this write-up as the goal for this is more how to install applications through Azure IaaS PowerShell however at a very high level:

  • To install SQL Server unattended simply requires a configuration file which can be generated by running through the graphical SQL Server setup and on the last page it will show you the location of the configuration file it will use for installation. Simply copy this file and cancel the installation. Copy the SQL Setup structure and the configuration file to the Azure Files share. I place the ConfigurationFile.ini in a separate Assets folder on the share. Then use that setup file with the SQL setup.exe, for example
  • For the SharePoint unattended installation I used the autospinstaller solution which is fully documented at https://autospinstaller.com/ and includes a web based site to create the unattended answer file used by the program. Follow the instructions on the site and copy the resulting structure to the Azure Files share.

My resulting Azure Files share consists therefore of 3 folders:

  • AutoSPInstaller – The SharePoint installation media and AutoSPInstaller solution
  • POCAzureScripts – The SQL configuration script
  • SQLServer2012SP3 – SQL Server installation media

To map to the share, copy the content, trigger the SQL Server installation from the share, dismount the share then trigger the SharePoint installation I use the following (which also adds an account named Administrator as that was a requirement). I would add the firewall exception creation to this code as the secondboot PowerShell file. You will notice I wait for 40 minutes at the end for the SharePoint installation to complete. I run the SharePoint install as a separate, asynchronous job as at the end it asks for key presses to continue so this avoids trying to handle that and after a reboot that will all get cleared up.

At this point I have a firstboot.ps1 and a secondboot.ps1 file. Upload those files into blobs in a container named scripts in the same storage account as the Azure Files. These files will be used as part of the total VM provisioning process.

The final part is to create the VM and use the PowerShell created. In the example code below I create all the resources and use premium storage accounts to maximum performance however any of these parameters can be changed to meet requirements. In the code replace the <storage account name for assets> with the storage account created holding the Azure Files and blob content along with its key. Also change the VM name to something unique since a public IP name will be generated based on this name. If you will deploy this many times add some logic to include some random sequence or perhaps the requesting username. Also include that as part of the resource group, storage account etc name.

In this example I give the VM a public IP so it can be accessed externally and has no NSG to lock down traffic. In reality you may not want the public IP and may add the environment to existing networks with connectivity to on-premises so would connect via private IP but I added public IP to handle worst case connectivity. If you do add a public IP like this example don’t use administrator account and don’t set simple passwords and make sure you configure NSGs to at least lock down traffic. I talk about NSGs at http://windowsitpro.com/azure/network-security-groups-defined and below is example ARM PowerShell to create and add an NSG to a NIC.

Finally if you want to delete the entire environment just run:

 

Walkthrough with Azure Resource Manager

 :: Posted by John Savill on 07-12-2016

I decided to create a brand new walkthrough of creating a VM using the new Azure Portal and using Azure Resource Manager. In this walkthrough I cover Resource Groups, virtual networks, storage accounts, public IPs and Network Security Groups. All while creating and publishing a Minecraft server out to the Internet! Available at https://youtu.be/YuMXm7owGEwand below.

 

90 minute Azure Infrastructure Whiteboard Overview

 :: Posted by John Savill on 06-17-2016

Just finished a brand new 90 minute whiteboarding overview of Azure Infrastructure services so grab your popcorn, kick back and enjoy. Available at https://youtu.be/jJdXDRi_SCg up to 1080 to see all the screen detail :-).

Websites I show in the video include:

Using blob snapshots with Azure IaaS VMs

 :: Posted by John Savill on 06-07-2016

Just created a whole new video using blob snapshots with Azure IaaS VMs. Available at https://youtu.be/WP7-96KQJl0 and also linked below.

Creating a Minecraft server using the new Azure portal

 :: Posted by John Savill on 04-17-2015

A couple of years ago I wrote a basic set of instructions on creating a Minecraft server in Azure. I felt it was time to create a new set of instructions based on the new Azure portal. You need an Azure subscription to follow this tutorial, this could be a subscription you pay for, Azure benefits that are part of an MSDN subscription or even an Azure trial subscription which can be signed up for from http://azure.microsoft.com/en-us/pricing/free-trial/.

Once you have a subscription follow the steps outlined below:

Login to the new Azure portal at https://portal.azure.com. When you first login you will be at the Azure Startboard. Also notice the hub menu on the left hand side which enables access to various resources within Azure. At the bottom of the hub menu is a New button which enables all the different types of Azure service to be created.

AzureStartBoard

Click the New button and under Browse select Compute which opens up the Compute blade with a list of images. Select the Windows Server 2012 R2 Datacenter image.

newcomputer2012r2

The Create VM blade will open which enables the configuration for the new VM to be selected. Notice in the Create VM blade there are some basic properties to be completed such as the name for the VM, a username and a password. Additionally there are options for the size of the VM, optional configurations and location.  The hostname can be anything you wish, for example Minecraft. Enter a username, it cannot be Administrator as this is reserved but could use localadmin. Enter a complex password which needs to be at least 8 characters with a mix of three of the following; lowercase, uppercase, numbers and symbols.

Select the Pricing Tier part to open the pricing tier lens which enables the size of the VM to be selected. The A1 Basic is sufficient for basic testing however if you wanted to host more players the Standard A2 may be a better fit. Standard tier VMs have higher storage IOPS and network performance in addition to load balancing and scale capabilities (which we don’t use for our single instance Minecraft server). Notice there is a View all link to show all the available VM sizes. Select a VM size and click Select.

newvm1

By default a new virtual network is created for the VM along with a new cloud service which owns a Virtual IP that is accessible from the Internet and a random name is selected for the cloud service DNS name. Select Optional Configuration – Network – Domain Name – Create new domain name and type in a name. The name must be unique across all of Azure. You could try Minecraft-<your name> and click OK. As you type the name it will be checked to ensure its unique. This name will be how you can connect to your server, <name>.cloudapp.net. Click OK to the Network blade. Notice by default a new Storage Account will be created to store the virtual hard disks for the new VM however you could change this if desired.

newvm2

On the main Create VM blade select the Location part. This enables the Azure region to be selected where the new VM will be created. Notice there are Azure regions throughout the world so pick one closest to you (or your players!). Close the blade. By default a checkbox is selected “Add to Startboard” that would add the new VM to the Startboard of your subscription. Click Create to create the VM.

The VM will now be created and will take around 5 minutes to be fully provisioned and ready for use. By default the VM will have an OS disk that is 127 GB in size and a temporary disk, the D: drive. Never put any data you care about on the D: drive as this is not persistent and by default will only be used for the pagefile. The OS disk has read and write caching enabled. You can also add data disks which have configurable caching options including no caching which is what is needed for databases and other types of workload that need writes to be persisted directly to disk. We will add a data disk to our Minecraft server for our Minecraft binaries and data files. You will need to wait for the VM to be created before adding the data disk. Select the VM which will open the VMs build and under the Essential lens (a lens is a group of parts that share a common theme) select the All settings link which opens the Settings blade.

Select Disks in the Settings blade and select the Attach New action. By default the maximum size of 1023 GB for a disk is selected with caching disabled. Select the Storage Container part – Choose Storage Account and select the storage account that you used for the Minecraft server. For the Container select the default vhds container. Click OK to create the new data disk. You may wonder why 1023 GB since you have to pay for storage in Azure and your Minecraft world may only be 50 MB which means it would seem you are paying for a lot of wasted space. This is not the case as Azure actually uses sparse storage which means even though you are creating a 1023 GB VHD file in Azure Storage behind the scenes storage is only actually allocated for the data written which is what you pay for.

newvm3

Your VM is now created and has a data disk added to it. The next step is to connect to the new VM. In the VMs blade select the Connect action. This will download an RDP file which can either be opened or saved to disk so the exact options such as display size etc can be changed. The RDP file is populated with the DNS name of the cloud service that contains the Minecraft VM and the port for the RDP endpoint for the specific VM.

vmactions

You are now connected to your Azure VM. Open Explorer and you will see your OS C: drive and the temporary storage drive D: but the data disk we added is not shown because it has not yet been initialized or formatted. Open the Disk Management MMC snap-in (Start – Run – diskmgmt.msc). When the snap-in opens it will inform you of a new disk and offer to initialize. Click OK. Once the disk is online right click on the disk and select New Simple Volume. Except all the defaults. Notice on the Format Partition dialog enter a label for the Volume label such as Data and make sure “Perform a quick format” is selected. This is critical in Azure as remember that sparse storage? If you don’t perform a quick format every block of the disk will be written to which means you would then pay for the full 1023 GB size. Complete the dialogs to create the new data disk.

formatquick

Navigate back to Explorer and the data disk will now be visible. Select the data disk and create a folder called Minecraft.

Open Internet Explorer and navigate to https://minecraft.net/download. In the Multiplayer Server area download the latest server binary and save to the Minecraft folder that you created on the data disk. I normally rename this download to minecraft_server.exe and remove the version number from the name. You also need to download and install Java. This can be downloaded from https://www.java.com/en/download/manual.jsp and select the 64-bit version. During the Java installation you likely want to unselect the options to install and set Ask as the default!

You are now ready to get Minecraft running. I recommend creating a batch file to launch the Minecraft server which will configure it to use more memory. I save the following to a file (minecraft.bat) and place in my Minecraft folder. This launches Minecraft server and set it to use 2 GB of memory:

“C:\Program Files\Java\jre1.8.0_45\bin\javaw.exe” -Xms2048m -Xmx2048m -jar “Minecraft_Server.exe”

Run the batch file. Once it has run open the eula.txt and change the false to true then rerun the minecraft.bat file which will now launch the Minecraft server service however it is not usable yet.

Minecraft clients communicate to the server on port 25565 which by default is blocked by the Windows Firewall. You need to create a firewall exception. Click Start and type firewall. This will find the Windows Firewall with Advanced Security application. Launch it. Select Inbound Rules and select the New Rule action. Select a type of Port in the New Inbound Rule Wizard and click Next. In the next page select TCP and type in port 25565 then click Next. Accept the defaults to Allow and for all types of profile and on the final page enter a name of Minecraft Server. Click Finish.

firewallport

There is one final action. The VM created sits within a cloud service and the cloud service has the publically accessible IP address. Endpoints are created on that IP address which enable communications on specific ports to be forwarded to specific ports on VMs in the cloud service. You already used one of these endpoints when you RDP’d to the VM earlier, that is using an automatic endpoint that was created to enable RDP access to the VM from the Internet. We will add a new endpoint for the Minecraft port. Open the VMs blade in the Azure portal and select All settings. Select Endpoints where you will see the existing endpoints created. Click Add. Enter a name of Minecraft and set the public and private port to 25565 then click OK.

endpoint

You are now ready to use your new Minecraft server. Launch the Minecraft client and select Multiplayer. Click Add Server and for the Server Address use your cloud server DNS name, e.g. minecraft-savill.cloudapp.net and click Done.

minecraftclient

Select your new server and click Join Server.

minecraftclient2

And play!

minecraftclient3

As an optional step you probably want to make yourself an operator for your server. Add to the ops.json file. http://conoroneill.net/creating-a-valid-ops-file-in-json-format-for-minecraft-179 walks through this process and links to http://minecraft-techworld.com/uuid-lookup-tool to find your UUID for your account.

For more information on Azure check out my new book and free Windows application.

AzureBookCover AzureAppPicture

 

 

 

Azure Network Security Group and Fault Domain videos

 :: Posted by John Savill on 04-16-2015

Created two new videos. One on Network Security Groups, the other on understanding Fault and Update Domains in Azure. Enjoy!

Two new Azure videos

 :: Posted by John Savill on 04-09-2015

Create two new videos.

Azure Preview Portal Walk-through – https://youtu.be/6kkq-AEHetc

Azure Site Recovery Walk-through – https://youtu.be/ErYUPsyGazA

Mastering Azure IaaS Windows 8.1 App Available!

 :: Posted by John Savill on 04-07-2015

In preparation for my new book, Mastering Microsoft Azure Infrastructure Services (http://www.amazon.com/Mastering-Microsoft-Azure-Infrastructure-Services/dp/111900327X/) which comes out end of this month I have completed the companion application.

The application contains all the links and code from the book in addition to videos to help understand the concepts. The app checks for updated content each time it launches and I’ll be continually adding new content to the app so check it often.

You can download the application at http://apps.microsoft.com/windows/en-us/app/mastering-azure-iaas/da00e633-4a99-4194-86c5-71f17b723ad8. or search the Windows Store for SavillTech.

AzureIaaSApp

I also updated the Hyper-V application with a bug fix related to scrolling at http://apps.microsoft.com/windows/en-us/app/mastering-hyper-v-2012-r2/fe7f6602-1c88-412e-9d88-4cc83480e402.