Azure

Picking an Azure Virtual Machine Tier

This post is a part of a series:

Understanding Microsoft’s Explanation of Azure VM Specs
The Different Azure Virtual Machine Types
Picking an Azure Virtual Machine Tier (this post)
Azure Virtual Machine Specs

If you are looking at deploying an A-Series virtual machine in Azure then there are two tiers to choose from:

Basic
Standard

There are a few differences between the two tiers.

Load Balancing

You can load balance Standard tier virtual machines for free. This includes external and internal load balancing. Note that this is port-level load balancing, not application layer. If you want to do load balancing at the application layer then look in the Azure marketplace for some appliances. There you’ll find well known names such as Kemp, Citrix, and more.

There is no load balancing with Basic tier VMs.

Auto-Scaling

Say a business needs to handle unpredictable peak capacity, without human effort or lost business opportunities. This might be a few times a day or every few weeks. How do they do it? The old way was to deploy lots of machines, load balance them, and eat the cost when there was no peak business … no seriously … they deployed enough for normal demand and lost business during periods of peak demand. Auto-scaling says:

Deploy the Standard tier VMs you need to handle peak demand
Power up VMs based on demand
Power down VMs when demand drops
And it’s all automatic using rules you define

VMs are billed based on storage consumed (very cheap) and hours running. So those VMs that aren’t running incur very little cost, and you only generate more costs when you are generating more business to absorb those costs.

There is no auto-scaling with Basic tier VMs.

IOPS

A virtual machine can have 1 or more data disks, depending on the spec of the VM. Basic tier VMs offer a max IOPS of 300 per data disk. Standard tier VMs offer a max IOPS of 500 per data disk. If a VM has more than one data disk then you can aggregate the IOPS potential of each data disk of that VM by mirroring/striping the disks in the guest OS.

Higher Specs

The highest spec Basic A-Series VM is the Basic A4 with 8 vCPUs (AMD processor on the physical host), 14 GB RAM, and up to 16 data disks. Basic VMs can only have 1 vNIC.

Standard A-Series VMs include similar and higher specs. There are also some higher spec Standard A-Series that offer Xeon processors on the host, a lot more RAM, and even an extra Infiniband (RDMA) 40 Gbps NIC.

Examples

I need a pair of domain controllers for a mid-sized business. I’ll probably opt for Basic tier VMs, such as the Basic A2, because I can’t use load balancing or auto-scaling with domain controllers. I don’t need much IOPS for the data disk (where SYSVOL, etc will be stored) and DC’s have a relatively light workload.

What if I want an application that has no software-based load balancing and will need somewhere between 2 and 10 VMs depending on demand? I need load balancing from the Azure fabric and it sounds like I’ll need auto-scaling too. So I’ll opt for a Standard A-Series VM.

Technorati Tags: Azure,Virtualisation,Cloud,Cloud Computing,Hybrid Cloud

Microsoft News – 30 September 2015

Microsoft announced a lot of stuff at AzureCon last night so there’s lots of “launch” posts to describe the features. I also found a glut of 2012 R2 Hyper-V related KB articles & hotfixes from the last month or so.

Hyper-V

The uptime value of the Hyper-V Management console changes to the resume time of the last pause on Windows Server 2012 and Windows Server 2012 R2: The uptime value of the Hyper-V Management console changes to the resume time of the last pause instead of the time when backup completed
A virtual machine that is running on Windows Server 2012 R2 may not start: Not enough memory in the system to start the virtual machine ‘<Virtual Machine Name>’.
Non-queued commands are sent to disk controller on a Windows Server 2012 R2-based Hyper-V host server: A solution to a non-described issue – how weird!
Cluster service stops during the VSS backup in a Windows Server 2012 R2-based Hyper-V cluster: When multiple VSS backups are in progress, the cluster service may crash because of inconsistent state in the CSV VSS provider. Then, all virtual machines go offline because of the CSV failure.
Hyper-V storage migration failure and “ERROR_BAD_COMMAND” error in Windows Server 2012 R2 or Windows Server 2012: You get “Migration did not succeed. Not enough disk space at ‘\’. ” when doing Storage Live Migration to a CSV or Hyper-V Replica stops with ERROR_BAD_COMMAND.

Windows Server

Applications can’t perform I/Os in Windows Server 2012 R2: When a disk fails or isn’t responsive and a large number of I/O port transitions are pending, I/Os may be stalled because the storage adapter is paused and will be resumed after a time-out period as specified by the miniport.
Changed cluster properties revert to default values on cluster nodes that run Windows Server 2012 R2 or Windows Server 2008 SP2: ameSubnetDelay, SameSubnetThreshold, CrossSubnetDelay, or CrossSubnetThreshold properties revert to original values.
Cluster services go offline when there’s a connectivity issue in Windows Server 2012 R2 or Windows Server 2012: The cluster nodes in both datacenters lose quorum and fail when a connectivity issue occurs between datacenters.

Using Azure Automation to take action on Azure Alerts: Reduce human effort by automation solutions to recurring problems.
Announcing expanded Microsoft Azure support for financial services customers: Adding European Network and Information Security Agency (ENISA) Information Assurance Framework (IAF) and the Shared Assessments Program (formerly known as BITS Shared Assessments).
Microsoft ExpressRoute – Office 365, Azure Government Cloud, more partners, simplified billing: Place equipment (e.g. SANs) in Microsoft “Meet-Me” locations with low latency connections (1-2 ms) to Azure.
Azure Container Service – Now and the Future: Azure Container Service builds on our work with Docker and Mesosphere to create and manage scalable clusters of host machines onto which containerized applications can be deployed, orchestrated, and managed.
Making the cloud more secure: Azure Security Center—a new Azure service that gives you visibility and control of the security of your Azure resources without impeding agility, and helps you stay ahead of cyber threats even as they evolve.
Azure File Storage, now generally available: Shared storage for APPLICATION data. This is not for user files.
How to use Azure File storage with Windows: Here are the Linux instructions.
Azure Storage Improvements: A roundup, including Premium Storage improvements and region support of Import/Export.
Monitor your Azure RemoteApp environment with OpInsight – Part 3: Monitoring the usage of your Azure RemoteApp collection.

Office 365

Announcing general availability of ExpressRoute for Office 365: This direct connection offers customers more predictable network performance, an SLA for guaranteed availability and additional data privacy.
Office 365 release options: Why am I not getting the Office 365 Click-To-Run update from Office 365? Are you in the Standard Release or First Release update rings?

EMS

Microsoft Intune Company Portal for Android: A new version.

Technorati Tags: Hyper-V,Windows Server 2012 R2,Windows Server 2012,Backup,Failover Clustering,DR,Azure,Cloud,Cloud Computing,Hybrid Cloud,PowerShell,Scripting,Networking,Containers,Storage,Remote Desktop Services,Office,Office 365,EMS,Intune

Clarifying Some Of Yesterday’s Azure Announcements

Yesterday, Microsoft marketing published a blog post where they said a lot of things about new services, features, and locations for Azure. Let’s just say that some content in the announcement was less … correct or clear than one might hope for. I’m not saying that this was deliberate, but there is a history of this in Microsoft – Mary Jo Foley and Paul Thurrott joke that this is why they have jobs!

Microsoft announced that 3 new regions went live in India yesterday. I tried a few times to create stuff in those regions, but none of the new regions appeared in my personal subscription (MSDN) or my work one (Open VL). I guessed that “ went live today” meant at some time during the day in the PDT time zone, so I decided to wait until the next morning (Irish time) but India was still not there. So I went looking.

So the India regions are live, but like the Australian and New Zealand regions, they are not available to me because I do not have a business presence in India (or Australia and New Zealand).

The announcement also said:

The general availability of Azure Backup of application workloads. Included as part of Microsoft Operations Management Suite, Azure Backup now supports direct backup of SQL Server, SharePoint, and Microsoft Dynamics.

There are three things that I could have read from that statement (please note that both of the following are incorrect):

Azure Backup MARS agent now can backup applications without DPM and without Project Venus
This service is live now
Azure Backup only comes with OMS

I asked my contacts for some clarification. Project Venus is still happening and it is the only way that Azure Backup will be eventually able to directly backup applications. Project Venus is not GA yet, but will be soon – you can bet that I’ll blog about it! I’ve stung Marketing before over the hints that Azure Backup is only available in OMS – that is simply not true; yes, AB credit is included in the add-on, but the full AB service is available to anyone with an Azure subscription.

There might be more incorrect information in that announcement that I’m currently unaware of.

I wish these announcements were more clear and correct. If you’re honest and describe the plans with some sort of timeline then we’ll forgive things that aren’t perfect. But if we are lead on a wild goose chase, wasting time and money, to find contradicting facts buried elsewhere, then we think less of the company making the announcement.

Technorati Tags: Azure,Cloud,Cloud Computing,Hybrid Cloud,Backup

News for IT Pros from AzureCon

Microsoft announced a bunch of new stuff in the Azure world today for AzureCon. Here’s a summary of the stuff relevant to IT pros. Azure is growing still:

Azure Container Service

Microsoft describes this as:

… an open source container scheduling and orchestration service which builds on our partnerships with both Docker and Mesosphere, as well as our contributions to open source projects in this space.

This gives you Docker service delivery and Apache Mesos orchestrator. Other pieces included are Marathon for launching/scaling container-based application and Chronos, offering distribute cron job and batch workload management.

Azure Container Service will be in preview before the end of 2016.

Note that in the above slide (presented at AzureCon by Scott Guthrie) mentions the future on-premises Azure Stack.

More Regions

Three new regions just opened in India:

Central Indi (Pune)
South India (Chennai)
West India (Mumbai)

That should add about 60 new jobs to the Indian economy – it doesn’t take much labour to run one of these regions! Azure is available now, O365 will be there in October, and Dynamics CRM will come in H1 2016.

Azure Security Center

This is similar to something that was launched for O365 recently. Azure Security Center is:

… an integrated security solution that gives customers end to end visibility and control of the security of their Azure resources, helping them to stay ahead of threats as they evolve.

This solution integrates with partner solutions from the likes of Barracuda, Checkpoint, Cisco, CloudFlare, F5 Networks, Imperva, Incapsula, and Trend Micro.

You’ll get the usual monitoring and policy management, but ASC will also use information about global threats and your environment to make recommendations; that’s an interesting development! ASC will be broadly available by the end of 2016.

Guthrie said at AzureCon that there is DDOS detection built into this service.

Easier deployment of security appliances. And there’s best practices and scanning of network security groups (Extended Port ACLs in Azure). There is security alerting, that ingests data from the various partner vendors. Hadoop is analysing this data. SQL injection and DDOS attacks will appear in the alerts, maybe even pinpointing the location of those attacks.

This is a huge achievement of integrated advanced services.

N-Series VMs

This had to come – N-Series VMs can be thought of as the NVIDIA VMs, because that’s exactly what they are, VMs with GPU capabilities. GPUs are great for graphic and compute intensive workloads. N-Series will be available in preview in the coming months, and will feature:

… NVIDIA Tesla Accelerated Computing Platform as well as NVIDIA GRID 2.0 technology, providing the highest-end graphics support available in the cloud today.

I think I heard Guthrie say that N-Series has Infiniband networking.

DV2 D-Series Virtual Machines

DV2 is D-Series Version 2 virtual machines. These VMs use a customized 2.4 GHz Intel Zeon E5 v3. With turbo boost 2.0 the clock can run up to 3.2 GHz, making it 32% faster than current D-series VMs.

Other News

Some bullets:

The general availability of ExpressRoute for O365 and Skype for Business, as well as the ability to connect to Microsoft Azure’s Government Cloud via ExpressRoute.
New pricing plans for ExpressRoute. Effective Oct 1st 2015, customers will have two different data plans for their ExpressRoute connections.
A8-A11 VM instances will be reduced in price by as much as 60%, starting Oct 1st. They needed this – it’s been much cheaper to run big workloads in traditional hosting or on-premises.
Azure File Storage is GA. Whoah – it’s based on SMB 3.0!
The general availability of Azure Backup of application workloads … Hmm, I’m reading this in-between the lines as the start of Project Venus, and “direct” might not be “direct”. [EDIT] It was confirmed to me that this is Project Venus, and it is not live yet.
Upcoming availability of Azure Resource Health, a new service that exposes the health of each of Azure resources such as Virtual Machines, websites and SQL Databases to help customers quickly identify the root cause of a problem.

Lots of stuff there to keep the Azure bigwigs busy in their AzureCon keynotes.

Technorati Tags: Azure,Virtualisation,Networking,Cloud,Cloud Computing,Backup,Hybrid Cloud

Understanding Microsoft’s Explanation of Azure VM Specs

This post is a part of a series:

Understanding Microsoft’s Explanation of Azure VM Specs (this post)
The Different Azure Virtual Machine Types
Picking an Azure Virtual Machine Tier
Azure Virtual Machine Specs

I have a great laugh when I am in front of a room and explaining Microsoft’s Azure VM specs to people. Take a look at this screenshot from the pricing site:

Let me ask you a few questions about the Basic A1 VM:

How much disk space does that VM have?
How many data disks can that VM be allocated?
What is the max IOPS of each data disk?
What are the maximum number of virtual NICs can that VM have?

Let me give you a clue:

The answer is not 40 GB
You don’t have enough information
You don’t have enough information
You don’t have enough information

We have answered 1/4 questions from the pricing site.

Let’s go dig for information on the Sizes For Virtual Machines page. Here we get a different set of information:

Let’s try answer those questions about the Basic A1 again:

The answer is not 1063 (1023 + 40) GB
A maximum of 2 data disks is correct
Each data disk can have up to 300 IOPS. With 2 data disks, we can have an aggregate of 600 IOPS using Storage Spaces, etc, in the guest OS
You still don’t have enough information.

OK, we now can answer 2/4 questions correctly! Let’s go to a reliable tool: Google. I found Create A VM With Multiple NICs. There I have found the below:

Now I can update my answers:

The answer is not 1063 (1023 + 40) GB
A maximum of 2 data disks is correct
Each data disk can have up to 300 IOPS. With 2 data disks, we can have an aggregate of 600 IOPS using Storage Spaces, etc, in the guest OS
A Basic A1 VM can have 1 virtual NIC

OK, would someone please tell me how much storage space will be consumed if I deploy a Basic A1 VM with Windows Server?!?!?!?!

The answer is that the C: drive of any Windows Server VM that is deployed from the Marketplace is 127 GB. The D: drive (a temporary drive that you should not store persistent data on) is indicated in the pricing. So, the Basic A1 VM will deploy a 127 GB C: drive and a 40 GB D: drive.

How much disk space does that VM have? 167 GB.
How many data disks can that VM be allocated? 1 maximum of 2.
What is the max IOPS of each data disk? 300 IOPS.
What are the maximum number of virtual NICs can that VM have? It can have 1 vNIC.

[EDIT]

I found another nugget of information today while pricing up DS-Series and GS-Series virtual machines. Microsoft says that DS-Series cost the same as D-Series. That’s no longer the case; D-Series was reduced in price on Oct 1st 2015, and DV2-Series was introduced as an upgrade. Now DS-Series costs the same as Dv2-Series at this time. GS-Series is still (at this time) the same price as G-Series.

If only there was a website with that information!

Technorati Tags: Azure,Virtualisation,Storage,Networking

Upgrade An Azure-Hosted Service By Moving A VIP To A New Cloud Service

Last Friday I talked about how you could reserve and manipulate cloud service VIPs. In this post I’m going to show you how to “upgrade” a service by moving to a new installation of that service running in a new cloud service – this can be done by moving the VIP of the original cloud service to the new cloud service.

Have you wondered how you will upgrade your WS2012 R2 VMs to WS2016 in Azure? The answer is that you won’t. You will have to migrate services to new VMs. Here’s a way to do that migration. This process will keep the original installation running while the new service is being built. Once ready, the VIP (the public IP of the original service) is migrated to the newer cloud service. If all goes well, you remove the old cloud service. If all sucks, you migrate the VIP back to the original cloud service.

In my lab I have two cloud services:

OldWeb: This runs a WS2012 R2 VM with IIS
NewWeb2016: This runs a WS2016 VM with IIS

Let’s say I have a site called http://www.joeelway.com. The A records for joeelway.com and http://www.joeelway.com will point to this VIP of the OldWeb cloud service; this is what allows a browser to connect to that site. If I don’t have a reserved VIP then I can create one easily enough with:

New-AzureReservedIP -ReservedIPName "WebsiteVIP" -Location "North Europe" -ServiceName "OldWeb"

This will reserve the existing IPv4 address that is used by OldWeb with the cloud service. This is a non-disruptive change that simply fixes the existing IP address with the cloud service. I can continue to browse to the website using the same VIP as when it was dynamic.

Now I can build up a new web application using the NewWeb2016 cloud service. This has zero impact on the OldWeb cloud service, running side-by-side but using a different (probably dynamic) VIP:

The A records for the joeelway.com domain continue to point at the reserved VIP for OldWeb, so users are still going to the old service.

And then we plan a switchover, with all of the necessary data copy/replication/synchronisation, change controls, reviews, communications, etc. How do I make the change? It’s simple; we run two cmdlets to change the reserved IP association.

The first cmdlet will remove the association of the reserved VIP from the OldWeb cloud service. This forces the old service to get a new dynamic VIP:

Remove-AzureReservedIPAssociation -ReservedIPName "WebsiteVIP" -ServiceName “OldWeb”

This cmdlet takes a few minutes to run so plan for the associated outage that will be caused. The A records for the joeelway.com domain continue to point at the reserved VIP, which is no longer associated with a service. If you browse to the VIP the connection will time out:

We want to avoid such a time out experience for the site’s users so we will very quickly associate the VIP with the new cloud service to minimise downtime (scripting is perfect for this!):

Set-AzureReservedIPAssociation -ReservedIPName "WebsiteVIP" -ServiceName "NewWeb2016"

The A records continue to resolve to the reserved VIP, and now the VIP is associated to the new cloud service:

If all goes well, you can decommission the old cloud service (VMs, etc), but you can leave them running for a little while as a rollback plan:

Remove the VIP association from the new cloud service
Set the VIP association with the old cloud service

You have to admit that, even if you are a PowerShell hater, this is a nice way to switch clients to a new version of a service.

Technorati Tags: Azure,Networking,PowerShell,Scripting

Microsoft News – 28 September 2015

Wow, the year is flying by fast. There’s a bunch of stuff to read here. Microsoft has stepped up the amount of information being released on WS2016 Hyper-V (and related) features. EMS is growing in terms of features and functionality. And Azure IaaS continues to release lots of new features.

Hyper-V

The Mysterious Case of Infrequent Network Connectivity Issues on 2 Hyper-V VMs Out of 40 Guests: Some PowerShell troubleshooting.
Storage Migration “Operation not allow for VM because Hyper-V State is yet to be initialized from Virtual Machine Configuration” (0x80070015): A fix or workaround to solve this problem.
Missing Hyper-V VMs on Windows 10 – Build 10547: A bug in this insider build hides non v5.0 VMs.
Hyper-converged with Windows Server 2016: Run your storage (Storage Spaces Direct, not SOFS) and Hyper-V cluster on the same hardware.
Configuring site awareness for your multi-active disaggregated datacenters: Solving one of the biggest issues with using Failover Clustering as a DR solution.
Introduction to Linux and FreeBSD on Hyper-V: The Linux Integration Services (LIS). Note that LIS 4.0 can be installed on some distros that have previous versions of LIS built in.
Running Hyper-V on Nano in Windows Server 2016 TP3: For you large scale customers that can afford to lose a host.
Running Nano from Windows Server 2016 TP3 on Hyper-V: Teeny tiny VMs for running born-in-the-cloud services.
Do you know how fast your disks are? I’ve seen expensive customer deployments with over-specced hosts and sh1te SANs where one ordinary VM could effectively shut down the cluster because the SAN couldn’t keep up.
Virtual Machine Storage Resiliency in Windows Server 2016: A very nice resiliency feature from the Hyper-V storage folks.

Windows Client

Windows 10 servicing and deployment guidance now available: Learn about Windows as a Service.
Introduction to Windows 10 servicing: How enterprises can keep devices current with the latest feature upgrades, make better use of Windows Update, and what the new servicing options mean for support lifecycles.
Windows 10 – Reducing the disk footprint: how to deploy Windows 10 with the new smaller installation footprint – great for machines with smaller storage (tablets and ultrabooks)

Azure

Azure Backup – Announcing general availability of backup for Azure IaaS VMs: This vital service for VMs has gone GA with a number of improvements.
Azure Backup of IaaS VMs Generally Available: A post I wrote for Petri.com.
Remote Desktop Services DR Solution using ASR – Guidance: A best practices guide from Microsoft.
SharePoint DR Solution using ASR – Guidance: A best practices guide from Microsoft.
Microsoft Exchange DR Solution using ASR – Guidance: A best practices guide from Microsoft.
A VM that Azure Site Recovery helps protect goes into a resynchronization state: Each VHD must be 1023 GB or less.
Source Control Integration in Azure Automation: Manage your automations scripts.
Monitor your Azure RemoteApp environment with OpInsight – Part 1: A nice hack.
Monitor your Azure RemoteApp environment with OpInsight – Part 2: Continuing the hack.
Microsoft showcases the Azure Cloud Switch (ACS): Linux? Linux! Linux?! Yes; Linux.
September update – Azure Preview Portal improvements: Ibiza continues to evolve in the very long preview. This is starting to feel like the GMail beta. There are some good improvements here, but the lateral scale of the UI needs to be chopped by 80%, or we should get an 80″ Surface Hub for free with every Azure subscription.
Use Azure as Virtual DR Site for VMware and Physical Servers: A post I wrote for Petri.com.
August updates to Azure RemoteApp: Some updates.
How does Azure RemoteApp save user data and settings? I really do not like this solution – I prefer to use a virtual file server with domain membership on the VNet because I have some measure of control.
ADFS Publishing via Azure Traffic Manager : Ah yeah, geo-redundant ADFS.

System Center

Near Real-time Performance Data Collection in OMS: Could this be the start of the replacement of SCOM with a cloud service?
Deploy Software Defined Networks using Virtual Machine Manager : A document based on TP3 of System Center 2016.
2nd Edition of Microsoft System Center: Building a Virtualized Network Solution now available and free to download: Featuring Irish MVP, Damian Flynn.
How to Deploy Host Guardian Service using Service Templates in VMM Tech Preview 3: The new WS2016 Hyper-V security feature.

Office 365

The New Office is Here: In case you missed it, Office 2016 launched this week. O365 customers will get is based on which servicing branch they are in. You might not see it for months if you are in the Current Branch for Business (Pro Plus plans default to this).
What’s new in Office 2016: Why should you upgrade, and what should you look for if you have upgrade rights?
Admins—get ready for Office 2016, rollout begins September 22: I’d tweeted several months ago that I’d heard September was the month, so I am not surprised at all.
Announcing the Office 365 Service Trust Portal: STP is a service feature in Office 365 designed to provide deeper information on how Microsoft manages security, compliance and privacy.
Office 365 Import Service—migration to SharePoint Online and OneDrive for Business just became easier: An out-of-band transfer using hard disks, similar to the Azure import service.
Introducing Office 365 Planner: A “simple and highly visual way to organize teamwork”.
Step-By-Step – Setting up AD FS and Enabling Single Sign-On to Office 365: Set up single sign-on.
How to use your Office 365 subscription with Azure RemoteApp: There’s a new “with O365” template that you can use now. Use your ProPlus installation rights in Azure’s RDS.

EMS

Coming soon – New features for managing Windows 10 and iOS devices: New features between September 25 and October 5.
Day Zero Support for iOS 9 with Intune: Manage your iPhones and iPads.
Azure Active Directory B2B collaboration: Inter-company federation via Azure AD.
Azure AD Premium Dashboard is in preview: Microsoft has turned on the Azure Active Directory Premium Dashboard – available in North America only at this point.
Azure AD B2C and B2B are now in Public Preview:
Learn all about the Azure AD B2B Collaboration Preview: Learn more about the Biz-2-Biz preview.

Security

Tracking a Bluetooth Skimmer Gang in Mexico: A whole new way of skimming your card at the ATM, thanks to the ATM engineers.
Tracking Bluetooth Skimmers in Mexico, Part II: More on this story.
Who’s Behind Bluetooth Skimming in Mexico? A very professional criminal operation.

Miscellaneous

Microsoft heads back to court on September 9th: A post I wrote about the Irish datacenter and US warrant appeal.

Technorati Tags: Microsoft,Hyper-V,Virtualisation,Failover Clustering,Storage,Storage Spaces,Linux,Windows 10,Azure,Cloud,Cloud Computing,Hybrid Cloud,Backup,Remote Desktop Services,DR,Active Directory,System Center,VMM,Security,Office,Office 365,Licensing,EMS,Intune

AzureCon – A Free Online Azure Conference

Microsoft is hosting a free online conference featuring Azure called AzureCon, starting tomorrow (Tuesday 29th) at 5pm UK/IE time, 9am PDT.

There is a mixture of level 200 and 300 content that is aimed at IT Pros, including:

Azure for IT implementors (Mark Russinovich): By now you will have heard of Azure and probably have been lost in a plethora of terminology: virtual networks, web apps, worker roles, virtual machines, Azure Active Directory, compute, REST APIs, blobs—the list goes on and on. Doesn’t it just make your head hurt? Come to this session and understand what Azure is, what can be done with it, and what role you can take as an IT pro. Gain a thorough understanding of the components of Azure. Learn how you can integrate on-premises and cloud services, creating solutions for the future. The session is packed with demos.
Azure IaaS: proper sizing and cost (Robert Davis): Two of the most frequently asked questions about moving to Azure IaaS are “How do I size it?” and “What will it cost me?” These questions aren’t easy to answer. Many tools will tell you how to move an on-premises computer to an Azure virtual machine assuming that what you have now is exactly what you need in Azure. In this session, you’ll learn that it is possible to accurately determine what size Azure virtual machines you need and how to calculate the most cost-effective way to move to Azure. You’re moving to better, faster hardware, so why would you need the exact same number of virtual machines with the exact same memory and CPUs? Servers can be consolidated and sized appropriately when the recommendations are based on analysis of the actual performance of the existing servers with a mind for consolidation using very precise calculations of the performance capabilities of the Azure environment. In addition to performance, you can accurately determine your best options based on costs for Azure in terms of storage, storage transactions, networking, and Microsoft SQL Server licensing. Would you be better off moving 5 on-premises servers on a standard A7 virtual machine or would 3 servers on a standard A5 and the other 2 on a basic A3 be more cost effective? This can be calculated.
Deciding between different virtual machine sizes (Kenaz Kwa): Azure provides a wide range of virtual machine sizes for any workload that you might want to run. Trying to decide which size is right for your workload can seem challenging. Join this session to find out about some of the considerations for selecting virtual machine sizes and learn the differences between different virtual machine size families and their regional availability.
Bring Azure to your datacenter with Azure Stack (Anant Sundaram): Modernization of on-premises infrastructure, hybrid approaches, and new models for application delivery all make it possible for IT to help drive business value and transformation. Learn how, with the recently announced Azure Stack, to bring the innovation from our hyper-scale datacenters into yours, enabling agility and productivity for application owners, with flexibility and control for IT.
Increase productivity and enhance security with enterprise mobility (Adam Bresson): The rapid growth of mobile devices combined with ubiquitous access to cloud services is changing the way people use devices to get work done. In this session, learn how to deliver enterprise mobility with consistent experiences that enable users to work on the devices they choose, while providing a unified infrastructure for managing applications and protecting corporate data.

This event is starting late for us Europeans. I wish MSFT would repeat this at Euro time zones. Note that the upcoming cloud road show has an audience reach that is too limited.

How to Reserve The VIP Of An Azure Cloud Service

Microsoft announced earlier this year that we would have the ability to reserve the public IP address (virtual IP or VIP) of a cloud service in Azure. I’d love that:

VIPs are non-reserved by default, so if your cloud service is suspended (maybe all VMs are shutdown) then you get a different VIP afterwards. That causes mayhem with traditional DNS.
I’ve been using CNAMEs to resolve my domain name to the cloud service’s domain name to abstract the dynamic nature of VIPs. Unfortunately, compliant implementations of CNAME do not support machine names, e.g. www.aidanfinn.com.

What I needed was a reserved VIP. Every now and then I looked for the way to implement this new feature, but I only just found it now.

Fire up Azure PowerShell (make sure it’s up to date) and then log into your subscription using Add-AzureAccount.

Find your service name using Get-AzureService.

Then run the following cmdlet, substituting your choice of label for the VIP, region, and service name:

New-AzureReservedIP -ReservedIPName "MyVIP01" -Location "North Europe" -ServiceName “MyCloudService”

This cmdlet won’t change the VIP of the cloud service; instead it reserves the existing VIP on your cloud service, which is a non-disruptive action. You can query the results in the GUI or by running Get-AzureReservedIP:

To test, I shutdown all the VMs in the cloud service; this puts the cloud service into a suspended state. Normally the VIP is released when a cloud service is suspended. But when I started up the cloud service (starting 1 VM) the same VIP returned. Yay!

Keep in mind that there is a price plan for reserved VIP addresses. You get the first 5 reserved VIPs for free (subject to change). There is a charge for additional VIPs. And if you don’t use a reserved VIP (you reserve it and leave the cloud service suspended) then there’s a charge for the VIP.

Which leads us to the obvious follow-up question: how do I remove a reserved VIP? It’s not quite a logical undo. First you need to undo the association of the VIP reservation with the cloud service. Note that the following is not Remove-AzureReservedIP (that cost me 10 minutes):

Remove-AzureReservedIPAssociation -ReservedIPName "MyVIP01" -ServiceName “MyCloudService”

Note: I’ve noticed that this cmdlet takes a couple of minutes to run.

If you have the Azure portal open you might see it refresh and change the VIP of your cloud service – what you’ve done is remove the association of the VIP with that cloud service; the VIP is still reserved.

That opens up an interesting scenario. Let’s say I have an application called App1 running in CloudService1, and I’d like to build a new version of the application in CloudService2 and switch users over without them noticing.

Reserve the VIP on CloudService1
Set up DNS records for App1 to the reserved VIP
Time passes by … until we want to migrate users …
Remove the VIP association from CloudServcie1; the VIP is still reserved, but now unused
Set the VIP association with CloudService2

And all of a sudden, people start using App1 on CloudService2 without changing DNS records … nice!

When you want to completely remove a VIP reservation, first make sure that you remove any cloud association with Remove-AzureReservedIPAssociation, and then run:

Remove-AzureReservedIP -ReservedIPName "MyVIP01"

Technorati Tags: Azure,Cloud,Cloud Computing,Networking

Microsoft GAs The Last Vital Piece For VM Hosting

Microsoft announced that Azure Backup for Azure IaaS virtual machines (VMs) was released to generally availability yesterday. Personally, I think this removes a substantial roadblock from deploying VMs in Azure for most businesses (forget the legal stuff for a moment).

No Backup – Really?

I’ve mentioned many times that I once worked in the hosting business. My first job was as a senior engineer with what was then a large Irish-owned company. We ran three services:

Websites: for a few Euros a month, you could get a plan that allowed 10+ websites. We also offered SQL Server and MySQL databases.
Physical servers: Starting from a few hundred Euros, you got one or more physical servers
Virtual machines: I deployed the VMware (yeah, VMware) farm running on HP blades and EVA, and customers got their own VNET with one or more VMs

The official line on websites was that there was no backup of websites or databases. You lose it, you LOST it. In reality we retained 1 daily backup to cover our own butts. Physical servers were not backed up unless a customer paid extra for it, and they got an Ahsay agent and paid for storage used. The same went for VMware VMs – pay for the agent + storage and you could get a simple form of cloud backup.

Backup-less Azure

Until very recently there was no backup of Azure VMs. How could that be? This line says a lot about how Microsoft thinks:

Treat your servers like cattle, not pets

When Azure VMs originally launched in beta, the VMs were stateless, much like containers. If you rebooted the VM it reset itself. You were supposed to write your applications so that they used Azure storage accounts or Azure SQL databases. There was no DC or SQL Server VM in the cloud – that aws silly because no one deploys or uses stateful machines anymore. Therefore you shouldn’t care if a VM dies, gets corrupted, or is accidentally removed – you just deploy a new one and carry on.

Except …

Almost no one deploys servers like that.

I can envision some companies, like an Ebay or an Amazon running stateless application or web servers. But in my years of working in large and small/medium businesses, I’ve never seen stateless machines, and I’ve never encountered anyone with a need for those style of applications – the web server/database server configuration still dominates AFAIK.

So this is why Azure never had a backup service for VMs. A few years ago, Microsoft changed Azure VMs to be stateful (Hyper-V) virtual machines that we are familiar with and started to push this as a viable alternative to traditional machine deployments. I asked the question: what happens if I accidentally delete a VM – and I got the old answer:

Prepare your CV/résumé.

Mark Minasi quoted me at TechEd North America in one of his cloud Q&A’s with Mark Russinovich 2 years ago – actually he messed up the question a little and Russinovich gave a non-answer. The point was: how could I possibly deploy a critical VM into Azure if I could not back it up.

Use DPM!

Yeah, Microsoft last year blogged that customers should use System Center Data Protection Manager to protect VMs in Azure. You’d install an agent into the guest OS (you have no access to Azure hosts and there is no backup API) and backup files, folders, databases to DPM running in another VM. The only problem with this would be the cost:

You’d need to deploy an Azure VM for DPM.
You would have to use Page Blobs & Disks instead of Block Blobs, doubling the cost of Azure storage required.
The cost of System Center SMLs would have been horrific. A Datacenter SML ($3,607 on Open NL) would cover up to 8 Azure virtual machines.

Not to mention that you could not simply restore a VM:

Create a new VM
Install applications, e.g. SQL Server
Install the DPM agent
Restore files/folders/databases
Pray to your god and any others you can think of

Azure Backup

Azure has a backup service called Azure Backup. This was launched as a hybrid cloud service, enabling you to backup machines (PCs, servers) to the cloud using an agent (MARS). You can also install the MARS agent onto an on-premises DPM server to forward all/subset of your backup data to the cloud for off-site storage. Azure Backup uses Block Blob storage (LRS or GRS) so it’s really affordable.

Earlier this year, Microsoft launched a preview of Azure Backup for Azure IaaS VMs. With this service you can protect Azure VMs (Windows or Linux) using a very simple VM backup mechanism:

Create a backup policy – when to backup and how long to retain data
Register VMs – installs an extension to consistently backup running VMs
Protect VMs: Associate registered VMs with a policy
Monitor backups

The preview wasn’t perfect. In the first week or so, registration was hit and miss. Backup of large VMs was quite slow too. But the restore process worked – this blog exists today only because I was able to restore the Azure VM that it runs on from an Azure backup – every other restore method I had for the MySQL database failed.

Generally Available

Microsoft made Azure Backup for IaaS VMs generally available yesterday. This means that now you can, in a supported, simple, and reliable manner, backup your Windows/Linux VMs that are running in Azure, and if you lose one, you can easily restore it from backup.

A number of improvements were included in the GA release:

A set of PowerShell based cmdlets have been released – update your Azure PowerShell module!
You can restore a VM with an Azure VM configuration of your choice to a storage account of your choice.
The time required to register a VM or back it up has been reduced.
Azure Backup is in all regions that support Azure VMs.
There is improved logging for auditing purposes.
Notification emails can be sent to administrators or an email address of your choosing.
Errors include troubleshooting information and links to documentation.
A default policy is included in every backup vault
You can create simple or complex retention policies (similar to hybrid cloud backup in MARS agent) that can keep data up to 99 years.

Summary

With this release, Microsoft now has solved my biggest concern with running production workloads in Azure VMs – now we can backup and restore stateful machines that have huge value to the business.

Technorati Tags: Azure,Backup,Virtualisation