Tag Archives: Microsoft Windows Azure

Technology

Administering Office 365 using PowerShell: updated information on the required components

I’ve written before about administering Office 365 from PowerShell but the process has changed slightly over the years.  There are various articles out there on the web with methods and links but the key information (as at August 2014) is in a TechNet article titled Manage Azure AD using Windows PowerShell.  Yes, that’s right – Azure AD – because Windows Azure Active Directory is the authentication service used by Microsoft Online Services such as the Office 365 services.

On my Windows 8.1 computer I already had the necessary .NET framework and PowerShell pre-requisites but I did need to download and install two more components before Get-Command -Module msonline would do anything for me:

  1. The Microsoft Online Services Sign-In Assistant for IT Professionals RTW (the version I used was 7.250.4556.0, published on 17 February 2014).
  2. The Windows Azure AD Module for Windows PowerShell* (which depends on the Microsoft Online Service Sign-In Assistant), which doesn’t come up in a search on the Microsoft Downloads Center but is linked from the TechNet article I mentioned above (32-bit and 64-bit versions).

With these components installed, I could authenticate against the service using my normal credentials with Import-Module MSOnline and Connect-MsolService and run administration cmdlets from within PowerShell.  Note that in order to run Exchange cmdlets, you’ll need a remote PowerShell session to Exchange (check out Greg Shields’ TechNet magazine article Manage Office 365 with Windows PowerShell for more details). There are also additional modules for managing Lync Online and SharePoint Online.

 

* The Windows Azure Active Directory Module for Windows PowerShell cmdlets were previously known as the Microsoft Online Services Module for Windows PowerShell cmdlets.

Technology

Short takes: hosts files; C#; Azure VMs; sleuthing around Exchange; closing Windows 8 apps; and managing tabs in Google Chrome

Another dump of my open browser tabs to the web…

Unable to edit hosts file in Windows

One of the tools (read Excel and lots of macros) that I use for financial forecasting said it couldn’t find a server.  Of course the network’s never broken – it must be the end users’s fault - so, faced with the prospect of telling an angry admin that there is a DNS mis-configuration, I decided to hack my hosts file instead…

Windows doesn’t make that easy (even as a local administrator) – so I ran Notepad as Administrator instead… being an old skool kind of command line guy it was an elevated cmd prompt  from Start, cmd, then shift and click (which dumps me into C:\Windows\System32), followed by the cd drivers/etc and notepad hosts commands.

What versions of C# are out there?

One thing I wanted to know whilst teaching myself to write in C# a few months back (i.e. to select a course that was up-to-date!) was which versions of C# are out there. Of course, Stack Overflow has the answer.

And, one day, I really must have a play with CShell, the open source C# read-eval-print-loop (REPL) IDE

What Microsoft server software is supported in an Azure VM?

Ever wondered what can be run up (and supported) in a Microsoft Azure VM? Quite a lot, but also some big omissions (Exchange, obviously) and some caveats (like no DHCP).  The formal list is in Microsoft knowledge base article 2721672.

Finding the Exchange Server that actually hosts my email

Exchange AutoDiscover means that, most of the time, end users don’t need to know where their email is – just the single address that lets the email client find the server – but several times recently I’ve found myself needing to know which server hosts my email.  One time I was diagnosing intermittent issues with out of office replies and access to colleagues’ calendars.  Another time I wanted to use PowerShell to list members of a distribution group programmatically (and later to rename a distribution group after the IT department said it wasn’t possible). Unfortunately, I didn’t have access to run PowerShell commands against our servers (but that’s probably a good thing)!

Anyway, it seems that the details I needed were available via Outlook Web Access:

  1. Logon to OWA
  2. Click options
  3. Click About
  4. And find the line that reads “Client access server name” – that’s your connection point.  There’s also a line for “Mailbox server name”.

I tested this with Exchange 2007.  It may vary for other releases and I haven’t checked.

By the way, a couple of links that looked hopeful for my distribution group issues (the ones I had to find another way to resolve):

Closing applications in Windows 8

Our family PC runs Windows 8.1 but, as my work PC runs Windows 7, I have to admit sometimes there are things I haven’t got used to.  One of those is closing full-screen apps.  I usually resort to Alt-F4 but if the kids have left the computer in touch format, then it seems that a simple top to bottom drag is what I need (there should also be a close button if I touch the top of the screen).

Managing tabs in Google Chrome

As I go through my work, I often come across things I’d like to go back to later, or leave side projects part-done, blog posts half-researched (and half-written), etc. Over time, they build up to hundreds of tabs and I my bookmarks folder is a plethora of In Progress yyyymmdd folders (another job to sort out one day).  It also means that, every now and again, my PC slows right down and I need to reboot because Google Chrome is using 14 gazillion GBs of RAM and a Flash plugin (probably serving ads on a website) has gone haywire again. Add Symantec EndPoint Prevention and BeCrypt DiskPrevent into the mix and a reboot could be a half-hour inconvenience.

Last night, I spent hours working through the various open tabs, closing some, pasting some to blog posts (this one… and others still work in progress) and I happened to post a little tweetette, to which Garry Martin (@GarryMartin) happened to respond:

Awesome indeed. Less than 5 seconds to install and the remaining handful of tabs are now under control.

Technology

Confusion over accounts used to access Microsoft’s online services

I recently bought a new computer, for family use (the Lenovo Flex 15 that I was whinging about the other week finally turned up). As it’s a new PC, it runs Windows 8 (since upgraded to 8.1) and I log in with my “Microsoft account”. All good so far.

I set up local accounts for the kids, with parental controls (if you don’t use Windows Family Safety, then I recommend you do! No need for meddling government firewalls at ISP level – all of the major operating systems have parental controls built in – we just need to be taught to use them…), then I decided that my wife also needed a “Microsoft account” so she could be registered as a parent to view the reports and over-ride settings as required.

Because my wife has an Office 365 mailbox, I thought she had a “Microsoft account” and I tried to use her Office 365 credentials. Nope… authentication error. It was only some time later (after quite a bit of frustration) that I realised that the “Organization account” used to access a Microsoft service like Office 365 is not the same as a “Microsoft account”. Mine had only worked because I have two accounts with the same username and password (naughty…) but they are actually two entirely separate identities. As far as I can make out, “organization accounts” use the Windows Azure Active Directory service whilst “Microsoft accounts” have their heritage in Microsoft Passport/Windows Live ID.

Tweeting my frustrations I heard back from a number of online contacts – including journalists and MVPs – and it seems to be widely accepted that Microsoft’s online authentication is a mess.

As Jamie Thomson (@JamieT) commented to Alex Simons (@Alex_A_Simons - the Programme Director for Windows Azure Active Directory), if only every “organization account” could have a corresponding “Microsoft account” auto-provisioned, life would be a lot, lot simpler.

Technology

Problems removing storage resources from Windows Azure virtual machines

Last year, I wrote about creating a virtual machine on Windows Azure, using the IaaS capabilities of the platform.  My free 90 day subscription is coming to an end so I needed to remove all resources before they become chargeable (running or otherwise). The problem was that, after the deleting the virtual machine, I couldn’t remove the storage because:

Storage account [...] has 1 container(s) which have an active image and/or disk artifacts. Ensure those artifacts are removed from the image repository before deleting this storage account.

That wasn’t too helpful as I couldn’t find anything that looked like an “image repository” in the management console.  Thankfully I found the answer on StackOverflow.com:

“[...] even if you’ve already deleted all of your Virtual Machines and it shows 0; there still will be artifacts under the disks tab”

Technology

[Amazon's] Reference architecture for utility computing

Earlier this week, I attended an Amazon Web Services (AWS) 101 briefing, delivered by Amazon UK’s Ryan Shuttleworth (@RyanAWS).  Although I’ve been watching the “Journey into the AWS cloud” series of webcasts too, it was a really worthwhile session and, when the videos are released to the web, well worth watching for an introduction to the AWS cloud.

One thing I particularly appreciate about Ryan’s presentations is that he approaches things from an architectural view. It’s a refreshing change from the evangelists I’ve met at other companies who generally market software by talking about features (maybe even with some design considerations/best practice or coding snippets) but rarely seem to mention reference architectures or architectural patterns.

During his presentation, Ryan presented a reference architecture for utility computing and, even though this version relates to AWS services, it’s a pretty good model for re-use (in fact, the beauty of such a  reference architecture is that the contents of each box could be swapped out for other components, without affecting the overall approach – maybe I should revisit this post and slot in the Windows Azure components!).

So, what’s in each of these boxes?

  • AWS global infrastructure: consists of regions to collate facilities, with availability zones that are physically separated, and edge locations (e.g. for content distribution).
  • Networking: Amazon provides Direct Connect (dedicated connection to AWS cloud) to integrate with existing assets over VPN Connections and Virtual Private Clouds (your own slice of networking inside EC2), together with Route 53 (a highly available and scalable global DNS service).
  • Compute: Amazon’s Elastic Compute Cloud (EC2) allows for the creation of instances (Linux or Windows) to use as you like, based on a range of instance types, with different pricing – to scale up and down, even auto-scalingElastic Load Balancing  allows the distribution of EC2 workloads across instances in multiple availability zones.
  • Storage: Simple Storage Service (S3) is the main storage service (Dropbox, Spotify and others runs in this) – designed for write once read many applications.  Elastic Block Store (EBS) can be used to provide persistent storage behind an EC2 instance (e.g. boot volume) and supports snapshotting, replicated within an availability zone (so no need to RAID). There’s also Glacier for long term archival of data, AWS Import/Export for bulk uploads/downloads to/from AWS and the AWS Storage Gateway to connect on-premises and cloud-based storage.
  • Databases: Amazon’s Relational Database Service (RDS) provides database as a service capabilities (MySQL, Oracle, or Microsoft SQL Server). There’s also DynamoDB – a provisioned throughput NoSQL database for fast, predictable performance (fully distributed and fault tolerant) and SimpleDB for smaller NoSQL datasets.
  • Application services: Simple Queue Service (SQS) for reliable, scalable, messages queuing for application decoupling); Simple Workflow Service (SWF) to coordinate processing steps across applications and to integrate AWS and non-AWS resources, to manage distributed states in complex systems; CloudSearch – an elastic search engine based on Amazon’s A9 technology to provide auto-scaling and a sophisticated feature set (equivalent to SOLR); CloudFront for a worldwide content delivery network (CDN), to easily distribute content to end users with a single DNS CNAME.
  • Deployment and admin: Elastic Beanstalk allows one click deployment from Eclipse, Visual Studio and Git  for rapid deployment of applications with all AWS resources auto-created; CloudFormation is a scripting framework for AWS resource creation that automates stack creation in a repeatable way. There’s also Identity and Access Management (IAM), software development kits, Simple Email Service (SES), Simple Notification Service (SNS), ElastiCache, Elastic MapReduce, and  the CloudWatch monitoring framework.

I suppose if I were to re-draw Ryan’s reference architecture, I’d include support (AWS Support) as well some payment/billing services (after all, this doesn’t come for free) and the AWS Marketplace to find and start using software applications on the AWS cloud.

One more point: security and compliance (security and service management are not shown as they are effectively layers that run through all of the components in the architecture) – if you implement this model in the cloud, who is responsible? Well, if you contract with Amazon, they are responsible for the AWS global infrastructure and foundation services (compute, storage, database, networking). Everything on top of that (the customisable parts) are up to the customer to secure.  Other providers may take a different approach.

Technology

Creating new endpoints to open up access to Windows Azure virtual machines

In my recent posts on creating a virtual machine on Windows Azure and connecting to a Windows computer running on Windows Azure, I mentioned endpoints but didn’t explain the process for creating new ones, i.e. opening up new ports for Internet access:

The RemoteDesktop endpoint shown above was created automatically when my virtual machine was provisioned but it may also be necessary to create new endpoints, for example allowing HTTP access over TCP port 80, HTTPS over TCP 443, etc.

To create a new endpoint, open up the virtual machine in the Windows Azure management console, then select Endpoints and click the Add Endpoint button at the bottom of the screen.  When creating endpoints, a new endpoint can be established or, if one already exists, this may be selected to load balance between multiple virtual machines. I only have a single virtual machine and so I selected add endpoint:

At this point, specify a name (HTTP would have been a better name than the one I used in the example below), select a protocol, and chose the port numbers:

The endpoint will then be created and the virtual machine will be accessible using the chosen protocol and port numbers:

To test the connection, I connected to my virtual machine over RDP and configured Windows Server roles/features in Server Manager (I installed IIS, just to prove that the machine was Internet-connected – but the server could be running any workload). Then, I connected to my virtual machine’s public DNS using a web browser (I could also have used the public virtual IP address shown in the dashboard for the virtual machine):

 

Technology

Connecting to a Windows computer running on Windows Azure

In yesterday’s post about creating a virtual machine in Windows Azure, I left out the details for connecting to the virtual machine.

Virtual machine connections are controlled using endpoints, like the one shown below:

In this case, the endpoint for RemoteDesktop was created automatically as part of the virtual machine creation process so it’s pretty simple to connect to the virtual machine. Just fire up a Remote Desktop client and connect to the DNS name given to the virtual machine when it was created (in my case, that was mwil-playground.cloudapp.net). Alternatively, click the Connect button at the bottom of the Windows Azure management console:

Then, follow the prompts to:

  • Connect to an computer with an unknown publisher:
  • Provide  appropriate credentials:
  • Confirm that there is no certificate to validate the connection:
(It is possible to specify management certificates in the Windows Azure management console but that’s outside the scope of this post.)
After a short while, during which remote desktop configures the session, a connection should be made and the operating system can be administered as normal:

Technology

Creating a virtual machine on Windows Azure in 10 easy steps

Despite my reservations about Microsoft’s charging model for Windows Azure’s virtual machine (IaaS) capabilities, I was interested enough to take a look after last week’s Microsoft Tech.Days Online event. I signed up for a 90 day (750-hours/month) free trial (which, on the face of it, seems pretty poor in comparison to the 1 year free usage tier from Amazon but, because Amazon have to license Windows, and Microsoft can presumably cross-charge itself, Windows virtual machines are excluded from Amazon’s trial).

It was amazingly simple to get myself up and running with a new virtual machine and I thought I’d demonstrate that here:

  1. If you don’t already have one, sign up for a Windows Azure account and log on to the Windows Azure management console.
  2. On the All Items pane, select Create An Item:
  3. Select Virtual Machine and then From Gallery:
  4. Choose an operating system for the virtual machine, for example Windows Server 2012:
  5. Give the virtual machine a name, supply an Administrator password, and select a size (if you’re using the free trial, then you’ll want to select the small option):
  6. This will be a standalone virtual machine, but it needs a DNS name (for access from the Internet), some storage (I auto-generated the storage) and a region/affinity group/virtual network (I selected the West Europe region, as I’m in the UK and didn’t yet have any virtual networks assigned):
  7. The availability set is not really of any significance when running a single VM, so I left this as none:
  8. Windows Azure will start to provision the virtual machine:
  9. Once completed, the newly-created virtual machine and associate storage will be visible in the console:
  10. Click on the virtual machine name to access the virtual machine dashboard which contains performance information as well as configuration details. From here, you can make further configuration changes (e.g. creating endpoints for access to the virtual machine):

 

Technology

Windows Azure IaaS pricing “gotcha”

One of the concerns with moving more infrastructure services into a public cloud is cost. It’s all very well that the costs are low, and that the CapEx has switched to OpEx but it’s also good to be able to budget. Subscription-based charging models can make that difficult at times.

Over the last couple of weeks, I’ve been brushing up my knowledge of both Amazon’s and Microsoft‘s infrastructure as a service (IaaS) offerings and I found something that’s quite alarming. Not only is the Windows Azure IaaS offering less fully-featured than Amazon EC2 but, from a cursory glance, it could potentially cost a lot more because of the way that Microsoft charges for compute service provision.

Whereas Amazon only charging for the hours when a virtual machine is “powered on”, Microsoft charges for the fact that the virtual machine has been provisioned, regardless of whether it’s actually doing anything.  This sounded odd, so I asked a question of one of the evangelists at Microsoft UK, who used a rental car analogy to explain that when I have a virtual machine deployed in Azure I’ve still taken resources that can’t be allocated to someone else until I “undeploy” it (think of booking and returning the hire car). On the other hand though, Amazon only charges for the time I use the virtual machine (although I will of course have to pay for the storage that it is actually using), so the analogy is more one of a pool of shared cars.

Microsoft using rental car analogy for Azure IaaS: VM charged whether running or not; think Amazon EC2 is more like car share! #TechDays2012
@markwilsonit
Mark Wilson

I tried to confirm this with Amazon Web Services (@awscloud) and Microsoft Windows Azure (@windowsazure) but have not received a response at the time of writing; however Dave Hood alerted me to a clause in the Windows Azure pricing details:

“Compute hours are charged whenever the Virtual Machine is deployed, irrespective of whether it is running or not.”

That could work out quite expensive for those who have spare virtual machines deployed, ready to fire up at a moment’s notice, but not normally in operation (e.g. in a disaster recovery failover scenario).

[Update 12:22]: Microsoft’s Windows Azure team have responded via Twitter to confirm that VMs are charged, even when not running:

@ #WindowsAzure VMs are in preview. You are charged for hours even when shut down as long as the image exists in your gallery.
@WindowsAzure
WindowsAzure
Technology

Tech.Days Online 2012: Day 1 (#TechDays2012)

For the last couple of years, I’ve been concentrating on IT Strategy but I miss the hands-on technology.  I’ve kind of lost touch with what’s been happening in my former world of Microsoft infrastructure and don’t even get the chance to write about what’s coming up in new releases as the powers that be have decided my little blog is not on their RADAR (to be honest, I always suspected they had me mixed up with another Mark Wilson, who writes at Gizmodo!).

Anyway, I decided to dip into the pool again and see what Microsoft is up to in its latest releases, with two day-long virtual events under the Microsoft Tech.Days Online banner.

Presented by members of the UK evangelist team, Simon May (@simonster), Andrew Fryer (@DeepFat) and Steve Plank (@plankytronixx), day 1 focused on Windows Server and Azure, whilst day 2 will be about Windows 8 and System Center.

So, what did I learn?  Far too much for a single blog post, but here are the highlights from day 1…

Windows Server 2012

Windows Server 2012 looks to be a significant step forward from 2008 R2. The full list of what’s new is extensive but the main focus is on Microsoft’s “next generation” file server, management, virtualisation and networking:

  • “Next generation” file server. Ignore the next generation part – after all, it’s just marketing speak to make a file server sound interesting (some of us remember the early battles between Novell NetWare and Windows NT!) – but there are some significant improvements in Windows Server’s file capabilities.
  • When it comes to management:
    • Windows can be used to manage non-Windows environments and vice versa.  The details were pretty sketchy in yesterday’s event, but apparently Microsoft now understands that we all run heterogeneous environments!
    • Automation continues to be at the heart of the management story, with both DISM and PowerShell.
    • There’s a new version of PowerShell (v3), which promises to be more intuitive as as result of the Integrated Scripting Environment with IntelliSense as well as adding robust sessions that persist across connection dropouts and even reboots, together with simple creation of parallel workflows.  The good news (although you wouldn’t know it from yesterday’s session) is that PowerShell 3 is also available for Windows 7 and Server 2008 (SP2 or later).
    • Remote management is enabled by default.
    • Server Core is still there, but MinShell is another attempt to reduce the attack surface of Windows Server, providing GUI management tools, without a GUI, as described by Mitch Garvis.
  • Virtual machine mobility provides new scenarios for migrating resources around the entreprise:
    • Using shared storage with live migration now supporting VMs on non-clustered hosts (just on an SMB share).
    • By live migrating storage between hosts, moving the virtual disks attached to a running virtual machines from one location to another.
    • With shared-nothing live migration.
    • Using new Hyper-V replica functionality to replicate virtual machines between sites, e.g in a disaster recovery scenario.
    • There’s also a new VHDX format for larger virtual disks, released as an open specification.
  • Enhanced networking:
    • Windows Server now has built-in NIC teaming (load balancing/failover, or LBFO), described by Don Stanwyck in Yegal Edery’s post.
    • Network virtualisation allows the creation of a multi-tenant virtual network environment on top of the existing infrastructure, decoupling network and server configuration.

Windows Server 2012 is already available but an evaluation edition is also available as an ISO or a VHD.

Windows Azure

Windows Azure has been around for a while, but back in my days as an MVP (and when running the Windows Server User Group with Mark Parris), I struggled to get someone at Microsoft to talk about it from an IT Pro perspective (lots of developer stuff, but nothing for the infrastructure guys). That changed when Steve Plank spent an entire afternoon on the topic today.

In summary:

  • Windows Azure has always provided PaaS but it now has IaaS capabilities (although they don’t sound to be as mature as Amazon’s offerings, they might better suit some organisations).
  • When deploying to the cloud, the datacentre or affinity group is selected. Azure services are available in eight datacentres around the world, with 4 in the US, 2 in Europe and 2 in Asia.
  • Applications are deployed to Azure using an XML service model.
  • Virtual machines in Azure differ from the cloud platform services in that they still require management (patching, etc.) at the operating system level.  They may be deployed using a REST API, scripted (e.g. using PowerShell), or created inside a management portal.
  • Virtual hard disks may be uploaded to Azure (they are converted to BLOB storage), or new virtual machines created from a library and it’s possible to capture virtual machines that are not running as images for future deployment.  Virtual machine images may also be copied from the cloud for on-premise deployment.
  • If two virtual machines are connected inside Azure, both are on the  same network, which means they can connect to the same load balancer.
  • Virtual networks may be used to connect on premise networks to Windows Azure, or completely standalone Azure networks can be created (e.g. with their own DNS, Active Directory, etc.)
  • When using a virtual network inside Azure, there is no DHCP but DIPs (dynamic IPs) are provided and the operating system must be configured to use DHCP. Each service has a single IP address to connect to the Internet, with port forwarding used to access multiple hosts.
  • Inside Azure, operating system disks are cached (for performance) but data disks are not (for integrity). Consequently, when installing data-driven operating systems (such as Active Directory), make sure the database is on a data drive.
  • Applications on Azure may be federated with on-premise infrastructure (e.g. Active Directory). Alternatively, a new service is currently in developer preview called the Windows Azure Active Directory. This differs significantly from the normal Active Directory role in Windows Server (which may also be deployed to a virtual machine on Azure) in that: it has a REST API (the Graph API), not an LDAP one; it does not use Kerberos; and it is accessed as an endpoint – i.e. individual instances are not exposed. Windows Azure Active Directory is related to the Office 365 Directory (indeed, logging on to the Windows Azure Active Directory preview shows me my Office 365 details).  Single sign on with Windows Azure Active Directory is described in detail in a post by Vittorio Bertocci.
  • Microsoft provides service level agreements for Azure availability, not for performance. These are based around fault domains and update domains.

A Windows Azure pricing calculator is available, as is a 90-day free trial.

Photograph of Steve Plank taken from the TechNet UK Facebook page.

%d bloggers like this: