Lift and shift Azure cloud-Replace on-premises file servers

Azure Files offers fully managed file shares in the cloud that are accessible via the industry standard Server Message Block (SMB) protocol (also known as Common Internet File System or CIFS). Azure File shares can be mounted concurrently by cloud or on-premises deployments of Windows, Linux, and macOS. Additionally, Azure File shares can be cached on Windows Servers with Azure File Sync (preview) for fast access near where the data is being used.

Key benefits
Shared access. Azure File shares support the industry standard SMB protocol, meaning you can seamlessly replace your on-premises file shares with Azure File shares without worrying about application compatibility. Being able to share a file system across multiple machines, applications/instances is a significant advantage with Azure Files for applications that need shareability.
Fully managed. Azure File shares can be created without the need to manage hardware or an OS. This means you don’t have to deal with patching the server OS with critical security upgrades or replacing faulty hard disks.
Scripting and tooling. PowerShell cmdlets and Azure CLI can be used to create, mount, and manage Azure File shares as part of the administration of Azure applications.You can create and manage Azure file shares using Azure portal and Azure Storage Explorer.
Resiliency. Azure Files has been built from the ground up to be always available. Replacing on-premises file shares with Azure Files means you no longer have to wake up to deal with local power outages or network issues.
Familiar programmability. Applications running in Azure can access data in the share via file system I/O APIs. Developers can therefore leverage their existing code and skills to migrate existing applications. In addition to System IO APIs, you can use Azure Storage Client Libraries or the Azure Storage REST API.

Go to Storage Account blade on Azure portal
Click on add File Share button
Provide Name and Quota. Quota currently can be maximum 5 TiB
Select the file share
Upload the files

Powershell commands
$storageContext = New-AzureStorageContext <storage-account-name> <storage-account-key>
$share = New-AzureStorageShare logs -Context $storageContext

Accessing the fileshare from linux
First need to install cifs utilities for linux
sudo yum install samba-client samba-common cifs-utils

mount the Azure files
mkdir /mnt/MyAzureFileShare
sudo mount -t cifs //<storage-account-name>.file.core.windows.net/<share-name> <mount-point> -o vers=<smb-version>,username=<storage-account-name>,password=<storage-account-key>,dir_mode=0777,file_mode=0777,serverino

for a persistant mount
sudo bash -c ‘echo “//<storage-account-name>.file.core.windows.net/<share-name> <mount-point> cifs nofail,vers=<smb-version>,username=<storage-account-name>,password=<storage-account-key>,dir_mode=0777,file_mode=0777,serverino” >> /etc/fstab’

Read
https://docs.microsoft.com/en-us/azure/storage/files/storage-files-introduction
https://docs.microsoft.com/en-us/azure/storage/files/storage-how-to-create-file-share
https://docs.microsoft.com/en-us/azure/storage/files/storage-how-to-use-files-linux
https://docs.microsoft.com/en-us/azure/storage/files/storage-how-to-use-files-windows
https://docs.microsoft.com/en-us/azure/storage/files/storage-files-planning
https://docs.microsoft.com/en-us/azure/storage/files/storage-how-to-use-files-portal

Advertisements

Terminal connections increase without license

Usually RDP allowed only 2 connections (console and another).For more connections required license.
Below is using some registry tweeks to overcome this Limit.

Terminal connections increase without license

NLB-Network Load Balancer

A feature in Microsoft Windows Server 2008, 2008 R2, 2012 and 2012 R2 operating systems to balancing the load using the TCP/IP networking protocol, route traffic to different hosts based on settings and distribution algorithm.
Network Load Balancing can also ensure network traffic is re-routed to remaining hosts if one or more hosts within the cluster fail unexpectedly. A Network Load Balancing cluster can scale up to 32 servers.

NLB

Meltdown and Spectre

Google’s Project Zero team( researcher, Jann Horn, demonstrated that malicious actors could take advantage of speculative execution to read system memory that should have been inaccessible. For example, an unauthorized party may read sensitive information in the system’s memory such as passwords, encryption keys, or sensitive information open in applications.) discovered serious security flaws caused by “speculative execution,” a technique used by most modern processors (CPUs) to optimize performance.

These vulnerabilities affect many CPUs, including those from AMD, ARM, and Intel, as well as the devices and operating systems running on them.

Desktop, Laptop, and Cloud computers may be affected by Meltdown. Intel processor which implements out-of-order execution is potentially affected, which is effectively every processor since 1995 (except Intel Itanium and Intel Atom before 2013)
Because Meltdown and Spectre are flaws at the architecture level, it doesn’t matter whether a computer or device is running Windows, OS X, Android, or something else — all software platforms are equally vulnerable.

CVE-2017-5715 (branch target injection)
CVE-2017-5753 (bounds check bypass)
CVE-2017-5754 (rogue data cache load)

Windows Servers-based machines (physical or virtual) should get the Windows security updates that were released on January 3, 2018, and are available from Windows Update. The following updates are available:

Operating system version Update KB
Windows Server, version 1709 (Server Core Installation) 4056892
Windows Server 2016 4056890
Windows Server 2012 R2 4056898
Windows Server 2012 Not available
Windows Server 2008 R2 4056897
Windows Server 2008 Not available

More read from below links

https://googleprojectzero.blogspot.in/2018/01/reading-privileged-memory-with-side.htmlhttps://security.googleblog.com/2018/01/todays-cpu-vulnerability-what-you-need.htmlhttps://aws.amazon.com/de/security/security-bulletins/AWS-2018-013/

AZure iLB and AWS LB a comparison

Azure Load Balancer
It is a Layer 4 (TCP, UDP) load balancer that distributes incoming traffic among healthy instances of services defined in a load-balanced set.
Azure Load Balancer can be configured to:

Load balance incoming Internet traffic to virtual machines. This configuration is known as Internet-facing load balancing.
(https://docs.microsoft.com/en-us/azure/load-balancer/load-balancer-internet-overview)
Load balance traffic between virtual machines in a virtual network, between virtual machines in cloud services, or between on-premises computers and virtual machines in a cross-premises virtual network. This configuration is known as internal load balancing.
(https://docs.microsoft.com/en-us/azure/load-balancer/load-balancer-internal-overview)
Forward external traffic to a specific virtual machine.
All resources in the cloud need a public IP address to be reachable from the Internet. The cloud infrastructure in Azure uses non-routable IP addresses for its resources. Azure uses network address translation (NAT) with public IP addresses to communicate to the Internet.

Azure Load Balancer is configured differently Azure classic and Resource Manager deployment models.

Azure classic deployment model

Virtual machines deployed within a cloud service boundary can be grouped to use a load balancer. In this model a public IP address and a Fully Qualified Domain Name, (FQDN) are assigned to a cloud service. The load balancer does port translation and load balances the network traffic by using the public IP address for the cloud service.

Load-balanced traffic is defined by endpoints. Port translation endpoints have a one-to-one relationship between the public-assigned port of the public IP address and the local port assigned to the service on a specific virtual machine. Load balancing endpoints have a one-to-many relationship between the public IP address and the local ports assigned to the services on the virtual machines in the cloud service.

classicilb
Azure Resource Manager deployment model

In the Resource Manager deployment model there is no need to create a Cloud service. The load balancer is created to explicitly route traffic among multiple virtual machines.

A public IP address is an individual resource that has a domain label (DNS name). The public IP address is associated with the load balancer resource. Load balancer rules and inbound NAT rules use the public IP address as the Internet endpoint for the resources that are receiving load-balanced network traffic.

A private or public IP address is assigned to the network interface resource attached to a virtual machine. Once a network interface is added to a load balancer’s back-end IP address pool, the load balancer is able to send load-balanced network traffic based on the load-balanced rules that are created.

rmilb

Azure iLB Features

azureilbfeature

Elastic Load Balancing
Elastic Load Balancing automatically distributes incoming application traffic across multiple Amazon EC2 instances.
Elastic Load Balancing offers two types of load balancers that both feature high availability, automatic scaling, and robust security.

Classic Load Balancer
High Availability
You can distribute incoming traffic across your Amazon EC2 instances in a single Availability Zone or multiple Availability Zones. The Classic Load Balancer automatically scales its request handling capacity in response to incoming application traffic.

classicelb

Pricing

https://aws.amazon.com/elasticloadbalancing/classicloadbalancer/pricing/

Application Load Balancer
Content-Based Routing
If your application is composed of individual services, an Application Load Balancer can route a request to a service based on the content of the request.

Containerized Application Support
You can now configure an Application Load Balancer to load balance containers across multiple ports on a single EC2 instance. Amazon EC2 Container Service (ECS) allows you to specify a dynamic port in the ECS task definition, giving the container an unused port when it is scheduled on the EC2 instance. The ECS scheduler automatically adds the task to the ELB using this port.

appelb

Pricing

https://aws.amazon.com/elasticloadbalancing/applicationloadbalancer/pricing/

AWS ELB Features

ec2lbfeature

Types of cloud storages

Amazon S3
Amazon S3 stores data as objects in a flat environment (without a hierarchy).It also allows to host static website content. You can get access to it either from your Amazon S3 bucket or through content delivery network AWS CloudFront.The process of requesting an object in Amazon S3 is slower, but Amazon S3 is a highly scalable storage service.
S3 supports something called expiration policy, which will enable you to move your old data(after a specified date) to Glacier(an even cheaper data storage) from which you can “expire” it after a certain date(specified by you).

Amazon EBS
Amazon EBS stores data as blocks of the same size and organizes them through the hierarchy similar to a traditional file system. EBS is not a standalone storage service like Amazon S3 so you can use it only in combination with Amazon EC2,similar to a local disk drive on your physical server.
Amazon EBS,can’t be easily scaled.Which means , If you need more storage space, you have to buy and configure a new volume of a bigger size.

There are three types of volumes in Amazon EBS.
General Purpose (SSD) Volumes- General Purpose Volumes are backed with Solid State Drive (SSD) and max 10,000 IOPS .
Provisioned IOPS (SSD) Volumes-This type of EBS volumes is backed with the same SSD but designed for heavy workloads from 30 IOPS/GB up to 20,000 IOPS.
Magnetic Volumes-It is a low cost volume that can be used with testing and development environments on Amazon EC2. It can also be used with applications that don’t require a lot of read/write operations.
Dynamo DB
DynamoDB on the other hand is a NoSQL database that can be used as a key value or a document(schema less record) store. DynamoDB record size is limited to 64KB.

RDS
Relation Data Store This is amazon’s managed database system. You can launch MySQL, SQL, PSQL(new), and many more types of SQL based databases. This Can be connected to using your preferred JDBC or ODBC connector.

Redshift
This is amazon’s big data warehouse. It does bulck loads very well from S3, entire files at a time. RDS is cheaper for smaller data sets, Redshift is cheaper for larger data sets.

Glacier
Amazon Glacier is marketed by AWS as “extremely low cost storage”. Amazon Glacier is pretty much designed as a write once and retrieve never (or rather rarely) service.
While Amazon Glacier is much cheaper than S3 on storage, charges are approximatey ten times higher for archive and restore requests and the restore of objects require lead times of up to 5 hours.

Google Storage
Google Storage (GS) stores objects (originally limited to 100 GiB, currently up to 5 TiB) that are organized into buckets (as S3 does) identified within each bucket by a unique, user-assigned key. All requests are authorized using an access control list associated with each bucket and object.

Azure Blob storage
It is like Amazon S3, offers a handy (and cheap) way to persist content and make it available across the web.

Availability set in azure

An availability set helps keep your virtual machines available during downtime, such as during maintenance. Placing two or more similarly configured virtual machines in an availability set creates the redundancy needed to maintain availability of the applications or services that your virtual machine runs.

•Planned maintenance events are periodic updates made by Microsoft to the underlying Azure platform to improve overall reliability, performance, and security of the platform infrastructure that your virtual machines run on. Most of these updates are performed without any impact upon your virtual machines or cloud services. However, there are instances where these updates require a reboot of your virtual machine to apply the required updates to the platform infrastructure.
•Unplanned maintenance events occur when the hardware or physical infrastructure underlying your virtual machine has faulted in some way. This may include local network failures, local disk failures, or other rack level failures. When such a failure is detected, the Azure platform automatically migrates your virtual machine from the unhealthy physical machine hosting your virtual machine to a healthy physical machine. Such events are rare, but may also cause your virtual machine to reboot.
When adding VMs to an Availability Set, Azure automatically assigns each VM an Update Domain and a Fault Domain. By default Availability Sets have two Fault Domains, each sharing a common power source and network switch, and VMs are automatically separated across the Fault Domains.

1- Download the script and save it to local location
2- Run it and provide the requested parameters

or

2- ./Set-ArmVmAvailabilitySet.ps1 –VmName ‘The VM Name’ –ResourceGroup ‘Resource Group’ –AvailabilitySetName ‘As Name’ –SubscriptionName ‘The Subscription name’
Availability Set
•can’t change the VM’s Availability Set once the VM is created
•can’t add an Azure VM to an Availability Set once the VM is created
•can’t remove a VM from an Availability Set
To remove a VM from an AvailabilitySet:

./Set-ArmVmAvailabilitySet.ps1 –VmName ‘The VM Name’ –ResourceGroup ‘Resource Group’ –AvailabilitySetName 0 –SubscriptionName ‘The Subscription name’
Download Link: https://gallery.technet.microsoft.com/Set-Azure-Resource-Manager-f7509ec4
6.Choose the VM size and then click Select to continue.

7.Choose Optional Configuration > Availability set, and select the availability set you wish to add the virtual machine to.
Reffer
https://docs.microsoft.com/en-us/azure/virtual-machines/virtual-machines-windows-change-availability-set

Resize EBS Volume

Below is a document for resizing ,modifying EC2 instances EBS volume.

modifying-or-resizing-aws-elastic-volume

How to move Amazon EC2 instance to another Availability Zone, VPC or AWS Region

Below is a document for moving Amazon EC2 instance to another Availability Zone, VPC or AWS Region without interrupting service.

moving-ec2-instances-across-availability-zones-or-regions

Application Request Routing

Application Request Routing (ARR) is an extension to Internet Information Server (IIS), which enables an IIS server to function as a load balancer.

microsoft-arr

%d bloggers like this: