Azure & RRAS Site to Site VPN Setup (Azure Resource Manager)

Background

I have not seen a lot of posts out there on setting up Azure Site to Site VPN Setup Azure Resource Manager. The ones I did follow had some missing steps. Setting up the AS2S is a pretty detailed process so I wanted to put the steps I had to follow in a blog post.

What you will need:

On-Premises

  • RRAS installed on an on-premises server.
  • At least 1 NIC on your RRAS server.
  • Your public IP. This will not work with dynamic DNS. You have to have a public IP. If you don’t own a public IP you can still use the dynamic public IP your ISP has assigned to you. You will need to just watch it and manually update it in Azure when it changes.
  • UDP Ports 500, 4500, and 1701 forwarded to your RRAS server. This is if your RRAS server is behind a NAT device.
  • Either your servers pointed to RRAS for their gateway or static routes setup on the VM’s you want to be able to communicate with Azure.

Azure:

Addressing:

For on-premises you can use whatever you want. I use 192.168.0.x/24.

For Azure we will use 10.121.0.x/16 and 10.121.0.0/24 and 10.121.1.0/24.

Steps:

~ AZURE CONFIGURATION FIRST! ~

First we will start off with configuring the network components we need up in Azure. Start by going to the Azure portal at https://portal.azure.com.

STEP 1: I would setup a resource group. You will put all of your resources for the site to site VPN in here for better tracking and management. As an example I named mine: “S2SVPN-Buchatech-LabRG“.

as2svpn-29

NOTE: Our resource group is empty at this point.

STEP 2:  Let’s start off by creating a virtual network. Go to:

Virtual networks>Create virtual network and click on Add. Let’s name this “S2SVPN-RRAS-Vnet“.

Give it “10.121.0.0/16” for the address space. This has to have enough room to place two subnets into it.

For the first subnet make the Subnet Name “Azure-VMs“. Make the Subnet address range “10.121.0.0/24“. Set it to the resource group you created in the previous step.

NOTE: I recommend placing all resources that will be a part of your site to site VPN in the same region. I used North Central US.

as2svpn-1

STEP 3:

We will be creating a virtual network gateway. This network gateway will contain the second subnet.

Go to Virtual networks>S2SVPN-RRAS-Vnet>Settings>Subnets.

Click on + Gateway subnet. For the Address Range use “10.121.1.0/24“. This address range is the IP range for your RRAS server to use.

So in your virtual network you should now have the two following Subnets:

as2svpn-2

STEP 4:

Now navigate to Virtual network gateways and click on Add. Name the gateway “S2SVPN-RRAS-VnetGW“. For the virtual network select our existing one named S2SVPN-RRAS-Vnet. Leave the gateway type to VPN, and leave VPN type to Route-based. For the public IP we don’t have one so we will need to create one here. Click on Choose a public IP address and a blade will fly out. Click on Create New.

as2svpn-3

I give it a name of “S2SVPN-RRAS-VnetGW-IP“. Your settings should look like this:

as2svpn-4

After the Virtual network gateways is created go and get the public IP addresses. We will need to plug this into RRAS later. You can get this by going here: Virtual network gateways>S2SVPN-RRAS-VnetGW>S2SVPN-RRAS-VnetGW-IP>Settings.

as2svpn-5

NOTE: It may take some time to provision the public IP so be patient here.

STEP 5:

Next up we need to configure a Local network gateway. Go to:

Local network gateways and click on +Add.  On Create local network gateway name it

S2SVPN-RRAS-LocalNetGW“, enter the public IP of your RRAS server, In the address space enter an IP range or ranges for your on-premises network , and select your RG.

as2svpn-6

NOTE: If you do not know what the public IP is on your RRAS server’s network just visit http://ipchicken.com and it will display it.

Now we need to create a connection in our local gateway. To do this navigate to the settings>connections and click on + Add. Name this “S2SVPN-RRAS-LocalNetGW-Connection“.

The Connection type will default to Site-to-site (IPsec). Leave this. Set the Virtual network gateway to “S2SVPN-RRAS-VnetGW“. Set a Shared key (PSK) to be used and remember this will also be used on the RRAS server so document this somewhere.

as2svpn-7

That’s it for the network configuration up in Azure. As long as everything was followed in these steps you should now have the following in your resource group.

as2svpn-8

~ RRAS CONFIGURATION! ~

STEP 7:

Install RRAS on your on-premises server. I used Server 2012 R2. Follow this to install it:

On your on-premises server launch Server Manager. In server manager click on Manage -> Add Roles and Features.

In the Add Roles and Features Wizard do the following:

  • Before You Begin: Click Next
  • Installation Type: Role-based > Click Next
  • Server Selection: Select a server from the server pool > RRAS-Server > Click Next
  • Server Roles: Check Remote Access > Click Next
  • Features: Click Next
  • Remote Access: Click Next
    • Role Services:
      • Direct Access and VPN (RAS)
        • Click Add Features on the pop-up window
      • Routing
      • Click Next
  • Web Server Role (IIS): Click Next
    • Role Services
      • Accept Defaults: Click Next
  • Confirmation: Click Install

Done!

STEP 8:

Open Routing and Remote Access.

as2svpn-9

as2svpn-10

as2svpn-11

as2svpn-12

as2svpn-13

as2svpn-14

STEP 9:

as2svpn-15

Click Next.

Give the Interface a name...

Read More

VMware VM Backup in DPM Setup

Today Microsoft released the availability to protect VMware virtual machines with System Center Data Protection Manager (DPM). This is a feature the community has been asking to get for a long time. Again the DPM team continues to deliver! Again the team has brought this new functionality to existing customers via an update rollup. You do not have to wait for a new version of DPM to start protecting VMware. This functionality is enabled in DPM 2012 R2 through update rollup 11. Download DPM 2012 R2 UR 11 from this link:

http://catalog.update.microsoft.com/v7/site/search.aspx?q=3162908

For DPM 2016 this funcionalty will come out of the box.

Now lets look at the install, setup, and recovery of VMware VM’s.

INSTALL THE UPDATE:

VMwareinDPM (17)

VMwareinDPM (1)

VMwareinDPM (2)

ADD VMWARE CREDENTIALS:

VMwareinDPM (3)

NOTE: This is an agentless backup. DPM does not install and agent here. It only connects to the VMWare host.

ADD VMWARE SERVER TO DPM:

VMwareinDPM (4)

VMwareinDPM (5) VMwareinDPM (6)

My VMWare server did not have a proper certificate. I had to add the following reg key:

DisableSecureAuthentication.reg
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Microsoft Data Protection Manager\VMWare]
“IgnoreCertificateValidation”=dword:00000001

It worked after that.

PROTECTING VMS:

VMwareinDPM (8) VMwareinDPM (9)

You can add a single VM as shown in the following screenshot.

VMwareinDPM (10)

Or set the protection to Auto.

VMwareinDPM (11)

If set to auto VM’s that are added to this host will automatically be protected.

There was no downtime during the protection of the VMWare VMs.

VMwareinDPM (12)

RECOVERING VMS:

You can see we can recover VM’s just like we can with Hyper-V.  You need to click on the VM folder to make the Recover option show.

VMwareinDPM (13)

If you click on a VM you will see the .vmdk files and can recover them.

VMwareinDPM (14)

The rest of the recovery process is the same as recovering a VM in Hyper-V.

VMwareinDPM (15) VMwareinDPM (16)

That concludes this post! Enjoy your ability to protect VMware with DPM.

Read More

WordPress as front-end for Azure Automation

With Azure Automation there are cases where you will need to have a form that end users can go fill out to kick off an automation runbook. Back with System Center Orchestrator we could use Service Manager’s self-service portal as the front end for our automations. This was a solution that worked well. With Azure Automation we do not have that luxury at least not yet we don’t. There is a community based Azure automation webhook Service Manager (SCSM) connector in the works. One of my colleagues Rob Plank is a part of this project and says it should ready to release very soon. This connector will allow you to use the SCSM portal as the frontend of Azure Automation via webhooks, know when a webhook expires, and see a runbooks job status. Here are some teaser screenshots of the  connector.

image001

image002

There also are a few posts out there on how to leverage other platforms as the frontend for Azure Automation these are “how to use SharePoint as the frontend of Azure Automation” by Anders Bengtsson and “how to use an ASP website as the frontend to Azure Automation” by a friend of mine and fellow Microsoft MVP Florent Appointaire. Well in this post I am going to show you how to use the popular platform WordPress as the frontend for Azure Automation. The cool thing here is that this is another instance of showcasing the ability to utilize Microsoft and Open Source technologies together. 🙂

Here are the steps at a high level

  • Have an Azure Automation account on Azure
  • Setup your runbook/s in Azure Automation
  • Setup a webhook on your runbook/s in Azure Automation
  • Have a WordPress instance
  • Install Ninja Forms plugin in the WordPress instance
  • Install the Webhooks add on for Ninja Forms
  • Setup your runbook frontend form/s
  • Configure the runbook frontend form/s to connect to the Azure Automation webhook

Let’s get started!

Step 1: Have an Azure Automation account on Azure

To get started with Azure Automation go here: https://azure.microsoft.com/en-us/documentation/articles/automation-intro. I am not going to cover this within this blog post.

Step 2: Setup your runbook/s in Azure Automation

For this testing this scenario and this post I grabbed a couple of Azure Automation runbooks built by the Microsoft AzureAutomationTeam and made available in the Azure Automation Runbook Gallery. These runbooks start and stop Azure virtual machines.

Runbook #1 Name:

Start-AzureV2VMs

Description:

This runbook connects to Azure and starts all VMs in an Azure subscription or resource group.

Runbook #2 Name:

Stop-AzureV2VMs

Description:

This runbook connects to Azure and stops all VMs in an Azure subscription or resource group.

Both runbooks have two parameters they need. These are:

param (

[Parameter(Mandatory=$false)]

[String]  $AzureConnectionAssetName = “AzureRunAsConnection”,

[Parameter(Mandatory=$false)]

[String] $ResourceGroupName

We need to pay attention to these when setting up the webhooks and these often become your fields on your front end form.

Step 3: Setup a webhook on your runbook/s in Azure Automation

Here are the steps to setup a webhook for an Azure Automation Runbook.

First off make sure your runbook/s are in a published authoring status.

image003

Within https://portal.azure.com Navigate to

YOURAZUREAUTOMATIONACCOUNT

Runbooks

YOURRUNBOOK (Start-AzureV2VMs)

Webhooks

From here click on the Add Webhook button.

image004

The Add Webhook blade will fly out. Here you will want to click on Create new webhook to make the next blade flyout.

Here you need to give your webhook a name, set to enabled, set when it will expire and COPY THE URL TO A SAFE PLACE.

NOTE: You will not be able to access the webhook URL after this.

image005

Click OK.

Next you need to click on Configure parameters and run settings. This is where you set the parameters from the runbook.

If your parameters are required you have to set them here. If they are optional you can leave them blank here and pass the data into the runbook from the frontend form via a $WebhookData object.

In my case I put AzureRunAsConnection directly in the webhook. I created a credentials asset in Azure Automation with the account containing the needed permissions to perform the actions from the runbook in my Azure account (Start/Stop VM’s).

I left the resourcegroupname blank as I will pass this in from the front end form. I left the Run Settings to run on Azure as I do not have a Hybrid Worker setup.

NOTE: A Hybrid Worker lets you run automation runbooks on premises in your data center.

image006

One you have the Webhook and parameters configured click on the Create button to actually create the webhook.

image007

You will now see your new webhook in the webhooks blade.

image008

Note that if you click on a webhook you will not see the URL. You can enable or disable the webhook, see when it expires, and access the parameters. This is shown in the following screenshot.

image009

Step 4: Have a WordPress instance

You can host WordPress on WordPress.org on a hosting account, internally or even on Azure. Here is a link to a tutorial on how to run WordPress on Azure. https://azure.microsoft.com/en-us/documentation/articles/app-service-web-create-web-app-from-marketplace.  I am not going to cover how to setup a WordPress instance within this blog post.

Step 5: Install Ninja Forms plugin in the WordPress instance

Here are the steps to install Ninja Forms WordPress plugin.

From within the WordPress admin dashboard click on Plugins.

Click on Add New.

image010

Search for Ninja Forms. Click on the Install button to add the plugin. Make sure you activate the plugin.

image011

You also could manually download and upload the plugin or load it directly into the plugins directory. I have shown you the steps for the easiest way to install it.

The Ninja Forms plugin page can be found here:

https://wordpress.org/plugins/ninja-forms

Step 6: Install the Webhooks add on for Ninja Forms

The Webhooks for Ninja Forms add on can be found here:

https://ninjaforms.com/webhooks-for-ninja-forms

This add on has to be purchased. It is $39 by itself for 1 WordPress instance.

After you buy it you will get the files for download. Again from within the WordPress admin dashboard click on Plugins.

Click on Add New. This time click on the Upload Plugin button and browse to your downloaded Webhooks for Ninja Forms zip folder.

After it is uploaded be sure to activate it.

The final step is to install the license for the add on. To do this Click on Forms>Settings>Licenses and input the key that Ninja Forms sent in the Webhooks Key field. Click on Save & Activate.

image013

Step 7: Setup your runbook frontend form/s

Next we need to build the actual form. To do this follow the list of steps.

Click on Forms>Add New. Give your form a Title.

Add a Textbox and put in the label of ResourceGroupName.

I like to make it Required.

image014

Add a Submit button to your form. I labeled it Start.

image015

In the following screenshot is what the form looks like. Note that I have both forms loaded on the same page.

image016

Step 8: Configure the runbook frontend form/s to connect to the Azure Automation webhook

Now is the last step. This is the step in which we configure the form to send data to the Auzre Automation webhook upon submission. This is doing it via POST method.

When editing the form click on the Email & Actions tab. Click on the Add New button.

Give this Action a name.

In the Type dropdown select Webhook.

Enter the Azure Automation webhook URL in the Remote Url field.

Select Post for the Remote Method.

For Args select enter the name of and select the field from your form of the parameters you need to send to the Azure Automation runbook.

You can see this all represented in the following screenshot.

image017

One of the cool things about this solution is we can test the webhook action before actually submitting it to make sure it will work as expected. This testing can be turned on by checking the Run in Debug Mode field. I have highlighted this in the screenshot in green. Checking this box and submitting the form will show debugging information like data sent and response.

Here is an example of what the result in Debug mode will look like:

image018

Make sure you uncheck the Run in Debug Mode field when you are ready to actually start your runbook/s.

Now let’s see what this looks like in Azure Automation when we submit the form.

I have a resource group named 6716vm with one VM in it named 6716vm. So I will enter 6716vm on the form. 6716vm will be passed to the runbook as the resourcegroupname.

image019

You can see the job running in Azure now.

image020

Within the job if you click on Input you can see it has 2 inputs. One is Webhookdata. This is where the 6716vm is located. The other is the Azureconnectionassetname. Remember we hardcoded this into the webhook itself. We can also see in the following screenshot that the job completed.

image021

If we look further at the webhookdata we can see several interesting things. We can see exactly where it put the 6716vm parameter for the resourcegroupname and we can see that this request came from my blog at www.buchatech.com.

image022

{“WebhookName”:”WPhook1″,”RequestBody”:”ResourceGroupName=6716vm”,”RequestHeader”:{“Accept”:”*/*”,”Accept-Encoding”:”deflate; q=1.0″,”Host”:”s1events.azure-automation.net”,”User-Agent”:”WordPress/4.5.3; http://www.buchatech.com”,”x-ms-request-id”:”0ae47ca6-46a4-4ba7-902e-6d33840add75“}}

Pretty cool right? Check out the VM now running:

image023

Now to shut it down I can go back to my WordPress and use the Stop Azure VM form. The possibilities here are endless. I know some of you may be thinking this is great but what if I want to control who can login to see this form and will it work with Active Directory. The answer is YES. WordPress has several plugins that integrate with Active Directly and even have SSO. A couple of these are Active Directory/LDAP Login for Intranet sites and Active Directory Integration. 

You can see that WordPress can make a great frontend for your Azure Automation runbooks. That is the end of the post. Happy automating!

Read More

5th Year Microsoft MVP!

Today was a special day as I received an email from Microsoft stating I was awarded as an MVP for the 5th year! Here is the email:

5th Year Microsoft MVP

This marks a special year. Microsoft awards you the special 5 year chip to add to your award. Here is a picture of the chip:

5th Year Microsoft MVP Chip

I am humbled to make it this long in the MVP program. A huge thanks goes out to everyone in the community and Microsoft. And as always I am honored to still be a part of such a great group of people. I have made many friends all over the world with other MVP’s, community, and Microsoft. I am looking forward to another exciting year of contributing to the community.

I will continue to do all that I can in the System Center community this year. Something new you will see from me this year is I will be contributing as much as I can also in the OMS and Azure Stack space. I am very excited about the new opportunities that are coming out of the growth of cloud.

My Microsoft MVP Profile: http://mvp.microsoft.com/en-us/mvp/Steve%20Buchanan-4039736

Congrats to all the other new and renewed MVP’s!

Read More

Azure Stack Round Table Video

Microsoft MVP Lee Berg @LeeAlanBerg just finished the Azure Stack Roundtable video from MMS. This video has me and two other Microsoft MVP’s  Damian Flynn @damian_flynn and Mikael Nystrom @mikael_nystrom having a great discussion about many Azure Stack topics. In the video questions such as “does VMM still have a purpose in an Azure Stack?” world, “how is Azure Stack compared to Open Stack?”, and “how can an IT Pro get management to invest in DevOps and Azure Stack?”.

Check out the video here:

https://youtu.be/98fA4In9TSc

ASRoundtablepic

Here are links to Azure Stack sessions from MMS:

http://mms2016.sched.org/type/azure+stack

You can download all the slide decks.

Read More

Tool for Logging outgoing SCSM email issues

Recently I was working on a Service Manager project and outgoing email was not working properly.

The SMTP channel was setup properly. I ran a telnet session and attempted to send an email via telnet. Well the telnet session would connect just fine to the Exchange server but then would disconnect as soon as I tried to run some telnet commands.

I knew this was odd as I have never seen this before. There must have been an issue on the Exchange  server or a policy to disconnect telnet sessions.

I needed a better way to troubleshoot this issue before I went back to the Exchange admin.

I ran across a freeware tool called SendSMTP that was a huge help.

The tool can run somewhere and send emails via a GUI or even via command line.

This tool also does not install the .exe just runs right from a folder on the server so it is portable and can be removed easily after you are done testing/troubleshooting.

It also lets you specify many settings such as host, authentication, timeout and more.

The reason this tool is super helpful is because it has some built in logging.

As you can see in the following screenshots you can set the logging levels you want.

SendSMTP1
After you test sending an email you can either view either of the two log files
by clicking on View Log or by clicking on the Log tab.

SendSMTP2

I loaded this tool on the SCSM server and then tested sending an email both anonymously and using authentication. Both failed.

Because of the logging I was able to determine that the connection keeps being reset by the Exchange server as there are some access denied issues.

You can see the log as shown on the tools Log tab in the following screenshot.

SendSMTP3

I was able to give this directly to the Exchange admin for further troubleshooting. 🙂

I wanted to share this on my blog as this tool might come in useful for someone else as well.

You can download SendSMTP here:

Read More

New Productivity Software Suite for Service Manager

Two good friends of mine Microsoft MVP Marcel Zehner and Dieter Gasser‘s company ITnetX has recently released a Productivity Pack for Service Manager. This is great news because these guys and their teams know Service Manager inside and out. They have been building apps for Service Manager for some time and I have even been using some of them.

This new software suite introduces many new components that fill several existing gaps in Service Manager. The suite has a paid version and also offers some components for free. So what’s in this new suite? Let’s break it down.

ITSM Portal – The itnetX ITSM Portal is HTML5 and is a fast and intuitive alternative for the out-of-box SCSM Self-Service Portal. It allows end users to browse your IT Service Catalog, create new requests, view and update open requests, and work on activities as part of ITSM workflows.

The full suite also includes the following components:

  •     Advanced View Editor
  •     BillableTime
  •     Checklist Activity
  •     CMDB Visualizer
  •     Desktop Alert
  •     Power Print
  •     PowerShell Activity
  •     PowerShell Tasks
  •     PowerShell Workflows
  •     Preview Forms
  •     Send Mail
  •     SMA Connector

Here is a list of the free components:

  •     Advanced View Editor for SCSM FREE
  •     Advanced Console Search for SCSM FREE
  •     Billable Time for SCSM FREE
  •     Clone User Role for SCSM FREE
  •     Email Template Tester for SCSM FREE
  •     Entity Explorer for SCSM FREE
  •     MPB Maker for SCSM FREE
  •     Send Mail for SCSM FREE
  •     Update Transfer for SCCM FREE

I use the email template tester and advanced editor, in almost every Service Manager deployment I do. I am especially excited about a few of the components, these are:

CMDB Visualizer for SCSM lets you visualize any object that lives in the CMDB including its relations to other objects.

ITnetX1

PowerShell Activity for SCSM introduces an activity which runs custom PowerShell scripts. Scripts are stored in the CMDB and are triggered from PowerShell Activity within your processes. PowerShell Activities can be used just like you use runbook activities and add them to your Service Request, Change Request, and Release Record templates

ITnetX2

and the suite has an SMA Connector for SCSM!

I recommend you go check out this new software suite. Here is the link:

http://bit.ly/1P27Tlf

Read More

SCSM HTML5 Portal Prereq Script

This has to be the shortest blog post I have ever done. 🙂 Well here it is.

Out on the deployment article for the SCSM HTML 5 portal here https://technet.microsoft.com/en-US/library/mt622142.aspx you will see there are a number of prerequisites that are needed before you can install the portal. A while back I made a simple PowerShell script that can be used to install all of the HTML5 based Self-Service Portal prerequisites. I thought it might be good to share it.

SCSMHTML5SSPPre-reqs

Here is the link to download the script:

https://gallery.technet.microsoft.com/SCSM-HTML5-Portal-Prereq-ddeb504a

Read More

SQL Transaction Log for Database is Full Due to Log Backup

For this post we have a guest contributor with some SQL goodness. This will definitely come in handy for us System Center folks as all of the System Center components use SQL. This guest post was written by: Andrew Jackson a SQL expert in the SQL community check him out on the following sites: LinkedIn , google+, his blog. Here is the actual blog post:

Overview

In SQL Server, Every database file is associated with a transaction log that contains all the records of transactions and modifications made by each transaction. The log file plays a very important part as it helps in disaster recovery. The transaction log should be truncated or cleared regularly to keep the size of log file from filling up. One of the common error encountered by the users of the SQL Server is when the transaction log is full, which is possible by various reasons. This blog will be discussing about the Transaction Log Full due to Log Backup.

Problem Statement

The following error message will be displayed like this “The transaction log for database is full due to Log Backup.” It happens when the user is unable to make data entry due to insufficient space. The transaction log file grows very large and consumes too much space over server restricting addition of any data into SQL Tables. The error message is not because of log backup but it actually means the virtual files with the transaction log could not be reused, as it requires log backup. User need to make sure that Log file growth is unrestricted, Storage of log file should have enough space, and regular log backups should be taken.

Possible Solution

There may be several solutions for the situation when the Transaction log file is full such as creating backup or truncate the transaction logs, making the log space available, moving file to another disk drive, increase the log file size or add another log file on different disk.

Since we are talking about the Transaction Log Full Due to Log Backup, we will be performing truncate operation on the transaction log file. Steps that need to be followed to sort the issue are:

  • Open Microsoft SQL Server Management Studio in order to connect to the desired SQL server database.
  • Select the database, which transaction file needs to be truncated
  • Type the T-SQL script below

USE db_name

GO

ALTER DATABASE db_name SET RECOVERY SIMPLE

GO

DBCC SHRINKFILE (db_name_log,5)

GO

ALTER DATABASE db_name SET RECOVERY FULL

GO

 

  • Click on Execute button and run these commands

Another solution is to stop the SQL Server Service and find the location of the transaction file to rename it. When the SQL Service is re-started and logged in to the database, a new log file will be created. If the new log file is not created still and displays the same error user can follow these steps:

  • Go to SQL Server Management Studio to connect to the database
  • Right-click on the desired database, Go to Tasksà Detachà Browse the location of the file
  • Cut the ...

Read More

Write once, deploy anywhere (Azure or Azure Stack)

This blog post is a follow up to the MMS 2016 session I recently delivered together with Microsoft Azure Stack PM Daniel Savage. The session title is “Future-proof your Career with Azure Stack in the New Hybrid Cloud World!” link here: http://www.buchatech.com/2016/04/presenting-at-mms-2016-azure-stack-backup-oms.

My demo is this session was titled “Write once, deploy anywhere“. The purpose of this demo was to show using a single ARM template (JSON file) and a single PowerShell script to deploy a VM regardless of deploying to Azure or Azure Stack. The demo was a success so yes this is really possible. In this post I will break down the JSON file, the PowerShell script, how it works and the download link for the files.

Getting the JSON file and the PowerShell script just right was a challenge as there are still some slight differences between the settings of Azure and Azure Stack. Note that this is the case with Azure Stack TP1 and I fully expect that this will change when it GA’s. In any case it is good to look at this stuff now to start to learn the ins and outs. In the end it was the combined Power of the ARM template and PowerShell to overcome any challenges. Let’s start off by taking a look at the differences in ARM between Azure and Azure Stack in the following table:

Property

Azure

Azure Stack

Location

Azure region (example: CentralUS)

local

blobStorageEndpoint

blob.core.windows.net

blob.azurestack.local

vmSize

Standard_D1

Standard_A1

vmName apiVersion

2015-06-15

2015-06-15

StorageAccountName apiVersion

2015-06-15

2015-06-15

nicName apiVersion

2015-06-15

2015-05-01-preview

vrtualNetworkName apiVersion

2015-06-15

2015-05-01-preview

networkSecurityGroupName apiVersion

2015-06-15

2015-05-01-preview

dnsNameForPublicIP apiVersion

2015-06-15

2015-05-01-preview

torageAccountName apiVersion

2015-06-15

2015-05-01-preview

NOTE: For the apiVersion on the resources Azure Stack requires 2015-05-01-preview. Resources in Azure ARM templates default to apiVersion 2015-06-15. So if we left the resources in the ARM template at apiVersion 2015-06-15 the deployment would fail on Azure Stack. However we are in luck as Azure will accept apiVersion 2015-05-01-preview. So I set vmName and StorageAccountName to apiVersion 2015-06-15 and the rest of the resources apiVersion to 2015-05-01-preview.

vmName and StorageAccountName use the same apiVersion for both Azure and Azure Stack. So Azure Stack accepts 2015-06-15 for both. Even those these are not different across Azure and Azure Stack I still wanted to list it anyway in the table.

If you have multiple subscriptions you will need to input the subscription ID. In my case my Azure has multiple subscriptions but my Azure Stack does not in this lab. In my script for Azure you need the subscription ID. In Azure Stack you do not. You may need to modify this behavior in the script if your scenario is different.

For the deployment it consists of two files. These files are:

Writeonceblog (1) AzureandAzureStack.json

CreateVMAzureorAzureStack.ps1

Here is what we have if we crack open the JSON file.

Writeonceblog (2)

A few things to note about the PowerShell script is that

  1. We prompt to identify if it is an Azure or Azure Stack deployment. We then run the appropriate block of code.
  2. In each of the deployment types (Azure or Azure Stack) we have some things hard coded in (for example blobStorageEndpoint and vmSize) and somethings pulled in dynamically by prompting for them during the script execution (for example subscriptionId and adminPassword).
  3. We are pulling in the parameter and variable values when using New-AzureRmResourceGroup and New-AzureRmResourceGroupDeployment.

NOTE: I am not a PowerShell expert. I am sure there are better more efficient ways to accomplish what I am doing here in the PowerShell script. Nothing was available to accomplish the write once, deploy anywhere goal so I put something together. Feel free to enhance the script and release back to the community.

Here is an example of the location parameter and variable in the JSON file.

The parameter:

Writeonceblog (3)

The variable:

Writeonceblog (4)

Referenced in the vmName resource:

Writeonceblog (5)

Here is an example of how we are leveraging this in the PowerShell script.

For Azure:

Writeonceblog (6)

For Azure Stack:

Writeonceblog (7)

Writeonceblog (8)

Writeonceblog (9)

Note that you can deploy VM’s to Azure or Azure Stack in many ways (Visual Studio, the portal etc..). I decided to leverage PowerShell to do the deployment’s as it gives me a great amount of flexibility. For the official article on using PowerShell to deploy VM’s to Azure Stack visit:

https://azure.microsoft.com/en-us/documentation/articles/azure-stack-deploy-template-powershell

Now let’s look at deploying a VM to both Azure and Azure Stack using a single PowerShell script and a single ARM template.

— AZURE —

Run the script and you are prompted for some of the VM info.

Writeonceblog (10)

Then you are prompted to log into your Azure account.

Writeonceblog (11)

You need to input your subscription ID.

Writeonceblog (12)

Specify the region you want to deploy to.

Writeonceblog (13)

You will be prompted to enter the admin password you want to use for the VM.

Writeonceblog (14)

After entering the admin password the deployment starts. When it is finished you will see a success message and the Azure portal will be launched in your default browser.

Writeonceblog (15)

Writeonceblog (16)

— AZURE STACK–

Run the script and you are prompted for some of the VM info.

Writeonceblog (17)

Then you are prompted to log into your Azure account.

Note here that the script adds the Azure Stack environment and authenticates it with PowerShell. This is a step we did not have to do when deploying to Azure.

Writeonceblog (18)

You will be prompted to enter the admin password you want to use for the VM.

Writeonceblog (19)

After entering t...

Read More