OMS: Service Map dependency data flow

OMS: Service Map overview

Recently the Operations Management Suite (OMS) team at Microsoft announced the private preview of Service Map in OMS formally known as Application Dependency Map. Service Map has been a long awaited feature in OMS. Service Map is a feature that is a part of OMS that discovers and maps Windows & Linux app and system dependencies. Service Map displays these dependencies in application maps within OMS. Service Map did not start with OMS. It actually started as a standalone product named Fact Finder and later was integrated with SCOM. The integration of FactFinder with SCOM allowed Bluestripe to automatically create Distributed Applications in SCOM. Well Microsoft acquired BlueStripe and the rest is history.

In this post I will set out to explore and break down Service Map, how it is installed, info about the agent, how it works, key points about it, how the data flows and more. NOTE: Click on any of the images in this post to display larger in a new window. Also this post is my first effort in taking one of my PowerPoint’s and converting into a post! The following graphic describes some of the benefits of having application maps including in your monitoring solutions along with information about FactFinder:

oms-servicemap-overview-1

Now let’s take a look at what Service Map does and how it looks.

oms-servicemap-overview-2

Now let’s take a look at one of the Service Maps aka Application Maps in OMS. Notice on the left hand side the breakdown of the interface. In Service Map there is a focus machine in the center. There are front end and back end connections into that focus machine. These are the dependencies flowing in and out of the focus machine giving the mappings. Notice on the left-hand side you can control the time controls and select either a Windows or Linux machine from the list. Finally, on the left-hand side are the details of the current selection. The current selection can be a machine or process.

oms-servicemap-overview-3

Also notice that SM integrates with Change Tracking, Alerts, Performance, Security, and updates. What this means is that when you have a focus machine selected you can click on the corresponding solution on the right hand. When you click on the solution i.e. updates or security the update or security dashboard widget will be shown and you can drill down from there for further detail.

oms-servicemap-overview-4

oms-servicemap-overview-5

A common question that comes up when discussion Service Map is how does it work. The following graphic displays the process from the solution add to the actual mapping within OMS.

oms-servicemap-overview-6

Other key information about Service Map is detailed in the following graphics.

oms-servicemap-overview-7

The next graphic looks at deploying the SM agent and locations for logs. The process is as simple as downloading and installing the agent from OMS.

Here is some more critical information you need to know about the SM agent.

oms-servicemap-overview-9

This next graphic details how Service Map dependency data flows into OMS.

oms-servicemap-overview-10

At this current time Service Map supported Operating Systems at this time are:

Windows Linux
  • Windows 10
  • Windows 8.1
  • Windows 8
  • Windows 7
  • Windows Server 2016
  • Windows Server 2012 R2
  • Windows Server 2012
  • Windows Server 2008 R2 SP1
  • Oracle Enterprise Linux 5.8-5.11, 6.0-6.7, 7.0-7.1
  • Red Hat Enterprise Linux 5.8-5.11, 6.0-6.7, 7.0-7.2
  • CentOS Linux (Centos Plus kernel is not supported)
  • SUSE Linux Enterprise Server 10SP4, 11-11SP4

Service Map’s computer and process inventory data is available for search in OMS Log Analytics. This is very cool as the log analytics and searching capability in OMS is powerful and most important very FAST. Having application components, service dependencies, and supporting infrastructure configuration data at your fingertips through the log analytics gives you a powerful troubleshooting and forensics tool. I am sure over time the query capabilities will be expanded to include even more.

 oms-servicemap-overview-11  oms-servicemap-overview-12
Type=ServiceMapComputer_CL Type=ServiceMapProcess_CL

A few Service Map Log Analytic query examples:

List the physical memory capacity of all managed computers:

Type=ServiceMapComputer_CL | select TotalPhysicalMemory_d, ComputerName_s | Dedup ComputerName_s

List computer name, DNS, IP, and OS version:

Type=ServiceMapComputer_CL | select ComputerName_s, OperatingSystemVersion_s, DnsNames_s, IPv4s_s | dedup ComputerName_s

List Process Map by process name:

Type=ServiceMapProcess_CL (ProductName_s=TeamViewer)

Thanks for reading and I hope you enjoyed this post on OM’s Service Map. Now go out and add the public preview right away.

Read More

Azure Stack Deployment…No KVM…No Problem

When deploying Azure Stack (TP2) you may not have a KVM, a physical monitor, or maybe you just don’t want to use either with the host. Well there is a solution for this. You can utilize a Windows setup answer file for an unattended installation. What this will do is automate the Windows Setup for you. For Azure Stack you basically just need to input the administrator password. 🙂

Microsoft has put together an answer file and a PowerShell script that enables you to inject an answer file into CloudBuilder.vhdx before deploying Azure Stack. What this will do is enter info on the Windows setup screen for you so that you don’t have to have a KVM or physical monitor attached to the host.  You can just wait for the host to reboot and then RDP in. This unattended answer file and script is a part of the AzureStack-Tools. The AzureStack-Tools have some great resources in the repository and I will be blogging about more of them in the future.

There are basically 2 steps to inject this answer file into your Azure Stack VHDX. These are:

Step 1:

Go and download the Deployment tools files manually onto your Azure Stack host from here:

https://github.com/Azure/AzureStack-Tools/tree/master/Deployment

Or run this PowerShell from your Azure Stack host:

# Variables
$Uri = ‘https://raw.githubusercontent.com/Azure/AzureStack-Tools/master/Deployment/
$LocalPath = ‘YOURLOCATION:\AzureStack_TP2_SupportFiles’

# Create folder
New-Item $LocalPath -Type directory

# Download files
‘BootMenuNoKVM.ps1’, ‘PrepareBootFromVHD.ps1’, ‘Unattend.xml’, ‘unattend_NoKVM.xml’ | foreach { Invoke-WebRequest ($uri + $_) -OutFile ($LocalPath + ‘\’ + $_) }

Be sure to set $LocalPath to your location.

Step 2:

NOTE: You need to have the CloudBuilder.vhdx downloaded to your Azure Stack host and it cannot be mounted.

From within PowerShell navigate to the directory you downloaded the deployment tools to and run this

.\PrepareBootFromVHD.ps1 -CloudBuilderDiskPath YOURDRIVE:\CloudBuilder.vhdx -ApplyUnattend

Be sure to point the script to the location containing your CloudBuilder.vhdx before running this.

You will be prompted to enter the password you want to use for the local administrator account.

applyasunattended1

You will see the bcdedit command execution and output as shown in the following screenshot. This saves you the step of modifying the bcdedit. The CloudBuilder.vhdx will also be mounted. You will then be asked to confirm a reboot also as shown in the following screenshot.

applyasunattended2

Before you reboot if you are interested you can go see the unattend.xml file that was created. This is the answer file that will be used. This is shown in the following screenshot.

applyasunattended3

The host will be rebooted. When it comes back online you will be able to RDP in. You will then be able to kick off the Azure Stack deployment.

Happy Azure Stacking!!!

Read More

Azure Stack TP2 deployment failure 60.120.123

I recently deployed the new Azure Stack TP2 release. This install is way better. I did run into one small issue during the deployment. Below is what I ran into and the solution.

Failure in Deployment log:

2016-11-18 02:18:36 Error    1> Action: Invocation of step 60.120 failed. Stopping invocation of action plan.

Finding the root of the failure:

When walking back the step index in the summary xml log the error landed on step 60.120.123.

-<Task EndTimeUtc="2016-11-18T08:15:23.1042963Z" Status="Error" StartTimeUtc="2016-11-18T08:10:40.5896841Z" ActionType="Deployment-Phase4-ConfigureWAS" RolePath="Cloud">

-<Action EndTimeUtc=”2016-11-18T08:15:23.1042963Z” Status=”Error” StartTimeUtc=”2016-11-18T08:10:40.5896841Z” Type=”Deployment-Phase4-ConfigureWAS” Scope=”Internal”>

-<Steps>

-<Step EndTimeUtc=”2016-11-18T08:15:23.1042963Z” Status=”Error” StartTimeUtc=”2016-11-18T08:10:40.5896841Z” Name=”(Katal) Configure WAS VMs” Description=”Configures Windows Azure Stack on the guest VMs.Index=”123“>

-<Task EndTimeUtc=”2016-11-18T08:15:23.1042963Z” Status=”Error” StartTimeUtc=”2016-11-18T08:10:40.5896841Z” RolePath=”Cloud\Fabric\WAS” InterfaceType=”Configure”>

-<Exception>

<Message>Function ‘ConfigureWAS’ in module ‘Roles\WAS\WAS.psd1’ raised an exception: Time out has expired and the operation has not been completed. at Stop-WebServices, D:\WAP\Setup\Scripts\Configure-AzureStackMasd.ps1: line 699 at Restart-WebServices, D:\WAP\Setup\Scripts\Configure-AzureStackMasd.ps1: line 712 at Invoke-Main, D:\WAP\Setup\Scripts\Configure-AzureStackMasd.ps1: line 649 at <ScriptBlock>, D:\WAP\Setup\Scripts\Configure-AzureStackMasd.ps1: line 738 at <ScriptBlock>, <No file>: line 21</Message>

<StackTrace> at CloudEngine.Actions.PowerShellHost.Invoke(InterfaceParameters parameters, Object legacyConfigurationObject, CancellationToken token) at CloudEngine.Actions.InterfaceTask.Invoke(Configuration roleConfiguration, Object legacyConfigurationObject, MultiLevelIndexRange indexRange, CancellationToken token, Dictionary`2 runtimeParameter)</StackTrace>

<Raw>CloudEngine.Actions.InterfaceInvocationFailedException: Function ‘ConfigureWAS’ in module ‘Roles\WAS\WAS.psd1’ raised an exception: Time out has expired and the operation has not been completed. at Stop-WebServices, D:\WAP\Setup\Scripts\Configure-AzureStackMasd.ps1: line 699 at Restart-WebServices, D:\WAP\Setup\Scripts\Configure-AzureStackMasd.ps1: line 712 at Invoke-Main, D:\WAP\Setup\Scripts\Configure-AzureStackMasd.ps1: line 649 at <ScriptBlock>, D:\WAP\Setup\Scripts\Configure-AzureStackMasd.ps1: line 738 at <ScriptBlock>, <No file>: line 21 at CloudEngine.Actions.PowerShellHost.Invoke(InterfaceParameters parameters, Object legacyConfigurationObject, CancellationToken token) at CloudEngine.Actions.InterfaceTask.Invoke(Configuration roleConfiguration, Object legacyConfigurationObject, MultiLevelIndexRange indexRange, CancellationToken token, Dictionary`2 runtimeParameter)</Raw>

</Exception>

</Task>

</Step>
Solution:

The first option is to re-run the deployment from the specific failed step. Do this by using the following syntax:

Import-Module C:\CloudDeployment\CloudDeployment.psd1 -Force

Import-Module C:\CloudDeployment\ECEngine\EnterpriseCloudEngine.psd1 -Force

Invoke-EceAction -RolePath Cloud -ActionType Deployment -Start 60.120.123 -Verbose

The second option for this specific issue is to re-run the deployment with network parameters included. Use the following Syntax:

.\InstallAzureStackPOC.ps1 -AdminPassword $adminpass -AADAdminCredential $aadcred -AADDirectoryTenantName X.onmicrosoft.com -NatIPv4Subnet 192.168.5.0/24 -NatIPv4Address 192.168.5.3 -NatIPv4DefaultGateway 192.168.5.1 -EnvironmentDNS 192.168.5.1 -Verbose

Read More

Fun @ the MVP Summit 2016

This year at the MVP Summit was a great one.

I learned a lot of stuff mostly about OMS, System Center, and Azure Stack.

I cannot talk about any of it. 🙂

I can however talk about some of the fun times we had and share some pictures.

 

First picture….a warm welcome to MVP’s from around the world.

image001

Here is a picture of the US MVPs at the summit!

all-us-mvps

Me at the Microsoft Enterprise Engineering Center in Redmond.

image003

image005

A room full of talented MVP’s! Check out the cool US MVP jersey’s.

image007

The annual Concurrency MVP dinner. We have 12 MVP’s at Concurrency now!

image009

image011

Me with MVP and SCOM guru Scott Moss.

image013

Azure Stack Power in the house or should I say data center. MVP’s Mark Scholman, Florent APPOINTAIRE and me.

image015

Picked up some really cool Azure Stack stickers.

image017

Having fun with MVP and SCOM master Tao!

image021

With MVP’s Kurt Van Hoecke, Jakob G. Svendsen, and Tao.

image023

With long time MVP and SCOM godfather Cameron Fuller.

image025

With MVP Annur Sumar.

image027

MVP and Service Manager master Andreas Baumgarten.

image029

Solving the world’s problems with David ...

Read More

Download all Azure Stack Ignite 2016 decks

Mattias Fors has a post with a PowerShell script that can be used to download all Microsoft Ignite 2016 slide decks. The blog post is here: https://deploywindows.info/2016/09/30/download-ignite-2016-slidedecks,

You can use this script to download all the Azure Stack session decks.

2016-10-04-14_59_34-windows-powershell-ise

Just change if ($item.title –notlike “Re:*”) to if ($item.title -like “*Azure Stack*”) in the script and run it. It will place them in C:\Ignite2016Slidedecks.

2016-10-04-15_01_47-c__ignite2016slidedecks

Enjoy!

Read More

Breakout of the Cold & into MN tech

Minnesota has been a hotbed of tech for a long time. In 2015 Minnesota was named one of The Fastest-Growing States For Tech Jobs In 2015 by Forbes. Link here:

http://www.forbes.com/sites/susanadams/2015/08/18/the-fastest-growing-states-for-tech-jobs-in-2015

Also in 2015 Minnesota landed #1 on Dice.com’s Fastest-Growing States for Tech Jobs. Link here:

http://media.dice.com/report/august-2015-fastest-growing-states-for-tech-jobs

Most recently within the past few Months Amazon has opened an office in Downtown Minneapolis with 100 full time tech positions giving the local tech community another boost on the national scale. Here is an article that covers the topic of companies such as Amazon expanding into this market to tap into the rich technical talent pool. Article: High-tech talent grab Link: http://www.bizjournals.com/twincities/news/2016/09/30/high-tech-talent-grab.html

Back in the 1960’s Control Data Corporation one of the nine original major computer companies in the US was headquartered in Minnesota and later in the 1970’s Cray super computer also came out of Minnesota. In recent years it’s been heating up even more and the word has been getting out.  Minnesota’s tech scene is stronger than ever with a number of high profile startups as well as many well established tech based organizations. Some of the hot tech startups include:

Code42

JAMF Software

The Nerdery

Leadpages

Upsie

Vidku

Field Nation

And other notable tech organizations are:

SPS Commerce

Stratasys

Optum

Lawson Software

Compellent (Acquired by Dell some years back)

Digital River

The list of startups and other large tech organizations could fill up an entire blog post itself so I had to limit the list.

I am from Minnesota and proud to be a part of this thriving tech community. Recently a documentary about the tech scene in Minnesota was released named DocuMNtary.

documntary

This film was produced by a techie named Nick Roseth, music done by the MN super hip hop collective Doomtree, and narrated by legendary MN hip hop emcee Dessa also of Doomtree. I was impressed that Nick pulled in Doomtree and Dessa to help with the film. A great move in my opinion. They help bring an artistic and authentic MN feel to the film’s creative side.

They kick off the film by getting the obvious out of the way….Minnesota’s cold weather. Once we break out from the cold it is time to focus on the culture and tech. Next they examine what makes Minnesota great, why people stay when they come to MN and the great things about the culture. They also touch on why MN tends to be a collaborative culture. The film then moves into the history of tech in MN and establishes the roots.

They continue through the film showcasing several startups, how the tech ecosystem is supportive, tech training, associations/government agencies that help facilitate tech in MN, events such as MN Cup, Startup week, and more. The film calls out a Minnesota focused website named Tech{dot}MN http://tech.mn. Tech{dot}MN is the go to for all things MN tech such as events, user groups, startup and other tech news. They even address the issue of diversity in tech and what is happening in MN to help bridge this gap.

In the film they interviewed 50 players in the tech scene from a variety of companies and organizations. Here is a screenshot of all the featured people.

50people

Towards the end of the film it was admitted that Minnesotans are not the best at telling our story due to our Midwestern and humble nature. There was a call to action for viewers that are in tech and from Minnesota to do some bragging and get the word out about the magic happening in tech. This prompted me to write this blog post! I hope you enjoyed this breakdown about the DocuMNtary film. The film website is: http://www.documntary.com

You can watch it here:

I also want to call out some things that were not covered in this film that are happening in Minnesota tech. We have a thriving community in the Microsoft space. In fact Minnesota is 1 of 20 locations in North America that Microsoft has chosen to place one of their Microsoft Technology Centers (MTC). You can learn more about the MTC here: https://www.microsoft.com/en-us/mtc/locations/minneapolis.aspx

Minnesota is home to 24 Microsoft MVP’s including myself. Here are some of the names of our local Microsoft MVP’s.

Brian Mason

Nash Pherson

Tim Curwick

Ryan Ephgrave

Tim Star

Paul Timmerman

ASP.NET MVP: Robert Boedigheimer – Blog: http://weblogs.asp.net/boedie

Data Platform MVP: Dan English

Will Smith

Scott Hamilton

Wes Preston

Cloud and Data Center Management MVP: Greg Shulz – Blog: http://storageioblog.com

Each of these Microsoft MVP’s are highly talented in their respective areas of technological expertise and Microsoft has selected them for this. I am proud to have such a high concentration of MVP’s in Minnesota. Learn more about the MVP program here: https://mvp.microsoft.com/en-us/overview

Minnesota can boasts about some of the highest turnouts for our user groups and events.

SharePoint Saturday Twin Cities is the biggest one in the US with attendance often reaching 800+. More about this event here: www.spstc.com

MN SQL Saturday is an annual event that has been around for some time. This event typically attracts 450+ attendee’s with many MVP’s coming out to present. http://www.sqlsaturday.com/557/EventHome.aspx

Midwest Management Summit (MMS) has been around for 4 years. It is held at the Radisson Blue Mall of America and has sold out every year.  Experts and attendee’s come from all of the US and the world to be a part of this magical event around Microsoft management technologies on premises and cloud. MMS has experts come in from Ireland, Denmark, Sweden, United Kingdom, Canada and more. Here is an old Microsoft blog post from Microsoft on MMS https://blogs.msdn.microsoft.com/mvpawardprogram/2015/11/16/mvps-from-around-the-world-come-together-again-for-mms-2015-in-minnesota and the offical website here: https://mmsmoa.com.

Some of the MMS folks also are involved in the MN System Center User Group (MNSCUG) https://mnscug.org and Minnesota Azure User Group http://www.mnazureusergroup.com. It is not uncommon for MNSCUG to host full day events with 100+ attendee’s and the MN Azure UG to get 50+ attendee’s.

DevOps Days Minneapolis is another event held in Minnesota that attracts a large crowd and speakers from all over! More about this event here: https://www.devopsdays.org/events/2016-minneapolis

On top of that Minnesota has SQL Pass, IoT UG’s, Twin Cities MAC Admins Meetup, Amazon AWS UG’s and more. A full list of user groups and events can be found on Tech{dot}MN.

Beyond the just the tech community eco-system If you want to launch a startup, work in corporate tech, work for a partner company to one of the big tech companies (Microsoft, Google, Amazon, IBM), work in open source, work as a developer, or even freelance Minnesota has a place for you.

So to wrap up this post the next time you think of MN go beyond the perception of the cold, our numerous sports teams, and the 10k lakes and remember this is a tech hot bed and its only getting hotter all the time!

Read More

New Azure Stack Survival Guide

As shown this week at Microsoft Ignite 2016 Azure Stack has come along way. TP2 has been released with new functionality and a timeline for Azure Stack has been announced.

Also we have seen some new blogs on TP2, some third party solutions coming, vendors demoing it on their hardware, and some new scripts and tools.

There is so much movement now around Azure Stack both from Microsoft and the community. It can be hard to keep up with all the information and resources for Azure Stack. To help with this I have started an Azure Stack Survival Guide on TechNet. Please go contribute to this and use it as a reference. Here is the link:

http://social.technet.microsoft.com/wiki/contents/articles/35810.azure-stack-survival-guide.aspx

2016-09-29-01_28_55-clipboard

Read More

Azure & RRAS Site to Site VPN Setup (Azure Resource Manager)

Background

I have not seen a lot of posts out there on setting up Azure Site to Site VPN Setup Azure Resource Manager. The ones I did follow had some missing steps. Setting up the AS2S is a pretty detailed process so I wanted to put the steps I had to follow in a blog post.

What you will need:

On-Premises

  • RRAS installed on an on-premises server.
  • At least 1 NIC on your RRAS server.
  • Your public IP. This will not work with dynamic DNS. You have to have a public IP. If you don’t own a public IP you can still use the dynamic public IP your ISP has assigned to you. You will need to just watch it and manually update it in Azure when it changes.
  • UDP Ports 500, 4500, and 1701 forwarded to your RRAS server. This is if your RRAS server is behind a NAT device.
  • Either your servers pointed to RRAS for their gateway or static routes setup on the VM’s you want to be able to communicate with Azure.

Azure:

Addressing:

For on-premises you can use whatever you want. I use 192.168.0.x/24.

For Azure we will use 10.121.0.x/16 and 10.121.0.0/24 and 10.121.1.0/24.

Steps:

~ AZURE CONFIGURATION FIRST! ~

First we will start off with configuring the network components we need up in Azure. Start by going to the Azure portal at https://portal.azure.com.

STEP 1: I would setup a resource group. You will put all of your resources for the site to site VPN in here for better tracking and management. As an example I named mine: “S2SVPN-Buchatech-LabRG“.

as2svpn-29

NOTE: Our resource group is empty at this point.

STEP 2:  Let’s start off by creating a virtual network. Go to:

Virtual networks>Create virtual network and click on Add. Let’s name this “S2SVPN-RRAS-Vnet“.

Give it “10.121.0.0/16” for the address space. This has to have enough room to place two subnets into it.

For the first subnet make the Subnet Name “Azure-VMs“. Make the Subnet address range “10.121.0.0/24“. Set it to the resource group you created in the previous step.

NOTE: I recommend placing all resources that will be a part of your site to site VPN in the same region. I used North Central US.

as2svpn-1

STEP 3:

We will be creating a virtual network gateway. This network gateway will contain the second subnet.

Go to Virtual networks>S2SVPN-RRAS-Vnet>Settings>Subnets.

Click on + Gateway subnet. For the Address Range use “10.121.1.0/24“. This address range is the IP range for your RRAS server to use.

So in your virtual network you should now have the two following Subnets:

as2svpn-2

STEP 4:

Now navigate to Virtual network gateways and click on Add. Name the gateway “S2SVPN-RRAS-VnetGW“. For the virtual network select our existing one named S2SVPN-RRAS-Vnet. Leave the gateway type to VPN, and leave VPN type to Route-based. For the public IP we don’t have one so we will need to create one here. Click on Choose a public IP address and a blade will fly out. Click on Create New.

as2svpn-3

I give it a name of “S2SVPN-RRAS-VnetGW-IP“. Your settings should look like this:

as2svpn-4

After the Virtual network gateways is created go and get the public IP addresses. We will need to plug this into RRAS later. You can get this by going here: Virtual network gateways>S2SVPN-RRAS-VnetGW>S2SVPN-RRAS-VnetGW-IP>Settings.

as2svpn-5

NOTE: It may take some time to provision the public IP so be patient here.

STEP 5:

Next up we need to configure a Local network gateway. Go to:

Local network gateways and click on +Add.  On Create local network gateway name it

S2SVPN-RRAS-LocalNetGW“, enter the public IP of your RRAS server, In the address space enter an IP range or ranges for your on-premises network , and select your RG.

as2svpn-6

NOTE: If you do not know what the public IP is on your RRAS server’s network just visit http://ipchicken.com and it will display it.

Now we need to create a connection in our local gateway. To do this navigate to the settings>connections and click on + Add. Name this “S2SVPN-RRAS-LocalNetGW-Connection“.

The Connection type will default to Site-to-site (IPsec). Leave this. Set the Virtual network gateway to “S2SVPN-RRAS-VnetGW“. Set a Shared key (PSK) to be used and remember this will also be used on the RRAS server so document this somewhere.

as2svpn-7

That’s it for the network configuration up in Azure. As long as everything was followed in these steps you should now have the following in your resource group.

as2svpn-8

~ RRAS CONFIGURATION! ~

STEP 7:

Install RRAS on your on-premises server. I used Server 2012 R2. Follow this to install it:

On your on-premises server launch Server Manager. In server manager click on Manage -> Add Roles and Features.

In the Add Roles and Features Wizard do the following:

  • Before You Begin: Click Next
  • Installation Type: Role-based > Click Next
  • Server Selection: Select a server from the server pool > RRAS-Server > Click Next
  • Server Roles: Check Remote Access > Click Next
  • Features: Click Next
  • Remote Access: Click Next
    • Role Services:
      • Direct Access and VPN (RAS)
        • Click Add Features on the pop-up window
      • Routing
      • Click Next
  • Web Server Role (IIS): Click Next
    • Role Services
      • Accept Defaults: Click Next
  • Confirmation: Click Install

Done!

STEP 8:

Open Routing and Remote Access.

as2svpn-9

as2svpn-10

as2svpn-11

as2svpn-12

as2svpn-13

as2svpn-14

STEP 9:

as2svpn-15

Click Next.

Give the Interface a name...

Read More

VMware VM Backup in DPM Setup

Today Microsoft released the availability to protect VMware virtual machines with System Center Data Protection Manager (DPM). This is a feature the community has been asking to get for a long time. Again the DPM team continues to deliver! Again the team has brought this new functionality to existing customers via an update rollup. You do not have to wait for a new version of DPM to start protecting VMware. This functionality is enabled in DPM 2012 R2 through update rollup 11. Download DPM 2012 R2 UR 11 from this link:

http://catalog.update.microsoft.com/v7/site/search.aspx?q=3162908

For DPM 2016 this funcionalty will come out of the box.

Now lets look at the install, setup, and recovery of VMware VM’s.

INSTALL THE UPDATE:

VMwareinDPM (17)

VMwareinDPM (1)

VMwareinDPM (2)

ADD VMWARE CREDENTIALS:

VMwareinDPM (3)

NOTE: This is an agentless backup. DPM does not install and agent here. It only connects to the VMWare host.

ADD VMWARE SERVER TO DPM:

VMwareinDPM (4)

VMwareinDPM (5) VMwareinDPM (6)

My VMWare server did not have a proper certificate. I had to add the following reg key:

DisableSecureAuthentication.reg
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Microsoft Data Protection Manager\VMWare]
“IgnoreCertificateValidation”=dword:00000001

It worked after that.

PROTECTING VMS:

VMwareinDPM (8) VMwareinDPM (9)

You can add a single VM as shown in the following screenshot.

VMwareinDPM (10)

Or set the protection to Auto.

VMwareinDPM (11)

If set to auto VM’s that are added to this host will automatically be protected.

There was no downtime during the protection of the VMWare VMs.

VMwareinDPM (12)

RECOVERING VMS:

You can see we can recover VM’s just like we can with Hyper-V.  You need to click on the VM folder to make the Recover option show.

VMwareinDPM (13)

If you click on a VM you will see the .vmdk files and can recover them.

VMwareinDPM (14)

The rest of the recovery process is the same as recovering a VM in Hyper-V.

VMwareinDPM (15) VMwareinDPM (16)

That concludes this post! Enjoy your ability to protect VMware with DPM.

Read More

WordPress as front-end for Azure Automation

With Azure Automation there are cases where you will need to have a form that end users can go fill out to kick off an automation runbook. Back with System Center Orchestrator we could use Service Manager’s self-service portal as the front end for our automations. This was a solution that worked well. With Azure Automation we do not have that luxury at least not yet we don’t. There is a community based Azure automation webhook Service Manager (SCSM) connector in the works. One of my colleagues Rob Plank is a part of this project and says it should ready to release very soon. This connector will allow you to use the SCSM portal as the frontend of Azure Automation via webhooks, know when a webhook expires, and see a runbooks job status. Here are some teaser screenshots of the  connector.

image001

image002

There also are a few posts out there on how to leverage other platforms as the frontend for Azure Automation these are “how to use SharePoint as the frontend of Azure Automation” by Anders Bengtsson and “how to use an ASP website as the frontend to Azure Automation” by a friend of mine and fellow Microsoft MVP Florent Appointaire. Well in this post I am going to show you how to use the popular platform WordPress as the frontend for Azure Automation. The cool thing here is that this is another instance of showcasing the ability to utilize Microsoft and Open Source technologies together. 🙂

Here are the steps at a high level

  • Have an Azure Automation account on Azure
  • Setup your runbook/s in Azure Automation
  • Setup a webhook on your runbook/s in Azure Automation
  • Have a WordPress instance
  • Install Ninja Forms plugin in the WordPress instance
  • Install the Webhooks add on for Ninja Forms
  • Setup your runbook frontend form/s
  • Configure the runbook frontend form/s to connect to the Azure Automation webhook

Let’s get started!

Step 1: Have an Azure Automation account on Azure

To get started with Azure Automation go here: https://azure.microsoft.com/en-us/documentation/articles/automation-intro. I am not going to cover this within this blog post.

Step 2: Setup your runbook/s in Azure Automation

For this testing this scenario and this post I grabbed a couple of Azure Automation runbooks built by the Microsoft AzureAutomationTeam and made available in the Azure Automation Runbook Gallery. These runbooks start and stop Azure virtual machines.

Runbook #1 Name:

Start-AzureV2VMs

Description:

This runbook connects to Azure and starts all VMs in an Azure subscription or resource group.

Runbook #2 Name:

Stop-AzureV2VMs

Description:

This runbook connects to Azure and stops all VMs in an Azure subscription or resource group.

Both runbooks have two parameters they need. These are:

param (

[Parameter(Mandatory=$false)]

[String]  $AzureConnectionAssetName = “AzureRunAsConnection”,

[Parameter(Mandatory=$false)]

[String] $ResourceGroupName

We need to pay attention to these when setting up the webhooks and these often become your fields on your front end form.

Step 3: Setup a webhook on your runbook/s in Azure Automation

Here are the steps to setup a webhook for an Azure Automation Runbook.

First off make sure your runbook/s are in a published authoring status.

image003

Within https://portal.azure.com Navigate to

YOURAZUREAUTOMATIONACCOUNT

Runbooks

YOURRUNBOOK (Start-AzureV2VMs)

Webhooks

From here click on the Add Webhook button.

image004

The Add Webhook blade will fly out. Here you will want to click on Create new webhook to make the next blade flyout.

Here you need to give your webhook a name, set to enabled, set when it will expire and COPY THE URL TO A SAFE PLACE.

NOTE: You will not be able to access the webhook URL after this.

image005

Click OK.

Next you need to click on Configure parameters and run settings. This is where you set the parameters from the runbook.

If your parameters are required you have to set them here. If they are optional you can leave them blank here and pass the data into the runbook from the frontend form via a $WebhookData object.

In my case I put AzureRunAsConnection directly in the webhook. I created a credentials asset in Azure Automation with the account containing the needed permissions to perform the actions from the runbook in my Azure account (Start/Stop VM’s).

I left the resourcegroupname blank as I will pass this in from the front end form. I left the Run Settings to run on Azure as I do not have a Hybrid Worker setup.

NOTE: A Hybrid Worker lets you run automation runbooks on premises in your data center.

image006

One you have the Webhook and parameters configured click on the Create button to actually create the webhook.

image007

You will now see your new webhook in the webhooks blade.

image008

Note that if you click on a webhook you will not see the URL. You can enable or disable the webhook, see when it expires, and access the parameters. This is shown in the following screenshot.

image009

Step 4: Have a WordPress instance

You can host WordPress on WordPress.org on a hosting account, internally or even on Azure. Here is a link to a tutorial on how to run WordPress on Azure. https://azure.microsoft.com/en-us/documentation/articles/app-service-web-create-web-app-from-marketplace.  I am not going to cover how to setup a WordPress instance within this blog post.

Step 5: Install Ninja Forms plugin in the WordPress instance

Here are the steps to install Ninja Forms WordPress plugin.

From within the WordPress admin dashboard click on Plugins.

Click on Add New.

image010

Search for Ninja Forms. Click on the Install button to add the plugin. Make sure you activate the plugin.

image011

You also could manually download and upload the plugin or load it directly into the plugins directory. I have shown you the steps for the easiest way to install it.

The Ninja Forms plugin page can be found here:

https://wordpress.org/plugins/ninja-forms

Step 6: Install the Webhooks add on for Ninja Forms

The Webhooks for Ninja Forms add on can be found here:

https://ninjaforms.com/webhooks-for-ninja-forms

This add on has to be purchased. It is $39 by itself for 1 WordPress instance.

After you buy it you will get the files for download. Again from within the WordPress admin dashboard click on Plugins.

Click on Add New. This time click on the Upload Plugin button and browse to your downloaded Webhooks for Ninja Forms zip folder.

After it is uploaded be sure to activate it.

The final step is to install the license for the add on. To do this Click on Forms>Settings>Licenses and input the key that Ninja Forms sent in the Webhooks Key field. Click on Save & Activate.

image013

Step 7: Setup your runbook frontend form/s

Next we need to build the actual form. To do this follow the list of steps.

Click on Forms>Add New. Give your form a Title.

Add a Textbox and put in the label of ResourceGroupName.

I like to make it Required.

image014

Add a Submit button to your form. I labeled it Start.

image015

In the following screenshot is what the form looks like. Note that I have both forms loaded on the same page.

image016

Step 8: Configure the runbook frontend form/s to connect to the Azure Automation webhook

Now is the last step. This is the step in which we configure the form to send data to the Auzre Automation webhook upon submission. This is doing it via POST method.

When editing the form click on the Email & Actions tab. Click on the Add New button.

Give this Action a name.

In the Type dropdown select Webhook.

Enter the Azure Automation webhook URL in the Remote Url field.

Select Post for the Remote Method.

For Args select enter the name of and select the field from your form of the parameters you need to send to the Azure Automation runbook.

You can see this all represented in the following screenshot.

image017

One of the cool things about this solution is we can test the webhook action before actually submitting it to make sure it will work as expected. This testing can be turned on by checking the Run in Debug Mode field. I have highlighted this in the screenshot in green. Checking this box and submitting the form will show debugging information like data sent and response.

Here is an example of what the result in Debug mode will look like:

image018

Make sure you uncheck the Run in Debug Mode field when you are ready to actually start your runbook/s.

Now let’s see what this looks like in Azure Automation when we submit the form.

I have a resource group named 6716vm with one VM in it named 6716vm. So I will enter 6716vm on the form. 6716vm will be passed to the runbook as the resourcegroupname.

image019

You can see the job running in Azure now.

image020

Within the job if you click on Input you can see it has 2 inputs. One is Webhookdata. This is where the 6716vm is located. The other is the Azureconnectionassetname. Remember we hardcoded this into the webhook itself. We can also see in the following screenshot that the job completed.

image021

If we look further at the webhookdata we can see several interesting things. We can see exactly where it put the 6716vm parameter for the resourcegroupname and we can see that this request came from my blog at www.buchatech.com.

image022

{“WebhookName”:”WPhook1″,”RequestBody”:”ResourceGroupName=6716vm”,”RequestHeader”:{“Accept”:”*/*”,”Accept-Encoding”:”deflate; q=1.0″,”Host”:”s1events.azure-automation.net”,”User-Agent”:”WordPress/4.5.3; http://www.buchatech.com”,”x-ms-request-id”:”0ae47ca6-46a4-4ba7-902e-6d33840add75“}}

Pretty cool right? Check out the VM now running:

image023

Now to shut it down I can go back to my WordPress and use the Stop Azure VM form. The possibilities here are endless. I know some of you may be thinking this is great but what if I want to control who can login to see this form and will it work with Active Directory. The answer is YES. WordPress has several plugins that integrate with Active Directly and even have SSO. A couple of these are Active Directory/LDAP Login for Intranet sites and Active Directory Integration. 

You can see that WordPress can make a great frontend for your Azure Automation runbooks. That is the end of the post. Happy automating!

Read More