Tech Reviewer – Free Azure Strategy and Implementation Guide, Third Edition

Towards the end of 2019, I had the opportunity to be the sole Tech Reviewer on an Azure Azure Strategy and Implementation Guide. This is the third edition of this guide so it has really current Azure information. It was authored by former MVP and now Microsoft trainer Peter De Tender (@pdtit) and others.

This guide gives a step by step introduction to using Azure for your cloud infrastructure. The guide also covers an overview of Azure benefits and best practices for planning your migration, assistance with cloud architecture and design choices, and insight on how to manage and optimize your new cloud environment.

The best part is that this guide is free! Get your copy here:

https://azure.microsoft.com/en-us/resources/azure-strategy-and-implementation-guide-third-edition

Read More

Cloud Governance, Bringing Order To Your Cloud Chaos – Podcast

Recently I was a guest on the “Day Two Cloud” podcast hosted by fellow Microsoft MVP/Pluralsight author Ned Bellavance.

We talked about how native Azure governance & management tools Azure Policy, Tagging, and Blueprints can be used to bring order to your cloud environments. Listen now here:

Check it out here:

https://packetpushers.net/podcast/day-two-cloud-033-cloud-governance-bringing-order-to-your-cloud-chaos

Read More

Master Azure with VS Code

At Experts Live Europe 2019 I presented a session titled “Master Azure with VS Code”. This was a fun session with an engaging audience that took to twitter after the session. There was some chatter asking this session was recorded. It was not. I did note that I planned to write a blog post on this topic.

Here is that blog post and it is the first one of 2020 for me! In this post, we are going to dive into how VS code is helpful when working with Azure and many extensions I find useful when working with Azure. This post is not set to be an end-all to using VS Code with Azure but from my experience. Use this post as a starting point or a reference for expanding your use of VS Code with Azure. Also, check out the many other community experts and Microsoft MVPs for their additional knowledge plus tips and tricks on this topic.

VS Code Overview

First off if you are not using VS Code stop reading this right now, go download it and install it then come back to finish reading. 🙂 VS Code is a must-have in your toolbox and it is free! For those that are new to VS Code, it is an open-source – code editor developed by Microsoft that runs on Windows, Linux, and macOS. Here is a shortlist of the many benefits of VS Code:

  • Has support for hundreds of languages.
  • Has Integrated Terminal.
  • Also powerful developer tool with functionality, like IntelliSense code completion and debugging.
  • Includes syntax highlighting, bracket-matching, auto-indentation, box-selection, snippets, and more.
  • Integrates with build and scripting tools to perform common tasks making everyday workflows faster.
  • Has support for Git to work with source control.
  • Large Extension Marketplace of third-party extensions.

Note that yes, VS Code is for the “IT Pro”. Not just developers.

Azure Extensions in VS Code

VS Code has a ton of extensions in general. There are a number of Azure specific extensions and you can work with Azure directly from VS Code.

If you go to the VS Code Marketplace here: https://marketplace.visualstudio.com/vscode and search on Azure you will see results for many published by Microsoft and many community based extensions for Azure. As of the time of writing this blog post, there are 93. Here is a screenshot showing some of the results:

You can also go directly to the Azure Tools extension from Microsoft here: 

https://marketplace.visualstudio.com/itemdetails?itemName=ms-vscode.vscode-node-azure-pack

Or the

Azure Extensions from Microsoft here:

https://code.visualstudio.com/docs/azure/extensions

In the rest of this post, I am going to share some key extensions I use with Azure. I will post the marketplace links at the end of each extension I talk about and if it is maintained by community or Microsoft.

Deploy to Azure using VS Code

It is important to note that not all of the Azure extensions available in VS Code can be used to deploy to Azure. Some can but most can’t here is a list of the services that you can deploy to from extensions in VS Code.

Azure Service Description
Azure Functions Build and manage Azure Functions serverless apps directly in VS Code with the Azure Functions extension.
App Service Manage Azure resources directly in VS Code with the Azure App Service extension.
Docker Deploy your website using a Docker container.
Azure CLI Create, deploy, and update a website using a terminal and the Azure CLI.
Static website Create, deploy, and update a static website on Azure Storage.

NOTE: This list is current at the time of writing this blog post. This will change over time.

Azure Cloud Shell in VS Code

Cloud Shell is something you should be using with Azure to make your life easier. It is an interactive command-line shell. You are authenticated to your Azure account when you launch it, It typically runs in the browser and is used for managing Azure resources. When you launch it you can choose the shell experience that best for you, either Bash or PowerShell. With VS Code you can launch Cloud Shell directly in VS Code!

Cloud Shell is a part of the Azure Account extension. Here are some key points on using Cloud Shell with VS Code:

  • Free (storage consumed has costs.)
  • Launch Azure Cloud Shell directly in VS Code.
  • Launch Bash, PowerShell, or Upload.
  • Works in the Integrated Terminal.

Azure and open-source Tooling in Cloud Shell:

Azure Tools:
blobxfer Azure CLI and Azure classic CLI Azure Functions CLI AzCopy Service Fabric CLI Batch Shipyard  
Open-Source:
Bash Terraform Packer Ansible Chef InSpec Puppet Bolt Docker Kubectl Helm DC/OS CLI iPython Client Cloud Foundry CLI

PowerShell Modules in Cloud Shell

You get the following PowerShell modules in Cloud Shell:
Azure Modules (Az.Accounts, Az.Compute, Az.Network, Az.Resources, Az.Storage)
Azure AD Management (Preview)
Exchange Online (In development)
MicrosoftPowerBIMgmt
SqlServer

Marketplace Link:

Azure Account: https://marketplace

Maintained By Microsoft

Read More

First Pluralsight Course Published – Azure DevOps Engineer: Optimize Feedback Mechanisms

I am very excitied because this past weekend my first Pluralsight course was published! It is titled “Microsoft Azure DevOps Engineer: Optimize Feedback Mechanisms“.

This course is a part of the AZ-400 path for the AZ-400: Microsoft Azure DevOps Solutions certification to become a Microsoft Certified: Azure DevOps Engineer Expert. 

In this course you will be prepared to use Azure Monitor, including Application Insights and Log Analytics to monitor and optimize your web applications.

Also in this course, Microsoft Azure DevOps Engineer: Optimize Feedback Mechanisms, you’ll learn how to monitor and optimize your web applications. First, you’ll learn how to use Application Insights and Log Analytics. Next, you’ll explore analyzing alerts and telemetry data. Finally, you’ll discover how to perform tuning to reduce noise. When you’re finished with this course, you’ll have the foundational knowledge of how to use Azure Monitor to optimize feedback mechanisms and improve your web application.

Check out my course here: https://www.pluralsight.com/courses/microsoft-azure-optimize-feedback-mechanisms

Please follow my Pluralsight author page here: https://app.pluralsight.com/profile/author/steve-buchanan

By following my author page you will get future updates as I publish more content. I am just getting started and will have more courses on the Pluralsight platform soon!

 

Read More

Speaking at Experts Live Europe 2019

Next week I will travel across the pond again to speak at Experts Live Europe 2019. I am excited to reunite with many friends and fellow Microsoft MVPs in the Microsoft community. I am honored to be a part of this conference again. I will be speaking about Azure, participating in Ask the Experts as a cloud expert, and will sit on an Azure Stack Hub panel.

Here are the details for the sessions I will be a part of:

Master Azure with VS Code

22nd of November, 3:30pm – 4:20pm

Description

There are many ways to work with Azure and its services including the: Azure portal, CloudShell, Azure CLI, and Azure REST APIs. And there are even more tools to choose when it comes to working with other services on Azure such as Docker, Kubernetes and more. It can be overwhelming to decipher what Azure tool to use for your day-to-day Azure administration and deployment.

VS Code to the rescue!!!! You can deploy and administer Azure and supporting services direct from VS Code through the plethora of extensions built for Azure. These extensions can be used to work with ARM Templates, Storage, App Service, Docker, Azure Kubernetes Service, Functions, Logic Apps, Event Hub, Cosmos DB, and more. Also, VS Code brings CloudShell directly in so you can work from a single tool!

Azure Stack Experts Panel

21st of November, 5:00pm – 5:50pm

Description

Join this global list of Azure Stack Experts for an open question and answer session as we discuss real-world scenarios.

Fellow panelists include: Kristopher Turner Global Azure Stack Hub CSA, Dino Bordonaro Microsoft Azure MVP, and Thomas Maurer Cloud Advocate at Microsoft. 

Check out the sessions here: https://www.expertslive.eu/agenda

Shout out to Marcel and Isidora the folks behind the conference!

Read More

New Azure Kubernetes Service (AKS) book coming soon

These days the growth of Kubernetes is on fire! Azure Kubernetes Service (AKS) Microsoft’s managed Kubernetes offering is one of the fastest-growing products in the Azure portfolio of cloud services with no signs of slowing down. For some time me and two fellow Microsoft MVPs Janaka Rangama (@JanakaRangama) and Ned Bellavance (@Ned1313) have been working hard on an Azure Kubernetes Service (AKS) book. We are excited that the book has been finished and is currently in production. The publisher Apress plans to publish it on December 28th, 2019.

Besides my co-authors, we had additional rock stars to help with this project. For the Tech Review, we had the honor to work with Mike Pfeiffer (@mike_pfeiffer) Microsoft MVP, Author, Speaker, CloudSkills.fm podcast and Keiko Harada (@keikomsft) Senior Program Manager – Azure Compute – Containers. Shout out to them and huge thanks for being a part of this!

We also had the honor of the foreword being written by Brendan Burns (@brendandburns) Distinguished Engineer at Microsoft and co-founder of Kubernetes. A shout out to him and a world of thanks for taking the time to help with this project!

Books like this are only possible with a great team of people contributing to them. The book is titled “Introducing Azure Kubernetes Service: A Practical Guide to Container Orchestration” and can be pre-ordered here: https://www.amazon.com/gp/product/1484255186 or here: https://www.apress.com/gp/book/9781484255186. Here is the cover:

In this book, we take a journey inside Docker containers, container registries, Kubernetes architecture, Kubernetes components, and core Kubectl commands. We then dive into topics around Azure Container Registry, Rancher for Kubernetes management, deep dive into AKS, package management with HELM, and using AKS in CI/CD with Azure DevOps. The goal of this book is to give the reader just enough theory and lots of practical straightforward knowledge needed to start running your own AKS cluster.

For anyone looking to work with Azure Kubernetes Service or already working with it, this book is for you! We hope you get a copy and it becomes a great tool you can use on your Kubernetes journey.

Again you can get the book here: https://www.amazon.com/gp/product/1484255186

Read More

Speaking on Azure DevOps at BITCon 2019

BITCon is back in Minnesota this year. The event is shaping up to be another great one! This year BIT locked in the mayor of Minneapolis to keynote one of the days!

The conference also has a new website. The new website is https://bitcon.tech. It will be held at multple locations again through Minneapolis and Saint Paul.

I have the honor to speak at the event again. I will be giving one session and will potentially sit on a panel.

Here is the information on my session:

When:
Friday, October 11 • 1:45pm – 3:00pm

Title:
Azure DevOps + VS Code + Teams = Perfect Match

Description:
For anyone getting started with or already working with Azure managing your cloud environments through Infrastructure as Code (IaC) with ARM Templates at some point is guaranteed.

There are many extensions available to optimize VS Code for an enhanced ARM Template authoring experience. Discover how to integrate your Azure DevOps CI/CD pipeline with Teams for enhanced collaboration across your DevOps team. Get updates directly in a Teams channel for commits, pull requests, and learn how to work with an Azure DevOps Kanban board directly from Teams.

Come to this session and see why Azure DevOps + VS Code + Teams = Perfect Match.

What you will learn:

  • About the various ARM Template related extensions in VS Code
  • How to integrate Microsoft Teams with Azure DevOps

A few months back I blogged about Azure DevOps and Teams intergration here. It was a popular blog so I decided to turn this into a presentation with demos!

Here is a direct link to my session:

https://bitcon2019.sched.com/event/TCh8/azure-dev-ops-vs-code-teams-perfect-match

If you are attending BITCon 2019 be sure to check out my session!

Read More

Walk-through: use Azure Policy modify effect to require tags

In my day to day I do cloud foundations work helping companies with their Azure governance and management. On projects we will develop a tagging strategy. A tagging strategy is only good if it is actually used.  One way to ensure that tags are used is by using Azure Policy to require tags on resource groups or resources.

In the past I have used the deny effect in an Azure Policy to require tags upon resource creation. I basically use the template as previously blogged about here: http://www.buchatech.com/2019/03/requiring-many-tags-on-resource-groups-via-azure-policy. This policy works but can be a problem because the error that is given when denied during deployment is not clear about what tags are required. Also, folks think it is a pain and slows down the provisioning process.

I set out to require tags using a different method. The idea was to use the effect append vs deny so that resources without the proper tags would be flagged as non-compliant and the policy would add the required tags with generic values. Someone from the cloud team could then go put in the proper values for the tags bringing the resources into compliance. Th end result was that the effect append does work remediating with a single tag but falls down when trying to remediate using multiple tags.

I discovered that this behavior was intended and that the append effect only supports one remediation action (i.e. one tag). On 9-20-19 Microsoft updated the modify effect so that Modify can handle multiple ‘operations’ – where each operation specifies what needs to be remediated.

Now let’s walk through using the modify effect in an Azure Policy to add multiple tags on a resource group.

You will need to start off by coding your Azure Policy definition template. There are three important parts you need to ensure you have in template. You need to have modify effect for the proper effect, roleDefinitionIds as this is the role that will be used by the managed identity set as contributor, and operations to tell Azure policy what to do when remediation out of compliance resources.

"effect": "modify",

and

"roleDefinitionIds": [
            "/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"

and

 "operations": [
            {
            "operation": "addOrReplace",

Here is a screenshot of the template.

You can get the full Azure Policy definition ARM Template on my GitHub here:

Required Tags Azure Policy Modify Effect.json

Add the ARM template as a new policy definition in the Azure portal.

See the following screenshot to complete your Azure policy definition.

Click for larger image

You will then see your new Azure policy definition.

Next, you need to assign the Azure policy definition. To do this click on Assignments.

See the following screenshot to complete your Azure policy assignment.

Click for larger image

Note that this policy assignment will create a managed identity so that the policy has the ability to edit tags on existing resources.

The assignment will now be created but the evaluation has not happened so the compliance state will be set to not started as shown in the following screenshot.

Read More

Azure VM VNet to VNet Migration Script

Moving an Azure VM from one virtual network (VNet) to another VNet is not a new problem. If you find yourself having to do this just know it is a pain. Anyone that has faced the Vnet-to-Vnet VM Move conundrum before knows that moving a VM to another subnet is a trivial task and would think a VM move to another VNet would be the same. However, when it comes to moving a VM to a new VNet there is no supported way to do this from Microsoft and that is by design. There are some workarounds to moving a VM to a new VNet but in the end these boil down to redeploying the VM. When moving a VM to a new VNet you will need to plan for downtime.

In this blog post, I am not going to go through the steps of the workarounds for moving a VM to a new VNet. There are plenty of other blog posts out there covering how to do this manually or using ASR. If you want to read up on this there is one article I keep bookmarked by Microsoft MVP Tim Warner that you can find here. In this blog post, I am going to share and talk about a PowerShell script I pulled together to make the Vnet-to-Vnet VM Migration less painful by automating it. Download link is at the end of this blog post. I put together the script to work with PowerShell 5 using the AzureRM Module and one that works with PowerShell 7 (Core) using the AZ module.

Again, in general, the script is not moving the VM. The script is facilitating a migration of sorts by creating a new VM in new VNet while retaining the original VMs configuration and data disks. Here are the steps that are performed in the script:

(1) Gathers info on existing VM, VNet, and subnet.
(2) Removes the original VM while saving all data disks and VM info.
(3) Creates VM configuration for new VM, creates nic for new VM, and new availability set.
(4) Adds data disks to new VM, adds nics to new VM, adds VM to the new VNet.
(5) Creates new VM and adds the VM to the new VNet.

Let’s look at some other general information about the script. The script is a single script that has code for both PowerShell 5 using the AzureRM Module and PowerShell 7 (Core) using the AZ module. When you run the script it prompts you to choose what Azure module you are using. The script is interactive so it will prompt you to log in and prompt you for your Azure subscription in case you are running multiple subscriptions. The script is intended to migrate a single VM. It assumes the VM is deployed into an availability set and will migrate to a new availability set or in the existing availability set. You can also migrate to a new resource group or place the new VM in the existing resource group. Ok. Let’s dive into running the script. Here is a walk-through of running the script.

Open PowerShell and run Vnet-to-Vnet VM migration.ps1.

You will first be prompted for the following information:

Enter the Resource Group of the original VM:
Enter the original VM name:
Enter the new VM name:
Enter the new availability set name:
Enter the new VNet resource group:
Enter the new VNet name:
Enter the new Subnet name:

Next, you will be prompted to select your PowerShell version and Azure module as shown in the following screenshot.

The main differences between PowerShell 5 using the AzureRM Module and PowerShell 7 (Core) using the AZ module are the interactive login methods as well as cmdlets. Here are screenshots of the different logins.

PowerShell 5 with AzureRM Module:

A window will pop up for you to log into your Azure account.

Next a grid will pop up for you to select your subscription from the list.

PowerShell 7 (Core) with AZ module:

A warning will pop up prompting you with the device login info. To log into Azure go to https://microsoft.com/devicelogin and entering the code the warning gave you as shown in the screenshot.

List of your subscriptions will output. Go ahead and copy the subscription ID you plan to use. NOTE* Ignore this if you only have one subscription.

You are prompted to enter your subscription ID. This is to set the PowerShell session to the specified Azure subscription.  Again ignore this if you only have 1 subscription. Note if you leave it blank and click enter it will error. Even with the error, it will finish the rest of the script just fine.

Next in both PS 5 or PS 7 you will see the following prompt confirming that you want to remove the specified original VM. Confirm yes and press enter.

Virtual machine removal operation
This cmdlet will remove the specified virtual machine. Do you want to continue?
[Y] Yes [N] No [S] Suspend [?] Help (default is “Y”): Y

NOTE* the rest of the script will run. It will take a while so be patient. As it runs you should see some output similar to this:

OperationId : a4299a3f-ea34-4c22-ba71-f6cc42ebbdff
Status : Succeeded
StartTime : 9/9/2019 5:33:14 PM
EndTime : 9/9/2019 5:50:30 PM
Error :

||
||

WARNING: Since the VM is created using premium storage or managed disk, existing standard storage account, diagstwfyhhi3jyz54e, is used for boot diagnostics.
VERBOSE: Performing the operation “New” on target “VMMove012”.

When it is all said and done if it was successful you will see:

RequestId :
IsSuccessStatusCode : True
StatusCode : OK
ReasonPhrase : OK

That’s it. Now go into the Azure portal and you will see that your VM is moved to a new VNet and will have the data disks still. Check out the following screenshots for an example showing what the resource groups look like before and after the script runs.

Before

After

I have used this script and it has saved me time and avoid a headache. The goal is this will be useful for others as well. You can download the version of the script released with this blog post here: https://gallery.technet.microsoft.com/VM-VNet-to-VNet-Migration-a7308ca2

If you want to contribute and enhance the script check it out on GitHub here: https://github.com/Buchatech/Azure-VM-VNet-to-VNet-Migration-Script

Read More

Azure DevOps & Teams Integration = perfect match

 Recently Microsoft announced they have 13 million daily users in Teams outpacing Slack. You can read about this announcement here:  https://www.theverge.com/2019/7/11/20689143/microsoft-teams-active-daily-users-stats-slack-competition. There are many reasons Microsoft Teams has seen tremendous growth since its launch. I use Teams daily across all of my projects. In this post, I am going to write about one that has been exciting and useful for me. In this post, I am going to explore the integration with Microsoft Teams and Azure DevOps.

Are you working on Azure? If so, you are probably working with ARM Templates for Infrastructure as Code (IaC). Azure DevOps can help you centralize DevOps teams IaC ARM Templates. In addition, you will want to use VS Code and Microsoft Teams. There are many extensions in VS Code for ARM Templates. With Teams, you can integrate with Azure DevOps to track commits, pull requests, and even 2-way integration with Kanban boards.

Within Microsoft Teams you can add what is called “Apps”. These Apps are how you extend Teams and or integrate with other systems. This is how you integrate with Azure DevOps. Before we dive into this there are two important prereqs to note.

#1 You can only integrate a Teams channel with Azure DevOps when they both exist in the same Azure Active Directory tenant organization.

#2 Your Teams needs to be a part of an Office 365 account. The free version of Teams does have an Azure Pipelines app but does not have the Azure DevOps app that gives you full 2-way integration. The Azure Pipelines app is for notifications while the Azure DevOps app is for full collaboration.

Here are the high-level steps to integrate a Teams channel with the Azure DevOps App.

In your Teams channel go to Manage Team and then click on Apps.

Click on More Apps.

Search for Azure DevOps and click on it.

Input your Teams channel in the field next to Add to a team and then click on Install. This will load the Azure DevOps app into your teams’ channel. Note this needs to be done for each teams’ channel if you want this integration across multiple channels.

Next click the Set up button next to the feature you want to configure and use. The following screenshot shows the 3 features available. 

Read More