As part of AIS Managed Services, we provide proactive management and reactive support of infrastructure and applications at a predictable monthly cost. Recently, during a routine infrastructure health check, we noticed that Azure was failing to take backups for a particular virtual machine. Why?
The client is a medium-sized outdoor equipment vendor. For this enterprise customer, we have configured Azure Recovery Services to take a daily backup of all the virtual machines in the production environment. The environment is set up with four domain controllers. Two of them are hosted in Azure while the other two are hosted on-premises. All domain controllers are running Windows Server 2008 R2. Both domain controllers hosted in Azure have 120GB System Drives attached to them, with only Active Directory Domain Services and DNS Server roles present on the server. Read More…
I had the opportunity to attend the first Azure Government HackFest & Training on June 7 and June 8, 2017 with several of my AIS colleagues (Jonathan Eckman, Nicolas Mark, and Brian Rudolph) and it did not disappoint. This event was a great opportunity for me personally to learn more about Azure and spend some time applying that new information to work on an interesting problem. I know that many of you might be considering attending another HackFest, so I wanted to take some time to tell you about the event and what I learned. I also wanted to give you a few tips if you attend one of these in the future.
Day One started off with a number of training/knowledge-sharing sessions with the Microsoft Azure Government Engineering Team, providing an overview of Azure Gov, Security, Lift and Shift, Azure HDInsight, and Cognitive Services. The information provided was detailed enough that it wasn’t marketing material, but not so deep to be too difficult for general IT pros to grasp. Kudos to those that presented from the Microsoft Azure Engineering Team! Read More…
AIS is proud to announce we’ve officially joined the Microsoft FastTrack for Azure program! Microsoft FastTrack for Azure provides direct assistance from Microsoft and a Microsoft partner to help customers build their desired cloud-based solutions with maximum speed and confidence. AIS will work side-by-side with Microsoft engineers to guide our mutual customers from setup, configuration, and development to production, focusing on the following Azure solutions:
The FastTrack program will guide you through the three key phases of a successful cloud journey: Envisioning, onboarding, and deployment to quickly realize the business benefits of moving to Azure. It’s a process we here at AIS know very well, so we’re looking forward to helping even more customers take their first steps into the cloud.
At the Microsoft BUILD 2017 Day One keynote, Harry Shum announced the ability to customize the vision API. In the past, the cognitive vision API came with a pre-trained model. That meant that as a user, you could upload a picture and have the pre-trained model analyze it. You can expect to have your image classified based on the 2,000+ (and constantly growing) categories that the model is trained on. You can also get information such as tags based on the image, detect human faces, recognize hand-written text inside the image, etc.
But what if you wanted to work with images pertinent to your specific business domain? And what if those images fall outside of the 2,000 pre-trained categories? This is where the custom vision API comes in. With the custom vision API, you can train the model on your own images in just four steps: Read More…
Azure Role-Based Access Control (RBAC) offers the powerful ability to accord permissions based on the principle of “least privilege.” In this short video, we extend the idea of Azure RBAC to implement a JIT (just in time) permission control. We think a JIT model can be useful for the following reasons:
1) Ability to balance the desire for “least privilege” with the cost of managing an exploding number of fine-grained permission rules (hundreds of permission types, combined with hundreds of resources).
2) Allow coarse-grained access (typically DevOps teams need access to multiple services) that is “context aware” (permission is granted during the context of a task).
Of course JIT can only be successful if its accompanied with smart automation (so users have instant access to permissions that they need and when they need them).
Interested? Watch this 15-minute video that goes over the concepts and a short demonstration of JIT with Azure RBAC.
The microservice architecture has been very popular in the industry past few years and we’re learning about the successful adoption of this architecture. The higher rate of architecture style adoption is due to the echo system that’s evolved around this architecture and benefits realized by the organizations. In this blog post, I’ll introduce the microservice, walk through steps to build more of a “Hello World” stateless microservice using the Microsoft Service Fabric, and deploy the microservice to local service fabric environment.
Before we dive in to the building of the stateful microservice let’s look at the basics of the microservice, purpose and types of microservice. Read More…
Microsoft has over a thousand Virtual Machine images available in the Microsoft Azure Marketplace. If your organization has their own on-premises “Gold Image” that’s been tailored, hardened, and adapted to meet specific organizational requirements (compliance, business, security, etc.), you can bring those images into your Azure subscription for reuse, automation, and/or manageability.
I recently had the opportunity to take a client’s virtualized Windows Server 2008 R2 “Gold Image” in .OVA format (VMware ), extract the contents using 7-Zip, run the Microsoft Virtual Machine Converter to create a VHD, prepare and upload the VHD, and create a Managed Image that was then deployed using PowerShell and an Azure Resource Manager Template.
Part 3: Azure Automation, Azure RunBooks, and Octopus Deploy
With just PowerShell and an Azure ARM template, we can kick off a deployment in just a few minutes. But there are still some manual steps involved – you still need to login to your Azure subscription, enter a command to create a new resource group, and enter another command to kick off a deployment. With the help of an Azure automation account and a platform called Octopus Deploy, we can automate this process even further to a point where it takes as little as three clicks to deploy your whole infrastructure! Read More…
After you’ve created your template, you can use PowerShell to kick off the deployment process. PowerShell is a great tool with a ton of features to help automate Azure processes. In order to deploy Azure ARM Templates with PowerShell, you will need to install the Azure PowerShell cmdlets. You can do this by simply running the command Install-Module AzureRM inside a PowerShell session.
Check out this link for more information on installing Azure PowerShell cmdlets. PowerShell works best on a Windows platform, although there is a version now out for Mac that you can check out here. You can also use Azure CLI to do the same thing. PowerShell and Azure CLI are quick and easy ways to create resources without using the Portal. I still stick with PowerShell, even though I primarily use a Mac computer for development work. (I’ll talk more about this in the next section.) Read More…
Early in my web development career, I always tried to avoid deployment work. It made me uneasy to watch other developers constantly bang their heads against their desks, frustrated with getting our app deployed to whatever cloud service we were using at the time. Deployment work became the “short straw” assignment because it was always a long, unpredictable and thankless task. It wasn’t until I advanced in my tech career that I realized why I felt this way.
My experience with deployment activities, up to this point, always involved a manual process. I thought that the time it took to set up an automated deployment mechanism was a lot of unnecessary overhead – I’d much rather spend my time developing the actual application and spend just a few hours every so often on a manual deployment process when I was ready. However, as I got to work with more and more experienced developers, I began to understand that a manual deployment process is slow, unreliable, unrepeatable, and rarely ever consistent across environments. A manual deployment process also requires detailed documentation that can be hard to follow and in constant need of updating.
As a result, the deployment process becomes this mysterious beast that only a few experts on your development team can tame. This will ultimately isolate the members of your development team, who could be spending more time working on features or fixing bugs related to your application or software. Although there is some initial overhead involved when creating a fully automated deployment pipeline, subsequent deployments of the same infrastructure can be done in a matter of seconds. And since validation is also baked into the automated process, your developers will only have to devote time to application deployment if something fails or goes wrong.
This three-part blog series will serve to provide a general set of instructions on how to build an automated deployment pipeline using Azure cloud services and Octopus Deploy, a user-friendly automation tool that integrates well with Azure. It might not detail out every step you need, but it will point you in the right direction, and show you the value of utilizing automated deployment mechanisms. Let’s get started. Read More…