Azure Building Blocks – Like Legos™ for the cloud?

imageI thought this was an interesting announcement.  Yesterday Microsoft announced a new way to more-simply deploy Infrastructure-as-a-Service (IaaS) resources into Azure, along with a new command line tool to drive it with.  The tool is called Azure Building Blocks.  These building blocks are described as “a set of tools and Azure Resource Manager templates that are designed to simplify deployment of Azure resources.” 

“But isn’t that what Azure Resource Manager templates are for?”

Absolutely, but apparently some people find the creation and management of the full templates a little too complex; especially when they only need to spin up some resources with basic best-practice or common default parameters.  “I just want a Windows Server VM.. I don’t want to have to define the storage type or network or all that.  Just do it.”  And so you’ll define your machine (or other resources) in a much simpler template (parameter) file that will be used to deploy it.  It’s “A tool for deploying Azure infrastructure based on proven practices.

“Cool!  How do I get started?”

Legos are awesome!The Azure Building Blocks page is where you should begin.  The tool claims to run equally well on Windows or Linux (or Bash on Windows, or even in the Azure Cloud Shell).  Fundamentally it requires you to have the newest Azure CLI installed, as well as Node.js installed in your shell of choice.  Then you install the tool with this command:

npm install -g @mspnp/azure-building-blocks

Verify that the tool installed by running “azbb”, and you should see a typical command usage and options displayed.

azbb default options

Once installed, you can start with a very simple template example.  Samples for various scenarios can be found here: https://github.com/mspnp/template-building-blocks/tree/master/scenarios

I’m going to try what looks to be the most simple of all VM samples: vm-simple.json.

This is the contents of that file:

{
    "$schema": "https://raw.githubusercontent.com/mspnp/template-building-blocks/master/schemas/buildingBlocks.json",
    "contentVersion": "1.0.0.0",
    "parameters": {
        "buildingBlocks": {
            "value": [
                {
                    "type": "VirtualNetwork",
                    "settings": [
                        {
                            "name": "simple-vnet",
                            "addressPrefixes": [
                                "10.0.0.0/16"
                            ],
                            "subnets": [
                                {
                                    "name": "default",
                                    "addressPrefix": "10.0.1.0/24"
                                }
                            ]
                        }
                    ]
                },
                {
                    "type": "VirtualMachine",
                    "settings": {
                        "vmCount": 1,
                        "osType": "windows",
                        "namePrefix": "jb",
                        "adminPassword": "testPassw0rd!23",
                        "nics": [
                            {
                                "subnetName": "default",
                                "isPublic": true
                            }
                        ],
                        "virtualNetwork": {
                            "name": "simple-vnet"
                        }
                    }
                }
            ]
        }
    }
}

That’s all there is to the file!  You can see pretty easily that this just creates a simple Windows Server 2016 VM, along with a supporting virtual network and subnet.  Interestingly, and I think this helps underscore one of the values of Azure Building Blocks, if I had set the vmCount to something other than 1, it would have created that many AND put them in an availability set for me.  Automagically.

Now, having saved that vm-simple.json file to my disk, and after I login to Azure…

az login

…I can run this command…

azbb -g testRG -s xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx -l westus -p .\vm-simple.json -deploy

…where the xxx-xxx’s are replaced by my Azure Subscription ID.  And since I ran the command while in the folder containing the vm-simple.json file, I only needed to use “.\” as the path to the file.

And after a few minutes, the Resource Group in the Azure portal looks like this:

image

You’re also given a couple of output files that contain the JSON which created the virtual network and the machine.  It was only after digging into one of these that I was able to see the default username used was “adminUser”.

For the full story, read the announcement here, and start learning and working through the tutorials here.

Azure Building Blocks

What do you think?  Let us know in the comments if you have any questions or rants. Smile

Save Money in Azure 3 New Ways

Cha-CHING!Microsoft has been on a tear recently in adding new options and capabilities in Azure.  The week was frantic with news, no-doubt due to the fact that Microsoft Ignite was happening.  And like all of you (particularly those of you who, like me, were unable to attend this year Sad smile), I’ve been trying to keep up with the news.  I’ll continue to sift through it all through the next week or two, and share what I think are the most interesting announcements here. 

One thing that hit me is that, now matter how hot you think it is today, the cloud competition is heating up more and more each day.  All major vendors are adding features and functions galore, for sure.  And they’re also adding new pricing models and options to make “the cloud” more appealing for various scenarios or customer types.  So, I thought in this article I’d briefly outline three new (or new-ish) ways that Microsoft is making Azure pricing more flexible, and even more affordable:

  1. Hybrid Cloud Usage Benefit
  2. Reserved virtual machine instances
  3. B-series burstable virtual machine sizes

The Hybrid

hybridsavingsAs you may know, when you are using IaaS in Azure, and creating a virtual machine, you pick an image that you want to base it on.  For example, if you want to run Windows Server 2016, you pick that image.  If you want to create an Ubuntu Server 16.04 LTS VM, that’s the image you pick.  You may have also noted that, even when run on the same VM size, the price of these machines is different. 

“Why?”

I’ll tell you why: Because the compute-hours you’re billed for the allocated-and-running machine includes the cost of the operating system license.  And, yes, Windows costs more than Linux.  Nice, huh? 

“But.. what if I already own a license for Windows Server?”

Bingo.  Windows Server license with Software Assurance is transferrable to Azure.  So if you already have the license, you can flip this switch.

HybridSwitch

Now your compute-hours will be greatly reduced because you’ll only be paying for the machine running, and not the OS running on it.

“But what if I’m not creating VMs from the Azure portal, but through the Azure CLI?  Or PoweShell?  Or an Azure Resource Manager template?”

Of course.  There is a new “LicenseType” parameter that defaults to “None”, but can be set to “Windows_Server” to basically say, “I solemnly swear that I own the properly transferrable license for this new machine.”

In Azure CLI it looks like this:
az vm create … –license-type Windows_Server

In PowerShell, it’s the -licensetype Windows_Server parameter in the New-AzureRMVM cmdlet.

And in an ARM template, it’s a “licenseType”: “Windows_Server” entry in the “Microsoft.Compute/virtualMachines” / “properties” section.

B stands for “Burstable”

In preview and only available in a few regions at the time of this writing, this new B-series VM family “allows you to choose which VM size provides you the necessary base level performance for your workload, with the ability to burst CPU performance up to 100% of an Intel® Broadwell E5-2673 v4 2.3GHz, or an Intel® Haswell 2.4 GHz E5-2673 v3 processor vCPU.”

The idea here is that, perhaps you have a workload that is, for lack of a better term, “choppy”…

“What about ‘burstable’?”

Choppy CPUUm.. okay.. that’s an even better term.  Rather than using the CPU at a consistent capacity (which is easier to plan and then size appropriately for), the application or service doesn’t run fully, all the time.  Instead, it needs higher CPU performance just now and then.  So, either you end up buying a lesser machine and the application suffers during those bursts, or you’re buying machines that are big enough to handle the bursts, but otherwise wasting the capacity you’ve paid for.

The new B-Series addresses this by allowing you to choose a machine size with guarantees of a certain base CPU performance percentage, a MAX CPU performance percentage, and the ability to “bank” a certain number of “credits” per hour (up to a max bankable) when processing is low, and use those credits when the need arises.

“So, this is like that T2 instances in AWS?”

Yes.  T2 instances in AWS have become very popular, and this is obviously Microsoft’s answer to this. 

Reserved Compute

Reserved InstancesReserved Instances give you the ability to pre-dedicate capacity for a workload for either a one or three year commitment, and then save big bucks.  You would use this to save money on something that is more predictable vs. a typical pay-as-you-go approach.

“Select and purchase RIs in three easy steps. Specify your Azure region, virtual machine type, and term (one or three years) and that’s it. Plan, implement, and execute against your desired workloads with prioritized datacenter capacity around the globe—ensure resources are available when and where you need them. ”

Microsoft claims that, if you combine the savings of paying for reserved capacity with the Hybrid Use benefit described above, you could save as much as 82 percent.  Surprised smile

At the time of this writing, this is a feature that is “coming soon” to Azure.  You can sign up for more information here.

In Conclusion

It’s good to keep up on these updates, and use what you learn to save your company some money.  (Thank goodness you found my blog!  Smile

Click on the following links for more details on each of these 3 ways to save money in Azure:

What do you think?  Are you saving all you can in Azure?  How does this compare to what other major booksellers or search provider vendors are doing?  Share your comments!

Azure has PowerShell (?!)

“Oh c’mon, Kevin.. Everybody knows you can use PowerShell against Azure…”

Yeah, sure.  But did you know that they’ve finally added the preview for using a PowerShell shell right from the browser?

“No! Do tell!”

For a while now you’ve had the ability to click what looks to be a command-prompt icon in the upper-right-hand corner of your Azure portal window.

Shell Icon

That opens up a terminal-like window at the bottom of the browser, and you’re in a BASH session.  There’s a drop-down at the top of that windows that suggested that you can choose between BASH and PowerShell, but PowerShell was “coming soon”.  Well, soon was this week.

Shell Choices

Setting it up is fairly straightforward.  When you select PowerShell as the chosen shell, you are given a notice about the fact that you’ll need a dedicated storage account associated with this capability.  This storage will be used to host your default cloud drive file share. 

Note: Other than in this file share, there is no persistence between terminal sessions.   More about this later.

Configuring Storage

As you see above, I didn’t have storage created for this, so after selecting my subscription, it created a storage account for me.  I didn’t select the Show advanced settings option, but if I had I would have been able to choose existing or create new resource group, storage account, and file share.  

When I was done, I had a default resource group created to host that storage account.

Resource Group Created

The shell windows displays the status of the configuration, which does take a minute or two…

Configuring the PowerShell terminal session for the first time

And when you’re done, you’ve got a shell of POWER!

All done configuring

Notice at the top that can also now select between BASH and PowerShell, you can reset the session, click to common help topics, or manage settings (which as of right now is just manipulating the text size and providing feedback to Microsoft).

“Cool!  So what can you do with it?”

I haven’t gotten that far.. but let’s try a couple of things to see what the environment looks like.  Let’s start with a simple Get-Service cmdlet.  It actually took about 5 seconds to respond, but when it did it came back with what I expected…

Running Get-Service

I have to assume that I can do Azure PowerShell commands, like listing the resource groups using Get-AzureRmResourceGroup

Typical Azure cmdlet

The capture above is truncated because I thought I shouldn’t give you a list that also contains my subscription ID and other groups.. but trust me that this worked as expected.

“You mentioned that you have a file share created in storage.  How do you get to that?”

You’ll notice that you start out in the Azure: drive.  From here you can navigate to and manage Azure resources:

Navigate to Azure resources

But if I want to get to the file system of the local machine, I can go $Home

File system of the machine running my terminal session

Notice that I cd $Home, which brings me to a profile folder for my current session.  Yes, it’s basically the default folders you’d see on a Windows Server 2016 machine (because, under the hood, that’s what it is!).  However (and this is important).. putting items in any of that file system other than the linked folder CloudDrive will not persist from one session to the next.  So, I cd .\CloudDrive\ and I’m now placed in the file share of my persistent storage.  Whatever I do there will be persisted for me.

As an exercise for you, try creating a simple text file (echo “Hello, world!” > hello.txt) into both the Documents folder of the server, and of the root of the ./CloudDrive folder.  Log out of Azure, and then back in and into your PowerShell terminal window, and see which file is still there when you get back.  (NOTE: maybe you’ll get lucky and get the same machine if you do it right away.  But if you wait 30 minutes for the VM to time-out, I bet the file in the Documents folder will be gone, but the CloudDrive file will still be there.)

Happy geek!

For more official information, check out the announcement from the Azure Blog, plus the full Overview of Azure Cloud Shell (Preview), and Features & tools for PowerShell in Azure Cloud Shell.

Have you tried this yet?  What do you think?  Shoot me your questions and/or comments below.

Update: Did Kevin pass Azure test 70-532?

Let me reveal my answer to you in the form of a couple of test questions:

1. Kevin found the test harder than he expected.

  • True
  • False

2. What areas did Kevin wish he had studied and understood more deeply during the test?

A.  Code.  Actual C# code against Azure web and identity services

B.  Azure Functions. I know the overview, but had to guess on some of the “fill in the blank” code snippets

C.  Programmatic use of messaging; again, you should know what the code looks like for this.

D.  All of the above.

3.  In spite of himself, Kevin passed.

  • True!
  • False

It’s not uncommon to go into a test and get a little flustered with questions that are just outside of the areas you studied, or perhaps went into depth or details you weren’t expecting.  It makes affirming that last “Are you sure (you want to exit the test and see you’re a miserable failure)?” question that much more difficult to click.  But I clicked it, and found that I had indeed passed.  So.. not so miserable! 

And there was much rejoicing...

“What’s next?  Are you going to re-do 70-533 again?”

Y’know, I actually think I might look into another track entirely.. like maybe the CISSP certification, or maybe some Amazon Web Services training and certs.  I know Azure really well, but only know the basics of AWS

So, how about you?  Are you on your own certification adventure?  Feel free to share with us in the comments!

I’m Certifiable (Azure Exam 70-532)

Windows 3.11 workspaceNot only am I absolutely full of I.T., but I’m also certifiable!  I’ve been earning Microsoft Certifications of one flavor or another since 1994, when I became an MCP on Windows 3.11 (“Windows for Workgroups”).  And recently I set myself a goal to become certified on all things Azure.

“What certifications are available for Azure?”

There are three main tests that you can take and pass to get Azure certifications; one for developers(70-532), one for implementers (70-533), and one for architects (70-534).  There are also two related tests focusing on proving your knowledge of designing and implementing cloud data platforms (70-473) and designing and implementing big data solutions (70-475).  My goal for now is to pass all of those first three, and maybe later consider the others.

“How’s it going?”

CrammingA couple of years ago I took and passed the 70-533, but that was back when Azure was all “Service Manager” style, in the old “classic” portal.  A whole lot has changed since then, so I think eventually I’d like to take that one again to prove I know the newer stuff.  And then again about 6 months later. (sigh)

A couple of weeks ago I took and passed the 70-534Smile 

Tomorrow (Tuesday 9/19/2017) I’ll be taking and passing the 70-532.  I feel pretty ready for it.

“What did you do to study for it?”

That’s why I am writing this article!  I wanted to share with you some resources I am using, in case you might want to go down this path yourselves.  There are some really good links to resources on the 70-532 page, and excellent documentation on the Azure site.  I carefully watched the provided video overviews, walked through the outline of what is on the test, and read the documentation for those area.  When applicable, of course, I tried things out in Azure directly.  I found good step-by-step guides that helped me through that process as well.

In the video overview (excellently done for Microsoft Virtual Academy by Brian Swiger), Brian shares a summary of the topics covered on the test, and in his presentation provides links to the related documentation.  You have to get the PowerPoint of his presentation to have access to the URLs, so that’s what I did.

In fact, to close out this article, and again for anyone of you interested in taking and possibly passing this exam, I’ll copy/paste those links for you here.  It’s a lot, but if you read and understand this documentation, and maybe focus on the areas you’re not as familiar with, you’ll have a good start at mastering the topic. 

Exam Topics and Details

http://aka.ms/70-532

Virtual Machines

Run a Windows VM on Azure
https://docs.microsoft.com/en-us/azure/architecture/reference-architectures/virtual-machines-windows/single-vm

Create and Manage Windows VMs with the Azure PowerShell
https://docs.microsoft.com/en-us/azure/virtual-machines/windows/tutorial-manage-vm

Create and deploy your first Azure Resource Manager template
https://docs.microsoft.com/en-us/azure/azure-resource-manager/resource-manager-create-first-template

Windows VMSS and Desired State Configuration with Azure Resource Manager templates
https://docs.microsoft.com/en-us/azure/virtual-machines/windows/extensions-dsc-template

Upload a generalized VHD and use it to create new VMs in Azure
https://docs.microsoft.com/en-us/azure/virtual-machines/windows/upload-generalized-managed

Manage the availability of Windows virtual machines in Azure
https://docs.microsoft.com/en-us/azure/virtual-machines/windows/manage-availability

How to use availability sets
https://docs.microsoft.com/en-us/azure/virtual-machines/windows/tutorial-availability-sets

Azure Storage replication
https://docs.microsoft.com/en-us/azure/storage/common/storage-redundancy

Azure Storage Scalability and Performance Targets
https://docs.microsoft.com/en-us/azure/storage/common/storage-scalability-targets

About Azure storage accounts
https://docs.microsoft.com/en-us/azure/storage/common/storage-create-storage-account

High-performance Premium Storage and managed disks for VMs
https://docs.microsoft.com/en-us/azure/storage/common/storage-premium-storage

Filter network traffic with network security groups
https://docs.microsoft.com/en-us/azure/virtual-network/virtual-networks-nsg

User-defined routes and IP forwarding
https://docs.microsoft.com/en-us/azure/virtual-network/virtual-networks-udr-overview

Microsoft cloud services and network security
https://docs.microsoft.com/en-us/azure/best-practices-network-security#dmz-characteristics-and-requirements

What are virtual machine scale sets in Azure?
https://docs.microsoft.com/en-us/azure/virtual-machine-scale-sets/virtual-machine-scale-sets-overview

Storage

Understanding Block Blobs, Append Blobs, and Page Blobs
https://docs.microsoft.com/en-us/rest/api/storageservices/Understanding-Block-Blobs–Append-Blobs–and-Page-Blobs

Get started with Azure Queue storage using .NET
https://docs.microsoft.com/en-us/azure/storage/queues/storage-dotnet-how-to-use-queues

What are Azure SQL Database service tiers
https://docs.microsoft.com/en-us/azure/sql-database/sql-database-service-tiers

Scale out databases with the shard map manager
https://docs.microsoft.com/en-us/azure/sql-database/sql-database-elastic-scale-shard-map-management

Azure Storage Service Encryption for Data at Rest
https://docs.microsoft.com/en-us/azure/storage/common/storage-service-encryption

Create an Azure Search index
https://docs.microsoft.com/en-us/azure/search/search-what-is-an-index

Upload data to Azure Search
https://docs.microsoft.com/en-us/azure/search/search-what-is-data-import

How to page search results in Azure Search
https://docs.microsoft.com/en-us/azure/search/search-pagination-page-layout

Introduction to the Azure Redis Cache Premium tier
https://docs.microsoft.com/en-us/azure/redis-cache/cache-premium-tier-intro

How to configure data persistence for a Premium Azure Redis Cache
https://docs.microsoft.com/en-us/azure/redis-cache/cache-how-to-premium-persistence

How to configure Redis clustering for a Premium Azure Redis Cache
https://docs.microsoft.com/en-us/azure/redis-cache/cache-how-to-premium-clustering

Caching
https://docs.microsoft.com/en-us/azure/architecture/best-practices/caching

Web and Mobile

What is Application Insights?
https://docs.microsoft.com/en-us/azure/application-insights/app-insights-overview

An introduction to Azure Functions
https://docs.microsoft.com/en-us/azure/azure-functions/functions-overview

Identity and Networks

What is Azure Active Directory?
https://docs.microsoft.com/en-us/azure/active-directory/active-directory-whatis

Azure AD B2C: Focus on your app, let us worry about sign-up and sign-in
https://docs.microsoft.com/en-us/azure/active-directory-b2c/active-directory-b2c-overview

What is Azure AD B2B collaboration?
https://docs.microsoft.com/en-us/azure/active-directory/active-directory-b2b-what-is-azure-ad-b2b

Other Resources

Study Groups
https://borntolearn.mslearn.net/

Microsoft Azure Documentation
https://docs.microsoft.com/en-us/azure/index

MeasureUp (Practice Tests for Sale)
http://www.measureup.com/70-532-Developing-Microsoft-Azure-Solutions-P5566.aspx

edX Course / Labs
https://www.edx.org/course/developing-microsoft-azure-solutions-microsoft-dev233-2

Microsoft Official Curriculum Course 20532C: Developing Microsoft Azure Solutions
https://www.microsoft.com/en-us/learning/course.aspx?cid=20532

Are you certifiable like me?  Leave a comment or question.

And check back here for the update Tuesday afternoon (9/19/2017) on whether or not I passed.  Smile

DSC: Cut to the Core

PowerShell SuperheroThis is an interesting development.  I had a good friend and respected local technologist mention this to me the other day, and he wasn’t happy.  “Why would they take away features?  Just to be ‘consistent’?”  Apparently his take on this is that Microsoft is reducing something that was powerful down to a subset of its former usefulness. 

Here’s what he was referring to…

In a DSC future direction update on the PowerShell Team Blog the other day, Microsoft announced a new direction for DSC.  For those not familiar with DSC, it stands for Desired State Configuration.  According to Jeffrey Snover (the architect of PowerShell), PowerShell DSC was the whole reason why PowerShell was invented.  We want the ability to define and apply a configuration as a “desired state” to a machine (or machines), and have it applied consistently and, optionally, perpetually.  Write up some simple text, and “Make it so.”, with all the benefits of text (source control, among others). 

Initially, of course, PowerShell DSC was addressing the configuration of Windows-based servers, but it was no secret that, being built with standards in mind, it was built to support the ongoing configuration of Linux workloads as well.  In fact, this really caused two worlds: PowerShell DSC for Windows and PowerShell DSC for Linux, because both had their own unique set requirements, dependencies, supporting frameworks, and allowed commands.  Somewhat understandable, sure.  Feature parity?  Um, no.

So now Microsoft announces “DSC Core”.

“What is DSC Core?”

I’m glad you asked.   It is “a soon to be released version of DSC that aligns with PowerShell Core”

“PowerShell Core?  What’s that?”

PowerShell Core is the open-source cross-platform version of PowerShell that runs on Windows, Mac, and Linux.  It runs on top of .NET Core…

“.NET Core?  What the…”

Yeah.. okay.  .NET Core is “a general purpose development platform maintained by Microsoft and the .NET community”. 

“Oh, I get it.”

You do?  Okay.  Well, anyway… back to DSC Core.  DSC Core (built using PowerShell Core which is built upon .NET Core) now becomes a common, cross-platform version of PowerShell DSC.  

From the “Future Direction” blog post:

“Our goals with DSC Core are to minimize dependencies on other technologies, provided a single DSC for all platforms, and position it better for cloud scale configuration while maintaining compatibility with Windows PowerShell Desired State Configuration.”

So this subset (if we can call it that) will still be compatible with PowerShell, but it won’t have the large numbers of unique Windows dependencies bogging it down. 

“What about compatibility?  What about the CmdLets?  Will they be the same, or will I have to use different ones?  What about DSC Resources?  Will they have to be recreated?”

All of those and a few other questions (like what to do about Pull Servers) are addressed in the “Future Direction” blog post.

So, “Why would they take away features?  Just to be ‘consistent’?” 

What do you think?  Feel free to discuss/rant/pontificate in the comments section below.

And again, read the full article on the PowerShell Team Blog

The Confidential Cloud

Azure Confidential Computing“Encryption of data in transit?”

Check!

“Encryption of data at rest?”

Yessir!

“Encryption of data while it’s in use?”

Huh?!

That last one might stump you as well, but Microsoft actually announced a new capability today in Azure, called Azure Confidential Computing.

“Put simply, confidential computing offers a protection that to date has been missing from public clouds, encryption of data while in use. This means that data can be processed in the cloud with the assurance that it is always under customer control.”

This is pretty huge.  The technology involves trusted “enclaves”, or TEEs (Trusted Execution Environments), utilizing either a “Virtual Secure Mode” in the OS, or Intel®  SGX, that Microsoft has been using in Azure on their own infrastructure.  Additionally this is what supports the security of their recent blockchain efforts (Coco Framework), and the just-announced improvements to their “Always Encrypted” capabilities of SQL Server and Azure SQL Database that also operate on data that is secured, even when in use.

Microsoft is making this technology available now for testing.  If you’re interested in signing up for the early-access preview, CLICK HERE.

And of course, read the full announcement (written by none other than Mark Russinovich), HERE.