Tuesday, November 25, 2014

The Imperfect Lab: Connecting a VNET to another VNET

As I mentioned yesterday, I'm struggling with setting up the "perfect" lab environment for myself. So instead of trying to make it perfect, I'm just going to start by simply getting started and letting in evolve.  Because starting is most of the battle, right?  Most environments grow and change and become a bit messy, so I am just going to embrace a little chaos!

My starting goal is to create two networks in Azure (in two different regions) and connect them.  To start I'll need two VNETs in Azure. I also created two corresponding storage accounts in each region, so that when I'm building my servers, everything is as neat an organized as I can make it.

In each of the networks, I carved out a few subnets, because I don't know exactly what I'm doing with them yet. Keep in mind you will need to make at a small Gateway subnet in each. Also, as soon as you put a VM in a subnet, you can no longer edit it.

  • ImperfectNet - (West region)
  • AnotherNet - (East region)
Because I want to connect them together with site-to-site networking, I have to create corresponding "local" networks in Azure to sort of trick each network into thinking its connecting to a physical network.  So under the "Local Networks" tab, I created "ImperfectLocal" and "AnotherLocal" with the same IP address ranges as the virtual networks. Be sure to put in a fake VPN Gateway Address as a placeholder here, you'll update it later after Azure gives you a real gateway address.

In each network, I threw the ticky-box under Site-to-Site Connectivity, selected the correct "local" network and then created the Gateway subnet.  After everything was finished configuring, when you return to the dashboard page of each network, you will see the remote network showing.  Azure will tell you that "the gateway was not created".

Click "create gateway" at the bottom. For VNET to VNET connectivity, you have to go with Dynamic Routing.  Do this for each network and wait for it to complete.  (Creating gateways actually takes a while, this might be a good time to get lunch.)

Once your gateways are created, write down the IP addresses carefully and then edit those "local networks" with the fake VPN gateways to the correct ones Azure just assigned you.

Finally, you have connect the networks together with shared key.  There isn't any way to do this in the portal, so pop over to PowerShell and use the following code to hook them together.  You have to run the command twice with the corresponding network names and the SAME shared key. Please make your key longer then the sample I put in here.

Set-AzureVNetGatewayKey -VNetName YourVNETName -LocalNetworkSiteName TheOppositeLocalNet -SharedKey abc123xyz

Set-AzureVNetGatewayKey -TheOtherVNetName YourVNETName -LocalNetworkSiteName TheOtherLocalNet -SharedKey abc123xyz

So now I've got two connected networks in Azure, albeit empty of servers.  Next up... starting to build out my "imperfect" domain.

One more thing... if you want the offical "Azure" instructions for this, complete with images, go to http://msdn.microsoft.com/en-us/library/azure/dn690122.aspx.  

Monday, November 24, 2014

The Perfect Lab

There are a few old sysadmin jokes out there... one that often comes to mind for me these days is the one-liner about how the perfect network is one that no one is on.  But now that I have the luxury of being able to build just about any lab network I want (either in Azure or using Hyper-V) I find myself nearly paralyzed by wanting to build the "perfect" network/lab for my needs.

I start, I stop, I get sidetracked by a different project, I come back to my plan, only to realize I've forgotten where I left off (or forgotten where I wrote down that fancy admin password for that VM) and end up tearing it out and starting over again.  The end result is I'm getting no where fast.

I've got several MCSE exams in my future that I need to build some things for hands on for.  I have a little internal metric of how I need to improve my PowerShell a bit more.  I have work training items that sort of fit into all this and I keep striving for the perfect lab, the perfect naming system, the perfect password that I won't forget... well, I guess my "perfectionist" is showing.

It's a slow week here in the office with the Thanksgiving holiday approaching, so now is the perfect time to sit down with a pen and a paper and really figure out what I'm going to build and what I want to use it for.

Because there is something worse than a network that no one uses.  It's that network I keep deleting.

Thursday, November 13, 2014

You Bought It... AND You Can Bring It!

Consumers want what they want. And when those consumers arrive at their place of work, they still want to use what they like. It seems like it wasn't that long ago where the best technology you had access to was at the office, but these days that's not always the case.

If you are looking to address "Bringing Your Own Device" in your organization, need to update corporate policies to support more current device lifecycles and get your hands around managing your applications and data on whatever device tries to connect to your data center, Kevin Remde has got you covered.

Check out his multipart series on just that topic.  It started out last December with Part 1 -What It Means for My Company, continued with Part 2 - How to Make it Happen and recently summed up things with Part 3.

In PART 3 - BYOD Design Considerations, Kevin Remde welcomes back Yuri Diogenes to the show as they continue their discussion around the benefits, challenges and considerations businesses must make around Bring Your Device (BYOD) and how IT organizations can support it.  
  • [2:46] Why don't you give us a summary on the concept of BYOD?
  • [6:20] I understand that recently you and your team have published some really useful resources to the Microsoft TechNet online documentation.  What have you created for us?
  • [9:26]  How should one use the BYOD Design Consideration Guide?
  • [13:51]  Can you give us an example of how an IT organization can use this guide in a real-world BYOD scenario?
Check out the FREE “BYOD Design Considerations Guideand start giving people what they need, where they want it.  Working hard doesn't always happen in the office.

** 11/21/14 Update ** Want to learn more about BYOD tools and Mobile Device Management?  Don't miss this upcoming MVA - Taming Android and iOS with Enterprise Mobility Suite with Kevin Remde and Simon May on 12/8/14. 

Friday, October 31, 2014

In Case You Missed It: New Azure Features Announced

Yeah, I nearly missed it. With Halloween and the SF Giants winning the World Series for the 3rd time, I almost let this slip by... but some really great new features were announced this week in Azure.

A few of my favorites are:

  • Network Security Groups - Now you will be able to control access to subnets and individual VMs over the internal IP addresses using security groups, not just via ACLs on the external endpoints.  Right now you can only do it using PowerShell, so look for more details and those commands here
  • Virtual Machines with Multiple NICs - The possibilities really opened up here with this new addition.  However, there are some caveats to keep in mind - You need to set this feature up when creating new VMs and those VMs must live in a VNET. Also the size of the VM matters.  Those little A1 and A2 VMs don't get to play.  For A3s, you can have 2 NICs, for A4s you can have 2.  And if you can't have extra NICs in the machines with Infinband (A8 and A9).  This is also only available via PowerShell, so look here for the commands.
  • New Validated VPN devices - devices from Barracuda and Palo Alto Networks specifically.

Also, one of my new favorite resource pages for Azure right now is this one: Virtual Machine and Cloud Service Sizes for Azure. Lots of information and links that lead you to all sorts of handy tips.

Wednesday, October 29, 2014

Resources from the MVA Modernizing Your Datacenter Jumpstart

If you happened to join Matt Hester and I during our MVA Jumpstart, thanks for hanging out with us! We hoped we brought you some good ideas and resources for modernizing your datacenter.  

I think that one of the best things you can do when you are looking at refreshing technology for you business is to take the time to think about how you can leverage improved software, hardware and cloud technologies to make your server room (regardless of size) work better for your customers and become easier to maintain, protect and recover.

If you want to work more some of the things we covered, particularly DSC, please check out the Microsoft Virtual Labs.  I highly recommend the Windows Server 2012 R2 – Windows PowerShell Desired State Configuration lab.

If you want to learn more about deploying Scale Out File Servers visit http://technet.microsoft.com/en-us/library/hh831359.aspx

For more details about the Windows Server Migration Tools that Matt covered check out http://technet.microsoft.com/en-us/library/jj134202.asp

And for Azure, learn more about Security and Compliance, install that nifty Cost Estimator Tool or learn more about the Migration Accelerator for Azure.

Matt and I were happy being able to spend the day telling you about things we really enjoy. If you want us to do more of that kind of thing, please drop us note or reach out to us on Twitter. If you missed it, the recordings will be available on demand in a few weeks at Microsoft Virtual Academy.