Azure Thursday - 7 May 2020
Losing. Okay. Hi, everyone, welcome, to another as, your first days um. First. Of all we. Want to thank our sponsors, who are on the the, left side of the screen for, this for making these awesome events. Possible again, tonight. We have two great speakers we, have Esther, Bartel and. We have Muhammad wali who's. Going to speak, about some different, topics. One. About a shark and introduction, to a shark, and Esther. Is going to talk about her, automation. Phone with, arm templates, and PowerShell. Diaster. Why. Thanks. For having me. So. How, are you doing in this situation. How are you handling it, well, I had, the opportunity previously. To work from home for one, or two projects, so I. Have, a nice setup at home. But. It. Is taking some adjustments, to not. Be able to put. Some pressure on people, by standing, next to them and basically. So. Now I'm the person that's very, annoyingly, pinging, them calling, them and, trying. To get attention that way so okay. Okay. So. Your session is about automation. With arm template and PowerShell. I saw, in the description. That you are going to. Hand. Some templates, over to us as well are. Those templates, used, in your day-to-day work. Well. Unfortunately I'm, still stuck. Mostly, on. Environment. Implementations. So. All my, templates, are still, basically. Me, playing in, my lap and playing in my my demo. Answer environment. But. Yeah if anyone, knows. Of a cool project then I'm your girl, okay. Good, okay, then the floor is yours take it away good luck thank, you very much. So. If, everything. Is working all right and you should be able to see my slide, deck as well. Yes. We do okay, perfect then I'm gonna take. It away, so. As. I, joke, you already introduced, me I'm, gonna talk about some answer automation, fund that I had and I will walk you through the different steps that I, went. Through in. This process, of discovering. Answer and automation, possibilities. So. For those of you who do not know me my name is Esther Bartel I've, been a technical, consultant for, over 20 years. Mostly. Focused, on designing, implementing. And even, troubleshooting. Citrix. And Microsoft. Environments. And, I. Feel, very active, for the last couple of years in different community, programs, like the citrix technology, professionals, the, Microsoft, MVP program, and. Even. More recently I, started, a women, in tech mentorship, program, to, ensure, that women. In tech have, a network, and are. Basically, sponsored. And mentored, in both, professional, and personal. Improvements. Or skills. And. Last. But not least the last couple of years I've been more focused on, DevOps, and automation. Because. It's becoming more and more important, for. Administrators. And operators. To, automate. Your Windows, and, in my case also Citrix, deployments. And configurations. And. I've been using that mostly. With REST API is Jason, and PowerShell. So. For tonight I wanted to share with you some of my explorations. In answer. Infrastructure. At surface AR. M templates, s, your automation, and, finally. Moving. All the way to Azure, DevOps. Starting. With Azure, infrastructure. As a surface. When. We're talking about. Infrastructure. As a surface, it's mostly, focused on servers. And storage, networking. Firewalls. Security, and data. Centers, and. That's, basically, the environment, that I most. Feel. Comfortable. With because I've, been mostly coming, from an infrastructure, background, and. If. We're talking about, infrastructure. Within Escher. You need to be aware of the fact that everything, within answer is either a surface, and therefore. Also an object so it's very object oriented and, this. Means that if for instance we're talking about virtual machines, we. Also need to specify a virtual, network as, an object but, the network interface, card in a public IP address, as well and that's something we need to be. Aware of when, we start with, Azure. Deployments. The. Other thing is if we're talking about a compute, section, they have different, families, of surfer. Series that. You can order and each. Theory has basically. A specific. Focus whether. You want to GPU in your machine or not and. Luckily. For me storage, is still basically, focused, on storage accounts. So. If we want to get started or at least this was one of my first experiences. With Asher I. Wanted. To create a virtual machine through, the marketplace, and I, figured, that, that would be an easy task because, you, just go to the marketplace you click, on the machine. In in my case I wanted to have an. Citrix. Network, appliance, deployed. But basically it's the same process as. Deploying. A Windows Server. So. When, I hit. The, create, the, create button I figured. That, it, would just be an walk in the park I would, just select the, options that I want, and. In this case like the basic, settings I just have to specify your virtual, machine name and then.
It. Would basically. Be deployed, by Azure. Do. That integral, sorry, something. Wrong with your this the screen sharing we, see we. Still see the introduction. Slides. Oh really. Yeah. Then. I'm not sure why. That is, to. Be honest. So. Is it still just on the about. Me slight note. He has your automation fun Oh. I mean, if you have to reshare your screen again I. Think. She's gone right now. So. Sorry, for the technical, challenge. That we apparently. Had or probably. I apparently. Had, so. Hopefully I can now pick up and the, slides will move, along with me and so. Just, to double-check if. Everything, is okay you should see the about ester slide right now and if. I hit, the button it should show. Some more content, on the slide. So. I'm just going to start, basically. From. From scratch, from. The beginning I've. Been in Technical Consultant for 20 years been, very active, in different community, programs, like, citrix, technology, professionals. Microsoft. MVP, and, recently. Started a, women, in tech mentorship, program, to give. Women. In tech a network, to connect to each other and, one-on-one. Mentoring, for, personal, and professional skills. And. Very. Recently, I've been mostly, focused, on DevOps, and automation. Because. I think automation. Of your. Windows, and in. My case also Citrix deployments and, configurations. Are what, is needed to, be able to migrate also. To the cloud. So. This, tonight. In this presentation, and, I was already moving forward, I like to talk to you about, my, experiences. With Azure infrastructure. At surface AR. M templates, as, your automation, and. Lastly. Answer. DevOps. If. We're talking about a, sure infrastructure. As a surface, it's mostly, focused, on server storage and network. And, that's the area that I feel most comfortable with. Because. I've been in infrastructure, for as I said over 20 years now. One. Of the things that you need to be aware of with a sure infrastructure. Surface, and, Azure in general is that everything, is surface oriented, and.
Also Their object. Oriented, so that means that, you, need to not just specify. Virtual. Machines but. Also the virtual network and, even the network interface, or a public. IP address, as an object. And. If, we're talking about compute, then. You. Need to be aware of the fact that there are different, family. Types or series that you can select. For. Your virtual, machines and, luckily. For me storage, accounts, is, mostly. The focus if we're talking about storage. So. My first experience. When. I started, with Azure, infrastructure. At surface, and deploying. Virtual machines. Was. A. Bit. Surprising. To, say because. When I. First. Started, to deploy my, first, virtual machine I figured. I would just go to the marketplace select, a Windows, OS. Fill. Out some basics, as. You see here like the virtual machine name and then. I sure, would take care of the rest and create, that machine and. Apparently. It does take a bit more than. Just that. Basic information. And. As we are currently. Mostly. Or all, of us working from home these days I figured. It might be, interesting for this demo, to not just focus on, creating. A virtual machine. But to focus on Windows, virtual desktop, and use that as, my. Demo environment. To. Proficient, and host pool and session, hosts. All together and if, you want to do that you can easily select. That in the marketplace. And, once again you need to fill out some basic information, but. Then it becomes interesting, because answer. Also wants, some, information, on the virtual machine configurations. And. It. Wants some information, on the virtual machine settings so, it needs to know what, domain it needs to be joined. And. Even. You, need to specify some Windows virtual desktop, information, and this. Is. Due. To the fact that last, week a whole new release. Became. General, available, for Windows virtual desktop, this is still focused on what. They now call the full release. 2019. So. Bear with me because that has some, slightly, differences. In. Comparison. With the new release which. Is the 2020. Spring. Release. But. To get back to this basically. It takes, a lot of manual. Input, before, you finally, get to that final screen, to, hit that create button, to. To. Actually, get, your machine deployed. Figured. There, had to be a better way to do, this because, I, don't. Know about you guys but if, I can automate, something then, I'm happy to spend some extra hours into doing that and. Get. Benefits, from that in the future, then.
Repeating. The. Same manual. Actions, over and over so. I quickly, learned that as. A resource, manager, basically, works, with templates, and you, can basically, create your own templates. And a. Natural resource manager template, is basically. Constructed. Of. JSON, JavaScript. Object. Notation. Statements. And expressions. And. If we look at Jason. Because, I think it's very important, to always understand. The syntax of. The. Templates, that you work with there. Are some basic syntax, rules that you can take into account. So. The first one is that data always is. A name, value pair, within Jason, and, it's. Always separated. By commas. And. We. Use curly, braces within. Jason to, hold. Objects, and square. Brackets if we're talking about arrays, and of. Course the, cool fun is that you can combine all that information. And all those syntax, rules, to. Create really, nested, arrays, and. Build, your entire jason template. If. We're. Going back to a RM, an. A RM template, basically, follows, a simple structure so. It consists, of a, content, version which, is for your own versioning. It, has a parameters. Section, or array so to speak. Variables. Where. Parameters. Are the, input. Parameters. For your a RM template and variables. Are variables that you define within, your template so. They do not exist outside and, cannot be directly. Linked. You. Can also add, some personal, or. Custom. Functions, within your template in the function section and of. Course you have your resources and those are all the azure resources. That you can basically configure. Deploy. And specify. And last. But not least the template, also has a section, called outputs, that allows you to basically return. Some information. After the deployment is done. So. That sounds pretty simple. But, if you look at just a clean, template. That only has those, sections, filled. With with one, example, then. You'll notice that an a RM template, can quickly. Quite, a large. File. So. I figured, that. It. Might. Be a challenge to, build. My own AM, template, from scratch, so. Lucky for me that's a QuickStart, guide on Microsoft, documentation. That, basically. Walks you through the steps of creating a. Custom template, based on the. Marketplace options. And what. It tells you to do is to go into your. Portal, your s your portal and click, on, create a resource, go. To the marketplace, and select, the resource, that you want to deploy in my, case I'm doing, Windows virtual desktop, and then. Go through each and every. Information. That you need to manually fill, out like, we did in the first couple of slides and, instead. Of hitting that create, button, this. Time I'm clicking, on the download the template for automation link and. This. Brings, me directly, to. Pre-configured. A RM template, that. Has all those resources, that I want to deploy, or. That a RM, or Essure would deploy for me and, already. Filled out in this template and it, also allows, you to download, an, input. Parameter file, so. You can easily, download, the, entire set, and basically. Are ready to go.
Because. You're a RM template, already has, those filled out sections, for parameters. Variables. Resources. And even. Output. So, it will return the virtual machine that is created. If. You. Want to still. Dive into. Customizing. These. Pre-configured. Erm templates, and you. Need to be aware of the fact that there is a reference guide on Microsoft, documentation. And this, reference, guide basically zooms. In on all the SEO resources. That are available and. You. Can. Zoom in on the properties, per resource, that, you can specify and, even. In this case with a public, IP address. I can, specify. A name and a type but also. Zoom in on the properties, of the IP address, that I can specify. For. Instance, the allocation, method and the, IP address, itself. So. This allows me to quickly build, or, customize. That. Pre-downloaded. Template. And you, need to be aware of the fact that there. Are also a, lot of QuickStart. Templates, available on, Azure. Currently. There are like. 872. Templates. That, are already available. Created. By, the. Community by. Microsoft itself and even third parties. So. That's a great, way to get started and that will definitely help, you out and in, my case if we're talking about Windows, virtual desktop, I, was. Lucky that they, also have, a github available. Where. They provide, all, the templates that you need. And. A. Big shout-out to frake bearson, as well because. Basically he's my own personal WPD. Guru, or ninja, so to speak, and. He has answered. A lot of rookie. Questions, I had on erm templates, and how to make, them work in Azure. So. Now basically. We are at this face where, I have a template, and I, want, to do something with it so, the good news is that Asscher also. Has a template, section or surface. And that, allows you to upload your own custom. Template and you, can easily use them, to, deploy, your. Resources within. Escher so. If I hit deploy. Then. I still, have to fill. Out those, parameters. That are specified, within. My template and as, you can see I already prefilled. Some, of those by. Specifying. Default, values within my template, and. This allows me to only. Need. To. Only, need to specify that. Information. That is based the sensitive, information like, my. Admin UPN, or my. Application, ID when. I'm using a surface principle account. And. Then. All I have to do is agree, to the terms its, purchase, and my. Deployment. Is getting, started with in Azure and. As. I'm not a very patient person and, deployments. Usually take some time I just, decided. To fast-forward this a little. So. In, the case of WPD, it also joins, the machine the session host to the domain and as you can see that, action already is successfully, performed, while, the entire deployment is still underway. And in case of wvd. It has some additional scripting. Included. In the template to make sure that it is registered, correctly, with the back plane. Of wvd. So. Luckily, for me the deployment, is already finished in this demo and, if. We go back to the web client, for. Wvd. And, hit. Refresh, then. The. Session. Host that is assigned. To my user my test user, is. Already, available. And, I can easily hit connect, and. Start. My, virtual. Desktop. And. This. Virtual, desktop, was, created. Based on a default, template, from, the azure gallery. So. This is just me showing off that it is actually a Windows. 10. Multi-user, session. By. Showing you that it indeed has the Windows, 10 Enterprise 4 virtual desktop, version but basically, this is how quickly, I can deploy, a whole new virtual, desktop environment. But. Of course there, are still manually. I still, need to manually input. Some. Parameters, in this air, and template, and I, figured, there. Of course is always a better way or a smarter, way to automate. Even, those steps. So. I started, to look at one. Of my most favorite, scripting. Languages, PowerShell. And discovered, that, there's an whole module, a set. Module, to. Basically. Interact, with asher and you, can easily dis install, the module from the powershell, gallery. And. That will give you as. It, says the a set, module, and for. Those of you that might run into the same error that i had. That. My, it, couldn't find, the module in the gallery i, had, to discover that i have different. Installers. And, those. Connect, to different galleries so. I. Reminded. Myself that, if you prefix. Your, install, module, command, late with powershell, get then. You, will, definitely connect. To the powershell, gallery and there. Should be no errors.
During Installation and. With. The a set model you basically get a lot of what I call like sub modules, because. For every. Resource. Area. Like accounts. Compute. There. Is a separate, model with separate commandlets. And. Luckily. For me there's, also a reference, guide for all the powershell, and that, commandlets. That are available within the module so. To get started with, power she'll the. QuickStart, guide on Microsoft, documentation. Tells you to use the login -, a set account, commandlets. But, this is an interactive login. That, will pop up a window that will ask for your Asha credentials. And, that's. Not, the most smart, way to go, if, you want to automate and, script without. Any interactions. So. To, do that you need to create what they call an answer, Active Directory, surface. Principle, and basically. This is an application registration. That, gives you an application ID. And. You. Can. Give. Its specific. Roles either at subscription. Or resource. Group level two. To. Give it access rights, and authorizations. And, if. You have an application ID, you. Can you also need, to create, a, secret, for this for, this app, because. Together. If you combine the application, ID and the secret. You. Have the credentials that allow you to log, on to Azure as well. So. What I did is, I imported. That. Information. The application, ID the application, key and even, the tenant ID, into. My PowerShell, script. Created. A credentials, object. Combining. The application, ID in the application, key and, instead. Of the login, - a set account I use the connect, - asset, account command list that. Has an additional, switch called, surface principle. That. Allows me, to. Specify. That. My credentials, are indeed, in surface. Principle, and this, allows me to without. Any interaction. Create. A session to Azure and that. Gives, me the power to start. Doing. Some fun stuff with, a sure, and. As I mentioned before I'm still. Focused, on using. A RM, templates to deploy. My. Virtual, machines in Azure. So. To do that I, created, what what a, template. Parameter, object and this. Basically. This. Object basically holds, all the parameters, and the values, for those parameters. That are specified within, the AR M template, and by. Using. Objects. The. The template, parameter object. Instead, of an input file I get. To be more dynamic and, create. Specific. Information through. This powershell, script and. Once. I have my. Parameters. All specified. Within, the object I can, use a new, -, a set resource, group deployment, commandlets. Specifying. The resource group and, linking. It to, my. Template, file which is my a RM template. Specifying. Those templates. Parameters. That object that I created previously and. That. Way. Create. Or, start. My, a RM deployment. And. This. Is a, much, more automated, way to. Basically. Automate. My AR M deployments based. On that template and it, will give me the same result in, this case as a. Manual, start. And deployment of my um templated. But. Of course that wasn't. The. Goal I wanted to reach that wasn't my end goal so to speak because. This. Still requires. Management. Machine, powershell. Modules, to be installed, and. That's. All still, outside, of my answer environment, and I. Figured there had to be a way to do. All this, automation cool. Things within. My, answer environment. So. I discovered. A sure automation. And run books and with. A sure automation. I can create PowerShell, run books this. Allows me to quickly import. That script that I already created, and tested on my, management. Machine in. My, Asha environment. And the, cool thing about Asha, optimation, is that, it also allows you to already. Pre. Install, or add, modules. To your automation, account, so. This allows me to already. Put, all those, modules, instead. Of a Miss on my management machine in. My Asha environment. Together. With, credentials, and variables, that I can also specify for my automation, account and use. Those directly, within, my power. Shell runbook. So. This, case I, uploaded. My, powershell, or import, that my powershell, as a rum book and to. Get started, with a rum book all i have to do is hit start and then. It will show me a pop-up asking. For, parameters, or not. Asking. Me if i want to run it on Asscher or maybe even an hybrid worker. And, then all i have to do is hit ok and then the rum book is started. And. You need to be aware of the fact that the parameters, that it asks, for are run. Book specific, parameters, so, these are separate, from the AR M template, parameters, because. Deploying, an AR M template, of course, is not the only powershell, command or action, that i can perform with a run book, it. Back to this case where I do want, to deploy. An AR M template. The. First section, of my, script focuses. On that parameter but. That's basically because it's a learning curve for me and I wanted to get. A feel of how you. Work with rum books and parameters and then. As I mentioned before, I. Have. Automation. Variables. And automation, credentials.
That, I can use and call, from, my scripts I. Do. Apologize. My. Screen went dark so. I'm. Back again, so. With those automation. Variables, and even, credentials, this allows me to specify them, in my, automation, account and. Reference. Them from my script without, having, to actually know, what, the content, is or have that included, in my script, so, all sensitive, information. Is, not locked, within my script, but. It's, securely. Stored, within, those, faults. As. Mentioned, I of course need to use that connect, - a set account commandlets. To log, on to asher, with. The surface principle, that I retrieved. From the credentials. The, script will then deploy my, wvd. Host pool, based. On the AR M template, with the new - ACH resource group deployment, commandlets and as. An, extra. Addition, to the script I, can. Directly. After, the deployment use. PowerShell, to, retrieve, or basically. Double check if my. Session. Host was created, correctly, and if the host pool was. Created, as expected. So. Once again if I hit start, fill. Out the, value. For the parameter, select. To run it on assure this. Allows the script to basically run sir for less because I don't need that management, machine. Anymore. The. Script the run book will be queued first and then it will be picked up by a sure. And. You will notice that the status changed, to running and. It. Has an output Fenster. That. Basically. Shows you all the, PowerShell. Output, the, console output that PowerShell. Would normally, generate, in. My script so. In this case it's already. Got. To step, four that, does the AR M deployment. And. That. Takes some time and because. I don't have any verbose, logging, turned. On I, kind. Of cheated and made sure that I, checked, within. Asher and my resource group deployments. If the, deployment was actually. Being. Started, in Asia. Once. Again having to go through all the steps trying, to fast forward as fast as I can, and. The. Deployment, is completed, within Asia so. If I now look. At the status, of my run book it will show that it's completed, because. It finished the deployment, and if, we scroll, down to. It's. Kind of weird to say welcome back when, I'm the one that had the blue screen of death. So. This is becoming a, less. Optimal. Presentation. But I'll try to continue, where, I kind, of dropped up for you guys. So. I was kind of explaining, what I did with the automation, run book and, the. PowerShell Run book so. What, the run book does is it has one section for the parameter, and that's basically, for my, own education because. I was interested in, how, parameters, work within my run book and. I. Adjusted. Previously. PowerShell, scripts, that I ran on my management machine by. Adding. The. Links to the automation, variables. And the automation, credentials. That I specified, and in. My automation, account. So. This allows me to import. Sensitive, data without, actually, having, to know that data. And. Of course the script still, has that, logon, section, to log onto a sure it. Will. Deploy, the wvd. Host pool through, the new -, a set resource, group deployment, commandlets, just. As I did with the, PowerShell. Script, on. My management machine and of, course the section, that will double check to, see if the hosts are actually, created. So. If I now run, the demo I, just start, my, run book, specify. In this case a host pool name select. That it runs on Azure. And. Then. You will notice that it now has status. Queued. Because. Each and every, Luke is being cute, if you run it on Asher and then, it will be picked up from the queue and, its. Status will change to running, a rhombic. Also has an output that, gives you basically, the PowerShell, console, output that. You would normally have within, powershell. Window. And, as. You can see you sometimes need to refresh it because it doesn't auto refresh but, as you can see it already moved, on to the step to create, my WP d host pool. And. Of. Course this takes some time and it doesn't give you a lot of information because I didn't turn on Faribault's, logging, so. I just impatiently. Yes I am, switched, back to Azure and check. The deployments. That are actively, being performed, for my resource, group and luckily. Found that the deployment, was indeed underway and. It's. Going through the same processes, as it is using, the same a RM template, as we previously saw. So. Once the run book is finished. The. Status will change to complete, it and you will, notice that the. Output is also, shown. In the output window. So. It now shows, a. Virtual. Machine that was created, as my session host and. The. Scripts also, continued, by checking, my, session. Host information. So. Everything, worked as expected. But. Once again this. Was not. Satisfying. For me or like. My end goal because, it, still, felt, like. I. Now, created, a situation that, even, though it can be fully. Automated. And. You can even use a scheduler, to schedule, run.
Books To run at certain. Times it. Didn't, feel like a full DevOps, experience. Because. Basically I, am still limited, to, controlling. And, editing that run book within Escher. So. I figured, I would take on the ultimate challenge that, basically, have been postponing. For at, least six months and, finally. Dive, into a sure DevOps, and. One. Of the reasons, that I finally, felt the nerve to. Dive, into actual DevOps, is. Because. Tom Hickling one of Microsoft. Windows virtual, desktop, global, black belts. Wrote. This amazing block. About. Deploying. Windows virtual desktop, with. Azure DevOps, and like. Myself he, basically, very. Honestly. Explained. That he came from an infrastructure, background, and some. Of the development. Tools like. Azure DevOps, are. Still, a bit. Out. Of our comfort zone. But, basically he helped me to step out of that comfort zone and. Start. To play around with Azure DevOps, and in my case I created a, project within answer DevOps, thanks, to the steps that he describes, as well and, created. A release, pipeline and, this. Release pipeline basically, has one task because, I'm, not, already, going. Full force and, getting. All the bells, and whistles out, but. All this task does is basically. Run. That erm deployment, and once. Again I can specify different. Variables. For, this, task or this action that I want to perform and in, my case I can even specify a, template. Link so I can store it on. Github. Or. In. Answer. Files. And. Reference. That so, I, also. Have, a place. Where I can do versioning, and, collaborate. On the code and. Just. As powershell, has that template, objects. To override, the, parameters. Or the default values within the template. You can also specify for, this action, which. Template, parameters, you want to overwrite, and what, you can see is that I didn't. Just put all data, in but I also was. Able to use, variables. As. You. See, with, the domain join account password. So. One of the benefits of a sure DevOps is that. You. Can link variables. Or variable. Groups to. Your, release, pipeline and in. This case I'm. Predefined. Some. Variable, groups within. My, pipeline library. And. This. Particular, variable group is a, variable. Group that is specified, within, as your DevOps within, that project so, those, are basically local, specified. Variables. And. You. Can also link. Your, secrets. Or those variables. To, an - your key fold and that, basically allows, you to have a centralized. Storage of your. Secrets. Within. Your answer key fold within, a secure environment. And still. Use them as references. Within answered, defaults, without, having to know any of the content, of those variables. And. Once. I. Created. That release pipeline with the tasks I can create, a new release. And. This. Is the exciting part because now I have, a new release created, and I was still going like how cool I have no idea what I'm doing but it looks kind. Of ok. So, I, I set, it to a manual, trigger so, that means that I have to hit. Deploy, manually. Myself, but, you can also create, an, automated, trigger, for. Instance, if you have a different, pipeline, that you want to or, a different, result and, if. We now go back to, hit. That in progress link. Then, you will notice that the agent has, picked up the job that I specified, so that's, the, AR, M template. Deployment. And. Once. Again it is deploying, my, AR M template, and creating. That house pool for wvd. Within. A sure. Double. Checking once again my deployments. Within Escher and once. Again. Same. Results. Luckily. For me the deployment, is underway. And. As. The deployment takes, a couple, of minutes so to speak I fast forwarded, it once again so we're not all staring, just at the screen that. Doesn't say much, and. It. Finalizes. That deployment. Double-checking. In Escher once, again. And. Just. A quick PowerShell, script that has those, final. Steps to check the, session, host information, for. W fede. So. I guess, this kind of means that, I can now successfully. Deploy. An. Asscher. Deployment. Or resources, based on an AR M template, through. As your death ops, so. I kind of figured that I, finally. Defeated, my, end boss. And. That. Also. Concludes. This. Presentation. And. I hope that, even with the interruptions.
You Kind, of enjoyed it and. Learn. Some new cool tricks. Thank. You Esther. Or. This great session, you're. Very welcome and I I apologize. For the technical difficulties. How, it happens no worries it, happens and we survived so no problems okay. Are. There any questions Luke, let. Me look. We. Won. But it was already, entered, I guess we. Had the question would it even, be better, to store the principle, idea secrets. Inertia. Evils, yes. Definitely. Better yep, because. As, you could see in the PowerShell script I simply. Stored them in a comma-separated file. So I wouldn't recommend that from, a security perspective. Great. Radiance. I'm, happy with that. Yeah. I'm learning small, steps but I am learning yes. Yes. So that, basically is indeed, one of the benefits, of using Azure automation. Or even, DevOps. Because. That allows you to. Use. Those secure, faults, for. Any, sensitive. Data that, you might need, within your scripts yeah. Okay. Great. So. Thank, you all for having me and. And, sticking, with me. And. Then I'm. Ready to just, relax, now hang. Hang loose and enjoy. The, next presentation okay. Great thank you very much very much of your evening okay. Cool bye all, right. So. We are having a short break right now we, will be back in about five, minutes. Why. So. Hi everyone we're back back. With the next, session. We. Have Mohamed wali he is going to do a session, about Asia. Arc he's going to introduce it my. Moment how, are you doing, I shall, come don't great how. Are you doing I'm. Good, as well thank you that's, good to hear as, your arc are. You already using this in production environments of, course I'm definitely. Not head still preview, on some of its features still private preview but. It also has lots of potentiality. Yeah. It's one of my favorite features and measure right away right now so yeah, I'm. Very very. Curious, about your session about this so, Mohammed we know each other for quite some time now we've. Reviewed, each other's books are, you planning on another book right, now working, on another book or something else most. Was the time being okay, okay, just working yeah, yeah. Working, staying alive which is yeah, what I have to do nowadays. Yeah. Okay. So good, luck with your, session. Yeah. Thank you thank you for hosting me this, evening. You. Is, up to the cloud and supplied it up there or even, helping them to better on cloud native applications, and stretch some of these applications across different cloud platforms, which. Are actually a double ace and agile I, also.
Do Public speaking mainly, about Microsoft, Azure and I have authored, and co-authored around, around, five books about Microsoft, Azure so far so. I'm here today to talk about a shark which is actually one of the. Least and coolest offerings, from Microsoft, that was announced, at. Ignite 2019, and. This. Is our agenda for today so first. Of all I'm going to talk about the multi cloud era. Some. Statistics, about multi cloud and. The. Difference, between, multiple. Terminology, a hybrid cloud terminology. Afterwards. I'll be introducing a chart and. Then I'll be talking about the different offerings as you are and. Finally you will go together throw a quick the more about how to use edge of art. So. When we talk about multi, cloud it's definitely, not something super, double new in, fact it's something that we have been working with for a while so. Since the very early days of public cloud nobody. Moved to public cloud right away, in. Fact we use public, cloud side-by-side, ways our. Own private, cloud and this, actually is called a hybrid cloud model and hybrid, cloud is one of the forms of multi cloud and. Due. To the challenges, the, multi claw or the multi cloud or hybrid cloud model broad like. In terms of management and so on as I will discuss later, that. Actually. Made Microsoft, to think about, building. Some services determined, to be hybrid. Services. Like Azure, Active Directory as. A security center, as. Your cert recovery so on and so forth all, of these served all of these services women, were. Built from the ground up to be hybrid, and, these. Are actually some static, seed statistics. About multi cloud so according. To Gartner 81 percent of public cloud users choose two or more cloud. Providers, or platforms, and according. To RDC research. 81. Percent use multi. Public clouds and one. Or more private, or dedicated clouds and according. To right scale. 84%, of enterprises, have a multi card strategy already I know. Not everybody in the IT field has been engaged, or involved in, these questionnaires, or reports but. At least it gives us the claims about how people are looking to Monte cloud and. Since. Multi-cloud, terminology. A hybrid cloud technology, can be a little bit confusing. I'm. Gonna make this comparison so, to streamline, it multi, cloud is a composition of at least one public cloud platform, and one, or more private, or public cloud on. The other side hybrid cloud is a composition of private and public cloud only so. Multi. Cloud can be a composition of AWS, and Azure but. It also can be a composition of agile. And Azure stack on. The other side hybrid cloud has to be only a composition, of public. And private which would be either an azure stack or whatever the public cloud platform, and the private cloud you're using. So. From now on within, this comparison, I would be referring to multi cloud as a composition of public, clouds only and the, hybrid cloud as a composition, of private. And public so. When it comes to multi-cloud, it would help you to avoid vendor lock-in within, a single cloud provider and also. It comes with multiple identity, providers, so think about as. An ADA place each, public, cloud solution, has its own identity visor, that can, be an advantage but it can also be a drawback it can be an advantage because, you are not dependent only on one identity provider in this case so, if Azure ad had some outage you still can access your services in either place but. It can be a drawback, when it when we look at. The. Fact that we have to manage both identity providers, so. That's quite harsh. And it. Can be tackled by actually federating, these identities, on the one umbrella, so.
Thinking About as your Google and, a device you can actually feed read all of them under as your ID and use. As your ID as your single source of truth for identity management however. In case you faced any outages, with Azure ad you. Still can look into the other public cloud platforms, with their identity providers. However. On the other side was hybrid cloud it's quite popular that, they, tend to use only, a single identity provider. Also. Sometimes, it is required to. Services, across multiple clouds to satisfy continued continuity. Plan and minty. Resiliency, and. For that we can remember. One of the major outages, that happen for either place the a double storage outage in 2017, which. Actually had led to many, outages for, many. Of the well established organizations, and enterprises, and since. Storage is a core service it didn't only led to an, outage, in a storage service, itself but, also for other services as, far as I remember the healthy check page was, not even. Up. And running so. That actually, made people to think about using another. Different. Cloud platforms, if not full operating part of their service is there at least to use it as a dr site. Also. For data security is quite clear that as. A shared responsibility, between you, and the cloud provider so. When we are talking about agile version machines for example Microsoft. Which is responsible for securing, the underlying infrastructure, but. You're responsible for securing. The virtual machine itself regarding, patching the operating system and applying the security best practices to make sure this. Virtual machine is only reachable by the right resources. On. The other side hybrid, cloud has. More responsibility, since. You have more control you have a shared responsibility in, the public part but, you have full responsibility for the private cloud part. And. Also for governance and compliance purposes, you might find the need to store part of your services in specific region which, is not covered by all providers. So. Let's. Say you have either place as your own public cloud platform, and you're. Actually operating a part of yourself is there but you need to migrate. Some other services or build a brand new service, but. This service has to be operating, and has. Its data stored in a specific region let's, say the Netherlands, in this. Case a SS wouldn't be able to provide you some. Some. Sort of a region where you can operate your service in because it doesn't has a region. There in, this case you might find the need to look for another, public cloud platform, if you really have to store these services and in. A public cloud platform. In. Fact I'm not here today to evangelize, from multi-cloud, because, it can be tricky and in fact, is a trap if it's not probably, architected. And, if. You don't find the real need for rent but. Since, it's. Getting more and more. Reasons. To impair, to embrace. It. Also comes with challenges that's, not only for multi-cloud but also for hybrid cloud so. When, it comes to governance. Imagine, you have many servers mini, servers operating. At your, on-premises, environment, and in, AWS, and agile, you. Actually cannot. Probably, manage, the governance policies for all of these servers everywhere, from, a centralized, place which make it quite hard for you because.
When It comes to compliance you cannot see. From a central place also which. Server is compliant, with your standards. And which servers node and. That. Would make it quite hard to maintain security and compliance see and looking. At the invert environments. Nowadays if the environment has the diversity. Of infrastructure, so you. Can see within a single environment there are people. Using different, virtualization, platforms, like VMware hybrid, easy Atrix and four, databases are, using. Secure. Servers my sequel, MongoDB. Bas. De Grasse and even, for public cloud platforms, are using a SS and adder and so on so. That's quite hard to manage especially. With all of these infrastructures. That are spread everywhere and, that's. Mainly because. Because. Of the lack of a unified experience from, which I can manage my. Entire, hybrid, of mud cloud and, that's. Why I actually max of the invented as a Ark actual. Ark is meant to bring other services and, its. Management layer to your infrastructure, in, a nutshell as Ark is a set of technologies, that, extends, as a management as. A management layer and enables, these. As resources, to be run. On different. Environments. Like, your. Services which are operating on the edge and. Different cloud platforms, and in your private cloud and. This. Is a hybrid, infographic. That Microsoft, has for each part so. Microsoft. Is looking to, have a solution like a, jog that can manage services. Which are operating on the edge and also on princes on from different cloud platforms, from, a centralized, place as. Your Ark is not there yet but it has lots of potentiality, especially. With the current offerings that can make put, it in that place at some point of time hopefully, soon. So. What actually at our coffers. Ark. Offers three, major of friends or at least that's what it offers for the time being so, it, actually helps you to organize and govern, your servers across different environments, and also. It helps you to manage your company's, clusters, and different environments and it. Helps you to extend, agile. Data services like as your sequel database. Manage instances and, Postgres. Harbour scale to be operating in environments. Beyond, agile, so. Let's, check, every uptrend. And see what actually offers, so. For agile our four servers for. Since since day one it is in, public preview and, it. Helped you to have an inventory where. You can have all of your servers which. Are operating, in different environments. The. Nice thing about actual. Ark as I mentioned earlier it helps you to extend the layer of arm. So. You can make use of some, of other services like Azure policy so you can apply your, governance. On. All of these servers which are operating in different environment, from a centralized, place and as. A result it can view which, servers, are compliant, of which are not and if, some of these are not compliant you can even create remediation, tasks to force them to be compliant with your state and, this. One is really interesting and, nice for many service providers since, they can implement, governance. For their customers environment. Easily. Than ever. So. As. Our communities. Unlike, as art for service it is still in private preview and not, a lot of updates send signaled but. Like. A, lock, for servers it provides. You with a unified view and an inventory in, which, you can see all of your cabinets, clusters, which are operating, everywhere and.
The. Nice thing about it it uses, the get-ups based model and the. Get what, what the gated the get-ups based model is all about is having. A centralized, place like. Gate. From which, you can have your own repo where, you have your. Complication, as course equipment needs clusters, and application, code itself and, enforce. All of these kubernetes, clusters, which are running from, different environments, via, agile policy to, use this. Repo. As a centralized, place, from. Which he can pull their own configuration, and application, code so. The moment you publish something new to the. Configuration of the kunais cluster or the, application, code it, would be pulled by or cabinets clusters. So. It's quite handy uh noise and. That's. Why at. That moment I can imagine that you, can do everything the fact that you can. Manage the servers you can manage. The companies clusters, you, can actually run some databases. Also nowadays on a. Spot, some kubernetes clusters, so. That's why you. Can also extend a little data services, and make, make, them run on kubernetes, cluster also. And. The. Consul's is which are supported, in the private preview is a sequel database manage instances and most. Aggressive scale, so. You can have your, database. Extended, to be run in different environments and actually, you don't have to worry about, the. Licensing, for example because when we talk about. Sequel. Servers you have to think about, licenses. And so on but in this case you don't, because. It's all cloud billing and also when it comes to update. For. Your, data. Services you also don't have to worry about it it's fully managed for you by Microsoft, and. Also. Applying. Some of the security practices, that you used to apply for your dead surface an agile you can extend them to your. Dead services which are running on different kubernetes. Environments. So. Unfortunately. Our chart for server as your output for this, services and as regard for kubernetes is still in private preview so what we can demo for today and get more information about is our four servers and. It. Is currently supported in these, regions, and you might, wonder why would I need actually region if I'm managing, servers which are not hosted in Azure at all, in. Fact, our mantra stores a metadata about the, address. Services you are going to use so imagine using Azure policy, or tag so on and so forth all, of these stuff would be stored in the region that you specify here and in. Case this region face any sort of outage, your, server definitely will not be impacted it will be operating normally, however the, services that you are applying. From. Agile would be impacted, that's, why it's also recommend, to make use of another region, so, you can have some sort of highly available solution, and it's totally recommended, to, choose the, two nearest regions, for your servers. These. Are operating, systems supported for the time being so for Windows Server at. Least it has to be 2012, r2 and it's also runs and operates in Windows server core and upon.
Appointed. Supports upon 1604, and 1804. St.. OS Linux 7 SUSE, Linux Enterprise Server 15. Red, Hat Enterprise Linux 7, and Amazon, Linux 7, if. You working with AWS, Amazon Linux 7 is called. Amazon. A my version 2 and that's what you can find in the image gallery. So. Let's have a quick demo to play around with a chart and see. How. We can work with it so. I'm, gonna actually navigate to Azure portal, and. Start. To, search for art. And. As. You can see I have the three different offerings, for managing servers for managing companies clusters, and running data services, so. Ago for many servers and. Then. You can start to click on add and certain body servers, but. Before importing the server I need. To tell you about the different ways of important, servers there are actually different ways you, can import it from here, by, going through the plate and generating. A script and run that script on the server but, you can also do it with a. Windows admin center or. A. System. Center Configuration Manager, or System Center Operations Manager so. Let's try to involve an on-premises, Windows server with Windows admin center first and see. How it works for it, so. First you need to navigate to Windows admin center make sure you connect to the server on which you would like to umbers the agent to navigate. To add your hybrid services and click, discover other services. Then. You need to scroll down to, look for leverage, as your policies and solutions to manage your servers with Azure Ark and click on setup. Then. You can click on get started if it is this is your first, time to do it you would be actually asked to log, into your. Other subscription, and you, will also be prompted to create an. Service. Principal name that one's admin center will use to import the agent and that. Surface principal, name which should have the right permissions to import and education. Since. I'm already logged in and I have already gone through this process I have to select the subscription, and the. Resource group and the region and. Then. If I have a proxy server in my environment I can specify the, project server configuration, here and if. You have a protist server that actually requires, user authentication, unfortunately. It's not supported for the time being so. You. It's. A, quite a limitation, and the current preview version hopefully, when. It's generally, available, it. Will be supported, then. We can click on setup next, one would take like, around, couple of minutes to impose agent. Which. Should, top them. Time. The trial to, a. Linux, machine which is running an, Oedipus. Brings. A way. Of generating. The script from here. Which. Will actually, open. Up to, play it from take them as. To link the message I would like to immerse the Asian with I, don't. Know might, take, some time. And. Here, we go. It's. Quite slow though and. Finally. It pops up as you, can see there are a couple of options well, to generate leads other one is to admissions at scale the, major difference between these options is a. Domestic. Ale. Service. Principal, name. Was, permissions. To, be, able to involve, our. Pitched. People. For. Minimum, it. Was. An account enough. Permissions, to for the agent. I'm. Gonna click on respect. And. I. Will. Turn. Which. Would. For. Heating. System I can. And. Inspects. You. Have to. See. Environment. Then. We need to click on tags. Can. Actually. To. That agent, to know this, machine that will be important or a. Vision. Generally. You'll. Be a. Couple, of resource. Providers. And. This. Config, this. Is, unload. It and run it on. The, server IP or. Connected. The Linux server. Page. Also here. Anyway. Here we are I can. Connect to connect, to my. Linux server in either, place and then. I can actually. Let's. Go through it again to have the script.
Location. In. A place online. With. You and generate. There. Is something, wrong with most. Probably due to the internet connection. Let's. Try it again. And. Here we go. So. Let's go step by step to see actually how the installation works. And. Starting. With. Downloading. The installation, package. So. This actually will download a bash script that. Will be used to, install. The hybrid agent and next. Is to run that. Bash. Script and. I. Would be required to. Approve. A couple of steps. Which is downloading, the agent itself and. Approving. The installation. Once. It is installed it's, actually ready. To connect, using this command which is. Using. The agent that we have downloaded it's called a CCM, agent. And. As. You can see it tells me to sign in I have to use a web browser and. Open this URLs, and I have to, pass this, code to and that's, what I'm actually going to do. Next. And. I. Have to sign in and apparently. My account has the right permissions to import it so, it, should be actually. Let's. Knock. Again. And as. You can see the, wind is one which we, have installed on princes has been imported and the other one would take like one. Or two minutes to be imported also here, so. If we clicked on this one we can view more. Information about, it the computer names the status the agent, the. Operating systems, operating, system versions agent version so on and so forth and as. You can see we can use activity. Logs as set role based access control set. Tags or net even. Set logs and we. Can even extend it to setting policies. So. As you can see there are some default policies already on the, resource group level and it is compliant with it and I can actually create either a custom, policy or assign, one. Of the. Templates and choose. One of the definitions, in here. Let's. Say as our should, but this is not an. Agile, version machine. We. Can select. One. That would. So. Okay. There was some some. Definition that actually monitors if it is compliant with a specific. Region. For timing zone or not. Yeah. Here it is. And. I can select this one. Specify, the name if I would like to change it at the description, should, I disable, this policy or enforce it and.
If. There, is no parameters to be passed if I would like to create a remediation, tasks, I have, to create a manager identify it then I can review and, click on create and this. Policy will be created, and assigned to the scope that we have specified it's. Not started yet but once it starts evaluation. It, would check, if this server. Is compliant, with the policy or not if. Not it, depends if we have a remediation task for it or not as you. Can see also here there. Is a logs part. For. Which we can query also logs that are on. That's over and, unfortunately. It didn't find any logs and that's mainly because as Jacque Asian, doesn't install, as a monitoring agent for you so. You have to install as a monitoring, agent, in. Order to have the box pushed here then, you can run queries on it right away, so. As far as you can see it's almost treating. These servers, as education, machines not, exactly as virtual machine as your virtual machines but almost. So how actually the, agent is communicating, with, with. These server. These, servers. These. Agents on arc as, you can see also the Linux one has been aborted, but. The agent is actually certain, a heartbeat. Message every five minutes and. If a. Three consecutive heartbeat, messages, without responding, then the. Status would be change it to offline. If. You have some sort of outbound. Restrictions. For your traffic please. Make sure to check our. Documentation, so. You can know which URLs, you have to whitelist, in order to unlock the communication, between Azure. Park and. The. Server itself. Also. Its total, recommended, to make sure that you are enabling TLS, 1.2 in, your environment and I. Can imagine that as of once ever 2012 r2 it has been already enabled by default. But. There. Can be some sort of group policy that enforces, it to, use lower version, for. The time being lower versions of TLS are supported, but it's, not recommended. So. As you can see we have a couple of agents here, we. Can do mini. Stuff as we used to do with virtual machines so, back, again to our presentations. And. If. You would like to get more information more, updates about a job are. There. Gonna be an Android version, event, about, Hydra. Hybrid generally and next. Month please check, it out via this link I'm. Expecting, more announcements, about agile data services and agile art for servers according to their agenda so. Hopefully we can hear some. New updates, since. It, has been already there for around six or seven months and northa, lots for dates, since since then so. I have the decision. Before a couple of times and have I have received like crueler questions, like does, look in an art machine and other art look, it in its original location. Well, it doesn't after all the other machine is hosted in another environment and, there. Can be some, some. Sort of other governance, policies still apply. In. Fact when it comes to a different public cloud platform, I see, that this feature can be done with Azure are but, unfortunately, it's not supported for the time being that's why I created a feature request for it.
Can, I run commands against, our machines, like attributes, unfortunately. You cannot not, yield and, connect. Provision v ends on other cloud providers with. Are also. Known as decision. Don yes. Please. Let me know if you have any other questions. Well. Thank you very much I will have a look at we. Have any. Questions. From there. No. I don't, think so. So. In the beginning you told. Already you are not, using as your art in production, yet. Its. Production ready oh no so it's it's it's simple. Still. Yeah, yeah yeah, and. In fact some of its offerings, like as art for kubernetes and as our pradesh services is still in private preview even. So. Only agile art for servers is in public preview it's, nice to play with. It's. A tool and it's a service was lots of potentialities, that I can totally encourage people to start testing. It in their environments, so, they, would see how they can make use of it and. How it would fit their, scenario, hopefully. In the coming few, weeks we, can need more updates about it because, it's a really nice service. Okay. Thank you. She's. Shocky, speaking, that's probably she still um you know, nobody. Gay, no. I wasn't speaking oh. Well. Thank, you very much for your session. Yeah. Thank you for hosting me this evening. Yes. Thank you very much. Really. Enjoyed it. Yeah. Okay. Cool. Thanks well, then this was the last session for this evening um. Hopefully. Yeah we all see you, well. In short, notice and, real but. I, think, the next month we still will, do a fatal, event but. And, check. Our meetup page we'll keep you posted there, and. Till. Next time thanks. You. Next time bye-bye. Oh.
2020-05-16 11:53