-
Notifications
You must be signed in to change notification settings - Fork 1
Expand file tree
/
Copy pathAzure Administrator Notes.txt
More file actions
476 lines (318 loc) · 11.2 KB
/
Azure Administrator Notes.txt
File metadata and controls
476 lines (318 loc) · 11.2 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
ACG - Microsoft Azure Administrator
Manage Azure Subscriptions
--------------------------------------
Azure Enterprise --> http://ea.azure.com
Departments
Accounts --> http://account.azure.com
Subscriptions (Management Groups) --> http://portal.azure.com
Resource Groups
Resources
LA Engineering (Enterprise)
Finance (Department)
Finance Dev/Test (Account)
Subscription 1
Finance Stage (Account)
Subscription 2
Subscription 3
The department level can be set up to be: functional (Finance, IT), business division (Auto, Aerospace), geographic (North America, Europe)
Know how to set Billing Alerts: Subscriptions > Manage > Enable Billing Alert Feature > Click Subscription > Create Alert
Know how to assign polices at the subscription level and monitor compliance
Analyze Resource Utilization and Consumption
---------------------------------------------
Managing Resource Groups
------------------------
Can set RBACS
Can set locks on resources (delete or read only - most restrictive)
Can set up polices
Can set up tagging
Can set up automated deployments
[Azure Policies]
Used to enforce Azure governance
Leverage built-in policies or create your own
Policies are assigned at the subscriptions or resource group level
Storage Accounts
-----------------------
Blobs
GPv1
GPv2 (best choice and will be the baseline going forward)
Blob Account
Hot,Cold, Archive
Download azcopy, azure storage explorer and play
Shared Access Signature (SAS) - query string that is added to the end of the URL of a storage resource; the string defines the access
Service SAS Token - grants access to a specific service in a storage account
Account SAS Token - granted at the account level to grant permissions to services within the account
Import/Export
---------------
Azure FileSync
--------------------
Create storage account
Create file share
Create azure file sync service in resource group
Register vm by using install script
Create server endpoint in azure file sync by selecting server I registered
Choose location on server to sync data
Azure Backup - WATCH AGAIN
------------------
High Availability
Disaster Recovery
Backup
Unlimited DataTransfer - not charged for data in or out
Locally Redundant Storage (LRS) - replicates 3 copies within the local datacenter
Geo Redundant Storage (GRS) - moves copies of data to a secondary datacenter hundreds of miles away out of region
MARS - Microsoft Azure Recovery Services Agent
Azure Backup Agent (MARS) - file level recovery
System Center DPM - can be used on prem with Azure Backup
Azure Backup Server - VM or on premise backups
Azure Iaas VM Backup -
Snapshot Recovery - blob snapshots taken of VM page blob; vms get created from snapshot; application consistent if VM was shutdown
1. Create Recovery Vault Resource
2. Define Backup Goal (where and what you want to back up)
3. Choose backup policy
4. Select VMs to back up
5. Go to VM details and select Operations -> Backup to check status
Virtual Machines
--------------------
[Series]
A - Basic = testing and development
A - Standard = general purpose
B - Burstable = burst to full capacity of CPU when needed
D - General Purpose = for enterprise applications
E - Memory Optimized = high memory-to-CPU ratio
F - CPU Optimized = high CPU core-to-memory ratio
G - Godzilla = large databases + bigdata
H - High Performance Compute =
L - Storage Optimized = high I/O
M - Large Memory = large scale memory option; up to 3.5TB of RAM
N - GPU enabled = GPU enabled
SAP Hanna = specialized for SAP
[Specialization]
M - Larger Memory
R - Supports Remote Directory
S - Premium Storage
Example = DS (General Purpose + Premium Storage)
[Windows Server Support]
Pre-Windows 2008 R2 - supported for deployment but must bring your own image; no marketplace support;
2008 R2 - supported; see matrix for server roles
2012 - supported; datacenter
2016 - suppored; datacenter and nano
Desktop - 10 Pro and Enterprise in Marketplace
Other Servers in the Microsoft Ecosystem (e.g. exchange, biztalk, forefront identity manager)
[Linux]
CentOS
CoreOS
Debian
Oracle Linux
Red Hat
SUSE/openSUSE
[Availability Options]
Availability sets - same datacenter, but separate racks and power
Availability zone - same region, but separate datacenters
**Autoshutdown is native to Azure
**Can download automated version of your deployment for future use
Create VM Image
---------------
1. Run C:/windows/system32/Sysprep/sysprep.exe
2. OOBE + Generalize (will shutdown machine when completed)
3. Select VM
4. Click "Capture"
Automate VM Deployments
-----------------------
Cattle vs Pets
Powershell DSC | VM Extensive | Scripts
Enterprise Approach: Puppet + Chef
Getting Started: Powershell DSC
Powershell DSC (Desired State Configuration)
Configurations
Resources
Logical Configuration Manager
Configuration SkylinesWebSite <-- Name of config
{
Node 'localhost' <--- Resource to apply to
{
#Install IIS - Enabled via Windows Feature <--- What I am configuring
WindowsFeature IIS
{
Ensure = "Present"
Name= "Web-Server"
}
#Install ASP.NET 4.5
WindowsFeature ASP
{
Ensure = "Present"
Name= "Web-Asp-Net45"
}
}
}
Save file
Prepare for consumption by Azure
PS > Publish-AzureRmCMDsConfiguration -ConfigurationPath <location of file> -OutputArchivePath <file>.zip
Choose a VM from the Virtual Machine Menu
Go to Extensions and "Add"
Choose Powershell DSC
Select zip file from command
[Custom Script Extension]
- execute VM tasks without logging into the VM (no credentials or IPs needed to connect)
- automate using Powershell
- must be enabled on per VM basis
- slow
[PowerShell VM Commands]
New-AzureRmResourceGroup -Name lowsandbox -Location EastUS
New-AzureRmVM
Manage VM Storage and Networking
-------------------------------
Standard Storage (S)
- HDD
- Cost savings
- Max throughput 60MB/S per disk
- Max IOPS 500 IOPS per disk
Premium Storage (P)
- SSD
- High perf
- Max throughput 250 MB/s
- Max IOPS 7500
Unmanaged Disks Vs Managed Disks
Locally Redundant Storage (LRS) - replicates 3 copies within the same local datacenter
Zone Replicated Storage (ZRS) - same as above plus replication between one or two datacenters
Geo Redundant Storage (GRS) - moves copies of data to a secondary datacenter hundreds of miles away out of region
Disk Caching (Instance Storage)
- improves performance
- uses local RAM and SSD drives of the host
- available on standard and premium
OS disk -> default: read/write -> read-only or read-write
Data disk -> default: none -> none, read-only or read-write
*Must be enabled through Powershell
Must specifically define Private IPs as "static" at the NIC level
Can customize DNS Servers per VM at even after it has been launched
VM Availability
----------------
Potential VM Impacts
- planned maintenance (Azure hardware)
- unplanned hardware maintenance
- unexpected downtown
Availability Sets
- group (2) or more VMs in a set
- separate fault and update domains
Fault Domain 0 | Fault Domain 1 | Fault Domain 2
Update Domain 0 | Update Domain 1 | Update Domain 2
Availability Sets or Availability Zones (can't have both - preference is Zone)
VM Scale Sets
-------------
- used for "horizontal" scaling to meet demand or based on metrics
- define instance count, size
- determine auto-scale or not (minimum maximum)
Search "Scale sets" in the search bar
Create virtual scale set
Azure Networking
-----------------
Azure reserves first (5) IPs from the VNET
- first three IPs
- last IP
First useable address in a /24 is .4
Static addresses are just DHCP Reservations
[Private DNS Zone]
Create Private DNS Zone
Add virtual link to associate the zone with a network
Select "Enable auto registration"
Test pinging from 2 different VMs using their private host names
[Public DNS Zone]
Connectivity Between Virtual Networks
-------------------------------------
[Hybrid Options]
Site-to-Site (S2S) - IPSec VPN option
ExpressRoute - direct connect construct; private/public VIF concept
Point-to-Site (P2S) - end client to VPN Gateway connectivity; 100 mbps throughput limit
SKUs
Basic | 10 Tunnels | 128 P2S Connections | 100 Mbps
VpnGw1 | 30 | 128 | 650 Mbps
VpnGw2 | 30 | 128 | 1 Gbps
VpnGw3 | 30 | 128 | 1.25 Gbps
Unlimited (Higher Fee) Vs Metered (Lower Fee)
[Routing and Peering]
System Routes
LocalVNet
On-Premises
Internet
User Defined Routes
VNet Peering
Internet Access
---------------
- All resources in a VNet can communicate to internet by default (there is no public/private subnet construct)
- Private IP is source NAT to a public IP selected by Azure
- Outbound connectivity can be shaped/filtered
Network Security Groups (NSG)
----------------------------
- network filter to allow or restrict traffic to resources
- associated with a subnet or NIC
- subnet rules apply to ALL resources in the subnet
- evaluated by priority (100-4096)
Load Balancing Services
-----------------------
Basic
- Layer 4
- up to 100 instances in the pool
- service monitoring (probes)
- automatic reconfiguration
- hash based distribution (5-tuple_
- internal and public facing
- open by default
- scoped to an availability set
Standard
- Layer 4
- up to 1000 instance sin the pool
- scoped to any virtual machine in a VNET
- HTTPS
- AZ support
- secured by default
Application Gateway
- Layer 7
- cookie-based session affinity
- SSL offload
- End-to-End SSL
- Web application firewall**
- URL-based content routing
- requires its own subnet
Traffic Manager
Do these labs:
Create A Subscription Policy
1. Go to Subscriptions > Click your subscription > Policies (Left Menu)
2. Assign Policy
3. Choose a built-in or custom policy
Set up a Billing Alert
1. Go to Subscriptions > Click Subscription > Manage (Top left)
2. Go to Preview Features > Billing Service Alert > Try it now (to activate feature)
3. Go to Subscriptions > Click your subscription > Alerts
4. Create your alert
View Virtual Machine Metrics
1. Click Monitor under favorites or Select a VM and scroll down to Monitoring Section
2. Click Explore Metrics
3. Select a Subscription, Resource Group, and Resource Type, Resource and metric to pull
4. Choose how to display the chart (line or bar) and to pin to dashboard
Enable Diagnostic Logs
1. Select a VM and scroll down to Monitoring Section
2. Click Diagnostic Settings
3. Select a storage account to send logs to > Click Enable Diagnostics
Create An Alert
1. Click or search for "Monitor" Service
2. Click Create Alert
3. Choose Resource, Condition, and Action Group
4. Action Groups live in Resource Groups and can have many actions (email, SMS, ServiceNow, Automation Runbook, etc)
Set Up A Log Analytics Workspace
1. Search for "Log Analytics"
2. Choose name and region for workspace and create
3. Click "Data Sources"
4. Connect my workspace to a virtual machine and Azure Activity Logs
5. Click on "Advanced Settings"
6. Define was it is I want to capture and save
7. Click "Logs" to begin querying data
Assign Azure Policy To Resource Group
1. Go to Resource Groups > Policies
2. Click Assignments > Assign Policy
-----Pick up on Chapter 5-----
Backup using MARS
Backup using Azure Backup
Perform File Recovery From A Virtual Machine
Perform A Full VM Recovery
Create A Storgae Account
Create File Share
Create File Share Sync
..