Aug. 29, 2024
What are we doing?
With this post I am going to show you how you can easily do Azure API calls and “skip” a lot of the difficult items. I have been on something interesting tools to help my customers, when I can talk more about it, I will. As part of this tooling exercise, the Azure REST API is used extensively. With “normal” applications like APIDog, ThunderClient and the like, you often need to get a token and then add this to the header as an auth object and this involves configuration on EntraID and the like. This is not necessarily the best approach for what I was looking for. I was looking for a quick testing framework for Azure REST API calls and then look at the output to be further extracted / manipulated with JQ.
Nov. 21, 2023
What are we doing?
As I spend more time with my customers and my teams within my organization, I am learning that there a lot of aspects of Azure VMware Solution that we take for granted and simply skim over as we assume (badly) that everyone knows exactly how to “the basics”. With this series of “How Do I” posts, I am going to try and address some of the more common questions that I get asked and hopefully provide some useful information to help you on your Azure VMware Solution journey. I will endeavour to copy as many topics as I can and I am always open to ideas and suggestions. You can reach out to me on Twitter or post a suggestion for the log on GitHub - please remember these are designed to be short and sweet and not full blown tutorials.
Oct. 26, 2023
What are we doing?
Providing people with a list of useful links and blog posts to help you get grounded in Azure VMware Solution. Some of the links are very high-level and others are very detailed. Each link or blog post will address different items at different depths so you can hopefully find the exact link or information that you are looking for to make your journey in Azure VMware Solution a little easier.
Oct. 11, 2023
What are we doing?
I am working more and more with the Azure REST APIs now. My previous post using API with Powershell got me thinking about opening the idea to go beyond PowerShell. I am very open with people around my lack of skill with Azure CLI, I do however want to learn some new things.
We also have this great technology called GitHub Copilot and ChatGPT, so I figured let me dig into “AI” as I am a techy at heart and let me improve my skills with Azure CLI.
Aug. 17, 2023
What are we doing?
I am working more and more with the Azure REST APIs now. My first dive into cost management was a big hit, so I am expanding on that. The main consideration around that particular API is that is it open. By this, I mean a simple HTTP request will return results, no authentication or additional headers or the like are needed. So nice and easy. As we dive more into API and REST API’s, this is likely to change. This post, with more planned, is designed to make this easier and break it down into smaller chunks. THese chunks/snippets can be re-used and the principles in the chunks/snippets can be applied to other API’s. These in particular are aimed at Azure API’s.
Aug. 3, 2023
What are we doing?
I was given inspiration by a colleague, Ben Hummerstone who used a Azure Python Function, whilst super cool and interesting, I am a PowerShell advocate through and through. So I used PowerShell and wrote a script to show some of the use cases. This is just the tip of the iceberg and the script has been built to show some of the options available.
Constraints / limitations
- The primary focus of this script is IaaS.
- Could be better implemented as a function. If there is enough of an ask, I might build this into a function.
- Built for my sample use cases.
- This is a quick and dirty implementation.
- This is NOT PRODUCTION ready yet.
Lets build this
Steps
You will need the following
May. 19, 2023
What are we doing?
Showing a newer version of the New-LDAPSIDentitySource Run-Command within Azure VMware Solution
Lets build this
If you have been following along and you have used our previous article(s) - AZURE VMWARE SOLUTION: A COMPREHENSIVE GUIDE TO LDAPS IDENTITY INTEGRATION - PART 1 - you would have realized that this quite a process. We took our many customers feedback to our Product Group (PG) within Microsoft and we have worked with them, to create a new version of the “Run-Command” and this has been released publicly.
Jan. 25, 2023
Author(s): Robin Heringa and Fletcher Kelly
Implementing LDAPS identity integration with Azure VMware Solution series - 1 of 4
This is the first part of the blog series on how to implement LDAPS identity integration with Azure VMware Solution. Other parts of this series can be found here:
- LDAPS integration - part 2 of 4
- LDAPS integration - part 3 of 4
- LDAPS integration - part 4 of 4
Azure VMware Solution (AVS) offers a fully managed software defined data center based on VMware vSphere technologies in the shape of an Azure PaaS service. The PaaS nature of Azure VMware Solution results in a service that is functionally equivalent to your well-known on-premises VMware deployment you may have been using for years with some specific “restrictions” as Microsoft provides a service level agreement and therefor Microsoft is responsible for ensuring a robust and resilient platform in deployment and operation. Azure VMware Solution is functionally equivalent to on-premises VMware but due to the PaaS nature of the service there are significant technical differences to properly consider.
Jan. 25, 2023
Author(s): Robin Heringa and Fletcher Kelly
Implementing LDAPS identity integration with Azure VMware Solution series - 2 of 4
This is the second part of the blog series on how to implement LDAPS identity integration with Azure VMware Solution. Other parts of this series can be found here:
- LDAPS integration - part 1 of 4
- LDAPS integration - part 3 of 4
- LDAPS integration - part 4 of 4
Before we can configure integration with an external identity store (e.g. Active Directory Domain Services) we need to make sure that the AVS platform components have the ability to resolve customer DNS zones hosting the LDAPS domain records. This configuration must be made through the Azure Portal blades for Azure VMware Solution.
Jan. 25, 2023
Author(s): Robin Heringa and Fletcher Kelly
Implementing LDAPS identity integration with Azure VMware Solution series - 3 of 4
This is the third part of the blog series on how to implement LDAPS identity integration with Azure VMware Solution. Other parts of this series can be found here:
- LDAPS integration - part 1 of 4
- LDAPS integration - part 2 of 4
- LDAPS integration - part 4 of 4
Implement LDAPS integration
The following sections will guide you through the required process step-by-step
Jan. 25, 2023
Author(s): Robin Heringa and Fletcher Kelly
Implementing LDAPS identity integration with Azure VMware Solution series - 4 of 4
This is the fourth and final part of the blog series on how to implement LDAPS identity integration with Azure VMware Solution. Other parts of this series can be found here:
- LDAPS integration - part 1 of 4
- LDAPS integration - part 2 of 4
- LDAPS integration - part 3 of 4
These steps, for now, are run manually from the Azure Portal. This will be found “Azure VMware Solution” and under Operations, Run command. Then select “New-LDAPSIdentitySource”. An automated way of executing the run-command is in the making. Please check back soon as this article will be updated as soon as this is available.
Navigate to Azure Portal and ensure you are on AVS Private Cloud blade
Oct. 3, 2022
What are we doing?
We are going to use Azure Resource Graph to find items with a specific tag, in this case {“toBeLocked”=“Yes”} and then place a resource lock on them.
Constraints / limitations
- Use Azure Resource Graph to perform the search. Very fast and gives you a new way to interface with Azure Resources.
- As part of this post, I am giving samples below to create items, you could use these for testing. Please test and make sure with production environment.
- You are using an account that can create locks and potentially remove if needed during the testing.
Lets build this
Steps
- Create sample items
- Build Azure Resource Graph Queries
- Getting items from the query programmatically
- Adding locks
- Result
Create sample items to lock
## create resource group
$rgName = "toberesourcelocked"
$rgLocation = "northeurope"
$rg = new-azresourcegroup -name $rgname -location $rgLocation
## create items
$guid = New-Guid
$saName = "sa"
$saSuffix = $guid.ToString().Split("-")[0]+$guid.ToString().Split("-")[1]
$saName = (($saName.replace("-",""))+$saSuffix)
New-AzStorageAccount -ResourceGroupName $rgName -Name $saName -Location $rgLocation -AccountType Standard_LRS
## create tag(s)
$tags = @{"toBeLocked"="Yes"}
## get items in Resource Group and tag them
$items = Get-AzResource -ResourceGroupName $rgName
foreach ($item in $items)
{
Update-AzTag -ResourceId $item.ResourceId -Tag $tags -Operation Replace
}
## update resource group with tag(s)
Update-AzTag -ResourceId $rg.ResourceId -Tag $tags -Operation Replace
Build Azure Resource Graph Queries
Including Resource Groups
resourcecontainers
| where type == "microsoft.resources/subscriptions/resourcegroups"
| mv-expand bagexpansion=array tags
| where isnotempty(tags)
| where tags[0] =~ 'toBeLocked' and tags[1] =~ 'Yes'
| project name,type,location,subscriptionId,tags
| union (resources
| mv-expand bagexpansion=array tags
| where isnotempty(tags)
| where tags[0] =~ 'toBeLocked' and tags[1] =~ 'Yes'
| project name,type,location,subscriptionId,tags,id)
Excluding Resource Groups
Resources
| mv-expand bagexpansion=array tags
| where isnotempty(tags)
| where tags[0] =~ 'toBeLocked' and tags[1] =~ 'Yes'
Resource Groups Only
ResourceContainers
| where type =~ 'microsoft.resources/subscriptions/resourcegroups'
| where tags['toBeLocked'] =~ 'Yes'
Getting items from the query programmatically
We now have the required queries and you can pick whichever one above suits your needs, I am going to be using Including Resource Groups. Now we need a way to act against these resources. I am personally quite a fan of PowerShell so I will provide this sample. You can use this as a base for my example below. When running the query in PowerShell, I find splatting is easiest for Azure Resource Graph queries
Sep. 27, 2022
What are we doing?
We are going to use Azure Arc to SSH into a Linux (ubuntu 20.04) and a Windows Server (Server 2019) machine and run commands.
Constraints / limitations
- Use only Azure ARC.
- Use only public endpoints (I have not yet tested this with Private Endpoints) and my VPN is not currently connected to Azure.
Considerations
As of the time of this blog post (27-Sep-2022), the Azure Arc SSH functionality is in preview.
Sep. 14, 2022
I have been working with some Microsoft Hybrid technologies. My specific example here is around Azure Arc-enabled VMware vSphere aspects. When running the scripts provided here there is a key aspect.
Do NOT run this in the PowerShell ISE.
Even with this strong recommendation, it is often accidentally used as it is really easy to perform this action with a right click option and this got me to thinking about how can I check this via code?
Jun. 20, 2022
I this post, I use bicep files for the deployment of Linux VMs AND I add some magic with PowerSehll to allow for the creation or using of existing SSH keys with these VMs.
I am a HUGE fan of SSH keys with Linux VMs for obvious reasons. I could just not find a script or scenario that covered this topic in a way that I actually like. I like to show more details and explain.
Apr. 25, 2022
In this post I show you my process for creating SSH Keys for Linux Machines.
I use a fair amount of Linux in my work career (creating VMs and the like within Azure). Linux VMs are great for testing with, they use SSH and are configured and ready for testing VERY quickly in Azure. I also use a fair amount of Linux in personal life, with Home assistant and Plex.
I know many people use username and password with Linux environments and there is nothing wrong with this, I simply think that keys are better :smile: . I believe this for a few reasons.
Mar. 28, 2022
How do I connect my on-premises environment to AVS in a quick and simple way?
There are a few patterns available for connecting Azure VMware Solution to your on-premises network. There is specific guidance for PRODUCTION deployments here here. The option we are talking about here is for a different use case.
Specific use case: A PoC (Proof of Concept) type environment or smaller environments for testing with a plan to grow after the fact.
Mar. 17, 2022
Guest Post
Author: Robin Heringa
What else do I need to know when using Azure VMware Solution (AVS)?
As you all (probably) know by now Azure VMware Solution is a managed service offered by Microsoft providing a managed VMware vSphere environment to customers. With this offering customers no longer need to worry about hardware maintenance, hardware refresh and software maintenance for the core VMware components (ESXi, vCenter and NSX-T).
By default, after initial deployment of Azure VMware Solution, virtual machines do not have the ability to egress to the Internet. One of the options to enable Internet access is to “flip” the “Internet Enabled” toggle in the connectivity pane of the management blades in the Azure Portal:
Mar. 9, 2022
What else do I need to know when using Azure VMware Solution (AVS)?
Networking Edition
I have been working with many customers over the last little while that are looking at Azure VMware Solution (AVS).
Often the idea and use case for the customer is correct. There are a few great reasons to use AVS. If you fit within the use cases, you are in for a real treat.
Deciding whether or not you are a fit is part of the equation, there is more to this scenario. Let’s dive in a bit more.
Dec. 9, 2021
Just some more queries I have developed.
Networking
Don’t create unnecessarily large virtual networks (for example, /16) to ensure that IP address space isn’t wasted.
resources
| where type == "microsoft.network/virtualnetworks"
| extend addressSpace = todynamic(properties.addressSpace)
| extend addressPrefix = todynamic(properties.addressSpace.addressPrefixes)
| mvexpand addressSpace
| mvexpand addressPrefix
| extend addressMask = split(addressPrefix,'/')[1]
| where addressMask <= 16
Smallest recommended size for a GatewaySubnet is /27
When you are planning your gateway subnet size, refer to the documentation for the configuration that you are planning to create. For example, the ExpressRoute/VPN Gateway coexist configuration requires a larger gateway subnet than most other configurations. Additionally, you may want to make sure your gateway subnet contains enough IP addresses to accommodate possible future additional configurations. While you can create a gateway subnet as small as /29, we recommend that you create a gateway subnet of /27 or larger (/27, /26 etc.) if you have the available address space to do so. This will accommodate most configurations. Microsoft Docs
Aug. 25, 2021
Azure Resource Graph Examples
THis is just a quick post. I am slowly working on building a collection of Resource Grpah Queries - they can be found here and will grow over time. It just takes some time to build these.
They will be broken down into a folder structure based upon the Critical Design Areas of Enterprise Scale Landing Zone
Examples
Hope this helps and keep an eye out for more.
Jul. 2, 2021
Some basic “troubleshooting” with Azure Bicep
So, let me start with this. The team and the community behind Azure Bicep are amazing. There are some great examples here. I often use these as a base and the rip apart or add to meet my needs, you do NOT need to start from ground zero. :smile:
When you are deploying bicep templates you command will look something like this.
$bicepFile = ".\main.bicep"
New-AzResourceGroupDeployment -ResourceGroupName <resourceGroupName> -TemplateFile <bicepFilePath> -name <deploymentname>
I love to use repeatable code, so mine has more variables and would look like this.
May. 5, 2021
How to use the Azure CLI to list Azure Locations and their peers
So this will be a “quick post” that shows some great functionality within the Azure CLI with az account list-locations. With this command you can expect some output like below, you actually get a lot of content back.
{
"displayName": "Brazil Southeast",
"id": "/subscriptions/949ef534-07f5-4138-8b79-aae16a71310c/locations/brazilsoutheast",
"metadata": {
"geographyGroup": "South America",
"latitude": "-22.90278",
"longitude": "-43.2075",
"pairedRegion": [
{
"id": "/subscriptions/949ef534-07f5-4138-8b79-aae16a71310c/locations/brazilsouth",
"name": "brazilsouth",
"subscriptionId": null
}
],
"physicalLocation": "Rio",
"regionCategory": "Other",
"regionType": "Physical"
},
"name": "brazilsoutheast",
"regionalDisplayName": "(South America) Brazil Southeast",
"subscriptionId": null
}
If you look at some of the examples, you will also see some “logical” locations, example below, there is a way of adding a query to remove these to display only “physical” locations.
Apr. 14, 2021
Absolute basics with Azure and PostMan
Getting started
Many of the articles I have found online with regards to the Azure REST API assume a fair level of familiarity with Azure which can be a good and bad thing. You see the Azure Portal makes interacting with the Azure REST API very easy as a lot of the “prerequisite” work is done in the portal as part of the process. For this blog post we will work on something quite basic, “Create a Virtual Machine”.
Jan. 18, 2021
I was working with a customer the other day and a fairly simple ask came up, I however could not find an immediate answer within the portal.
How do I check for expiring keys within the Azure KeyVault?
Now being a PowerShell person, I never gave this much thought as for most tasks or actions I perform on the Azure Platform is done through PowerShell, AP, or CLI. So easy enough, however, not everyone knows how to do this in PowerShell. So, I created a simple script.
Jan. 11, 2021
I moved my blog onto HUGO. Not everyone would want to do this necessarily, there is a bit of a learning curve, part of the reason I DID IT :). However there are other platforms you can use and still add more functionality if you want.
You can use Ghost and add an Azure CDN. This is what this blog post will cover.
There are some very clever people out there that have made this very easy for you. From my research you have 2 main options.
Jan. 5, 2021
So, I have spent the last few days / weeks deciding the best way to host a blog. Now I have a decidedly “split personality”. By this I mean I like to segregate my work and personal hobbies. This can be quite beneficial as this allows me to test a few things.
A few key decisions
- Must be version controlled - good practice and forces me to get more familiar with git.
- Must be reliable and redundant, or at least enough to re-deploy if needed - see point 1 :) .
- Must be as cheap as possible to run and be fairly quick.
- Must be a learning experience.
Points 1 and 2 makes git a natural choice. Point 3 makes Azure or GitHub Pages a natural choice. For point 4, With this being my “work persona” I chose Azure Static Web App. I have used GitHub Pages for my “personal persona”.
Aug. 7, 2019
As a start to this blog post, I think it is important to understand how I see my role as a CSA (Cloud Solution Architect) with my customer. I am primarily a trusted advisor and my customers respect what I have to say, I question and challenge my customers in a constructive way to approach the challenge or problem statement in a different way. I have an amazing role of using Azure as my LEGO playpen and then building a custom solution (LEGO model) to help my customers.
Jul. 9, 2019
So a question I often get asked is “what tools or products do you use?”. So I decided to do a post around the tools and technologies that I personally use on a daily basis. So to start this is what people see on my screen on a daily basis.
This is my most common tool, Visual Studio Code, the version shown above is actually the Insiders Build. The primary reason for this tool is that is a “container” for other tools and functionality. The extra functionality is enabled with extensions, my most used extensions are as follows:
Feb. 20, 2019
So, I was with a customer and they are asking for a fairly standard alert.
“Please alert me when an NSG is added or modified”. Seems simply enough, however this is not as simply as you think. So I used my favourite search and found the following, “How to receive an email on Azure Network Security Group Rule changes“, this is great content and after testing, it works exactly as expected. I just found one little concern with this approach; this is simply finding the required ID for the action group. I have now investigated and found some code to make this a little easier.