Tuesday, October 29, 2013

Windows Azure administration: Useful resources

Here are some useful links for Windows Azure administrators

Windows Azure service dashboard: 


This dashboard gives a general overview of the Azure services across the world. You will get a region wise status of various service offerings , say Compute, Storage, Active directory etc. If Microsoft has detected any issues with any of its datacenters you will find it here. The data is refreshed every 10 mins. Also there is an option to view the historic data as well. This would be one of the first places to check if you feel that Azure is not behaving as expected.

Azure powershell cmdlet reference:


If you are an automation enthusiast and would like to automate your Azure management chores, Azure powershell cmdlets opens a world of opportunities. Of  course you need to install them first. Please refer my blogpost here for getting started. The link above provides you the complete powershell cmdlet reference for Azure.

Azure guest OS Releases :


If we use PAAS from Azure, Microsoft will take care of the guest OS update procedure(is if you set the oS system version as automatic) . Guest OS update is similar to the monthly patch update on your on premises computers. What if you suspect that something is broken because of a recent OS update? The above RSS feed provides you a brief of what all went into the  latest OS update of Azure.

Azure SDK compatibility matrix & guest OS families:


This link provides comprehensive details of the Azure SDK versions and the guest OS families in Azure that they are compatible with. Additionally it provides information on the latest OS familly versions, when they will expire etc.

Monday, October 28, 2013

Tip of the Day: Find OS version/servicepack/build number of Windows OS

How do you find which OS version and service pack and build that you have?

Go to start-> run and type 'winver' (without the quotes)

A window will pop up which will show the OS version, service pack and build number

The build number glossary of Windows OS can be found here

vMotion : Introduction

vMotion is the process of moving running virtual machines from one ESXi host to another.The disk files are not migrated(they stay in the shared storage), only the VMs memory and CPU processing moves from one server to another. In fact if you ping the VM while it is moving, you may at the most loose at most one or two ping packets.

vMotion happens in three stages:

-vCenter server verifies that teh VM is in a stable state
-VM state is copied over to the destinatiom. State includes the memory, registers and network connections
-VM is resumed in the destination host

vMotion can happen due to any of the following reasons:

- Balance the load on ESXi hosts using DRS
-When the VMs are being moved off from a host so that the host can be shutdown by DPM(distributed power management)
-You need to intsall patches using update manager or do a hardware maintenance, the VMs are migrated using vMotion and host is put into maintenance mose

vMotion requirements:

-You will need vSphere Essential plus,Standard, Enterprise or Enterprise plus license
-Shared storage between ESXi servers- iSCSI,FC or NFS.*
-VMkernal interface on both ESXi servers with vmotion enabled
- Same network label in source and destination hosts, either standard or distributed switches can be used
-CPU compatibility between hosts , or they need to be of the same processor family if you are planing to use Enhanced vMotion Compatibility(EVC). That means you cannot migrate VMs from a host with intel processor to a host with AMD processor.

*Starting with vSphere 5.1, vMotion without shared storage is possible, provided the destination host have access to the destination storage

Tuesday, October 22, 2013

VMware : Linked Clones

The Linked clones concept is similar to the normal VM cloning process, but with a storage saving twist ;)

When we create a linked clone, a new VM is created from a base VM , at the same state. This clone with use the base VM's hard disk for all read operations, however all writes to the disk ie any change to the data from the original disk is written on  a new disk. This is very similar to the concept of snapshots where the original VMDK is read only and all subsequent writes are done to a delta disk.

The main advantage of using Linked clone is to avoid deduplication of data. You can have n number of VMs created from the base virtual machine, but the base disk remains the same. This will considerably reduce the disk space usage, especially in cases like web server farms with multiple servers

Monday, October 21, 2013

Azure IAAS : Enable RDP to Load balanced VMs in a cloud service

I faced a confusing situation recently, where I had to enable RDP to two VMs in the same cloud service using endpoints included in a load balanced set.

A load balanced set was created for the RDP port 3389 and both VMs were included in the set. However, if we select the invidual VMs from the management portal-> click connect, you will get the following error message

"An external endpoint to the Remote Desktop port(3389) must first be added to the role"

That was pretty confusing, since the port is already defined in the load balanced set  !! .

After playing around for a bit, I found out that I was doing it all wrong !!.. The load balancer set works from a cloud service perspective. So the RDP load balanced set along with the other load balanced ports are defined for the cloud service. That means I can actually RDP  by providing the cloud service name, and it will land me on one of the VMs in the cloud service. From the VM, you can rdp to any other VM in the cloud service by simply providing the VM name, not even the cloudapp.net suffix is required!! So that is how you RDP to your VMs in a cloud service, though there is a chance of multiple hops if  you have multiple VMs.

But, is this the only option? What if you dont want to 'multi hop ' to the VMs.  Of course, there is a straight forward way of adding RDP endpoints individually to the VMs rather than creating a load balanced set. However the catch here is that you need to use multiple public ports. If you wish to use default port '3389', you can very well do so..but only for one VM in a cloud service. Azure wouldnt allow you to use the same public port twice within VMs in the same cloud service. Hence you will have to go for a different/random port. Problem comes when you  try an RDP to these random ports from within a firewalled network. You would need this port to be opened in your perimeter firewall to the Azure IP address to enable the RDP. Not a bright idea, I would say , since the Azure IP ranges keep changing. Even Microsoft doesn't recommend hardcoding their IP ranges to create firewall rules in your organization network. Hence better go the 'multi hop' way .

Tuesday, October 15, 2013

VMware NSX: An introduction

After server and desktop virtualization, VMware is now focusing on network virtualization. Essentially the company has been focusing so far on the 'compute' market for Virtualization and now it has started working on a similar product for Network.

Lets admit it, Networks take more time to provision. With virtualization coming in, the creation of Servers, desktops etc now takes minutes when compared to hours/days/weeks situation in the pre-virtualization era. But if we have a new network requirement for the VMs, it can be sorted to an extend using vSwitch. What if the requirement goes beyond that? Say a router /firewall/VPN that should be used by the VM. Of course, we should get in touch with the networking guys and it could take some time for the stuff to get sorted out

With NSX, Vmware aims to address this bottle neck. The idea is to provision,backup and manage networks similar to how you manage your VMs now. There will be logical switches,routers, firewalls and VPNs.You can create virtual networks using these logical devices, connect your VMs to them , backup your network topology,create templates and deploy on demand. Your underlying physical network will act as the "packet forwarding backplane" as per VMware.

Interesting concept actually!! Would love to see how this gets implemented in real world . Vmware is yet to come up with details of this, and it has already tied up with various partners like Dell,HP,Juniper networks etc to make this a reality. So the key is to wait and watch :)

SSL Web server cert analysis

Came to know about this site from a colleague of mine today

This is quite useful if you want to do a deep analysis of any SSL web server in the internet. It provides details about the cert used, cetifiction paths, protocols etc..