Azure Automation Agent Force Check In Using PowerShell

Azure Automation is a tool that a System Administrator dreamed of that quickly became reality.  With Azure Automation you can automate jobs. tasks, configurations and deployments against resources in Azure, on-premises, and even in other cloud providers like Amazon Web Services (AWS). DevOps is a word that is being used quite frequently and Azure Automation builds on this culture for an organization's infrastructure.

The reason I am writing this blog post is because I recently worked on a project where the Web Server was not playing nice with the DSC configuration in Azure. The agent was not checking back into the host server to check its configuration. This post shows how to speed this up.

Another Admin removed the Web Server role and DSC normally checks in to put it back. In this case it dd not. See the screenshots below to view the inconsistency with the server.

From within the server or Remote PowerShell running the Update-DscConfiguration -Wait -Verbose command started the pulling of the configuration file from the DSC Node Server.

The Virtual Machine still did not start the configuration even though the Update was initiated. The work around with this is, as I found was to you use the Start-DscConfiguration -UseExisitng -Verbose cmdlet. This will reference the MOF file on the local box and fire off the agent to talk to the DSC node server forcefully. At this point the Web Server started to install the configuration as seen below.

And within a few periodic checks our DSC configuration was again consistent.

I hope this helps someone. Especially if your new with Azure Automation.

If you have not used Azure as yet and want to get started click here. 

Happy Scripting!!!

Adnan Cartwright

Deploying Nano Server Using Windows Server 2016 Technical Preview 4

Nano Server is indeed one of the hot topics moving forward with Server 2016 and its Technical Preview releases. The push for Nano Server and the reason why so much focus is on it, comes down to how better secured the platform is. Microsoft has Nano as an installation option that reduces the footprint of the system thus the attack surface as features that are not necessary to run is not. The GUI is gone and at the time of this writing there is no RDP support or functionality. That means you need to know your Power Shell! WMI is also supported for remote management.

Nano Server is headless, smaller than a Server Core Installation which means less system to patch, a reduced amount of reboots due to patching and only the core services needed for the deployment is running. Think of it as a purposed built system specifically for your deployments. The days of the golden image looks like they will soon fade away. Golden images more than half of the time had services included that are not needed for every deployment.

For example. You create a server image that has the Desktop Experience Role to prevent store access in Group Policy. It is simple to say that we can just remove the role and I agree with you whole heatedly. The question is how many of us do? Hence Nano Server. The Purpose built headless container that packages will have to be added to for each deployment. Can you say job security?

I for one am looking forward to Nano Server and its long term position within our infrastructure. I have included a video in this blog on how to deploy Nano Server so that you to can start exploring the possibilities.

Hope you guys enjoy!

Have any questions about Nano Server? Please leave your comments below.

By: Adnan Cartwright

Creating a Azure Remote App Template **** Updated ****

Services in Azure are constantly updated to improve on its performance and overall functionality. In this article we will be covering the new changes in the Azure Remote App Template creation. Before the changes were made ideally you had to meet a long list of perquisites before uploading your virtual hard disk (vhd) into Azure using PowerShell. (Click Here to view old process)

The Azure Remote App Team has indeed heard the customers feedback and reacted to make deploying your custom template not only easier but seamless on our part.

Note: If you do not have an Azure subscription take a moment here and pause. If you have access to Biz Spark, Dream Spark or an MSDN Subscription you have Azure credits allotted to you every month. It is strongly recommended that you use one of these options to continue with the lab. Keep in mind Azure is a pay as you go service.

Another option is if you have not used an Azure trial yet. One can be obtained by visiting http://aka.ms/try-azure This will give you a $200 credit limit or 30 days of Azure. Which ever one comes first. Disclaimer - A credit card is required for the free trial.

With all of that being said, "Lets get started!"

Within the Azure Portal not the Preview Portal click on New, Compute, Virtual Machine and From Gallery as seen below.

From within the Gallery select the newly added Remote Desktop Session Host Image. This image was per-built by the Azure Remote App team to ease the deployment of your custom images.

 

Give your virtual machine a name while setting the username and password as normal. The size of the virtual machine does not matter as we will capture an image of it when we install our applications. Note: Selecting the size of the virtual machine can vary from deployment to deployment given the specifications of the need for your application/s. Please review the system requirements for proper installation of your application.

 

There isn't a need to open any other endpoints. PowerShell and the RDP endpoints are the only one's needed for a successful custom template deployment.

No need to add any custom extensions or security extensions. Azure Remote App within the service itself provides antivirus and security.

With your virtual machine newly created Remote into the server using RDP by selecting your virtual machine from within the portal and selecting connect at the bottom launching the RDP connection. Enter your credentials you set earlier to log into the machine.

Install the applications that are needed by your organizations users.

Within the Azure Remote App Service your application/s can be discovered two ways. The easiest method would be to pin each application shortcut to the start menu. The other is by the applications path (i.e. %SYSTEMDRIVE%\Program Files (x86)\Microsoft Office\Office15\WINWORD.EXE) if we were publishing Microsoft word to our users. Again pinning the application to the start menu would be the easiest method as seen below. 

With the Image template there is a PowerShell cmdlet called validate remote app image. After the installation of your applications run this cmdlet and then enter the command to sysprep your machine as seen below.

Command to sysprep your machine C:\Windows\System32\sysprep\sysprep.exe /generalize /oobe /shutdown

Upon the sysprep completion the virual machine will shutdown and be stopped within the Azure platform.

 

Be sure to delete your cloud service as it is no longer needed. This will not affect your custom template. Note: You are deleting the cloud service to prevent additional charges within the Azure platform.

 

  

In your virtual machine service highlight the virtual machine that has been syspreped and select capture at the bottom of the screen.

Enter a image description that can be easily recognizable to you for future deployments,

The image is registered within your images gallery in the virtual machines service.
 

Head back into the remote app service select template images at the top and then the add button circled in red as seen below.

  

The template image import wizard begins. Select Import an image from your Virtual Machines Library as seen below.

Select your image you captured earlier in the deployment process. Earlier we did sysprep the machine. Check the box that states "Confirm that I followed these steps to create my image"

Give your image a name and a location you would like to deploy it in. Note: Only the region you deploy the template in will have it. If this template needs to be deployed in multiple locations then you will have to add it to each location specifying a unique name for each location.

The upload begins! Told you these method would be easier! :)

With the image now ready to be linked to a collection. Simply select New at the bottom of the Azure portal, App Services, Remote App and then Quick Create. Give your collection a name and select the region. Remember your template image is region specific as shown below between the East Us where we uploaded the template. Versus the West US where we did not.

Your collection will take up to an hour to provision. Once completed you can publish your apps to your users for them to utilize the service.

Ideally if you need to update a collection with a new image please visit the blog article Updating Azure Remote App Template Images found here

By: Adnan Cartwright

Updating Azure Remote App Template Images

Updating a Template Image in Azure Remote App is a straight forward task. (If you do not have a template image uploaded into the Azure Remote App space visit http://youtu.be/rpSRbxxbL8E to view the walkthrough of the setup and deployment.

To get started simply select the remote collection you would like to update. Keep in mind Microsoft images cannot be updated by you only Microsoft. As seen below.

Your remote deployment however can be updated to change the applications based on need and or location. As seen below with your remote desktop collection selected click the update button and you will be prompted for which image to deploy out to your collection. Within the option you have two choices allowing users to be logged out immediately once the update is completed or allowing them 60 minutes to complete the necessary work and allowing them to save their data.

 

 

 

Select the template that you would like to use to update your remote desktop collection with. (As shown above). The update of your image will begin. This can take a few minutes. Once completed you can now publish your newly added apps out to your users as seen below. From the client remote up select update and the newly published apps will appear.

 

 

 

 

 

 

Success! You have updated your newly added applications.

 

By: Adnan Cartwright

 

Azure Trial: http://aka.ms/try-azure

 

 

 

 



Hyper-V Disaster Recovery in Microsoft Azure

The Microsoft Azure public cloud is yet increasing in functionality as time passes. While there are numerous options in terms of features you can configure to begin an organization, extend it or even scale it to meet demand. Disaster Recovery is well covered. From options to back up Windows Servers, System Center, and newly added Windows Client Operating Systems beginning with Windows 7. Hyper-V is not far behind.

As a matter of fact it was there from the initial release and it has been enhanced upon. System Center Virtual Machine Manager was a necessary piece in order to protect your virtual machines within the Azure Platform. Newly added Microsoft is now supporting the protection of Virtual Machines with Hyper-V as a standalone.

Let's get started!

From the Azure platform click on the new button, data services, recovery services, site recovery vault and then quick create. Name your vault and select the region in which you would like for it to reside. When completed click the create vault button as shown below to create your Hyper-V DR Vault.

Next select your newly created vault. From the setup recovery menu select Between an on-premises Hyper-V site and Azure as shown below.

Next, we will complete the follow steps to configure the vault to enable protection of our Hyper-V virtual machines shown below.

Next we will select the first step which will create our Hyper-V site. Name your site and select the check button.

Download the registration key and save it to a location local to your machine.

 Download the Provider for the vault and when ready begin the installation.

Once the software is installed the key downloaded earlier will need to be added to register the Hyper-V Server with the vault.

A storage account will need to be made. Select the new button from the portal, data services, storage and then quick create. Name your storage account preferably something aligned with the deployment and easy for you to remember. Select the region where you would like to have the storage account reside. In my demo I selected locally redundant. In production it is best practice to select a Geo-redundant deployment which allows your protected virtual machines replicate to two data centers instead of one. Note: The configuration of a Azure Virtual Network is needed if the intent is to have a hybrid connection between your on-premises network and Azure. For the lab demo shown here a virtual network was not created. This will not hinder the process of replicating your virtual machines to Azure for protection.

Now that the storage account has been configured we are ready to specify a protection group and its settings. Here you can configure the replication time, frequency in how much each protected virtual machine should replicate, its recovery points as well as the snapshot option. Here you can design a plan that works best for your infrastructure and/or company policy.

 Next we will add the virtual machines we would like protected in Azure.

Select the virtual machines, the operating system whether it is Windows or Linux and select the check button.

 Protection is enabled and the process will begin replicating your virtual machine from on premise to the Azure Site Recovery Vault.

Once completed via the Azure portal you will have an update for the health status.

From the on-premise Hyper-V Server you can select the virtual machine protected, the replication tab at the bottom to gain a summary of the replication and its status from within the Hyper-V Manager console. 

Success! You have configured Hyper-V Disaster Recovery in Microsoft Azure.

By: Adnan Cartwright

30 day Trial of Azure with a $200 credit limit - http://aka.ms/try-azure