Azure Active Directory Deep Dive

clip_image001

We had another outstanding meeting Thursday night. with a good turnout.  Although over 70 registered for the meeting only about 20 actually made it to the meeting in person. Please be diligent in changing your status from “Your Going” to “Not Going” by the morning of the meeting if your plans change, so that we can adjust the refreshments order accordingly.

We also streamed the meeting using Skype for those who could not attend in person. That worked out well; and we will probably do it again in the future. However, there is really no substitute for attending in person and networking with your peers. Smile

If you are interested in our upcoming meeting schedule, and/or to find out more about the group, we invite you to visit the group’s Meetup site.

What follows is a summary of our August meeting:

As usual we started our meeting with ½ hour of networking and refreshments. After that we delivered a brief presentation about the group for new members.  In addition to covering the Mission and Structure of the group, the Board of Directors, and our Sponsors we also covered recent Azure announcements that we felt were most important.

The important announcements this month were:

  • Start/Stop VMs during off-hours in Azure Automation GA
  • Azure Virtual Machines Azure reserved instance size flexibility
  • Azure SQL Database, Save up to 80 percent with reserved capacity and Azure hybrid benefit
  • Linux on App Service Environment now GA
  • Azure Data Box Disk Preview
  • Azure SQL Database Managed instance business critical Preview
  • Azure Event Hubs and Service Bus VNET Service Endpoints in Public Preview

Following that, we launched into the main presentation topic, with Microsoft Cloud Solutions Architect Brett Hacker presenting an extremely comprehensive and thorough presentation on Azure Active Directory.

In this presentation Brett covered all the ins and outs of Azure Active Directory including The relationship of Azure Active Directory (AAD) to on-premises Active Directory (AD), the use of AAD by Office 365, Intune and other Microsoft cloud services as well as the Integration of AAD with thousands of other Software as a Service (SaaS) applications.

He discussed the Graph API which forms the underlying single security API that proxies multiple services and supports single sign-on to them. Next, he went into a deep discussion of exactly how hybrid authentication works where AAD is integrates with on-premises AD as well as how Active Directory Federation Services (ADFS) and AD Connect are used to support single sign-on and same sign-on using common credentials for Cloud  and Federated authentication, as well as how password hashes are used to safely integrate both authentication methods.

Following that Brett covered how AAD Business-to-Business (B2B) and Business to Consumer (B2C) authentication works to allow authenticated access by external businesses and consumers.

Bret finished up with a very comprehensive demo of an application that illustrated all of the above features of AAD. All-in-all it was the best AAD presentation that I have ever seen. Smile The slide deck can be downloaded from here. Note that Brett is using the AAD demo application that he presented in the meeting to share the slides at that link.

If you are located in the Nashville Area, or any of the surrounding areas, we invite to you become a member of the group and to attend future meetings. All are welcome, and meetings are always free.

See you next month.

Bill Zack, President, The Nashville Microsoft Azure Users Group

Posted in Microsoft Azure, Security, User Groups | Leave a comment

New to Azure?

Azure Center

As some of you may know I am a Cloud Solutions Architect specializing in Microsoft Azure here in Nashville.

That is my “day-job”. What some of you may not know is that I am also the Founder and current President of the Nashville Microsoft Azure Users Group. This group has grown from 4 members to over 900 in the space of five years. Although I would like to claim credit for that the meteoric rise of Azure has had a lot to do with it. Smile

In the group we try to mix up the technical level of our presentations, having introductory talks for those new to Azure and deep-dives for the more experienced members of the group.

In May we did an introductory Azure Platform Technical Overview.

In June we had Microsoft MVP and Pluralsight author Tim Warner presenting an Azure Networking Deep-Dive.

At the July meeting we did an updated version of the May talk titled New to Azure for those new to the platform.

In August we will have Microsoft Cloud Solution Architect Brett Hacker presenting an Azure Active Directory Deep Dive.

If you are interested in our meeting schedule, and/or to find out more about the group, we invite you to visit the group’s MeetUp site.

What follows is a summary of our July meeting: New to Azure.

As usual we started our meeting with ½ hour of networking and refreshments. After that we presented a brief presentation about the group for new members. In addition to covering the Mission and Structure of the group, the Board of Directors, and our Sponsors we next covered recent Azure announcements that we felt were extremely important. (Obviously we could not cover all of the Azure announcements since last month; since that would take the whole meeting, or more. Smile)

Those announcements were:

  • Microsoft acquiring GitHub
  • Azure Virtual WAN and Azure Firewall (Preview)
  • Soft Delete for Azure Storage Blobs (Preview)
  • Blob Storage Lifecycle (Preview)
  • Tamper-proof Azure Immutable Blob Storage services (Preview)
  • Azure Backup for SQL Server (Preview)
  • Disaster Recovery for IaaS VMs without requiring additional infrastructure (Preview)
  • Security Center protection of Azure, On-Premises and Hybrid resources
  • Azure File Sync (Preview)
  • SQL Server 2008/2008R2 Free Extended Security Updates in Azure

Following that, we launched into the main topic, presenting a fairly complete overview of Azure for new members. That presentation outline is listed in detail here and the presentation slides can be downloaded from here.

If you are located in the Nashville Area, or any of the surrounding areas, we invite to you become a member of the group and to attend future meetings. All are welcome, and meetings are always free.

Bill Zack, President

The Nashville Microsoft Azure Users Group

Posted in Microsoft Azure, User Groups | Tagged , , , , | Leave a comment

Building a Rational Microsoft Azure Network Architecture

In a previous blog post Is Azure Adoption “Too Easy? I discussed how it is very easy (perhaps too easy) to get into Azure without a well-thought-out network architecture and a good plan. We cannot fault Microsoft for making it as simple as possible, however it is very easy to do it without adequate planning. The result can be that you can paint yourself into a corner if you are not careful.

Over time, and working with many clients, we have developed a network design model that includes a single subscription with Virtual Networks (VNets) defined by environment (Development, Quality Assurance, Production, Disaster Recovery, etc.). Then each VNet is broken down, in turn, into SubNets for architectural tiers and specific purposes such as virtual network gateways.

We have developed this architectural design based upon, and extending, the Microsoft Hub and Spoke architecture recommendation.

image

This modular rational approach to the Microsoft Hub and Spoke network architecture that we have developed is called “Parthenon”.  We have also built a network generator application that we use to build these rational networks.

Recently we recorded a presentation on this to be delivered to Microsoft MVPs and former MVPs around the world. Microsoft has been kind enough to allow us to share this presentation with you.  During the recorded presentation we discuss, and demonstrate, the real-time creation of a Parthenon network in an Azure subscription.

Bill Zack

Stratum Technology Management

Posted in Architecture, Cloud, Cloud Computing, IaaS, PaaS, Windows Azure | Tagged , , , | 1 Comment

Azure Platform Technical Overview in Nashville

image

We had an excellent turnout for the May 17th meeting of the Nashville Microsoft Azure Users Group, a group that I have been leading for nearly five years.

We started this group with four members in 2013 and it now has over 840. In fact, it has doubled in size in the past year alone. (As much as I would like to claim all the credit for that the phenomenal increase in Azure adoption probably has had a lot to do with it. )

I present to the group occasionally myself, but in most cases I try to find other good Azure presenters from the local community and elsewhere. (If you are interested in presenting an Azure related topic please let us know. You can contact me at wzack@live.com or through the Nashville Microsoft Azure User Group MeetUp site

The Presentation

At this meeting I presented an Azure Platform Technical Overview that covered all of Azure at an architectural level and discussed “What to use When”. This is a presentation that I have been evolving since before Azure was even called Azure (circa 2017). In fact, one of my standard jokes is that “it still isn’t finished!” (Of course, as Azure changes every few weeks, it most likely never will be finished.) For more about my history with Microsoft and Azure see the About Page of this Blog.

For those of you who attended the meeting (and anyone else who is interested) you can download the presentation slides from here.

Areas of Azure that we covered during the talk were:

• Why adopt Azure
• Azure Resource Management
• Compute Options
• Azure Storage
• Databases
• Business Continuity (Backup and Disaster Recovery)
• Networking
• Security
• Virtual Desktop
• IoT & Analytics
• The Future of Azure

At the meeting we also distributed 20 free Azure Pass subscriptions donated by Microsoft to our group for when we held the Nashville edition of the 2018 Global Azure Bootcamp.

Our Next Meeting

Our next meeting will be on April 21st when Tim Warner, Microsoft Azure MVP and Pluralsight author, will present a Microsoft Azure Networking Deep-Dive. If you plan to attend you can  find out more details and register at that site.  Everyone with an interest in Azure is welcome to attend. And all meetings are always free.

See you there

Bill Zack, President, The Nashville Microsoft Azure Users Group


Posted in Uncategorized | Leave a comment

Recipe for a Successful (Azure) User Group [Updated]

600_460237788

Back in 2015 I wrote this blog post based on over 15 years of experience running user groups. Time does not stand still and things have changed a little since then, however the basic ideas are still valid. Here is an update in case you are a user group leader or are contemplating becoming one. My notes in square brackets represent what I have learned since then.

May 29, 2015 Post [Updated]

Let me start (or rather restart) this blog series with a post that only tangentially has to do with Azure.  It does however relate to starting and running a user group (which I hope will focus on Azure. Smile)

I have been involved in one way or another with user groups for many years. I currently run the Nashville Microsoft Azure Users Group. Our group has grown from 4 members in 2013 to over 800 members today. I encourage everyone to either get involved in a local user group, if one exists in your area, or to start one if it doesn’t.

By way of motivation; because I was very active in the user group community years ago I was made a Microsoft MVP. That eventually helped lead to my working for Microsoft as an Architect Evangelist. That, in turn, led to my discovering Azure (before it was actually called Azure) internally at Microsoft. Ultimately that led me to be an Azure Specialist and to my day-job as a Cloud Technical Solutions Specialist at Stratum Technology Management in Nashville.

As part of my user group involvement I published a white paper years before the original blog post on how to run a successful user group. (I am the original author; however, a lot of other user group leaders have contributed to it along the way.)  Hopefully it will help anyone who wants to start a group of their own. Here it is:

The Recipe

Having been involved with user groups, for computer industry professionals for many years, I’d like to offer some recommendations.  If you’re thinking of starting a user group for computer industry professionals or are running one now, please contemplate these lessons, drawn from my experience. You might want to consider reviewing the list from time to time to keep you true to your mission.

1. You need a Web page [or a Meetup page]

You might be able to get by with a Meetup Group on Meetup.com.  They have some good services for posting meetings and notifying member as well as discussion groups and forums. But in any case, having a separate web site (in addition to the Meetup group) adds a degree of professionalism. [Note: Despite this advice written in 2013 this is clearly a case off “Do as I say and not do as I do” Smile I do not have a separate web site. I use MeetUp for everything. I do have a custom domain name, but more about that later.]

If you have a web site keep it simple and clean.  This will allow members and potential members to find the information they are looking for quickly. Let your members and potential members know when and where meetings are located prominently on the home page.  Make it obvious.

2. Your own web server or a web hosting service?

Use a web hosting service, here’s why.  Web hosting services can be had for $5-$10 a month.  You can’t even power a server for that much a month.  Think about it. Your volunteer web server maintainer has to provide, 24X7 up-time, server monitoring, back-ups, software updates and hardware upgrades.  Using a web hosting company, they are responsible, not one of your volunteers, and issues over hardware ownership are non-existent.

You might consider finding a company offering to donate web hosting.  I would strongly advise against it.  While it may appear appealing, in the long run it’s not worth the trouble.  I have tried it, and these are the issues I have run in to.  You are a low priority, if a priority at all.  If the company ever retracts the offer, you will have the hassle of moving the web site, and then making sure all the pages and links work on the new site.  You will then have to change the DNS and wait for the new DNS info to be updated while your site is unavailable.

For less than $100 you are better off focusing on other issues than your web site.

3. Your Web page needs a findable URL.

The usual http://www.some-isp.com/~username/UGname/ URL isn’t any good. You want people who know no more than the group’s name to find you easily. For that, http://www.our-group.org is ideal in the USA — and similar names for groups elsewhere. For instance, my Azure meetup group can be reached by its MeetUp group URL or at www.nashazure.com.

You should choose a user group name whose Internet domain isn’t taken.  You can check at http://www.internic.net/whois.html   Do not type the potential name into your browser, as some companies will immediately place a 30 day hold on the name and then offer to sell it to you. Sad smile

4. You need a regular meeting location.

Changing meeting locations will cause your group to lose attendees.  Why?  It’s too hard for people to remember where the meeting is from month to month.  The other reason is because it’s a strain on people.  They have to find out how to get there, where to park, whether the neighborhood’s OK to walk in, etc. You can tell them, email them, and they’ll still wind up at the wrong location.  Once that happens the word will get out that the group has folded, and then it’s too late. 

The location doesn’t have to be impressive: member company conference rooms, college cafeterias, library meeting rooms, a coffee shop, pizza parlor or community center are a few ideas.  See what’s available in your area. Sometimes restaurants will have a meeting room that you can use if your members are going to buy food and drink during the meeting. Others will want to charge for its use. (I have got to mention here that I have been running user groups for over 15 years without a bank account and without charging anything for memberships and events. Sometimes those things are unavoidable. In most cases you can find sponsors willing to provide refreshments and even meeting space without getting involved in the finances. Incorporating as a non-profit is a hassle involving lawyers and financial reporting.)

5. You need a regular meeting time.

“Regular” usually means same day of the week or month and keep it that way.  Most groups meet once a month; first Wednesday at 7:00 or third Thursday at 6:00.  (Give people time to get there from work.) Make it easy to remember and easy to enter in people’s smartphones and PC calendars as a reoccurring event. Don’t get fancy with things like “every other Thursday”. Avoid Monday’s and Fridays if you can. You should also avoid having meetings near 3-day weekends. Make it so anyone with a calendar can easily figure out when the next meeting will be.

6. You need to avoid meeting-time conflicts.

Check out the schedules for nearby events: other user groups, sporting events or other events your audience is likely to attend. 

7. You need to make sure that meetings happen as advertised, without fail.

Show up to have a meeting rain or shine, locked meeting room or not.  Have a few members show up early to avoid potential problems.  If there is a problem, let people know by posting a sign or flyers apologizing and letting them know when the next meeting will be occurring.

If you need to cancel or reschedule an event that you’ve already been advertising as “upcoming”, don’t simply remove the original listing on your Web pages: Continue to list it, prominently marked as cancelled or rescheduled.

[7A. Meeting coverage

You need someone who can back you up and run the meeting if for any reason you have to be out of town on business on the day of the meeting.]

[7B. Have help running the group

Better yet have a board of directors that can help with running the group. (I jokingly refer to myself as my group’s “Benevolent Dictator. But I do not recommend that because that is a lot of work. And some things that we could be doing better do suffer.) ]

You may want to have a Program Chairman, A Sponsorship Director, A Publicity and Outreach Director to help. Ideally you need help focusing on things like dealing with sponsors, soliciting SWAG for meeting raffles, outreach to local colleges, etc.

8. You need a core of several experts.

You will need a couple of experts who are energetic and willing to share their knowledge with your members.  A users group should be neutral territory for community interaction; Vendors should not be allowed to sell their services during a meeting.

9. Your core volunteers need out-of-band methods of communication

By that, I mean outside your user group’s regular electronic means of communication.  Use a list server or email groups.Meetup.com provides a mailing service, as do most web site user group CMS packages such as Kentico. [Today use of collaboration tools abound; such as Slack, Yammer, Microsoft Teams, etc.]

10. Place your meeting time and location prominently on your web site’s Home page.

Make it overly obvious when and where your meetings are.  If you don’t, people will find your email address and ask. A lot. Sad smile

11. Include a maps and directions to your meetings.

Be helpful to your members, include a map and clear step by step directions.  Offer suggestions for parking, and public transit if available.  Give as much detail as you can.

12. Emphasize on your main page what your group is all about, and the dues or fees or if meetings are free of charge and open to the public.

Make it clear before people arrive.  If there is a fee let people know in advance.

13. Use a list server or mailing list program to send out info to your group.

I have found a closed list server is the way to go.  It’s easier to maintain than a mail group, and you will not receive all of the “I’m out of the Office” or bounced message replies. For a small group you can use BCC or Meetup mailings. [Note: When I wrote this List Servers were in vogue. Today I don’t even know if they exist Again I use Meetup for this, and have for years. ]

Some commercial services let you set up “free” mailing lists on their servers, where their gain lies in revenues from mandatory ads auto-appended to all posts, plus of course the ability to sell your subscription list to other advertisers. Beware that you may find yourself not the “owner” of your own list, in the event of a dispute over its management.  In my opinion, this is a bad idea. (See comments above.)

It is very important that you should own your mailing list and keep it private.  Make every message you send out important, so members will read them.  If not, your mail will quickly be linked to spam. Do not share it with vendors or sponsors. Most members will want their mailing addresses kept private anyway.

14. You don’t need to be in the Internet Service Provider business.

Leave the ISP business to the professionals.   Some groups have tried to offer this as a service to their members.  Don’t!  Same goes for email accounts.  You are a user group, not an ISP.  Leave that up to the professionals.

15. Don’t go into any other business, either.

Some user groups get sucked into the strangest, business schemes.  Don’t!  You are not a Web design firm, a technical support firm, a network design consulting firm, or a LAN cabling contractor or any other business. Not even if you’re told it’s for a wonderful charitable cause.

Along the same lines, remember that you are not a convenience for job recruiters: If allowed, they will spam your mailing lists and abuse every possible means of communication with your members. Nor are you a source of computers for the underprivileged, a repair service for random people’s broken PCs, or a help desk. I have been pestered by all of the above.  As much as you would like to help, leave it to the professional in you group.

The following checklist may be useful for your group, once established:

1. Web page:

a. Meetings:

[ ] Current meeting info?  Is it prominent?
[ ] Day of the week?  Beginning time?  Ending time?
[ ] Double-check day/date matches against a calendar and conflicting events.
(E.g., is the “Friday, March 28” you listed an error, because the 28th is a Thursday?)
[ ] Location?
[ ] Include a link to a map
[ ] Directions (car, public transit)?  Parking tips?
[ ] Information on upcoming meetings
[ ] Is an RSVP mail required to attend meetings?
[ ] Note that meetings are free and open to the public (if they are)?
[ ] If there’s a special fee, is it disclosed next to the event listing?
[ ] If location / time / date formula has changed recently, is this noted prominently?
[ ] Have you checked for event conflicts with other nearby groups, or with holidays?

b. General:

[ ] Includes event date-formulas (e.g., 4th Tuesdays)? Prominently?
c. Periodically (maybe every quarter):
[ ] Checked all links on your site for dead links?
[ ] Checked your Web server’s logs for pages requested but not found? (You’ll want to put a referral page at that URL.)
[ ] Read all your Web content attentively for outdated content?

c. Other, periodically:

[ ] Review and update all user group lists that have entries concerning your group.  Are they correct and up to date?
[ ] Reviewed all sites that link to yours? Advised their webmasters of needed corrections?

Best of luck with your group Smile

Bill Zack

Posted in Microsoft Azure, User Groups | Leave a comment

The Nashvill 2018 Global Azure Bootcamp is History

image

On Saturday April 21st we held the Nashville Edition of the 2018 Global Azure Bootcamp. The event was held at Microsoft in Nashville and we had approximately 60 attendees.

As you can see from the agenda (above) we had 17 sessions in two parallel tracks covering a wide variety of Azure subjects. We also had a raffle at the end of the day where several prizes were given away by local and global sponsors. The grand prize was a drone contributed by Cardinal Solutions.

Thanks

No event like this can go on without the efforts and contribution of the may presenters, volunteers and sponsors that helped to make it happen.

To all our presenters from Microsoft, local partners and the local industry we thank you for all the knowledge that you have imparted and for giving up a beautiful Saturday to work with us.

To our volunteers: Ukela Alred, Scott Schreier and Roger Dahlman who handled everything from registering the attendees, taking pictures of the event, proctoring and timing the presentations to setting up and monitoring lunch and breaks. Special thanks to Scott for making up the giant Agenda boards outside of the meeting rooms. We could not have done it without of you.

To our local sponsors: Microsoft for providing the meeting space. (as they have done for the last 5 years for our Azure group), Provisions group for providing refreshments for the morning break, Vaco (Our eternal refreshments sponsor) for providing ice-cream sandwiches for the afternoon break, Cardinal Solutions for the drone and Stratum Technology Management for providing coffee cups, pens and many hours of my time working on planning and executing the event. Smile

Thanks also to our Global sponsors: Cerebrata, Opsgility, CloudMonix, Jet Brains, and Sevicebus360 for the SWAG and raffle prizes, and especially to Microsoft (again, this time on a global basis) for providing lunch for all attendees.

A major Microsoft sponsorship contribution was also an Azure Pass subscription for every attendee. These entitled every attendee to $100 per month of Azure every month for a three month period.

What we learned

This is the 4th annual Global Azure Bootcamp that we have sponsored. I seem to remember that we had only 20 attendees at the first one, last year we had 40 and this year we had approximately 60. The group itself in turn has grown from its original four members to over 800. (We may have to find a larger venue for the next one.)

Adding an Ask the Experts Panel was a last-minute decision motivated by the cancellation of one of our speakers at the 11th hour. I moderated the panel and it was staffed with most of the Microsoft presenters and other Microsoft folks at the event. That worked very well, and we will definitely plan to have another one at future Bootcamps.

We are looking forward to another successful year of Nashville Azure Group meetings and Bootcamps. If you are located in the Nashville area please remember that we meet every third Thursday of the month in the evening at Microsoft in Nashville. If you are not a member you can register at http://www.NashAzure.com  to receive future meeting notifications.

See you at the next meeting Smile

Bill

Posted in Application Development, Architecture, Buisness Continuity, Cloud, Cloud Computing, Disaster Recovery, Event, IaaS, Microsoft Azure, Microsoft Azure WebApps, PaaS, Security, User Groups, Windows Azure, Windows Azure Web Sites | 2 Comments

Is Azure Adoption “Too Easy”?

image

Those of you who know me know that I have been focusing on the adoption of Microsoft Azure since before it was actually called Azure (Circa 2008) when I originally stumbled upon it while working as an Architect for Microsoft. Since I had previously worked as a consultant to Bell Labs on the ill-fated AT&T NET1000 Cloud project as documented in The Slingshot Syndrome: Why America’s Leading Technology Firms Fail at Innovation) I immediately recognized its potential.

Since then we have seen a lot of companies adopt Azure and have helped many of them make the jump. Recently our focus has also skewed towards helping companies that may have jumped into Azure without adequate planning to remediate their architecture and their implementation.

Our experience is that it is very easy (perhaps too easy) to get into Azure without a well-thought-out architecture and a good plan. We cannot fault Microsoft for making it as simple as possible, however it is very easy to do it without adequate planning. In our InfoQ article The SaaS Development Lifecycle we outlined how a company should approach their first Azure project. Although published in 2011 IMHO it is still valid today.

At some point you will realize that you may have created what Grady Booch has called an “Accidental Architecture” or what Eric Evans and Brian Foote have called “A Big Ball of Mud”.  Smile

Azure Accounts

Note that there are typically two ways to experiment with Azure. Recently Azure introduced a simplified Free Trial model that give you access to a limited number of Azure resources over a 12 month period, some free resources indefinitely and a limited amount of Azure resources that burn-down against a 30 day allocation of metered usage.

The other way is to have an MSDN subscription which includes a monthly amount of free Azure resources as part of that subscription.  Since the Free Trial only presents a very limited set of options compared to an MSDN subscription, and since we want to discuss not only experimentation but real infrastructure and applications in Azure, we will use an MSDN subscription in this post.

You should also note that there are other non-Trial and non-Free pricing plans such as Pay-As-You-Go and Enterprise Agreements that are more relevant to production architectures.

The “Easy” path

As an example, let’s take the easy-path scenario.

You sign up for a free trial using your personal credit card and telephone number. (Just needed for identity verification, of course.)

Next you create a VM in Azure taking most of the default values presented during the creation process. You are amazed at how easy this is to do. Smile

image

Naming conventions are important.

You would never think of creating a physical or virtual machine on-premises without paying some consideration to a sensible naming convention. Take the same care here. The naming convention should take into consideration the type of resource (VM) as well as additional characters that serve to define the purpose and (perhaps) location of the VM. (The challenge here is to do this within the VM resource naming limitation of 15 characters.)

By the way, note that the VM here defaults to SSD (Solid State disk!). If you are just experimenting you should quickly change that to HDD to save money (or reduce free trial resource consumption).

Resource Groups are important.

Next you will be asked to specify the name of an existing or new resource group. Here a naming convention is also important and you should lay out your resource groups based on a naming convention that takes into consideration the purposes of resource groups. 

Over time there have been three purposes for Azure resource groups identified:

  1. As a LifeCycle container for resources that have the same life-cycle; which means that they contain resources that are normally created and/or destroyed together.
  2. For Role Based Access Control in the case where different departments in a company need to exercise control over a subset of all resources. An example might be a Network Management group that needs to “own” all network related resources in Azure.
  3. For Billing and Charge-back purposes; although the need for this has been largely supplanted due to the use of Resource Tagging as a Billing and Charge-back mechanism.

Save money with Hybrid Use Benefits

If you have on-premises licenses for Windows Server you may be able to take advantage of a substantial discount (up to 40%) by applying your Hybrid Use Benefits (HUB). See the “Save Money” section above.

Choose a VM size

Next you get to choose the VM specs that you want to allocate. If you neglected to change SSD to HDD you can do it  here.

Although Azure only presents you with a few choices here you can see them all by clicking on the “View all” link. There are a lot! Pick one.

image

The next page is very important.

image

Availability Sets

Creating an Availability Set in Azure in order to maximize your service level and avoid downtime is a great feature of Azure. If you are just experimenting it is OK to leave High Availability set to None. In a production environment you will want at least two VMs in an Availability Set to maximize availability.

Managed Disks

Managed Disks great option. In most cases you should let Azure manage the storage for the VHDS that back the VMs that you create.

Network Considerations

Network Considerations are extremely important. In a production architecture you need to be explicit about your subscription (or subscriptions) as well as the environments that you want to support. Over time we have come to adopt a model that has a single subscription with VNets defined by environment (Dev, QA, Prod, DR, etc.).  Then each VNet is broken down, in turn, into SubNets for architectural tiers and specific purposes such as network gateways. You should give some detailed thought to this design.

All other items on this page should be given specific names rather than taking the defaults.

Before moving on pay particular attention to the Auto-shutdown feature. As you can see in the example the VM will be automatically shut down by Azure at 7PM. This is great feature to prevent burning through resources that you forgot you allocated. Turn it off if you don’t want that to happen. (It will not be restarted automatically the next day.)

At the end you will see an excellent summary of what you are about to create. Until you click on Create you haven’t created the VM.

image

What’s next?

Based on the above experience you start migrating servers and applications to Azure. You don’t spend much time thinking about things like naming conventions or other architectural considerations such as organizing resources into well managed resource groups.

At some point you will run out of your free resources  and change it to either a pay-as-you-go subscription or one of the other subscription types such as an Enterprise Agreement.

At this point you may not even be worrying about cost. That is until you get hit with the first bill from Microsoft that demonstrates the penalty for sloppy planning and careless resource utilization. Sad smile  (BTW: In Azure, unlike on-premises, you can  save money by shutting down VMs when they are not needed.  In one case we were able to save a company 40% of their Azure spend by identifying resources that could be shut down when not in use and automating that shutdown.)

Conclusion

As a consultant I can’t complain too much about this state of affairs, since we are often asked to come in, assess a client’s Azure architecture and make recommendations on how to remediate it. Sometimes the restructuring can be minor. In other cases, major surgery is required.

In subsequent blog posts we will discuss the better way to Adopt Azure or to remediate what you already have in Azure.  We will discuss how to perform a Current-state Assessment of your infrastructure and applications, develop a Migration/Remediation plan, as well as how to assess whether to retire, replace, migrate or reconfigure your current infrastructure and application resources.

Until then.

Bill Zack

Posted in Uncategorized | 1 Comment