Create Your First VM with Azure Cloud In different ways

To create your first server/VM on Azure cloud, you have different ways to do that :-

  • Azure Resource Manager
  • Azure PowerShell
  • Azure CLI
  • Azure REST API
  • Azure Client SDK
  • Azure VM Extensions
  • Azure Automation Services

The Azure portal is the easiest way to create resources such as VMs, i will describe each one of them,

The first way which is The Portal here, to do this it’s very simple :-

  • Click on the Create a resource option in the top-left corner of the portal page.
  • Use the Search the Marketplace search bar to find “Ubuntu Server” for example.
  • Press on Create , then new page will be open.
  • Configure the VM, by enter the name, the region, The Subscription,Availability options
  • There are several other tabs you can explore to see the settings you can influence during the VM creation. Once you’re finished exploring, click Review + create to review and validate the settings.
  • On the review screen, Azure will validate your settings. You might need to supply some additional information based on the requirements of the image creator.


This is was the first way to create the VM which is consider the easiet one also.

Azure Resource Manager

assumig you want to create a copy of a VM with the same settings. You could create a VM image, upload it to Azure, and reference it as the basis for your new VM,Azure provides you with the option to create a template from which to create an exact copy of a VM.

You can do this, after create the VM –> Setting –> export template.

Azure PowerShell

Azure PowerShell is ideal for one-off interactive tasks and/or the automation of repeated tasks, note that PowerShell is a cross-platform shell that provides services like the shell window and command parsing.

New-AzVm  -ResourceGroupName "TestResourceGroup"  -Name "test-wp1-eus-vm"  -Location "East US"  -VirtualNetworkName "test-wp1-eus-network"  -SubnetName "default"  -SecurityGroupName "test-wp1-eus-nsg"  -PublicIpAddressName "test-wp1-eus-pubip"  -OpenPorts 80,3389

Azure CLI

The Azure CLI is Microsoft’s cross-platform command-line tool for managing Azure resources such as virtual machines and disks from the command line. It’s available for macOS, Linux, and Windows, this is also found in Different cloud vendor for example For Amazon it’s called aws cli, for Oracle it’s Called OCI-CLI and Google it’s called GCP-CLI.

az vm create --resource-group TestResourceGroup --name test-wp1-eus-vm --image win2016datacenter --admin-username osama --admin-password anything

Programmatic (APIs)

This is no my expertise so i will no go deep dive with it, But we were talking about Azure CLI and powershell, you can install something called Azure REST API and start using differen programing language to deal with Azure, i did this with python for AWS using Boto3 module, i post about it before here.

The same can be done for Azure or any Cloud vendor.

Azure VM Extensions

Azure VM extensions are small applications that allow you to configure and automate tasks on Azure VMs after initial deployment. Azure VM extensions can be run with the Azure CLI, PowerShell, Azure Resource Manager templates, and the Azure portal.

Thank you

Osama Mustafa

Cloud Talk : How much my IaaS will cost on the cloud ?

When the company will move to the cloud, the biggest question to ask , how much it will cost ? there are different ways to determine your IaaS cost, but at first you need to know that PaaS and IaaS much cheapter than IaaS, Each cloud vendor having their own calculator so at least you can estimate the value for one year or understand how much it will cost ? which is good.

Azure

Let’s Start with Azure for example ( since i post a lot about it recently )

When you are estimate the price for any cloud you should take different factors in your mind such as the following :-

  • Region
  • Tier it’s free , Basic … etc
  • How will the clinet/customer pay ? monthly , Yearly , Pay as you go .. etc
  • Supprot for the cloud which option you will choose
  • The deployement princing for example in Azure Dev/test .. etc

Now Azure provides the client with real pricing calculator that allow people to estimate the cost, From here.

to use the portal you should know what services you will choose, and some esstinal information such as How many VM, Database, networking, after you add all the information the report will be generated depends on the period of paying.

But what if i want to move from On Premis to the cloud , is this tool will work ? Total Cost of Ownership or TCO from here

The TCO Calculator helps you understand the cost areas that affect your applications today, such as server hardware, software licenses, electricity, and labor by Define the following :-

  • Servers : -details of your current on-premises
  • Databases :- on-premises database infrastructure
  • Storage :- on-premises storage infrastructure
  • Networking :- on-premises environment

The Genterated report will be like this :-

Amazon

As i already mentioned each Cloud vendor having different apporach of Cloud Pricing but it’s all the same, in AWS you can access the pricing from here , also they have somthing called SIMPLE MONTHLY CALCULATOR From here.

When you generate an estimate, you can either add services directly to your estimate or create a group and add the services to your group.

The AWS Pricing Calculator is an estimation tool that provides an approximate cost of using AWS services based on the usage parameters that you specify. The AWS Pricing Calculator is not a quote tool, and does not guarantee the cost for your actual use of AWS services. The cost estimated by the AWS Pricing Calculator may vary from your actual costs for a number of reasons. Common reasons the estimate may be different from your actual cost include different thing such as Actual Usage, Region used, Change in price, Taxes ( depends on the Region ) .. etc

Oracle

From Oracle , the portal is very simple to use, you can estimate everything using this portal here from Infrastcure cost, database, Application, … etc .

Cheers

Osama

Monitoring Azure services

Azure provides two primary services to monitor the health of your apps and resources.

  • Azure Monitor
  • Azure Service Health

Azure Monitor

maximizes the availability and performance of your applications by delivering a comprehensive solution for collecting, analyzing, and acting on telemetry from your cloud and on-premises environments. It helps you understand how your applications are performing and proactively identifies issues affecting them and the resources they depend on.

also it can collect data from different source such as application, operating system, and platform .. etc. for example the following will explain what i mean :-

What it’s monitorDescription
Application monitoring datacollect data about performance and functionality of the code you have written, regardless of its platform.
 OS monitoring dataData about the operating system on which your application is running.
resource monitoring dataData about the operation of an Azure resource.

subscription monitoring dataData about the operation and management of an Azure subscription
tenant monitoring dataData about the operation of tenant-level Azure services such azure AD.
Table explain what is the monitor in Azure Monitor

Azure Monitor starts collecting data. Activity Logs record when resources are created or modified and Metrics tell you how the resource is performing and the resources that it’s consuming, You can extend the data you’re collecting into the actual operation of the resources by enabling diagnostics and adding an agent to compute resources, also with Azure Monitor you can extend the monitoring to be for example :-

  • Application Insights is a service that monitors the availability, performance, and usage of your web applications, whether they’re hosted in the cloud or on-premises.
  • Azure Monitor for containers is a service that is designed to monitor the performance of container workload
  • Azure Monitor for VMs is a service that monitors your Azure VMs at scale, by analyzing the performance and health of your Windows and Linux VMs

How it’s works ?

Alert :- from the name it will notify the admin to about the erros or thereshould to take corrective actions,Alert rules based on metrics can provide alerts in almost real-time, based on numeric values. Alert rules based on logs allow for complex logic across data, from multiple sources.

AutoScale :- uses Autoscale to ensure that you have the right amount of resources running to manage the load on your application effectively.

Azure Service Health

provide personalized guidance and support when issues with Azure services affect you. It can notify you, help you understand the impact of issues, and keep you updated as the issue is resolved.

What is the plus about Azure Service health :-

  • Azure Status provides a global view of the health state of Azure services
  • customizable dashboard that tracks the state of your Azure services in the regions where you use them.
  • Helps you diagnose and obtain support when an Azure service issue affects your resources

Cheers

And Enjoy the Cloud

Osama

Encryption on Azure

What is encryption?

Encryption is the process of making data unreadable and unusable to unauthorized viewers. To use or read the encrypted data, it must be decrypted, which requires the use of a secret key. 

There are two different type :-

  • Symmetric encryption :– Which mean you will use same key  to encrypt and decrypt the data
  • Asymmetric encryption :– Which mean you will use different key , for example Private and public key.

both of these two type having two different ways :-

  • Encryption at rest which mean data stored in a database, or data stored in a storage account.
  • Encryption in transit which means  data actively moving from one location to another.

So, there are different type of Encryption provided by Azure:-

  • Encrypt raw storage
    • Azure Storage Service Encryption :-  encrypts your data before persisting it to Azure Managed Disks, Azure Blob storage, Azure Files, or Azure Queue storage, and decrypts the data before retrieval.
    • Encrypt virtual machine disks low-level encryption protection for data written to physical disk
  • Azure Disk Encryption : this method helps you to encruypt the actually windows or Linux disk, the best way to do this is h Azure Key Vault.
  • Encrypt databases
    • Transparent data encryption :- helps protect Azure SQL Database and Azure Data Warehouse against the threat of malicious activity. It performs real-time encryption and decryption of the database.

The best way to do this which is Azure Key Vault,  cloud service for storing your application secrets. Key Vault helps you control your applications’ secrets by keeping them in a single, why should i use it :-

  • Centralizing the solutions.
  • Securely stored secrets and keys.
  • Monitor access and use.
  • Simplified administration of application secrets.

There are also two different kind of certificate in Azure which will helps you to encrypt for example the website or application, you need to know that Certificates used in Azure are x.509 v3 and can be signed by a trusted certificate authority, or they can be self-signed.

Types of certificates

  • Service certificates are used for cloud services
  • Management certificates are used for authenticating with the management API

Service certificates

which is attached to cloud services and enable secure communication to and from the service. For example, if you deploy a web site, you would want to supply a certificate that can authenticate an exposed HTTPS endpoint. Service certificates, which are defined in your service definition, are automatically deployed to the VM that is running an instance of your role.

Management certificates

allow you to authenticate with the classic deployment model. Many programs and tools (such as Visual Studio or the Azure SDK) use these certificates to automate configuration and deployment of various Azure services. However, these types of certificates are not related to cloud services.

Be noted that you can use Azure Key Vault to store your certificates.

Cheers

Osama

What storage i should go with Azure data storage ? what my business needs ?

Azure provides several storage options that accommodate specific types of data storage needs.

  • Azure SQL Database ( Amazon RDS).

Azure SQL Database is a relational database as a service (DaaS) based on the latest stable version of the Microsoft SQL Server database engine. SQL Database is a high-performance, reliable, fully managed and secure database. You can use it to build data-driven applications and websites in the programming language of your choice without needing to manage infrastructure.

You can migrate your existing SQL Server databases with minimal downtime using the Azure Database Migration Service. The service uses the Microsoft Data Migration Assistant to generate assessment reports that provide recommendations to help guide you through required changes prior to performing a migration. Once you assess and perform any remediation required, you’re ready to begin the migration process. The Azure Database Migration Service performs all of the required steps. You just change the connection string in your apps.

  • Azure Cosmos DB (In Amazon DynamoDB)

Azure Cosmos DB is a globally distributed database service. It supports schema-less data that lets you build highly responsive and Always On applications to support constantly changing data. You can use this feature to store data that is updated and maintained by users around the world. The following illustration shows a sample Azure Cosmos DB database that’s used to store data that’s accessed by people located across the globe.

  • Azure Blob storage (In Amazon it will be Amazon S3)

Azure Blob Storage is unstructured, meaning that there are no restrictions on the kinds of data it can hold. Blobs are highly scalable and apps work with blobs in much the same way as they would work with files on a disk, such as reading and writing data. Blob Storage can manage thousands of simultaneous uploads, massive amounts of video data, constantly growing log files, and can be reached from anywhere with an internet connection.

Blobs aren’t limited to common file formats. A blob could contain gigabytes of binary data streamed from a scientific instrument, an encrypted message for another application, or data in a custom format for an app you’re developing.

  • Azure Data Lake Storage (In Amazon Kinesis Analytics).

The Data Lake feature allows you to perform analytics on your data usage and prepare reports. Data Lake is a large repository that stores both structured and unstructured data.

Azure Data Lake Storage combines the scalability and cost benefits of object storage with the reliability and performance of the Big Data file system capabilities. The following illustration shows how Azure Data Lake stores all your business data and makes it available for analysis.

  • Azure Files (In Amazon Elastic File System)

Azure Files offers fully managed file shares in the cloud that are accessible via the industry standard Server Message Block (SMB) protocol. Azure file shares can be mounted concurrently by cloud or on-premises deployments of Windows, Linux, and macOS. Applications running in Azure virtual machines or cloud services can mount a file storage share to access file data, just as a desktop application would mount a typical SMB share. Any number of Azure virtual machines or roles can mount and access the file storage share simultaneously. Typical usage scenarios would be to share files anywhere in the world, diagnostic data, or application data sharing.

  • Azure Queue (In Amazon Simple Queue Service (SQS))

Azure Queue storage is a service for storing large numbers of messages that can be accessed from anywhere in the world.

Azure Queue Storage can be used to help build flexible applications and separate functions for better durability across large workloads. When application components are decoupled, they can scale independently. Queue storage provides asynchronous message queueing for communication between application components, whether they are running in the cloud, on the desktop, on-premises, or on mobile devices, Typically, there are one or more sender components and one or more receiver components. Sender components add messages to the queue, while receiver components retrieve messages from the front of the queue for processing.

  • Disk Storage (In Amazon Elastic Block Store (EBS))

Disk storage provides disks for virtual machines, applications, and other services to access and use as they need, similar to how they would in on-premises scenarios. Disk storage allows data to be persistently stored and accessed from an attached virtual hard disk. The disks can be managed or unmanaged by Azure, and therefore managed and configured by the user. Typical scenarios for using disk storage are if you want to lift and shift applications that read and write data to persistent disks, or if you are storing data that is not required to be accessed from outside the virtual machine to which the disk is attached, Disks come in many different sizes and performance levels, from solid-state drives (SSDs) to traditional spinning hard disk drives (HDDs), with varying performance abilities.

  • Storage type :-
    • Hot storage tier: optimized for storing data that is accessed frequently. –> Default in Amazon
    • Cool storage tier: optimized for data that are infrequently accessed and stored for at least 30 days. –> S3 Infrequent Access (IA)
    • Archive storage tier: for data that are rarely accessed and stored for at least 180 days with flexible latency requirements. –> In Amazon S3 Glacier

Cheers

Osama

Azure CLI For Beginners

What is Azure CLI ?

The Azure command-line interface (Azure CLI) is a set of commands used to create and manage Azure resources. The Azure CLI is available across Azure services and is designed to get you working quickly with Azure, with an emphasis on automation.

Documentation here

Create a Linux VM with the Azure CLI

The Azure CLI includes the vm command to work with virtual machines in Azure. We can supply several subcommands to do specific tasks. The most common include:

Sub-commandDescription
createCreate a new virtual machine
deallocateDeallocate a virtual machine
deleteDelete a virtual machine
listList the created virtual machines in your subscription
open-portOpen a specific network port for inbound traffic
restartRestart a virtual machine
showGet the details for a virtual machine
startStart a stopped virtual machine
stopStop a running virtual machine
updateUpdate a property of a virtual machine

Create new VM Using AZ CLI :-

az vm create --resource-group [resource group name] --location westus --name OsamaVM 
  --image UbuntuLTS --admin-username osama--generate-ssh-keys --verbose 

After creating the vmware , Public IP is assigned to create VM, to check the Public IP

Another way to check the IP by using the below command :-

az vm list-ip-addresses -n OsamaVM -o table

You could ports using AZ CLI for example

az vm open-port --port 80  --resource-group learn-9c22c502-355e-437b-9682-eb54b8c48e1c  --name OsamaVM

You can connect SSH to the VM Using the below command :-

There are pre defined image avaliable from Azure you can check them by :-

Or you can check the Avaliable Images in certain location, here you could find different between locations :-

For example also, the below command shows the images that has been created only By Microsoft :-

az vm image list --publisher Microsoft --output table --all

One More thing , To resize a VM, we use the vm resize command. For example, perhaps we find our VM is underpowered for the task we want it to perform. We could bump it up to a D2s_v3 where it has 2 vCores and 8 GB of memory. Type this command in Cloud Shell:

az vm resize --resource-group test-7223198d-cbdf-4fb7-bfd9-b609eaca3671 --name OsamaVM--size Standard_D2s_v3

Cheers

Enjoy

Osama

Complete Project Built on Amazon AWS

I would like to share the following project, the idea of the project is to share the knowledge and allow people to try full implementation on AWS and hands-on experience: –

  • Create the VM
  • Install Nginx with a reverse proxy listening on port 3333 and rerouting locally on port 8080 and make a small application that just ECHOs HTTP request on port 8080 (in any language you want).
  • Harden it using this script (or if you want to make your own on different OS configuration or a more updated one, we will compensate you for it.)
  • Ensure that you are using a custom service account and not the default one.
  • Make sure that everything is logged in Stackdriver including system, SSH log tentative,all application servers.
  • Make sure that the firewall is well configured and no extra port is opened.
  • Publish the VM.

The Solution that i created was the following: –

  • Use this CloudFormation script to deploy following an instance with following setup:
    • Echo request application
    • Centralized logging to CloudWatch
    • Hardened Operating System
  • The CloudFormation Script, makes use of several scripts and configuration files. Their links and description are as follows:-
  • For details on deployment architecture and configuration, please refer to the following documents:
    • Documentation : Contains overview on deployment architecture and high-level OS hardening & logging configurations.
    • CloudFormation Script: Contains details on architecture and OS hardening as well as logging configurations

Cheers & thank you

Osama

Dealing with s3 using Python – Boto3 Module – Upload/Download files from bucket

We all know Amazon AWS, one of the AWS Features called s3, refer to Simple Storage Service which is is a service offered by Amazon Web Services that provides object storage through a web service interface.

Amazon Provide different ways to deal with s3, either by console or by AWSCLI, But In this post i choose to work with s3 in different way, as most of you know, i love python because it’s very simple, not complicated and cross-platform programming language.

You can deal and manage s3 using python by module called boto3, in previous version it was called boto (without 3), you have to install this module to allow python import the library, very simple step

pip3 install boto3

or by the project Interpreter that you are using, in my case i am using PyCharm Community, Nice to deal with, you can install any module by doing the following

File --> Setting --> Project interpreter --> Press on + sign --> and search for the module you want to install 

I uploaded the scripts to my Github like usual here, the repository includes two different file

  • Upload to S3
  • Download from s3

It’s very simple scripts, but you have to update the following to ensure access to AWS S3

Inside the upload file S3

  • ACCESS_KEY_ID
  • ACCESS_SECRET_KEY
  • BUCKET_NAME
  • The Location of the files

Inside the download from S3 file

  • ACCESS_KEY_ID
  • ACCESS_SECRET_KEY
  • BUCKET_NAME

Cheers ✌😉

Osama

Build, Deploy and Run Node Js Application on Azure using Docker

This documentation explains step by step how to Build, Deploy and Run Node.js application on Azure using docker.

The idea was when one of the customer asked to do the automatation  them, and they already had application written using node js, so i searched online since i can’t post the code of the client here and found this sample insteaed of using the actual code 😅

Now, the readers should have knowledge with Azure Cloud, but this document will guide to create and work on Azure therfore you have to understand Azure Cloud Concept, Also basic knowledge with node js and how to write docker file, the provided everything on my Github here, the code is already sample and used to deployed on heroku, but  still can be deployed on Azure using the documentation 🤔

The documentation uploaded to my Slideshare.net here

 

Cheers

Osama

 

 

Error: Server refused our key or No supported authentication methods available

If you use PuTTY to connect to your instance and get either of the following errors, Error: Server refused our key or Error: No supported authentication methods available, verify that you are connecting with the appropriate user name for your AMI. Enter the user name in the User name box in the PuTTY Configuration window.

The appropriate user names are as follows:

  • For an Amazon Linux AMI, the user name is ec2-user.
  • For a RHEL AMI, the user name is ec2-user or root.
  • For an Ubuntu AMI, the user name is ubuntu or root.
  • For a Centos AMI, the user name is centos.
  • For a Fedora AMI, the user name is ec2-user.
  • For SUSE, the user name is ec2-user or root.
  • Otherwise, if ec2-user and root don’t work, check with the AMI provider.

Thanks
Osama