Azure - Aidan Finn, IT Pro

My Azure Load Balancer NAT Rule Won’t Work (Why & Solution)

I’ve had a bug in Azure bite me in the a$$ every time I’ve run an Azure training course. I thought I’d share it here. The course that I’ve been running recently focuses on VM solutions in a CSP subscription – so it’s all ARM, and the problem might be constrained to CSP subscriptions.

When I create a NAT rule via the portal, most of the time, the NAT rule fails to work. For example, I create a VM, enable an NSG to allow RDP inbound, and create a load balancer NAT rule to enable RDP inbound (TCP 50001 –> 3389 for a VM) It appears like there’s a timing issue behind the portal, because eventually the NAT rule starts to work.

There’s actually a variety of issues with load balancer administration in the Azure Portal:

The second step in creating a NAT rule is when the target NIC is updated; this fails a high percentage of the time (note the target being set to “–“ in the rule summary).
Creating/updating a backend pool can fail, with some/none of the virtual machines being added to the pool.

These problems are restricted to the Azure Portal. I have no such issues when configuring these settings using PowerShell or deploying a new resource group using a JSON template. That’s great, but not perfect – a lot of general administration is done in the portal, and the GUI is how people learn.

Technorati Tags: Azure,Virtual Machines,Networking

Understand Azure’s New VM Naming Standards

This post will explain how you can quickly understand the new naming standards for Azure VM sizes. My role has given me the opportunity to see how people struggle with picking a series or size of a VM in Azure. Faced with so many options, many people freeze, and never get beyond talking about using Azure.

Starting with the F-Series, Microsoft has introduced a structure for naming the sizes of virtual machines. This is welcome, because the naming of the sizes within the A-Series, D-Series, etc, was … … random at best.

The name of a size in the F-Series, the H-Series and the soon-to-be-released Av2 series is quite structured. The key is the number in the size of the machine; this designated the number of vCPUs in the machine.

Let’s start with the new Av2 series. The name of a size tells you a lot about that machine spec. For example, the A4v2 (note this is an A4 version 2), paying attention to the “4”:

4 vCPUs
8 GB RAM (4 x 2)
Can support up to 8 data disks (4 x 2)
Can have up to 4 vNICs

Let’s look at an F2 VM, paying attention to the “2”:

2 vCPUs
4 GB RAM (2 x 2)
Can support up to 4 data disks (2 x 2)
Can have up to 2 vNICs

You can see from above that there is a “multiplier”, which was 2 in the above 2 examples. The H-Series, is a set of large RAM VMs for HPC workloads, 8 GB RAM is pretty useless for these tasks! So the H-Series multiples things differently, which you can see with a H8, the smallest machine in this series:

8 vCPUs
56 GB RAM (8 x 7)
Can support up to 16 data disks (8 x 2)
Can have up to 2 vNICs

The RAM multiplier changed, but as you can see, the name still tells us about the processor and disk configuration.

Some sizes of virtual machine are specialized. These specializations are designated by a letter. Here are some of that codes:

S (is for SSD) = The machine can support Premium Storage, as well as Standard Storage
R (is for RDMA) = The machine has an additional Infiniband (a form of RDMA that is not Ethernet-based) NIC for high bandwidth, low latency data transfer
M (is for memory) = The machine has a larger multiplier for RAM than is normal for this series.

Let’s look at the A4mv2, noting the 4 (CPUs) and the M code:

4 CPUs, as expected
Can support up to 8 data disks (4 x 2), as expected
Can have up to 4 vNICs, as expected
But it has 32 GB RAM (4 x 8) instead of 8 GB RAM (4 x 2) – the memory multiplier was increased.

The F2s VM, we know has 2 vCPUs, 4 GB RAM, and can have up to 4 data disks and 2 NICs, but it differs slightly from the F2 VM. The S tells us that we can place the OS and data disks on a mixture of Standard Storage (HDD) and Premium Storage (SSD).

Let’s mix it up a little by returning to the HPC world. The H16mr VM does quite a bit:

It has 16 vCPU, as expected.
It has a lot of RAM: 224 GB RAM – the M designated that the expected x7 multiplier for 112 GB RAM was doubled to x14 (16 x 14 = 224).
It can support 32 data disks, as expected (16 x 2)
It can support up to 4 vNICs.
And the VM will have an additional Infiniband/RDMA NIC for high bandwidth and low latency data transfers (the R code).

Technorati Tags: Azure,IaaS,Virtual Machines

Seeding Azure Backup Using Secure Disk Transfer

Microsoft’s online backup service, Azure Backup, was recently updated to greatly improve how the first big backup is done to the cloud. These improvements impacted the Azure Backup MARS agent, Microsoft Azure Backup Server, and System Center Data Protection Manager (DPM). I recently recorded a short video to explain the problem, the soluition, and I show how you can use it – the process is the same across each of the 3 products.

Technorati Tags: Azure,Azure Backup,Backup,System Center,DPM

Hurricane Matthew – Start Those Planned Failovers

A hurricane is about to blast it’s way up the east coast of the USA, making landfall in south Florida probably early on Friday morning, and working it’s way up to Norfolk, VA, by Sunday morning. We know how much damage these hurricanes can do, especially if tides rise and seawater starts mixing with electric, servers, and storage – we’re talking not just business down, but business offline, and maybe even business dead. I’m sorry, but even a stretch cluster to a nearby location is subject to the same mess.

This is when a true DR solution is required. “But I cannot afford a DR solution”, you say. You can’t afford to not have one, but I do know what you could have deployed (it’s too late now, by the way, if you are in the target zone for Hurricane Matthew). Azure Site Recovery (ASR) is an OPEX-based way to get a DR site in the cloud. The cost is a monthly drip feed instead of the CAPEX big bang that a traditional DR site is:

$25 per replicated machine per month, in Azure South Central US.
Replicated disk storage starts at $0.05 per GB in the same Azure region.

The solution works with:

Hyper-V
vSphere
Physical servers

And it’s really simple to use and reliable; thousands (if not more) of businesses are deploying and testing ASR failovers on a regular basis. This out-of-“the box” shared platform is tested constantly, which makes it way more reliable than some home-baked solution.

You get full orchestration – so if I saw the forecast today, I could start my business continuity plan, start the failover and hit the road. My machines would start a planned failover (ordered and no data loss) to Azure and would be waiting for me when I get to my rendezvous point. Note that my orchestration can also kick off PowerShell scripts (Azure Automation) to do some fancy things, such as redirecting internet traffic that I had routed using Azure Traffic Manager.

If you have ASR and are in one of the areas that will be affected, then do a test failover, do any required remediation’s, and then start that failover. Hopefully, your business is not damaged and you can do a failback afterwards (if you want to). If you don’t have a DR solution, I hope you survive, and have the sense to look at ASR soon afterwards – it is hurricane season!

Technorati Tags: Azure,DR,Azure Site Recovery

Azure VM Price Reductions And Changes

Microsoft released news overnight that they have reduced the cost of some Azure virtual machines, effective October 1st.

I help price up a lot of Azure IaaS solutions. Quite a few of the VM solutions never go anywhere, and I’m pretty sure that the per-minute/hour costs of the VMs play a big role in that (there’s a longer story here, but it’s a tangent). Microsoft has reduced the costs of their workhorse Azure virtual machines to combat this problem. I welcome this news – it might get me a little closer to my targets

The costs of Basic A1 and Basic A2 (great for DCs and file servers!) VMs are reduced by up to 50%, A Basic A2 (will run Azure AD Connect for a small-mid biz) will now cost €70.90 per month in North Europe (Dublin).
The price of the Dv2 series VMs is being reduced by up to 15%.
The fairly new F-Series is seeing reductions of up to 11%.

The launch of the new UK regions made me wonder if Microsoft had deprecated the A-Series VMs – the UK regions cannot run the Basic A- or Standard A-Series VMs. These VMs are old, running on wimpy power consumption optimized Opteron processors. Microsoft went on to announce that a new Av2 series of virtual machines will be launched in November, with prices being up to 36% lower than the current A-Series. This is great news too. The D-, F-, G-, N-Series VMs get all of the headlines but it’s the A-Series machines that do the grunt work, and it would have been a shame if the most affordable series had been terminated.

Technorati Tags: Azure,Virtual Machines

Microsoft Azure & Office 365 Data Centres Go Live in UK

Microsoft has opened up the Azure data centres (centers for those of you in the USA) for Azure, Office 365, and more) in the UK. Azure has two new regions, UK West which is listed as Cardiff but is probably in Newport, and UK South which is listed as London but is probably near London. Office 365 (just Exchange Online and SharePoint Online at this time) is running out of “London” and Durham (northeast England). More services will be added over time to the O365 locations – Dynamics CRM Online is due in H1 2017.

I have just deployed my first VM in Azure UK West.

This is a big step forward for Microsoft because it means that they can sell cloud services to government and business customers that are wary of foreign locations (Ireland and Netherlands are soooo dodgy , but seriously, “Brexit” could cause issues otherwise) in one of the biggest markets in Europe.

Microsoft’s poor geography skills has been highlighted once again … by Mark Wilson (@markwilsonit).

The map shared by Microsoft Azure places UK West (Cardiff) in Edinburgh, which is several hundred miles north, and UK South in in the “west country”, several hours from London, and quite close to Cardiff! This is in addition to West Europe which is east of North Europe.

This sort of thing is serious because people do rely on this stuff to determine the best location to place services, and often use the wrong region.

It’s interesting to explore the Azure services available in the UK regions. Deprecated services like D-Series VMs (Dv2 is the successor) and RemoteApp (terminating next year) are not available in the UK. ExpressRoute isn’t there yet, even though POPs are present in the UK. The storage import/export service isn’t there yet either – I wonder if this is tied to the lack of this functionality (at this time) for ARM storage accounts. Also missing are a lot of the “new age” services like Azure AD, IoT, big data. Importantly for the SME market, ASR and Azure Backup are missing at this time. The regions are new, so it’s probably the usual cloud thing where they get core functionality live and earning revenue, before getting the other bits online.

So that’s now 26 Azure regions, live around the world with 4 in Europe. 6 more have been announced, with 2 of those being privately operated ones in Germany.

How To Get DPM/Azure Backup Server To Use USB Drive As Backup Storage

If you are running a demo or test lab, and you need some additional economical storage for backups, then you might think “I’ll use a USB drive”. However, DPM (and therefore Azure Backup Server) do not support adding a disk on a USB controller as a backup target. I struggled with this, and then it hit me this morning.

Storage Spaces will abstract that the disk is connected via USB

I connected the disk, made sure it was unformatted and offline, launched Server Manger and created a pool from the primordial pool. I then create a simple virtual disk from the pool, and chose not to format it. Back into Azure Backup Server, and I was able to add the disk as a backup target.

How To Set Up Email Alerts In Azure Backup (Preview)

Microsoft announced, in a cryptic way, that Azure Backup has “additional monitoring and alerting capabilities”. Let’s focus on alerting because that’s been a huge request for Azure Backup. Every single meeting I’ve had on the subject included the question “does it do alerts?” and the answer for the last 2.5 years was “no, but it’s coming”. Finally, it’s here! For some customers.

If you are using the recovery services vault – Azure Backup in the Azure Portal – then you’re in luck. Open your vault and browse to Settings. Click Alerts & Events.

Click Backup Alerts – note that Site Recovery Events (alerting for ASR DR) has been available for quite a while.

The Backup Alerts dialog opens. This is where all alerts will be displayed. You can filter the information in this blade based on severity, status, time and date. We’ll continue with setting up email notifications.

Click Configure Notifications

Enable notifications.

Enter the email addresses (preferably of mail groups and systems, not people) that you want the alerts to go to. Use a semi-colon ( ; ) to separate multiple addresses.

Choose if you want to get 1 email per alert or if you want an hourly digest.

And select what kinds of alerts you want to be notified about. Maybe Warning and Critical would be best, but some of you like to know about successful backups (you tape-loving lugs).

Click Save. And you are done.

But what if you are one of the customers that has been using Azure Backup, maybe for years, via the backup vault in the classic Management Portal? Sorry – no alerting for you. I hope that Azure Backup creates a way to migrate customers from the backup vault to the recovery services vault, including the ability to migrate to a different subscription (e.g. Open/direct/EA to CSP).

Technorati Tags: Azure,Backup

New Azure Resource Manager VM Deployment Wizard

Microsoft made a small change to the Basics blade of the ARM VM deployment wizard, which I noticed for the first time this morning.

Microsoft is constantly changing the Azure Portal. Feedback, new features, and probably metrics gathered from our usage, shape the solution. It’s gone from being a horrible tool to something I find to be, not only, useful, but also educational – the portal helps me find new things in Azure and understand how things fit together. For example, I tried reading about the Azure ARM load balancer but all of the materials were infinite loop gibberish. I open the portal, deployed a template, and traced how the pieces fit together.

Part of the feedback Microsoft gets is that the UI is “too big”. You have to click and scroll too much. A big improvement was the “all settings” blade which removed the “symantec” from the design and put all of a resource’s features into one flat and discoverable blade.

We got another such improvement in the last couple of days. When we are building a VM in the portal we have to select a spec and size of VM. That opens up a HUGE blade with dozens of options, each presented in a little frame with details of that VM spec/size. Only the other day, I though that this blade had become a pain in the a**. Microsoft has eased the pain (a little) by changing the Basics blade. As you can see below, a new list box asks if we want a VM with SSD or HDD storage – that’s a little over simplified but that’s a conversation for another time. Selecting one option filters what options the Size blade needs to show you.

Note that this change only affects the deployment of ARM virtual machines. The old experience is still there for Classic (ASM) virtual machines.

I do have another option for Microsoft … cull the numbers of specs of VM. Do we really need Basic A, Standard A, D, DS, Dv2, F, FS, G, GS, NC and NV, each with a number of sizes? I used to be able to explain the features/differences of the different series with a single PowerPoint slide … now it’s a presentation deck all of it’s own!

Technorati Tags: Azure,Virtual Machines