First Cloud Mechanix Azure Course Completed

Last week, I delivered my first ever Cloud Mechanix Azure training course, to a full room in the Lancaster Gate area of London, UK.

It was a jam-packed full 2 days of Azure storage, networking, virtual machines, backup, DR, security, and management, with lots of hands-on labs. Half the attendees were from the UK, the rest from countries such as Denmark, Netherlands, Belgium, and even Canada! I had a lot of fun teaching the class – there were lots of questions and laughs. And as often happens in these classes, the interactions lead me to picking up a couple of ideas from the attendees.

In my class, everyone gets hands-on labs a few days before the event. That allows them to get their laptops ready. On the day, they get copies of the slides so they can follow/along or make notes on their laptops – the labs and slides are updated with the latest information that I have. The goal of the class isn’t to teach you where to click, but why to click. In the cloud, things move and get renamed so detailed instructions age very quickly. But what lasts is understanding the why. Not everyone got to finish the hands-on labs, but I am available to help the attendees complete the labs.

If this course sounds interesting to you, then we have another class running in Amsterdam in April. Some tweaks are being made the labs/slides (which the London class will be getting too) and, as always, the April class will be getting the latest that I can share on Azure.

Delivering My First “Cloud Mechanix” Azure Training Course Today

I’m in London right now, preparing to deliver my first Azure training course by my very own company (co-owned/run with my wife, Nicole), Cloud Mechanix. I actually wrote this post yesterday and scheduled it for release, because I predicted that I’d be busy.

The class is sold out, 20 people from around the world are attending, from the UK, continental Europe, and from as far away as Canada! I’m blown away that our first course sold like this. I have 2 days to teach as much Azure infrastructure as I can. The goal is to give people the foundations and best practices for building, securing, managing, and protecting stable and well performing systems in the cloud. There’s lots of tips in the class, and I’ve build a set of hands-on exercises so there’s a practical side to the theory – the attendees will build a sample reference architecture for VM-based solution.

I can’t teach everything in two days, but I can teach what you need to know, so learning more is easy. As I’ve found with a different Azure VM class that I developed & teach for my employer in Dublin, this class is a foundation for Azure. Once you know this material, you have the bits to move on to other hybrid or PaaS-based solutions in Microsoft’s cloud.

I’m so excited! A certain friend of mine who retired recently has been telling me to do this for the last 5 years. Last year, Nicole told me I needed to do this. I made the decision to start writing the course. If I was up early with our youngest daughter, I’d sit down in the office once she fell back asleep and I’d write. Or when I brought my eldest daughter to gymnastics class, I’d wait outside in the car, writing. Pretty much every free moment of the last month went into updating the content – and I’ll probably still do an update or two (on managed disks) early on Thursday morning. So here I am (or will be) in London, counting down the minutes until the attendees walk in the door, we make introductions, and we sit down to start a learning experience together.

London is sold out, but we have another class running in Amsterdam on April 19-20. The venue is a hotel near Schiphol airport, making it very easy to get to – it’s not too central in Amsterdam, and Schiphol is one of the best connected airports in Europe. Half of the seats are already gone so, if you are interested, you will need to move quick.

Azure-to-Azure Site Recovery Fails – Connection Cannot Be Established

In this post, I’ll explain how to fix the following errors when you attempt to replicate an Azure virtual machine from one Azure Region to another:

Error 151072: Connection cannot be established to Azure Site Recovery service endpoints.

And:

Error 539: The requested action couldn’t be performed by the ‘A2A’ Replication Provider.

The Cause

A2ASR (the abbreviation of the ASR service for Azure VMs) uses an extension (guest OS agent) called the Mobility Service to migrate disk contents from a source virtual machine to a target (secondary) region (or DR site). The Mobility Service is using the networking of the virtual machine to talk the ASR endpoints in the secondary region. That traffic is therefore going over the NIC and virtual network of the VM, and then to the target region via the Azure backbone.

if you have restricted outbound traffic for your virtual machines, then you might have blocked this traffic:

  • Third party firewall appliances
  • Using Network Security Groups (NSGs), as I documented here

The Fix

Woops! Don’t worry, you’ve already created exceptions to allow your virtual machine to boot up. You can create more exceptions to allow the virtual machines to talk to the ASR endpoints (see the below screenshot). Let’s imagine that I am replicating from North Europe to West Europe.

 

image

I’ll need at least one set of rules, enabling outbound traffic from my VNet/NICs in the source region, North Europe, to the two IP addresses of the target region, West Europe.

I will also have to enable inbound traffic from my target region, West Europe, to my destination region, North Europe. Why? Isn’t all my traffic going from North Europe to West Europe? That’s true – now. But if you failover to West Europe, you will need to reverse replication afterwards, so you might as well get things right now.

A Script

It all looks messy at first. It probably isn’t too bad. But if you’d like to deploy a canned script to update NSGs, you can. Microsoft has shared a script that you can run. You will need a few pieces of information:

  • NSG name
  • NSG resource group name
  • Subscription ID
  • Source region
  • Target region

Run the script (it will prompt you to log in) from source to target, and then reverse the details, treating the target as the source, and vice versa with the NSG(s) in the DR site.

Where’s the Service Tags?

Storage accounts and Azure SQL all have service accounts, but ASR does not. I believe that ASR should have service tags to avoid all of this IP messiness. If you agree, vote here, or forever stay quiet on the subject.

Was This Kind of Information Useful?

If you found this information useful, then imagine what 2 days of training might mean to you. I’m delivering a 2-day course in Amsterdam on April 19-20, teaching newbies and experienced Azure admins about Azure Infrastructure. There’ll be lots of in-depth information, covering the foundations, best practices, troubleshooting, and advanced configurations. You can learn more here.

Replicate VM Managed Disks Between Azure Regions

Last week, Microsoft announced that Azure Site Recovery (ASR) for Azure Virtual Machines (in preview still), the system for replicating Azure virtual machines from one region to another, added support for managed disks. To this I say …

Waaahoooooo!

Managed disks are the best way to deploy Azure VM storage because they’re easier to plan for (performance), have predictable pricing (Standard), and have way more management features. Unfortunately, I still found myself advising some customers to use un-managed disks (disks in storage accounts) because those customers needed to be able to replicate VMs from one region to another, e.g. North Europe to West Europe.

But now we have support for managed disks in the preview replication service.

All is not entirely rosy. I’ve been waiting on this feature for this web server since before a “non-“hurricane hit Ireland late last year. I tried to enable the feature (nice experience in the Azure portal, btw) but the replication fails because of a weird “disk.name” error. I’ve reported the issue and hopefully it’ll be fixed.

Would You Like To Learn How To Enable This Feature?

If you found this information useful, then imagine what 2 days of training might mean to you. I’m delivering a 2-day course in Amsterdam on April 19-20, teaching newbies and experienced Azure admins about Azure Infrastructure. There’ll be lots of in-depth information, covering the foundations, best practices, troubleshooting, and advanced configurations. You can learn more here.

Adding Azure Monitor Performance Alerts Using PowerShell

Below is a sample script for adding Azure Metrics alerts using Azure Monitor. It is possible to create alerts using the Azure Portal, but that doesn’t scale well because each alert is specific to one VM. For example, if you have 4 alerts per VM, and 10 VMs, then you have to create 40 alerts! One could say: Use Log Analytics, but there’s a cost to that, and I find the OMS Workspace to be immature. Instead, one can continue to use Resource/Azure Monitor metrics, but script the creation of the metrics alerts.

Once could use JSON, but again, there’s a scale-out issue there unless you build this into every deployment. But the advantage with PowerShell is that you can automatically vary thresholds based on the VM’s spec, as you will see below – some metric thresholds vary depending on the spec of a machine, e.g. the number of cores.

The magic cmdlet for doing this work is Add-AzureRmMetricAlertRule. And the key to making that cmdlet work is to know the name of the metric. Microsoft’s docs state that you can query for available metrics using Get-AzureRmMetricDefinition, but I found that with VMs, it only returned back the Host metrics and not the Guest metrics. I had to do some experimenting, but I found that the names of the guest metrics are predictable; they’re exactly what you see in the Azure Portal, e.g. \System\Processor Queue Length.

The below script is made up of a start and 2 functions:

  1. The start is where I specify some variables to define the VM, resource group name, and query for the location of the VM. The start can then call a series of functions, one for each metric type. In this example, I call ProcessorQLength.
  2. The ProcessorQLength function takes the VM, queries for it’s size, and then gets the number of cores assigned to that VM. We need that because the alert should be triggers if the average queue length per core is over 4, e.g. 12 for a 4 core VM. The AddMetric function is called with a configuration for the \System\Processor Queue Length alert.
  3. The AddMetric function is a generic function capable of creating any Azure metrics alert. It is configured by the parameters that are fed into it, in this case by the ProcessorQLength function.

Here’s my example:

#A generic function to create an Azure Metrics alert
function AddMetric ($FunMetricName, $FuncMetric, $FuncCondition, $FuncThreshold, $FuncWindowSize, $FuncTimeOperator, $FuncDescription)
{
    $VMID = (Get-AzureRmVM -ResourceGroupName $RGName -Name $VMName).Id
    Add-AzureRmMetricAlertRule -Name $FunMetricName -Location $VMLocation -ResourceGroup $RGName -TargetResourceId $VMID -MetricName $FuncMetric -Operator $FuncCondition -Threshold $FuncThreshold -WindowSize $FuncWindowSize -TimeAggregationOperator $FuncTimeOperator -Description $FuncDescription
}

#Create an alert for Processor Queue Length being 4x the number of cores in a VM
function ProcessorQLength ()
{
    $VMSize = (Get-AzureRMVM -ResourceGroupName $RGName -Name $VMName).HardwareProfile.VmSize
    $Cores = (Get-AzureRMVMSize -Location $VMLocation | Where-Object {$_.Name -eq $VMSize}).NumberOfCores
    $QThreshold = $Cores * 4
    AddMetric "$VMname - CPU Q Length" "\System\Processor Queue Length" "GreaterThan" $QThreshold "00:05:00" "Average" "Created using PowerShell"
}

#The script starts here
#Specify a VM name/resource group
$VMName = "vm-test-01"
$RGName = "test"
$VMLocation = (Get-AzureRMVM -ResourceGroupName $RGName -Name $VMName).Location

#Start running functions to create alerts
ProcessorQLength

Was This Post Useful?

If you found this information useful, then imagine what 2 days of training might mean to you. I’m delivering a 2-day course in Amsterdam on April 19-20, teaching newbies and experienced Azure admins about Azure Infrastructure. There’ll be lots of in-depth information, covering the foundations, best practices, troubleshooting, and advanced configurations. You can learn more here.

Azure Schedules Maintenance & Downtime For January 9th

Microsoft are currently distributing the following email template:

Performance, security, and quality are always top priorities for us. I am reaching out to give you an advanced notice about an upcoming planned maintenance of the Azure host OS. The vast majority of updates are performed without impacting VMs running on Azure, but for this specific update, a clean reboot of your VMs may be necessary. The VMs associated with your Azure subscription may be scheduled to be rebooted as part of the next Azure host maintenance event starting January 9th, 2018. The best way to receive notifications of the time your VM will undergo maintenance is to setup Scheduled Events <https://docs.microsoft.com/en-us/azure/virtual-machines/windows/scheduled-events> .

If your VMs are maintained, they will experience a clean reboot and will be unavailable while the updates are applied to the underlying host. This is usually completed within a few minutes. For any VM in an availability set or a VM scale set, Azure will update the VMs one update domain at a time to limit the impact to your environments. Additionally, operating system and data disks as well as the temporary disk on your VM will be retained (Aidan: the VM stays on the host) during this maintenance.

Between January 2nd and 9th 2018, you will be able to proactively initiate the maintenance to control the exact time of impact on some of your VMs. Choosing this option will result in the loss of your temporary disk (Aidan: The VM redeploys to another host and gets a new temporary disk). You may not be able to proactively initiate maintenance on some VMs, but they could still be subject to scheduled maintenance from January 9th 2018. The best way to receive notifications of the time your VM will undergo maintenance is to setup Scheduled Events <https://docs.microsoft.com/en-us/azure/virtual-machines/windows/scheduled-events> .

I have put together a list of resources that should be useful to you.

* Planned maintenance how-to guide and FAQs for Windows <https://docs.microsoft.com/en-us/azure/virtual-machines/windows/maintenance-notifications> or Linux <https://docs.microsoft.com/en-us/azure/virtual-machines/linux/maintenance-notifications> VMs.

* Information about types of maintenance <https://docs.microsoft.com/en-us/azure/virtual-machines/windows/maintenance-and-updates> performed on VMs.

* Discussion topics for maintenance on the Azure Virtual Machines forums.

I am committed to helping you through this process, please do reach out if I can be of any assistance.

Regards

<Insert signature>

In short, a deployment will start on Jan 9th that will introduce some downtime to services that are not in valid availability sets. If you are running VMs that might be affected, you can use the new Planned Maintenance feature between Jan 2-9 to move your VMs to previously updated hosts at a time of your choosing. There will be downtime for the Redploy action, but it happens at a time of your choosing, and not Microsoft’s.

For you cloud noobs that want to know “what time on Jan 9th the updates will happen?”, imagine this. You have a server farm that has north of 1,000,000 physical hosts. Do you think you’ll patch them all at 3am? Instead, Microsoft will be starting the deployment, one update domain (group of hosts in a compute cluster) at a time, from Jan 9th.

And what about the promise that In-Place Migration would keep downtime to approx 30 seconds. Back when the “warm reboot” feature was announced, Microsoft said that some updates would require more downtime. I guess the Jan 9th update is one of the exceptions.

My advice: follow the advice in the mail template, and do planned maintenance when you can.

Want to Learn About In-Place Migration, Availability Sets, Update & Fault Domains?

If you found this information useful, then imagine what 2 days of training might offer you. I’m delivering a 2-day course in Amsterdam on April 19-20, teaching newbies and experienced Azure admins about Azure Infrastructure. There’ll be lots of in-depth information, covering the foundations, best practices, troubleshooting, and advanced configurations. You can learn more here.

Video – Understanding the Azure VM Series

This short video will show you how to quickly understand the Azure virtual machine (VM) series, how to pick one for a deployment, and how to select the right size. I show my technique for remembering what each SKU name means, so when you read it, you know exactly what that machine can do, and what the host offers.

Was This Video Useful?

If you found this information useful, then imagine what 2 days of training might mean to you. I’m delivering a 2-day course in Amsterdam on April 19-20, teaching newbies and experienced Azure admins about Azure Infrastructure. There’ll be lots of in-depth information, covering the foundations, best practices, troubleshooting, and advanced configurations. You can learn more here.

New Virtual Machines Series in Azure Dublin / North Europe

I was helping troubleshoot something for a customer today when I noticed that some of the newer VM series have finally arrived in Azure’s Dublin / North Europe region:

  • D_v3: The successor to the D_v2 machines (including the “S” Premium Storage variants) that are designed for disk/database workloads. The machine is 28% cheaper than the RRP of the D_v2, but that’s because it offers VMs on hosts with Hyperthreading … which reduces CPU performance by 28%. Common workloads care more about affordable core counts than GHz, which is what the D_v3 offers.
  • E_v3: The memory-optimized versions (more memory) of the D_v2 are also here, with the same 28% price/GHz reduction.
  • NV: These are machines with direct (not virtualized) access to NVIDIA M60 chipsets on their hosts, specialized for desktop virtualization.
  • NC: You can run virtual machines that are designed for computational workloads (simulations, etc) with these machines, using non-virtualized access to NVIDIA Tesla K80 GPUs.

I’ve just upgraded this server (shutdown – resize  – restart) from a DS2_v2 to a DS2_v3.

FYI, if you are still using the D_v2 promo offer in North Europe, you had better start planning for upgrading to the D_v3 soon if you want to keep that low price. It’s just a matter of time now until Microsoft announces the end of the pre-D_v3 promotion on D_v2 machines, and the price of the D_v2 returns back to normal (28% higher than the promo).

Was This Post Useful?

If you found this information useful, then imagine what 2 days of training might mean to you. I’m delivering a 2-day course in Amsterdam on April 19-20, teaching newbies and experienced Azure admins about Azure Infrastructure. There’ll be lots of in-depth information, covering the foundations, best practices, troubleshooting, and advanced configurations. You can learn more here.

I Am Running My “Starting Azure Infrastructure” Course in London on Feb 22/23

I am delighted to announce the dates of the first delivery of my own bespoke Azure training in London, UK, on February 21st and 22nd. All the details can be found here.

In my day job, I have been teaching Irish Microsoft partners about Azure for the past three years, using training materials that I developed for my employer. I’m not usually one to brag, but we’ve been getting awesome reviews on that training and it has been critical to us developing a fast growing Azure market. I’ve tweeted about those training activities and many of my followers have asked about the possibility of bringing this training abroad.

So a new venture has started, with brand new training, called Cloud Mechanix. With this business, I am bringing brand-new Azure training to the UK and Europe.  This isn’t Microsoft official training – this is my real world, how-to, get-it-done training, written and presented by me. We are keeping the classes small – I have learned that this makes for a better environment for the attendees. And best of all – the cost is low. This isn’t £2,000 training. This isn’t even £1,000 training.

The first course is booked and will be running in London (quite central) on Feb 22-23. It’s a 2-day “Starting Azure Infrastructure” course that will get noobies to Azure ready to deploy solutions using Azure VMs. And experience has shown that my training also teaches a lot to those that think they already know Azure VMs. You can learn all about this course, the venue, dates, costs, and more here.

I’m excited by this because this is my business (with my wife as partner). I’ve had friends, such as Mark Minasi, telling me to do this for years. And today, I’m thrilled to make this happen. Hopefully some of you will be too and register for this training Smile