Loading...

Follow AZURE HEROES on Feedspot

Continue with Google
Continue with Facebook
or

Valid
intro
As infrastructures get ever more complex, managing security becomes a significant issue. Alerts and logs are coming from many different systems, in as many different formats, and it's important that the right information is delivered to the right person in order to make the right decision to prevent a security breach.
That 'right time' information model is critical, and it needs tooling that can bring all these information sources and events into one place. Security Information and Event Management, SIEM, is a rapidly growing part of the enterprise security market, building and delivering smart security dashboards that analyze and priorities these messages, using a mix of log file analysis and machine learning. In a complex threat environment, modern data centers need a SIEM to operate effectively, sat next to your application and network monitoring tools and helping manage your response to incidents and warnings
Azure sentinel
Microsoft recently launched Azure Sentinel, its approach to modern SIEM. Working across on-premises and in-cloud infrastructure, it's intended to be easy to set up, low maintenance, and easy to use. By building on cloud-scale data collection, and on Microsoft's own threat detection tools, Azure Sentinel can automate response using orchestration across your entire estate. It's software-as-a-service so it's scalable, and you only pay for the resources you use. The biggest advantage is its support for Microsoft security graph
Building on the full range of existing Azure services, Azure Sentinel natively incorporates proven foundations, like Log Analytics, and Logic Apps. Azure Sentinel enriches your investigation and detection with AI, and provides Microsoft’s threat intelligence stream and enables you to bring your own threat intelligence.


Getting started
1-Go into the Azure portal
2-Click on Create a resources
3-Search of Azure sentinel
4- Click on Create
5-Azure Sentinel WorkSpaces window will be open
6-Click on Create Workspace
7-Click on Add button
8-Enter the required information in our example i choose "AzureHerosWP" 
Azure Sentinel can run on workspaces that are deployed in any of the following regions:
  1. Australia Southeast
  2. Canada Central
  3. Central India
  4. East US
  5. East US 2 EUAP (Canary)
  6. Japan East
  7. Southeast Asia
  8. UK South
  9. West Europe
  10. West US 2
9-Once it done, now we have to connect the data sources
10-In my case I will connect it with Azure Virtual Machines which I already have
11-Click on desired virtual machine then click on Connect
12-Connect the Workspace to Azure Sentinel
13- From the dashboard itself you can get analysis of what's happening on your environment, fusion technique used here to correlate alerts into cases you reduce noise and minimize the number of alerts you have to review and investigate
Use Toolbar to
  • Get how many events you got over the time period selected
  • Get The alerts that were triggered
  • Get The Event status : How many are open,in progress, and closed
Finally, to start hunting:
Create detection rules then start Respond to threats by creating playbook to run automatically when an alert is triggered when you configure the playbook or Manually run a playbook from inside the alert, by clicking View playbooks and then selecting a playbook to run.





Ref:
https://docs.microsoft.com/en-us/azure/sentinel/
https://www.techrepublic.com/article/azure-sentinel-microsofts-thoroughly-modern-siem/
  • Show original
  • .
  • Share
  • .
  • Favorite
  • .
  • Email
  • .
  • Add Tags 
StorSimple- is a hybrid device that helps enterprises consolidate their storage infrastructure for primary storage, data protection, archiving, and disaster recovery on a single solution by tightly integrating with Azure storage
Basic Information
  • Protocol support: iSCSI
  • Uses virtualization infrastructure (Hyper-V or VMware)
  • Capacity: Up to 64 TB usable capacity per virtual array, while local capacity 390 GB to 6.4 TB usable capacity per virtual array (need to provision 500 GB to 8 TB of disk space)
On July 31, 2019 the StorSimple 5000/7000 series will reach end of support (EOS) status. We recommend that StorSimple 5000/7000 series customers migrate to one of the alternatives described in the document. Upgrade now
Use Cases
The StorSimple Virtual Array is best suited for infrequently accessed data. While the virtual array has a local cache to boost performance, users should assume that the device services files at the lowest tier of storage (the cloud). Each virtual array can write and read to Azure storage at approximately 100 Mbps. That link is shared across all the requests coming into the device and can become a bottleneck
  1. Document management
  2. SharePoint
  3. File servers or Archiving for Remote Office/Branch Office (ROBO)
  4. Virtual environments with VM sprawl
How does it work?
It integrates with cloud services to provides a set of management tools for a seamless view of all enterprise storage, including cloud storageStorSimple uses storage tiering to manage stored data. The current working set is stored on-premises on solid state drives (SSDs). Your data that is used less frequently is stored on hard disk drives (HDDs), and archival data is pushed to the cloud.
StorSimple also utilities deduplication and compression to reduce the amount of storage that your data consumes.
In addition to storage management, StorSimple data protection features enable you to create on-demand and scheduled backups to then store them locally or in the cloud. Backups are taken in the form of incremental snapshots, which means that they can be created and restored quickly
  • Show original
  • .
  • Share
  • .
  • Favorite
  • .
  • Email
  • .
  • Add Tags 
Currently the only ways to transfer data to azure is using on of the following techniques
  1. Using Azure Storage explorer
  2. Using Azure AzCopy
  3. Azure Import/Export Services
Note: It might take a long time, depending on your Azure connectivity and many factors
Let's start explaining azure Data box, the features and the models
  • Azure Data Box
The Microsoft Azure Data Box cloud solution lets you send terabytes of data into Azure in a quick, inexpensive, and reliable way. The secure data transfer is accelerated by shipping you a proprietary Data Box storage device. Each storage device has a maximum usable storage capacity of 80 TB and is transported to your datacenter through a regional carrier. The device has a rugged casing to
  1. protect and secure data during the transit.
  2. Provides simple, secure, SSD disk-based offering for offline data transfer to Azure
  3. Transport as much as 40TB of data into Azure by connecting the disks to a computer via USB or SATA
  4. Cost $80 + shipping both ways + Egress charges if exporting from Azure
  5. 7-10 days processing time from device receipt date

Basic information
Three models are available
  • Azure Data Box Disk
  1. Provides simple, secure, SSD disk-based offering for offline data transfer to Azure
  2. Transport as much as 40TB of data into Azure by connecting the disks to a computer via USB or SATA
  • Data Box
  1. Capacity: 100 TB
  2. Secure, ruggedized, human transportable offline transport appliance
  3. Partner friendly and easily integrates with existing customer networks
  4. Specifications: 7 U when placed in the rack on its side (cannot be rack-mounted), Weight < 50 lbs.
  • Data Box Heavy
  1. Large form factor, ruggedized, and transportable device providing secure offline data transfer to Azure.
  2. Capacity :1 PB
  3. Slightly different ordering/logistical process to accommodate new form factor
  • Data Box Edge
  1.  Capacity: ~ 25TB
  2. Customer resident hardware device providing intelligent data tiering/storage gateway functionality along with compute capability to run Azure Edge workloads
  3. Support for Azure IOT Edge scenarios



Use Cases
Data Box is ideally suited to transfer data sizes larger than 40 TBs in scenarios with no to limited network connectivity. The data movement can be one-time, periodic, or an initial bulk data transfer followed by periodic transfers. Here are the various scenarios where Data Box can be used for data transfer.
  1. One time migration - when large amount of on-premises data is moved to Azure. Moving a media library from offline tapes into Azure to create an online media library. Migrating your VM farm, SQL server, and applications to Azure. Moving historical data to Azure for in-depth analysis and reporting using HDInsight
  2. Initial bulk transfer - when an initial bulk transfer is done using Data Box (seed) followed by incremental transfers over the network. For example, backup solutions partners such as Commvault and Data Box are used to move initial large historical backup to Azure. Once complete, the incremental data is transferred via network to Azure storage.
  3. Periodic uploads - when large amount of data is generated periodically and needs to be moved to Azure. For example in energy exploration, where video content is generated on oil rigs and windmill farms

Benefits
Data Box is designed to move large amounts of data to Azure with little to no impact to network. The solution has the following benefits:

  1. Speed - Data Box uses 1 Gbps or 10 Gbps network interfaces to move up to 80 TB of data into Azure.

  2. Secure - Data Box has built-in security protections for the device, data, and the service.
    1. The device has a rugged casing secured by tamper-resistant screws and tamper-evident stickers.
    2. The data on the device is secured with an AES 256-bit encryption at all times.
    3. The device can only be unlocked with a password provided in the Azure portal.
    4. The service is protected by the Azure security features.
    5. Once your data is uploaded to Azure, the disks on the device are wiped clean, in accordance with NIST 800-88r1 standards

  • Show original
  • .
  • Share
  • .
  • Favorite
  • .
  • Email
  • .
  • Add Tags 
This was a particularly old issue which I had experienced before so I thought it’s worth writing about it.
Issue
Unable to reach/ping Cluster role VIP
Troubleshooting
The real case -
One of our customer called me today morning and he asked me to take a remote session ASAP and help him to fix the issue in one of SQL Failover cluster instance, as he is unable to ping the FCI VIP After failover the role to the second node! while from both nodes you still can reach/ping the SQL cluster VIP!!
  • Windows cluster with two nodes VM01 and VM02
  • There are two SQL FCI's installed 2016
  • Each node has two NICs, one for the LAN and management network, and one for the heartbeat network
  • The cluster consists of three Network resource; a cluster IP address and 2 SQL instance addresses which float between the two nodes depending on which one is active.
 then,,,

I took a remote session, I start working on the issue as per the action plan below :-
  • Check Windows Logs -nothing clear or related to the issue!
  • Checking SQL Los Patch Windows And SQL to the latest updated - still can't ping
  • Disable Symantec EP Firewall - still can't ping
  • Run Windows failover cluster validation - All tests where passed

I start thinking if I failover File server role to different node what will happened! is the issue affecting SQL FCI only!

Meanwhile, I asked the customer to failover the File server role to second node , and suddenly the file server IP become unreachable, I came to know that the issue affecting all Windows failover cluster role in the Customer Site!

My Colleague, he is a senior network Engineer start checking the network switches and firewalls, he realized that the MAC address associated with the cluster IP addresses wasn’t changing to the MAC address of node VM02 when we failover the role from VM01 to VM02 – which is what we would expect as a result of the failover operation

commands he used during his troubleshooting :-
  • Show ip arp 10.10.2.x - "SQL Cluster IP"
  • Clear ip arp 10.10.2.x - "SQL Cluster IP"
Resolution
It appears there is a registry entry in Windows which enables gratuitous Address Resolution Protocol (GARP) requests to be sent out when a failover occurs. By default this entry doesn’t exist in Server 2012 R2 and 2016 as well, I looked at the registry of node VM02. The registry entry was there but it was set to 0 – which is mean  "don’t send garp" ! So I  set the value to 3, then gave the node a reboot. Once the node was accessible again, I carried out another failover test – and voila! only experienced a single ping drop this time before all 3 cluster IP addresses were accessible again So to get this working – Windows server registry object “ArpRetryCount” needs to be added or updated if it's exist as follow :-

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters -REG_DWORD > ArpRetryCount

Values:-

0 : don't send garp
1 : send garp once only
2 : send garp twice
3 : send garp three times (The Default Value)

From Network Side make sure to enable the garp-reply :-
To enable on Juniper EX & SRX platform – user the following command –
set interface interface_name/number gratuitous-arp-reply

The interface can be a physical interface, logical interface, interface group, SVI or IRB To enable GARP
on Cisco IOS – use interface command
ip gratuitous-arps

Note: It just for troubleshooting purpose. Mainly we disable GARP from server side. In VMware environment "Virtual machines hosted on ESXI", it mandates to disable if you have Active-Active, Active-Passive sites. in order to send L2 packets to Core Switches

References

https://icookservers.blog/2016/07/19/windows-2012-r2-cluster-wont-send-gratuitous-arp-garp-packets-by-default/
  • Show original
  • .
  • Share
  • .
  • Favorite
  • .
  • Email
  • .
  • Add Tags 
The Best Microsoft Azure Blogs from thousands of Microsoft Azure blogs in our index using search and social metrics. We’ve carefully selected these websites because they are actively working to educate, inspire, and empower their readers with frequent updates and high-quality information
This is already an incredible year for this Azure-Heroes Website and for our us. We just came to know that our blog is featured in top 10 of best Azure-Related Blogs to follow in 2019, Read @ Feedspot.com

Since we published the Blog, before a month! Azure-Heros mainly focusing on showing and explaining all Azure services "from Zero to Hero"
This news will help us to complete working and enhancing the blog.

Thank you all,
  • Show original
  • .
  • Share
  • .
  • Favorite
  • .
  • Email
  • .
  • Add Tags 
When it become available?
in April 2018 Microsoft Announce Azure Hybrid Benefit (AHB).
Can it reduces the cost?
Using AUB with Azure reserved instance (RI) Save up to 80% from the total cost.

How I can use it ?
Use Software Assurance for Windows Server or Windows Server Subscription licenses to save with the Azure Hybrid Benefit.
  • Azure Hybrid Benefit enables you to migrate to cloud at big savings. Save up to 49% on Windows Server virtual machines by paying reduced1 compute rates. Combine with Azure Reserved Instances to save even more, up to 80% savings.
  • You qualify for Azure Hybrid Benefit if you have active Software Assurance on your on-premises Windows Server licenses or Windows Server Subscription.
  • Deploy a new virtual machine in minutes using Azure Marketplace images; or upload a custom virtual machine; migrate free with Azure Site Recovery.
  • Use with Azure marketplace images, on-premises images, and other cloud providers’ images.
  • The Azure Hybrid Benefit is available in all Azure cloud regions.
How I can enable it?
When you want to create new Virtual Machine only make sure to activate AHB Option as the below screenshot
Shall I reactive the Windows after enabling AHB feature?
The answer is NO. As Azure Hybrid Benefit gives customers an entitlement on Azure but does not ask them to "Physically move" a license key to Azure

Can I enable it for the existing VM on Azure?
Diffidently You can, As The "Retroactive tagging" feature enables you to tag your existing VMs to enjoy this benefit.
You can you use the below Powershell script to verify the license type of the VM
$vms = Get-AzVM
$vms | ?{$_.LicenseType -like "Windows_Server"} | select ResourceGroupName, Name, LicenseType
How Can I use it with SQL Server ?
For SQL Server AHB allows you to use on-premises licenses to run SQL Server on Azure Virtual Machines. If you have Software Assurance, you can use AHB when deploying a new SQL VM or activate SQL Server AHB for an existing SQL VM with a pay as you go (PAYG) license. Bring your own license (BYOL) SQL Images on Azure Marketplace should be used to implement SQL Server AHB when deploying a new SQL VM. However, if you already have a SQL VM with a PAYG license, activating AHB currently requires re-deploying the VM with BYOL SQL imageSuggested Options:
  1. SQL Database Managed Instance  and migrate your SQL Server databases without changing your apps.
  2. SQL Database Single Database or Elastic Pool and build data-driven applications and websites in the programming language of your choice
Note : Read more about SQL at Microsoft
  • Show original
  • .
  • Share
  • .
  • Favorite
  • .
  • Email
  • .
  • Add Tags 
When it become available?
in April 2018 Microsoft Announce Azure Hybrid Benefit (AHB).
Can it reduces the cost?
Using AUB with Azure reserved instance (RI) Save up to 80% from the total cost.

How I can use it ?
Use Software Assurance for Windows Server or Windows Server Subscription licenses to save with the Azure Hybrid Benefit.
  • Azure Hybrid Benefit enables you to migrate to cloud at big savings. Save up to 49% on Windows Server virtual machines by paying reduced1 compute rates. Combine with Azure Reserved Instances to save even more, up to 80% savings.
  • You qualify for Azure Hybrid Benefit if you have active Software Assurance on your on-premises Windows Server licenses or Windows Server Subscription.
  • Deploy a new virtual machine in minutes using Azure Marketplace images; or upload a custom virtual machine; migrate free with Azure Site Recovery.
  • Use with Azure marketplace images, on-premises images, and other cloud providers’ images.
  • The Azure Hybrid Benefit is available in all Azure cloud regions.
How I can enable it?
When you want to create new Virtual Machine only make sure to activate AHB Option as the below screenshot
Shall I reactive the Windows after enabling AHB feature?
The answer is NO. As Azure Hybrid Benefit gives customers an entitlement on Azure but does not ask them to "Physically move" a license key to Azure

Can I enable it for the existing VM on Azure?
Diffidently You can, As The "Retroactive tagging" feature enables you to tag your existing VMs to enjoy this benefit.
You can you use the below Powershell script to verify the license type of the VM
$vms = Get-AzVM
$vms | ?{$_.LicenseType -like "Windows_Server"} | select ResourceGroupName, Name, LicenseType
How Can I use it with SQL Server ?
For SQL Server AHB allows you to use on-premises licenses to run SQL Server on Azure Virtual Machines. If you have Software Assurance, you can use AHB when deploying a new SQL VM or activate SQL Server AHB for an existing SQL VM with a pay as you go (PAYG) license. Bring your own license (BYOL) SQL Images on Azure Marketplace should be used to implement SQL Server AHB when deploying a new SQL VM. However, if you already have a SQL VM with a PAYG license, activating AHB currently requires re-deploying the VM with BYOL SQL imageSuggested Options:
  1. SQL Database Managed Instance  and migrate your SQL Server databases without changing your apps.
  2. SQL Database Single Database or Elastic Pool and build data-driven applications and websites in the programming language of your choice
Note : Read more about SQL at Microsoft
  • Show original
  • .
  • Share
  • .
  • Favorite
  • .
  • Email
  • .
  • Add Tags 
In July, Microsoft will end support for SQL Server 2008, which meaning no more updates and no more support, but perhaps more problems on the security and compliance fronts for organizations that don't migrate to newer options.

Microsoft gave you Three options only as I listed below:-
  1. Migrate to Azure with free security updates : Which it will help to secure your workloads for three more years after the end of support deadline. You can rehost these workloads to Azure with no application code change. Using Azure Hybrid Benefit allow you reduce the cost by 50% minimum, moreover you can use reserved instance for three years which it will also reduce the cost by 30% minimum! So The only cost you would incur would be compute and infrastructure
  2. Upgrade on-premises SQL/Windows Servers to a newer version :Upgrading to a newer version of Windows Server and SQL Server. Here, you get the most updated features and a sought-after security landscape. Visit Upgrade Center
  3. Extended security updates: For This option, you must have a Software Assurance or Enterprise Subscription agreement, for a period of three years of these extended security updates
You have to pay again to Microsoft to Extended Security Updates annually (Total Cost = NUMBER_OF_YEARS * CURRENT_LICENSE_PRICE_FOR_LATEST_SQL/WINSERVER * 0.75)
Finally, if you have an application which is not supporting a newer version of SQL server you will have Three options
  1. Nothing, in this case you have to take care of your servers
  2. If you have SA or EA subscription you can extend the Security updates
  3. Migrate SQL server to Azure (DBaaS, Lift and shift migration or to use Azure SQL Database Managed Instance). Read Windows Server Migration Guide, SQL Migration Guide
  • Show original
  • .
  • Share
  • .
  • Favorite
  • .
  • Email
  • .
  • Add Tags 
In this article I will List the most useful azure resources such as e-books to start your learning path

Note: Please keep checking the article as we will keep updating the resources
  1. Introducing Windows Azure™ for IT Professionals Download
  2. Microsoft Azure Essentials Fundamentals of Azure Download
  3. Microsoft Azure Essentials Fundamentals of Azure, Second Edition Download
  4. Cloud Application Architecture Guide Download
  5. Learn Azure in a Month of Lunches Download
  6. Cloud Migration Essentials: A guide to migrating servers and virtual machines Download
From My own Perspective Microsoft lunch the best website so you can start your cloud journey from it, Learning paths for the new certifications can be found on Microsoft Learn. Microsoft Certified Learning partners can also provide the necessary training. You can learn more about how to engage with them on Microsoft Learn
After Taking a general view on Azure now it the time to start working on Azure, but the Question how i can use Azure for FREE!
Here we Go!
Create your Azure free account todayGet started with 12 months of free services
With your Azure free account, you get all of this—and you won’t be charged until you choose to upgrade.
  • 12 months of popular free services
  • $200 credit to explore any Azure service for 30 days
  • Always free 25+ services
The only thing is remaining is Lab! so you can practice Azure. Microsoft Hands-on provide you a Practice with the latest cloud products and services in a live environment and advance your cloud skills for free

  • Show original
  • .
  • Share
  • .
  • Favorite
  • .
  • Email
  • .
  • Add Tags 
In this article I will go through each Azure Storage Type in deep, and i will try to explain the best use case for each one
First of All Let's List all Azure storage Type

Azure Storage is Microsoft's cloud storage solution for modern data storage scenarios. Azure Storage offers a massively scalable object store for data objects, a file system service for the cloud, a messaging store for reliable messaging, and a NoSQL store
moreover Azure broken the storage tier into (4) types as the below table
Azure Premium is still in public Preview
  • Individual blobs can move between tiers
  • All tiers co-exist in the same storage account

Read for later

Articles marked as Favorite are saved for later viewing.
close
  • Show original
  • .
  • Share
  • .
  • Favorite
  • .
  • Email
  • .
  • Add Tags 

Separate tags by commas
To access this feature, please upgrade your account.
Start your free month
Free Preview