Archive
Microsoft Azure IaaS Operations Guidance – #AAD, #RBAC, #ARM, #Microsoft, #Azure
Here you can find a ton of great guidance material for Azure operations by mzbowe! Really good summary!
This is a collection of Azure Infrastructure installation and operational guidance resources I provide to my customers. By keeping these links up to date with each engagement, all of my customers may benefit. Hopefully you can too! The latest Azure updates will always be at Azure service updates. Make it part of your operational procedure to review that monthly, if not weekly! In 2015, there were over 500 updates. Wow!
The goal of this guide to highlight core installation and operational procedures for an Azure IaaS deployment which predominantly will consist of Compute, Network and Storage resources. This article Azure Infrastructure Services Implementation Guidelines, gives a pretty good run down of what needs to be created and in what order. The resources I will keep updated below pretty much follow most of those resources in the last link. But for now, there is a very important piece of that puzzle missing. For the newer Azure Resource Manager (ARM) model of deployment, we need to plan, design and create Azure Resource Groups. Once we have Resource Groups, we can delegate administration with Role Based Access Control (RBAC).
Besides all this, if you just need to ramp up and learn more on Azure, go to the Azure Learning Paths page. Check it out and learn something new! I also have my Azure Certification resources (Slides and Videos) from MS Ignite 2015, to get you certified and ready to go!
- aka.ma/Certification/70-533 | Microsoft Azure Infrastructure Certification Prep
- aka.ma/Certification/70-534 | Microsoft Azure Architecture Certification Prep
Azure Active Directory
- How Azure subscriptions are associated with Azure Active Directory
- This is an important link to read and understand. Microsoft Azure does not equal Azure Active Directory. If you create a brand new Azure subscription, you will have an Azure Active Directory tenant by default. But, sometimes companies have Office 365 first, without an Azure Subscription. With Office 365, you get an Azure Active Directory tenant for free. That is your cloud directory. It can be standalone. Or many companies will synchronize or federate with their on-premises identities. But, an Azure AD tenant for Office 265 is not necessarily tied to an Azure Subscription. An Azure subscription is just another service like Office 365. If your company is going to have both, then the KEY goal is that both of those connect to the same Azure Active Directory tenant. So if you started Office 365 and made the primary domain name contoso.com, then when you login to create an Azure subscription, make sure to do so with a Global Admin account in the contoso.com Azure AD tenant that you use to administer Office 365. See Manage the directory for your Office 365 subscription in Azure.
- Azure Active Directory editions
- Before you get too excited about everything you discover on the azure website, make sure you know what version you have. There are many flavors and enterprise agreements. Depending on the version you have, you may have more or less services available to you. Azure Active Directory Premium will get you the whole kitchen sink. But there are different ways to get that as well e.g. an Enterprise Mobility Suite license.
- Hybrid Identity Design Considerations
- The Four Pillars of Identity – Identity Management in the Age of Hybrid IT
- Azure Active Directory Authentication Protocols
- Authentication Scenarios for Azure AD
- Azure Active Directory federation compatibility list: third-party identity providers that can be used to implement single sign-on
- Azure AD terminology
- Getting started with Azure Multi-Factor Authentication in the cloud
- Azure AD Privileged Identity Management
Azure AD Operational Guidance
- Administer your Azure AD directory
- Assigning administrator roles in Azure Active Directory (Azure AD)
- Create or edit users in Azure Active Directory
- Azure AD Password Reset for Users and Admins
- Managing access to resources with Azure Active Directory groups
- View your access and usage reports which is part of
How to monitor your Internet facing service globally – #Azure, #ApplicationInsights, #Citrix, #NetScaler, #EnvokeIT
Hi again all!
It’s been quite a long time since I wrote a blog post.. I’ve just been too busy working! 🙂
But this is a really cool capability that I think that many of you will like, how often do your company or service provider have a good way of monitoring availability, performance etc. from the public Internet? And if they do then most of the time the larger service providers will build a service and install their own probes on different geographical locations and then they charge quite a lot for this service, and every time you change your application the charge you again for modifying the scripts that the probes use etc.
What I’ve tried and now think is going to be great for both smaller and larger organisations is the Azure Application Insights service. It’s really great and can assist with just this, it’s a service that microsoft provide from their locations globally where you can test your apps in Azure or course but also any web site out there on the Internet. And it doesn’t stop there, you can also use the server installer to also provide metrics from your Windows IIS server up to Azure to get more detailed statistics about the web server itself and requests etc.
Just think about how much it would take for you to setup monitoring from APAC, Americas and Europe for your NetScaler environment.. that would not be done in 10 minutes if you talk to your standard service provider. It took me 10 minutes to setup this reporting to ensure that the NetScaler is available from different locations around the world:
And this is just a simple url ping test to ensure that we get a proper 200 OK response from our EnvokeIT Lab environment that my colleague Björn have setup and modified so nicely with the X1 StoreFront look & feel.
Of course you can make a more proper test than just a url ping test like in this case, the service supports multi-step tests and also content matching etc. It’s also very easy to create one application/service that then consists of multiple locations that you want to monitor, for instance if you’re using GSLB FQDNs as well as regional to ensure that you get the full picture.
More information about what can be done you can find on the Azure Application Insights page. Read more…
Deploying #SCCM 2012 Packages and Programs with the #Citrix Connector – #DaaS, #XenDesktop
This is a really good blog post by Christopher Fife, it touches on a couple of scenarios and explains the solution to how best you would accommodate the solution to them. Good work Christopher! 🙂
The Citrix Connector 7.5 for System Center 2012 Configuration Manager, also known simply as the Citrix Connector, integrates XenApp and XenDesktop 7 with Configuration Manager 2012 (CM). The Connector streamlines use of Configuration Manager deployment technology to automate Citrix server and desktop image management. The Connector leverages the new Application/Deployment Type (App/DT) feature of Configuration Manager 2012 to orchestrate deployment to the right images at the right time. Administrators can optionally use the App/DT model to deliver the actual application publications.
Many of our customers are still early in migrating to the App/DT model. They are still leveraging their extensive library of Packages and Programs developed with great care over many years. These Citrix customers want to know how to use all the goodness of the Connector with these Packages and Programs. So, if you are interested in using the Citrix Connector to deploy Packages and Programs to your Citrix servers and desktop, this post is for you.
In many cases deploying Packages and Programs with the Citrix Connector is a straight forward process familiar to any CM administrator. However there are two scenarios in which specific actions are required to avoid unintended consequences when deploying Packages and Programs with the Citrix Connector.
Scenario 1 – Deploying to Image Managed (MCS or PVS) Citrix hosts
The first scenario that requires special consideration is deploying Packages and Programs to VMs created with Citrix XenDesktop Machine Creation Services (MCS) or Citrix Provisioning Services (PVS). As an administrator, you want to deploy software on the master image of a Machine Catalog and rely on XenDesktop/XenApp to clone worker VMs. Deploying directly to VM clones wastes compute, storage, and network resources because each clone will discard the changes on reboot.
Thus, the Citrix Connector is optimized to only install applications on the master image of a Machine Catalog while entirely skipping application installation on the clones of the master image. The key enabler that allows us to selectively install applications is a CM client policy that puts a 3rd party agent like the Citrix Connector in charge of when to install application or updates.
Here’s the problem. CM client policy does not stop the installation of Packages and Programs or Task Sequences; it only applies to the App/DT model and Windows Updates. This means that the Citrix Connector cannot prevent the installation of Packages and Programs on MCS or PVS clones, leading to unnecessary resource utilization.
Solution
Create a device collection that contains just the update device and deploy Packages and Programs to this device collection instead of the device collection created by the Citrix Connector.
Scenario 2 – App Publishing from the CM Console
The second scenario comes into play when using the CM Console to publish the Package/Program as a XenApp-hosted application. The Citrix Connector uses CM application detection logic to ensure that the application is installed before publishing it to Citrix Receiver. This is to prevent an icon from appearing in Receiver before all the servers in a Delivery Group have the application installed.
Unfortunately Package/Program deployments do not have reliable, ongoing application detection logic. Consequently, this orchestration feature of the Citrix Connector cannot be supported when using the Citrix Application Publishing Wizard to publish apps from the Configuration Manager Console.
Solution 1
Use Citrix Studio to publish the application instead of the Citrix Application Publishing Wizard in the CM Console.
Solution 2
If you are using CM Application Catalog and want the Citrix hosted version of the installed program to appear there, you will need to create a new application with a Script deployment type and a Citrix deployment type. The Script DT supplies the application detection logic by looking for the application’s executable, while the Citrix DT creates the application publication in XenDesktop.
Solution Details
The remainder of this post is divided into two sections and will give specific examples of how to implement the solutions discussed above. The first focuses on image management and precisely targeting the program deployment at the update device for a Citrix device collection. The second section focuses on publishing the program installed by CM as a Citrix hosted app.
Solution for Image Management and Resource Utilization
As previously mentioned, the Citrix Connector cannot prevent the installation of Packages and Programs on pooled Citrix session hosts created with Machine Creation Service (MCS) or Provisioning Service (PVS). To prevent this potential inefficiency, a new device collection must be created that only contains the update device. There are 4 steps to accomplish this:
- create the new device collection,
- deploy the program to the new device collection,
- monitor for deployment success on the update device, and
- update the pooled Citrix session hosts with the updated image.
These steps are detailed below.
For background information about master image management with the Citrix Connector and the role of the update device, watch the Master Image Management video http://www.citrix.com/tv/#videos/11534 on CitrixTV.
Before you start, use the machine catalog properties to make sure there is a designated update device, the Update Method property value is “update device”, and the Update Device property value contain a machine name. This is a very important step. If an update device is not defined for a Citrix image managed device collection, the steps outlined below will result in a new device collection with zero members.
Step 1: Use the Configuration Manager Console to create a device collection
- In the Assets and Compliance section of the Configuration Manager Console, click the “Create device collection” action on toolbar ribbon.
- On the General Page of the Create Device Collection Wizard,
The IT Melting Pot! 