Using B-series for your Dev VM in Azure

Introduction

Earlier this week I tweeted my excitement of using an Azure B-series machine for my Dev VM in Azure. And Jan was curious to know what type I used…

Which got a response from Sven that I would probably blog on it…

So…

Continue reading “Using B-series for your Dev VM in Azure”

Advertisements

PowerApps & Functions – Where low/no-code meets serverless… organizations can create apps faster!

Introduction

Like many organization, you’re probably also looking for a more “rapid development” track for a subset of your applications. I’ve heard a lot of reasons for this… Going from rapid prototyping to having small apps that make life a lot easier within the organization (like typical approval flows). For this we’re going to see how we can combine PowerApps & Azure Functions! By using PowerApps we want to take a low/no-code approach to creating the front-end, where Functions (or even Logic Apps as an alternative) will allow us to provide specific back-end data.

Recipe for today

Today we’ll be using the following ingredients as a base for the recipe of the day ;

Here we’ll be building a small powerapp that’ll call an API (OpenAPI Spec) that is hosted as an Azure function. So basically connecting a low/no-code app to a serverless API.

Continue reading “PowerApps & Functions – Where low/no-code meets serverless… organizations can create apps faster!”

What does it look like to deploy a DevOps project into Azure for a Java Application?

Introduction

A few months ago “Azure Devops Projects” was released. As I haven’t had the time yet to test-drive it, I was still sceptic towards the service from a naming perspective. In full disclosure, for me DevOps is about three aspects ; People, Processes & Products (“Tools”). The last part is typically, and maybe surprisingly, the most easy part to do. That being said, as I tried this service, I must admit that this service reduces the friction to set up an end-to-end project. This is where the Azure Devops Project shines! It guides you in a step-by-step manner to set up the end-to-end project for a variety of languages and deployment methods.

 

A brief walk-through

As we all know, the proof of the pudding is in the eating. So let’s see what the flow looks like in reality?

Continue reading “What does it look like to deploy a DevOps project into Azure for a Java Application?”

Azure Active Directory : Group integration for daemon / server applications (aka Service Principals)

Introduction

Today’s blog post will be how you can leverage the authentication scenario of a Daemon, Service User or Server Application when our application/API is using Azure Active Directory for its authentication flows.

“An example of a daemon application is a batch job, or an operating system service running in the background. This type of application requests an access token by using its application identity and presenting its Application ID, credential (password or certificate), and application ID URI to Azure AD. After successful authentication, the daemon receives an access token from Azure AD, which is then used to call the web API.”

In essence, a “daemon application” will do a “clients credentials grant” whilst using an Azure Active Directory Service Principal. The “application id” of the service principal will serve as the “client_id” and a generated “secret” will service as the “client_secret”.

In addition to this, we want our application to grant permissions (authorization & identification) based on the group memberships of Azure Active Directory. Where this is pretty straightforward for our basic user objects. This requires a bit of attention when wanting to achieve the same for our service principal.

Continue reading “Azure Active Directory : Group integration for daemon / server applications (aka Service Principals)”

Azure : Using PHP to go all oauth2 on the management API!

Introduction

As a hobby effort, I wanted to create a small poc where any user would be able to login with their AAD user, grant access to an application, after which that application could query their subscriptions.

In all honesty, I’ve been struggling more than I like to admit with getting this working… So this post will cover all the steps that you need to do to get this working!

 

Oauth & Azure AD

Before getting our hands dirty, read up on the following post ; Authorize access to web applications using OAuth 2.0 and Azure Active Directory

Ready it thoroughly! To be honest, I didn’t at first and it cost me a lot of time. 😉

Anyhow, the flow looks as follows…

active-directory-oauth-code-flow-native-app

So basically;

  • We’ll redirect the user to sign-in (and if this hasn’t been done, grant our application access)
  • If all went well, we’ll receive an authorization code
  • We’ll use this code to get a bearer (and refresh) token
  • Next up we’ll use the bearer code to connect to the Azure REST API for getting the list of subscriptions for that user.

Continue reading “Azure : Using PHP to go all oauth2 on the management API!”

Azure Resource Manager : Deployment variants within one script

Introduction
Today a quick post to show you that you can setup a deployment with several variants within the current template functions.
So for this post we’ll be combining the deploment for the rancher <a href="https://kvaes.wordpress.com/2016/01/22/deploying-rancher-server-via-an-azure-resource-manager-template/”>server & nodes into one script.

2016-02-19 10_53_14-Parameters - Microsoft Azure

Continue reading “Azure Resource Manager : Deployment variants within one script”

Microsoft Azure : Budget Automation for your Development / Test Environment

Billing-per-minute

What is one of the biggest business advantages of Azure? You are only charge for your actual usage per minute.  For many organizations, the cost of a development/test environment is a sore spot as this costs a handful of cash. Today will introduce you to Azure Automation, which will let you orchestrate things, as stopping/starting your environment.

What are we going to do?

  • Setup a dedicated account for our scheduled runbooks
  • Configure two runbooks ; “stop all servers” & “start all servers”
  • Schedule those runbooks

 

Setup a dedicated account for our scheduled runbooks

In my opinion, you always needs to set up dedicated accounts for services. They should not be running under anyones “personal” account. At a given point they will leave the company. At that time, if the system is still active and the user account will be decommissioned, the system will cease to halt. In addition, this will also give you a traceability of the actions of the given service.

So how do you setup a dedicated account for the scheduled runbooks? Check the following post ; Azure Automation: Authenticating to Azure using Azure Active Directory

In summary, the steps you will need to do ;

  • Create an additional user in your Azure Active Directory
    2015-01-27 08_15_14-Active Directory - Windows Azure
  • Add the user as a co-administrator to your account2015-01-27 08_13_21-Settings - Windows Azure

It’s also advised to note down both the full username (dixit, username@account.onmicrosoft.com) and the password you have assigned. After the creation, be sure to login with the account. You will be asked to change your password. If you “forget” (too lazy huh?) to do this step, you will get an authentication error when trying to use this account for your automations (So yes, I tried to be lazy too…).

 

Configure two runbooks ; “stop all servers” & “start all servers”

In this phase, we’ll do the following

  • Create the Automation account (“folder”) under the Runbooks will be stored
  • Create a “start all servers” runbook from the gallery
  • Create a “stop all servers” runbook from the gallery

 

Browse to “Automation”, select “Runbook” and then choose “From Gallery”

2015-01-27 08_21_38-Automation - Windows Azure

 

In the gallery, go to “VM Lifecycle Management”, and select “Azure Automation Workflow to Schedule starting of all Azure Virtual Machines”2015-01-27 08_22_12-Automation - Windows Azure

Press next, review the code. The code is pretty straight forward… But we’ll get into that later on.

2015-01-27 08_22_29-Automation - Windows Azure

Now enter the name of your runbook, and choose “Create a new automation account”. Give the account a name and choose your subscription & region.

2015-01-27 08_23_19-Automation - Windows Azure

Now we’ll repeat the process for the “stop all servers” runbook.

2015-01-27 08_28_22-Automation - Windows Azure 2015-01-27 08_28_37-Automation - Windows Azure 2015-01-27 08_28_49-Automation - Windows Azure

Now browse back to the “Automation” screen ;

2015-01-27 08_29_51-Automation - Windows Azure

Before we can go on with these steps, we’ll need to add our user to the “Assets” of our “Automation Account”. Browse to “Assets” and select “Add settings”.

2015-01-28 10_43_07-Automation - Windows Azure

Select “Add credential”… Then use “Windows Powershell Credential” as “Credential Type” and name the credential.

2015-01-28 10_43_34-Automation - Windows Azure

Now enter the user information you noted down earlier… and press save.

2015-01-28 10_44_32-Automation - Windows Azure

You are now good to go!

2015-01-28 10_42_48-Automation - Windows Azure

Select “Runbooks”, now you can see both runbooks we just created.

 

2015-01-27 08_30_09-Automation - Windows Azure

Select the “Stop-AllAzureVM” & adjust the two parameters and press save ;

  • -Name “username@domain.onmicrosoft.com”
  • -Subscriptionname “Subscription Name”

2015-01-27 08_30_48-Automation - Windows Azure

Select the “Start-AllAzureVM” & adjust the three parameters and press save ;

  • -Name “username@domain.onmicrosoft.com”
  • -Subscriptionname “Subscription Name”
  • -Name “Your Most Important Server”

2015-01-27 08_33_48-Automation - Windows Azure

What did we just do for both scripts? We entered the user account & subscription under which the script will be executed. This is a mandatory step and understandingly so. Now let us test the “StartAllAzureVM”-script… I’ve prepared two virtual machines, which are currently shutdown.

2015-01-27 08_34_03-Virtual machines - Windows Azure

So we’ll press “Test” on the runbook…

2015-01-27 08_34_20-Automation - Windows Azure

And yes, we are sure. Azure Automation will save the runbook one more time to be safe.

2015-01-27 08_34_33-Automation - Windows Azure

 

The output pane will show the status “starting”.

2015-01-27 08_34_52-Automation - Windows Azure

And it will change to “running” after a while.

2015-01-27 08_35_40-Automation - Windows Azure.

Once you see the code below, you will know that you have been authenticated. So all our hard work with creating the user paid off! If you do not see this, that is the part you should be debugging…

2015-01-27 08_35_56-Automation - Windows Azure

Suddenly our “most important server” will be showing the status “Starting”…

2015-01-27 08_36_31-Virtual machines - Windows Azure

 

And the output pane will verify this status!

2015-01-27 08_36_41-Automation - Windows Azure

So basically, we are safe to say that our script works. Let’s publish the runbooks so that we can schedule them later on.

2015-01-27 08_50_11-Edit Post ‹ Karim Vaes — WordPress

 

For each runbook, press the “publish”-button

2015-01-27 08_48_32-Automation - Windows Azure

We are sure, and you will see the runbook shift from “draft” to “published”.

 

2015-01-27 08_48_59-Automation - Windows Azure

Congrats so far! We are now ready to schedule those babies!

 

Schedule those runbooks

So which steps will we be doing in this phase?

  • Create two schedules ; “start of business day” & “end of business day”
  • Attach the “start” runbook to the “start of business day” schedule
  • Attach the “stop” runbook to the “end of business day” schedule

 

Let us start creating the two schedules ;

 

Go to our “Automation Account” and select “Assets”. Here you press the “Add Setting”-button.

2015-01-27 08_54_49-Automation - Windows Azure 2015-01-27 08_55_04-

Choose “Add Schedule”2015-01-27 08_55_16-Automation - Windows Azure

Enter the name…2015-01-27 08_55_28-Automation - Windows Azure

The schedule…2015-01-27 08_56_14-Automation - Windows Azure

Rince & repeat…

2015-01-27 08_58_01-Automation - Windows Azure

Now we have both schedules. One that will occur at 08:00 and another one that will occur at 17:00 (5pm). Now let’s link our runbooks…

Go to our “Automation Account”, and select “Runbooks”. Click on one of them

2015-01-27 09_01_15-Automation - Windows Azure

Go to “Schedule”, and press “Link to an existing schedule”.

2015-01-27 09_01_29-Automation - Windows Azure

Select the schedule…

2015-01-27 09_01_41-Automation - Windows Azure

And you will see the schedule attached.

 

2015-01-27 09_02_04-Automation - Windows Azure

Rince & repeat for the other one.

 

Summary

With the power of automation & a gallery of pre-made runbooks, we were able to save our business tons of money by only running the servers during the business hours. Be aware that the above example does not accompany holidays / weekends… In addition, the money saving is “limited” to the “compute”, as the storage of your devices will remain “active” (on disk).