Serial Console access on Azure Virtual Machine

Finally come the day that Microsoft was able to announce this feature. Accessing the serial console on an Azure VM is a huge step forward. But why is so important? It’s huge! Sometimes when our friend Mr Murphy comes and makes everything goes south, you are in a certain way limited on the diagnostic tools that you have, to troubleshoot the cause of that machine is not booting. Have access to the boot of the server (Linux or Windows) is crucial at this time. Serial Console access will end those day of redeploy a VM using the same disk, when this option is viable, off course. You can see the announcement here.

But let’s dive into the Accessing the Serial Console. On each VM that you have running on Azure, under the SUPPORT + TROUBLESHOOTING, you will find the Serial console (preview).

When you click on that, automatically start to connect to the Serial Console of that VM.

After a few seconds, finishes the connection. And show me this screen. But I can’t do anything.

If you scroll up, then some light at the end of the tunnel. OK, I need to enable the SAC (Special Administrative Console) on the server.

To access the Serial Console on the server you need the enable it. To enable, just follow the steps below:

  1. Connect to your VM through RDP (in this case a Windows VM)
  2. Open the cmd with elevated (administrative privileges)
  3. From the cmd prompt run the following commands
    bcdedit /ems {current} on
    bcdedit /emssettings EMSPORT:1 EMSBAUDRATE:115200
  4. Reboot the VM

And then, you have access to the serial console of your server.

Cheers,

Marcos Nogueira
Azure MVP

azurecentric.com
Twitter: @mdnoga

Load Balanced and Availability Set with multiple VMs

When it comes to best practices to how to setup multiple virtual machines using a load balanced and availability set, the information out there is either outdated or hard to find.

What is the scenario? Imagine that you need to set a few VMs that need to be shared the configuration and some files between them. How you could do it?

After a few searches on the web, I come across with the IIS and Azure Files blog post. Although this post is dated of October 2015, and as you know, Azure is changing in a very fast pace. My first though was, is this still applicable? After a few tests on my test environment, I found that it’s! Surprisingly! So, if you follow all the steps in the post you may configured your environment.

In my case, there was a specific requirement that this approach wasn’t applicable. My workloads required low latency. So, I went again searching how I could achieve this. And then I found the solution on GitHub! Microsoft publish a template that the only thing you need is fill the blanks. THANK YOU!

This is the template that I’m referring too, 201-vmss-win-iis-app-ssl.

Solution overview and deployed resources

This template will create the following Azure resources

  1. A VNet with two subnets. The VNet and the subnet IP prefixes are defined in the variables section i.e. appVnetPrefix, appVnetSubnet1Prefix & appVnetSubnet2Prefix respectively. Set these two accordingly.
  2. A NSG to allow http, https and rdp access to the VMSS. The NSG is assigned to the subnets.
  3. Two NICs, two Public IPs and two VMSSs with Windows Server 2012 R2
    3.1) The first VMSS is used for hosting the WebSite and the 2nd VMSS is used for hosting the Services (WebAPI/WCF etc.) 3.2) The VMSSs are load balanced with Azure load balancers. The load balancers are configured to allow RDP access by port ranges 3.3) The VMSSs are configured to auto scale based on CPU usage. The scaled out instances are automatically configured with Windows features, application deployment packages, SSL Certificates, the necessary IIS sites and SSL bindings
  4. The 1st VMSS is deployed with a pfx certificate installed in the specified certificate store. The source of the certificate is stored in an Azure Key Vault
  5. The DSC script configures various windows features like IIS/Web Role, IIS Management service and tools, .Net Framework 4.5, Custom login, request monitoring, http tracking, windows auth, application initialization etc.
  6. DSC downloads Web Deploy 3.6 & URL Rewrite 2.0 and installs the modules
  7. DSC downloads an application deployment package from an Azure Storage account and installs it in the default website
  8. DSC finds the certificate from the local store and create a 443 binding
  9. DSC creates the necessary rules, so any incoming http traffic gets automatically redirected to the corresponding https end points

The following resources are deployed as part of the solution

A VNet with two subnet

The VNet and the subnet IP prefixes are defined in the variables section i.e. appVnetPrefix, appVnetSubnet1Prefix & appVnetSubnet2Prefix respectively. Set these two accordingly.

  • NSG to define the security rules – It defines the rules for http, https and rdp acces to the VMSS. The NSG is assigned to the subnets
  • Two NICs, two Public IPs and two VMSSs with Windows Server 2012 R2
  • Two Azure load balancers one each for the VMSSs
  • A Storage accounts for the VMSS as well as for the artifacts

Prerequisites

  1. You should have a custom domain ready and point the custom domain to the FQDN of the first public IP/Public IP for the Web Load balancer
  2. SSL certificate: You should have a valid SSL certificate purchased from a CA or be self signed
  3. Create an Azure KeyVault and upload the certificate to the KeyVault. Currently, Azure KeyVault supports certificates in pfx format. If the certificates are not in pfx format then import those to a windows cert store on a local machine and then export those to a pfx format with embeded private key and root certificate.

 

Cheers,

Marcos Nogueira
Azure MVP
azurecentric.com
Twitter: @mdnoga

 

Create AzureRM VM from existing VHD

While I was helping a costumer creating a Azure RM virtual machine from an existing VHD, I adapt one of my existing scripts, with some search on internet, to improve my script, that I normally used to create Azure RM virtual machines.

In this case, I need to create the VM from an existing VHD on a Storage Account. Usually when you create a new VM, you have to setup the OS type and select the base image.

This script creates a new VM from an image:

$osDiskName = $vmname+’_OS_Disk’

$osDiskCaching = ‘ReadWrite’

$osDiskVhdUri = “https://<STORAGE_ACCOUNT>.blob.core.windows.net/vhds/”+$vmname+”_os.vhd”

 

# Setup OS & Image

$user = “MrAzure”

$password = ‘<PASSWORD>’

$securePassword = ConvertTo-SecureString $password -AsPlainText -Force

$cred = New-Object System.Management.Automation.PSCredential ($user, $securePassword)

$vm = Set-AzureRmVMOperatingSystem -VM $vm -Windows -ComputerName $vmname -Credential $cred

$vm = Set-AzureRmVMSourceImage -VM $vm -PublisherName $AzureImage.PublisherName -Offer $AzureImage.Offer `

    -Skus $AzureImage.Skus -Version $AzureImage.Version

$vm = Set-AzureRmVMOSDisk -VM $vm -VhdUri $osDiskVhdUri -name $osDiskName -CreateOption fromImage-Caching $osDiskCaching 

 

To use the existing disk, you need to replace the above script and use this one

$osDiskName = $vmname+’_OS_Disk’

$osDiskCaching = ‘ReadWrite’

$osDiskVhdUri = “https://<STORAGE_ACCOUNT>.blob.core.windows.net/vhds/”+$vmname+”_os.vhd”

 

$vm = Set-AzureRmVMOSDisk -VM $vm -VhdUri $osDiskVhdUri -name $osDiskName -CreateOption attach -Windows -Caching $osDiskCaching

 

Cheers,

Marcos Nogueira
Azure MVP
azurecentric.com
Twitter: @mdnoga

Deploy a ARM VM using an existing VHD in Azure

Another day, one of my costumer wants to rebuild a virtual machine from the existing VHD and place on the new Resource Group and on a different VLAN, but without transferring VHD. The idea was to park the VHD on a storage account to avoid transferring this huge VHD.

First, I want to clarify if you delete the VM, you are not deleting the all the resources, that means that the vhd(s), network adapter9s) or the network IPs will remain intact. You are only deleting the compute section of the VM. That means you can redeploy using the same configuration, or change the network, for example.

To achieve that though, you need to do it through PowerShell and/or using JSON files.

So, if you change the original JSON file just replacing the VHD you will probably get an error message saying, “Cannot attach an existing OS disk if the VM is created from a platform or user image.

To avoid that you have to change the JSON file to reflect createOption to use the attach method instead.

Here is what you need to change:

Original JSON:

“storageProfile”: {

“imageReference”: {

“publisher”: “MicrosoftWindowsServer”,

“offer”: “WindowsServer”,

“sku”: “[parameters(‘windowsOSVersion’)]”,

“version”: “latest” },

“osDisk”: { “createOption”: “FromImage” },

 

Replace with:

“storageProfile”: {

“osDisk”: { “createOption”: “attach”,

“managedDisk”: {

“id”: [Managed_Disk_ID] },

                }

}

 

Cheers,

Marcos Nogueira
Azure MVP
azurecentric.com
Twitter: @mdnoga

The difference between Azure Virtual Machines and Azure Cloud Services?

Azure offers several compute hosting options for integrating on-premises workloads in Azure.  On a previous post (see here), I described the difference between the both deployment methods, Azure Resource Manager and Azure Service Manager (Classic). On this post, I will focus on the difference between Azure virtual machines and Azure Cloud Services, because they serve as the basis on integration solutions.

Azure virtual machines

Azure virtual machines provide the greatest degree of control over the virtual machine operating system. You can arbitrarily configure an Azure virtual machine and install almost any third-party software as long as you do not violate the restrictions. Every virtual machine has at least one fixed disk with up to 64 data disks, which persist content across restarts.

You can provision Azure virtual machines by using ether the classic or the Azure Resource Manager deployment model. When using the Azure Resource Deployment model, you must deploy Azure virtual machines into an Azure virtual network.

Because you have complete control over the virtual machine at the operating system level, you are responsible for maintaining the operating system. The responsibilities include installing software updates from the operating system vendor, performing backups, and implementing resiliency to provide a sufficient level of business continuity.

When using the classic deployment model to horizontally scale Azure virtual machines, you must pre-provision additional Azure virtual machines and keep them offline until you are ready to scale out. With the Azure Resource Manager deployment model, you have the option of using virtual machine scale sets for horizontal scaling.

Azure virtual machines are best suited for hosting:

  • Windows Server or Linux infrastructure servers, such as Active Directory domain controllers or Domain Name System (DNS) servers.
  • Highly customized app servers for which the setup involves a complex configuration.
  • Stateful workloads that require persistent storage, such as database servers.

Azure Cloud Services

Azure Cloud Services allows you to manage the virtual machine operating system. However, because Azure Cloud Services uses temporary storage, any change you directly apply does not persist across restarts. The virtual disks automatically provision whenever you start the service, based on the custom code and configuration files you provide. Moreover, you are not responsible for maintaining the operating system updates. Business continuity is part of the service, with the code and configuration automatically replicated across multiple locations.

Azure Cloud Services supports only the classic deployment model. You can deploy virtual disks in a virtual network, but you must provision such a network by using the classic deployment model.

Azure Cloud Services offers superior horizontal scaling capabilities when compared with Azure virtual machines. It can scale to thousands of instances, which the Azure platform automatically provisions based on criteria you define. In addition, it simplifies the development of solutions that consist of multiple tiers. In a typical implementation, a cloud service contains a web role and a worker role. The web role contains virtual machines that provide front-end functionality. The worker role manages the processing of background tasks. Both roles can scale independently of each other.

Azure cloud services are best suited for hosting:

  • Multitiered web apps.
  • Stateless apps that require a highly scalable, high-performance environment.

 

Cheers,

Marcos Nogueira
azurecentric.com
Twitter: @mdnoga