Skip to content
adatum
  •  SCOM Web API
  • About adatum
Conferences

IT Pro announcements from Microsoft Build

  • 20/05/202027/05/2020
  • by Martin Ehrnst

Microsoft Build is Microsoft prime developer conference, where Microsoft Ignite is the conference for your traditional IT pros. However, the traditional IT pro role has changed significantly in recent years, and Build is therefore interesting to us, and a lot of great “infrastructure” announcements were released at Build this year. Below I have picked out a few announcements I find most interesting.

Azure Resource Manager templates

ARM language improvements

Azure resource manager templates are very powerful. However, one of its Achilles heels is its verbosity. At build we got a small sneak peek on how Microsoft is looking in to improve ARM template language. Sign up here to get more information.

What-If analysis

I have deployed a lot of templates in recent years. And when I first saw a preview of the new what-if command I was thrilled. The ability to check what impact your template would make is a very important feature that is now available.

PowerShell or CLI inline in the templates

I’m not sure I like this one- the ability to actually write PowerShell or CLI scripts within ARM templates via Deployment Script is now in Public Preview.

ARM templates tend to be very complex already. And while this feature will solve a lot of issues, I am pretty sure we can manage to create a lot of new ones as well. I suggest a very humble approach to this feature.

Azure infrastructure

Azure Peering service generally available. Providing the fastest route from on-premises to your Azure resources. At first this looks like a new name for Express Route, but Azure Peering is not private. Instead it uses the largest ISPs around the world to quickly get you on Microsofts backbone.

Azure Arc enabled kubernetes

Azure Arc provides a range of capabilities for managing servers, Kubernetes, and Azure data services across clouds, datacenters, and edge locations.

Azure Arc was introduced at Microsoft Ignite in 2019. At build, Microsoft announced Arc for kubernetes in preview. With Arc for Kubernetes, we are able to use management tools in Azure like Azure policy and Azure monitor. For clusters running on-premises or in another cloud, public or private. For companies using for example RedHat OpenShift on-premises, and AKS in Azure. You can have a unified experience for both environments.

Read more about Azure Arc for kubernetes here

Azure Security and Azure AD

Azure AD now has a feature called ‘external identities’ in public preview. I’m not sure about all the news. But it seems to be a revamped Azure AD B2c. I will look more in to it later.

Azure Security Center is updated with a secure score API. To me this is great as integration to internal portals will be much easier. In other news, the ability to suppress alerts is now publicly available!

More Azure AD news can be found here

Build 2020 book of news

I will continue to update this list throughout Build and hopefully test drive some of the new features. In the meantime, you can find the complete list of Build 2020 announcements in the book of news

Share this:

  • LinkedIn
  • Twitter
Azure

Multiple Azure credentials in PowerShell

  • 06/05/202005/05/2020
  • by Martin Ehrnst

Environments in Azure are often separated into multiple subscriptions, in some cases multiple tenants. This sectioning can also result in multiple user accounts, and managing multiple Azure credentials can be challenging. Luckily, Azure PowerShell has this capability called context.

Although the documentation is solid on the topic. It doesn’t necessarily provide the backdrop for when you will need to use this feature.

A few weeks ago I had to move a set of APIs from one instance of Azure API management to another. With PowerShell contexts, I could download the API from the origin and import it to the new instance.

Connecting to multiple Azure environments using context

To hold credential information, like user and subscription. PowerShell uses context objects. By using AzContext comandlets You can have multiple Powershell Azure contexts available in the same PowerShell session. This allows for easy switching between multiple environments and profiles. Including different tenants.

Below is an example of how you can connect to multiple tenants and switch between the credentials and contexts. I recommend using friendly names which will make them easier to identify.

Azure PowerShell context

Share this:

  • LinkedIn
  • Twitter
Azure

Jumpstart your Azure Monitor journey

  • 08/04/202008/04/2020
  • by Martin Ehrnst

For the past decade, monitoring has been my main responsibility. I have had my hands on many of the enterprise monitoring systems out there, but System Center Operations Manager (SCOM) is where most of my working hours were spent. Now, I spend my time in Azure and since monitoring is relevant in public cloud as well. Azure Monitor is now my primary tool for my applications (and servers).

I know that starting off with an entirely new monitoring platform can be challenging, at best. Instead of figuring out all bits and pieces by yourself, I will introduce you to the key features of Azure Monitor, such as visualization and alerting. I will also briefly touch on the more advanced capabilities like custom log injection using Azure Monitors REST API.

After reading this you should have the basic knowledge on how to monitor your applications and servers using Azure Monitor. Details related to the various topics can be found in the official Azure Monitor documentation

Azure Monitor Martin Ehrnst

Azure Monitor Logs

Logs in Azure Monitor is backed by a Log Analytics workspace. To fully utilize Azure Monitor, a Log Analytics workspace is mandatory.

With Logs, you can extend your Azure Activity Log retention, collect and analyze Server Event Logs (both built-in and custom logs are supported). Azure Monitor Logs or Log Analytics is Microsoft equivalent to for example Splunk.

To perform analysis and query data, you use a language called KQL.

Guest blog for Nigel Frank

This is a piece written for Nigel Frank Internationals Azure Blog. Click here to continue reading this post on how to jumpstart your Azure Monitor jurney

Share this:

  • LinkedIn
  • Twitter
Operations Manager

SquaredUp free of charge for six months

  • 02/04/202002/04/2020
  • by Martin Ehrnst

For many years I have used SquaredUp professionally and in private projects. Their dashboard solution for SCOM and Azure Monitor has transformed how we consume, view and interact with monitoring data.

Business continuity edition of SquaredUp

Free SquaredUp edition to support business continuity during COVID-19

Today, as I browsed their website looking for some documentation. I noticed they have a free edition of SquaredUp for SCOM to support business continuity during the COVID-19 crisis.
From the looks of it, it seems to be the full version of their product, which lets you map applications and share dashboards to your entire organization.

Here is what they say:

Just like many companies around the world, here at SquaredUp we have switched to a fully remote workplace in an effort to protect our staff, customers and local communities from COVID-19. With the sudden shift to remote working, IT teams are under great pressure to ensure critical systems remain stable and available to end-users.

[…]

That’s why today we are announcing a new Business Continuity edition of SquaredUp dashboards for SCOM, completely free for 6 months.

Richard Benwell, Founder & CEO

Share this:

  • LinkedIn
  • Twitter
Automation

Multi subscription deployment with DevOps and Azure Lighthouse

  • 11/03/202010/03/2020
  • by Martin Ehrnst

Companies today are rapidly adopting new technology. Adding more pressure on the companies IT-department or the service provider. No matter where the workload runs, governance, security, and deployments are fundamental parts.
Azure Lighthouse came last year, and while it solves a lot of our trouble. Multi subscription deployments aren’t one of them – but it sure makes it more possible!

Azure deployments with Azure DevOps

One of the things that make service providers great at what they do is standardization. For example; making sure all subscriptions (customers in many cases) have the same set of baseline Azure policies.

Azure DevOps has multiple ways to deploy resources in Azure or other places. How do we deploy the same Azure template to multiple subscriptions using the same pipeline? In our case, I solved this with some existing features, forward-thinking and PowerShell magic.

Azure DevOps service connection with Azure Lighthouse

Multi subscription deployments with Azure DevOps is not a built-in feature. With Azure Lighthouse it became a little bit easier but will require some work.

First, you must set up a service connection and allow that to access one of your internal subscriptions. In Azure DevOps service connections are bound to one subscription.

For this service connection to be capable of multi subscription deployments, it will need access to your customer’s subscriptions. This can be solved through delegated resource management and Azure Lighthouse.
In my case, I had a group with contributor access. And I could add the SPN to that group. Otherwise, you will have to update your current delegation.

Repository structure

Everything you need, including a YAML pipeline is available on GitHub, but I will walk you through how and why I set it up.

I needed to create not only a solution to deploy one resource to multiple subscriptions. I also needed to deploy multiple ARM templates.

For this purpose, I had the option to create one large PowerShell script with complex logic. Or, I could reuse the same script for every deployment. I chose option two. My code repository now looks something like this

  • ARM-Templates (folder)
    • storage-Account (folder)
      • azuredeploy.json
      • azuredeploy.parameters.json
      • deploy.ps1
    • another-resource (folder)
      • azuredeploy.json
      • azuredeploy.parameters.json
      • deploy.ps1
    • […]
  • azure-pipelines.yaml

PowerShell magic?

In regular deployments, we can use built-in tasks in the pipeline and deploy directly. For multi subscription deployment, PowerShell is my weapon of choice.

To people with PowerShell competency. The script used is fairly simple;

  1. Connect to Azure
  2. Retrieve the subscriptions
  3. Iterate and deploy the ARM template(s) to each customer subscriptions.

Below is a short example. Showing the core in my deployment script (deploy.ps1)

$deploymentName = "Multi-sub-deployment"
$deploymentLocation = "westeurope"
$templateFile = ".\ARM-Templates\storage-Account\azuredeploy.json"
$templateParameterFile = ".\ARM-Templates\storage-Account\azuredeploy.parameters.json"

# getting all subscriptions
$subscriptions = Get-AzSubscription | Where-Object { $_.Id -NotIn $excludedSubs }

foreach ($subscription in $subscriptions) {
        
    # set context to the current subscription
    $subscriptionId = $subscription.id
    Set-AzContext -SubscriptionId $subscriptionId

    # deploy the arm template
    New-AzSubscriptionDeployment -Name $deploymentName -Location $deploymentLocation `
        -TemplateParameterFile $templateParameterFile -TemplateFile $templateFile
}

Multi subscription deployment, build pipeline

Although my repository contains a YAML pipeline, you don’t have to use it. To be honest, I’m not sure I like them. I used too much time trying to wrap my head around it. And at this point, it seems unfinished from the Azure DevOps side. Therefore, I will show you how to set up your pipeline to support multi subscription deployments using the classic method.

azure pipeline template selector

kick off with the classic mode, and chose the empty job on the template page. We could probably discuss if we even need multiple pipelines for this. But it doesn’t hurt, and it will be easier for the next person if we do this by the book.

For the build pipeline, I am renaming my job to something meaningful, and add one single task. Publish pipeline artifact

After you save and run the build. An artifact should be produced. The result should look something like this

Azure pipeline artifact

Multi subscription deployment, release pipeline

After a successful build (or in this case copy files), it is time to create our release pipeline. When using YAML, the two pipelines are combined. Not at all confusing for someone like me, who not that many months ago, didn’t know anything at all about this stuff.

Once again, I start off with an empty job, before I add my artifact from my build pipeline. I also renamed the first stage to “resource deployment”.

Now it’s the matter of adding tasks to our job, and it’s here you will need the service connection that you added earlier. The task we are working with is the Azure PowerShell task. And for multi subscription deployment, it is the only task you’ll need. Below is my task configuration

For some reason, it takes a few tries before pipelines want to work. It might be because of lat hours, or a law created by some guy named Murphy. Anyway, once it’s up and running you shole be able to see something similar to my output below;

2020-03-10T17:13:12.2503976Z ## Az module initialization Complete
2020-03-10T17:13:12.2517976Z ## Beginning Script Execution
2020-03-10T17:13:12.2532801Z Generating script.
2020-03-10T17:13:12.3293381Z ========================== Starting Command Output ===========================
2020-03-10T17:13:12.3416275Z ##[command]"C:\Program Files\PowerShell\6\pwsh.exe" -NoLogo -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -Command ". 'd:\a\_temp\112fe6df-8ee0-4a10-b53e-5694a4d34b0f.ps1'"
2020-03-10T17:13:25.0914923Z No subscription specified. Deploying to all subscriptions
2020-03-10T17:13:25.2151812Z 
2020-03-10T17:13:25.2211374Z Name                                     Account             SubscriptionName    Environment         TenantId
2020-03-10T17:13:25.2292766Z ----                                     -------             ----------------    -----------         --------
2020-03-10T17:13:25.2300155Z MVP-Sponsorship (6dca9329-fb22-46cb-826…  MVP-Sponsorship     AzureCloud          22046864-98a9-4a9…
2020-03-10T17:14:01.7100820Z 
2020-03-10T17:14:01.7151741Z Id                      : /subscriptions/6dca9329-fb22-46cb-826c-/providers/Microsoft.Resources/deployments
2020-03-10T17:14:01.7152947Z                           /Multi-sub-deployment
2020-03-10T17:14:01.7154721Z Location                : westeurope
2020-03-10T17:14:01.7159918Z ManagementGroupId       : 
2020-03-10T17:14:01.7161790Z ResourceGroupName       : 
2020-03-10T17:14:01.7162557Z OnErrorDeployment       : 
2020-03-10T17:14:01.7163149Z DeploymentName          : Multi-sub-deployment
2020-03-10T17:14:01.7163805Z CorrelationId           : d49c10f8-0260-49d5-aa8d-08a41591d1a7
2020-03-10T17:14:01.7164463Z ProvisioningState       : Succeeded
2020-03-10T17:14:01.7165107Z Timestamp               : 3/10/2020 5:14:00 PM
2020-03-10T17:14:01.7166059Z Mode                    : Incremental
2020-03-10T17:14:01.7166610Z TemplateLink            : 
2020-03-10T17:14:01.7167216Z TemplateLinkString      : 
2020-03-10T17:14:01.7167793Z DeploymentDebugLogLevel : 
2020-03-10T17:14:01.7168836Z Parameters              : {[rgName, Microsoft.Azure.Commands.ResourceManager.Cmdlets.SdkModels.DeploymentVariable], 
2020-03-10T17:14:01.7169800Z                           [location, Microsoft.Azure.Commands.ResourceManager.Cmdlets.SdkModels.DeploymentVariable], 
2020-03-10T17:14:01.7173723Z                           [storagePrefix, 
2020-03-10T17:14:01.7174379Z                           Microsoft.Azure.Commands.ResourceManager.Cmdlets.SdkModels.DeploymentVariable]}
2020-03-10T17:14:01.7175014Z ParametersString        : 
2020-03-10T17:14:01.7177870Z                           Name             Type                       Value     
2020-03-10T17:14:01.7178513Z                           ===============  =========================  ==========
2020-03-10T17:14:01.7179228Z                           rgName           String                     adatum    
2020-03-10T17:14:01.7179831Z                           location         String                     westeurope
2020-03-10T17:14:01.7180452Z                           storagePrefix    String                     str       
2020-03-10T17:14:01.7181006Z                           
2020-03-10T17:14:01.7181454Z Outputs                 : {}
2020-03-10T17:14:01.7181916Z OutputsString           : 
2020-03-10T17:14:01.7182291Z 
2020-03-10T17:14:02.0220641Z 
2020-03-10T17:14:02.0937716Z ##[command]Disconnect-AzAccount -Scope Process -ErrorAction Stop

If you look at the output, you can see that the script set’s context to a subscription, and that there is no subscription specified in the pipeline.

Multi subscription deployment summary

Multi subscription deployments with Azure DevOps is not available as a default. But with a little bit of PowerShell trickery, you got a great solution. For service providers and large enterprises, Azure Lighthouse is now a preferred way to manage resources.

By granting a service principal access to your customer subscriptions (or internal for that matter), and use this SPN as a service connection in your Azure Pipeline. You can use PowerShell to iterate through each subscription and deploy the resources needed.

The beauty with this is that it will work regardless of where your DevOps environment is hosted. You can have separate tenants for Lighthouse, Azure DevOps and workplace.

This post described the following, which is required for multi subscription deployment to work.

  • Created an SPN in the management tenant
  • Authorized the service principal through Azure Lighthouse
  • Created a repository and added our scripts and templates to it
  • Created pipelines and used the SPN as our service connection
  • Used PowerShell and the built-in task to iterate through each subscription and perform deployments.

Share this:

  • LinkedIn
  • Twitter

Posts navigation

1 2 3 … 17

Top Posts & Pages

  • Azure AD authentication in Azure Functions
  • Using Azure pipelines to deploy ARM templates
  • Creating Azure AD Application using Powershell
  • Access to Blob storage using Managed Identity in Logic Apps - by Nadeem Ahamed
  • Web API for System Center Operations Manager
  • HealthServiceStore.edb file growth
  • Azure Lighthouse why is it so important
  • Multi subscription deployment with DevOps and Azure Lighthouse
  • Working with Azure Monitor Rest API
  • Microsoft killed SCOM internally

Tags

agent announcements api authoring Automation Azure AzureAD AzureCloudShell AzureFunctions AzureLighthouse AzureMonitor AzureRM AzureSpringClean Community CSP database EventGrid ExpertsLive ExpertsLiveEU Integrations LogAnalytics management pack monitoring MSIgnite MSIgnite2017 MSOMS MSP nicconf OperationsManager OpsMgr Powershell ProjectHonolulu QUickPublish rest SCDPM SCOM SCOM2016 scu2016 SCVMM Serverless SquaredUP SysCtr system center Webasto WindowsAdminCenter

Follow Martin Ehrnst

  • Twitter
  • LinkedIn

RSS Feed RSS - Posts

RSS Feed RSS - Comments

Microsoft Azure MVP

Martin Ehrnst Microsoft Azure MVP
Adatum.no use cookies to ensure that we give you the best experience on our website. If you continue to use this site we will assume that you are happy with it. Cookie Policy
Theme by Colorlib Powered by WordPress
adatum
Proudly powered by WordPress Theme: Shapely.