Jake Walsh | Azure / Citrix / EUC / and more...

Azure Automanage Preview

· September 29, 2020 · Azure, Azure Automanage, Microsoft, Quick Post

Tagged: Azure, Azure Automanage, Microsoft, Quick Post, Testing

Hello! In this post I’ll be covering an overview of the Azure Automanage Preview – and giving an overview of how it can be used to simplify management, achieve best practice, and provide automation of Virtual Machines in a few quick steps.

What is Azure Automanage?

Azure Automanage is a service that removes the need to “discover, know how to onboard, and how to configure certain services in Azure that would benefit your virtual machine.” (Microsoft Docs – https://docs.microsoft.com/en-gb/azure/automanage/automanage-virtual-machines)

Essentially – it allows you to automate the configuration of your Azure VM as per best practice within the Microsoft Cloud Adoption Framework. This includes monitoring, backup, and monitors the drift of your VM away from best practice – and can automatically bring it back into the required state.

The key here is simplicity – the experience is simple and easy to use.

Prerequisites

Only Windows Server VMs are supported
VMs must be running
VMs must be in a Supported Region – currently (28/09/2020) this is West Europe, East US, West US 2, Canada Central, and West Central US.
The User must have the correct permissions (to configure Automanage from scratch you will need Owner or Contributor, along with User Access Administrator)
VMs must not link to a Log Analytics Workspace in a different Subscription

Note: this is a preview service - so these are likely to change!

Participating Services

At the current time, Automanage includes the following Services, which are automatically onboarded, configured, monitored for drift, and remediated as required when you use Automanage:

VM Insights Monitoring – Monitors the health and performance of your Virtual Machine
Backup – Provides backups of the Virtual Machine
Azure Security Center – Automanaged configures the free tier of Azure Security Center within the subscription your VM is inside.
Microsoft Antimalware – Real time protection for your VM against viruses, spyware, and malicious software.
Update Management – Provides automated updates for your VM
Change Tracking and Inventory – Combines change tracking and inventory to monitor and track VM changes.
Azure Automation Account – supports Azure Automation
Log Analytics Workspace – stores data in Log Analytics Workspace.

You can configure these services using one of the default configuration profiles with Automanage – or create your own.

Setting up Automanage

Setting up Automanage is really easy! For my test I have a single Azure VM running in the East US Region – and I am going to configure Automanage to look after this VM for me. From the Azure Portal – search for “Automanage”, and select Azure Automanage:

Then click on “Enable on existing VM”:

Note – you can also setup Automanage at the time of creation – see here. Next, we need to select the VMs to onboard into Automanage. To do this, click on “Select machines”:

Select the VM you want to enable and click Select:

We can then select the Profile that will be applied (which controls the configuration of Automanage):

By default there are two profiles – Dev/Test and Production. It is worth spending some time looking through these to make sure you are applying settings that are appropriate. You can also create custom profiles – by clicking on “Create new preferences”. See more about custom profiles here. For my test I will use the Production Profile – you can browse the settings and configuration that will be applied by this profile by exploring the highlighted section below:

Once we are ready to apply this – just click “Select”. The summary screen is then shown – and we are ready to enable. Note that the Automanage account is also created at this time. Click on Enable in the below screenshot – and the configuration will then be applied:

My test VM is now shown within Automanage – as you can see the deployment is still in progress:

The deployment takes some time – but as it progresses we can see the Automanage elements being created in a new Resource Group:

Once the deployment has completed – the status will change to “Configured”:

So we now have a Virtual Machine that is configured and managed by Automanage – let’s take a quick look at what this has configured for us:

In our Backup Vault (automatically created) we now have a protected VM that is backed up daily:

Our VM is being analysed for Updates:

We have an Automation Account that contains our VM:

Within Update Management we can also check on the Status of our Automanage enrolled VM:

We can also delve into this update data (and more!) via our (automatically created by Automanage) Log Analytics Workspace:

Obviously I’ve only scratched the surface of Automanage here – but hopefully this post helps to give an understanding and show some of the features of the Automanage preview. Until next time – thanks for reading!

A few links to useful documentation resources that may help:

Creating a secure Home/Guest/IOT Wifi environment with Ubiquiti

· April 15, 2020 · Home Network, Quick Post, Smart Home, Ubiquiti, Wireless

Tagged: Community, Quick Post, Smart Home, Ubiquiti, Wireless

As many of my friends and colleagues will know, I am a big fan of Smart Home/IOT technology – plugs, lights, sensors, cameras… I like automating things around the house – partly for security reasons, partly for reasons of making my life easier, but mostly because I enjoy working with technology! 🙂

However, I am well aware of the security implications of Smart Technology – and in particular the risks associated with placing devices onto a home network, where devices with personal information are regularly used.

In this post I’ll give an overview of how I am securing my network – with minimal effort… (All of this can be configured in under 10 minutes)

I’m using the awesome Ubiquiti Unifi nanoHD APs:

Ubiquiti equipment and software is AWESOME, especially if you want effective and easy to use control over your network, without having to use complex configuration scripts or a confusing GUI. There are a few things you can do to secure Smart Technology items, and also to create a secure environment for Guest Users, Children, and anyone/anything else you may wish to restrict in some way. The key features that help here are:

Separate Wireless Networks – I have a Wireless Network setup for my own devices, another for Smart Tech items, and another for Guest Users – these are best off separated and kept apart! (These are all broadcast from the same AP too – with no need for extra hardware)
Time based Wireless Network access – this is more for those with children, whereby you can have a Wireless Network that is available only between certain times.
Throughput Control – this allows a Network to be restricted to a specified total bandwidth throughput. Useful for ensuring one device/user/network does not overload your internet connection
IP range restrictions – this allows devices on specific Networks to be restricted when trying to access certain IP ranges or addresses. This is great for Guest networks – and can be used to ensure those Guest users can only access the internet for example. Many Smart Tech devices also require only internet access, with no need for them to communicate with other items on your network.

Configuration of all of the above is extremely simply using the Ubiquiti Controller – I’m running this on my own server, but the Cloud Keys are worth a look if you don’t have this option or want a dedicated device. Thankfully all of the above is just a few clicks in the Controller interface too – no need for any configuration, cabling, or code!

Separate SSIDs

This is very easy to setup – from the settings interface, browse to Wifi Networks, and then create the networks you require:

Ensure that for any IOT or Guest Networks you mark these as Guest Networks – as the security restrictions (IP based) then apply:

Time based SSID access

Again, this is a breeze to setup – on the SSID you want to restrict select, Edit (shown below):

You can then control the time on a schedule:

This setting is probably more for those with children who’s access they are trying to limit – unless you have devices you don’t want online at certain times.

Throughput Control

Throughput control is based on creating User Groups – with a throughput limit assigned to the Group. I have the following Groups setup:

Personally I think I am quite generous with my Guest users…

Next – we need to associate the Groups with a Wireless Network, so that the bandwidth restrictions are applied to that Network. To do this, go back and edit the Wireless Network:

Within the User Group section – select the required Group:

Now your Wireless Network has a configured throughput limit!

IP Restrictions

These are also very easy to setup, browse to the Guest Control section of the Settings Menu – and then add any IP ranges or addresses you want to prevent Guest Users (any Wireless Network marked as Guest) accessing:

I’ve left this default – any private address is restricted – so my Guest Users and IOT Devices can only access the internet, and are prevented from accessing anything else on my networks.

Hope this helps – until next time!

Azure Front Door – Azure Advent Calendar 2019

· December 11, 2019 · Azure, Azure Front Door, Community, Microsoft

Overview

This year I have had the pleasure of taking part in the Azure Advent Calendar, a community driven event that runs throughout December 2019. The calendar is brought to us by MVPs, Gregor Suttie and Richard Hooper. A huge shout out to Anthony Mashford for letting me know about it too!

The idea is simple – each day throughout December a series of Blog Posts and Videos about different Azure topics are released, by people who work with these technologies. For me – I wanted to choose something I had not had a huge amount of exposure too. So not only do I learn something in the process, but also through my own discovery I can (hopefully!) help others learn along the way.

Azure Front Door

Azure Front Door is a service that offers features similar to those found in many different types of Application Delivery Controllers, throughout datacenters worldwide. However, as with everything in Microsoft Azure, it brings a wealth of additional features and benefits. The key features and benefits to using the service are:

Application Performance Acceleration
Increased availability via Smart Health Probes
URL Based Routing
Multiple Site Hosting
Session Affinity
SSL Termination
Custom Domains and Certificate Management
Application Layer Security
URL Redirection
URL Rewrite
Native IPV6 and HTTP/2

Who would benefit from the Service?

Anyone currently utilizing Azure to host any web service would benefit from the Front Door Service in my opinion – the wealth of features make it an ideal companion and provide optimizations that fit around existing services and improve them vastly. Also anyone wishing to accelerate the performance of a Web Application elsewhere could also benefit – even if that application not hosted in Azure.

Okay – I’m convinced, how do I try it?

The great news is that Azure Front Door can be tried and tested both rapidly and very cost effectively. I’d recommend starting out how I have, with two identical Web Apps, and practice setting up Front Door, and creating the various configuration items, as I have done in my demo. From there you can try out more complex settings and build up from this foundation. The basic setup and creating a rule is something shown in my video below – and this will get you a basic setup that you can then modify and tweak to learn move and forward with.

Azure Advent Calendar Video

Happy Christmas!

Thanks for reading my post and watching my video – please do feel free to reach out if you’d like any more information, I’m active on Twitter over at @jakewalsh90 🙂