Monday 8 January 2018

Virtual Machine

VM Creation:

Create VM-> choose image
Step1: Provide Basic details
Step2: Choose a size
Step3: provide settings

Step4: Create

Add Data Disks

We can add extra data disks to Virtual machines.
Create VHD in on-premise
·        Open Disk management->Create VHDàprovide VHD name path.
·        Click on Disks->Initialize disk
·        Click on unallocated sizeàRight click select New Simple Volume.
·        Click on disk->detach VHD
Upload VHD to blobàGo to VM->disks->add disk-> add blob url.
Capture VM image
It will use for create VM image multiple times based on single VM Image(both OS and Data).
Login VMà Open sysprep:  C:\Windows\System32\Sysprep sysprep.exe
Select generalize checkbox
Click Capture in Azure VM
Enter Name in Create image section
Note: Once you create generalize image, then VM is not useful, we need to delete it.



Backup
Goto->VM ->Backup->Provide Recovery service vault name and policy->create.
Recovery
Goto Recovery Vault ->Click on backup items->Virtual machines->Click on VM NameàRestore VM
Load balancer
It is a VM container and it manages the load between VM’s.
Azure Load Balancer delivers high availability and network performance to your applications. It is a Layer 4 (TCP, UDP) load balancer that distributes incoming traffic among healthy instances of services defined in a load-balanced set.
  Load balance incoming Internet traffic to virtual machines. This configuration is known as Internet-facing load balancing.
  Load balance traffic between virtual machines in a virtual network, between virtual machines in cloud services, or between on-premises computers and virtual machines in a cross-premises virtual network. This configuration is known as internal load balancing.
  Forward external traffic to a specific virtual machine.
 Availability set overview
An Availability Set is a logical grouping capability that you can use in Azure to ensure that the VM resources you place within it are isolated from each other when they are deployed within an Azure datacenter. Azure ensures that the VMs you place within an Availability Set run across multiple physical servers, compute racks, storage units, and network switches.
If a hardware or Azure software failure occurs, only a subset of your VMs are impacted, and your overall application stays up and continues to be available to your customers. Availability Sets are an essential capability when you want to build reliable cloud solutions.

Fault Domain :
  A fault domain is a physical point of failure. Think of a computer (or a rack of servers) that is physically plugged in to a power outlet in one location (Unplanned update). If a power outage happens, that computer goes offline.
When creating a new virtual machine instance, Azure will automatically place that instance in a new Fault Domain. This ensures that if you have 2 instances of a service, they cannot be in the same fault domain.

Update Domain:
  Whereas Fault Domains are a physical separation, Upgrade Domains are a logical separation. Upgrade domains exist so when Microsoft rolls out a new software feature or bug fix (Planned update), each upgrade domain is upgraded at different times. This ensures that if you have at least 2 instances, your service will never go down as the result of an upgrade.
  Azure services can have up to 5 upgrade domains by default (max of 20). When you create a new service instance, Azure automatically places it in the next upgrade domain. If you have more than 5 instances, 7 for example, upgrade domains 0-1 will have 2 instances and upgrade domains 2-4 will have 1 instance.
 Load balancer setup process:
   You must add Availability set for all Virtual machines that you are going to add in Load balancer.
   Availability set only enable at the time of VM creation.
   All Availability set VM should use same Virtual Network.


IOPS and DiskPool 

SQLIO: https://www.microsoft.com/en-us/download/details.aspx?id=20163
Download and install to test the IOPS of disk.
Diskspd.exe -b8K -d1 -r -w50 -c50M c:\io.dat
d- number of seconds.
b- IO block size in bytes
r- Read operations
w- write operations
c-create file
IOPS- Input ouput operations
Create 4 or 5 data disks based on your requirement
Server Manager->File and Storage services->Storage pool->Select all disks and right click, choose new storage pool.
Under Virtual Disk->new virtual disk ->etc
It will create disk pool and it will have more IOPS than normal disk.




Azure VNET

VNET- Customer managed secure, isolated virtual network.
·        Services and VMs that are part of VNET can access each other.
·        Each VNET can have as many subnets
·        All services deployed within a VNET can access internet 
Typed of VNET's
·        Cloud only VNET
o   When a VNET created in Azure
o   VMs and services access through endpoints.
o   No configuration of VPN device required.
·        Cross premise Virtual network(Hybrid network)
o   Connection of On-Premise network with the Cloud VNET through site to site tunnel.
o   Requires a VPN device.
VNet Address space and Subnet
o   Specify Topology during VNET creation: address space and subnet
o   Private address space
§  This is the range VMs and services can use
§  Non Routable(these can’t access by public network)
§  Specified in CIDR Notation (classless inter domain routing)
·        10.0.0.0/8: 10.0.0.0 to 10.255.255.255
·        172.16.0.0/12: 172.16.0.0 to 172.31.255.255
·        192.168.0.0/16:192.168.0.0 to 192.168.255.255
o   Subnet
§  Break up the network with more manageable sections.
§  All services can access across subnets.
§  Network security groups can be utilized to implement rules .
VNet Creation and NSG.
VNET Creation:

Subnet:


 
Inbound/outbound rules:



VIP- Public IP address.
DIP- Private IP address.
Click on subnets and add NSG, users to your subnet. NSG and users should be created before assigning to subnet.
NSG creation and add security rules:
·        Go to NSG->Provide name, same resource group as VNET->Same location->Create
·        Add inbound , outbound rules that you want to assign to subnet.
You can use firewall rules to block or allow specific traffic passing through from one side to the other. 
·        Inbound rules (WAN to LAN) restrict access by outsiders to private resources, selectively allowing only specific outside users to access specific resources. 
·        Outbound rules (LAN to WAN) determine what outside resources local users can have access to.
If the Windows Firewall is turned off then it will have no effect, and the Inbound and Outbound rules will mean nothing.
·        You can associate subnet in NSG.  

Some Important 18 protocols and ports in Network.

TCP
Transport control Protocol
(Connection Oriented)
UDP
User datagram protocol
(Connection less)

FTP-File Transfer protocol
20 – File Transfer
,21 –Connection establish
SNMP-Simple Network management  protocol
161,162
  TFTP- Trivial File Transfer Protocol
69
NTP- Network Time Protocol
123
SFTP- Secure File Transfer protocol
22
SIP- Session Initiation Protocol
5060, 5061

SSH – Secure shell
22
RTSP – Real Time Streaming protocol
554
                                                           LDAP- Lightweight Directory Access protocol
                                                          389
                                                          RDP- Remote desktop protocol
                                                          3389
TELNET
23

SMTP- Simple Mail transfer protocol
25
IF SSL
465

IMAP4 – Internet message access protocol
143
If SSL
993

POP3 -  Post office protocol
110
If SSL
995

HTTP- Hyper text transfer protocol
80

HTTPS- Hyper text transfer protocol secure
443


Hybrid network connectivity

·        Connecting On premise network to the Azure Virtual network
·        Connecting from Azure Vnet to Vnet
Following options available in cross premise connectivity.
·        Point to Site VPN
·        Site to Site VPN
·        Express route
·        VNet to VNet
·        Multi site VPN
VPN Gateways:
Point to site and site to site both require setting up a VPN gateway.
2 types of VPN gateways:
·        Static routing VPN Gateway-Policy based. Encrypt and encapsulate a subset of traffic flowing through an interface according to custom defined policy. The policy dictates the interesting traffic.
·        Dynamic routing VPN Gateway-Route based VPN. A tunnel interface is employed. Any traffic going to tunnel interface is placed into the VPN.
Multi-site VPN, VNet to Vnet and Point to site require dynamice routing VPN gateways.
Point to site VPN.
Providing organization employees/users to organization network access from anywhere.
·        individual client machines connect to Azure VNet using traditional VPN client
·        Utilizes SSTP(secure socket tunnel protocol).
·        Users certificate authentication between client computers and Vnets.
·        Individually configured: VPN client installed on client computer.
Sequence of steps to establish Point to Site VPN
1.      Create a VNet in Azure.
2.      Create a Network gateway and Virtual network gateway from management portal or Powershell.
a.      Go to VNet subnet section, create network gateway subnet. It will create range Ip address that be used by VPN clients.
b.      Goto Virtual network Gateway and provide information.
3.      Create self-signed root certificate.
a.      We need a Makecert.exe to create root certificate, enter dir/s makcert.exe in cmd prompt to find out makecert exist in machine, if not found download it from here: Makecert.
b.      Before going to run makecert command, we need to do these: Open Root console(type mmc in Win+R)-> File->add/Remove snap in->Certificate->add->my user account->finish.
c.      Cd to makecert location and run ” makecert -sky exchange -r -n "CN=VnetP2SRootCer" -pe -a sha1 -len 2048 -ss My .\VnetP2SRootCertOrg.cer “.
d.      You should see Root certificate in mmc console personal folder.
4.      Create self-signed client cert from root cert.
a.      Create client cert using root cert, run this command “makecert -n "CN=VnetP2SClient" -pe -sky exchange -m 96 -ss My -in "VnetP2SRootCer" -is My -a sha1”
b.      You should see client certificate in mmc console personal folder.
5.      Export root and client cert from certificate store.
a.      Right Click on root cert ->all tasks->export ->No, Don’t export private key->Check Base 64 format->save.
b.      Right Click on client cert ->all tasks->export ->Yes,  export private key->provide password >save.
6.      Upload Root authentication cert to azure.
a.      Open exported Root Cert in Edit plus/Visual studio, make cert text in one line and copy.
b.      Goto portal->Virtual network gateway->Point to site configuration->provide not overlap IP with Vnet->provide copied root cert data and save it.
7.      Install the client certificate on the client machine to authenticate to the VNET.
a.      Install the Client cert in user machine by clicking on client cert->Enter password->Next(everything should be default)-> Save.
b.      You should see client certificate in mmc console trusted certifcate folder.
8.      Install client VPN package-Download from azure.
a.      Download VPN package from Virtual network gateway and install it on machine.
b.      You can see VnetP2SClient option in wifi network section in windows.
9.      Establish VPN and verify connectivity.
a.      Open Network and connect to Vnet.
b.      You can access VNET resources.

Sunday 7 January 2018

Introduction to Cloud Computing


·        What is Cloud Computing
·        Cloud Characteristics
·        Cloud Computing Service Models
·        Deployment Models in Cloud Computing
·        Advantages and Disadvantages of Cloud Computing
What is Cloud Computing?
·        Cloud is just a metaphor for the internet, when we say cloud, we are just referring to internet. 
·        In the simplest terms, cloud computing means storing and accessing data and programs over the Internet instead of our local computer's hard drive.
·        The phrase cloud computing means "a type of Internet-based computing" where different services — such as servers, storage and applications — are delivered to an organization's computers and devices through the Internet.
·        Cloud Computing refer to a variety of services available over the Internet that deliver computing functionality on the service provider's infrastructure.
·        A cloud computing service consists of highly optimized data centers (third party data centers from the end user point of view), that provide various hardware, software and information resources (when needed).
·        Cloud platform hide the complexity and details of the underlying infrastructure from users and applications by providing very simple graphical interface or API (Applications Programming Interface).
·        The Cloud platform provides on demand services that are always on, anywhere, anytime and anyplace.
Why are businesses moving to cloud?
In traditional hosting, a software company has to deal with licensing costs, protection of data, frequent upgrades to latest technologies, maintenance and up gradation of hardware and most important finding the right skillsets at the right time. 
Cloud Characteristics
·        Characteristics of Cloud computing that distinguish it from traditional hosting.
·        Remotely hosted: Services or data are hosted on remote infrastructure.
·        Ubiquitous: Services or data are available from anywhere through internet.
·        Resiliency: Cloud providers generally mirrors solutions to multiple data centers to minimize downtime in the event of a disaster. 
·        On-demand self-service: A consumer can himself provision computing capabilities, such as server time and network storage, as needed automatically without requiring human interaction with each service’s provider. It is sold on demand mostly by the minutes or hours. (Pay as you go model)
·        Rapid elasticity – A user can utilize as much or little of the cloud service as required. For example resources (ex: webservers) on the cloud can be scaled to meet high traffic in peak times or scaled down in times of less traffic. 
·        Broad network access. Capabilities are available over the network and accessed through standard mechanisms that promote use by heterogeneous thin or thick client platforms (e.g., mobile phones, laptops, and PDAs).
·        Fully managed by the provider - The user is abstracted from the details of how the service is managed in the cloud. For example the user need not worry about aspects such as hardware used, software updates and patches, plug-ins, web security. There is optimum utilization of resources and as well as sharing of resources. Everything is taken care of by the provider.
Cloud Computing Service Models
Cloud Computing = Software as a Service (SaaS)
  + Platform as a Service (PaaS)
  + Infrastructure as a Service (IaaS)
1)    IaaS (Infrastructure as a Service): 
a. Delivers computer infrastructure, typically a platform virtualization environment as a service. 
b. Cloud providers build datacenters, managing power, scale, hardware, networking, storage, distributed systems, etc
c. Rather than purchasing servers, software, data center space or network equipment, clients instead buy those resources as a fully outsourced service. 
d. Eg: Amazon Web Services(AWS), Rackspace Hosting, VMWare, Citrix
2) PaaS (Platform as a Service): 
a. Provides developer's necessary tools to create, test, host and maintain created applications. 
b. Cloud providers offer an Internet-based platform to developers who create services but don't want to build their own cloud. 
c. Ex: Windows Azure, Google App. 
3) SaaS (Software as a Service): 
a. From end user’s point of view apps are located in the cloud and it is almost always accessible
through a web browser. 
b. Any application hosted on a remote server that can be accessed over the Internet is considered as SaaS. 
c. Ex: Windows Azure, Gmail, Google Apps (Office like features), Sales Force CRM

The following picture neatly summarizes the functionality of the three service models of the cloud.


Deployment Models in Cloud Computing
There are three main deployment models in Cloud Computing.
1. Public Cloud: 
·        These are the clouds which are open for use by general public and they exist beyond the firewall of an organization, fully hosted and managed by vendors.
·        Your data is stored in the provider’s data center and the provider is responsible for the management and maintenance of the data center.
·        Because you are sharing computing resources among a network of users, the public cloud offers greater flexibility and cost savings.
·        This is good option if your demand for computing resources fluctuates. You have to purchase the capacity on the basis of usage and can scale up or scale down server capabilities based on traffic and other dynamic requirements.
·        This type of cloud environment is appealing to many companies because it reduces lead times in testing and deploying new products.
·        Cons: They are more vulnerable than private clouds and there is no control of resources used or who shares them. 
Note: Even though you don’t control the security of a public cloud, all of your data remains separate from others and security breaches of public clouds are rare.
2. Private Cloud: 
·        A private cloud hosting solution, also known as an internal or enterprise cloud, resides on company’s intranet or hosted data center where all of your data is protected behind a firewall.
·        This can be a great option for companies who already have expensive data centers because they can use their current infrastructure.
·        You go for a private cloud when you have strict security and data privacy issues.
·        Cons: The main drawback people see with a private cloud is that all management, maintenance and updating of data centers is the responsibility of the company.
3. Hybrid Clouds:
·        They consist of external and internal providers, namely a mix of public and private clouds.
·        Secure & critical apps are managed by an organization and the not-so-critical & secure apps by the third party vendor. For example, you can use a public cloud to interact with the clients but keep their data secured within a private cloud. Most companies are now switching to Hybrid clouds.
·        Ideal in situations where you have plans are to migrate to a complete cloud solution as existing hardware expires or you have some applications or hardware that are not ready for the cloud
 Advantages and Disadvantages of Cloud Computing
Advantages of Cloud Computing: 
1. Lower Computer Cost
2. Improved Performance
3. Reduced Software Cost and Instant Software Updates
4. Unlimited Storage Capacity 
5. Universal Document Access
6. Increased data reliability 
7. Device Independence 

Disadvantage of Cloud Computing:
              1. Requires a constant Internet connection.
2. Does not work well with low-speed connections.
3. Features might be limited based on provider you choose.
4. Can be slow. 
5. Stored data might not be secure.
6. If your data is stored abroad whose policy do you adhere to?