Lab Ops – Working with Azure VMs

by Guest Post on November 27, 2014

in SQL Server

A couple of months ago I had a very interesting chat with Andy a Data Centre admin at CP Ltd about using PowerShell to manage Azure as Andy is partially sighted, and his team mate Lewis is blind (For more on this please read Andy’s post on the TechNet UK blog) .  I wanted to go into some of the PowerShell in a little more detail so that you can be a good as administrator on Azure as these guys are.  For this post I am going to assume you know how to work with Azure and are familiar with concepts like storage, cloud services and networking, though you will get an idea if you follow this post!

Firstly to get working with PowerShell on Azure we need to get hold of PowerShell for Azure and remember to check back regularly as they change as Azure changes.

Before we can run any PowerShell against our subscriptions we need to setup some sort of trust otherwise anyone can create services against our subscription.  The simplest way to do this is with

Get-AzurePublishSettingsFile

this will launch the Azure management portal and ask us to sign in. This command will then save a file to our local machine which we can then consume the file like this..

Import-AzurePublishSettingsFile -PublishSettingsFile "C:\AzureManagement\some filename.publishsettings"

However the problem with this approach is that you have access to the whole subscription which is fine for demos and labs. In production you’ll have some sort of Active Directory in place and you'll connect to that with:

$ userName = "your account  name" $ securePassword = ConvertTo-SecureString -String "your account password" -AsPlainText –Force

$ Azurecred = New-Object System.Management.Automation.PSCredential($ userName, $ securePassword)

Add-AzureAccount -Credential $ Azurecred

Now we can run any of the PowerShell for Azure commands against our subscription but before we can do too much with Azure VMs we will need a storage account to store them..

$ StorageAccountName = “lowercase with no spaces storage account name”

$ AzureLocation = “West Europe”

New-AzureStorageAccount –StorageAccountName $ StorageAccountName –Location $ AzureLocation 

where –Location specifies the data centre you want the storage account to reside in e.g. West Europe and get-AzureLocation will give you all the data centres you can choose. Now we have a storage account we need to declare that as the default location for our VMs ..

$ SubscriptionName = (Get-AzureSubscription).SubscriptionName
Set-AzureSubscription -SubscriptionName $ SubscriptionName -CurrentStorageAccountName $ AzureStorageAccountName

If you are familiar with VMs in Azure you’ll know that by default each VM get’s its own wrapper or cloud service but in this demo I want to put three of these VMs into the same cloud service which we can create with..

$ AzureServiceName = “This needs to be unique on Azure.cloudapp.net”

New-AzureService -ServiceName $ AzureServiceName –Location $ AzureLocation -Description "Lab Ops cloud service"

Before we can create any VMs we need to also have a network in place and it turns out the PowerShell port for this in Azure is pretty weak all we can do is setup a network using an xml file in the form of

<NetworkConfiguration xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://schemas.microsoft.com/ServiceHosting/2011/07/NetworkConfiguration">
  <VirtualNetworkConfiguration>
    <Dns>
      <DnsServers>
        <DnsServer name="AzureDNS" IPAddress="10.0.0.4" />
      </DnsServers>
    </Dns>
    <VirtualNetworkSites>
      <VirtualNetworkSite name="My-VNet" Location="West Europe">
        <AddressSpace>
          <AddressPrefix>192.168.0.0/16</AddressPrefix>
        </AddressSpace>
        <Subnets>
          <Subnet name="My-Subnet">
            <AddressPrefix>192.168.10.0/24</AddressPrefix>
          </Subnet>
        </Subnets>
      </VirtualNetworkSite>
    </VirtualNetworkSites>
  </VirtualNetworkConfiguration>
</NetworkConfiguration>

you can hack this around and then save it as something like VNnet.xml and then apply it to your subscription with.

$ AzureVNet = Set-AzureVNetConfig -ConfigurationPath " path to VNet xml file"

for more on how to hack this file with PowerShell rather than editing it then have a look at Rik Hepworth’s (azure MVP)  blog  –

Now to create those VMs we have more choices -  we could use a template VHD of our own but for now we will  just use the gallery images just as we can in the Azure Management portal.  To do this we need to interrogate the gallery to find the right image with something like this..

$ AzureImage = Get-AzureVMimage | where imagefamily -eq "Windows Server 2012 R2 datacenter" | sort-object PublishedDate -Descending  | select-object -first 1

which will get the most recent gallery image for Windows Server 2012R2 datacenter edition. I can then consume this in a script to create a VM

$ AdminUser = "deepfat"
$ adminPassword = "Passw0rd!"

New-AzureVMConfig -Name $ VMName -InstanceSize Medium -ImageName $ AzureImage.ImageName | `
        Add-AzureProvisioningConfig –Windows -AdminUsername $ AdminUser –Password $ AdminPassword | `
        Set-AzureSubnet 'Deepfat-Prod' |`
        New-AzureVM –ServiceName $ AzureServiceName –Location $ AzureLocation -VNetName $ AzureVNet

Note that if you want to embed these snippets  in a script you’ll need to get clever and introduce some wait loops to allow the VMs to spin up.

By default when you create a VM a couple of endpoints will be created one for RDP and one for PowerShell.  In reality you wouldn’t necessarily want to do this as you may have site to site VPN in which case this is redundant or you might just do this on one VM to manage the rest or use Azure Automation.  We need to query for these ports as in a cloud service each VM will have the same DNS entry but with different random ports:

$ VM = Get-AzureVM -ServiceName $ AzureServiceName -Name $ VMName

$ VMPort = (Get-AzureEndpoint -Name PowerShell -VM $ VM).port

In Andy’s post he published a self signed certificate to his cloud service which is needed to enable a secure remote PowerShell session to the VM.  However if we are just trying this in a lab then we can use the certificate that Azure automatically creates when a cloud service is created as this is also trusted by the VMs in that cloud service by default.  We can then pull this down and trust it on our local machine with

(Get-AzureCertificate -ServiceName $ AzureServiceName -ThumbprintAlgorithm SHA1).Data | Out-File "$ {env:PUBLIC}\CloudService.cer"
Import-Certificate -FilePath  "$ {env:PUBLIC}\CloudService.cer" -CertStoreLocation Cert:\LocalMachine\AuthRoot

Now we have all the setting and permissions we need to setup a remote PowerShell session to our VM..

$ VMCred = new-object -typename System.Management.Automation.PSCredential -argumentlist $ AdminUser, (ConvertTo-SecureString $ adminPassword -AsPlainText -Force  )

$ VMSession = New-PSSession -ComputerName ($ AzureServiceName + ".cloudapp.net") -Port $ WFE1Port -Credential $ VMCred -UseSSL -Name WFE1Session

with this session we can now add in roles and features, turn on firewall rules and so on like this

Invoke-Command -Session $ WFE1Session -ScriptBlock {
    Get-WindowsFeature Web-server | Add-WindowsFeature –IncludeAllSubFeature}

If we want to work on a SQL server VM (there’s a bunch of gallery items on Azure with different editions of SQL Server on) then it might be useful to enable SQL Server mixed mode authentication in which case we need to pass parameters into the session and the simplest way to do this is by using the param() setting inside the script block with and –ArgumentList switch at the end (remembering to keep the parameters in the same order..

Invoke-Command -Session $ VMSession -ScriptBlock { param($ VMCred, $ VMName)
    #set SQL Server to mixed mode and restart the service in the process
    Get-SqlInstance  -machinename $ VMName -credential $ VMCred -AutomaticallyAcceptUntrustedCertificates |  Set-SqlAuthenticationMode  -Mode Mixed -Credential $ VMCred -ForceServiceRestart -SqlCredential $ VMCred
      }
-ArgumentList $ VMCred, $ VMName

as this allows us to reuse the parameters we are already working with in the remote session and enhances readability.

So that’s a quick introduction to some of the stuff that the more enlightened IT Professionals like Andy are using to make their lives easier and actually a lot of the stuff in this post works in your own data centre (like the stuff at the end to setup SQL Server) so using Azure really is just an extension of what you are used to.

Be warned -  stuff keeps changing on Azure.
For example a lot of older examples use Affinity Groups in azure to co-locate VMs but this is on the way out so I deliberately didn’t reference that here.  My advice is to be wary of older posts and follow the Azure blog particularly if what you are trying to do is still in preview


Insufficient data from Andrew Fryer

{ Comments on this entry are closed }

Preview Release of the SQL Server JDBC Driver

November 27, 2014

Today we are pleased to announce the availability of a community technology preview release of the Microsoft JDBC Driver for SQL Server! Download the preview driver today here. The JDBC Driver for SQL Server is a Java Database Connectivity (JDBC) 4.1 compliant driver that provides robust data access to Microsoft SQL Server and Microsoft Azure […]

Read the full article →

A bit about Bundles in Inbox

November 26, 2014

Posted by Shalini Agarwal, Product Manager One of the first things you’ll notice using Inbox is that it feels less cluttered and overwhelming with messages grouped into Bundles. Bundles, illustrated by Manu Cornet, Software Engineer on Inbox Bundles expand on Gmail’s categories so you can stay organized with less effort and read the most important […]

Read the full article →

Improvements to configuring Remote Desktop Service Host certificates in Windows 8, Windows 8.1, Windows Server 2012 and Windows Server 2012 R2

November 25, 2014

In a previous blog post we explained how to configure Remote Desktop certificates for Windows 7. In Windows 8 (and 8.1) and Windows Server 2012 (and R2) configuring Remote Desktop certificates has become easier: 1. It is no longer required for the template name and template display name to be the same. 2. You no […]

Read the full article →

Real Estate Joins Brazil’s Big Startup Industries

November 24, 2014

 Editor’s note: Julie Ruvolo is a freelance writer and editor of RedLightR.io and RioChromatic.com.  Add real estate to the industries that have captured the attention of venture investors in Brazil. Real estate marketplace VivaReal recently raised a $ 41.3 million Series C with Spark Capital and Lead Edge Capital. The raise is one of the largest […]

Read the full article →

Bookmarks get a new look and learn a few new tricks

November 24, 2014

We all know how hard it can be to find something once you’ve saved it. Starting today, it’s a lot easier thanks to an update to bookmarks in the latest Chrome Beta. We’ll be rolling this feature gradually out over the next few weeks. Try out the new Bookmarks Manager by going to your Chrome […]

Read the full article →

NetBSD launches stability updates

November 24, 2014

The NetBSD project has announced two important stability updates for its highly portable operating system. The NetBSD Project is pleased to announce NetBSD 5.1.5, the fifth security/bugfix update of the NetBSD 5.1 release branch, and NetBSD 5.2.3, the third security/bugfix update of the NetBSD 5.2 release branch. They represent a selected subset of fixes deemed […]

Read the full article →

How to troubleshoot End User Recovery problems in System Center 2012 Data Protection Manager

November 23, 2014

A Guided Walkthrough is now available that helps identify and troubleshoot issues relating to End User Recovery (EUR) in System Center 2012 Data Protection Manager (DPM 2012 or DPM 2012 R2). If you are experiencing issues related to End User Recovery then the troubleshooter below is a good place to start. KB3017550 – Troubleshooting End […]

Read the full article →

Going under the hood of Inbox

November 23, 2014

Posted by Garrick Toubassi, Engineering Director Editor’s note: Be forewarned that the following post has much more technical mumbo-jumbo than our normal fare, taking you behind-the-scenes of the development of Inbox. So if you’re a practicing engineer, an aspiring hacker, or just plain interested in knowing how the sausage is made (mmmm sausage), read on! […]

Read the full article →

Azure HDInsight Adds Deeper Tooling Experience in Visual Studio

November 23, 2014

To allow developers in Visual Studio to more easily incorporate the benefits of “big data” with their custom applications, Microsoft is adding a deeper tooling experience for HDInsight in Visual Studio in the most recent version of the Azure SDK. This extension to Visual Studio helps developers to visualize their Hadoop clusters, tables and associated […]

Read the full article →