Author Archives: msandbu
Now that Citrix released their Netscaler appliance on Azure we have a huge option to do load balancing within the Azure platform. It is also important to think about the other options we have in Azure to do load balancing outside of Netscaler.
Traffic Manager is one of the first options which acts kinda like GSLB which is a DNS based load balancing feature. Which allow us to load balance between endpoints on a cloud service
These services can be spread across different regions. This can either be load balanced based upon performance, round robin or failover.
Problem with DNS based load balancing is that is never gets a full overview of how the traffic is balanced since it basically just spreads the DNS responses. + at Traffic Manager has limited monitoring capabilities since it can only see on HTTP or HTTPS protocol.
We also now have support for nested profiles within Traffic Manager — http://azure.microsoft.com/blog/2014/10/29/new-azure-traffic-manager-nested-profiles/
Now on the other side we have load balancing endpoints on Cloud Services.
When setting up Cloud Services Load balancing we have more option depending on load balancing distribution, ref https://msdn.microsoft.com/library/azure/dn495300
We can have persistency based upon sourceIP or destionationIP for instance, and that we have more monitoring endbpoint based options. This is a more L4 based load balancing approach, which is also a free option to in Azure.
While Netscaler is a complete L4 – L7 load balancing platform which can be used to load balanced based upon many different parameters. Now you can also combine the Netscaler appliance with a HA setup to get the best from both worlds. With also giving you a active/active Netscaler setup within a cloud service http://support.citrix.com/proddocs/topic/netscaler-vpx-10-5/vpx-azure-ha-config-con.html
So when do use the different services ?
If you have a simple web-service which does not require a advanced monitor capabilities and are setup on many different cloud services, use Traffic Manager
If you have a service which are setup within a cloud service which you need to setup a simple load balancing capability on while having low cost, use Load Balanced Endpoints
If you have a service which requires a more advanced service monitoring capabilities and special demand to distribute traffic use Netscaler within a Cloud Serivce.
So for the few observant IT-pros, there has been a large fuzz around Azure and the new Azure Resource Manager, which is a new way to manage resources in Azure. In essence in a new architectutal design from Microsoft on how to manage IaaS resources.
Now to think about resource manager, it is a simple thing to think about different components that create a service which we want to deliver.
For instance if we want to deliver a e-commerce webshop using Azure, we would have multiple components like a DB-tier, Web-tier and maybe an application-tier. So instead of creating these components within a cloud service, we would create them inside a resource group in Azure.
Now Microsoft announced during Build a huge list of different templates that can get us started with ARM. These templates contain different JSON files that describe how a resource should be setup. This is essentially the version 2 of IaaS resources in Azure, instead of being managed within a cloud services we instead have all the different resources which are attached together without thinking about the cloud services, which has always been there because of the early days of PaaS.
You can find the different JSON templates here — https://github.com/Azure/azure-quickstart-templates
Which has a template for most of the different services included in Azure. Now we can also deploy resources directly from the GitHub repository, but this blog post will focus on using Visual Studio. (The templates will be able to be used directly in the management portal and you can just enter the paramteres as needed. )
This makes it easy to create a custom template for a deployment and reuse it for other customers for instance. You can also attach script which need to be run on a virtual machine instnances that are created after provisioning.
Now you can download the templates from Microsoft either using the GitHub client for versioning or you can download using a Zip option site. Using GitHub option allows to always have the templates in sync, if there are changes and so on.
Now in order to use Visual Studio and be able to use it with Resource manager you need a supported version of VS (2012, 2013 or 2015 RC, ill be using RC 2015) and you also need a copy of the latest Azure SDK which can be found here http://azure.microsoft.com/blog/2015/04/29/announcing-the-azure-sdk-2-6-for-net/
Now after you have installed both you should have a new option when creating a new project
If this is not appearing, it might be that you need to repair the installtion of the Azure SDK. Now after you create a new project you will have the option to choose from different templates that is provided with the SDK
But i’m going to choose a blank template and add some resources and then use some of the different templates that Microsoft has created.
Now the project will be created with some files. You have the deploy azureresourcegroup powershell script which is used to actually create and deploy a resourcegroup using the templates files. Azcopy is used within the script to upload the template to a storage container.
Now by default the template is of course empty, so we need to add some resources to it.
Now this also gives a list of resources that can be added to the template.
So these templates also verify what prerequisites are needed to the tempalte
We can now also see that when we added a storage account, virtual network and a virtual machine a bunch of paramteres are added to the JSON template
If we drill into some of the paramteres we can see what kind of values are allowed. For instance on StorageAccountType
We can see that the default value for the Storage Account is Locally redundant in the template, we can change the value if we want to. These we need to chage before deploying it. For instance also VM username and password are not set and we need to define those values before deploying it or else the deployment will fail.,
Then we also have some variables that we can alter, for instance vNet subnet prefix and IP prenix.
After we are done adding our components and defining our variables and paramteres to the project we can deploy it by right clicking on the resource group in the solution explorer and choosing new deployment
Then choose a Microsoft Azure account and a valid subscription
And then choose Deploy, make sure to follow on the output window in Visual Studio to make sure that you dont get any error messages. Because it will validate the paramteres that are inserted to see if they comply or if you hare missing any information.
NOTE: you will also get this dialog box if there are some paramters that are not entered
Now after we have deployed the resource group template we can verify that it is there by going into the Azure Portal and looking into the resource group
Now that the resource group is there, if we need to do any updates like for instance change a virtual machine instance size we can just update the project and re-deplopy it, it will then update the virtual machine.
But note that this is still under preview and should not be used in production stuff in Azure quite yet, and using templates from GitHub for some reason the JSON outline view does not appear.
So this week, Citrix finally launched Netscaler on Azure. The reason why they couldnt do this before well there has been alot of limitations on Azure and there still are so therefore the appliance itself is also a bit limited, but ill get to that.
So whats important to know about Netscaler on Azure, is that
- Its bring your own license
- Runs as a A2 Linux instance (Which costs about 44$ a month) by default, this can be changed.
- Runs in single IP mode (meaning that VIP – SNIP and NSIP run using the same IP
- Bandwidth is also an extra cost on Azure (Meaning traffic that is going out of Microsofts datacentres)
- Since it runs a single IP mode you do not need to enter a SNIP address (even thou the welcome configuration wizard will bug you about it)
- Runs a custom firmware build Build 51.1048.e, and you we cannot upgrade it.
- Adding a Azure DNS server should be done using TCP not UDP’’
- IP is given using the DHCP service of Azure
- Use the Static IP address feature in Azure to avoid changing IP address in case of reboots and so on.
- There are some features which are not supported
Gratuitous ARP (GARP)
Virtual MAC (VMAC)
Note that we can also use multiple NICs within Azure, this allows to have multiple NICs on a Netscaler intance, but Citrix does not recommend using this feature, and therefore the regular Netscaler VPX in Azure has 1 NIC.
VPX 10, 200 and 1000 is supported in Azure. If you need to have the VPX 1000 you need to scale up the virtual machine in order to support the amount of bandwidth. Since a medium machine A2 instance only supports up to 200 mbps of bandwidth
So now that we know some about how do we set it up ? The easiest way is by using the Marketplace feature in Azure (This requires an active subscription, but can also be setup if you have for instance an MSDN partner sub)
Just search for Citrix and you can find it there.
Now you need to enter a password (or public key) for SSH for the nsroot user. Make sure that by default it is a A2 istance, which I mentioned has limits for bandwidth.
Now we nee to alter some networking configurations as well, before we can create the VPX. By default IP is set by DHCP in Azure, but this can changed to static by using the new portal
And we have two options, one for VIP (Which is the external public IP address) and the Private IP internal address. You should change them both (VIP to Reserved) and Private range to static to be sure that the IP is static on the VPX in case of reboot and such.
Also be sure to add other endspoints if you for instance want to manage the VPX using HTTP/HTTPS, by default only SSH is added as an endpoint
After the provisioning is done you can now access the VPX using the public DNS address.
Important to remember when setting up public services that you cannot use the following ports for external services
The following ports are reserved by the NetScaler virtual machine. You cannot define these as private ports when using the cloud service IP address for requests from the Internet.
Ports 21, 22, 80, 443, 8080, 67, 161, 179, 500, 520, 3003, 3008, 3009, 3010, 3011, 4001, 5061, 9000, 7000.
Earlier this week, Microsoft released a preview of the DNS services (Finally!) Which allow us to manage DNS zones from within Azure. Which is something that their competition Amazon has had for quite some time. Now since this in preview it is only able to manage it from PowerShell. After speaking with the PM for the product, I also heard that some of the capabilities that will come is
- Integration with Traffic Manager (Think of the GSLB capabilities!)
- DNSSEC support
- Management via the Azure portal
- Merge with the Office365 capabilities as well (Since you can add your own domain there)
Now everyone can sign up for the preview via http://azure.microsoft.com/en-us/services/dns/
Important to remember that using this service means that the Azure Nameservers become authoritative for your domain. But before we do that we need to register our domain at a registrar first and then delegate the NS to Azure (ill show you how to do that later.
Now to get started, in order to be able to try out Azure DNS you need to be using the resourcemanager cmdlets.
Switch-AzureMode -Name AzureResourceManager
Now we have done this we have access to the DNS cmdlets. The DNS service requires a resource group first so we need to create one. Use the
New-AzureResourceGroup –Name Something –location “Somewhere” might be “west us” for instance.
Then we have to add the network provider by running the command Register-AzureProvider –ProviderNameSpace Microsoft.Network
Next we add the DNS provider to the cmdlets. Register-AzureProviderFeature –ProviderNamespace Microsoft.Network –FeatureName azurednspreview
Now that we have registrered we can create a DNS zone within the resource group.
By running the commands New-AzureDNSZone –name nameofdomain.com –ResourceGroupName something
If we now get information about the Zone we can also get the nameserver information we need to be able to move the NS at our registrar. By default when creating a zone it does as always create a SOA and NS record. So when we need to add a record to the zone.
Get-AzureDNSRecorSet –ZoneName domainname –Name www –RecordType A –resourcegroup myazureresourcegroup Add-AzureDNSRecordConfig –Ipv4Address “184.108.40.206” | Set-AzureDNSRecordSet
I can now see that my A record is added to my domain zone
Now since I havent moved my DNS zone I can only verify this by doing a nslookup directly to the Azure DNS servers. And we are good to go!
So this is my recap on what has happend at Ignite, sorted by subject of course but the focus and strategy at Microsoft is clear! “MOVE TO OUR CLOUD” of course they did not leave out the guys on the floor as well.
Microsoft announced numerous changes to their Azure platform, including more of an architechtural change to their IaaS platform (Which is due time) so to sum up Azure changes happening over the last two weeks.
- User defined routes (Which allow us finally define a routing table for each subnet)
- Reserved IP addresses (Allow us to move reserved IP addresses between services now!)
- Instance level public IP
- Multiple VIPs per Cloud Service
- Azure DNS (Which allows us to manage our DNS zones from Azure, whic also will eventually support DNSSEC and integrate with Traffic Manager)
- Networking support for resource manager
- Bring in BGP routes if you are using ExpressRoute
- 16 vNICs pr virtual machine
- Azure Automation with support for Graphical Authoring and integration with on-premises
- Azure Resource Manager which will allos us to build total services based upon JSON files, this will also play a huge role in Azure Stack
- IP forwarding on virtual appliances
- Announced a bunch of different virtual appliance partners which will arrive in the marketplace soon (For instance Citrix Netscaler, CheckPoint and so on)
- Role Based Access
- Exchange supported on Premium Storage in Azure
So as you can see there is much on Azure happening, specifically on networking which has been lacking for quite some time. So what about Office365 and EMS?
- Sway (Will be available to all later this month)
- New Office2016 Public Preview
- Skype for Buisness Broadcast meetings
- Announced one Sync client for OneDrive
- Mobile offline files IOS and Android OneDrive
- Save to OneDrive from OWA
- 20,000 file limit and 10GB max file site will be gone
- You can see more about the OneDrive Roadmap here http://www.zdnet.com/article/microsoft-fills-in-onedrive-roadmap-dates-details/)
- Intune announced support for Mac OSX
- Intune app wrapping for Android
- Support for Apple Volume Purchage Program
- Support for MAM in Outlook app
- Restrict Access to Outlook based upon compliance of device
- Windows 10 support for Intune
- Document Tracking with Azure RMS
- Cloud App Discovery GA
- Priviliged Identity Managment
- Also heard that eventually Intune will merge into Azure Active Directory
Other then these news Microsoft also announced a new bundle which is called OMS (Operations Management Suite) which consists of
- Azure Automation
- Azure Backup
- Azure Site Recovery
- Azure Operational Insights ( Which will later get support for components like networking logging, syslog tracking and CMDB options.
This suite can be tried now! Microsoft also announced that they will be opening for partners to add their own intelligence packs for their own monitoring solutions. Which means that more data moving to the cloud.
So what did Microsoft annonunce for the guys on the floor ? Well alot! For instance a lot of new capabiliteis in Server 2016.
- Microsoft Advanced Threat Analytics (Which is currently in preview is a combination of networking and log based monitoring to be able to detect attacks like Pass the Hash, accounts that have been comprimised and so on) This will become more advanced with capabilities like networking monitoring and be able to take action if there is an attack.
- PowerShell DSC support for Linux (Which just came out of nowhere!)
- Nano Server (Which is a newly created fashin of Windows Server, which is designed for delivering the next generation cloud services with a very low footprint in terms of RAM, DISK and CPU where Microsoft stripped most of the tradisional solutions away. ill be writing more about Nano Server but it essence it now looks more like ESX.
- Containers, Containers, Containers! (Also something I will be writing more about)
- Storage Spaced Direct (Shared Nothing File Cluster can also be combined with Hyper-V to deliver HCI)
- Storage Replica which is not like DFS-R.. Which allow us to Async or Syncronous replicate any volume.
- Storage QoS on a scale out file server
- Windows Defender not installed and enabled by default (even i Nano)
- Rolling Cluster Upgrades
- RDS support for OpenGL 4.4, OpenCL 1.1 + Support for GEN2 VMs and RemoteFX,
- Web Application Proxy, preauth for HTTP Basic, HTTP to HTTPS redirect
- Windows Server 2016 will support VXLAN
- Software loadbalancing capabilities
- Production Checkpoints and integration with VSS
- Linux SecureBoot
- Connected Standby
- Hyper-V manager and alternate Credetials
- ReFS more used in centralized SOFS
- Binary virtual machine configuration VMCX
- Hot Add and remove of memory and network adapters
- SMB 3.1.1 (Pre authentication integrity check, encryption improvements,
- The Network Controller which will allow central management of virtual and physical network devices
- Shielded VMs and Host Guardian Service
- JEA (Just Enough Administration
- Converged NIC across tenant and RDMA traffic
- Server Side Support for HTTP/2 including header compression and connecrtion multiplexing on IIS
- Online Resizing support for Shared VDHX
- PowerShell Direct to a virtual machine.
Now with all these capabilities in place in the fabric, there is only missing one thing. Which is something they announced in the Keynote which is Azure Stack, now Microsoft means buisness. They are moving in and competing with the likes of OpenStack and Cloudplatform and so on. Now many wondered if this was the new version of Azure Pack ( and it its! its the evolution of Azure Pack) Microsoft will continue to support Azure Pack for a while but the main development will be into Azure Stack. Now unlike Azure Pack, Stack is not so deeply dependant on System Center. Now of course you would still use this to manage the infrastructure, but the fabric connection between Azure Stack Providers would be against Hyper-V or clusters.
The Azure Stack will consist of an Azure like fabric controller and will also have the option to communicate with the network controller to manage the fysical and virtual network layer. Stack will also look and feel like the new portal which is currently in use in the preview portal and will come with a set of different provides to deliver specific services.
With the support of VXLAN in the fabric and some support for Vmware with DPM maybe Microsoft is moving with the Azure Stack and support for Vmware ?
Time will tell, and stay tuned for more.
even thou the Wireless Isnt completely reliable I will try to maintain the flow as much as I canm, even thou it might get published later. (I will have to be honest the Wifi is horrible) they havent planned properly, (Cisco based)…
The keynote hall opened around 8 AM, and on the stage Microsoft even had a in-house DJ playing @joeysnow
Now the keynote starts at 9AM, wiere there is expected alot of new stuff to be released. Some of the news will just be recap on what happend at @MSbuild and also just some stuff around.
Just got confirmed that there are 23.000 atendees present at MSIgnite and they are live streaming all of the sessions live! (The keynote hall has 15.000 seats)
First announcement from Satya:
Windows Update for Business. Whch he didnt say so much about. (Technet blog on it here — http://t.co/daQ6lLBng4 )
Office2016 new public preview http://blogs.office.com/2015/05/04/office-2016-public-preview-now-available/
Skyoe for Buisness broadcasting
Office Delve Organizational analytics.
Windows Server and System Center 2016 https://technet.microsoft.com/en-us/subscriptions/downloads/?FileId=63651&utm_source=dlvr.it&utm_medium=twitter
Whats new in System Center Configuration Manager https://technet.microsoft.com/library/dn965439.aspx on-prem MDM YAY!
SQL Server 2016 (Preview later today), with streach it to Azure) http://blogs.technet.com/b/dataplatforminsider/archive/2015/05/04/sql-server-2016-public-preview-coming-this-summer.aspx
Azure Stack (A new release of Azure Pack) http://blogs.technet.com/b/server-cloud/archive/2015/05/04/microsoft-brings-azure-to-the-datacenter-for-the-next-generation-of-hybrid-cloud.aspx Public Preview coming this summer.
Operations Management Suite (One consitent IT control plane, in the same lines of Azure EMS) http://www.microsoft.com/en-us/server-cloud/operations-management-suite/default.aspx?WT.mc_id=Blog_ServerCloud_Announce_TTD
Advanced Threat Analytics (Microsoft entering the security field again, Which is going to integrated within AD to see authentication logs. (Guessing its going to be like Audit Collector Service in System Center) more info about the EMS part here — http://blogs.technet.com/b/enterprisemobility/archive/2015/05/04/ignite-microsofts-next-chapter-in-enterprise-mobility.aspx
Windows 10 and Device Guard which is a more and better integrated AppLocker.
Outlook MAM enabled, and Skype for buisness enabled MAM is coming in Q3
Data leackage in Windows 10 with integrated file encryption.
Document traching site for Azure RMS. Which gives us the ability to see who has opened specific documents.
Azure AD leaked credential rolling out over the next couple of weeks. With also the om-premise which I will be trying out later today.
Microsoft also announced Azure DNS http://azure.microsoft.com/en-in/services/dns/
So alot of stuff that was announced today looking forward to trying it out.
The big day is here, which I know many have been waiting for. Since the release of Vmware ESX 6 many have been waiting for an update for Veeam to be able to upgrade to ESX 6.
The update is now available and can be uploaded here –> http://www.veeam.com/blog/veeam-availability-suite-update-2-vsphere-6-support-endpoint-and-more.html
Now this patch also includes integration with Endpoint Backup and support for a bunch of the ESX 6 features such as
- Support for VMware Virtual Volumes (VVols) and VMware Virtual SAN 2.0
- Storage Policy-Based Management (SPBM) policy backup and restore
- Backup and replication of Fault Tolerant (FT) VMs
- vSphere 6 tags integration
- Cross-vCenter vMotion awareness
- Quick Migration to VVols
- Hot-Add transport mode of SATA virtual disks
And now we can monitor VVOL with Veeam one as well, I have more news about Veeam coming in the horizon stay tuned!
So recently I just purchased the Razer Seiren for my home enviroment, going to be used for elearning purposes. But one problem was that it was not working on the Windows 10 tech preview. If I looked into device manager I saw that it was an unknown device.
Razer synapse didnt even try to install the device. But you can see the device drivers under the folder C:\Program Files (x86)\Razer from there you can install the drivers from the 8.1 folder.
Veeam Endpoint backup free, which allows for backup of physical computer and physical servers which I have blogged about earlier https://msandbu.wordpress.com/2015/03/06/veeam-endpoint-backup-and-integration-with-veeam-br/
Has now become generally available from Veeam!
This can also be integrated with existing Veeam repositories which enabled us to do physical backup from Endpoint backup to a Veeam infrastructure!
This post, is based upon a session I had for a partner in Norway. How can we use Netscaler to optimize web content?
Let’s face it, the trends are chaging
* Users are becoming less patient (meaging that they demand that applications/services respond quicker. (more then 40% of users drop out if the website takes mroe then 5 – 10 seconds to load) think about how that can affect a WebShop or eCommerce site ?
* More and more mobile traffic (Mobile phones, ipads, laptops. Communicating using 3G/4G or WLAN for that matter) and to that we can add that there is more data being sent across the network as well. Site web applications become more and more complex, with more code and more components as well.
* More demands to availability (Users are demaing that services are available at almost every hour. If we think about it about 5 – 10 years ago, if something was down for about 10 min we didn’t think that much about it, but now ?
* More demands to have secure communication. It wasn’t that long ago that Facebook and Google switched to SSL as default when using their services. With more and more hacking attempts happening online it requires a certain amount of security.
So what can Netscaler do in this equation ?
* Optimizing content with Front-end optimization, Caching and Compression
With the latest 10.5 release, Citrix has made a good jump into web content optimization. With features like lazy loading of images, HTML comment removal, minify JS and inline CSS. And adding it that after content is being optimized the content can be compressed using gZIP or DEFLATE and sent across the wire (NOTE: that most web servers like Apache and IIS support GZIP and Deflate but it is much more efficient to do this on a dedicated ADC)
And with using Caching to store often accessed data it makes the Netscaler a good web optimization platform.
* Optimizing based upon endpoints.
With the current trend and more users connecting using mobile devices which are using the internett with a wireless conenction. If needs a better way to communicate as well. A god example here is TCP congeston. On a wireless you have a higher amount of packet loss and this requires using for instance TCP Congestion Westwood which is much better suites on wireless connections. Also using features like MTCP (on supported devices) allows for higher troughput as well. And that we can place different TCP settings on different services makes it much more agile.
* High availability
Using features like load balancing and GSLB allows us to deliver a high availabilty and scale solution. And using features like AppQOE to allows us to prioritize traffic in a eCommerce setting might be a valuable asset. Think the scenario if we have a web shop, where most of our buying customers come from a regular PC while most mobile users that are connecting are mostly checking the latest offers. If we ever where to reach our peak in traffic it is useful to prioritize traffic based upon endpoint connecting.
* Secure content
With Netscaler it allows us to create specific SSL profile which we can attack to different services. For instance older applications which are used by everyone might not have the high requirement regarding security, but on the other hand PCI-DSS requires a high level of security. Add to the mix that we can handle many common DDoS attacks on TCP level and on HTTP. We can also use Application firewall which handles many application based attacks, when an own learning feature it can block users which are not following the common user pattern on a website. And that we can specify common URLs which users are not allowed to access.
So to summerize, the Netscaler can be a good component to optimizing and securing traffic, with a lot of exiting stuff happening in the next year! stay tuned.