Azure IaaS Operations Guidance aka.ms/Azure/IaaSOpsGuide


BOOKMARK THIS!  aka.ms/Azure/IaaSOpsGuide

This is a collection of Azure Infrastructure installation and operational guidance resources I provide to my customers.  By keeping these links up to date with each engagement, all of my customers may benefit.  Hopefully you can too!  The latest Azure updates will always be at Azure service updates.  Make it part of your operational procedure to review that monthly, if not weekly!  In 2015, there were over 500 updates. Wow!

The goal of this guide to highlight core installation and operational procedures for an Azure IaaS deployment which predominantly will consist of Compute, Network and Storage resources.  This article Azure Infrastructure Services Implementation Guidelines, gives a pretty good run down of what needs to be created and in what order. The resources I will keep updated below pretty much follow most of those resources in the last link. But for now, there is a very important piece of that puzzle missing.  For the newer Azure Resource Manager (ARM) model of deployment, we need to plan, design and create Azure Resource Groups. Once we have Resource Groups, we can delegate administration with Role Based Access Control (RBAC).

Besides all this, if you just need to ramp up and learn more on Azure, go to the Azure Learning Paths page.  Check it out and learn something new! I also have my Azure Certification resources (Slides and Videos) from MS Ignite 2015, to get you certified and ready to go!

Azure Active Directory

Overviews

AzureAD a leader in the 2016 Gartner IDaaS MQ!

Cloud Architecture

There is quite a bit of guidance out there to help architect your cloud identity strategy.  Azure Active Directory provides the core Identity Management as a Service platform for all of the possbile hybrid and cloud scenarios. Here are some great resources to read up on.

Authentication & Authorization

Azure AD Operational Guidance

In the original Azure Portal, http://manage.windowsazure.com, the primary control of overall administration was at the subscription level. Now, in the new Azure Resource Manager (ARM) mode, there are fewer justifications for multiple subscriptions as there were before in the Azure Service Management (ASM) model e.g. administration only at the top level.  Now in ARM, you can control administration at the subscription level, Resource Groups, and at the Azure Resources contained within. For more on those differences, see Understanding Resource Manager deployment and classic deployment. You can only create Azure Resources to leverage ARM deployments and RBAC by using http://portal.azure.com.  So stop using that old portal; unless you just have to.  For more on that, read Azure portal availability chart.

Subscription

Before you can do anything, you not only need an Azure subscription, but you also need to know how many, if more than one, and what the limits are. Simpler is always the best. In the ARM deployment model now, things like separation of billing and delegation of administration no longer require separate subscriptions.  Billing can be even more with tagging and RBAC gives even more flexibility to control administration across your portal.

Azure Resource Manager (ARM) and Role Based Access Control (RBAC)

This content can now be found at http://aka.ms/Azure/ARM.

Network

Creating your virtual networks and subnets is very high on the priority list of things to do after the subscription and resource groups are created. One quick tip to note is that in traditional networking addressing, we take away 2 addresses (n-2) for all 1's and all 0's, when calculating hosts from networks.  In Azure, it gets a little hungry, using 3 additional addresses.  So remember this safety tip....figure (n-5) when you do your host calculations.  For an example, if you needed 30 hosts, on-premises, you would figure a /27 network would work, right? Don't believe me, just ask Cisco 🙂 But in Azure, you would fall short as a /27 network would actually result in only 27 hosts per network. So I warned you! Also, if you make you VNet networks too small, if will haunt you, as it currently is not so easy to remove the VMs and recreate VNets, so plan them very, very carefully.  Been there, done that.  You don't want to go there.

Overviews

  1. Microsoft Cloud Networking for Enterprise Architects - This is a great soup to nuts overview!
  2. Microsoft Cloud Services and Network Security - Read these top two docs, and you will see all the components to consider 
  1. Virtual Network Overview
  2. Network Resource Provider
  3. IP Addresses in Azure Virtual Network
  4. About secure cross-premises connectivity for virtual networks
  5. User Defined Routes and IP Forwarding
  6. What is Azure load balancer?
  7. What is a Network Security Group (NSG)?

Operational Guidance

Storage

Find ALL Storage Documentation e.g. Get Started, Designing, etc..

Managing Storage

Operational Guidance

Compute

Overviews

Operational Guidance

 

Below are some additional topics related to various deployments.  These also provide other examples of deploying things like Windows Server Active Directory and SQL Always on clusters in an Azure Subscription.  What will you put in your subscription?

Windows Active Directory Servers in IaaS

Many organizations now are moving their Domain Controllers into Azure as VMs in IaaS.  Here are some links to help out!

If you want to have replica Domain Controllers in the cloud for on-premises domain controllers...

 

Monitoring

PATTERNS AND PRACTICES: Monitoring and diagnostics guidance

View All Subscription events and audit logs

Monitor Azure service metrics

Enable monitoring and diagnostics

Track Azure Services Health

Receive Alert Notifications on Azure Services

Security health monitoring in Azure Security Center

Monitor Web Apps in Azure App Service

Monitor dependencies, exceptions and execution times in Java web apps

How to monitor Azure Redis Cache

Troubleshooting resource group deployments in Azure

Audit operations with Resource Manager

Azure Active Directory Reporting Guide

Monitor your on-premises identity infrastructure and synchronization services in the cloud

VIDEO: Azure AD Connect Health: Monitor your Hybrid Identity Infrastructure

Monitor and Troubleshoot Replication Health and Troubleshooting for ASR

Networking

Azure Networking Log Converter - to csv to anlayze with PowerBI

Log Analytics for NSGs

Log analytics for Azure Load Balancer (Preview)

Test Traffic Manager Settings

Performance Considerations for Traffic Manager

Storage

Monitor, diagnose, and troubleshoot Microsoft Azure Storage

Monitor a Storage Account in Azure

Enable Storage Metrics and Viewing metrics data

End-to-End Troubleshooting using Azure Storage Metrics and Logging, AzCopy, and Message Analyzer

Compute

How to monitor Cloud Services

Manage and monitor Azure virtual machine backups

Use the Linux Diagnostic Extension to monitor the performance and diagnostic data of a Linux VM

Security

Auditing

Comments (0)

Skip to main content