When I add an endpoint to Traffic Manager only websites and cloud services are available to choose. Can I combine API Management services with Traffic Manager?
Yes, external endpoints can be added to an Azure Traffic Manager profile, beyond Azure Websites and Azure Cloud Services. You will need to use the Azure PowerShell module to set the custom endpoints.
Install the Azure PowerShell module: https://github.com/azure/azure-powershell/releases
Run the script below (replace $Username variable with your own account name)
https://azure.microsoft.com/en-us/documentation/articles/traffic-manager-overview/
### Authenticate to Azure from PowerShell
$Username = 'posh#trevorsullivan.net';
$AzureCredential = Get-Credential -Credential $Username;
Add-AzureAccount -Credential $AzureCredential;
### Select the appropriate Azure subscription, if you have multiple
Select-AzureSubscription -SubscriptionName 'Visual Studio Ultimate with MSDN';
### Retrieve the Traffic Manager profile (if already created)
$TrafficManagerProfile = Get-AzureTrafficManagerProfile -Name trevor;
### Add custom endpoints to the Traffic Manager Profile
Add-AzureTrafficManagerEndpoint -TrafficManagerProfile $TrafficManagerProfile -DomainName www.microsoft.com -Type Any -Status Enabled;
Add-AzureTrafficManagerEndpoint -TrafficManagerProfile $TrafficManagerProfile -DomainName trevorsullivan.net -Type Any -Status Enabled;
### Commit the changes to your Azure Traffic Manager Profile
Set-AzureTrafficManagerProfile -TrafficManagerProfile $TrafficManagerProfile;
It doesn't quite match the code above, but here's a screenshot of what my Traffic Manger profile named "Trevor" looks like, along with its two endpoints.
Related
We’re creating a VMSS and we use a custom DNS with extending AD from on-premises, but we are not sure how to register the VMs as the scale set scales out, in azure DNS we can create a private zone and use auto registration but not with our custom DNS.
• Considering that you have registered your custom DNS in Azure successfully, and now you want to replicate your on-premises infrastructure in Azure given the options of continuous availability and scalability, you are deploying VMSS (Virtual Machine Scale Set) for that purpose. Thus, to service your applications deployed on them and better security, I would suggest you deploy AADDS (Azure Active Directory Domain Services) in your tenant in Azure and synchronize the domain data from on-premises to the AADDS by extending it in here.
Hence, once the ADDS service and its roles are setup successfully using the custom DNS that you have setup in Azure, you should be able to Azure AD domain join the VMSS deployed. Thus, after domain joining the VMSS, its DNS records will be automatically managed by the AADDS role internally in your Azure AD tenant.
To enable domain joining for the VMSS successfully, you will have to add an extension like a normal VM through powershell as below. You will have to replace the ‘user, domain, ou path and password’ and it should work fine: -
$Settings = #{
"Name" = "yourdomain.onmicrosoft.com";
"User" = "DOMAIN\USERNAME";
"Restart" = "true";
"Options" = 3;
"OUPath" = "OU=TEST,OU=My Computers,DC=yourdomain,DC=onmicrosoft,DC=com"
}
$password = 'SomeReallyComplexPassword'
$ProtectedSettings = #{
"Password" = $password
}
$rgName = "yourgname"
$scaleSetName = "yourvmssname"
$vmss = Get-AzureRmVmss -ResourceGroupName $rgName -VMScaleSetName $scaleSetName
$vmss = Add-AzureRmVmssExtension -VirtualMachineScaleSet $vmss -Publisher "Microsoft.Compute" -Type "JsonADDomainExtension" -TypeHandlerVersion 1.3 -Name "vmssjoindomain" -Setting $Settings -ProtectedSetting $ProtectedSettings -AutoUpgradeMinorVersion $true
Update-AzureRmVmss -ResourceGroupName $rgName -Verbose -Name $scaleSetName -VirtualMachineScaleSet $vmss
After adding this extension, any existing servers deployed in the VMSS will have to upgrade their model to use this extension while the new ones will use it when they are deployed with it. You will need to execute the below powershell command to ensure that further extensions can be added to the VMSS: -
az vmss update-instances --resource-group yourrgname --name yourvmssname --instance-ids *
Thus, in this way, you can ensure that your VMs in the VMSS get registered with the custom DNS that you have setup in your Azure tenant.
I am trying to put some auto start policy on my VM on Azure.
So, I used automation account and power shell script to do this from this link: https://adamtheautomator.com/azure-vm-schedule/
But on testing it give me error of Run Login-AzureRmAccount to login
Please suggest how to fix this?
## Get the Azure Automation Acount Information
$azConn = Get-AutomationConnection -Name 'AzureRunAsConnection'
## Add the automation account context to the session
Add-AzureRMAccount -ServicePrincipal -Tenant $azConn.TenantID -ApplicationId $azConn.ApplicationId -CertificateThumbprint $azConn.CertificateThumbprint
## Get the Azure VMs with tags matching the value '10am'
$azVMs = Get-AzureRMVM | Where-Object {$_.Tags.StartTime -eq '10am'}
## Start VMs
$azVMS | Start-AzureRMVM
Regards
ESNGSRJ
This can happen when the Run As account isn't configured appropriately. You will need to create one to provide authentication for managing resources on the Azure Resource Manager using Automation runbooks.
When you create a Run As account, it performs the following tasks:
Creates an Azure AD application with a self-signed certificate, creates a service principal account for the application in Azure AD, and assigns the Contributor role for the account in your current subscription.
Creates an Automation certificate asset named AzureRunAsCertificate in the specified Automation account.
Creates an Automation connection asset named AzureRunAsConnection in the specified Automation account.
Please note the following requirements from the referenced link:
You must have an Azure Automation Account with an Azure Run As account already prepared. If you don’t have this yet, learn how to create one when you go to Create a new Automation account in the Azure portal.
The Azure PowerShell module must be installed. If you don’t have this yet, please go to the Install the Azure PowerShell module page for more information.
Note: You can configure your Runbook to use managed identities as well and it has added benefits as compared to using Run As accounts. You can get started with this tutorial to use managed identity.
I need your help.
I have an azure analysis service that I want to start and pause at different times of the day.
I want to use Powershell to execute a script to do this task.
Do you know how I can do it?
Thank you for your help
Here are the steps to start and pause Azure Analysis services with on premise powershell:
Step1: Import Az.AnalysisServices module
To create a server in your subscription, you use the Az.AnalysisServices module. Load the Az.AnalysisServices module into your PowerShell session.
Import-Module Az.AnalysisServices
Step2: Sign in to Azure
Sign in to your Azure subscription by using the Connect-AzAccount command. Follow the on-screen directions.
Connect-AzAccount
Step3: [Only run if you have multiple Azure Subscription].
The Set-AzContext cmdlet sets authentication information for cmdlets that you run in the current session. The context includes tenant, subscription, and environment information.
Set-AzContext -SubscriptionId "xxxx-xxxx-xxxx-xxxx"
Step4: Gets the details of an Analysis Services server.
The Get-AzAnalysisServicesServer cmdlet gets the details of an Analysis Services server.
Get-AzAnalysisServicesServer -ResourceGroupName "ResourceGroup03" -Name "testserver"
To start Azure Analysis services, use Resume-AzAnalysisServicesServer
The Resume-AzAnalysisServicesServer cmdlet resumes an instance of Analysis Services server
Resume-AzAnalysisServicesServer -Name "testserver" -ResourceGroupName "testgroup"
To stop Azure Analysis services, use Suspend-AzAnalysisServicesServer
The Suspend-AzAnalysisServicesServer cmdlet suspends an instance of Analysis Services server
Suspend-AzAnalysisServicesServer -Name "testserver" -ResourceGroupName "testgroup"
Reference: Azure Analysis services – Azure PowerShell cmdlets
Now using Azure Automation, you can schedule start & stop of Azure Analysis Services as per required time in a day.
I have this Azure Powershell script, which successfully backs up a SQL Azure DB to Azure Blob.
In its current form, it requires me to log in via AD.
I now need to implement this script to execute via a Azure Function at specific intervals.
The first snippet of the script:
$subscriptionId = "YOUR AZURE SUBSCRIPTION ID"
Login-AzureRmAccount
Set-AzureRmContext -SubscriptionId $subscriptionId
I thus need to not use Login-AzureRmAccount, but replace it with a method that does not require human input.
I have found this link:
https://cmatskas.com/automate-login-for-azure-powershell-scripts/
In short, the author:
Creates an Azure AD Application (with its own password)
Creates a Service Principal
Assigns Permissions to the Service Principal
This is a once-off manual creation - which is perfect.
The author then logs in to this newly created application
$psCred = New-Object System.Management.Automation.PSCredential($azureAccountName, $azurePassword)
Add-AzureRmAccount -Credential $psCred -TenantId e801a3ad-3690-4aa0-a142-1d77cb360b07 -ServicePrincipal
My questions:
Is this what I should do to be able to automate my application and prevent human login?
This Azure AD app created in step 1 - can I use this app as a starting point in my of my Azure functions?
Yes, you can use that route, or use certificate auth, or use an Azure AD user, it can login with user\password, but is considered less secure than service principal.
Yes, you can use one service principal for any number of Azure Functions you would like to.
To use Azure PowerShell in Azure Functions, you may refer to the following response in another SO thread. The example is an HTTP-Trigger, but you can modify it to use a Timer-Trigger for your use-case. Here's the link:
Azure Function role like permissions to Stop Azure Virtual Machines
Run PowerShell as Administrator, you need to install AzureRM in PowerShell,
Login to Azure
Login-AzureRmAccount
Enter your Azure credentials
To get your subscription(s) details
enter
Get-AzureRmSubscription
Use the subscription id to select the subscription.
Select-AzureRmSubscription -SubscriptionId xxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx
Save the AzureProfile using the below command
Save-AzureRmProfile -Path "C:\AzureScripts\profile.json"
The json file can be used to login to Azure
Select-AzureRmProfile -Path "C:\AzureScripts\profile.json"
Put this line on top of you .ps1 file, you does not require human input.
Ref : http://www.smartcoding.in/blog/auto-login-azure-power-shell
I understand that there is way to enable Antimalware for Azure VM like below:
But I don't see such option when creating a Cloud Service.
There is a worker role running on Azure Cloud Service. The organization has a security rule of having Antimalware on the machines.
Does a Cloud Service by default contain antimalware?
I Wish Microsoft were better at documenting their stuff. It seems that AntiMalware extension is also avialable for Cloud Services, not only Virtual Machines. But this can only be understood from the PowerShell reference here. And another resource entirely for Extensions on Cloud Services.
A valid and working PowerShell Script can be found here:
Add-AzureAccount
# use Select-AzureSubscription in case your account has more than one
Select-AzureSubscription -SubscriptionName 'PUT HERE YOUR SUBSCRIPTION'
[System.Xml.XmlDocument] $XmlConfig = New-Object System.Xml.XmlDocument
# load the Antimalware extension configuration from external XML file
# The content of the XML needs to be:
# <AntimalwareConfig><AntimalwareEnabled>true</AntimalwareEnabled></AntimalwareConfig>
# ref.: http://msdn.microsoft.com/en-US/library/azure/dn771718
$XmlConfig.load('D:\tmp\AntiMalware.config')
Set-AzureServiceAntimalwareExtension -ServiceName "PUT HERE THE CLOUD SERVICE NAME" -AntimalwareConfiguration $XmlConfig