Author Archives: Tyler Doerksen

Azure VM Access Control with PowerShell

Posted on by
2

With the onset of TechEd North America this week there have been a number of announcements made in the Windows Azure space.

As always Scott Guthrie has a great post on his blog outlining most of the new features announced this week.

Windows Azure: Announcing New Dev/Test Offering, BizTalk Services, SSL Support with Web Sites, AD Improvements, Per Minute Billing

Cloud Service ACLs

However there was one feature announced that was not mentioned in the above blog post. That is Azure ACLs (Access Control Lists). This feature provides you the ability to permit or deny access to an Azure Virtual Machine endpoint using a subnet address range.

An ACL makes a service endpoint more secure by prohibiting unwanted access. This feature also opens the door to using the Azure load balancing endpoint for internal services like a SQL AlwaysOn controller.

Only in PowerShell

The small caveat to this announcement is that there is no UI portal support for ACLs. At this point to set this up you need to use PowerShell. (As of June 4th 2013)

Commands

PS C:\Users\Tyler> Get-Command -Noun AzureAcl*

CommandType     Name
-----------     ----
Cmdlet          Get-AzureAclConfig
Cmdlet          New-AzureAclConfig
Cmdlet          Remove-AzureAclConfig
Cmdlet          Set-AzureAclConfig

The Get and Remove commands are executed on a particular VM-endpoint pair. The New and Set commands are executed on the ACL configuration object.

Creating a controlled endpoint

$acl = New-AzureAclConfig
Set-AzureAclConfig -ACL $acl -AddRule Permit -RemoteSubnet "50.72.11.172/32" -Description "Tylers Access" -order 1

$vm = Get-AzureVM -ServiceName "mySvc" -Name "web01"
Set-AzureEndpoint -VM $vm -Name "internal" -PublicPort 8080 -LocalPort 8080 -ACL $acl

Update-AzureVM -VM $vm

Editing a controlled endpoint

One ACL config object can contain many rules. To maintain the object there are three commands used.

-AddRule
-RemoveRule -ID <Int32>
-SetRule -ID <Int32>

So editing an ACL config object would look like this.

$vm = Get-AzureVM -ServiceName "mysvc" -Name "web01"
$acl = Get-AzureAclConfig -EndpointName "Web" -VM $vm
Set-AzureAclConfig -SetRule -ID 0 -ACL $acl -Order 102 -Description "New Description"

Set-AzureEndpoint -ACL $acl -Name "Web" -VM $vm
Update-AzureVM -VM $vm

Or removing a specific rule from an ACL config object

$vm = Get-AzureVM -ServiceName "mysvc" -Name "web01"
$acl = Get-AzureAclConfig -EndpointName "Web" -VM $vm
Set-AzureAclConfig -RemoveRule -ID 1 -ACL $acl

Set-AzureEndpoint -ACL $acl -Name "Web" -VM $vm
Update-AzureVM -VM $vm

Removing the ACL from an endpoint

$vm = Get-AzureVM -ServiceName "mysvc" -Name "web01"
Remove-AzureAclConfig -EndpointName "web" -VM $vm
Update-AzureVM -VM $vm

That is about all that I have for now. Stay tuned for more updates when the portal is updated to support ACL configuration.

Thanks for reading.

Checking Azure Cloud Service SDK Version with PowerShell

Posted on by
1

If you manage an Azure Subscription you should have received an email stating that OS 1.x and SDK 1.0 – 1.5 are being deprecated. Of course the date for the depreciation is June 1st 2014 but its never too early to upgrade.

With that in mind here is a quick script using the Windows Azure PowerShell Cmdlet Library to check for services deployed and the SDK/OS version.

Get-AzureService | Get-AzureDeployment | 
    Where-Object -Property SdkVersion -NE -Value "" | 
    select ServiceName,SdkVersion,OSVersion,Slot

Results:

ServiceName    SdkVersion      OSVersion    Slot
-----------    ----------      ---------    ----
imaginet       #1.5.20928.1904 *            Production
petingoapi     1.6.21103.1459  *            Production

Or if you want to check multiple subscriptions

$d = @() 
Get-AzureSubscription | 
    foreach{ 
        Select-AzureSubscription $_.SubscriptionName 
        $d += (
            Get-AzureService | 
            Get-AzureDeployment | 
            Where-Object -Property SdkVersion -NE -Value "" | 
            select ServiceName,SdkVersion,OSVersion,Slot)
    }
write $d

You may get some 404 errors if any of your services do not have deployments but they can be ignored.

Get-AzureDeployment : "An exception occurred when calling the ServiceManagement API. HTTP Status Code: 404. Service
Management Error Code: ResourceNotFound. Message: No deployments were found.. Operation Tracking ID:
7f7a82cbcc794ea4b28c07471d68a84b."
At line:1 char:20
+ Get-AzureService | Get-AzureDeployment |
+                    ~~~~~~~~~~~~~~~~~~~
+ CategoryInfo          : CloseError: (:) [Get-AzureDeployment], ServiceManagementClientException
+ FullyQualifiedErrorId : Microsoft.WindowsAzure.Management.ServiceManagement.HostedServices.GetAzureDeploymentCommand

Thanks for reading!

.NET Camp Session Video – Azure Cloud Services

Posted on by
Reply

Windows Azure Cloud Services offers a great way to logically separate your applications and scale the components up and out independently and easily. In this session you will get a complete overview of Cloud Services and a clear understanding of Web Roles and Worker Roles. Furthermore you’ll see how Visual Studio 2012 and the Windows Azure SDK makes it easy to develop and test your cloud services locally.

Part of the Developer Movement .NET Camp

Channel9 Page

Contents

  • Introduction
  • Azure Ecosystem
  • Cloud Services Overview
  • Why a Cloud Service?
  • What is a Cloud Service? Web and Worker Roles
  • What can it run? Languages and Frameworks
  • Web Roles
  • Worker Roles
  • Role Lifecycle
  • Roles and Instances
  • Fault Domains
  • Upgrade Domains
  • Hello World Demo
  • Packaging and Configuration
  • Deployment
  • Application Upgrade Strategies
  • Service Management Demo
  • Cloud Development Lifecycle
  • Team Foundation Service integration
  • TFS Online and Azure Demo
  • Diagnostics Demo
  • Closing