Speed Up Your Azure hosted WordPress site with Caching Plugin

A year ago, we had unsuccessfully tested a number of caching plugins on this Azure hosted WordPress blog. Because of ongoing frustrations with slow page loading speed, we tried installing WP Super Cache again – this time to a resounding YES! IT WORKS! While more work is still needed, the page load speed has dropped from 5.8 sec to 3.0 sec with the basic plugin install.

The caching plugin creates cached php files of website pages

WP Super Cache Setup – Quick and Easy!

  • Install the plugin > Easy tab > Caching On That’s all that’s needed to get started!
  • Check that the plugin is working > Test Cache The green text means go!

(more…)

SSL Verification Tools for Azure Web Apps

In a recent blog post, we discussed how we discovered that an SSL Certificate that was not accepted by all browsers had been inadvertently installed months ago on a publicly accessible WordPress DEV site hosted on Azure Web Apps. Only while checking on page load performance, was this discovered by an SSL Checker!

These are some of the free online versions of the tools that we use for testing SSL certificates. Its important to use them!!

SSL Labs:

(more…)

Azure Policies Listed in an Excel Worksheet

In my work with Enterprise clients as an Azure Consultant, I’ve created a few tools to help me communicate efficiently and clearly with  team members in various levels of management that need to understand and implement specific Azure concepts.

I’ve already shared one of those helpful tools that I use repeatedly to customize and deliver during conference calls and presentations. Read about and download the ever evolving series of PowerPoint decks of diagrams and icons for your own customizations.

This post is about another helpful tool in my work – a sortable Excel file of all the current and ‘in-preview’ Azure Policies by category that are found in the Azure Portal.

Download Azure Policy Workbook

There is  an Index of Azure Policy Samples online of 56 Policies in 9 different categories. At the time of writing this, there are also 73 ‘in-preview’ policies in various categories on the Azure portal, with 192 Azure pre-built policies in 22 categories! See them here at:

(more…)

Performance Testing Tools for Azure Web Apps

We’ve been working at speeding up page loading and general performance of our Azure hosted WordPress websites.  Of course, because these are Azure hosted IIS websites, we can’t make changes to the underlying IIS structures, but it is good to know of any vulnerabilities. (An EXCELLENT Security Protocol software that we use on all of our Azure IaaS web servers/browsers is IIS Crypto)

These are some of the free online versions of the tools that we use for measuring performance changes.

GTMetrix.com

  • For example – this is the Page Loading Speed ‘BEFORE’ any changes:

(more…)

Adding a Root Domain to Azure CDN endpoint

We have a static website running from an Azure storage account, using Azure CDN to deliver with a custom domain name and HTTPS. (https://www.alvarnet.com) We need the root custom domain (alvarnet.com) to also be resolvable.

It wasn’t clear in online documentation how to add the root domain to an Azure CDN endpoint, or if it was even possible yet – sub-domains only for CDN endpoints seem to be the standard. In fact, CDN Allow Root Domain for Custom Domains is an Azure ‘feature request’ that has been under review for over a year!

Unsuccessful Trial:

  • I created a new CDN endpoint but the CNAME of the root domain name wasn’t recognized
  • Our DNS provider, EasyDNS, allows for CNAME/Alias records of root domains – but mapping the root domain as a Custom hostname to the alvarnet.azureedge.net CDN endpoint still wouldn’t work. The error message when trying to ‘Add a custom domain‘ basically said it didn’t recognize the CNAME mapping between the root domain and the CDN endpoint.

(more…)

Add HTTP Rules to an Azure Content Delivery Network

We are in the process of setting up a static custom domain website with SSL being hosted from an Azure storage account.

After getting HTTPS protocol to work, it is necessary to set up HTTP Rules for the CDN endpoint to be able to serve up the proper landing page of the website, plus force redirecting of all http traffic to https.

Previous steps in Setting up a custom domain website being hosted from an Azure storage account:

In order to be able to configure the Azure CDN’s Rules Engine, the Azure CDN Profile must be the Premium Verizon pricing tier. This is the only one of the 4 Azure CDN products that have the Rule Engine feature:

(more…)

Migrate a Custom Domain & Add SSL to an Azure Content Delivery Network endpoint

We are in the process of setting up a static custom domain website being hosted from an Azure storage account. While an Azure Storage Account can have a custom domain added to it, it doesn’t support the HTTPS protocol. Using an Azure CDN will allow both a custom domain, work with an SSL certificate giving HTTPS security.

Previous steps in Setting up a custom domain website being hosted from an Azure storage account:

These are the steps to migrate the custom domain which has already been added to a Storage Account hosting the website assets, to an Azure CDN endpoint.

(more…)

Azure PowerPoint Diagrams – Icons (#9/9)

From PowerPoint Diagrams of Azure Concepts & Architecture:
While working with multiple Enterprise teams as an Azure Consultant, I repeatedly use, modify and add to a deck of PowerPoint slides that I customize for communicating Azure concepts to team members in various departments. Some of the slides are combinations of elements and/or concepts from all the Diagram Sources below. Links are provided for original diagrams where possible.
Diagram Sources:


9. Icons – 5 slides

Download Icons PPT deck

(more…)

Add a Custom Domain to an Azure Storage Account

We are in the process of setting up a static custom domain website being hosted from an Azure storage account.
Previous step in Setting up a custom domain website being hosted from an Azure storage account:

A custom domain for accessing blob data in an Azure storage account can be mapped to either the blob storage endpoint (<your-storage-account-name>.blob.core.windows.net) or the web endpoint (<your-storage-account-name>.zone.web.core.windows.net) that is generated when the static websites feature of the storage account is activated. We are going to setup a custom domain name for the web endpoint of a storage account. The process is the same for the blob storage contents using the blob storage endpoint.

1. In our DNS provider, we setup a new CName record for a custom domain name (demo.alvarnet.com) that points to the Azure storage account’s web endpoint (drsitebackups.z19.web.core.windows.net):

(more…)

Create an Azure Content Delivery Network Endpoint

We are setting up the hosting of a static website within an Azure Storage Account that will use an Azure CDN to add a custom domain with SSL connectivity to the static website. A CDN endpoint must be created to connect to the Azure Storage Account’s (containing the static website’s assets) primary endpoint URL.

Previous steps in Setting up a custom domain website being hosted from an Azure storage account:

1. To find and save the Storage Account’s Primary web endpoint URL, navigate to the Azure Portal > Storage Account > Settings > Static Website > Primary endpoint

(more…)

Azure PowerPoint Diagrams – Miscellaneous (#8/9)

From PowerPoint Diagrams of Azure Concepts & Architecture:
While working with multiple Enterprise teams as an Azure Consultant, I repeatedly use, modify and add to a deck of PowerPoint slides that I customize for communicating Azure concepts to team members in various departments. Some of the slides are combinations of elements and/or concepts from all the Diagram Sources below. Links are provided for original diagrams where possible.
Diagram Sources:


8. Miscellaneous – 4 slides

Download Miscellaneous PPT deck

(more…)

Create an Azure Content Delivery Network (CDN) Profile

We are in the process of setting up a static custom domain website being hosted from an Azure storage account. While an Azure Storage Account can have a custom domain added to it, it doesn’t support the HTTPS protocol. Using an Azure CDN will allow both a custom domain and work with an SSL certificate providing HTTPS security for website users.

Previous steps in Setting up a custom domain website being hosted from an Azure storage account:

“A content delivery network (CDN) is a distributed network of edge servers that can efficiently deliver web content to users. CDNs store cached content on edge servers in point-of-presence (POP) locations that are close to end users, to minimize latency. A CDN profile, belonging to one Azure subscription, can have multiple CDN endpoints.”

-Microsoft Documents What is a content delivery network on Azure?

We’re using the Azure CDN endpoint we’ll create in the next step, to deliver static website assets stored in an Azure storage account. Because we will need to add HTTP Rules to the endpoint(s) in the CDN profile, we’ve chosen the Verizon Premium pricing tier. The Premium Verizon CDN is the the only one of the 4 Azure CDN products that have the Rule Engine feature:

(more…)

Hosting an SSL Custom Domain Static Website in Azure Storage Account

It is possible to host a small (less than 1 GB) static website with a custom domain name and SSL access, for pennies a month, from Azure Blob Storage and using Azure CDN!

This blog post outlines the first 6 steps for setting up a static website within an Azure GPv2 storage account. SSL and custom domain name are provided via an endpoint to the storage account from Azure CDN. While a custom domain name could be assigned to the new static website at the storage account level,  we need to use Azure Content Delivery Network (CDN) to provide the https functionality/security, so the website’s custom domain will be pointed to the CDN endpoint.

Some of the key attributes of the custom HTTPS feature are:

  • No additional cost: There are no costs for certificate acquisition or renewal and no additional cost for HTTPS traffic. You pay only for GB egress from the CDN.
  • Simple enablement: One-click provisioning is available from the Azure portal. You can also use REST API or other developer tools to enable the feature.
  • Complete certificate management is available: All certificate procurement and management is handled for you. Certificates are automatically provisioned and renewed prior to expiration, which removes the risks of service interruption due to a certificate expiring.

– Microsoft Docs: Tutorial: Configure HTTPS on an Azure CDN custom domain

(more…)

Azure PowerPoint Diagrams – Nginx (#7/9)

From PowerPoint Diagrams of Azure Concepts & Architecture:
While working with multiple Enterprise teams as an Azure Consultant, I repeatedly use, modify and add to a deck of PowerPoint slides that I customize for communicating Azure concepts to team members in various departments. Some of the slides are combinations of elements and/or concepts from all the Diagram Sources below. Links are provided for original diagrams where possible.
Diagram Sources:


7.  Nginx – 7 slides

Download Nginx PPT deck

(more…)

How to Kill and Restore an Azure VM

This is the process we use to kill and restore vms that have customized configurations and installed applications. We will keep snapshot copies of both the OS and Data drives to be able to use again.

A. Kill VM Process

1. Take snapshots of OS and Data Disks

  • Portal > Resource Group > Select OS Disk > Create Snapshot > Save in different Resource Group, Save as Standard HDD
  • This Resource Group and all of its contents will be deleted after snapshots of the disks are taken.

(more…)

Azure PowerPoint Diagrams – Tools (#6/9)

From PowerPoint Diagrams of Azure Concepts & Architecture:
While working with multiple Enterprise teams as an Azure Consultant, I repeatedly use, modify and add to a deck of PowerPoint slides that I customize for communicating Azure concepts to team members in various departments. Some of the slides are combinations of elements and/or concepts from all the Diagram Sources below. Links are provided for original diagrams where possible.
Diagram Sources:


6. Tools – 11 slides

Download Tools PPT deck

(more…)

Fine Tuning an Azure hosted WordPress site

While struggling to get a plugin working on a DEV copy of the blog site, and responding to suggestions from the plugin developer on changes that could be implemented based on the log file error results – we did some fine tuning of the DEV website’s Azure App Service Application Settings. Since the DEV site worked well with the changes (but not the plugin yet – that’s another story to follow!) the changes were done on the PROD website too.

Application General Settings Before the fine tuning:

  • PHP version = 5.6
  • Platform = 64-bit
  • Always On = Off
  • ARR Affinity = Off

Update Process:

(more…)

Azure PowerPoint Diagrams – DevTest Labs (#5/9)

From PowerPoint Diagrams of Azure Concepts & Architecture:
While working with multiple Enterprise teams as an Azure Consultant, I repeatedly use, modify and add to decks of PowerPoint slides that I customize for communicating Azure concepts to team members in various departments. Some of the slides are combinations of elements and/or concepts from all the Diagram Sources below. Links are provided for original diagrams where possible.
Diagram Sources:


5. DevTest Labs – 4 slides

Download DevTest Labs PPT deck

(more…)

Register For Moving Azure Managed Disks and VMs – PowerShell

Being able to move Managed Disks and Images, VMs and Snapshots in Azure across Resource Groups and Subscriptions is a MAJOR organizational improvement and time saver.

To get this new functionality in your Azure subscription, you’ll need to register the feature via PowerShell – be sure to do BOTH registrations – once for the feature, and register again for the Computer RP:

For example, we’ve been able to easily reorganize important but aged snapshots all into one resource group, cleaning up unnecessary Resource Group sprawl and consolidating some vital resources. The snapshots can still be moved across subscriptions and resource groups via PowerShell, but it helps to visually have them  all in the same container.

(more…)

Azure PowerPoint Diagrams – S2S P2S & Express Route (#4/9)

From PowerPoint Diagrams of Azure Concepts & Architecture:
While working with multiple Enterprise teams as an Azure Consultant, I repeatedly use, modify and add to a deck of PowerPoint slides that I customize for communicating Azure concepts to team members in various departments. Some of the slides are combinations of elements and/or concepts from all the Diagram Sources below. Links are provided for original diagrams where possible.
Diagram Sources:


3. Security – 2 slides

Download S2S P2S Express Route PPT deck

(more…)

Azure PowerPoint Diagrams – Security (#3/9)

From PowerPoint Diagrams of Azure Concepts & Architecture:
While working with multiple Enterprise teams as an Azure Consultant, I repeatedly use, modify and add to decks of PowerPoint slides that I customize for communicating Azure concepts to team members in various departments. Some of the slides are combinations of elements and/or concepts from all the Diagram Sources below. Links are provided for original diagrams where possible.
Diagram Sources:


3. Security – 10 slides

Download Security PPT deck

(more…)

Azure PowerPoint Diagrams – Hub and Spoke Networks (#2/9)

From PowerPoint Diagrams of Azure Concepts & Architecture:
While working with multiple Enterprise teams as an Azure Consultant, I repeatedly use, modify and add to decks of PowerPoint slides that I customize for communicating Azure concepts to team members in various departments. Some of the slides are combinations of elements and/or concepts from all the Diagram Sources below. Links are provided for original diagrams where possible.
Diagram Sources:


2. Hub and Spoke Networks – 7 slides

 Download Hub and Spoke Network PPT deck

(more…)

Azure PowerPoint Diagrams – Governance (#1/9)

From PowerPoint Diagrams of Azure Concepts & Architecture:
While working with multiple Enterprise teams as an Azure Consultant, I repeatedly use, modify and add to decks of PowerPoint slides that I customize for communicating Azure concepts to team members in various departments. Some of the slides are combinations of elements and/or concepts from all the Diagram Sources below. Links are provided for original diagrams where possible.
Diagram Sources:


1. Governance – 3 Slides 

 Download Governance PPT deck

I use these 3 slides to give an overview explanation of Azure Account and Subscription Management to new clients:

(more…)

Register an Azure Active Directory Security Principal – ARM Portal

An Azure service principal is a security identity used by applications, services, and automation tools to access designated Azure resources. The service principal is a ‘user identity’ (username and password) with an assigned role/permissions in Azure Active Directory (AAD). The service principal should only need to do specific things, unlike a general user identity. In this example, a new Service Principal will be created in AAD and assigned to an Azure Resource Group. Read here for the steps to register a new Service Principal using PowerShell.

Using the Azure Portal

Adding a service principal in the Azure Portal is very straight forward.

Go to Azure Active Directory > App registrations > Add New application registration > create a Display Name > Save

(more…)

Register an Azure Active Directory Security Principal – PowerShell

An Azure service principal is a security identity used by applications, services, and automation tools to access designated Azure resources. The service principal is a ‘user identity’ (username and password) with an assigned role/permissions in Azure Active Directory (AAD). The service principal should only need to do specific things, unlike a general user identity. In this example, a new Service Principal will be created in AAD and assigned to an Azure Resource Group. Read here for the steps to register a new Service Principal using the Azure ARM Portal

Using PowerShell

1. #Login to Azure Subscription

2. #Declare Variables

(more…)

Install and Configure Azure Let’s Encrypt Extension for Azure WordPress Web App

Check the completion of all 8 preparation steps outlined in Preparations for adding Lets Encrypt SSL Certificate to Azure WordPress Web App

  1. Update App Service Plan
  2. Update Web.config for Certificate Renewal
  3. Delete binding of any currently installed SSL certificates
  4. Assign or create a storage account for the process
  5. Add 2 Application settings to website
  6. Register an Azure Service Principle
  7. Permissions added to Resource Group/Subscription
  8. Gather config info & paste text file for configuring the Lets Encrypt Extension

Now the Azure Let’s Encrypt Extension can be installed & Configured

1. Portal > Web App > Development Tools > Extensions > +Add > Choose Extension > Azure Let’s Encrypt > OK

(more…)

Swap the OS Disk of an Azure VM – PowerShell

Being able to quickly swap out the OS disk of an Azure VM is a feature that means VMs don’t have to be ‘killed’ and rebuilt when there is a problem or a need for major revisioning of the VM. A backup OS managed disk, or a new OS managed disk, or an ‘earlier’ OS managed disk version can be applied in situ to the provisioned VM. We keep a repository of key versions of OS and Data disk snapshots that can be quickly turned into unattached managed disks when needed for fixing a VM.

#1. Login to Azure

(more…)

PowerPoint Diagrams of Azure Concepts & Architecture

While working with multiple Enterprise teams as an Azure Consultant, I repeatedly use, modify and add to a deck of PowerPoint slides that I customize for communicating Azure concepts to team members in various departments. Some of the slides are combinations of elements and/or concepts from all the Diagram Sources below.

Diagram Sources:

While it is helpful to have the Visio files available for download from some of the Microsoft Documents, I’ve found it is faster to work with clients using PowerPoint. Diagrams in PowerPoint are very simple for me to work with, to customize for each client quickly and to present during remote communications with teams. (The Microsoft Visio diagrams also provide icons and design elements to use in your own PowerPoint presentations.) When possible, we’ve given the link to the Microsoft pages where the original diagrams are found.

(more…)

Preparations for adding Lets Encrypt SSL Certificate to Azure WordPress Web App

We were using an expensive wildcard SSL certificate from a CA for all of our websites, that was expiring soon. Yes – there IS a very simple and straightforward way within Azure to add this wildcard certificate for multiple domain and sub-domain DEV, TEST and PROD Azure-hosted websites – but at an annual cost to us in excess of $750 Canadian dollars!

With Azure supporting use of Let’s Encrypt, the free, automated and open CA for Azure-hosted websites, we decided to secure all our websites with free LetsEncrypt SSL certificates working for each website before the expensive wildcard SSL expired.

NOTE: The Let’s Encrypt certificates DO expire after 90 days, so a background process using Azure Web Jobs, is necessary to automatically renew and install new certificates. Simon J.K.Pedersen has developed the Azure Let’s Encrypt Web App Site Extension to do all of the work of requesting, installing  and renewing of the Let’s Encrypt certificates. What a help this all is! Once the preparations are complete (as outlined below) the new Let’s Encrypt SSL certificate is working in less than 5 minutes.

(more…)

CredSSP Error when RDPing into rebuilt Azure VM

After swapping out an OS drive into an Azure VM, we were unable to RDP into the revisioned VM, getting this error:

In May 2018, Microsoft issued CredSSP updates for CVE-2018-0886 which requires that KB 4093120 be installed on both the client and server.

(more…)

How to Make PHP.ini Changes for Azure WordPress Web App

You may need to modify your WordPress site’s php.ini file, which is the default PHP configuration file, to increase the site’s Memory Limit, Maximum Execution Time, Maximum Input Time etc. However, there is no access to the php.ini file in an Azure hosted WordPress Web App!

A simple solution is to add a .user.ini file to the site/wwwroot folder via the Kudu site of your website. Read more about Kudu here

Portal > Web App > Development Tools > Advanced Tools  blade > Go > Debug Console > cmd > site > wwwroot > + file > .user.ini

(more…)

Create Azure VM from Snapshot – PowerShell

The 3 overview steps to creating (or restoring) an Azure virtual machine (VM) from a stored snapshot of another VMs Operating System (OS) virtual hard disks (vhd).

  1. Create a Snapshot (already created for this exercise)
  2. Create Managed disks from Operating System (OS) and Data Disk Snapshots
  3. Create a VM from the Managed OS Disk and add data disk

This post shows how to create a VM in a new resource group, from disk snapshots. We will be attaching the new managed OS Disk to the VM with PowerShell while the VM is created. The data disk will be attached after the VM is created. Note in the diagram below, that after creating the managed disks, we will also need to add 4 more Azure resources for the new VM to be accessible:

  • VNet
  • Subnet
  • PIP
  • Network Interface

(more…)

Create an Azure Disk Snapshot – Portal

We regularly take new snapshots of a VMs vhds before testing major development changes, adding Windows updates, testing new application settings etc., to allow us to easily revert to the previous state of the VM if desired. In Azure, snapshots are taken of the virtual disks (vhd), not the VM instance itself. Snapshots are full, read-only copies of the vhds.

An Azure snapshot of a data or operating system (os) vhd can be used: (more…)

Setting up Azure’s P2S VPN Gateway with PowerShell – Part 3/3

This post outlines Steps 8 – 10 of the series of 10 steps to create an Azure P2S Connection. Do these steps AFTER COMPLETING Steps 1 – 4 given in  Setting up Azure’s P2S VPN Gateway with PowerShell -Part 1/3 and Steps 5 – 7 given in Setting up Azure’s P2S VPN Gateway with PowerShell -Part 2/3

Steps 1- 7 for Creating P2S Connection:

1. Log in to Azure and set variables
2. Configure a VNet
3. Create the VPN Gateway
4. Add the VPN client address pool 
5. Generate certificates
6. Upload the root certificate public key info to Azure
7. Install an exported client certificate


Steps 8 – 10 for Creating P2S Connection:  

8. Configure the VPN on client computer
9. Connect to Azure
10. Verify P2S VPN Connection


8. Configure the VPN on the client machine

(more…)

Setting up Azure’s P2S VPN Gateway with PowerShell – Part 2/3

This post outlines Steps 5 – 7 of the series of 10 steps to create an Azure P2S Connection. Do these steps AFTER Steps 1 – 4 given in  Setting up Azure’s P2S VPN Gateway with PowerShell -Part 1

Steps 1-4 for Creating P2S Connection:

1. Log in to Azure and set variables
2. Configure a VNet
3. Create the VPN Gateway
4. Add the VPN client address pool


Steps 5 – 7 for Creating P2S Connection:  

5. Generate certificates
6. Upload the root certificate public key info to Azure
7. Install an exported client certificate

(more…)

Move Azure Snapshot to new Subscription – PowerShell

At the time of writing this, moving/migration of VMs with managed disks to a new Azure Subscription, is not supported in Azure. It is possible however, to move managed snapshots of a VM’s vhds  to another Azure subscription, and then ‘reconstruct’ the VM using the OS and data disks snapshots or managed disks. The VM object itself is just metadata running the vhds  (The Move option for both snapshots or managed disks displays in the Azure portal, but we found that the portal Move option does not work for our various Azure Accounts and Subscriptions.(See screen shot below).) The Move operations of snapshots or managed disks can be done easily via PowerShell.

Why move managed disks to another subscription? For example, once a Dev/Test environment is proven, the typical procedure is to migrate the IaaS infrastructure to an Enterprise Subscription for a production environment. Also, moving copies of snapshots out of the main subscription is beneficial for data retention in case of Disaster Recovery or accidental deletions.

A work around for this current limitation – not being able to move/migrate a VM, is to move the managed snapshot(s) to a new Subscription, and then create new managed disks of OS and data vhds for VM in another subscription. It is also possible to migrate a copy of a snapshot or a managed disk into a Storage Account as a page blob to be used by other subscriptions or even other Azure accounts. Read about moving Snapshots to a Storage Account

Unsuccessful Snapshot Move In ARM Portal:

While the option to Move to another subscription is shown on the snapshot blade, validation of the process failed giving the error that this subscription is not ‘registered to use Microsoft.Computer/ManagedResourcesMove feature…but a snap shot can easily be copied to another subscription via PowerShell.

(more…)

Export an Azure Managed Snapshot to Storage Account – PowerShell

Azure Snapshots of managed virtual hard drives (vhds) are stored in Resource Groups (as opposed to ‘unmanaged’ Snapshots being stored in storage accounts). While it is possible to move the managed snapshots to another subscription using PowerShell, there are advantages to having a copy of crucial core snapshots readily available and protected as a Page Blobs in a Storage Account.

With PowerShell, copies of the Snapshots can be exported to an Azure Storage Account to be able to:

  • Maintain a separated set of crucial snapshot copies that cannot be deleted by accident, helpful as another Disaster Recovery point
  • Quickly & easily copy Snapshots to a different Azure account or subscription using Microsoft Azure Storage Explorer  and then create new managed disks and VMs in the different Account or subscription
  • At the time of this writing, VMs with managed disks cannot be moved from one Azure region to another. The workaround is to export a snapshot of the VMs managed disks to a storage account in a different region, and then re-create the VM with the managed disk(s) in a Resource Group in the different region. Read more here.

1. #Login to Azure Portal (read here for a slick way to select the correct subscription context)

(more…)

Create an Azure Disk Snapshot – PowerShell

Working in Hyper-V before moving all of our resources from physical servers in datacenters to Azure IaaS or PaaS, we regularly took new snapshots of Virtual Machines (VMs) before testing major development changes, adding Windows updates, testing new application settings etc., to allow us to easily revert to the previous state of the VM if desired. In Azure, snapshots are taken of the virtual disks (vhd), not the VM instance itself. Snapshots are full, read-only copies of the vhds. A new VM is created with new managed disks created from stored snapshots of OS data disks; data disk snapshots are turned into managed data disks and then attached to a VM.

An Azure snapshot of a data or operating system (os) vhd can be used:

  • For custom backup/restore of a VMs vhds
  • For troubleshooting disk problems.
  • To create a copy of production servers for use in development, or the opposite, copy a dev environment into production mode.
  • To quickly duplicate a fresh VM instance. For example, we use specific single-tier and double-tier web server/sql server environments that need to be reproduced for various testing scenarios. A new ‘exact copy’ environment, with all accounts and applications in place, can be ready for access within 5 minutes if necessary, using stored Azure Snapshots of the OS and data disks. These are considered ‘specialized’ disks…
  • To create a ‘repository’ of prepared OS and data disks for use in creating multiple VM copies.
  • To create a dr backup repository of snapshots in a different region or subscription (or both), in case of accidental deletion of key OS or data disks.
  • Backing up a VM before making a major change – although it is not possible to revert the VM to the previous state, the VM can be deleted and using the saved snapshots > create new managed OS and data disks > create a new VM using the previous VMs Nic, etc.

(more…)

Export Certificates for Azure P2S Authentication

This is the Export step in the process of generating and uploading self-signed Root and client certificates to Azure for authentication for a Point-to-Site VPN Gateway. The PowerShell to create the root and client certificates is found here.

After creating the self-signed root certificate, it must be exported so it can be uploaded to Azure for the P2S configuration. It is only necessary to export the generated client certificate if it is to be installed on another client/computer. It is automatically installed on the client/computer it was generated from. Instructions are given here for exporting both the .cer file and the client certificate.

Export .cer file from Root Certificate
Export Client Certificate

(more…)

Move an on-Prem Hyper-V VM to Azure (specialized VHD)

One way to move an on-premises Hyper-V Windows virtual machine (VM) with all its user accounts, policies and applications fully intact up to Azure, is to create a specialized disk of the VM’s operating system virtual hard disk (VHD). This specialized VHD is then uploaded to Azure, after being properly prepped to work in the Azure environment and attached to a new VM.

Notes:

  • Only Generation 1 Hyper-V VMs are supported on Azure. Keep this in mind when creating or are considering moving Hyper-V machines to Azure. A Generation 2 Hyper-V VM cannot be converted to a Generation 1 Hyper-V VM.
  • The Hyper-V vhdx disk format must be converted to vhd, and the dynamically expanding property of the Hyper-V vhd changed to fixed-sized. This is done easily in PowerShell
  • In Azure, the size of a managed or unmanaged VHD can be increased, but not decreased, so to speed the uploading time of the prepared VHD to Azure, make sure the Hyper-V VMs OS disk is as small as possible when the Hyper-VM is first created.

In the 2 sets of .vhdx drives converted to .vhd drives shown below:

(more…)

Azure Resource Manager PowerShell Login – make it persist!

With multiple Azure subscriptions within a single Azure account, it is crucial to be logged into the correct Azure subscription (AzureRM Context), to be able to access the Azure resources within a specific subscription, via PowerShell (POSH). There is a default subscription that is set to open with each new POSH session. If this default subscription isn’t the preferred working subscription, you will have to select the correct subscription for every new POSH session.

With the Azure Context Autosave feature (added Sept 2017), it is possible that after setting the subscription for the current session, you can have the Azure credentials, account and subscription information saved and automatically loaded when you open a new POSH window – by using the Enable-AzureRmContextAutosave cmdlet

And for easy subscription selection, I recently found these simple POSH cmdlets here, to be able to brilliantly select the correct Azure Subscription by clicking on the list of Azure subscriptions in the Azure Windows account. No copying and pasting of subscription ID, name and/or tenant ID required!

(more…)

Setting up Azure’s P2S VPN Gateway with PowerShell -Part 1/3

Azure’s Point-to-Site (P2S) VPN gateway connection creates a secure connection to an Azure virtual network’s (VNet) resources from an individual client computer. A VPN gateway is created on its own subnet in an Azure VNet, and then configured to allow P2S connections. No VPN physical device is required and there are minimal, if any, changes required to be made to the on-prem network. A P2S VPN connection is established by starting it from the client computer. It is possible to also route a P2S VPN through a secure Azure VPN Gateway – but the software VPN Gateway is within the Azure subscription, not in the on-prem network.

The P2S VPN network connection is outlined in a red box in this diagram – note that P2S and Site to Site (S2S) VPN Gateways can co-exist within an On-Prem network with Azure Express Route:

(more…)

2-for-1: “Google Cloud for Developers” AND “Using Azure for Dev & Testing”

2-for-1: “Google Cloud for Developers” AND “Using Azure for Dev & Testing”

March 15, 2018 – 72 people attended

Details:

Two talks were scheduled for this event.

The first talk is “Google Cloud for .NET Developers” by Ken Cenerelli.

The second talk is “Using Azure for Software Development & Testing
Azure DevTest Labs is a free service that helps developers and testers quickly create environments in Azure while minimizing waste and controlling cost. You can test the latest version of your application by quickly provisioning Windows and Linux environments using reusable templates and artifacts. Easily integrate your deployment pipeline with DevTest Labs to provision on-demand environments. Scale up your load testing by provisioning multiple test agents, and create pre-provisioned environments for training and demos. The only cost comes from the actual Azure resources consumed such as VMs, storage, databases, etc. The topics covered include:
* Quickly provision development and test environments
* Minimize waste with quotas and policies
* Set VM automated shutdowns and startups to minimize costs

(more…)

Use Azure’s Kudu UI to Fix WordPress Update Failures

Another post in our series on Creating Azure (hosted) WordPress Websites without knowing php or MySql!

Problem: 

An update of a WordPress plugin or theme for our Azure hosted WordPress website(s) fails to load. This causes an immediate problem because the old version of the plugin or theme was already deleted from the website in the update process! This is a ‘scary’ one – especially if it is the theme that is deleted from the website. Time is of the essence to get the website fixed and secured with the latest updates.

(more…)

Use Azure Kudu to Access the Infrastructure files of an Azure hosted WordPress Site

Read all of the other posts in our series on Creating Azure (hosted) WordPress Websites without knowing php or MySql!

All of the back-end infrastructure files of a WordPress website hosted on Azure Web App Service, are exposed via its Azure source control management site. You may need to make changes to the Azure hosted WordPress site’s web.config, wp-config.php, functions.php etc.

Every Azure App Service (website) has an associated ‘scm’ service website or a Site Extension named Kudu. It is accessed by using the Source Control Management entry point https://<site-name>.scm.azurewebsites.net. NOTE: A custom domain name will not resolve with the scm modification to its URL – you must use the original *.azurewebsites.net DNS name to access Kudu.

Kudu can also be accessed via the Azure Resource Manager (ARM) for your Azure website under Settings > Development Tools > Advanced Tools > Go > Read more about Kudu here.

(more…)

Maximize Security of your WordPress Website

Within a month of building our first WordPress blog from the Azure Marketplace, we discovered that the website had been hacked. It had been injected with code we couldn’t find how to access and showed more than 20 additional blog posts pointing to random software download pages, all running from our custom domain with SSL!

We were fortunate to have noticed those extra posts as soon as we did – and before the domain’s reputation was compromised. We immediately deleted the hacked posts, and exported an xml file of our website contents for importing into a newly built ‘clean’ website infrastructure if necessary – which it was. Turned out to be faster and safer to rebuild the website than to discover exactly how and where ‘they’ had gotten in and the extent of the back-end infrastructure infiltration. Time was better spent learning how to secure and harden our WordPress website!

(more…)