Register an Azure Active Directory Security Principal – ARM Portal

An Azure service principal is a security identity used by applications, services, and automation tools to access designated Azure resources. The service principal is a ‘user identity’ (username and password) with an assigned role/permissions in Azure Active Directory (AAD). The service principal should only need to do specific things, unlike a general user identity. In this example, a new Service Principal will be created in AAD and assigned to an Azure Resource Group. Read here for the steps to register a new Service Principal using PowerShell.

Using the Azure Portal

Adding a service principal in the Azure Portal is very straight forward.

Go to Azure Active Directory > App registrations > Add New application registration > create a Display Name > Save

Assign Name and an URL for a web app  – which can be changed at any time later.

Azure assigns an Application/Client ID for the new service principal

To create the Key for the new Service Principal go to Settings > Keys > Add the Display Name into the Description > select Duration > Save

Copy/paste the Key Value saving it before leaving the Keys blade:

The new Service Principal (Login in this example) shows in the list of Azure Active Directory App registrations:

Now apply the new Service Principal ‘Login’ to a specific Resource Group (or subscription). Note that all objects in the Subscription or the Resource Group will inherit the Contributor permission for access. Go to the Resource Group or Subscription or other Azure object > Access control (IAM) > +Add > select permission level/Role that the service principal will be assigned> type in the display name of the new service principal > Select > Save.  Note that all objects in the Resource Group will now inherit permission for the service principal to access them as a Contributor

This is a screen shot of the Access control (IAM) for a web app that had the Service Principal added at the Subscription level:

Register an Azure Active Directory Security Principal – PowerShell

An Azure service principal is a security identity used by applications, services, and automation tools to access designated Azure resources. The service principal is a ‘user identity’ (username and password) with an assigned role/permissions in Azure Active Directory (AAD). The service principal should only need to do specific things, unlike a general user identity. In this example, a new Service Principal will be created in AAD and assigned to an Azure Resource Group. Read here for the steps to register a new Service Principal using the Azure ARM Portal

Using PowerShell

1. #Login to Azure Subscription

2. #Declare Variables

(more…)

Add Lets Encrypt SSL Certificate to an Azure WordPress Web App

We are currently using an expensive wildcard SSL certificate from a CA for all of our websites, that is expiring soon. Yes – there IS a very simple and straightforward way within Azure to add this wildcard certificate for multiple domain and sub-domain DEV, TEST and PROD Azure-hosted websites – but at an annual cost in excess of $750 Canadian dollars!

With Azure supporting use of Let’s Encrypt, the free, automated and open CA for Azure-hosted websites, we decided to secure all our websites with free LetsEncrypt SSL certificates working for each website before the expensive wildcard SSL expired.

NOTE: The Let’s Encrypt certificates DO expire after 90 days, so a background process using Azure Web Jobs, is necessary to automatically renew and install new certificates. Simon J.K.Pedersen has developed the Azure Let’s Encrypt Web App Site Extension to do the heavy lifting of requesting, installing  and renewing of the Let’s Encrypt certificates. What a help this all is! Once the preparations are complete (as outlined below) the new Let’s Encrypt SSL certificate is working in less than 5 minutes.

After reading Simon’s documentation on How to Install, Known Issues, and How to Troubleshoot this is the process we used to change the SSL certificates on our websites. Simon J. K. Pedersen said he is actively working on an Azure extension to create a LetsEncrypt wildcard certificate. That will save even MORE time.

(more…)

Move Azure Snapshot to new Subscription – PowerShell

At the time of writing this, moving/migration of VMs with managed disks to a new Azure Subscription, is not supported in Azure. It is possible however, to move managed snapshots of a VM’s vhds  to another Azure subscription, and then ‘reconstruct’ the VM using the OS and data disks snapshots or managed disks. The VM object itself is just metadata running the vhds  (The Move option for both snapshots or managed disks displays in the Azure portal, but we found that the portal Move option does not work for our various Azure Accounts and Subscriptions.(See screen shot below).) The Move operations of snapshots or managed disks can be done easily via PowerShell.

Why move managed disks to another subscription? For example, once a Dev/Test environment is proven, the typical procedure is to migrate the IaaS infrastructure to an Enterprise Subscription for a production environment. Also, moving copies of snapshots out of the main subscription is beneficial for data retention in case of Disaster Recovery or accidental deletions.

A work around for this current limitation – not being able to move/migrate a VM, is to move the managed snapshot(s) to a new Subscription, and then create new managed disks of OS and data vhds for VM in another subscription. It is also possible to migrate a copy of a snapshot or a managed disk into a Storage Account as a page blob to be used by other subscriptions or even other Azure accounts. Read about moving Snapshots to a Storage Account

Unsuccessful Snapshot Move In ARM Portal:

While the option to Move to another subscription is shown on the snapshot blade, validation of the process failed giving the error that this subscription is not ‘registered to use Microsoft.Computer/ManagedResourcesMove feature…but a snap shot can easily be copied to another subscription via PowerShell.

(more…)

Export an Azure Managed Snapshot to Storage Account – PowerShell

Azure Snapshots of managed virtual hard drives (vhds) are stored in Resource Groups (as opposed to ‘unmanaged’ Snapshots being stored in storage accounts). While it is possible to move the managed snapshots to another subscription using PowerShell, there are advantages to having a copy of crucial core snapshots readily available and protected as a Page Blobs in a Storage Account.

With PowerShell, copies of the Snapshots can be exported to an Azure Storage Account to be able to:

  • Maintain a separated set of crucial snapshot copies that cannot be deleted by accident, helpful as another Disaster Recovery point
  • Quickly & easily copy Snapshots to a different Azure account or subscription using Microsoft Azure Storage Explorer  and then create new managed disks and VMs in the different Account or subscription
  • At the time of this writing, VMs with managed disks cannot be moved from one Azure region to another. The workaround is to export a snapshot of the VMs managed disks to a storage account in a different region, and then re-create the VM with the managed disk(s) in a Resource Group in the different region. Read more here.

1. #Login to Azure Portal (read here for a slick way to select the correct subscription context)

(more…)

Create an Azure Disk Snapshot – PowerShell or Portal

Working in Hyper-V before moving all of our resources from physical servers in datacenters to Azure IaaS or PaaS, we regularly took new snapshots of Virtual Machines (VMs) before testing major development changes, adding Windows updates, testing new application settings etc., to allow us to easily revert to the previous state of the VM if desired. In Azure, snapshots are taken of the virtual disks (vhd), not the VM instance itself. Snapshots are full, read-only copies of the vhds. A new VM is created with new managed disks created from stored snapshots of OS data disks; data disk snapshots are turned into managed data disks and then attached to a VM.

An Azure snapshot of a data or operating system (os) vhd can be used:

  • For custom backup/restore of a VMs vhds
  • For troubleshooting disk problems.
  • To create a copy of production servers for use in development, or the opposite, copy a dev environment into production mode.
  • To quickly duplicate a fresh VM instance. For example, we use specific single-tier and double-tier web server/sql server environments that need to be reproduced for various testing scenarios. A new ‘exact copy’ environment, with all accounts and applications in place, can be ready for access within 5 minutes if necessary, using stored Azure Snapshots of the OS and data disks. These are considered ‘specialized’ disks…
  • To create a ‘repository’ of prepared OS and data disks for use in creating multiple VM copies.
  • To create a dr backup repository of snapshots in a different region or subscription (or both), in case of accidental deletion of key OS or data disks.
  • Backing up a VM before making a major change – although it is not possible to revert the VM to the previous state, the VM can be deleted and using the saved snapshots > create new managed OS and data disks > create a new VM using the previous VMs Nic, etc.

(more…)

Move an on-Prem Hyper-V VM to Azure (specialized VHD)

One way to move an on-premises Hyper-V Windows virtual machine (VM) with all its user accounts, policies and applications fully intact up to Azure, is to create a specialized disk of the VM’s operating system virtual hard disk (VHD). This specialized VHD is then uploaded to Azure, after being properly prepped to work in the Azure environment and attached to a new VM.

Notes:

  • Only Generation 1 Hyper-V VMs are supported on Azure. Keep this in mind when creating or are considering moving Hyper-V machines to Azure. A Generation 2 Hyper-V VM cannot be converted to a Generation 1 Hyper-V VM.
  • The Hyper-V vhdx disk format must be converted to vhd, and the dynamically expanding property of the Hyper-V vhd changed to fixed-sized. This is done easily in PowerShell
  • In Azure, the size of a managed or unmanaged VHD can be increased, but not decreased, so to speed the uploading time of the prepared VHD to Azure, make sure the Hyper-V VMs OS disk is as small as possible when the Hyper-VM is first created.

In the 2 sets of .vhdx drives converted to .vhd drives shown below:

(more…)

Azure Resource Manager PowerShell Login – make it persist!

With multiple Azure subscriptions within a single Azure account, it is crucial to be logged into the correct Azure subscription (AzureRM Context), to be able to access the Azure resources within a specific subscription, via PowerShell (POSH). There is a default subscription that is set to open with each new POSH session. If this default subscription isn’t the preferred working subscription, you will have to select the correct subscription for every new POSH session.

With the Azure Context Autosave feature (added Sept 2017), it is possible that after setting the subscription for the current session, you can have the Azure credentials, account and subscription information saved and automatically loaded when you open a new POSH window – by using the Enable-AzureRmContextAutosave cmdlet

And for easy subscription selection, I recently found these simple POSH cmdlets here, to be able to brilliantly select the correct Azure Subscription by clicking on the list of Azure subscriptions in the Azure Windows account. No copying and pasting of subscription ID, name and/or tenant ID required!

(more…)

Export Certificates for Azure P2S Authentication

This is the Export step in the process of generating and uploading self-signed Root and client certificates to Azure for authentication for a Point-to-Site VPN Gateway. The PowerShell to create the root and client certificates is found here.

After creating the self-signed root certificate, it must be exported so it can be uploaded to Azure for the P2S configuration. It is only necessary to export the generated client certificate if it is to be installed on another client/computer. It is automatically installed on the client/computer it was generated from. Instructions are given here for exporting both the .cer file and the client certificate.

Export .cer file from Root Certificate
Export Client Certificate

(more…)

Setting up Azure’s P2S VPN Gateway with PowerShell

Azure’s Point-to-Site (P2S) VPN gateway connection creates a secure connection to an Azure virtual network’s (VNet) resources from an individual client computer. A VPN gateway is created on its own subnet in an Azure VNet, and then configured to allow P2S connections. No VPN physical device is required and there are minimal, if any, changes required to be made to the on-prem network. A P2S VPN connection is established by starting it from the client computer.

A P2S solution is useful for connecting to Azure VNets from a remote location or when there are only a few clients that need to access an Azure VNet’s resources. We use a P2S connection as a proof-of-concept (POC) for a .Net Web App hosted within an Azure VM webserver to be able to connect to an on-prem Sql Database.

The following cmdlets and process flow is from an excellent article in Azure Documentation, Configure a Point-to-Site connection to a VNet using native Azure certificate authentication: PowerShell with detailed explanations for each of the following steps – we’ve just put it all together in a single, easy to follow list of PowerShell cmdlets to run sequentially in an elevated Windows PowerShell ISE session, to quickly set up a P2S Gateway – after changing the variables for each use case.

Download Zip of POSH cmdlets

There is also an ARM Quickstart Template Point-to-Site Gateway that will quickly provision a P2S Gateway on Azure for you covering Steps 2 – 7 below!

(more…)

Use Azure’s Kudu UI to Fix WordPress Update Failures

Another post in our series on Creating Azure (hosted) WordPress Websites without knowing php or MySql!

Problem: 

An update of a WordPress plugin or theme for our Azure hosted WordPress website(s) fails to load. This causes an immediate problem because the old version of the plugin or theme was already deleted from the website in the update process! This is a ‘scary’ one – especially if it is the theme that is deleted from the website. Time is of the essence to get the website fixed and secured with the latest updates.

(more…)

Use Azure Kudu to Access the Infrastructure files of an Azure hosted WordPress Site

Read all of the other posts in our series on Creating Azure (hosted) WordPress Websites without knowing php or MySql!

All of the back-end infrastructure files of a WordPress website hosted on Azure Web App Service, are exposed via its Azure source control management site. You may need to make changes to the Azure hosted WordPress site’s web.config, wp-config.php, functions.php etc.

Every Azure App Service (website) has an associated ‘scm’ service website or a Site Extension named Kudu. It is accessed by using the Source Control Management entry point https://<site-name>.scm.azurewebsites.net. NOTE: A custom domain name will not resolve with the scm modification to its URL – you must use the original *.azurewebsites.net DNS name to access Kudu.

Kudu can also be accessed via the Azure Resource Manager (ARM) for your Azure website under Settings > Development Tools > Advanced Tools > Go > Read more about Kudu here.

(more…)

Setup Plan for an Azure hosted WordPress Page-centric Private Intranet Wiki

Read all of the other posts in our series on Creating Azure (hosted) WordPress Websites without knowing php or MySql!

Overview:

We were tasked to move all the content of a private corporate 700+ page wiki from an expensive, full-featured, social collaboration intranet subscription service, over to an Azure hosted private WordPress wiki site. Only the private wiki feature on the previous subscription service was being used & needed, so the reason for the move was to build a private website to house the corporation’s pages of internal knowledge and business documents (wiki), with ease of editing the existing content as well as being able to add more content, operating on the solid, secure Azure Web App Service hosting platform.

Microsoft Azure provides a powerful, secure, reliable, scalable, highly-available, pay-for-what you-use, cost effective cloud platform to build and deploy enterprise-grade WordPress websites with Azure Backup and Azure Blob Storage services. We knew we could have a WordPress website up and running in just a few minutes – but then the challenges of working with WordPress presented!

(more…)

How to Add phpMyadmin Website Extension via Azure Portal

Read all of the other posts in our series on Creating Azure (hosted) WordPress Websites without knowing php or MySql!

To work directly on the MySql database associated with your Azure hosted WordPress website, you need to load the phpMyadmin website extension via the Kudu UI or the Azure Portal. but

We don’t work with MySql,  but having direct access to the MySQL database is helpful if your admin login became corrupted and you were unable to connect to the website! In the phpMyadmin interface, it is a quick fix to add a new admin user to the database and then login to the website again. Lockout averted!

This is a good step-by-step article on How to Add an Admin User to the WordPress Database via MySQL

From the Azure Portal for the website: Development Tools > Extensions > Add > Choose phpMyadmin from the list of extensions > OK

(more…)

Setup Plan for an Azure hosted WordPress public technical Blog

Read all of the other posts in our series on Creating Azure (hosted) WordPress Websites without knowing php or MySql!

WordPress was created in 2003 as a simple platform for quickly creating a blog, using dated posts in categories. The WordPress platform is optimized for blog posts.

Let’s look now at the general and specific steps for setting up a basic WordPress public Technical Blog.

This is the public landing page of a basic WordPress Technical blog using the Divi Theme, customizations and selected plugins mentioned in previous posts:

(more…)

12 Easy Customizations for an Azure hosted WordPress site

Read all of the other posts in our series on Creating Azure (hosted) WordPress Websites without knowing php or MySql!

These are the 12 most common customizations that we use on our WordPress websites.

1. Remove the WP logo from the Admin bar
2. Replace ‘Howdy’ on the Admin bar to ‘Logged in as’
3. Remove the WP Admin Bar and Personal Tool Bar access to Subscribers
4. Disable all automatic theme updates
5. Disable all automatic plugin updates
6. Disable WordPress core Major and Development Updates
7. Customize the WP Login Page
8. Remove the ‘Powered by WordPress’ in the Footer
9. Remove the WP Title’s Tagline ‘Just another WP Site’
10. Set Permalinks to display the post name
11. Set the Time Zone
12. Add custom CSS for Tables to the Child-Theme’s style.css file

(more…)

Adding an Azure Content Delivery Network (CDN) to WordPress website

Read all of the other posts in our series on Creating Azure (hosted) WordPress Websites without knowing php or MySql!

A Content Delivery Network (CDN) service is a network of geographically dispersed servers that have been optimized for distributing cached static files such as images, CSS/JS files and other web app structural components. Website users will receive your website’s cached static content from servers located nearest their geographic location, reducing page load time.

Overview of the Azure Content Delivery Network (CDN):

The Azure Content Delivery Network (CDN) caches static web content at strategically placed locations to provide maximum throughput for delivering content to users. The CDN offers developers a global solution for delivering high-bandwidth content by caching the content at physical nodes across the world.

(more…)

Use Azure’s Advisor To Optimize Your Azure Deployments

Azure’s Advisor is a no-cost, centralized, personalized service giving best practice recommendations for optimizations in 4 categories, for Azure deployments in all of your Azure subscriptions.

Advisor analyzes your resource configuration and usage telemetry and then recommends solutions that can help you improve the cost effectiveness, performance, high availability, and security of your Azure resources.
With Advisor, you can:

  • Get proactive, actionable, and personalized best practices recommendations.
  • Improve the performance, security, and high availability of your resources, as you identify opportunities to reduce your overall Azure spend.
  • Get recommendations with proposed actions inline.   – Azure Advisor Documentation

(more…)

Use Azure Blob Storage as another Disaster Recovery Tool for WordPress site Contents

Read all of the other posts in our series on Creating Azure (hosted) WordPress Websites without knowing php or MySql!

Another level of assuring data safety (WP Pages, Posts, etc.) besides full website backups to Azure Backup and Recovery Web App Servicesince a website can always be rebuilt, but losing data is not an option – is to export a latest copy of the website contents to a ‘safe place’. If necessary, the website WP infrastructure could always be reproduced and the saved website contents imported back in.

The exported copy of the website contents (Posts, Pages, Layouts, Media, etc) can be easily imported into the newly built website. That is, it can be easily imported, as long as the xml file created by the Export Tool is less than 8MG. Even our largest website with over 700 pages, is less than 6 MG, since we do not store media or documents within the website, but use only hyperlinks to an Azure Storage Blob containing the images, documents etc. (Learn about setting up Azure Blob Storage for media & documents in an Azure hosted WP site.)

(more…)

Using Azure App Service’s Backup & Restore for Azure hosted WordPress sites: Part 2: Restore

Read all of the other posts in our series on Creating Azure (hosted) WordPress Websites without knowing php or MySql!

Part 1: Backup a WordPress website

Backups are only as good as a successful, proven restore process. And the Restore process of the Azure App Service for a WordPress (WP) website should to be tested, validated and documented BEFORE disaster recovery is needed!

To demonstrate the ease and effectiveness of the Azure App Service Restore process, we’ve made several simple changes to a staged WordPress website (WP-techblog), changing some back-end WordPress functionality as well as changing website content. We’ll then use the Azure Restore feature to restore to the initial state of the website, i.e. before the changes, in the first manual backup/snapshot captured.

(more…)

Using Azure App Service’s Backup & Restore for Azure hosted WordPress sites: Part 1: Backup

Read all of the other posts in our series on Creating Azure (hosted) WordPress Websites without knowing php or MySql!

Part 2: Azure Web App Service Restore

Azure App Service’s Backup & Restore feature is the easiest, quickest and most reliable way to backup & restore an Azure hosted WordPress website (or any Azure hosted website!) manually or on a configured schedule. The focus of this article is backing up WordPress websites hosted on the Azure platform (PaaS), though the information applies to any website hosted on Azure App Services.

While there are a number of options available for setting up WordPress website backups using plugins or 3rd party companies, Azure App Service provides convenient, accessible, automated and/or manual, Backup and Restore options on Azure S1 Standard App Service Plans and higher. The Restore option works seamlessly and effectively to restore a website when you’ve done something to lock it down, or break access – by overwriting the existing website or restoring to a totally new website. Backups are stored separately in an Azure Blob Storage container for easy access, not adding to the website’s file storage size. (more…)

Azure Stack is an On-Prem Hybrid Cloud Extension of Azure

Azure Stack Shipping September 2017

On July 10, 2017, Mike Neil, Microsoft CVP (Azure Infrastructure and Management) announced that Microsoft Azure Stack would start shipping in September 2017. The Azure Stack GA software was delivered to Microsoft’s hardware partners HPE, Dell EMC, and Lenovo to start the certification process for their integrated systems. You can read Mike Neal’s full blog post here which also covers pricing and ordering.

Here are examples of Azure Stack integrated systems from Microsoft’s hardware launch partners. As you can see from these proof of concept hardware configurations, these Azure Stack integrated systems are running much more than the minimum/recommended hardware specifications.

(more…)

Convert a WordPress blog Internal Storage to using Azure Blob Storage 

Read all of the other posts in our series on Creating Azure (hosted) WordPress Websites without knowing php or MySql!

Problem:

A new WordPress blog site (hosted on Azure PaaS) had become bloated with images uploaded directly to the website’s Media Library after only 20 posts. WordPress automatically adds in 3 versions (various resolutions and a thumbnail) of each image, as do some themes and plugins, so the wp-contents/uploads folder was overloaded by at least 400%! When we needed to move the website to a different location & subscription, the native WordPress ‘Export/Import Contents’ did not work reliably enough for such a large number and size of image files. A website Restore operation doubled the size of the websites next backup. Initially we tried using various WordPress plugins to clean up the bloated mess before doing the website migration, but that didn’t get us far – and caused more problems.

Solution:

Convert the WordPress website to using cloud based storage slimming down and speeding up the website. In this case, we migrated the existing images videos and other website uploads to an Azure Blob Storage container.

(more…)

Transitioning from On-Prem Virtual Machines to More Cost Effective Azure Cloud Models

Transitioning from On-Prem VMs to the Cloud via ‘Lift-and-Shift’

On February 14th, 2017, the last of my company’s physical servers were powered-off and then scheduled to be unracked and boxed for shipping out of the co-location hosting data centre. The physical servers that my company had invested in and setup to power our development, testing, support and client application requirements were no longer needed to run our virtual machines (VMs). We decided to move all of our VM infrastructure to Azure since it was the leading digital-transformation enabler in Canada that could meet all of our technical needs as well as those of our clients.

A VM is a software computer that, like a physical computer, runs an operating system and applications. The VM is comprised of a set of specification and configuration files and is backed by the physical resources of a host computer. Every VM has virtual devices that provide the same functionality as physical hardware and have additional benefits in terms of portability, manageability, and security.

The VM lift-and-shift approach is a common cloud migration path where companies replicate in-house VMs in the cloud with little or no re-design. For a company with a limited number of VMs in a simple configuration, it is generally a fast and relatively straight-forward migration to the cloud. The issues arise when there are complex interactions between multiple VMs and the hosted applications that may require a lot of careful planning and testing of the migration to the cloud. Microsoft has provided migration and planning tools such as the Migration Assessment Tools and Azure Site Recovery (ASR) Deployment Planner.

(more…)

Part 3: Using ‘Windows Azure Storage for WordPress’ Plugin for Hosting Media and Uploads

Read all of the other posts in our series on Creating Azure (hosted) WordPress Websites without knowing php or MySql!

Now, we look at the second Azure Blob Storage option discussed – uploading and accessing images stored in Azure Storage using the Windows Azure Storage for WordPress plugin.

1. Using a Windows Azure account and an Azure subscription, create a Windows Azure Storage account and a Blob container with its Access Policy set to ‘Blob’, which is a public, read-only container. Read how to do that here, steps 1 and 2.

(more…)

Part 2: Setup Azure Blob Storage to work with WordPress

Read all of the other posts in our series on Creating Azure (hosted) WordPress Websites without knowing php or MySql!

This is a 3 Part excerpt from our soon-to-be-released book, “Build Secure WordPress Websites in Azure – without knowing PHP or MySql“.
Part 1: Using Azure Blob Storage to Store and Deliver WordPress Media and Uploads
Part 3: Using ‘Windows Azure Storage for WordPress’ Plugin for Hosting Media and Uploads

1. With an Microsoft account and an Azure subscription, in the Azure Resource Manager (ARM) portal, set up a Storage Account:

(more…)

Use Azure DevTest Labs for Training

One area of Azure that I like to highlight in my conversations with companies as an over-looked digital-transformation enabler is DevTest Labs. Microsoft released Azure DevTest Labs on May 2016 but customers have since found many creative uses for it beyond software development and testing environments. There is no additional cost for the services of DevTest Labs since you are only charged for standard Azure resource consumption such as VMs and storage used in your lab.

(more…)

Create an Azure WordPress Website – Part 7 Build a Child Theme in Kudu

Another post in our series on Creating Azure (hosted) WordPress Websites without knowing php or MySql!

Why Use a Child Theme?

Child Themes are used when you know that you will be customizing and changing the website’s theme. The Child Theme is totally dependent on its parent to be able to work. A Child Theme isn’t a viable entity in itself – it uses everything in the parent theme and then you only modify what functions you want to be different. The Parent Themes files are not changed. In WordPress, when a Theme is updated, which they regularly are, all current customizations are over-written and lost. Using a child theme allows modifications and additions to the functionality of the parent theme, without modifying the parent theme’s code files directly. Updating the parent theme is easy and doesn’t erase any customizations. Plus, you can always revert back to the parent theme if you inadvertently break the child theme.

Note that using the Divi theme, a child theme is not required since there is a Custom CSS option built into the theme that will not be overwritten during theme updates.

How to Build a Child Theme:

From the Codex of WordPress.Org:

(more…)

Part 1: Using Azure Blob Storage to Store and Deliver WordPress Media and Uploads

Read all of the other posts in our series on Creating Azure (hosted) WordPress Websites without knowing php or MySql!

This is the first of a 3 Part excerpt from our soon-to-be-released book, “Build Secure WordPress Websites in Azure – without knowing PHP or MySql“.
Part 2: Setup Azure Blob Storage to work with WordPress
Part 3: Using ‘Windows Azure Storage for WordPress’ Plugin for Hosting Media and Uploads

Problem: Uploaded media and uploads to the WordPress Media Library are unorganized, difficult to find to re-use or edit & overload website storage

Blogs need images and videos.

(more…)

Create an Azure WordPress Website – Part 6 Configuration & Themes

Another post in our series on Creating Azure (hosted) WordPress Websites without knowing php or MySql!

Configuration Overview

This is the sequence of customizations we will use to configure a WordPress website hosted on Microsoft Azure, regardless of the website’s final purpose:

  • Choose and upload a WordPress Theme which is the website’s front-end design package
  • Create and install a Child Theme of the chosen Theme
  • Setup the website’s backup/restore process on Azure so you can always go back a step if you’ve broken something causing the website to not load or lock you out. It’s important to test and ensure the Restore process is successful BEFORE its necessary.
  • Setup Email sending via SMTP
  • Setup the website’s Security
  • Customizations of some of the WordPress default features
  • Installing and configuring ‘general’ and then specific plugins for website’s end use

(more…)

Create an Azure WordPress Website – Part 5 Force HTTPS via Azure’s KUDU UI

Another post in our series on Creating Azure (hosted) WordPress Websites without knowing php or MySql!

To force the new WordPress website to resolve only to HTTPS, it is necessary to access the web.config file of the website, and add in an URL Rewrite Rule.

How do we quickly access the web.config file in an Azure hosted WordPress site?

Every Azure App Service (website) has an associated ‘scm’ service website or a Site Extension named Kudu created for your website . It is accessed by using the Source Control Management entry point https://<site-name>.scm.azurewebsites.net. NOTE: The custom domain name will not resolve with the scm modification to its URL – you must use the original *.azurewebsites.net DNS name to access Kudu. In our case, the https://tech-blog.scm.alvarnet.com will NOT work…we must use https://tech-blog.azurewebsites.net to access Kudu.

Kudu can also be accessed via the Azure Resource Manager (ARM) for your Azure website under Settings > Development Tools > Advanced Tools > Go > Read more about Kudu here.

(more…)

Create an Azure WordPress Website – Part 2 Add A Custom Domain Name

Another post in our series on Creating Azure (hosted) WordPress Websites without knowing php or MySql!

In the Overview blade, the URL of the new azure hosted WordPress website  is http://wp-techblog.azurewebsites.net.

Now we’ll add a custom domain so that the website will resolve to: http://techblog.alvarnet.com instead of using the azurewebsites.net domain.

Settings > Custom Domain blade > Hostnames > Add hostname

(more…)

Create an Azure WordPress Website – Introduction

The introduction post in our series on Creating Azure (hosted) WordPress Websites without knowing php or MySql!

  • Do you need to set up a blog, quickly and cost effectively?
  • Do you need to build a private ‘page-centric’ wiki or a public support site?
  • Are you not conversant in PHP or MySQL or the security vulnerabilities of an ‘out-of-the-box’ WordPress website?
  • Are you looking into new WordPress cloud hosting options?

We’ve found the answers for you!

     

Microsoft Azure provides a powerful, secure, reliable, scalable, highly-available, pay-for-what you-use, cost effective cloud platform to build and deploy enterprise-grade WordPress websites with Azure Backup and Azure Blob Storage services. You can have a WordPress website up and running in just a few minutes.

While setting up the WordPress installation on Azure is straight forward, guidance for building out the rest of a functional WordPress website setup is less structured and not clearly documented for those of us not familiar with WordPress, Php and MySql development. There IS an almost overwhelming amount of WordPress configuration information available online, but it takes a lot of time to sift through even one topic to find what will work optimally for what you are trying to build.

In our case, we started with building a public technical blog on WordPress from Azure Marketplace – that was hacked with an additional 25 webpages, and persistent invasive code, within the first month! That moved us into researching & implementing security hardening of a WordPress site, Azure backup and restoration options. (more…)

On-Premise Data Synchronization to Azure Blob Storage

Azure Binary Large Objects (i.e. Blobs) Storage is a cloud storage service that is durable, available, and scalable that serves a variety of purposes. Microsoft describes it as massively-scalable object storage for unstructured data on their microsite devoted to Blob storage. There are many reasons why you should consider using Blob storage. Perhaps you want to share files with clients or off-load some of the static content from your web servers to reduce the load on them.

Microsoft has several partners that provide tools and expertise to use Azure Blob Storage effectively. Some of these partners are highlighted on the Microsoft microsite devoted to Blob Storage as displayed below.

(more…)

Using Microsoft Azure Storage Explorer (MASE)

Microsoft Azure Storage Explorer (MASE) is a standalone app from Microsoft that allows you to easily work locally with Azure Storage data.

This free Azure tool from Microsoft can be installed locally on a client machine or remotely in on-premise or Azure VMs, for access on that machine to Azure Storage Accounts using:

  • the Azure Storage account name and an Azure generated access key
  • or SAS URI for Storage Accounts

This gives access to Azure Blob, Queue, Tables and File Shares Storage containers and contents without having to sign in to the Microsoft Azure Portal.

NOTE: MASE works for ARM and for Classic Storage Accounts; there are MAC, Windows and Linux versions for download.

(more…)

Enforce HTTPS on Azure Web App

For this example, the Azure web app has:

Enforcing HTTPS will redirect the HTTP, so web app users will always end up at the HTTPS site. This will be done be defining a rewrite rule in the web.config file for the web app.
(more…)

Bind a custom SSL Certificate to an Azure Web App

For this example of applying an SSL certificate:

  • The web app has a custom domain applied that points to the Azure app. Read here for how to set up a custom domain for an Azure app.
  • The web app is running in Basic 1 Tier (pricing/features)
  • The SSL certificate has been purchased from a trusted certificate authority (CA), and is a wildcard certificate for use on multiple different domain websites on multiple servers, saved in .pfx format.

1.In Azure Portal > specific Web App > Settings > SSL certificates > Upload Certificate

(more…)

Resizing Azure VMs

An Azure (ARM) VM can conveniently be resized, up or down, while it is running, while stopped or while stopped(deallocated). To resize the OS or Data disk, however, the VM must be be stopped(deallocated).

In the following example, a VM was first resized up to a D2_V2 Standard machine from a Basic A2 machine, while it was Stopped (deallocated)

Then, it was resized back down to a Basic A2 machine. NOTE: This could have been accomplished while the machine was running also.

VM > Overview > Size > Choose a Size > Select

(more…)

Moving an Azure Web App Between Subscriptions

Sometimes, it may be necessary for management or billing processes, to move an Azure Web App or other Azure Resources between Azure Subscriptions. It is simple process that can be done in Azure Portal.

In this example, we will move the ‘alvarnetwww’ App Service Plan and App Service to a different Subscription and Resource Group ‘AlvarnetWWW’ (in same GeoLocation) .

1. In the Essentials blade of the source Resource Group ‘alvarnetwww’, click on the Subscription name > change.

(more…)

Publish Website to Azure using One-Drive

1. Sign in to the desired OneDrive account to be used for website deployment in a different browser window than for Azure Portal.

2. Azure Portal > Web App > Deployment Options > Choose OneDrive from various options

3. Authorize and go thru the steps to give permission to Azure Web Services to connect to OneDrive account.

4. This will create a Files > Apps > Azure Web Apps folder in the OneDrive root, and then the new web app goes into a subfolder under that.

(more…)

Use CloudBerry Drive to create a local mapped network drive to Azure Blob Storage

Use CloudBerry Drive to create a local mapped network drive directly to a Microsoft Azure Blob Storage account. This way, files in the Azure Blob Storage can be directly worked on from Windows Explorer and are accessible by other applications that can read mapped drives. Folders and files can be dragged and dropped to the mapped network drive and instantly saved in the Azure Blob Storage container without having to directly access the Azure Portal.

“Using CloudBerry Drive, you can mount your Microsoft Azure account as a network drive to your Windows computer and use it just like any other hard drive.” –CloudBerryLab.com

These instructions assume that a Microsoft Azure Blob Storage Account has already been created. Retrieve the Azure Blob Storage Acccount name and an access key, for use in configuring CloudBerry Drive on a local client machine. We found this very simple to install and it worked seamlessly with Azure Blob Storage.

(more…)

Cloud Database: Creating an Azure SQL Logical Server

To setup Azure SQL Database, first there needs to be a logical server created that the database(s) will reside on. Then from within SQL Server Management Studio (SSMS), either from within the Azure Portal or from a remote machine with SSMS and a registered IP address, the database(s) can be created.

Create a SQL server (logical server)

1.In Marketplace, add ‘SQL Server (logical’ into the search bar and select beginning the setup process that Azure leads through.

(more…)

VM Stopped but still incurring Compute Charges in Azure

This warning will be shown on the Azure portal for the Azure VM, if the VM was only shut down from within the VM via the RDP session. The second step to totally shut down the VM, is to go to the Azure portal and choose the Stop option at the top of the Essentials blade or use PowerShell to stop the machine. This will deallocate the VM, and incur no more compute charges.

(more…)

Using Azure File Storage and FileVista (web-based file manager)

The client company is in the process of moving fully to Azure from their physical servers hosted in datacentres. Their favoured web-based file manager GleamTech’s FileVista cannot yet be hosted as an Azure App Service. Until it can be hosted as an Azure App Service, an Azure VM is required to host FileVista. FileVista, ver 7.6+, is able to connect to mapped networks drive via SMB 3.0 to root folders of company data sitting in Azure File Storage. (FileVista does also connect easily to Azure SQL database, but in this case, an Azure WS2016 VM with SQL Server Express and IIS installed is the hosting plan.)

In a previous blog, we noted that remote users of the company were unable to connect from their W10 laptops, into Azure File Storage services, because their ISPs were blocking Port 445, required for SMB 3.0 transmission. FileVista web-based file manager to the rescue!

Overview:

  1. Create an Azure WS2016 VM with SQL Express (and SSMS) with 1 additional attached data disk; with a Static IP address & Network Security Group Inbound Rules for HTTP & HTTPS.  RDP into the VM to add IIS Role and features; add Inbound & Outbound Port 80 & 443 in Windows Firewall.
  2. Install, configure & customize FileVista, after creating the new website.

(more…)

Connect to Azure File Storage – Error 80070043 – Port 445 – Network name cannot be found

Problem:

While trying to create a mapped network drive on a local Windows 10 (W10) client machine to Azure File Storage service, we got the ‘Error 8007003 – Network cannot be found‘ consistently when using Windows “Map network drive…” functionality. When using the net use command in an elevated Command Prompt, the ‘System Error 67 has occurred. The network name cannot be found‘ error occurred.

(more…)

Provision an Azure 2016 Webserver (Single Tier)

‘Single Tier webserver’ is a VM with both IIS and SQL Server on the same machine, which is adequate for a development environment.

Azure provides Windows images with the latest updated versions of SQL Server or SQL Express and SQL Server Maintenance Studio already installed. These pre-installations are a great time saver, to not have to download the SQL Server software and then go through the extensive installation and update process. The VM will also have an additional attached data drive installed with folders linked for SQL user databases. All that is required is to enable the sys admin (sa) account (optional).

  1. Build Azure VM
  2. Setup SSMS
  3. Install IIS and Firewall Rule for HTTP, HTTPS
  4. Import and install SSL certificate

1. Build VM in Azure Portal:

Marketplace > type in SQL Server Express to find the image options available and select the one with SQL Server  SP1 and WS2016

(more…)

Backing Up Azure File Storage to Azure Blob Storage

We are using Azure File Storage for keeping day to day company data and wanted to have that data backed up to an Azure Blob Storage as a safe repository. We are currently backing up Azure File Storage Data to Azure Blob Storage Data using a 3rd Party file backup and synchronization tool, GoodSync.

While Good Sync cannot yet connect directly to Azure File Storage, it does connect quickly and securely to Azure Blob Storage. GoodSync also connects easily to mapped network drives – and Azure File Storage containers can be set up as local SMB3 file shares on a machine that can access the Azure File Storage account.

(more…)

Transitioning from Private Cloud to Azure Cloud

In transitioning from using physical hosts with Windows 2012R2 Hypervisor located in co-location datacentres, to using Azure cloud only, we were required to look for Microsoft & 3rd party tools to make the transition: more cost efficient, easy to continue established work flow with only minor adjustments for users, and have minimal infrastructure responsibilities for IT. While many of the following pages of how-to’s can also be done more efficiently with PowerShell and Automation, the focus of this series of articles is on using the Azure Portal (ARM) GUI, for ease of client use.

(more…)