microsoft azure – A Geeks World

How to set DPM Azure Throttling with Powershell

When you set the System Center DPM setting for Azure throttling via GUI, you have to do the full wizard and also enter the azure passphrase to save the settings.

If you happen to not have the key handy or for some other reason want to do it via Powershell, here is the command.

$Cloud = get-DPMCloudSubscriptionSetting
$Cloud.ThrottlingSetting
Set-DPMCloudSubscriptionSetting -WorkDay Monday, Tuesday, Wednesday, Thursday, Friday -StartWorkHour "07:00:00" -EndWorkHour "19:00:00" -WorkHourBandwidth (256*1024) -NonWorkHourBandwidth (1024*1024*500) -SubscriptionSetting $Cloud 
Set-DPMCloudSubscriptionSetting -SubscriptionSetting $Cloud -Commit -Verbose
(get-DPMCloudSubscriptionSetting).ThrottlingSetting

$Cloud = get-DPMCloudSubscriptionSetting

$Cloud.ThrottlingSetting

Set-DPMCloudSubscriptionSetting -WorkDay Monday, Tuesday, Wednesday, Thursday, Friday -StartWorkHour "07:00:00" -EndWorkHour "19:00:00" -WorkHourBandwidth (256*1024) -NonWorkHourBandwidth (1024*1024*500) -SubscriptionSetting $Cloud

Set-DPMCloudSubscriptionSetting -SubscriptionSetting $Cloud -Commit -Verbose

(get-DPMCloudSubscriptionSetting).ThrottlingSetting

Easy as that, but I couldn’t find any examples on Microsoft Docs, just how to disable throttling. The script sets the settings as in the screenshot above, you might want to adjust the bandwidth etc, it’s defined in bits.

Using Azure DNS for Dynamic DNS with PowerShell

I’ve been using DynDNS and other Free DNS Services for some time, but as they are getting harder and harder to use for free. Like you need to remember to logon and click a button once a month and what not. I figured it was time to migrate to Azure DNS instead. Being able to use PowerShell to handle my DNS together with everything I’ve already automated makes my life so much easier. And as I’ve already got a couple of domains and some Azure subscriptions there was more or less no increased cost for me. As you can see in the picture, Azure DNS Pricing is really cheap.

I’ve used Task Scheduler to scheduled the script below to run at Computer Startup on one of my Hyper-V Hosts at home, and then every hour. That guarantees that if there is a power failure and I get a new IP from my ISP, when the server boots, the external DNS pointers will be updated at once and just to be sure check every hour.

In short, the script checks your External IP and compares that to the IP of the hostname you want updated. If they are not identical, it will logon to Azure and update the hostname with your current IP.
Simple as that.

In my case, I’ve setup a UserName in AzureDNS who has access to just that DNSZone and are using that UserName in the script.

# Author Markus Lassfolk @ TrueSec 
# www.isolation.se   
# with some 'inspiration' from other scripts. 
#
# You need to have AzureRM modules installed to run this script
# https://docs.microsoft.com/en-us/powershell/azure/install-azurerm-ps
# install-module AzureRM 
#
# Set your ZoneInfo and Azure settings 
$ZoneName = "isolation.se"
$HostName = "home" 

$azurelogin ="username@azureAD.onmicrosoft.com"
$azurepassword = "password"
$azureResourceGroup = "ResourceGroup"


# Don't modify below this
#
Import-Module AzureRM 
Import-Module AzureRM.Dns 

function get-myexternalip() {   
    $urls = "http://whatismyip.akamai.com",  
            "http://b10m.swal.org/cgi-bin/whatsmyip.cgi?just-ip",  
            "http://icanhazip.com",  
            "http://www.whatismyip.org/"; 
 
           $RxIP = "(\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})"; 
           $ip = "Unknown"; 
           Foreach ($address in $urls) { 
               try { 
                    $temp = wget $address; 
                    $www_content = $temp.Content; 
                    if ( $www_content -match $RxIP ) { 
                        $ip = ([regex]($rxip)).match($www_content).Value 
                        break 
                    } 
               } catch { continue } 
           } 
    return $ip 
}
 

# Set the expected IP Address. Obtain this from a DNS query or set it statically.
$EI = [System.Net.Dns]::GetHostAddresses($HostName +"."+ $ZoneName) | Select-Object -ExpandProperty IPAddressToString

# Obtain the IP Address of the Internet connection.
$CheckNetwork = Test-NetConnection -CommonTCPPort HTTP freegeoip.net
if ($CheckNetwork.TcpTestSucceeded -eq $True) { 
    $ExternalIP = get-myexternalip
$IP = $ExternalIP


# If the external IP is not the same as for the HostName 
If ($IP -ne $EI) {

    $accountName = $azurelogin
    $password = ConvertTo-SecureString $azurepassword -AsPlainText -Force
    $credential = New-Object System.Management.Automation.PSCredential($accountName, $password)

    # Login to Azure
    Login-AzureRmAccount -Credential $credential 
    Select-AzureRmSubscription -SubscriptionObject $(Get-AzureRmSubscription)

    # Set IP for the HostName 
    New-AzureRmDnsRecordSet -Name $HostName -RecordType A -ZoneName $ZoneName -ResourceGroupName $azureResourceGroup -Ttl 600 -DnsRecords (New-AzureRmDnsRecordConfig -IPv4Address "$($IP)") -Overwrite -Confirm:$false

}
Else {
    Write-Output "Dynamic address ($IP) and DNS address ($EI) match."
}

}

# Author Markus Lassfolk @ TrueSec

# www.isolation.se

# with some 'inspiration' from other scripts.

# You need to have AzureRM modules installed to run this script

# https://docs.microsoft.com/en-us/powershell/azure/install-azurerm-ps

# install-module AzureRM

# Set your ZoneInfo and Azure settings

$ZoneName = "isolation.se"

$HostName = "home"

$azurelogin ="username@azureAD.onmicrosoft.com"

$azurepassword = "password"

$azureResourceGroup = "ResourceGroup"

# Don't modify below this

Import-Module AzureRM

Import-Module AzureRM.Dns

function get-myexternalip() {

$urls = "http://whatismyip.akamai.com",

"http://b10m.swal.org/cgi-bin/whatsmyip.cgi?just-ip",

"http://icanhazip.com",

"http://www.whatismyip.org/";

$RxIP = "(\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})";

$ip = "Unknown";

Foreach ($address in $urls) {

try {

$temp = wget $address;

$www_content = $temp.Content;

if ( $www_content -match $RxIP ) {

$ip = ([regex]($rxip)).match($www_content).Value

break

}

} catch { continue }

}

return $ip

}

# Set the expected IP Address. Obtain this from a DNS query or set it statically.

$EI = [System.Net.Dns]::GetHostAddresses($HostName +"."+ $ZoneName) | Select-Object -ExpandProperty IPAddressToString

# Obtain the IP Address of the Internet connection.

$CheckNetwork = Test-NetConnection -CommonTCPPort HTTP freegeoip.net

if ($CheckNetwork.TcpTestSucceeded -eq $True) {

$ExternalIP = get-myexternalip

$IP = $ExternalIP

# If the external IP is not the same as for the HostName

If ($IP -ne $EI) {

$accountName = $azurelogin

$password = ConvertTo-SecureString $azurepassword -AsPlainText -Force

$credential = New-Object System.Management.Automation.PSCredential($accountName, $password)

# Login to Azure

Select-AzureRmSubscription -SubscriptionObject $(Get-AzureRmSubscription)

# Set IP for the HostName

New-AzureRmDnsRecordSet -Name $HostName -RecordType A -ZoneName $ZoneName -ResourceGroupName $azureResourceGroup -Ttl 600 -DnsRecords (New-AzureRmDnsRecordConfig -IPv4Address "$($IP)") -Overwrite -Confirm:$false

}

Else {

Write-Output "Dynamic address ($IP) and DNS address ($EI) match."

}

You obviously need to migrate an existing or register a new DNS Zone to Azure and use Microsoft’s NameServers for this to work.

Semi-Automatic Hotfix import into WSUS

One of my blogreaders, Andreas Fjellner, came up with a way to make the import of hotfixes a bit faster than copy and paste.

You can download a XML file with all the Hotfixes I’ve got imported so you don’t have to do a findstr or excel filtering from the previous blogpost, the XML file contains the same list as shown here List of Private Cloud related Hotfixes – 2016-02-03

Download: XML File (notice the Download button at the top so you don’t have to copy and paste). Save the file as c:\temp\details.xml on your WSUS Server and then run this script;

$url = (Import-Clixml C:\temp\details.xml).MUUri  

$pauseOn = "21","41","61","81","101","121","141"
 
$i = 0
foreach ($u in $url) {
$i++
If ($i -in $pauseOn) {
    Write-Host "Import hotfixes before continue, then press Y"
    $continue = Read-Host
    If ($continue -ne "Y") {exit}
    }
    $i
    & 'C:\Program Files\Internet Explorer\iexplore.exe' $u
}

$url = (Import-Clixml C:\temp\details.xml).MUUri

$pauseOn = "21","41","61","81","101","121","141"

$i = 0

foreach ($u in $url) {

$i++

If ($i -in $pauseOn) {

Write-Host "Import hotfixes before continue, then press Y"

$continue = Read-Host

If ($continue -ne "Y") {exit}

}

& 'C:\Program Files\Internet Explorer\iexplore.exe' $u

}

It will spawn one internet explorer for each Hotfix with the correct URL. Just click ADD to basket. Close the IE Window and pick the next window.
When you are done with the first batch of 20 hotfixes, use the “Import updates” link as described here: Importing Hotfixes and Drivers directly into WSUS and you will now be able to import all hotfixes into your WSUS. And now press Y in the powershell window to take the next batch of hotfixes. Repeat until done.

Another way is to use AutoIT to make a script that moves the mouse and clicks on the right place doing the import semi-automatic, as another blogreader pointed out. There is always a way!

Geek Week – Building Datacenter and Private Cloud

Yours truly and @mikael_nystrom are teaching a 5 day training called “Geek Week – Building Datacenter and Private Cloud“.
It’s a quite cool concept, where we are always at least 2 teachers (Mike and me, and sometimes members from our team) with a lot of real-life experience, teaching students how to build a Software Defined Private Cloud/Datacenter on Microsoft Technology in just 5 days. We have been doing this training about 4 times so far and each time got top score !

The training is covering things like; Software Defined Storage, Networking Compute, Bare Metal Deployment, SCVMM, SCOM, SCOR, Powershell(!), Azure Pack, Backup/Restore, Operational Insight, AD Design for your Fabric, GPO’s, Patch Management and a lot more!

So instead of just learning one product, you will learn the full stack, the concept, how to design, build and of course manage it.

We’ve made a short promo video with details here:

https://youtu.be/_PjRHv84VgM

You will of course also keep the Lab Server and all the scripts!
We are both staying at the same hotel as the students, so you will have – almost 24h access to our knowledge, experience and brains during breakfast, daytime and in the bar in the evenings, Sunday-Friday.

We have delivered the training only in Sweden so far, due to the huge hardware requirements, but have had participants from several other countries, including students from US (and doing the training in English than).

Unfortunately, for you but great for us, the next training in October, is SOLD OUT!
The next opportunity will probably be in February or March in Sweden, so talk to your manager and sign up while there are seats left.
http://www.labcenter.se/Labs#!lab=Geek_Week_-_Building_Datacenter_and_Private_Cloud (Unfortunately only in Swedish)

Send me a mail if you have any questions: markus . lassfolk at truesec . se

Moving your WordPress site running in Microsoft Azure to Azure Pack

Drum Roll please ….

I’ve now moved my blog from Microsoft Azure to our own Private Cloud running on Windows Azure Pack! Hurray!

It was a really smooth transition, involving a couple of very easy steps to maintain all blogposts, media and comments.

Provision a new WordPress Blog in Azure Pack.
Login to WordPress to finish the installation.
Upgrade WordPress (to the same version as your old wordpress site).
Add the same Themes as on your old site.
Install WP Clone plugin (free) on both the old and the new wordpress site.
On the old blog, use the WP Clone plugin to make a Backup. When it’s done, you will get a URL, save that.
On the new blog, use the WP Clone plugin to import the Backup from the URL you got in the previous step.
In the new site, update your sites URL’s. In my case, I chanced isolation.labcenteronline.com to www.isolation.se.
Update your DNS points, to point to your private cloud url (in my case, isolation.labcenteronline.com).
Done!