Azure VNET gateway: basic, standard and high performance

23rd of July, 2015 / / 6 Comments

Originally posted @ Lucian.Blog. Follow Lucian on twitter @Lucianfrango.

I’ve been working a lot with Azure virtual network (VNET) virtual private network (VPN) gateways of late. The project I’m working on at the moment requires two sites to connect to a multi-site dynamic routing VPN gateway in Azure. This is for redundancy when connecting to the Azure cloud as there is a dedicated link between the two branch sites.

Setting up a multi-site VPN is a relatively streamlined process and Matt Davies has written a great article on how to run through that process via the Azure portal on the Kloud blog.

Read More

ADFS sign-in error: “An error occurred. Contact your administrator for more information.”

22nd of July, 2015 / / 4 Comments

Originally posted @ Lucian.Blog. Follow Lucian on twitter @Lucianfrango.

I’ve not had that much luck deploying Azure AD Connect and ADFS 3.0 in Azure for a client in the last few weeks. After some networking woes I’ve moved onto the server provisioning and again got stuck. Now, I know IT is not meant to be easy otherwise there wouldn’t be some of the salaries paid out to the best and brightest, this install though was simple and nothing out of the ordinary. A standard deployment that I and many others have done before.

Let me paint the picture: ADFS is now running, although not working, in Azure compute across a load balanced set of two servers with a further load balanced set of web application proxy (WAP) servers in front. Theres two domain controllers and a AAD Connect server all across a couple of subnets in a VNET.

Read More

Azure AD Connect: Connect Service error “stopped-extension-dll-exception”

21st of July, 2015 / / 8 Comments

Originally posted @ Lucian.Blog. Follow Lucian on twitter @Lucianfrango.

I was rather stuck the other day. Azure AD Connect provisioning has not been the smoothest of installs even following the wizard and successfully completing the mostly automated process. Azure AD Connect has built upon the previous generation sync services and, from what I’ve read, isn’t much of a new app, rather a version upgrade and re-name from the AADSync service still (as of July 2015) the default for Office 365 directory replication from on-premises to Azure AD.

Past versions and previous generation aside, a now generally available app should feature a working and thoroughly tested feature set. Should…

Read More

How to provision Azure Active Directory Connect

20th of July, 2015 / / 33 Comments

Originally posted @ Lucian.Blog

Time flies when you’re connecting to Azure AD. Late last month Microsoft announced that Azure AD Connect is now generally available. At the time of writing this, the synchronisation app itself still isn’t the default sync standard for Azure and obtaining the installer requires a quick Google. Since I’m deploying it for a client, I thought I’d run through the install process for future reference.

AADConnect provides allot of new functionality like for example this new fandangled ADDS password sync. In this scenario I’m keeping federation services, so ADFS will be deployed, which is more aligned with the previous or most common enterprise identity design.

This is going to be a long blog post with allot of screen shots (you’re welcome) on how to deploy Azure AD Connect. I’ll be going though the wizard process which will follow the automated process to deploy AADConnect, ADFS and ADFS WAP servers- pretty cool indeed.

At the moment AADConnect still isn’t the standard synchronisation service for Office 365 or Azure AD and requires download from the Microsoft Download Centre. To begin with, I’ve downloaded the AADConnect installer from this location.

Read More

Azure ExpressRoute in Australia via Equinix Cloud Exchange

1st of July, 2015 / / 4 Comments

Microsoft Azure ExpressRoute provides dedicated, private circuits between your WAN or datacentre and private networks you build in the Microsoft Azure public cloud. There are two types of ExpressRoute connections – Network (NSP) based and Exchange (IXP) based with each allowing us to extend our infrastructure by providing connectivity that is:

  • Private: the circuit is isolated using industry-standard VLANs – the traffic never traverses the public Internet when connecting to Azure VNETs and, when using the public peer, even Azure services with public endpoints such as Storage and Azure SQL Database.
[Keep reading] “Azure ExpressRoute in Australia via Equinix Cloud Exchange”

Azure MFA Server – International Deployment

1st of July, 2015 / / 2 Comments

Hi all – this blog will cover off some information to assist with multilingual/international deployment of Azure MFA server. There are some nuances of the product that make ongoing management of language preferences a little challenging. Also some MFA Methods are preferable to others in international scenarios due to carrier variances.

Language Preferences

Ideally when a user is on-boarded, their language preferences for the various MFA Methods should be configured to their native language. This can easily be achieved using MFA Server, however there are some things to know:

  1. Language settings are defined in in Synchronisation Items.
[Keep reading] “Azure MFA Server – International Deployment”

Azure Internal Load Balancing – Setting Distribution Mode

23rd of June, 2015 / / 3 Comments

I’m going to start by saying that I totally missed that the setting of distribution mode on Azure’s Internal Load Balancer (ILB) service is possible. This is mostly because you don’t set the distribution mode at the ILB level – you set it at the Endpoint level (which in hindsight makes sense because that’s how you do it for the public load balancing too).

There is an excellent blog on the Azure site that covers distribution modes for public load balancing and the good news is that they also apply to internal load balancing as well.… [Keep reading] “Azure Internal Load Balancing – Setting Distribution Mode”

Hybrid Exchange Connectivity with Azure Traffic Manager

31st of March, 2015 / / 3 Comments

Does your exchange hybrid architecture need to have redundancy? How about an active/passive solution using Azure Traffic Manager elimating the need for a HLB device in your DMZ.

Currently there is a few topologies for configuring Hybrid Exchange with Office 365;

  1. Single Hybrid Server
  2. 2+ Hybrid Server behind a load balancer
  3. 2+ Hybrid Server with DNS round robin

A simple solution to make a redundant Hybrid Exchange design without using a HLB is to leverage Azure Traffic Manager to monitor and service the DNS namespace configured in on-premises Exchange and Office 365 configuration.… [Keep reading] “Hybrid Exchange Connectivity with Azure Traffic Manager”

Migrating Sitecore 7.0 to Azure IaaS Virtual Machines – Part 1

26th of March, 2015 / / 1 Comment

INTRODUCTION

Recently, I had the opportunity of working on a Sitecore migration project. I was tasked with moving a third-party hosted Sitecore 7.0 instance to Azure IaaS. The task sounds simple enough but if only life was that simple. A new requirement was to improve upon the existing infrastructure by making the new Sitecore environment highly available and the fun begins right there.

To give some context, the CURRENT Sitecore environment is not highly available and has the following server topology:

  • Single Sitecore Content Delivery (CD) Instance
  • Single Sitecore Content Management (CM) Instance
  • Single SQL Server 2008 Instance for Sitecore Content and Configurations
  • Single SQL Server 2008 Instance for Sitecore Analytics

The NEW Sitecore Azure environment is highly available and has the following server topology:

  • Load-balanced Sitecore CD Instances (2 servers)
  • Single Sitecore CM Instance (single server)
  • SQL Server 2012 AlwaysOn Availability Group (AAG) for Sitecore Content (2 servers)
  • SQL Server 2012 AlwaysOn Availability Group (AAG) for Sitecore Analytics (2 servers)

In this tutorial I will walk you through the processes required to provision a brand new Azure environment and migrate Sitecore.… [Keep reading] “Migrating Sitecore 7.0 to Azure IaaS Virtual Machines – Part 1”

Hands Free VM Management with Azure Automation and Resource Manager – Part 2

17th of March, 2015 / / 3 Comments

In this two part series, I am looking at how we can leverage Azure Automation and Azure Resource Manager to schedule the shutting down of tagged Virtual Machines in Microsoft Azure.

  • In Part 1 we walked through tagging resources using the Azure Resource Manager PowerShell module
  • In Part 2 we will setup Azure Automation to schedule a runbook to execute nightly and shutdown tagged resources.

Azure Automation Runbook

At the time of writing, the tooling support around Azure Automation can be politely described as a hybrid one.… [Keep reading] “Hands Free VM Management with Azure Automation and Resource Manager – Part 2”