Monday, October 19, 2015

Azure AD As A Service

FINALLY, the news has broken about the new AD as a Service (ADAS for lack of a better acronym). I've known about this for some time, and have been eagerly awaiting the ability to comment. My immediate reaction is highly positive – it's a major missing bit of the Azure story. Azure customers I talk to want total flexibility in where to deploy servers – and often that means deploying them near to a DC/GC to handle authentication and other tasks. And while Azure AD was a nice feature to front end MS's Sass offerings, it really did not provide all the necessary features (not least of which are machine accounts, GPOs and of course OUs, the ability to support NTLM authentication and others).

But all that's changed – and we now have a fully fledged Active Directory cloud service. Like most  of Azure, you pay for this service based on usage. Depending on the size of your deployment you'll pay anywhere from $US 37/month (for up to 5000 total AD objects) to $Us 297.60/month for up to 100,000 objects. A forth tier (more than 100,000 objects) is available but no pacing has been announced for this tier. During the current preview period, only the mid tier 5000 to 25,000 objects) is offered a a half price rate of $US 74.40/month.

There are two blog articles on the AD Team Blog which describe things in more detail. – you can see both  at:

This is a big new feature of Azure and I really look forward to seeing it in operation!

Tuesday, September 15, 2015

Announcing: PowerShell PowerCamp – Oct 17-18 – London

I am pleased to announce another PowerShell PowerCamp for October 17-18th. To be held at Microsoft Victoria (Cardinal Place) London over the weekend. This is a lecture only 2-day boot camp covering the key aspects of PowerShell. Read on for more details.

What is A PowerShell PowerCamp?
PowerCamp is a fast paced weekend training event that covers all the basic aspects of Windows PowerShell - from the command line to writing production-oriented scripts. We start with the basics including configuration, formatting and providers and remoting and jobs. Then, on day 2, we look at scripting, work flows, managing script libraries using modules, WMI/CIM,  using objects, and PowerShell in Windows. The event concludes with a look at the new Desired State Configuration and other features in PowerShell 4 and 5. If time permits, we'll also take a quick glimpse at PowerShell in Server 2016, including Nano Server.

The PowerCamp event is a combination of lecture, demonstrations plus Q&A, with the opportunity to type along with the tutor. There are no formal labs. But key demos are provided along with the slides, plus a wealth of other add on material on a memory stick you get at the start of day 1. So bring along your laptop, and type away.

What is the Agenda?
The event happens over the Weekend of October 17th and 18th 2015. We start each day promptly at 9:00 and finish no later than 17:00.

Day 1 – The Basics

  • PowerShell Fundamentals – starting with the key elements of PowerShell (Cmdlets, Objects and the Pipeline) plus installation, setup, and profiles
  • What’s new in v5 – this looks at the things specifically added into PowerShell v5.
  • Formatting – how to format output nicely – both by default and using hash tables and display XML
  • Providers – getting into underlying OS data stores (certificate store, AD, registry, etc.) via providers
  • Remoting– working with remote systems using PowerShell’s remoting capabilities

Day 2 – Diving Deeper
  • Scripting Concepts – automating everyday tasks including PowerShell’s language constructs, error handling and debugging and workflows
  • Modules – managing PowerShell script libraries in the enterprise
  • Using .Net, COM, WMI and CIM objects – working with various kinds of objects
  • PowerShell in Windows – a look at what’s there and how you can leverage the huge number of cmdlets
  • PowerShell Desired State Configuration – this final module looks at PowerShell’s Desired State Configuration tool and what you can do with it.
  • A quick peek at Server 2016, including nanoserver.

What Does It Cost?
The cost is £225 (+VAT at the prevailing rate) for the weekend. Meals and accommodation are not covered.

Where Is The Event Going To Take Place?
The PowerShell PowerCamp is being held at Microsoft Cardinal Place, 100 Victoria Street in Victoria over the weekend of October 17/18 2015. Each day starts promptly at 09:00 and finishes up by 17:00. We’ll also take short break throughout the day, including a 1-hour lunch break on both days. The location is close to Victoria Station (railway and underground) with a wealth of lunch places and, if overnight accommodation is required, a range of hotels.

Who Should Attend?
Everyone who needs to learn more about PowerShell! PowerCamp starts from the beginning and we cover as much ground as possible in the two days available. In previous PowerCamp events, attendees have ranged from beginners to more advanced. Beginners benefit from a complete explanation of PowerShell, while more advanced user learn new tips and tricks to advance their usage of PowerShell. We've had several people attend more than once!

After Saturday’s session, attendees are invited to a small nearby public house for some lovely English ale and networking with each other!

Who is the tutor?
The PowerShell Weekend PowerCamp is delivered by Thomas Lee, a 17-time MVP award winner. Thomas has been involved in the PowerShell community since the very beginning. He provides training and consultancy around a range of Microsoft products, with a recent focus on PowerShell and Skye for Business Server. Thomas runs PowerShell training courses around the world, and has been a speaker at conferences across the world for the past decade. In his spare time, he lives with his wife, daughter, wine cellar, and Grateful Dead live recordings archive in a small cottage in the English countryside. His Twitter handle is @DoctorDNS and he maintains two blogs (Under the Stairs at and PowerShell Scripts Blog at

What do I need to bring?
In order to type along, you should bring a laptop with PowerShell, preferably PowerShell Version 5 , loaded. That can be either native (eg in Windows 10), or in a virtual machine. I suggest you have at least two VMs pre-configured – one a server installation the other a Windows client installation – with the server a DC and the client a member of that domain. The virtualisation software is not of concern – but you need 64-bit guest OS support for Server 2012 and later! Thus you can use Hyper-V, VMware Workstation or Oracle’s Virtual Box. Heck, run it in a VM on a Mac or Linux PC if you want. Just bring along PowerShell v3/4/5 (preferably V5!).

How do I book?
Contact to book a place and to arrange for the invoice to be paid. Payment must be in cash, cheque or bank transfer only no credit cards.

More Details
Watch this blog for any hot breaking news on the event. Tags: ,,

Tuesday, September 01, 2015

Azure PowerShell – Some Changes and Some Good News

I recently wrote a blog post, The Great Azure Cmdlet Renaming – Coming Soon, that noted the coming changes in the PowerShell module for Azure. Well – a few weeks is a very long time, when your clock is set to Internet Time! That article, and others, caused some rethinking within Microsoft and things have changed.

One key issue that the earlier plan raised was that it meant lots and lots of existing automation would need to be updated to take advantage of the later versions of the Azure module. I have thousands of lines of automation, all created using the ASM API. The big change is that, instead of renaming the ASM cmdlets, it's the ARM cmdlets that get renamed. Thus the impact is much less.

Towards the end of a long thread at, David Justice sets out the updated plan of action as:

  • Remove Switch-AzureMode and remove modal behaviour from Azure PowerShell
  • Re-factor the AzureResourceManager module into component modules by service and functionality (management vs. data plane by service)
  • Rename cmdlets in AzureResourceManager module from [Verb]-Azure[Noun] to [Verb]-AzureRM[Noun]  (e.g. Get-AzureRMVM).  Implicitly this means the Azure ServiceManager cmdlets in Azure PowerShell do not get renamed.
  • Distribute Azure and AzureResourceManager modules via PowerShell Gallery
  • Adding automated documentation submission to content team for publication (MSDN) upon release for all modules

There is a lot of detail in the Github post, which you should read, that explains the background and some of the details. The good news is that these changes should be available towards the end of September (2015), with Azure Automation updates at around the same time. As of the time of posting, I've seen nothing to suggest those time scales will not be met – but watch this space.

  1. All in all, progress and some good news. But confirmation of a bit of bad news too for ARM Cmdlet users)

Saturday, July 25, 2015

The Great Azure Cmdlet Renaming – Coming Soon

As many readers of this blog know, I am a fan of the Azure module – it makes it simple and relatively straightforward to automate just about all operations in Azure. I've written scripts to do all sorts of things, including creating LInux and Windows VMs, created web sites, worked with networking, etc. I have a lot of scripts out there – and soon, I am going to have to look at each and every one, and probably change most if not all of them. The Azure module is about to change in a very big way – and this could become work for some!

To understand the renaming that is about to happen, we must start at the beginning. In developing Azure, Microsoft created a REST API, the Azure Service Management (ASP) API. A set of cmdlets were created that interfaced with the API to enable automation via PowerShell of the Azure components like VMs. I use these cmdlets most days and they rock. There is room for improvement, but they work and work well.

But the Azure team created a second API, the Azure Resourced Manager (ARM) API. And the Azure module was changed to allow Azure ARM based cmdlets. The ARM API has a much different look and feel – and provides some features not available in the ASM version, particularly templates and resource groups. As an aside, I can only surmise that if thee Azure team were to go back in time, knowing what they know now, they may never have built the ASM API, going straight to ARM. But they didn't.

The impact to the user of the Azure module is how you call cmdlets targeting ARM vs. ASM. For a start, the two cmdlet sets were never meant to be loaded or used together. When you load the Azure module, you get a module of cmdlets, etc, that are targeted at the ASM API. To get to view the ARM based cmdlets, you use the Switch-AzureMode cmdlet, and  using the –Name parameter, you specify whether to use the expose  AzureResourceManager or AzureServiceManagement API based cmdlets. Both cmdlet sets feature cmdlets with the same name that do more or less the same thing, but are in compatible. You can't really mix and match between the cmdlet sets. With the latest Azure module, it looks like this:



As you can see, there a different number of cmdlets in each set, and when you use Switch-AzureMode, it removes one set of cmdlets and load a totally different module (where did that come from – we never loaded or installed an AzureResourceManager module! The magic of the Azure module makes this all work – and since scripts tend to only use one or other API set, no real harm done.

But it is confusing and from a pure PowerShell point of view, the basic design was flawed – it does need cleaning up. And, going forward, that is what Microsoft is going to do. In a post entitled Deprecation of Switch-AzureMode  in Azure PowerShell, Joe Levy spells out the need for the change and how it will happen.

The key changes are broadly as follows:

  • The Azure module will be renamed to “ASM”. And all ASM cmdlets will be prefixed with “ASM”, so Azure/New-AzureVM will become ASM/New-AsmVM or simply New-AsmVM.
  • The existing AzureResourceManager cmdlets will keep their existing names, so New-AzureVM will map to the ARM version.
  • The existing AzureResourceManager module will be broken into many modules by service and behaviour. Examples of the module names would be the following: AzureCompute, AzureNetwork, AzureStorage, …
  • Azure PowerShell and all of its modules will be distributed via MSI and PS-Get. MSI cadence will decrease because the MSI will be a wrapper for a PS-Get script.

So if you have written any scripts using ASM cmdlets, these will need to be updated to use the new cmdlet names. If you have written scripts using the ARM modules, these should not need to change much, but some change is inevitable (erg removing any Switch-AzureMode statements you have!).

If you have done ANY scripting with Azure and PowerShell, you should read the article carefully and start to work out your strategy for the updates that will be coming. The plan, at the moment at least, is that this will all happen over the next couple of months. The ARM decomposition should be done in August, and the Azure module rename will happen in September. Tags: ,,

Thursday, June 25, 2015

Azure Infographic

Microsoft has published a cool infographic on Azure which you can get from


This infographic provides a simple overview to Azure features, Azure services and notes typical use cases. The document is actually PDF file which means you can scale it up or down. I love this diagram as it shows all the key features of Azure. Plus it's up to date! Tags: ,,

Wednesday, June 24, 2015

Passing the Azure 70-532 Exam

I just saw a neat post describing how to study for, and pass, the Azure 70-532 Developing Microsoft Azure solutions. If you are planning on taking that exam, I suggest you see @shahedc's recent blog article: Lots of great advice! Tags: ,,

Tuesday, June 23, 2015

New Azure Pricing Calculator

Microsoft produced a basic pricing calculator to help Azure customers. But as you can see here, customer feedback on this calculator was not particularly positive. In the Azure training I do, I find partners too found this old calculator not overly outstanding.

But, MS has listened and has begin rolling out an entirely new Calculator. So far, there's a new calculator for Virtual Machines which you can access at: The VM calculator looks like this:


This is a distinct improvement – I look forward to seeing further improvements in the calculator. Tags: ,

Friday, June 12, 2015

Calling Console Applications from PowerShell

In some recent training, I challenged the attendees to 'throw away' Cmd.EXE and to use the PowerShell console for everything. A good concept, but they challenged me back with: But what about all those commands I used to use – I can't use them any more, such as Ipconfig. That caused them some concern.

But: it turns out that Windows console applications run pretty much just fine under PowerShell. While I prefer using GIP than IPconcig, the later sure is a lot faster and I confess to using it when I just can't stand to wait GIP to finish up it's work. Its' great that these commands just work in PowerShell - just about every Windows Console application runs just fine, although there are some exceptions (and work arounds!).

The first exception is where PowerShell parses the command's parameters and recognises some characters in the command invocation as special PowerShell syntax, rather than the syntax of the command itself. For example, BCDEdit.exe used a Guid, enclosed in "{}" to represent different boot entries – PowerShell sees the guid as a script block , not as some text that can be parsed by the command and thus fails. Most of the misbehaving commands can easily be tamed by using the trick I showed in my blog article: – just use the –% characters as the first text after the cmdlet name (following by the rest of the command's normal parameters).

The other exception is that Interactive console applications are not supported from the PowerShell ISE.  To get around this, just  launch the console application using "Start-Process <console application>" command. This launches the application in a new windows.

Yet another reason to stop avoid learning PowerShell today! Tags: ,

Sunday, May 24, 2015

Explore Cloud Storage with CloudXplorer

I've been working a lot with Azure Storage – creating some cool scripts/functions to demonstrate the use of Azure storage as well as managing my storage across several subscriptions. The lack of tooling has been a bit of a difficulty – the Azure Storage Explorer (on CodePlex: works, but I've found it pretty basic. And it fails to do a number of things for me (mainly remove old VHDs created during demos).

Today I found a new product: CloudXplorer, from ClumsyLeaf software. A commercial product (US$59, with larger numbers of licenses becoming cheaper per license). The product does, however both work across Azure Files, Amazon S3 and Google Storage! And it's fast.

After downloading and installing it you need to enter your storage account (and storage account keys) and then it looks something like this:


You can get the free trial from ClumsyLeaf's web site: It runs on Vista and above, and needs .NET 4. And, as I said, you need an azure, S3 or Google storage Tags: ,,

Friday, May 15, 2015

Managing Multiple Azure Subscriptions

Like many in the industry, I have multiple Azure subscriptions. When I create Azure resources, such as VMs, they are created in one of those subscriptions. However,  when I issue get-* cmdlets, such as Get-AzureVM, Azure only returns the objects in the 'current' Azure subscription, which can lead to some confusion (where did my VM go??).

Of course, when we look to making life easier for ourselves, we naturally turn to PowerShell. There is a cmdlet you can use to set a particular subscription to be the current subscriptions, which those Get-* cmdlets would then use. But that takes time – plus I seem never to remember the cmdlets and have to go discover the details.

To simplify things, I've written a short function that sets one of the subscriptions as current, which looks like this:

Function Set-CurrentAzureSubscription {
# Check minimum sub number
If ($subscriptionNumber -lt 0) {return 'Try again'}

# Get azure subs
$Subs = Get-AzureSubscription

# check the upper bound
If ($SubscriptionNumber -GE $Subs.count) {return 'try again'}

# set the sub as current
$Subs[$subscriptionNumber] |Select-AzureSubscription -Current
# and say so
"Subscription [$($subs[$subscriptionNumber].SubscriptionName)] set as current"

Set-Alias CAS Set-CurrentAzureSubscription

With this function and alias, I just type: CAS 0 to select the first subscription, and (in my case ) CAS 2 for the final one. Here's a look at using this:


As you can see, setting my current subscription causes Get-AzureVM to return different VMs! This function is now part of my $profile.

Tuesday, May 05, 2015

And Another Azure PowerShell Release

The other day, I joked via twitter that if you blink, you would miss yet another new Azure feature. Well nearly! Just 6 days ago, I noticed (and tweeted) that there was a new release of Azure PowerShell. Excitingly, the version was 0.9.0. Lots of changes (a total of 469 separate commits) and loads of new cmdlets. Release 0.9.0 has 625 cmdle5ts and 83 aliases (in service management mode), and 336 cmdlets in Azure Resource Manager mode.

Well, just 5 days later, Microsoft released an updated version of the cmdlets – I am assuming this is a drop especially for Ignite. The new build, version 0.9.1, installs nicely over the earlier build. The new version has 8 additional cmdlets in service management mode, but a total of 448 cmdlets in resource management mode (or 112 new cmdlets!). The new MSI weighs in at 19.9mb!

The main thrust of both 0.9.0 and 0.9.1 have been to add new cmdlets to Azure Resource Manager mode.  This involves using Azure Templates about which is a subject for another blog post!

Veeam FastSCP for #Azure – a Cool Free Tool

Those nice folks at Veeam have just announced a new, cool, AND FREE tool to help you manage filestore on Azure VMs. As most of you will know, It's not particularly easy to get data into an Azure VM and back out. As Veeam's blog explains: there are ways to achieve this, but they do take work. Their new FastSCP tool enabled you to copy local files to Azure VMs and copy files in an Azure VM to an on-premises system.

The tool has some neat features. All copy operations are secure, with no need for separate encryption or VPNs. You can schedule the copy commands. The UI is wizard driven and very easy to use. FastSCP, which as I noted above is in beta, runs on Windows 7 and above and needs the .NET Framework 4, and PowerShell 2.0 or later. You can register for the download here:

One small thing: this tool copies files from and to VMs, it does not support copying files to Azure's Blob or File stores. It would be cool if the final version of FastSCP enabled that! Tags: ,,

Wednesday, April 29, 2015

Jeffrey Snover AMA – A must watch!

I've just finished a most enjoyable couple of hours watching An AMA (ask me anything) interview with Jeffrey Snover, Microsoft Distinguished Engineer and inventor of PowerShell. Jeffrey and his teams) have brought about some awesome changes in terms of manageability of Windows systems. Anyone who has seen Jeffrey speak, know he is an amazing presenter – always full of interesting stories and a passion for helping us to be successful using Microsoft Tools. He is one of the best speakers at Microsoft, IMHO.

This two-part interview (part 1 here and part 2 here) has Jason Helmick ask Jeffrey a bunch of really interesting questions – ones that I see often when teaching PowerShell. If you've taken any of my PowerShell courses, many of these will not be new, but Jeffrey's spin on the question is absorbing and his vantage point unique. Things like, what were the obstacles he faced delivering PowerShell, is the information about PowerShell V3 relevant to PowerShell v5, why the V1.0 in the $Pshome path for PowerShell V5?, etc. Stuff any respectable IT Pro should know.  My question would have been: Does he still carry the 20 dollar bill? He'll know what that is a reference to!

I highly recommend taking some time to watch these two videos. Doubly so if you want to get a better understanding why PowerShell is the future of Windows management. Tags: ,

Tuesday, April 28, 2015

Azure Machine Learning – Free eBook from Microsoft Press

Microsoft Press continues to pump out cool free e-books on Azure. The latest is Microsoft Azure Essentials: Azure Machine Learning (ISBN 9780735698178), by Jeff Barnes. It's the third of what I sure hope is a long set of free e-books.

At present, this e-book is only available in PDF, but Mobi and ePub are meant to available soon.  As described over on the Microsoft Press blog, you can download this book in PDF Format (here).

Monday, April 27, 2015

Azure Virtual Networking – An MVA Course

I taught an Azure class week to a bunch of architects who were fairly new to Azure. It seemed to me that one of the subjects they had the most trouble getting to grips with was Azure Networking. Interoperating with Azure VMs (in a service and in a vnet) and Azure Paas instances is just different from on-premises networking, what with VIPs,DIPS, the complexity of VPNs, etc. There is nothing that can't be learned, but for seasoned architects used to on-premises networking many of the fundamentals are just plain different.

I see that Microsoft's Virtual Academy has brought out a course on Azure Networking, which you can find here: This course covers Virtual Networking in Azure. Basic networking inside VMs is not covered however – and that would make a great MVA course.

One small comment on this course (and some of Azure documentation) – there are not enough pictures. As this course progresses, I'd have liked to have seen more pictures containing the details. Nevertheless, the material is well covered.

This  course has four units:

  • Introduction to Azure Networking Basics and VPN requirements
  • Plan and Design your Cloud Network Infrastructure
  • Configuring Azure and On Premises
  • Testing connectivity and Monitoring

Each module has a video – in the 4 modules the videos last around 55 minutes. Each module also has a slide presentation you can download and a short assessment to test your learning. Tags: ,

Monday, April 13, 2015

Azure Resource Explorer

Microsoft has just issued a very cool new Azure Tool: Azure Resource Explorer. This tool is a web site within Azure: navigate to and you get to the base.

Once you have logged in, you can use the tool to discover the Azure Resource Management APIs. These APIs are implemented as Rest APIs, where the URI is used to specify a specific resource, and JSON is used to hold the details of this resource. If you understand REST APIs, the concept is well understood. But if you come from a more traditional IT Pro background ('no developer foo foo here thank you"), understanding both Rest and the Azure REST APIs can be quite useful. And for those of you who smugly import the Azure module – remember that these cmdlets merely wrap the REST API. Running a cmdlet simply invokes the REST API.

The tool also enables you to view the API documentation. This is a fantastic bit of assistance for the developer, or an IT Pro who wants to use the API directly within a PowerShell script. Having said that, the documentation is not overwhelming. It is incomplete in places and in others, it's pretty thin. But this is something that no doubt will improve over time!

The final cool feature of the Tool is the ability to actually make API calls to your own Azure subscriptions.  When you first open up the Explorer, you notice a tree control in the left most pane – this is the resource hierarchy tree. You can use the tree control to open up lower nodes, such as the configuration of a single VM.

Here is a screenshot of one of my Azure VMs. I have blacked out the subscription ID, but the rest is as you would see it. If you notice, the shape of the hierarchy in the tree control matches the shape of the URI. This is, of course, normal REST practice – but seeing it both as a URI and a tree helps me to visualise the resources.


In the screen shot, I show one VM. In the right pane you will see the 'data' relating to a resource. In this case, it's the details of a VM. The URI/Tree control points to a specific subscription and a specific resource group and to the VMs in that group (in this case just one). That VM has a bunch of properties (hardwareProfile, networkProfile, etc). The details of the resource, the VM, is expressed in JSON. If you issue an API call (eg a Get on this URI), you will get a JSON document back – and then use ConvertTo-JSON and ConvertFrom-Json cmdlets to interoperate with the data used with the API.

One final cool feature of this tool. If you look carefully ad the details of this VM – the line numbers in the JSON document are not fully contiguous – that's because I used the region folding feature of the explorer to hid details. Just click on the chevron to the right of a line number to hide/reveal what is below. Someone put a lot of thought into this explorer. 

I hope further work is done, particularly in terms of improving the API documentation. But an even cooler feature  would be to enable the Explorer to spit out a working PowerShell snippet to interact with the API. Much like MOW's old WMI explorer that showed you how to use WMI Methods. So you navigate to the resource you want to manage, select the HTTP Verb (Get, Put, Post, Delete) and then see how that verb would used against API expressed in the URI. It would include setting up the HTTP call, making the API call, then using the data from returned JSON.

Tuesday, April 07, 2015

Using the DSC Resource Kit – Hot Fixes may be needed

It's that time of year, and with some upcoming PowerShell classes to teach, I've been rebuilding my classroom lab environment. Turns out the client wants some DSC content, and accordingly loaded the latest build of the DSC Resource Kit. What a wonderful set of extensions – I love the speed at which these evolve.

But once I'd loaded the Resource Kit on the 'client' box, I was not able to see any of the new resources. I could see the modules containing the resources, but not the DSC Resources themselves:


But a quick question on both Spiceworks and's forums and the answer was easy. My rebuild of the lab had installed the RTM version of Server 2012 R2. For the resources to become available, I had to install three specific hotfixes:

  • Windows8.1-KB2894179-x64.msu
  • Windows8.1-KB2894029-x64.msu
  • Windows8.1-KB2883200-x64.msu

You can get all three from: OH – and be careful of the order you install them – read the KB article carefully! Tags: ,

Thursday, April 02, 2015

New Version of Azure PowerShell Module

As I was writing another blog post last night, I discovered that the Azure PowerShell module has been updated – the new version is 0.8.16. The Azure module now boasts 606 cmdlets (and 35 aliases).  The updated module has some new cmdlets (notably for Azure Insights), bug fixes and some changes to the Azure Websites cmdlets that partly reflect the removal of Web sites and their replacement (web apps).

You can get the updated module from This page features a download link to both the (updated) web platform installer and to a standalone MSI for just the module.  The page also has some more details on what's new.

Interestingly – the updated module still supports for Azure web sites (e.g. New-AzureWebsite) despite the GUI (the Azure portal and the Azure preview portal) having dropped these in favour of the newly announced Web Apps functionality that in effect subsumes the older Web Sites feature). The Azure portals no longer show Web sites, whereas the cmdlets still support the feature. One noticeable and important difference here – the web site cmdlets do not appear to support the gallery function. So while creating a web site is pretty trivial, creating it via a gallery (e.g. a WordPress site complete with MySQL) does not appear possible (yet).

Tuesday, March 31, 2015

Creating a Web Site with Azure's New App Service

Once neat feature of Azure, that I love demoing, is the ability to create a simple web site, backed with tools such as WordPress. You could create this pretty easily using the wizard – either create a bare bones IIS web site, or pre-load it with a variety of packages from the gallery – Simple! Azure Web sites – however they are now so last week!

By that, I meant that last week, Microsoft announced a huge new feature: Azure App Service. This feature is, an evolution of the old Web Site and Web/Worker Role features. Those old features are gone from the UI. IN the old portal it now looks like this:

image As you can see, there is no explicit option for Web Sites any more. The website option is now a subset of Web Apps.  And it turns out to be almost as easy as it used to be!  I now show you how to create my standard WordPress sample site using Azure Web Apps. You do it as follows:

1. Open the Portal, click on Web Apps and then click New:


2. From here, you can click on the From Gallery and get a popop:

image 3. I just scroll down and find the WordPress gallery item:

image 4. With WordPress (or any other gallery item you want to play with) selected, I click the arrow at the bottom right of the popup. This brings up an application configuration screen:

image 5. As you can see, I've filled in the basics: site name (defaults to a site within the domain), database details and where to put the db (and the account used to bill this web site!). Once filled in, it's another click on the right arrow where you can specify details of the MySQL database (and agree to the terms and conditions):


6. Finally, click the check icon at the bottom right of the screen, and the application (aka web site) will be created. Once that is done (it takes a couple of minutes to create a new web site and  My SQL database), you can then logon and install/configure WordPress. And then you canstart to blog. I'll leave the details of creating a Wordpress site as a topic for other sites! But here's the site with literally 2 minutes work:


In summary: while the explicit option to create a web SITE is gone, it's very simple to create a simple web application that just consists of a single web site. Web sites are dead, long live web applications… Tags: ,,

Wednesday, March 11, 2015

Azure Architecture Posters

I've long been a fan of Microsoft's technical posters – they convey a great deal of information and area a great way to learn more. Microsoft has just published some updated Cloud IT architecture posters and you can download them from

There are :

  • Microsoft Cloud Services and Platform Options
  • Microsoft Cloud Identity for Enterprise Architects
  • Microsoft Cloud Security for Enterprise Architects
  • Microsoft Cloud Storage for Enterprise Architects (coming soon)

I just wish I had a nice A2 or A1 colour printer!! Tags: ,,

Saturday, March 07, 2015

Azure Portal Shortcut keys

The latest version of the Azure Preview Portal shipped a few weeks ago. One of the features of that new portal is that it now supports keyboard shortcuts.

Those not familiar with the new portal need to learn the concept of blades. These are UI elements which pop out to the right. Bringing up the Virtual Machines blade shows all the VMs in your account; clicking on a specific VM brings up that VM's blade. You can then open subsidiary blades e.g. to manage the VM's settings. The new portal also has notification hub where you get notification messages (that a VM you created has indeed been created). There's also a billing blade that shows you your subscriptions and how much credit each subscription has.

One of the cool features added to the updated Preview Portal is adding shortcut keys. These are single key strokes that do useful things! There are two sets of short cut keys

Hub Menu – when you are focused on the left hand 'hub' in the portal:

H – shows the portal start board (as customised by you!)

N – shows the notification hub and any recent notifications

A – shows the active journey hub – this is a starting point for any sets of blades you have opened (a VM's configuration, etc)

/ – show the search hub

B – shows the billing hub (all your subscriptions and credit left)

C – shows the Create/New Hub blade

Blade Navigation - If you have several blades open (e.g. VMs, a VM, a VM's setting) you can navigate between the individual blades (i.e. between the blades in an active journey)

J – move the input focus to the prior blade

K – move the input focus to the next blade

F – move the input focus to first blade

L- move the input focus to the last blade

This makes navigation around the Preview Portal easier.

Friday, February 27, 2015

Using SSH with Azure Linux Virtual Machines

Accessing Windows VMs in Azure is pretty straightforward – after you create the VM, you can download an RDP file from the Azure portal and remotely administer the VM. You can also access your VM via PowerShell, although that is a bit more complex due to the need for certificates. But what if you are using a Linux VM?

Turns out – it's pretty easy. The Azure documentation article, at  shows you how to do it. The steps are pretty simple, but will vary with the Linux distro you are using.

The basic way is to first generate the SSH keys. The easiest way to do this is to load and  then using openssl to generate an X.509 certificate, Then connect with Putty.

You can also forego creating keys, and just using a password. You set the password when you create the VM, then just login using putty. When you do, it' looks a bit like this: Tags: ,,,


So for those of you who a) want to learn Linux and b) struggle with loading it on your own hardware – Azure provides a simple way to create then use a Linux VM.

Updated Azure Module Is Released

I am just back from teaching Azure and Office 365 in Belgium where we used the latest version of the Azure Cmdlets. The new version, 0.8.14 contains a huge number of updates and improvements. The changes include:

  • New StorSimple commands in AzureServiceManagement mode.
  • Updated HD Insight cmdlets
  • New Azure Insights cmdlets in AzureResourceManager mode
  • A new cmdlet for Azure VM, Get-AzureVmDSCExtensionStatus to get the DSC status for a VM
  • A number of new Azure Automation cmdlets in AzureResourceManager mode

I like that Azure is becoming more DSC aware – I am really excited about seeing DSC being fully implemented in both Windows and Azure.

To get this new version, you can either use the Web Platform Installer (which allows you to install more than just the new module).  Or, you can go to Github, and get the stand-alone version from the Azure-PowerShell repository ( The latter is an MSI that installs the updated module. Note that if you are running PowerShell already, then the MSI could ask you to either close those windows, or reboot to get the new module fully installed.

This update shows the sheer pace at which Azure is being updated. I find it staggering when you compare it to some earlier MS development cycles (e.g. the 5 years between NT4 and Windows 2000). The really good news is that Azure is getting richer and better by the month. The downside is the sheer difficulty IT Pros may have keeping up with this rapid pace of change. All in all, I think this is really not a bad problem to have!

Monday, February 23, 2015

Your Nearest Azure Data Centre

When designing an solution involving any cloud vendor, you need to be aware of the network latency between your users and the cloud. For Azure, this means putting your objects (VMs, web sites, storage, etc) in the data canter closes to you. But which one is that?

I just came upon a neat page that can help: This page plots a nice looking graph of the latency between the client and the 15 existing Azure data centres around the world.  After a few tests, my graph looks like this:


There's also a nice table that goes along with the graph:


As you can see, the latency between my office and Azure favours the Western Europe data centre in Amsterdam. I had expected Dublin (North Europe) to be faster or at least very close – but was in fact slower. . Not surprisingly, Brazil, Japan and Australia are a lot further away. I was also surprised that the times to South East Asia  and East Asia were faster than both West US and East US.

What do your tests show? Tags: ,

Saturday, February 21, 2015

Azure Cmdlets and the Debug Switch

So here is is, late on a Saturday and I'm off in the morning to teach an Office 365 class. In a fit of overexcitement, I decided to try to build out the lab environment on my laptop before travelling to the class. The class is run as a long-day boot camp and in the past the start of the course has been challenging with issues relating to building out the environment. I hoped to avoid that this week!

This class is one of the first from Microsoft to utilise Azure. The student's "on premises" data centre is in Azure, and the course looks at adding Office 365 into the mix. It's a fantastic idea – the student just runs a few scripts and hey presto – their live environment (DC, Exchange, etc, etc, etc) is all built by script as part of the first lab. And amazingly – this just takes around two hours according to the lab manual. What could possibly go wrong?

Well – the last time, those two hours turned into 6 as we had some errors at the start with the first script not running properly. Of course, I was able to troubleshoot and fix the issues although it did take time. So I thought it might be a clever idea to re-test the scripts this time and maybe avoid the issues.

I downloaded the first VM and installed it onto my Windows 10 client, then started running the build scripts. All was going well, till I tried to run the script to create the DC. For several hours, each time I try to create the VM, i would get error: "CurrentStorageAccountName is not accessible. Ensure the current storage account is accessible and in the same location or affinity group as your cloud service." All the normal methods (i.e. looking at Google and reading the articles found) did not help. None of the suggested fixes were appropriate to me. After two hours I was stuck.

Then, by this time on the third page of Google results, I came across a trick that should have occurred to me earlier. Use the-Debug Switch on the call to New-AzureVM (the cmdlet that was failing). I was able to see the HTTP traffic which relates to the underlying REST management api  leveraged by the Azure PowerShell cmdlets.

What I saw was the client asking for my storage account details – but claimed that the storage account did not exist. On close inspection, I could see the storage account name being requested was almost, but not quite, the correct ID. In creating the storage account, the script asked for user input (partner ID and student id), then created a storage account with a unique per/student name 0 a nice touch. In my case, I entered a partner number beginning with a 0 (zero). And looking closely at the script, part of it strips off the leading zero and used the zero-less storage account name for later operations – and of course that fails. To fix things, I just removed everything created thus far from Azure, and re-ran the scripts utilising better input and away I want.

There are two lessons here: first (as I tell all my students in almost every PowerShell Class): all user input is evil unless tested and proved to be to the contrary. If you are writing a script that accepts user input, code defensively and assume the user is going to enter duff data. The script should have checked to ensure the partner id entered did not start with a zero – it's a production script after all. Of course, I probably should have, and eventually did use a partner number not starting in Zero. So the underlying cause is user error. Still a good lesson is that, given a chance, most users can do dumb things and you need to write scripts accordingly.

The second one is the value of the –Debug switch when using any Azure PowerShell cmdlet. There can be quite a lot of output, but the ability to see what the cmdlet is doing can be invaluable. In my case, it took only seconds to work out the problem once I'd seen the debug output from the call to New-AzureVM. I recommend you play with this, as you get more familiar with Azure PowerShell – it can certainly help to in troubleshooting other people's scripts!

Thursday, February 19, 2015

Azure Preview Portal - Improvements

A few days ago, Microsoft shipped a new version of the Azure Preview Portal – one of the two GUIs you can use to manage your Azure accounts, subscriptions and assets. The new preview portal has been in development for a while. I am hoping that sooner rather than later we'll have just one portal. But in the mean time, the improvements to the new portal are most welcome.

Leon Welicki, a PM in the Azure Websites team has written a great article about the new portal and describes the new features – and their are a lot. See his blog article at:

There are a lot of new features! Tags: ,

PowerShell V5 – Feb 2015 Preview

Continuing with the approach of regular updates to PowerShell V5, the PowerShell team yesterday published a new version. You can read about the version in the PowerShell team Blog:

The download can be found at the Microsoft Download center: As noted in the team blog – this new version is only installable on Server 2012, Server 2012 R2 and Windows 8.1. I will also try it out on my latest build of Windows 10 and will report back once I get a chance to try it.

The download site has three .MSU files (one for each of the OS's mentioned) plus a set of release notes. Be careful as the file names are names of the update file are similar! The download is not overly big (circa 10mb for each msu) and takes but a minute or so to install. But, since I had an earlier preview version loaded, the installation required a reboot. Tags: ,,

Wednesday, February 18, 2015

Free ebooks from MS Press on Azure

Microsoft Virtual Academy and Microsoft Press have joined forces and have issued a number of free e-books on Azure – you can download them from the web (as PDF) and enjoy them on your PC/tablet/Phone/etc. You can get the full set of books from here:

Not sure how long

books will remain free – and how many of them are still up to date. Given the fast pace of Azure development, these books are almost out of date before you get them. But having said that, they are still worth reading.

At present I am looking at the book: Rethinking Enterprise Storage: A Hybrid Cloud Model. Although the book is now 18 months old, there is some good thinking here. It's certainly helped me to re-evaluate how storage works in a hybrid model and why that model is so useful for my customers.

So get reading! Tags: ,,

Tuesday, February 17, 2015

Azure IP Ranges

If you are setting up firewall exclusions related to Azure resources, it helps to know the Azure Dataenter IP address ranges. Turns out – that's really pretty easy: just download the details from the Microsoft Download Centre. Go here, the Azure Site and download that list.  The actual deep link to the XML document containing the IP ranges is: Speaking personally, I found that deep link a bit hard to see on the Datacenter IP Ranges page.

The list that can download from Microsoft contains the all Compute IP address ranges (including SQL ranges) used by the Azure Datacenters around teh world. Each section of the XML document specifies a geographic region and the IP address ranges associated with that region.

The download is an XML document containing the current IP address ranges for all Azure data centres around the world, except China. The document looks like this (when viewed from PowerShell ISE):


The Windows Azure Datacenter IP Ranges in China are separately defined. The download centre enables you to download a separate list as the Chinese data centres are operated by 21Vianet.  You can get this document from here: It looks like this:


These IP address lists are published weekly. Microsoft also go on to make a good security point: Do not assume that all traffic originating from these IP address ranges is trustworthy!

Monday, February 16, 2015

Studying for Azure Exam 70-533?

If so, here's a study guide: It looks at each area covered in the exam and looks at the specifics of what is covered there.  For each objective, there are some links to more information about that area.

And, as the article points out, don't forget that if you take this exam before May 31st 2015, you get a free re-take of the exam should you not pass it first time. Tags: ,

Friday, February 13, 2015

Azure Backup Improved

In keeping with the near constant stream of improvements to all aspects of Azure, Microsoft has just announced some updates to Azure Backup.

Previously, there were several limits, including;

  • Azure Backup uses only one single retention policy to back up the data. This was limiting,
  • The number of backup copies is limited to 120. Daily backups, therefore only cover last 3 months.
  • Azure Backup does not provide the option of sending the data over network bandwidth alone to the end customer. Another limit.

But today, MS announced some major changes to Azure Backup.

  • You can now set multiple retention policies on backup data. The impact of this is that backup data can now be stored for multiple years by maintaining more backup copies near term, and less backup copies as the backup data becomes aged.
  • The number of backup copies that can be stored at Azure is increased to 366 – a 3 fold increase. 
  • Azure Backup integrates with the Azure Import service to send the initial backup data to Azure data center. This capability will enable the customers to ship the initial backup data through disk to the nearest Azure data center. This can be a significant benefit if you want to backup a LARGE amount of fairly static data.

The latest update also fixes some older issues, like not being able to backup >  850GB, etc. Tags: ,

Tuesday, February 10, 2015

Azure Premium Storage

Before Christmas, Microsoft added a bunch of new features to Azure. One that I've only really just noticed was Premium Storage. Azure provides several types of cloud storage (blogs, queues, tables and files) – with the files storage still in preview. Premium storage too is in Preview.

The basic idea if Azure Storage is that you can store your data in the cloud: whether that data is the VHD drive for an Azure VM, a message queue used to hook up different parts of an application, or whatever. Azure storage is a fundamental building block you use to create cloud computing systems based on Azure.

The new premium storage feature now allows you to store this data on SSD disks. This new storage option provides higher performance and lower disk latency. Not only that, but, at least during the preview, Microsoft offered three types of SSD: P10, P20, and P30. These disks are 128gb, 512gb and 1tb respectively. The bigger disk provide more IOPS and greater throughput.

I look forward to playing a bit more with Premium Storage! I suppose it goes without saying: you can easily use Azure PowerShell cmdlets to manage this storage. I hope to generate a few scripts to demonstrate this!

For more details on Azure Storage, See Sirius Kuttiyan's recent blog post. For fuller details on Azure Storage pricing, see: Premium storage is still in preview, and is offered at a bit of a discount. The 128GB  P10 disk, for example, is £5.47/month, while the 1TB P30 is £37.54/month.

Monday, February 09, 2015

Another Way to Access Azure VMs with PowerShell

In a blog post over the weekend, I demonstrated how you can access an Azure VM from an on-premises workstation using PowerShell. To summarise this approach: you first need to trust the management certificate provided to the VM by Azure, then use Enter-PSSession using the DNS name of the service, the port opened for PowerShell management endpoint and explicitly requesting SSL. While it took me a bit of time to work all this out (getting the cert downloaded was my biggest initial stumbling block), the approach is fairly simple.

But, like almost everything in PowerShell, it seems, there is yet another way to do this. No sooner had I posted that blog article when I got a tweet:


And – the answer was, at that point, no. I'd not noticed that cmdlet! I don't know all of then circa 500 cmdlets (yet)! But it was a nice prod to take a look. Johan's suggestion was a good one as the coding is simpler. Using both methods, you need to create a credential object to pass to the remote machine (specifying the UserID you created when you first created the Azure VM, or some other administrator you have created on the remote Azure system). And you need to trust the certificate the Azure machine presents when negotiating SSL between your client system and the Azure server. Once you have those two done, then you can   enter the PSSession like this:

$PshEP = Get-AzureVm cookhamlo | Get-AzureEndpoint  |
Where name -eq 'PowerShell'
Enter-PsSession -ComputerName $VmName -Port $PshEp.Port –Credential
         $VmCred –UseSSL

Using Johan's suggestion, the coding would look like this:

$Azuri = Get-AzureWinRmUri -ServiceName $VmName                   
Enter-PsSession -ConnectionUri $Azuri.AbsoluteUri -Credential $VmCred

Having tried them, both approaches work perfectly fine (assuming you have a valid credential object and trust the remote system's management port certificate).  both approaches work, but it feels like the second approach to be easier.