review at amazon: Azure for Architects

This weekend i read "Azure for Architects - Implementing cloud design, DevOps, containers, IoT and serverless solutions on your public cloud".

After i had some trouble to publish my review on amazon.de and i put in onto my blog (take a look here), i wrote a smaller review only about 2 chapters. And this worked...

One statement i liked, was:
This is not only true for security, but sometimes it is important to state the obvious.

If you are interested, take a look at my review at amazon.de (like all my reviews: written in german ;-).


AWS: overview of all postings

After nearly an half year of looking into AWS, here a summary of all postings related to that topic:
ECS & S3 (Computing & Storage):
VPC (Networking):


Microsoft Azure: Adding user requires more work as expected

Just to try some things in Microsoft Azure i wanted to add an additional user to my test account. But this was not so easy:

Go to "Azure Active Directory" and "Users":


 But then:

I thought this is not really a problem, because openesb.eu is my domain, so let's try to verify this one:

The problem is, that i am not able to change this settings. So i tried, if i am lucky, but:
So only way to add users in such a minimal setup, is to add accounts from live.com etc..


Microsoft Azure: How to use waagent (Microsoft Azure Linux Agent)

After installation waagent on my ubunu server, i tried to use this tool.
First guess was to read the manpages, but there is no entry for waagent:
root@ubuntuserver:~# man waagent
No manual entry for waagent
See 'man 7 undocumented' for help when manual pages are not available.
So for documentation you have to visit the Microsoft Azure portal:

Here are some commands i tried:
root@ubuntuserver:~# waagent -show-configuration
AutoUpdate.Enabled = True
AutoUpdate.GAFamily = Prod
Autoupdate.Frequency = 3600
CGroups.EnforceLimits = False
CGroups.Excluded = customscript,runcommand
DVD.MountPoint = /mnt/cdrom/secure
DetectScvmmEnv = False
EnableOverProvisioning = True
Extension.LogDir = /var/log/azure
Extensions.Enabled = True
HttpProxy.Host = None
HttpProxy.Port = None
Lib.Dir = /var/lib/waagent
Logs.Verbose = False
OS.AllowHTTP = False
OS.CheckRdmaDriver = False
OS.EnableFIPS = False
OS.EnableFirewall = True
OS.EnableRDMA = False
OS.HomeDir = /home
OS.OpensslPath = /usr/bin/openssl
OS.PasswordPath = /etc/shadow
OS.RootDeviceScsiTimeout = 300
OS.SshClientAliveInterval = 180
OS.SshDir = /etc/ssh
OS.SudoersDir = /etc/sudoers.d
OS.UpdateRdmaDriver = False
Pid.File = /var/run/waagent.pid
Provisioning.AllowResetSysUser = False
Provisioning.DecodeCustomData = False
Provisioning.DeleteRootPassword = True
Provisioning.Enabled = False
Provisioning.ExecuteCustomData = False
Provisioning.MonitorHostName = False
Provisioning.PasswordCryptId = 6
Provisioning.PasswordCryptSaltLength = 10
Provisioning.RegenerateSshHostKeyPair = False
Provisioning.SshHostKeyPairType = rsa
Provisioning.UseCloudInit = True
ResourceDisk.EnableSwap = False
ResourceDisk.Filesystem = ext4
ResourceDisk.Format = False
ResourceDisk.MountOptions = None
ResourceDisk.MountPoint = /mnt
ResourceDisk.SwapSizeMB = 0
or list all commands:
root@ubuntuserver:~# waagent -help
usage: /usr/sbin/waagent [-verbose] [-force] [-help] -configuration-path:-deprovision[+user]|-register-service|-version|-daemon|-start|-run-exthandlers|-show-configuration]


review: architecting microsoft azure solutions

Last week i read the exam ref "architecting microsoft azure solutions"

The book cover states
Designed for architects and other cloud professionals ready to advance their status, Exam Ref focuses on the critical thinking and decision-making acumen needed for success at the MCSA level.
The book "Architecting Microsoft Azure Solutions" comes with 320 pages and 6 chapters. The claim of the book: "This book teaches you how to design and architect secure, highly-available, performant, monitored and resilient solutions on Azure".

The first chapter is "Design compute infrastructure". The beginning is clearly structured: Fault Domains, Availabilty Sets and Update Domains. Unfortunately, when listing the VM types, thera are various letters shown, but an explanation of the abbreviations of that letters is missing.
The sub-chapter Migration contains only many URLs. Helpful examples are not provided. The next subchapters serverless computing and microservices are not worth reading. It is not at all clear which requirements have to be met in order to build an application serverless or in a container. But there are many comparisons when serverless computing fits better than microservices.
The subchapter "Design Web Applications" loses itself in general considerations regarding availability and description of REST.
The biggest problem with Chapter 1 is that there is a lack of examples that allow the topics to be played through once. Also missing at the end of the chapter of the typical question catalog, with which one could prepare for an exam.

After chapter 1 I did not want to read any further - that would have been a mistake. For all who buy this book: skip Chapter 1!

The chapters 2 and 3 (Storage & Networking) are really good. They provide brief explanations and for every use case detailed instructions for the Azure command line or the portal including screenshots are presented. Both chapters are very well written and give an overview of the respective topics. Here is a list for the storage chapter: Blob Storage, Azure Files, Azure Disks, Azure Data Catalog, Azure Data Factory, SQL Data Warehouse, Data Lake Analytics, Analysis Services, HDInsight, SQL Database, SQL Server Stretch Database, MySQL, Postgresql , Redis Cache, Data Lake, Azure Search, Azure Time Series, Comsmos DB, MongoDB. There is no topic left open. The same applies to the network chapter.

Chapter 4 "Design security and identity solutions" is very well structured. All terms are introduced at the beginning and then various options with sequence diagrams are played through. Subsequently, the appropriate services such as Azure Active Directoy are introduced. Very nice here is the representation of the integration possibilities with ASP.Net. Otherwise, topics such as integration with Office 365 (calendar access) or key management in the cloud are highlighted.

The fifth chapter is, in my view, more an outlook: "Design solutions by using platform service". Here are the topics like AI, IoT, streaming treated. Here you can take with you, what is possible and what building blocks Azure provides.

The final chapter "Design for operations" deals with cross-functionalities such as monitoring and alarming. A wrapper for the following services will be delivered: Azure Monitor, Azure Advisor, Azure Service Health, Azure Activity Log, Azure Dashboard, Azure Metrics Explorer, Azure Alerts, Azure Log Analytics, Azure Application Insights. Almost every topic has an example including configuration via the Azure portal.

Conclusion: Except for the first chapter a very good book to get started. It is not good for exam preparation, as no questionnaires / multiple choice lists are included. It is a pity that the subchapters have no numbering and you have to navigate with the font sizes. Nevertheless, you will hardly find a faster entry into Azure.


Microsoft Azure: Administration of Virtual Networks / Diagrams

After creating my first vm on Microsoft Azure, i took a closer look at the dashboard - especially at the menu bar of the dashboard:
First point of interest was the menu item "virtual networks", which led me to the following overview:
Hm. A little bit strange, that the virtual networks just show up with a list of the resource groups (you have to create one - otherwise you are not able to launch a virtual machine). But after doing a click on the resource group, a nice overview to my virtual network was provided:

The menu bar in the middle contains the entry "diagram". So let's see, what kind of diagram Azure will present:

The green item represents the network interface card. The other three items stand for the virtual machine, the network security group and public ip address. The next three screenshots show the details you can obtain, by clicking on these icons:


Microsoft Azure: Automation with AZ cli on linux

One thing which is really important for using cloud infrastructures is to automate your tasks like starting virtual machines, creating storage, ...

It is clear, that there is a CLI for Windows, but is there also a CLI on Linux provided by Microsoft?
And really there is one:

The installation procedure can be found here.
# apt-get install apt-transport-https lsb-release software-properties-common dirmngr -y
Paketlisten werden gelesen... Fertig
Abhängigkeitsbaum wird aufgebaut.       
Statusinformationen werden eingelesen.... Fertig
lsb-release ist schon die neueste Version (9.20170808ubuntu1).
dirmngr ist schon die neueste Version (2.2.4-1ubuntu1.2).
Die folgenden Pakete werden aktualisiert (Upgrade):
  apt-transport-https python3-software-properties software-properties-common software-properties-gtk
4 aktualisiert, 0 neu installiert, 0 zu entfernen und 173 nicht aktualisiert.
Es müssen 87,2 kB an Archiven heruntergeladen werden.
Nach dieser Operation werden 2.048 B Plattenplatz zusätzlich benutzt.
Holen:1 http://de.archive.ubuntu.com/ubuntu bionic-updates/universe amd64 apt-transport-https all 1.6.8 [1.692 B]
Holen:2 http://de.archive.ubuntu.com/ubuntu bionic-updates/main amd64 software-properties-common all [9.908 B]
Holen:3 http://de.archive.ubuntu.com/ubuntu bionic-updates/main amd64 software-properties-gtk all [53,6 kB]
Holen:4 http://de.archive.ubuntu.com/ubuntu bionic-updates/main amd64 python3-software-properties all [22,0 kB]
Es wurden 87,2 kB in 0 s geholt (427 kB/s).             
(Lese Datenbank ... 421429 Dateien und Verzeichnisse sind derzeit installiert.)
Vorbereitung zum Entpacken von .../apt-transport-https_1.6.8_all.deb ...
Entpacken von apt-transport-https (1.6.8) über (1.6.6ubuntu0.1) ...
Vorbereitung zum Entpacken von .../software-properties-common_0. ...
Entpacken von software-properties-common ( über ( ...
Vorbereitung zum Entpacken von .../software-properties-gtk_0. ...
Entpacken von software-properties-gtk ( über ( ...
Vorbereitung zum Entpacken von .../python3-software-properties_0. ...
Entpacken von python3-software-properties ( über ( ...
apt-transport-https (1.6.8) wird eingerichtet ...

# echo "deb [arch=amd64] https://packages.microsoft.com/repos/azure-cli/ $AZ_REPO main" > /etc/apt/sources.list.d/azure-cli.list

# apt-key --keyring /etc/apt/trusted.gpg.d/Microsoft.gpg adv \
>      --keyserver packages.microsoft.com \
>      --recv-keys BC528686B50D79E339D3721CEB3E94ADBE1229CF
Executing: /tmp/apt-key-gpghome.D49hIjQpQ5/gpg.1.sh --keyserver packages.microsoft.com --recv-keys BC528686B50D79E339D3721CEB3E94ADBE1229CF
gpg: Schlüssel EB3E94ADBE1229CF: Öffentlicher Schlüssel "Microsoft (Release signing) " importiert
gpg: Anzahl insgesamt bearbeiteter Schlüssel: 1
gpg:               importiert: 1

# apt-get update && apt-get install azure-cli
Die folgenden NEUEN Pakete werden installiert:
0 aktualisiert, 1 neu installiert, 0 zu entfernen und 173 nicht aktualisiert.
Es müssen 43,9 MB an Archiven heruntergeladen werden.
Nach dieser Operation werden 398 MB Plattenplatz zusätzlich benutzt.
Holen:1 https://packages.microsoft.com/repos/azure-cli bionic/main amd64 azure-cli all 2.0.56-1~bionic [43,9 MB]
Es wurden 43,9 MB in 7 s geholt (5.905 kB/s).                                                                                                                               
Vormals nicht ausgewähltes Paket azure-cli wird gewählt.
(Lese Datenbank ... 421429 Dateien und Verzeichnisse sind derzeit installiert.)
Vorbereitung zum Entpacken von .../azure-cli_2.0.56-1~bionic_all.deb ...
Entpacken von azure-cli (2.0.56-1~bionic) ...
azure-cli (2.0.56-1~bionic) wird eingerichtet ...

After that i tried to login:
schroff@zerberus:~$ az login
Note, we have launched a browser for you to login. For old experience with device code, use "az login --use-device-code"
You have logged in. Now let us find all the subscriptions to which you have access...
    "cloudName": "AzureCloud",
    "id": "yyyy-xxxxx",
    "isDefault": true,
    "name": "Free Trial",
    "state": "Enabled",
    "tenantId": "yyyyy-xxxxxx",
    "user": {
      "name": "d.schroff@gmx.de",
      "type": "user"
Within the login process i was redirected to my browser:

and after choosing my account the browser showed up with this message:

And then you can issue commands like:
schroff@zerberus:~$ az vm list
    "additionalCapabilities": null,
    "availabilitySet": null,
    "diagnosticsProfile": {
      "bootDiagnostics": {
        "enabled": true,


Microsoft Azure / Ubuntu: Installation waagent

If you want to build your own Linux images for Microsoft Azure, you have to use waagent. So i created a virtual machine on my local host with ubuntu server.
The installation of waagent is easy, if you know, that the package is not called waagent on ubunut but walinuxagent:
# apt install walinuxagent
Reading package lists... Done
Building dependency tree       
Reading state information... Done
The following NEW packages will be installed:
0 upgraded, 1 newly installed, 0 to remove and 24 not upgraded.
Need to get 170 kB of archives.
After this operation, 1,075 kB of additional disk space will be used.
Get:1 http://archive.ubuntu.com/ubuntu bionic-updates/main amd64 walinuxagent amd64 2.2.32-0ubuntu1~18.04.1 [170 kB]
Fetched 170 kB in 0s (400 kB/s)  
Selecting previously unselected package walinuxagent.
(Reading database ... 66707 files and directories currently installed.)
Preparing to unpack .../walinuxagent_2.2.32-0ubuntu1~18.04.1_amd64.deb ...
Unpacking walinuxagent (2.2.32-0ubuntu1~18.04.1) ...
Processing triggers for ureadahead (0.100.0-20) ...
Setting up walinuxagent (2.2.32-0ubuntu1~18.04.1) ...
update-initramfs: deferring update (trigger activated)
Created symlink /etc/systemd/system/multi-user.target.wants/walinuxagent.service → /lib/systemd/system/walinuxagent.service.
Created symlink /etc/systemd/system/multi-user.target.wants/ephemeral-disk-warning.service → /lib/systemd/system/ephemeral-disk-warning.service.
Processing triggers for ureadahead (0.100.0-20) ...
Processing triggers for initramfs-tools (0.130ubuntu3.6) ...
update-initramfs: Generating /boot/initrd.img-4.15.0-45-generic
To get more information wether waagent is supported for your preferred distribution just check this github page: https://github.com/Azure/WALinuxAgent


Microsoft Azure: Where to find the logs

When working with Microsoft Azure, you want to be able to review all actions taken inside your cloud. Therefore you have to go to "monitor":
Inside the subwindow just select "activity log" and edit the filters to your needs (i added "successful):

Some of the activities can be further drilled down. For example the creation of a virtual machine lists many subactivities like "created or updated public ip address":