Azure Service Healing

I often get asked what happens if an Azure service or resource crashes.
I’m also sometimes asked how Azure keep Virtual Machines running 100%.

Well lets start with the second question. They Don’t! Azure is an extremely reliable platform but is still based on industry standard physical servers, power, networking… And sometimes a failure may occur that can cause a VM to reboot or go offline. Having said that uptime is of course extremely high, some services being higher than others. You can find official SLA listings here.

Now regarding what happens if a service does fail. Well Azure has a an Auto-Recovery feature called service healing. Auto-Recovery is available across all Virtual Machine sizes in all regions.
Azure has multiple ways to preform health checks on your resources. Every VM deployed in the form if Web and Worker role has an agent injected in to it that run a health check every 15 seconds, a web farm behind a load balancer will also have health checks performed by the load balancer itself. If a predefined number of consecutive health check fail or a signal from the load balancer causes a role to become unhealthy then a recovery action will be initiated which is to restart the role instance.

Another test preformed is the health of the virtual machine itself within which the role instance is running. The virtual machine is hosted on a physical server running inside an Azure datacenter. The physical server runs another agent called the Host Agent. The Host Agent monitors the health of the virtual machine by pinging the guest agent every 15 seconds. It is quite plausible that a virtual machine is under stress from its workload, which could be its CPU is at 100% utilization, because a machine may be under heavy load Azure will wait 10 minutes before preforming a recovery action. The recovery action in this case is to recycle the virtual machine with a clean OS disk in the case of a Web & Worker Role and in the case of Azure Virtual Machine we perform a reboot preserving the disk state intact.

Apart from this Azure take as many measures as possible to predict failure in advance this includes extensive monitoring of all hardware in the Datacenter including CPU, Disk IO etc.

Azure Cool Blob Storage

Azure’s new cool blob is now GA. But what is cool blob?

Well cool blob is a new blob storage feature for data that is accessed infrequently. In other words it’s good for backups, archives, scientific data etc.

The price of a cool blob is extremely low, between 1 to 1.6 cents per GB per month depending on region.

Cool blobs come with a 99% SLA compared with the 99.9% SLA offered on it’s hot tier. Azure cool blobs API is 100% compatible with existing blob storage offerings.

The Service is only available using the new modern ARM deployment, so if for some reason you need to use classic deployment then you cant take advantage of the new service. Also the service is offered as a block blob for unstructured data, so it can’t be used to store IAAS VHD’s, this makes sense as VHD’s need random read and write operations.

You can read more on the new offering at the Azure Blog over here

Important Notice For All Office 365 Hybrid Environments

Just saw this important blog issue from Microsoft.

On April the 15th Microsoft is renewing the TLS Certificate used by Office 365.

This means that hybrid mail flow may be broken for users who do not take appropriate action.

This fix is quite simple. All on-prem servers used for hybrid  need to be updated to Exchange 2013 CU9 or later and the Exchange hybrid wizard needs to be run again.

You can find the latest version of the hybrid wizard over here

You can find the full Microsoft blog regarding this issue over here

How To Manage Scheduler in new Azure AD Connect 1.1.105.0

As I mentioned last week the new version of Azure AD Connect has been released and now includes a built in scheduler. This means that it no longer relies on the Windows Task Scheduler to run synchronization jobs. While this is defiantly an improvement it does mean that you can no longer use the Windows task scheduler to manually run a job. That is now all down to PowerShell, so after tinkering around a bit I decided to list some of the most required commands for running jobs.

Fist of all after initial installation there is a Check box to start the initial sync after installation. If you do not check this box the sync will never run until a correct command is issued.Start Sync

To check if Sync is enabled or not we need to run the following command Get-ADSyncScheduler

Check Sync

In my case you can see that SyncCycleEnabled is set to true. However if it set to false then the client is not performing any syncs.
To enable the Sync cycle you will need to issue the following command Set-ADSyncScheduler -SyncCycleEnabled $True
The sync will be run automatically once every 30 minutes.

To manually kick off a sync cycle we will need to issue one of the following commands.

Start-ADSyncSyncCycle -PolicyType Delta

A delta sync cycle will:

  • Delta import on all connectors
  • Delta sync on all connectors
  • Export on all connectors

This is the command that you will usally use to run a manuall sync.

You could also run a full cycle by issuing the following command
Start-ADSyncSyncCycle -PolicyType Initial

An initial sync cycle will

  • Full import on all connectors
  • Full sync on all connectors
  • Export on all connectors

You mainly want to issue this command if you have made one of the following changes:

  • Added more objects or attributes to be imported from a source directory
  • Made changes to the Synchronization rules
  • Changed filtering so a different number of objects should be included

If for some reason you need to stop the Sync Scheduler then you can issue the following command Stop-ADSyncSyncCycle

So now that you know the commands you can go ahead and update to the latest version of Azure AD Connect.

 

 

 

 

New Azure AD Connect 1.1.105.0

The new version of Azure AD connect has been released.

So what’s new?

  • Automatic upgrade feature for Express settings customers.
    Support for the global admin using MFA and PIM in the installation wizard.
  • user’s sign-in can be changed after initial install.
  • We can now set Domain and OU filtering in the installation wizard.
  • We get a Scheduler is built-in to the sync engine.

Also Device Writeback and Directory extensions are now fully available (previously these were preview only).

You can download the new version of Azure AD Connect here.

Azure V2 is now the default portal

For those who have worked with Azure already you’ve probably seen the link for the preview portal?

Well the preview portal is now more or less out of preview. I say more or less as some services such as Azure AD will still redirect you back to the classic portal.

However most services such as Virtual Machines, Networking, SQL… can now be fully managed through the new portal.

The new portal isn’t just a portal it’s partly a new Azure and is being referred to as Azure V2.

There a re many functionality changes the main being that we now cluster recourses into a resource group (AKA – ARM – Azure Resource Manager) to allow for lifecycle management of shared resources.
This in a way replaces the former Cloud Service.

Also Networking is rebuilt from the ground up, objects such as load balancers and nics which provide a lot of flexibility in how you design your resources.
Allowing us to separately manage traffic rules per ARM, VM, nic or load balancer.

Unfortunately current VM’s and resources created in Cloud Service are still managed through the classic portal. Only newly created VM’s created in the new portal (or Powershell) and odcourse deployed to ARM can be managed from the New portal.

My understanding is that Microsoft is working on a migration path to the New model.

Let’s hope they make this available to us soon.

Linux Integration Services 4.0.11 released for Hyper-V

Microsoft just released and update for Linux integration tools.
The new integration tools are available for download here

The integration tools allow running of the supported Linux distributions on the following platforms:

  • Windows Server 2008 R2 (applicable editions)
  • Microsoft Hyper-V Server 2008 R2
  • Windows 8 Pro, 8.1 Pro, 10 and 10 Pro
  • Windows Server 2012 and 2012 R2
  • Microsoft Hyper-V Server 2012 and 2012 R2
  • Windows Server Technical Preview
  • Microsoft Hyper-V Server Technical Preview
  • Microsoft Azure

The new integration tools add support for the following Linux releases:

  • Red Hat Enterprise Linux 5.5-5.11 32-bit, 32-bit PAE, and 64-bit
  • Red Hat Enterprise Linux 6.0-6.7 32-bit and 64-bit
  • Red Hat Enterprise Linux 7.0-7.1 64-bit
  • CentOS 5.5-5.11 32-bit, 32-bit PAE, and 64-bit
  • CentOS 6.0-6.7 32-bit and 64-bit
  • CentOS 7.0-7.1 64-bit
  • Oracle Linux 6.4-6.7 with Red Hat Compatible Kernel 32-bit and 64-bit
  • Oracle Linux 7.0-7.1 with Red Hat Compatible Kernel 64-bit

Also remember that many Linux distributions already have Integration tools included with them and there is no need for a separate install.
You can find the list of supported Linux versions over here.