Design Azure Automation and PowerShell workflows

It is important to note the importance of PowerShell, it can be used to carry out any task available in the Azure portal and more beyond that. To get started download the Azure module for Powershell, which is installed by the Web Platform Installer. PowerShell must authenticate with Azure before carrying out any operations which can be achieved using:

  • AD account – Add-AzureAccount
  • Computer certificate – Get-AzurePublishSettingsFile

Some common commands to be aware of:

  • Get-AzureAccount (accounts currently connected)
  • Remove-AzureAccount (remove connected accounts)
  • Get-Help (show help on PowerShell commands)

The MSDN Azure Cmdlet Reference site is one useful source of information on available Azure PowerShell cmdlets and commands. The Azure GitHub repository ‘contains a set of PowerShell cmdlets for developers and administrators to develop, deploy and manage Microsoft Azure applications.’

Windows PowerShell workflows (runbooks) can be configured in Azure Automation and provide powerful automation and orchestration capabilities.


Design a disaster recovery strategy

Microsoft and Azure services which can be used as part of a DR strategy include:

  • Azure Backup – scalable, off-site, encrypted backup service
    • Create a recovery vault, specify the Azure region
    • Download vault credentials
    • Download agent
    • Install agent
    • Upload vault credentials
    • Launch backup
    • Configure backup properties
    • Schedule backup
  • StorSimple – hybrid storage appliance with tiered disk storage (SSD, SATA) and Azure storage.
    • Uses de-duplication and compression techniques
    • Use for backup and DR in addition to production storage
    • Data encrypted in flight and at rest, store encryption keys on-premise
    • Storage presented using iSCSI
    • 2 physical appliances available and a virtual appliance
  • Data Protection Manager – Microsoft’s enterprise backup and recovery solution which supports Bare Metal Restore (BMR) and file level recovery.
    • Integrates with Azure by registering with the associated Azure Backup Vault
    • Use tape, local disk storage or Azure
    • Supports workloads including server, client, SQL Server, SharePoint, Hyper-V, VM, Exchange

StorSimple is the optimal solution for high performance storage and support of low RTO and RPO requirements. Azure Backup is a cost-effective, simple solution for providing block level backup and and file level restore with a supported agent. Data Protection Manager can be integrated with Azure Backup and provides additional capabilities for protecting and recovering Microsoft workloads.

Design Azure BC and DR capabilities

When planning a BC / DR strategy it is important to understand:

  • RPO (Recovery Point Objective) i.e. the maximum time in minutes for which data loss is acceptable when recovering from a disaster
  • RTO (Recovery Time Objective) i.e. the maximum time in minutes it takes to recover service in the event of a disaster
  • Synchronous vs. Asynchronous replication i.e. whether operations are carried out at the same time or queued
  • SLA (Service Level Agreement) for the underlying services

When designing high availability into Azure services consider:

  • Use of Availability Sets and load balancing for Virtual Machines
  • SQL Server AlwaysOn (=> 3 node WSFC – Primary Replica, Secondary Replica, FSW)
  • SQL Mirroring

Hyper-V Replica provides asynchronous replication of VMs without a shared storage requirement however shared storage can be leveraged with supported SANs for additional functionality. Azure Site Recovery also works wtih Hyper-V Replica.

System Center can provide orchestration for Site Recovery failovers.

Design a monitoring strategy

Operations Manager is the primary monitoring component within System Center which integrates with other Azure services. On-premise SCOM deployments can integrate with Azure through deployment of the Azure Management Pack for Operations Manager.

The ideal configuration, particularly when a larger number of systems are deployed on Azure is to deploy a SCOM Gateway server. Systems can be configured as proxy agents to monitor other systems which are not directly accessible. TCP port 5723 is used for monitoring traffic.

By uploading the SCOM server Public Key to Azure Storage it is possibly to collect data from the Azure Monitor and Diagnostic Service (Windows, Azure, App Sources, Counters, Events, Logs, Dumps).

Azure build in monitoring capabilities include:

  • Default metrics (CPU usage, disk read / write, network in / out)
  • Web apps metrics (CPU time, data in / out, HTTP server errors, requests)
  • Application diagnostics and logging:
    • Application Logging (File System) – access from FTP share for web app
    • Application Logging (Table Storage) – access from specified field table
    • Application Logging (Blob Storage) – access from blob container

Configure application logging, certificate authentication and verbose logging for additional logging and statistics.

3rd party tools are also available often through the marketplace:

Global Service Monitor is an Azure cloud service which works with SCOM to monitors web applications from an end-user perspective and can help identify issues with DNS, network connectivity, etc.

Application Insights provides deep insight into your applications running on a VM or web role and integrates with SCOM to provide a single consolidated view.

When designing application resiliency consider the use of:

  • Availability Sets to split instances across Fault and Update Domains
  • 2 Fault Domains exist in Azure
  • Up to 20 Update (or Upgrade) Domains can be used but only 5 are by default
  • Use Virtual IP (VIP) Swap to test application upgrades

Design websites for business continuity

Scale-out web apps on Basic, Standard and Premium tiers to 3, 10 and 20 instances respectively. Scale-up to provide additional resource to each instance with higher tiers increasing the limit. Azure SQL also offers Elastic Scale to scale horizontally (sharding) and vertically (250GB Standard, 500GB Premium).

CDN allows content to be replicated globally to be served up to users faster. Files are cached in local Azure Blob storage and accessed using the CDN address. This does not need to be considered when designing web applications which may refer to the original address.

Traffic Manager enables websites to be deployed to multiple regions and accessed using a single URL.

SQL Sync is a feature of Azure SQL which sychronises a database or select tables and columns on a schedule from the source to a HUB database which could be in Azure or on-premise. SQL Sync does not synchronise transactions.

SQL geo-replication allows recovery of a database to another Azure region. Standard tier provides an offline secondary, Premium tier provides up to 4 readable backups.

Web Apps allow a single backup of websites per day, Premium allows up to 50 backups per day. Web App backups will save Web App files, associated database, log files from the website and WebJobs. With Free and Basic FTP(S) or a GIT Clone URL can be used as an alternative.

When designing the data tier it is important to consider the data storage type and scaling of the data:

  • Use of relational (RDBMS) e.g. SQL or non-relational database (e.g. Azure Table Storage, DocumentDB)
  • Scale, size of database supported
  • Normalization of data vs. performance of too many linked tables
  • Backup of historic data to reduce security exposure and database size

Deploy websites

Several methods exist for deploying Azure websites: 

Azure site extensions can be deployed to add custom administrator functionality to your website.Site Control Manager can be setup to manage sites and extensions.

Web deployment packages can be created in Visual Studio and allow quick deployment of websites:

  • .zip file contains all files for deployment including:
    • .cmd file to customise IIS installation
    • .xml files to specify site parameters

Azure App Service Plan provides a mechanism to group web apps and other app services together to manage and scale. Deployment slots allow code to be staged and easily promoted from development to production and backed out. Database connection strings can be sticky per slot to ensure when new code is promoted into production it will use the production database and vice versa.

Web Apps can use a local GIT repository on Azure or an existing source control system. Dropbox can also be used with Azure as an external deployment source with the rollback feature enabled to revert to previous code versions.



Design web apps for scalability and performance

Websites can be scaled globally by serving content to clients using the CDN service and Azure Traffic Manager for performance load balancing.

Create website using Visual Studio and Azure SDK. Publish web applications using:

  • Azure PowerShell script
  • Publish from Visual Studio using Web Deploy
  • Publish using FTP

Debug published websites using:

  • Monitoring metrics through Azure portal
  • Azure Application Insights
  • Visual Studio for remote debugging
  • Site Control Manager (Project Kudu)

Azure provides support for developing applications and websites in a number of languages:

  • .NET (C#, Visual Basic)
  • Java (tomcat or jetty)
  • Node.js (server-side version of JavaScript)
  • PHP
  • Python

It is possible to run web applications on Virtual Machines, Cloud Services or Web Apps. Each provides benefits, a VM will allow greater flexibility in providing full control of the Operating System and installed applications while a Web App can be a more cost effective option with less management overhead and is easier to scale.