Windows Server

Deploy Azure VM Pool and Load Balancer

Neste post iremos demonstrar o deploy de Virtuais Machines em Windows Server 2016 com IIS Habilitado, porém iremos fazer em alta disponibilidade com metade de nosso ambiente em ZONA 1 e a outra metade em ZONE 2, a diferença aqui será no deploy feito com @Array, com isso conseguimos criar varias VMs em apenas uma linha de comando azure cli bash.

Vamos ao nosso cenário:

Vamos ao nosso código bash (azure cli)

##Declarando Variaveis (Obrigatório)
export Subscription_Name="XXXXXXXXXXXXX"  ###Substituir pela sua subscription
export RG="rg"
export Depto_Corp="corp"
export ObjectNameCorp="web"
export Env="prod"
export Location="eastus"
export RGNameCorpWeb="${RG}"-"${Depto_Corp}"-"${ObjectNameCorp}"-"${Env}"-"${Location}"

##Declarando Variaveis de Rede
export vnet="vnet"
export VnetNameWEB="${vnet}"-"${Depto_Corp}"-"${ObjectNameCorp}"-"${Env}"-"${Location}"
export CIDR_WEB="10.40.50.0/24"
export Prefix_WEBFE01="10.40.50.0/26"
export Prefix_WEBFE02="10.40.50.64/26"
export snet="snet"
export SnetNameWebFE01="${snet}"-"${Depto_Corp}"-"${ObjectNameCorp}"-"${Env}"-"${Location}"-fe01
export SnetNameWebFE02="${snet}"-"${Depto_Corp}"-"${ObjectNameCorp}"-"${Env}"-"${Location}"-fe02

##Declarando Variaveis de VMs
export VM_Object_Name="vm"
export VMName="${VM_Object_Name}""${ObjectNameCorp}""${Env}"
export SKU="Standard_LRS"
export Image_Windows="Win2016Datacenter"
export OsDisk_Name="disk-os"
export Zone01="1"
export Zone02="2"
export UserName="azroot"
export Password="[email protected]#"
export VMSize="Standard_DS1_v2"

##Declarando Variaveis de Interfaces de Rede
export Int_Object_Name01="int"
export Int_Object_Name02="eth"
export Int_Number="0"
export IntNameWeb="${Int_Object_Name01}"-"${Int_Object_Name02}""${Int_Number}"-"${VM_Object_Name}"-"${ObjectNameCorp}"-"${Location}"

##Declarando Variaveis de Storage Account
export Storage_Object_Name01="stg"
export Storage_Object_Name02="diag"
export StorageNameFE="${Storage_Object_Name01}""${Storage_Object_Name02}""${VM_Object_Name}""${ObjectNameCorp}""${Depto_Corp}"

##Declarando Variaveis NSG
export NSG_Object_Name="nsg"
export NSGWEB="${NSG_Object_Name}"-"${snet}"-"${Depto_Corp}"-"${Env}"-"${Location}"-fe

##Variaveis de Load Balance
export ObjectNameWebLB="lb"
export ObjectName_WebLB="${ObjectNameWebLB}"-"${Depto_Corp}"-"${ObjectNameCorp}"-"${Env}"-"${Location}"
export SKULB="Standard"
export PoolFE="PoolFE"
export PoolBE="PoolBackend"

##Declarando Variaveis de IP Publico
export PublicIPWebObject="pip"
export PublicIPWebSku="Standard"
export PublicIPNameWeb01="${PublicIPWebObject}"-"${Depto_Corp}"-"${ObjectNameCorp}"-"${Env}"-"${Location}"-1

##Variaveis de Tags
export Description="Departamento"
export Value_Description="${Depto_Corp}"
export Cost_Center="Centro de Custo"
export Cost_Center_Value="${Depto_Corp}"
export Support_Description_Description="E-mail Suporte"
export Support_Description_Value="support"-"${Depto_Corp}""@xpto.com"

###Selecionar subscription
az account set --subscription "${Subscription_Name}"

###Criando Resource Group
az group create -n "${RGNameCorpWeb}" -l "${Location}" \
--tags "${Description}"="${Value_Description}" "${Cost_Center}"="${Cost_Center_Value}" "${Support_Description_Description}"="${Support_Description_Value}"

###Criando Storage Account
az storage account create -g "${RGNameCorpWeb}" -n "${StorageNameFE}" --sku "${SKU}" -l "${Location}" --tags "${Description}"="${Value_Description}" "${Cost_Center}"="${Cost_Center_Value}" "${Support_Description_Description}"="${Support_Description_Value}"

###Criando NSG
az network nsg create -g "${RGNameCorpWeb}" -n "${NSGWEB}" -l "${Location}" \
--tags "${Description}"="${Value_Description}" "${Cost_Center}"="${Cost_Center_Value}" "${Support_Description_Description}"="${Support_Description_Value}"

###Criando Regras NSG InBound
az network nsg rule create -g "${RGNameCorpWeb}" --nsg-name "${NSGWEB}"  --name 'AllowHttpsInBound' \
--protocol 'tcp' --direction 'inbound' --source-address-prefix 'internet' --source-port-range '*' \
--destination-address-prefix '*' --destination-port-range '443' --access 'Allow' --priority '120'

az network nsg rule create -g "${RGNameCorpWeb}" --nsg-name "${NSGWEB}"  --name 'AllowHttpInBound' \
--protocol 'tcp' --direction 'inbound' --source-address-prefix 'internet' --source-port-range '*' \
--destination-address-prefix '*' --destination-port-range '80' --access 'Allow' --priority '121'

###Criando Vnet
az network vnet create -g "${RGNameCorpWeb}" -n "${VnetNameWEB}" --address-prefix "${CIDR_WEB}" \
-l "${Location}" --tags "${Description}"="${Value_Description}" "${Cost_Center}"="${Cost_Center_Value}" "${Support_Description_Description}"="${Support_Description_Value}"

###Criando Snet
az network vnet subnet create -g "${RGNameCorpWeb}" --vnet-name "${VnetNameWEB}" \
-n "${SnetNameWebFE01}" --address-prefixes "${Prefix_WEBFE01}"

az network vnet subnet create -g "${RGNameCorpWeb}" --vnet-name "${VnetNameWEB}" \
-n "${SnetNameWebFE02}" --address-prefixes "${Prefix_WEBFE02}"

###Anexando NSG a Snet
az network vnet subnet update -g "${RGNameCorpWeb}" --vnet-name "${VnetNameWEB}" \
-n "${SnetNameWebFE01}" --network-security-group "${NSGWEB}"

az network vnet subnet update -g "${RGNameCorpWeb}" --vnet-name "${VnetNameWEB}" \
-n "${SnetNameWebFE02}" --network-security-group "${NSGWEB}"

###Criando IP Publico
az network public-ip create -g "${RGNameCorpWeb}" -n "${PublicIPNameWeb01}" --sku "${PublicIPWebSku}"

##Criando interfaces de Rede (Snet1)
array=("${IntNameWeb}"-001 "${IntNameWeb}"-002 "${IntNameWeb}"-003 "${IntNameWeb}"-004 "${IntNameWeb}"-005)
  for vmnic in "${array[@]}"
  do
    az network nic create \
    --resource-group "${RGNameCorpWeb}" --name $vmnic --vnet-name "${VnetNameWEB}" --subnet "${SnetNameWebFE01}"
  done

##Criando interfaces de Rede (Snet2)
array=("${IntNameWeb}"-006 "${IntNameWeb}"-007 "${IntNameWeb}"-008 "${IntNameWeb}"-009 "${IntNameWeb}"-010)
  for vmnic in "${array[@]}"
  do
    az network nic create \
    --resource-group "${RGNameCorpWeb}" --name $vmnic --vnet-name "${VnetNameWEB}" --subnet "${SnetNameWebFE02}"
  done

###Criando Maquinas Virtuais
array=(-001 -002 -003 -004 -005)
  for n in "${array[@]}"
  do
    az vm create -g "${RGNameCorpWeb}" --name "${VMName}"$n --nics "${IntNameWeb}"$n \
    --image "${Image_Windows}" \
    --admin-username "${UserName}" \
    --admin-password "${Password}" \
    --os-disk-name "${OsDisk_Name}"-"${VMName}"$n \
    --zone "1" --size "${VMSize}" \
    --boot-diagnostics-storage "${StorageNameFE}" \
    --tags "${Description}"="${Value_Description}" "${Cost_Center}"="${Cost_Center_Value}" "${Support_Description_Description}"="${Support_Description_Value}"
    done

array=(-006 -007 -008 -009 -010)
  for n in "${array[@]}"
  do
    az vm create -g "${RGNameCorpWeb}" --name "${VMName}"$n --nics "${IntNameWeb}"$n \
    --image "${Image_Windows}" \
    --admin-username "${UserName}" \
    --admin-password "${Password}" \
    --os-disk-name "${OsDisk_Name}"-"${VMName}"$n \
    --zone "2" --size "${VMSize}" \
    --boot-diagnostics-storage "${StorageNameFE}" \
    --tags "${Description}"="${Value_Description}" "${Cost_Center}"="${Cost_Center_Value}" "${Support_Description_Description}"="${Support_Description_Value}"
    done

###Ativando IIS nas VMs criadas
array=(-001 -002 -003 -004 -005 -006 -007 -008 -009 -010)
  for n in "${array[@]}"
  do
    az vm extension set --publisher Microsoft.Compute --version 1.8 --name CustomScriptExtension \
    --vm-name "${VMName}"$n --resource-group "${RGNameCorpWeb}" \
    --settings '{"commandToExecute":"powershell Install-WindowsFeature -Name Web-Server -IncludeAllSubFeature -IncludeManagementTools; powershell Add-Content -Path \"C:\\inetpub\\wwwroot\\Default.htm\" -Value $($env:computername)"}'
    done

##Criando Load Balance
az network lb create -g "${RGNameCorpWeb}" -n "${ObjectName_WebLB}" --sku "${SKULB}" \
--frontend-ip-name "${PoolFE}" --backend-pool-name "${PoolBE}" --public-ip-address "${PublicIPNameWeb01}" \
--tags "${Description}"="${Value_Description}" "${Cost_Center}"="${Cost_Center_Value}" "${Support_Description_Description}"="${Support_Description_Value}"

#Create health probe on port 80/443
az network lb probe create -g "${RGNameCorpWeb}" --lb-name "${ObjectName_WebLB}" \
--name "Probe-HTTPS" --protocol tcp --port 443

az network lb probe create -g "${RGNameCorpWeb}" --lb-name "${ObjectName_WebLB}" \
--name "Probe-HTTP" --protocol tcp --port 80

#Create load balancer rule for port 80/443
az network lb rule create -g "${RGNameCorpWeb}" --lb-name "${ObjectName_WebLB}" \
--name "HTTP" --protocol "tcp" --frontend-port 80 --backend-port 80 --frontend-ip-name "${PoolFE}" \
--backend-pool-name "${PoolBE}" --probe-name Probe-HTTP

az network lb rule create -g "${RGNameCorpWeb}" --lb-name "${ObjectName_WebLB}" \
--name "HTTPS" --protocol "tcp" --frontend-port 443 --backend-port 443 --frontend-ip-name "${PoolFE}" 
--backend-pool-name "${PoolBE}" --probe-name Probe-HTTPS

#Adicionando Inteface REDE ao pool de backend Load Balance
array=("${IntNameWeb}"-001 "${IntNameWeb}"-002 "${IntNameWeb}"-003 "${IntNameWeb}"-004 "${IntNameWeb}"-005 "${IntNameWeb}"-006 "${IntNameWeb}"-007 "${IntNameWeb}"-008 "${IntNameWeb}"-009 "${IntNameWeb}"-010)
  for vmnic in "${array[@]}"
  do
    az network nic ip-config address-pool add \
        --resource-group "${RGNameCorpWeb}" \
        --nic-name $vmnic \
        --address-pool "${PoolBE}" \
        --ip-config-name "ipconfig1" \
        --lb-name "${ObjectName_WebLB}"
        done

####Fim do Script

Vamos aos objetos criados

Nossas VM em Zonas diferentes ###

Nosso LB

Vamos ver nossoas VM com ISS instalado

Agora vamos ver na prática o funcionamento, fiz os acessos via celular

Espero ter ajudado.

Seja Feliz!!!!!!!!!!!!!

VPN IPSec Azure and AWS (Static Route), native resources.

Neste post irei ensinar a configurar uma VPN IPSec entre Azure e AWS de forma nativa com os recursos das Clouds Públicas sem utilizar recursos de Marketplace (Terceiros).

Em nosso cenário temos:

AWS (Região Sao Paulo sa-east-1)
VPC 10.15.0.0/16 (my-vpc-01)
Subnet 10.15.1.0/24 (my-subnet-01)
Route Table (my-routetable-01)
EC2 (my-ec2-)
Security Group (my-sg-01)
Costumer Gateway (my-cgw-01)
Virtual Private Gateway (my-vpg-01)
Site-to-Site Connection (my-con-01)

Azure (Região brazilsouth)
Vnet 10.5.0.0/16 (vnet-vgw-shared-brazilsouth)
Snet 10.5.0.192/26 (GatewaySubnet)
Snet 10.5.1.0.0/24 (snet-vgw-shared-brazilsouth-01)
NSG (NSG-Snet-01)
Virtual Machine (vm-jump-01)
Local Gateway Network (lgw-peer-aws-01)
Connections (con-aws-01)

Vamos a nossa configuração, iremos iniciar pela AWS, não irei criar todos os objetos (ja vimos isso antes), irei focos apenas na configuração.

Nossa VPC

Nossa Subnet

Nosso Route Table

Nossa EC2

Nosso SG (Security Group)

Nosso Costumer Gateway (Static Route)

Nosso VPG com nossa VPC anexada

Nossa conexão Site-to-Site

Agora vamos as configurações, vamos habilitar a propagação de rotas de nosso VPG e adicionar as redes em nosso SG (AWS)

1-) em nosso Route Table

1-) Vamos associar nossa subnet

3-) Em nosso SG, vamos deixar liberadas as conexões de entrada para as redes da AWS 10.15.0.0/16 e rede Azure 10.5.0.0/16

Agora vamos para as nossas configurações no Azure.

Nosso Gateway de VPN

Nosso Local Network Gateway

Nossa Vnet

Agora as configurações

1-) Local Network Gateway
IP do Peer da AWS (aws fornece dois, vamos utilizar somente um) 54.207.82.77
Address Space (rede AWS) 10.15.0.0/16
2-) A conexão, aqui somente precisaremos informar a PSK que encontra-se no arquivo para download na AWS
3-) No NSG no Azure não é preciso fazer nada, pois no Azure o NSG é permissivo (ou seja libera tudo “VirtualNetwork”)
4-) Não é preciso criar routas, pois quando informamos a rede remota em nosso “local gateway network” automaticamente ja é criada a roda para vnet toda, vejam as rotas efetivas na interface da VM em nossa subnet no azure:

Agora nossa conexão no Azure (Status Connected)

Agora nossa conexão na AWS (Status Ativo)

Agora tem conseguimos estabelecer o Tunel VPN, vamos testar a conectividade

Em nossa VM Azure (Windows), vamos testar a conectividade com a rede AWS 10.15.0.0/16

Temos resposta positiva, agora em nossa EC2 na AWS

Nossa EC2

Como mostrado na figura acima temos conectividade com a rede Azure.

Espero ter ajudado.

Referencias
https://aws.amazon.com/pt/blogs/aws-brasil/configurando-uma-conexao-vpn-site-a-site-entre-a-aws-e-o-azure/

https://techcommunity.microsoft.com/t5/fasttrack-for-azure/how-to-create-a-vpn-between-azure-and-aws-using-only-managed/ba-p/2281900

*Obs: Obviamente deixei os recursos de segurança como SG (Security Group AWS) e NSG (Network Security Group Azure) abertos para facilitar o aprendizado, mas em um ambiente de produção, logicamente não deixaremos tudo aberto, somente as portas necessárias.

**Obs: Se houver mais de uma VPC/Vnet que precisam de comunica por este mesmo tunel de VPN, se necessário configurar um transit gateway para este fim, em um próximo post irei criar VPN IPSec entre Azure e AWS, utilizando Transit Gateway, o cenário ficará assim:

AWS sa-east-1 VPC-1 10.128.0.0/24 VPC-2 10.129.0.0/24
Azure brazilsouth Vnet-1 10.130.0.0/24 Vnet-2 10.131.0.0/24

Seja feliz!!!!!!!!!!!!!!!!







Criando Web Site com alta disponibilidade Azure CLI (Bash)

Neste artigo iremos criar Web Site em alta disponibilidade, composto por duas VM Windows Server 2019 com IIS habilitado e um load balance, não iremos abordar aqui segurança como Application Gateway, WAF, API MAN, etc. Este artigo visa somente a criação via scritp de toda a infraestrutura (também não iremos abordar o deploy de qualquer aplicação neste artigo).

#!/bin/bash

##Declarando Variaveis (Obrigatório)

export Subscription_Name=”Santana-Corp”
export RG_Name=”WEBSERVER-PRD-EAST”
export Location=”eastus”
export Object_Name=”WEBSERVER”

##Storage Accout

export Storage=”stgdiag${Object_Name,,}”
export SKU_Storage=”Standard_LRS” ##Exemplo Standard_LRS##

##Grupo de Disponibiliade Availability Set

export Name_AV_SET=”AV-SET”-“${Object_Name}”

##Network Security Group NSG

export NSG_Name=”NSG”-“${Object_Name}”
export Fault_Domain=”3″
export Update_Domain=”20″
export Rule01=”HTTP”
export Rule02=”HTTPS”

##Vnet Existente (Variaveis para utilizar Vnet Existente)

export RG_Vnet=”Resource Group da Vnet existente”
export Subnet_Name=”Subnet da Vnet existente”
export Vnet_Name=”Vnet existente”

##Variaveis de Rede (Obrigatório)

export NIC_Name1=”NIC”-“${Object_Name}”1
export NIC_Name2=”NIC”-“${Object_Name}”2
export Accelerated=”False”
export PublicIP=”PUBLIC-IP”-“${Object_Name}”
export PublicIP_Method=”Static”
export ELB_Name=”ELB”-“${Object_Name}”
export SKU=”Basic”
export Frontend_Name=”FE”-“${Object_Name}”
export BackendPool_Name=”BEP”-“${Object_Name}”
export ProbeName01=”Probe-http”
export ProbeName02=”Probe-https”
export Protocol01=”tcp”
export Port01=”80″
export Port02=”443″

##Variavel para criacao da VM (Obrigatório)

export Image_SO=”Win2019Datacenter”
export VM_Name1=”VM”-“${Object_Name}”1
export VM_Name2=”VM”-“${Object_Name}”2
export User_Name=”azroot”
export PWD=”#[email protected]#”
export Size=”Standard_D2S_v3″
export SKU_STG=”Standard_LRS” ## Disco ##
export DiskName_01=”DISK”-“${Object_Name}”01
export DiskName_02=”DISK”-“${Object_Name}”02
export SizeDisk_01=”256″
export SizeDisk_02=”512″
export Disk_Data01=”DISK-DATA”-“${Object_Name}”1
export Disk_Data02=”DISK-DATA”-“${Object_Name}”2

##Variaveis TAGs (Não Obrigatório)

export Costacenter=”Centro de Custos”
export Value_Costcenter=”111245″
export Environment=”Environment”
export Environment_Value=”Produção”
export Depto=”Departamento”
export Depto_Value=”Recursos Humanos”

###Execução do Script

###Selecionar subscription

az account set –subscription “${Subscription_Name}”

###Criando Resource Group

az group create -n “${RG_Name}” -l “${Location}” –tags “${Costacenter}”=”${Value_Costcenter}” “${Environment}”=”${Environment_Value}” “${Depto}”=”${Depto_Value}”

###Criando Storage Accout

az storage account create -g “${RG_Name}” -n “${Storage}” -l “${Location}” –sku “${SKU_Storage}” –tags “${Costacenter}”=”${Value_Costcenter}” “${Environment}”=”${Environment_Value}” “${Depto}”=”${Depto_Value}”

###Criano IP Publico

az network public-ip create -g “${RG_Name}” -n “${PublicIP}” -l “${Location}” –allocation-method “${PublicIP_Method}” –tags “${Costacenter}”=”${Value_Costcenter}” “${Environment}”=”${Environment_Value}” “${Depto}”=”${Depto_Value}”

###Criando Network Security Group NSG

az network nsg create -g “${RG_Name}” -n “${NSG_Name}” -l “${Location}” –tags “${Costacenter}”=”${Value_Costcenter}” “${Environment}”=”${Environment_Value}” “${Depto}”=”${Depto_Value}”

###Criar regras NSG

az network nsg rule create -g “${RG_Name}” –nsg-name “${NSG_Name}” -n “${Rule01}” –protocol tcp –priority 100 –source-address-prefixes 0.0.0.0/0 –destination-port-range 80 –access allow
az network nsg rule create -g “${RG_Name}” –nsg-name “${NSG_Name}” -n “${Rule02}” –protocol tcp –priority 101 –source-address-prefixes 0.0.0.0/0 –destination-port-range 443 –access allow

###Criar Grupo de Disponibilidade

az vm availability-set create -g “${RG_Name}” -n “${Name_AV_SET}” –platform-fault-domain-count “${Fault_Domain}” –platform-update-domain-count “${Update_Domain}” -l “${Location}” –tags “${Costacenter}”=”${Value_Costcenter}” “${Environment}”=”${Environment_Value}” “${Depto}”=”${Depto_Value}”

###Declarando varivel para utilizar Vnet existente (Obrigatório)

SUBNET_ID001=$(az network vnet subnet show –name “${Subnet_Name}” –vnet-name “${Vnet_Name}” -g “${RG_Vnet}” –query id –output tsv)
SUBNET_ID002=$(az network vnet subnet show –name “${Subnet_Name}” –vnet-name “${Vnet_Name}” -g “${RG_Vnet}” –query id –output tsv)
export IPConfig_Name=”ipconfig1″

###Criando NIC (Interface de rede)

az network nic create –name “${NIC_Name1}” -g “${RG_Name}” –subnet $SUBNET_ID001 –accelerated-networking “${Accelerated}” –network-security-group “${NSG_Name}” –tags “${Costacenter}”=”${Value_Costcenter}” “${Environment}”=”${Environment_Value}” “${Depto}”=”${Depto_Value}”
az network nic create –name “${NIC_Name2}” -g “${RG_Name}” –subnet $SUBNET_ID002 –accelerated-networking “${Accelerated}” –network-security-group “${NSG_Name}” –tags “${Costacenter}”=”${Value_Costcenter}” “${Environment}”=”${Environment_Value}” “${Depto}”=”${Depto_Value}”

###Declaranado Variaveis para Fixar IP

NIC_ID001=$(az network nic show –name “${NIC_Name1}” -g “${RG_Name}” –query id –output tsv)
NIC_ID002=$(az network nic show –name “${NIC_Name2}” -g “${RG_Name}” –query id –output tsv)

###Declarando varivel para utilizar IP Fixo existente (Obrigatório)

IP_ID001=$(az network nic ip-config show -g “${RG_Name}” -n “${IPConfig_Name}” –nic-name “${NIC_Name1}” –query privateIpAddress –output tsv)
IP_ID002=$(az network nic ip-config show -g “${RG_Name}” -n “${IPConfig_Name}” –nic-name “${NIC_Name2}” –query privateIpAddress –output tsv)

###Fixando IP na interface de rede#Fixando IP

az network nic ip-config update -g “${RG_Name}” –nic-name “${NIC_Name1}” -n “${IPConfig_Name}” –private-ip-address $IP_ID001
az network nic ip-config update -g “${RG_Name}” –nic-name “${NIC_Name2}” -n “${IPConfig_Name}” –private-ip-address $IP_ID002

###Criando Virtual Machine Windows Server 2019

az vm create –name “${VM_Name1}” -g “${RG_Name}” -l “${Location}” –availability-set “${Name_AV_SET}” –boot-diagnostics-storage “${Storage}” –os-disk-name “${DiskName_01}” –os-disk-size-gb “${SizeDisk_01}” –image “${Image_SO}” –nics $NIC_ID001 –admin-username “${User_Name}” –admin-password “${PWD}” –size “${Size}” –storage-sku “${SKU_STG}”
az vm create –name “${VM_Name2}” -g “${RG_Name}” -l “${Location}” –availability-set “${Name_AV_SET}” –boot-diagnostics-storage “${Storage}” –os-disk-name “${DiskName_02}” –os-disk-size-gb “${SizeDisk_01}” –image “${Image_SO}” –nics $NIC_ID002 –admin-username “${User_Name}” –admin-password “${PWD}” –size “${Size}” –storage-sku “${SKU_STG}”

###Criando disco de dados

az disk create -g “${RG_Name}” -n “${Disk_Data01}” –size-gb “${SizeDisk_02}”
az disk create -g “${RG_Name}” -n “${Disk_Data02}” –size-gb “${SizeDisk_02}”

###Anexando Disco a VM existente

az vm disk attach -g “${RG_Name}” –vm-name “${VM_Name1}” –name “${Disk_Data01}”
az vm disk attach -g “${RG_Name}” –vm-name “${VM_Name2}” –name “${Disk_Data02}”

###Habilitando IIS Windows Server

az vm extension set –publisher Microsoft.Compute –version 1.8 –name CustomScriptExtension –vm-name “${VM_Name1}” -g “${RG_Name}” –settings ‘{“commandToExecute”:”powershell.exe Install-WindowsFeature -Name Web-Server”}’
az vm extension set –publisher Microsoft.Compute –version 1.8 –name CustomScriptExtension –vm-name “${VM_Name2}” -g “${RG_Name}” –settings ‘{“commandToExecute”:”powershell.exe Install-WindowsFeature -Name Web-Server”}’

###Criando Load Balance

az network lb create -g “${RG_Name}” -n “${ELB_Name}” –sku “${SKU}” –public-ip-address “${PublicIP}” –frontend-ip-name “${Frontend_Name}” –backend-pool-name “${BackendPool_Name}”

###Create health probe on port 80/443

az network lb probe create -g “${RG_Name}” –lb-name “${ELB_Name}” -n “${ProbeName01}” –protocol “${Protocol01}” –port “${Port01}”
az network lb probe create -g “${RG_Name}” –lb-name “${ELB_Name}” -n “${ProbeName02}” –protocol “${Protocol01}” –port “${Port02}”

###Create load balancer rule for port 80/443

az network lb rule create -g “${RG_Name}” –lb-name “${ELB_Name}” -n “${Rule01}” –protocol “${Protocol01}” –frontend-port “${Port01}” –backend-port “${Port01}” –frontend-ip-name “${Frontend_Name}” –backend-pool-name “${BackendPool_Name}” –probe-name “${ProbeName01}”
az network lb rule create -g “${RG_Name}” –lb-name “${ELB_Name}” -n “${Rule02}” –protocol “${Protocol01}” –frontend-port “${Port02}” –backend-port “${Port02}” –frontend-ip-name “${Frontend_Name}” –backend-pool-name “${BackendPool_Name}” –probe-name “${ProbeName02}”

###Adicionando Inteface REDE ao pool de backend Load Balance

az network nic ip-config address-pool add -g “${RG_Name}” –nic-name “${NIC_Name1}” -n “${IPConfig_Name}” –lb-name “${ELB_Name}” –address-pool “${BackendPool_Name}”
az network nic ip-config address-pool add -g “${RG_Name}” –nic-name “${NIC_Name2}” -n “${IPConfig_Name}” –lb-name “${ELB_Name}” –address-pool “${BackendPool_Name}”

###fim do scrip.

Criando Virtual Machine Azure (Windows Server) CLI (bash)

Neste artigo iremos criar uma Maquina Virtual com Windows utilizando uma Vnet existente e fixando IP (rede interna), criaremos também um NSG para esta VM, um storage account para diagnostico de boot e conjunto de disponibilidade.

Vamos ao script

#!/bin/bash

##Declarando variaveis
export Subscription_Name=”Subscription Azure”
export RG_Name=”Nome do Resource Group”
export Location=”Azure Region”
export Object_Name=”Nome do Objeto”

##Storage Accout

##Conjunto de Disponibiliade Availability Set
export Name_AV_SET=”Nome do Grupo de Disponibilidade”

##Network Security Group NSG
export NSG_Name=”Nome do NSG##Exemplo NSG-VM-Frontend##
export Fault_Domain=”3″
export Update_Domain=”20″

##Vnet Existente (Variaveis para utilizar Vnet Existente)
export RG_Vnet=”Resource Grupo Vnet existente”
export Subnet_Name=”subnet-existente”
export Vnet_Name=”Vnet existente”

##Variaveis de Rede (Obrigatório)
export NIC_Name=”NIC”-“${Object_Name}”
export Accelerated=”False”

##Variavel para criacao da VM (Obrigatório)
export Image_SO=”Win2019Datacenter”
export VM_Name=”SRVWEBSERVER01″
export User_Name=”azroot”
export PWD=”@edRc%2010T$3U”
export Size=”Standard_D2S_v3″
export SKU_STG=”Standard_LRS” ## Disco ##

##Variaveis TAGs (Não Obrigatório)
export Costacenter=”Centro de Custos”
export Value_Costcenter=”111245″
export Environment=”Environment”
export Environment_Value=”Produção”
export Depto=”Departamento”
export Depto_Value=”Recursos Humanos”

###Execução do Script

###Selecionar subscription
az account set –subscription “${Subscription_Name}”

###Criando Resource Group
az group create -n “${RG_Name}” -l “${Location}” –tags “${Costacenter}”=”${Value_Costcenter}” “${Environment}”=”${Environment_Value}” “${Depto}”=”${Depto_Value}”

###Criando Storage Accout
az storage account create -g “${RG_Name}” -n “${Storage}” -l “${Location}” –sku “${SKU_Storage}” –tags “${Costacenter}”=”${Value_Costcenter}” “${Environment}”=”${Environment_Value}” “${Depto}”=”${Depto_Value}”

###Criando Network Security Group NSG
az network nsg create -g “${RG_Name}” -n “${NSG_Name}” -l “${Location}” –tags “${Costacenter}”=”${Value_Costcenter}” “${Environment}”=”${Environment_Value}” “${Depto}”=”${Depto_Value}”

###Criar Grupo de Disponibilidade
az vm availability-set create -g “${RG_Name}” -n “${Name_AV_SET}” –platform-fault-domain-count “${Fault_Domain}” –platform-update-domain-count “${Update_Domain}” -l “${Location}” –tags “${Costacenter}”=”${Value_Costcenter}” “${Environment}”=”${Environment_Value}” “${Depto}”=”${Depto_Value}”

###Declarando varivel para utilizar Vnet existente (Obrigatório)
SUBNET_ID001=$(az network vnet subnet show –name “${Subnet_Name}” –vnet-name “${Vnet_Name}” -g “${RG_Vnet}” –query id –output tsv)
export IPConfig_Name=”ipconfig1″

###Criando NIC (Interface de rede)
az network nic create –name “${NIC_Name}” -g “${RG_Name}” –subnet $SUBNET_ID001 –accelerated-networking “${Accelerated}” –network-security-group “${NSG_Name}” –tags “${Costacenter}”=”${Value_Costcenter}” “${Environment}”=”${Environment_Value}” “${Depto}”=”${Depto_Value}”

###Declaranado Variaveis para Fixar IP
NIC_ID001=$(az network nic show –name “${NIC_Name}” -g “${RG_Name}” –query id –output tsv)

###Declarando varivel para utilizar IP Fixo existente (Obrigatório)
IP_ID001=$(az network nic ip-config show -g “${RG_Name}” -n “${IPConfig_Name}” –nic-name “${NIC_Name}” –query privateIpAddress –output tsv)

###Fixando IP na interface de rede
###Fixando IP
az network nic ip-config update -g “${RG_Name}” –nic-name “${NIC_Name}” -n “${IPConfig_Name}” –private-ip-address $IP_ID001

###Criando Virtual Machine Windows Server 2019
az vm create –name “${VM_Name}” -g “${RG_Name}” -l “${Location}” –availability-set “${Name_AV_SET}” –boot-diagnostics-storage “${Storage}” –image “${Image_SO}” –nics $NIC_ID001 –admin-username “${User_Name}” –admin-password “${PWD}” –size “${Size}” –storage-sku “${SKU_STG}”

Links de referencia

https://docs.microsoft.com/pt-br/cli/azure/

https://docs.microsoft.com/pt-br/azure/virtual-machines/availability-set-overview

https://docs.microsoft.com/pt-br/azure/virtual-network/network-security-groups-overview

Vulnerability in SSL 3.0 Could Allow Information Disclosure – Microsoft Security Advisory 3009008 – SSLv3 Padding Oracle On Downgraded Legacy Encryption Vulnerability (POODLE)

Recentemente o pessoal do departamento da Segurança da Informação, abriu uma requisição referente a seguinte vulnerabilidade:

SSLv3 Padding Oracle On Downgraded Legacy Encryption Vulnerability (POODLE)

Literatura Microsoft
https://technet.microsoft.com/en-us/library/security/3009008.aspx

Literatura Oracle
http://www.oracle.com/technetwork/topics/security/poodlecve-2014-3566-2339408.html

Correção Microsoft:
https://support.microsoft.com/kb/3009008

ssl30

Seja Feliz!!!!!!

Add Perfom Monitor IIS Zabbix

Cenário:

1-) Servidor Windows Server 2012 R2 IIS 8.5

2-) Dois site públicos rodando dentro do IIS

3-) Zabbix monitorando

Eu precisa monitorar as conexões para o IIS, até ai temos o seguinte contador do Windows “perf_counter[\Web Service(_Total)\Current Connections]” este contador mostra as conexões correntes do IIS todo, ou seja todos os sites, eu precisava verificar as conexões de cada site, ai vem o pulo do gato.

No contato “perf_counter[\Web Service(_Total)\Current Connections]” substituímos o (_Total) pelo nome do site, neste exemplo (Intranet_corp) o nosso contador ficará desta forma “perf_counter[\Web Service(intranet_corp)\Current Connections]”.

Mas quando os agent do zabbix enviar as informações ele fará o envio do IIS todo o (_Total), agora vamos a configuração para o envio correto das informações.

No arquivo .conf do zabbix temos que fazer as seguinte alterações:

===============================================================================================
LogFile=c:\zabbix\log\zabbix_agentd.log
Server=xxx.xxxx.xxx.xxx
ServerActive=xxx.xxxx.xxxx.xxx
Hostname=SRV-WEB-SP-001

Alias = intranet_corp[anon]:perf_counter[\Web Service(_Total)\Current Connections]
===============================================================================================

Salve o arquivo, agora no item do template pode deixar desta forma:

“perf_counter[\Web Service(intranet_corp)\Current Connections]”

Pronta agora irá conseguir ver as conexões para este site, para cada site devemos adiciona-lo no .config do zabbix e um item no template no IIS.

Com ajuda do Anderson Martines ([email protected])

Seja Feliz!!!!

Remove Accepted Domain Exchange Server 2010 Mode Hosted – Multi-tenancy

Um amigo Anderson Martines ([email protected]) administra um Exchange Server 2010 em Mode Hosted – Multi-tenancy, possui alguns clientes, sempre que adiciona um novo cliente executa o comando para add um novo accepted Domain para Organização. Exemplo a Organização SupportBrazil, o accepedt domain para ela é supportbrazil.com “Authoritative”, vamos ao comando em PS: New-AcceptedDomain -Name “SupportBrazil” -DomainName supportbrazil.com -Organization SupportBrazil -DomainType “Authoritative” Até então blz, agora vamos adicionar mais um domínio para estão organização: New-AcceptedDomain -Name “SupportBrazil” -DomainName charlessantana.com -Organization SupportBrazil -DomainType “Authoritative” Perfeito, agora a organização SupportBrazil tem dois domínios “supportbrazil.com” e “charlessantana.com” Agora se fosse um Exchange Server 2010 instalado em modo normal, quando executamos o comando: Get-AcceptedDomain teríamos o resultado abaixo: get-accepted Porém quando executamos este mesmo comando em um Exchange Server em modo Hosted utilizando o parâmetro -Organization get-hosted Veja que somente mostra o domínio principal do AD onde o Exchange Server 2010 hosted foi instalado. Agora vamos a solução para remover um accepdt domain Abra o ADSI Editar, se conecte no contexto de configuração, expandir o FQDN do Dominio Honting.local Expandir Services, Configuration Units. Expanda a organização que deseja excluir o Accepted Domain e expanda a CN Configuration Expanda então o CN transport settings e Accepted Domains, localize ao direito o arquivo do Accepted Domain que deseja excluir e delete.

Excluir Accepted Domain Exchange Hosting1

Quase pronto agora temos que excluir o sufixo DNS criado em “Domínios e relações de Confiança do Active Directory” sulfixo_dns Agora tudo ok.. Seja feliz!!!!!  

ReFS: The next generation file system

http://hyper-v-backup.unitrends.com/refs-generation-file-system-part-1/

http://hyper-v-backup.unitrends.com/refs-generation-file-system-part-2/

http://blogs.msdn.com/b/b8/archive/2012/01/16/building-the-next-generation-file-system-for-windows-refs.aspx