microsoft azure

Azure – Server Inventory solution

This blog post is dedicated to IT Operations team and administrators who are managing Cloud Infrastructure. The recommended practice while providing managed service to any client is to have a CMDB (Configuration Management Database), which tracks the list of servers and the corresponding details, that we are managing for the client.

However, considering the dynamic nature of the cloud environment, it is a difficult task to maintain such a database. Manually updating the list of servers/server inventory is tedious and error-prone. The only solution is to have an automated approach to this problem.

Below is my solution:

The PowerShell script will extract virtual machines and their details. In this particular case, the script will consider virtual machines, which has tags (‘owner’,’Manju’). That is, I want to manage virtual machines owned only by me. You can go ahead and make changes to the script if you have a different requirement.

Next, the script will write the data into an Azure table. Remember, that the Azure table has to be created before running the script. Another option is Azure Cosmos DB.

Next, you can upload this script to your Azure Automation account or a dedicated windows server. Then, schedule this script to run every one hour to track your server inventory.

The script uses cmdlets from the “AzureRmStorageTable” PowerShell module.

Execute “Install-Module AzureRmStorageTable” to install the module.

Note: You have to alter the script when you schedule the script. The login mechanism is different for “Azure Automation” and “Task scheduler via Windows server”. The login mechanism of the below script is to execute it directly (manually) from PowerShell console or PowerShell ISE.

 

Script:

# Author: Manjunath Rao
# Date: Febuary 13, 2018

# Install-Module AzureRmStorageTable –>> THIS MODULE NEEDED

# Login to Azure
Login-AzureRmAccount
## Code to create Azure table storage context
$azure_table_storage_account_name = “xxx”
$azure_table_name = “xxx”
$azure_table_partitionKey = “xxx”
$azure_table_rowkey = “xxx”

$azure_table_resource_group = “xxx”

$storage_account_context = (Get-AzureRmStorageAccount -ResourceGroupName $azure_table_resource_group -Name $azure_table_storage_account_name).Context

$azure_table_object = Get-AzureStorageTable -Name $azure_table_name -Context $storage_account_context

############################################

# Getting all the resource group
$resource_group_list = Get-AzureRmResourceGroup

# Iterating through the resource group
foreach($resource_group_list_iterator in $resource_group_list){

# Since the solution applies for virtual machines,
# obtain the list of virtual machines for the resource group
$virtual_machine_list = get-azurermvm -ResourceGroupName $resource_group_list_iterator.ResourceGroupName

# Proceed only when resource group contains virtual machines
if(!($virtual_machine_list -eq $null)){

# Iterate through the virtual machine list
foreach($virtual_machine_list_iterator in $virtual_machine_list){

# Creat an unique ID by concatinating ‘Resource Group name’ and ‘Virtual Machine name’
$unique_id = $resource_group_list_iterator.ResourceGroupName + $virtual_machine_list_iterator.name
#Write-Host $unique_id
$tag_list = $virtual_machine_list_iterator.Tags

$tag_list.GetEnumerator() | foreach {
#write-host $_.key
#Write-Host $_.value
#write-host “”

$partitionKey1 = $unique_id

if($_.key -eq ‘owner’ -and $_.value -eq ‘manju’) {
#write-host “true”
$virtual_machine_name = $virtual_machine_list_iterator.Name.ToString()
$virtual_machine_resource_group_name = $resource_group_list_iterator.ResourceGroupName.ToString()
$virtual_machine_location = $virtual_machine_list_iterator.Location.ToString()
$virtual_machine_size = $virtual_machine_list_iterator.HardwareProfile.VmSize.ToString()
$virtual_machine_operating_system = $virtual_machine_list_iterator.StorageProfile.ImageReference.Offer.ToString()

 

$hash = @{}
#$hash.add(‘currentDate’, $current_date)
$hash.Add(‘VMName’,$virtual_machine_resource_group_name)
$hash.Add(‘ResourceGroup’,$virtual_machine_resource_group_name)
$hash.add(‘Location’,$virtual_machine_location)
$hash.add(‘VMSize’,$virtual_machine_size)
$hash.add(‘OperatingSystem’,$virtual_machine_operating_system)

# Write data into azure table
Add-StorageTableRow -table $azure_table_object -partitionKey (“CA1”) -rowKey ([guid]::NewGuid().tostring()) -property $hash

}
}

}

}

}

 

On the other hand, if you would like to fetch inventory details, and just save it in an excel sheet, I have the perfect scripts that do the job for you:

https://manjunathrao.com/2017/12/04/powershell-generte-azure-paas-inventory/

https://manjunathrao.com/2016/12/30/powershell-generate-azure-inventory/

https://manjunathrao.com/2017/04/06/powershell-generate-aws-inventory/

 

Click here to download my PowerShell scripts for Free !!

 

 

 

Advertisements

Powershell – Extract user list from Azure Active Directory to an excel file

This script will authenticate to your Azure Active Directory and fetch all the user details. Finally, it will save the details to the excel sheet.

Below is the link to the script:

https://gallery.technet.microsoft.com/scriptcenter/Extract-user-list-from-6cb9a93c

Below are the user attributes the script fetches:

1. Display Name

2. Object ID

3. Type

4. Principal Name

5. Role Name

6. Role Description

The excel sheet is saved as: C:\AzureADUserList\AzureADUserList.xlsx

Pre-Requisites: This script needs ‘MSOnline’ and ‘AzureRM’ PowerShell modules

Click here to download my PowerShell scripts for Free !!

 

 

Azure – Unable to ping Azure Virtual Machine from outside Azure

You buy a new Azure subscription, spin up an Azure Virtual Machine. Now you want to test if it is working or not. So, you pull up the infamous Command Prompt (or powershell) and Ping the VIP (Virtual/Public IP) of your Azure Virtual Machine. Wola!! The ping fails with 100% loss. But you can see that the Azure Portal shows that your virtual machine is up and running. To double check, you even RDP to your VM and it is all good. This is one of the many situations where the Azure new comers get confused. Let me break down this for you:-

The explanation for this behaviour is that the good old, Windows Ping.exe uses ICMP protocol to communicate. But the Azure Load Balancer does not support ICMP protocol when a connection is being made from external source to Azure. This means, your local computer will not be able to “Ping” (probing using Ping.exe) the Azure virtual Machines. However Azure Load Balancer allows ICMP protocol inside the azure (internally). This means, two Azure virtual machines are able to talk to each other.

The solution is to ping the port of your Virtual Machine.

Example: Ping xx.xx.xx.xx:1234

Since Ping.exe does not support probing the port, we have to use the other tools like PSPing, TCPPing etc, to achieve this.

This explains most of it. I am going to demonstrate whatever I just explained.

Below is the details of my virtual machine:

VM Details

When I ping the VIP – 13.76.247.67, using the default Ping.exe. You can observe that we end up having 100% packet loss.

packet_loss

This behaviour is because the Azure Load Balancer does not allow ICMP communication between Azure and the external source. And Microsoft’s Ping.exe uses ICMP protocol.

The solution is to use PSPing (among many other options), and ping the port of the Virtual Machine. Please note that you have to add relevant entry in the NSG (Network Security Group) to allow incoming traffic to your Virtual Machine.

Since this is just a Demo, I have allowed all the traffic to my Virtual Machine via the port 3389. You have to use appropriate NSG and ACLs to your Virtual Machine and Subnet, in your production environment. 

NSG_Allow_All

PSPing.exe comes with a bundle – PSTools. This toolset can be downloaded here.

Copy PsPing onto your executable path. Typing “psping” displays its usage syntax.

psping_syntax

Note: If you are using the PSPing tool for the first time, you may have to agree to the terms and conditions before using it.

Since I have my port – 3389 opened for all incoming traffic. I will go ahead and use the PSPing tool to ping the port from my local computer. And as you can see it works like a charm !!

ping_success

Finally, note that you can ping only to the port for which you have enabled the incoming traffic. Since I have not enabled port 80, I expect the packets to be dropped.

packet_loss_wrong_port