Author Archives: Warren Kahn

SCOM: Updated Management packs for HP Storage

HP has released updated MPs to go with the new version of HP Oneview

It’s a solid update with useful new features such as integration with the new HTML 5 console.

What’s new in HPE OneView for Microsoft System Center 9.4?

The new version is available for download the HPE OneView Partner integration page and the HPE Storage Integration with Microsoft System Center page. It includes the following improvements:

  • HPE OneView for Microsoft System Center v.9.4 the latest HPE Storage array software. For more information, see Integration Matrix
  • HPE Storage Management Pack for System Center v.5.0 supports monitoring of HPE 3PAR StoreServ Storage systems with IPv4 and IPV6 connectivity
  • HPE OneView SCVMM Integration Kit v.5.0 supports HPE 3PAR StoreServ Storage systems with IPv4 and IPV6 connectivity
  • Support for HPE OneView 5.0
  • The System Center Operations Manager 2016 web console integration is now fully HTML5 compliant. The dependency on legacy frameworks has been removed to enable a predictable, consistent user experience for the web console users

SCOM: Updated SSRS and SSAS management pack v7.0.17.0

Updates to SQL Server Reporting Services and Analysis Services Management Packs have been released you can get them at the below links:

SSRS
SQL Server 2008 Reporting Services (Native Mode)
SQL Server 2012 Reporting Services (Native Mode)
SQL Server 2014 Reporting Services (Native Mode)
SQL Server 2016 Reporting Services (Native Mode)
SSAS
SQL Server 2008 Analysis Services
SQL Server 2012 Analysis Services
SQL Server 2014 Analysis Services
SQL Server 2016 Analysis Services


Fixes and changes for SSRS

  • SSRS 2016: Updated monitoring of Memory Consumption and CPU Usage in order to collect performance data for all subprocesses in addition to the main SSRS service process.
  • SSRS 2016: Updated monitors “Report manager accessible” and “Web service accessible” to consider specifics in how appropriate SSRS 2016 web services work
  • Added support for cases when connection string to SSRS Database is set up the way different from “MachineName\InstanceName” (e.g., <IPAddress,Port>) and SSRS Database is in Availability Group or hosted either by named instance or SQL Cluster instance
  • Improved descriptions of events thrown by management pack to make it easier to figure out error reason
  • Improved error handling and error descriptions for cases when workflows can’t get responses from WMI
  • Improved error handling in workflows that watch for memory consumption
  • Fixed Start/Stop tasks
  • Fixed issue that caused some workflows to throw error events when SQL Server instance hosting SSRS Databases happened to stop operating or refuse connections
  • Fixed issue which caused Reporting Service instance to get undiscovered when WMI didn’t respond to calls
  • Updated display strings

Fixes and changes for SSAS

  • Added performance collections for MDX Query performance counters
  • Added retry logic to some workflows in order to reduce “Category does not exist” errors thrown when WMI fail to respond
  • Improved error handling in workflows that watch for memory consumption
  • Improved descriptions of events thrown by management pack to make it easier to figure out error reason
  • Fixed Start/Stop tasks
  • Fixed issue when “SQLServerInstalled” property was set to “False” if SQL Server DB Engine was of higher version than SSAS instance
  • Updated Dashboards configuration to show tiles for new MDX performance collections
  • Updated display strings

Azure Bastion – Securely access your Azure VMs

As part of my Azure feature series lets take a look at Bastion (now in preview)

What is it?

Securing access to public facing cloud based VMs is a potentially risky and costly concern for businesses. Using services like JiT (Just in Time Access) to reduce the attack surface requires that your Security Center Service Plan has been upgraded to Standard as the service is not available on the Basic Service Plan.

Say hello to Azure Bastion

Now with Bastion you can remove the attack surface completely by allowing connections via port 443 for Windows and SSH for Linux integrated into the Azure Portal, thereby removing the risk of port scanning and removing the need for public facing IP addresses for your VMs.

Below are some of the key features currently available at this time:

Top-level Azure Bastion architecture

How to activate the Public Preview

The service is currently in preview, which means you need to activate it with the below steps:

  1. Make sure you are connected to the Azure Preview portal here
  2. Open Azure Shell and run the below three commands:
    (If you have the Az PowerShell module remember to change AzureRM to Az)
    • Register-AzureRmProviderFeature -FeatureName AllowBastionHost -ProviderNamespace Microsoft.Network
    • Register-AzureRmResourceProvider -ProviderNamespace Microsoft.Network
    • Get-AzureRmProviderFeature -ProviderNamespace Microsoft.Network

Getting started

From the homepage of the Azure Preview Portal click + Create a resource and search for Bastion (Preview), then click create.

Choose your subscription and resource group, it is important to note that you have to create a subnet called AzureBastionSubnet. This value lets Azure know which subnet to deploy the Bastion resources to. It is recommend to use at least a /27 or larger subnet. Create the AzureBastionSubnet without any Network Security Groups, route tables, or delegations. Once done create the Bastion.

Once your Bastion is deployed, from the Azure Portal navigate to the VM you want to connect to and click connect, you will see a new option called BASTION next to the familiar RDP and SSH options. Enter the credentials and click Connect.

And there you have it, your VM is securely accessible through the Azure Portal without needing a public facing IP address.

Conclusion

Bastion is a fantastic and a much needed service which allows secure access to your cloud Windows and Linux VMs without any exposure of public IPs ultimately allowing the removal of the VM attack surface in your Azure environment.

Ding Dong it’s Azure Front Door

As part of my Azure feature series lets take a look at Front Door.

What is it?

Azure Front Door Service provides a scalable and secure entry point for fast delivery of your global web applications.

This essentially means that by placing a Front Door ahead of your application you gain increased performance and security.

Getting started

Setting up is straight forward, if you’d like to test Front door and you don’t have an application to use you can setup a sample web app using my previous article here .

First click New Resource in your Azure Portal and search for Front Door, then click Create

Choose your subscription ,resource group and Azure region. then click Next: Configuration

Now it’s a simple three step process

  1. Add a frontend host
  2. Configure backend pools
  3. Configure routing rules

Adding a Frontend Host

Click the + icon in the corner of the frontend host window and give you frontdoor a name and enable Session Affinity if required.

Adding a Backend Pool

Next click the + icon in the corner of the backend pool window. Give your pool a name, configure your load balancing and then click on add a backend.

Backend hosts can be various types in this example we are using an App Service, you can also use Cloud Service, Storage, Storage(Classic) or Custom host. Select your Subscription and backend host and click add and then add again.

Adding Routing Rules

Next click the + icon in the corner of the routing rules window. Give your rule a name, decide if it must accept HTTP or HTTPS or both and select your frontend host. Next configure the forwarder and enable caching if required, if your app uses lots of static content this will drastically improve load time performance, then click add.

click Review + Create and then Create

You should now be able to access your application using the frontdoor URL available on the top right hand side of the Overview blade.

How much better is it?

Below we have two speed test results one for my webapp API and one for my Frontdoor we can see a 53% improvement from 1.33 seconds to 710 milliseconds.

Webapp Load Test

Frondoor Load Test

Management Pack Recap – May 2019 Wave

This is a summary of the wave of Management Packs that were released in May 2019. Information and download location in the links provided:

Lenovo Hardware Management Pack v7.6.0.8here

If you know of any other Management Packs that have been released recently that I may have missed leave me a note in the comments and I’ll add them

SCOM: Updated Lenovo Hardware Management Pack v7.6.0.8

A new version of the Lenovo Hardware management pack is available get it here

What’s New

  • View and monitor XClarity Integrator Service in the Operations Manager console.
  • Disable BMC node auto-discovery and authentication by default.
  • Support to only manage the BMC of servers already managed by Operations Manager.
  • Monitor the BMC authentication state.
  • Support to remove BMC nodes in batch.
  • Support Microsoft System Center Operations Manager 2019.

The tale of the Bakery that helped me test Azure Application Insights

If you ever need to test Application insights or any of the other Azure features that need an application such as Front Door there is a simple way to create a test application baked into Azure.

In your Azure portal simple click on “New Resource” and search for Bakery and click Create

Now give the App a name, choose your subscription, resource group and an applicable App Service Plan. Remember the more robust the plan the higher the cost, there is a free limited Tier available called F1 Shared. Then click Create.

After a few minutes your application will be deployed and ready for use with Azure Features. select App Services in your Azure Portal and then click on your Bakery Application

You can find the URL for your new site at the top right of the Overview blade.

Browsing the URL you should see the below site.

For an extra tip if you need the site again you can turn it off instead of deleting it to save some costs. Just press stop in the application overview.

Create interactive reports with Azure Monitor workbooks

A new feature in Azure, Workbooks combine text, Analytics queries, Azure Metrics, and parameters into rich interactive reports. 

For those of your familiar with SCOM, think of workbooks as a pre-bundled set of metrics similar to the dashboards you are already familiar with. It offers a simple method to share useful dashboards which can also be copied and exported.

Let’s dive right in.

So how do I find them?

Simply navigate to Monitor in the Azure portal and click on Workbooks, currently in preview at the time of this article.

Whats available currently?

There are several pre-build templates out of the box as well as a GIT available as a repository for additional templates.

VM Metrics Example

Below are several sample outputs of the various workbooks, not only do they look good but they also contain rich useful information on every object in your subscription that is metric enabled.