Create a SSL Certificate for an Azure WebApp

There are various methods for creating a certificate for use on Azure. I have found that using IIS manager is the easiest. You can install IIS Express on your workstation or access on a server.

  1. Open IIS and go to “Server Certificates”

server certs
2. Click Create Certificate Request…. and fill out the details

name
3. Set the bit length a click next

bit length
4. Save the request to a file.

req
5. Open the text file and copy the contents to the clipboard. Paste into to your favorite Certificate Authority.

6. Once you have received the certificate back from the CA double click to open it and go to Install Certificate….

install

Select Local Machine then Next
local
7. Launch MMC and open the Certificate Snap-In for the Local Computer

mmc
8. Go to Personal\Certificates, right click your certificate and go to Export….
export
Click Next and Yes, export the private key
yes

Leave the defaults and click next
PFX
Set a password and User or Group with access
security
Create a name for the file and click next then finish.

Our certificate should now be ready for use on Azure.

9. Open Azure Portal https://portal.azure.com/ and go to WebApps
webapps
10. Click on the WebApp you want to update and  go to Settings\Custom domains and SSL

11. Click Upload Certificates and  select the PFX File we just created. Enter the password and press Save

save
12. Finally we need to update the bindings to use the new cert

Bindings
Remember to click Save to finish!
Save2

To be on the safe side you can check your cert is working with one of the many free online tools

https://www.ssllabs.com/ssltest/
https://www.sslshopper.com/ssl-checker.html

For more info on creating certificates for Azure WebApps check out this link:

https://azure.microsoft.com/en-gb/documentation/articles/web-sites-configure-ssl-certificate/

 

Posted in Azure, Cloud, Uncategorized

Restore a Virtual Server using Veeam

In a DR situation you may need to restore a virtual server using Veeam.

1. Open Veeam Backup & Replication

2. Click restore

Restore
3. Select Entire VM including registration then next

Restore entire vm
4. Click add VM then From Backup

from backup
5. Expand the backup job and select the VM you want to restore. Click next

sql
6. Select “Restore to a new location, or with different settings” then next. This is a safer option as it will not overwrite the failed VM leaving it available later if you need anything from it.

new location
7. Change the host server if you want to or leave the defaults and click next

host
8. Change the datastore as required. If you don’t have enough space on the original location select a datastore with enough free space.

datastore
9. On the folder page click Name and check “add suffix”

name

This is an important step to ensure the VM is not overwritten.

10. On Network click the Disconnected button. This will ensure there are no IP address conflicts when you restore the VM

network

11. Check the Summary and check the settings are as expected. To be double safe don’t check Power on VM after restoring. We can do this as a manual step.

Click finish to start the restore

summary

Tagged with: ,
Posted in Uncategorized, Veeam

Install an External Platform Services Controller for vSphere 6.0

With an External Platform Services Controller you have the ability to manage multiple vCenter servers from one pane. It sounded like quite a cool option so I thought I would get it installed in the lab!

vCenter Architecture Options:

architecture]

Hardware Requirements:

hardware

  1. Build a Windows Server VM with 2 CPUs and 2 GB of RAM
  2. Attach the vCenter 6.0 ISO to your VM
  3. Double click the autorun to start setup. Click Install then next
  4. Enter a System Name and click Next

System Name
5. Fill out the vCenter Single Sign On Information and click next

single sign2
Note: The vCenter Single Sign on Domain must be different to Active directory domain or you will be presented with this message:

error1
6. Accept the default ports and click next

Ports
7. Click next

directorys
8. Check the settings and click Install

install
Once setup is completed, click Finish. Now you can connect your vCenter servers to the Platform services Controller.
completed

Tagged with:
Posted in Uncategorized, Virtualization, VMware

Assign a Static IP Address Using IPAM in Windows Server 2012

We recently started using IPAM in Windows 2012 to manage our IP address estate. The tool is great, but I do find it is sometimes hard to find what I am looking for. For this reason I’ve done a little post to share how to assign an IP address.

To access IPAM from your machine you need to have Server Manager installed. You can enable it by going to Control Panel/ Programs and Features/Turn Windows features on or off. You will need RSAT tools installed first.

http://www.microsoft.com/en-us/download/details.aspx?id=39296

service manager

  1. Open Server Manager and click “Add other servers to manage”. Search for the server where IPAM is installed, add it and click ok.
  2. Click on IPAM on the left side

ipam

3. Click on “IP Address Blocks” then change the view to “IP Address Ranges”

ranges

4. Select the subnet in which you would like to assign a static address from and right click “Find and Allocate Available IP Address…”

allocate

5. IPAM will search for an IP address which is not used.

find

6. Once it has found one, change any desired settings in “Basic Configurations”

Basic

7. Scroll down to “DNS Record Synchronization” and enter the device name. If it is not a domain joined computer you can select “Automatically Create DNS records” if you wish

DNS record

8. Click Ok to finish

Posted in Uncategorized, Windows Server

Migrate from Lync 2010 to Skype for Business Server 2015

For my environment I will be using a single Standard Edition Front End Server. The recommended hardware Requirements are as follows:

CPU – 64-bit dual processor, hex-core, 2.26 gigahertz (GHz) or higher
Memory – 32 gigabytes (GB)
Disk – At least 72GB
Network: 1 dual-port network adapter, 1 Gbps or higher (2 network adapters can be used, but they need to be teamed with a single MAC address and a single IP address).

To begin with I will go with half the recommendations as in my experience they always over egg these things! Our environment is quite small and we can always up the resources later.

vm1

    1.  Create NIC Team: http://blogs.technet.com/b/kevinholman/archive/2012/06/02/windows-server-2012-creating-a-nic-team-for-load-balancing-and-failover.aspx
    2.  Check for Windows Updates
    3. Install server roles:
Add-WindowsFeature NET-Framework-Core, RSAT-ADDS, Windows-Identity-Foundation, Web-Server, Web-Static-Content, Web-Default-Doc, Web-Http-Errors, Web-Dir-Browsing, Web-Asp-Net, Web-Net-Ext, Web-ISAPI-Ext, Web-ISAPI-Filter, Web-Http-Logging, Web-Log-Libraries, Web-Request-Monitor, Web-Http-Tracing, Web-Basic-Auth, Web-Windows-Auth, Web-Client-Auth, Web-Filtering, Web-Stat-Compression, Web-Dyn-Compression, NET-WCF-HTTP-Activation45, Web-Asp-Net45, Web-Mgmt-Tools, Web-Scripting-Tools, Web-Mgmt-Compat, Server-Media-Foundation, BITS

4. Create a File Share on the server. Add the local Administrators group on the server hosting the file share, grant Allow: Full Control, Change, and Read rights, and then click Share.

sharr

5. Install Administrative tools from SFB Iso.

sfb iso

Once you have completed the updates and license agreement click “Install Administrative Tools”

admin tools

6. Click prepare Active Directory

Follow each step one by one.

https://technet.microsoft.com/en-us/library/dn951386.aspx

prepare ad

7. Create DNS records – The existing Lync 2010 DNS records should be sufficient for the deployment. The traffic will be redirected through the 2010 server to SFB. The Web Scheduler Simple URL is a new record which does not exist in previous versions. We need to add this:

scheduler.domain.local  A record

dns1

8. Create and publish new topology

Click “Prepare first Standard Edition Server”

prepare first server

Once complete open Topology Builder and select “Download Topology from Existing Environment”

New Front End Pool

Expand Skype for Business Server 2015 and Right click Standard Edition Front End Servers then New Front End Pool.

define pool

Select the features you wish to use:

features

For my deployment I am choosing to Collocate the Mediation Server.

collocate

On the next page, ensure you UN-check Enable an Edge Pool

edge pool uncheck

Click next for “Define SQL Store”

Select Use previously defined file share and select the share you created earlier

Skype Share

Define Web Services URL:

web services url

I don’t have an Office Web Apps Server yet. We can add this later. Click finish.

web apps server

Go back to Topology builder and right click your Standard Edition Front End server and go properties.

properties

Scroll down to Associate Edge pool and select the 2010 server.

edge

Go to Action/ Publish to commit the changes. Click Next

publish

9. Install Skype for Business Server System

Run the deployment wizard and click “Install or Update Skype for Business Server System”

Follow each step one by one

Step 1: Install the local configuration Store

Install the following KB before completing the next step: https://support.microsoft.com/en-us/kb/2982006

Step 2: Setup or Remove Skype for Business Server Components

Step 3: Request, Install or Assign Certificates

Step 4: Start Services

Right click SKB Management Shell and click “Run as Administrator”

from the PowerShell prompt execute:

 Start-CsWindowsService

Step 5: Enable Microsoft Update

10. Verify the Topology

For my tests I’m going to move a test user from 2010 to SFB and verify functionality.

Step 1: Open SFB Server 2015 Control Panel and go to Users. Search for a user you want to move

Move

Go to Action / Move selected users to pool…

Change the Destination registrar pool to the FE on the new server

registrar

Test IM between users, calls and any other functionality you like to use.

Next Steps:

Migrate 2010 Edge Server
Deploy Archive Monitoring Role

Tagged with: , , ,
Posted in Lync, Skype for Business, Uncategorized

Organizational Identity/Microsoft Accounts and Azure Active Directory – Part 2

Microsoft Azure MVP Mike McKeown's Blog

Organizational Identity/Microsoft Accounts and Azure Active Directory – Part 2

In Part 1 of this blog we defined some key terms to help us now move into a deeper discussion of how to best integrate Azure Active Directory (AAD), Organizational Identities (OrgIDs), and Microsoft IDs.  We defined Azure subscriptions and AAD tenants, then discussed the different types of administrative access for each entity.  The goal of integrating all of these entities is to manage your Azure subscription(s) using only organizational accounts (as opposed to Microsoft accounts).

Within Part 2 of this blog we focus on specific use cases to accomplish this integration.  We will look at different use cases related to existing Azure and AAD subscriptions to accomplish this.  Each use case describes how to leverage the use of organizational accounts. To bring your Azure subscription under management of ONLY OrgIDs (no Microsoft accounts) follow the tasks outlined in the…

View original post 1,619 more words

Posted in Uncategorized

Free Kemp LoadMaster

Jaap Wesselius

Kemp recently released a free version of their virtual LoadMaster (VLM) load balancer solution. It is just like a regular VLM with some restrictions of course. There’s no High Availability support in the free LoadMaster, there’s only web-based support and you cannot update the firmware to a newer version for example. Also the bandwidth is limited to 20Mbit (L7) throughput with 50 transactions (TPS) 2K SSL keys.

However, it does support the nice features such as Global Server load balancing, the Application Firewall Pack and the Edge Security Pack. This makes it a perfect solution for small organizations, for lab environment or for regular test environments. It is possible though to upgrade the free LoadMaster to a regular device, making it also a perfect solution for a Proof-of-Concept. When finished the POC you an easily bring the LoadMaster to production by upgrading the license.

View original post 96 more words

Posted in Uncategorized
Follow

Get every new post delivered to your Inbox.

Join 67 other followers