Add multiple Public IPs to Azure ARM loadbalancer

Posted in Azure, Azure ARM, Cloud, Powershell with tags , , , , , , , on September 14, 2016 by infrastructureguy

I am not sure about you, but I certainly find that certain tasks in Azure are just painful. Either the documentation is out of date, or it just does not exist. I get that the platform is moving so fast that keeping documentation up to date is a big ask. Yet a few years ago deploying code and features with such pace was also tough…. Rant over. I promise.

What I wanted to do was to have multiple websites hosted on different public IP addresses. Simple. Well it wasn’t and I am hoping that the following powershell will help you out.

GOTCHA – So I learnt the hard way, that there is a limit of 5 static public IPs that can be added to an Azure LB. To be able to add more you have to request it from Azure support.

#Set Resource group and location.
$RG=’My resourcegroup name’
$lb=Get-AzureRmLoadBalancer -Name AzureLBName -ResourceGroupName $RG

#Create new public IP’s. Remember you get 5 free with your subscription. The rest are charged each month.
$PIP1=New-AzureRmPublicIpAddress -Name PublicIP-website1 -ResourceGroupName $RG -Location $Location -AllocationMethod Static
$PIP2=New-AzureRmPublicIpAddress -Name PublicIP-website2 -ResourceGroupName $RG -Location $Location -AllocationMethod Static
$PIP3=New-AzureRmPublicIpAddress -Name PublicIP-website3 -ResourceGroupName $RG -Location $Location -AllocationMethod Static

#Create the new front end configurations. These contain the public IP addresses.
$FEConfig1=New-AzureRmLoadBalancerFrontendIpConfig -Name FEConfig1-website1 -PublicIpAddressId $PIP1.Id
$FEConfig2=New-AzureRmLoadBalancerFrontendIpConfig -Name FEConfig2-website2 -PublicIpAddressId $PIP2.Id
$FEConfig3=New-AzureRmLoadBalancerFrontendIpConfig -Name FEConfig3-website3 -PublicIpAddressId $PIP3.Id

#Add Frontend configurations to the LB
Set-AzureRmLoadBalancer -LoadBalancer $lb

Set-AzureRmLoadBalancer -LoadBalancer $lb

Set-AzureRmLoadBalancer -LoadBalancer $lb

At this point if you look in the Azure portal all you will be able to see if the new Static Public IPs. To see the new front end configurations you need to call your $lb value back.

Now you need to join up an Azure LB rule and Probe to the new front end configuration that has the Static public IP in it. At the time of writing this, I could not do this in the Azure Portal. As the Azure portal only exposes the default public IP of the LB.

So I wrote these additional lines of Powershell. Note I reused the $lb variable we set earlier. I only have one backend pool. You may have more. I will show you how to bind one rule to a front end configuration. You can scale this out as required. Also I am opening up TCP 1433 for SQL in my example. You may want to open HTTP. So please change as required. Finally I actually created my probe using the Azure portal before I ran these commands.

#Set some variables for the values we will require in the next command. Failing to do so will result in a lovely error!
$FEconfigWeb1=Get-AzureRmLoadBalancerFrontendIpConfig -Name FEConfig5-website1 -LoadBalancer $lb
$BEpool=Get-AzureRmLoadBalancerBackendAddressPoolConfig -LoadBalancer $lb -Name “LB_POOL”
$ProbeWeb1=Get-AzureRmLoadBalancerProbeConfig -LoadBalancer $lb -Name Probe-Website1

#Add the new backend rule to an existing Probe and frontend config.
$lb | Add-AzureRmLoadBalancerRuleConfig -Name “Website1_Rule” -FrontendIPConfiguration $FEconfigWeb1 -BackendAddressPool $BEpool -Probe $ProbeWeb1 -Protocol “Tcp” -FrontendPort 1433 -BackendPort 1433 -IdleTimeoutInminutes 15 | Set-AzureRmLoadBalancer

I hope this helps.

Xbox One won’t read game discs

Posted in Gaming with tags , , , on August 7, 2015 by infrastructureguy

Wow, it’s certainly been a while since I have done a games related post. In fact it’s been an eternity since I have had the time to post about anything!

If like me you have had issues with your Xbox One reading game discs then I have a little tip that could help you help when you just need that game to load!

A lot of people will tell you it is your drive, or to reinstall your and they might be right. However this has worked for me time and time again. Let’s face it we just want to play and there is nothing worse than having this happen right before a big session.

It is quite simple….

When you put the game in the slot just keep hold of it until you here the Xbox trying to pull it in. After a few 5 – 7 seconds let it go. Hey presto your game should read.

Like I say you may have a duff drive, but if this does help you out there is only one thing left to say… Happy gaming!

Horizon 6 – EUC has finally arrived in the VMware camp!

Posted in End user computing, Horizon Suite, Vmware with tags , , , , , on April 24, 2014 by infrastructureguy

Maybe a bit of an exaggerated title but I cannot say how long I have waited for VMware to make the jump into RDSH (Remote Desktop Session Host) Most people know that instead of embracing it they bash it to death in their documentation, quite how they put a positive spin on that marketing message is a little beyond me, but that’s why I am not in marketing!

So, why am I so excited. Well according to most vendors that I speak with we are an “odd” case. As we are running Citrix XenApp 6.5 and VMware Horizon Suite. They and you may ask why and there is good reason. We ran a POC of VMware View 4 and Xendesktop 5. We were already using XenApp 6.5 and vSphere for our Hypervisor, so you could say that Xendesktop was the logical way to go, well the logical way isn’t always the best way.

For example, I just found Xendesktop to be far to disparate and having all the different admin consoles was just annoying. I also was not sold on the VM hosted apps feature for compatibility, it just meant I had a whole host of extra XP machines to run. ThinApp was far cleaner with less management. It was also annoying that they used different architectures IMA for XenApp and FMA for desktop. I also find that the Citrix architecture is pretty complex and VMware View was a lot easier to deal with and train other people on.

I will admit that until this announcement I was considering my strategy as Citrix were finally planning with 7.5 to unite the platform. But I was very dubious as we saw with 7.1 they ditched XenApp and annoyed a lot of people. Whilst it looks like 7.5 brings Xenapp back into play it’s still based on FMA and as such loads of features are still not there! Nice one Citrix, you made my decision for me!

Time to move my Xenapp 6.5 to Horizon 6! I love the fact that I can run the two side by side, I mean that is seriously cool and incredabily shrude of VMWare. I actually have a hunch that it will be easier to migrate from XA 6.5 to Horizon than it will be to XA 7.5 as that basically means starting again.

obviously the RDSH is not the only new feature but to my mind it is the biggest and has the most impact. Not only to me but to the entire EUC space.

If time allows it I will get another post out with some thoughts on the other new features and I will detail my upgrade path from XenApp as I think that will be interesting.

Why we moved from Cisco switches to Huawei Cloud Engine switches

Posted in Cisco, Networking with tags , , on April 20, 2014 by infrastructureguy

I don’t work for Huawei and nor have they commissioned me to write this. I hate having to say that but I feel like I need to. I like to write the odd article about tech and why I have deployed it as it’s a genuine customer view/end-user view and I like to report on good or bad that I see as I go through my IT life.

One of the most recent projects that has just gone live is moving our Cisco switches (Core and Distribution layers) to Huawei. In part there are a number of reasons why we moved away from Cisco.

  1. For starters the commercials for Huawei are considerably cheaper when you sit them next to Cisco. As an example buying into the Cloud Engine series which in my mind is the same as buying into Nexus for Cisco is as much as 60% cheaper.
  2. The actual through-put on the Huawei switches are for the most part higher than Cisco. I don’t have any hard facts to back this up so don’t shoot me down, I am just going on what I found in my R&D
  3. When you look at features that you get for you hard-earned cash you do get a hell of a lot more for less
  4. Our first experience of Huawei support whilst on a POC was first class and they are a lot more agile than Cisco when it comes to bug fixes and changes. I realise that Cisco are huge but we need to work with more agile vendors so this suits us
  5. In fact the actual POC and getting access to the loan equipment was excellent, they really went the extra mile to make sure we had the full experience, again I have found Cisco to be a bit anal when it comes to that type of thing, especially when you are not a huge customer.
  6. We got access to their “Hedex” documentation store which is awesome. Basically they give you an offline copy of all of their documentation, but to top it off the documentation not only has numerous config examples, they are all really good and they actually walk you through a technology from basics. Awesome when you are stuck on site and there is no Internet and you need to configure TRILL for example.

In closing if you are in a similar situation to me (limited budget, aged network etc) and you want to future proof your network I would consider Huawei. Ours have been in production for three months and have shown no issues at all. If you are a die-hard Cisco guy like me then you will be able to transition quickly to the Huawei IOS. In fact I will put a post out about that soon.


XP – Its been a blast!

Posted in Microsoft with tags , on April 14, 2014 by infrastructureguy

I did enjoy this little Marketing message from Microsoft, basically saying please come and buy Windows 8.


Marketing aside, April 8th 2014 has been and gone and much like the Y2K bug we are all still here. Some might say for how long, especially in light of patch of the first patch Tuesday looming tomorrow. Time will tell but no matter the threat there will be thousands of businesses who will still be on XP for years to come.

I feel I can say that with a degree of confidence as I still see the odd NT 4.0 box kicking around,  maybe in the next year or so the bulk of companies will have moved off of XP but the question that interests me is what will people move too? I don’t intend on answering that, it’s a question that is as long as it is broad, but it’s just the Operating system and does the business even care if its Windows 7 or Windows 8.1. They just want something that works and is secure. At least that is the push back that I get from my board.

If you look at how EUC is evolving and think back to what XP did during its life time I think we will not see such a dominant Desktop OS in the enterprise again. Users are demanding more flexible means and ways of working and that takes the focus away from the OS and places its squarely on the applications and how they are delivered.

I started in IT during 1999 so I saw the big change over from NT to XP and I am pretty sure that the cycle is just repeating itself with XP and Windows 8 for example. We IT folk just don’t like change, when in actual fact we should relish it. Whilst I look back with a great fondness for XP, I for one am really pleased to be moving on as these days it just does not cut it and I grow tired of trying to make it bend to life in 2014, most of our service desk tickets are related to XP and how it doesn’t quite support this or it wont do that.

In closing I bid a fond farewell to XP and I am saying hello to post XP support (yes, I can’t quite get rid of it all yet!) as well as planning for the demise of Windows Server 2003! The clock is already ticking folks….

Using openSSL to merge a certificate and key from your F5

Posted in Citrix, F5 with tags , , , , on April 9, 2014 by infrastructureguy

Just a quick one, I had to do this the other day with our certificate. I know that you can do this on the F5 through an SSH connection. But I decided to use the version I had installed on my Windows Desktop.

After a few moments of bashing my head against the proverbial brick wall I found that this was the way to do it.

For those interested I was doing this so that I could import our wild card certificate into my Citrix Gateway as the versions that I could download from verisign were not compatible and gave an error on import. In fact I will try to get a post up about that.

If you follow these steps you should end up with a cert that will have the Private key and will work if Citrix or VMware view for that matter.

  1. On the F5 export the Certificate file and key file. Copy them somewhere you can find them. I actually put mine in the OpenSSL folder. That way I didn’t have to worry about typing paths! Yes I am that lazy!!
  2. Open a command prompt and start OpenSSL
  3. Type the following pkcs12 -export -in .crt -inkey .key -out .p12
  4. You will see a message saying “loading ‘screen’ into random state – done
  5. It will then prompt for a password to allow the Private key to be exported. This is important for Applications like the Citrix Secure Gateway
  6. You will then see a message saying ” Verifying – Enter export password:” So go ahead and confirm your password

And that is it. Pretty straight forward when you know how, and you will have a nice new certificate with private key that can be exported.


VMware purchase Airwatch

Posted in End user computing, Horizon Suite, Vmware with tags , , , on March 31, 2014 by infrastructureguy

*Er.. before you read this, please note that I wrote this a few days after the acquisition. I thought I had published it. Clearly not!*

I think I must have missed this one as I only discovered this latest acquisition whilst talking to a member of VMware’s technical marketing team the other day. I don’t usually write anything on this type of news but I thought I would give it a bash and see what happens!

It would seem that mobile device management has been on companies watch lists for a while and in the last year it has clearly attracted some real attention. You only need to look at Citrix buying Mobile Iron and Good and the recent purchase of MAAS360 by IBM to see that.

I was starting to think that VMware were hell-bent on getting Horizon Mobile out to market as their only offering in the mobile space. Don’t get me wrong, whilst having a hypervisor on my phone seems awesome, I am just not convinced that it would work in the enterprise. For starters it’s not available in the UK (at least it wasnt last year when I was looking at MDM) so it’s a limited market, next the phones that listed as supporting the tech was also limited and unless I am just missing the point what would be classed as the real business need for a hypervisor on a phone, I for one don’t see anyone talking about that type of requirement. Anyway that was the point of this post, so I digress and get back to the subject at hand.

In my humble opinion I can only see this as a positive move for VMware, I do wonder if it will supersede Horizon Mobile and if the two can/will co-exist. Horizon Mobile aside, if you consider that VMware appear to want to be taken seriously in the EUC space then offering a MDM solution with-in their suite makes a lot of sense, their biggest rival Citrix has a big presence in this space so why not keep up with the Jone’s so to speak. Again, this is just my opinion but I think that this purchase is more along the right track than say Zimbra or Slide Rocket for example. I never really got those purchases, why would VMware think that providing the applications would be a good idea, especially when their EUC offering at that time was seriously lacking in features.

From an architecture point I think that VMware will need to work quickly to integrate this into the suite. If I looked at my campus then I would envisage having any number of mobile devices accessing my workspace portal and having the ability to stop them at the perimeter and posture, control and deploy a secure container automatically would be pretty cool. I would never have to worry about those devices.

When I asked the Tech marketing guy how it would be licenses and when it would be available he drew a complete blank and said that there was no information to hand. I am not surprised at all but if you don’t ask you don’t get. One will assume that it will eventually be built into the Horizon Suite SKU and I am hoping that existing customers will just get it as part of their current agreement. However that will remain to be seen!

The articles that I read seemed very focused on the commercial aspect of this deal and its a large sum of money, whilst I don’t really have an opinion on that I did think to myself that there must be a few VC’s out there right now with some nice big smiles on their faces!

Coupled this with the DeskTone purchase VMware are clearly here to stay in the EUC space and like it or not I don’t see that changing for quite some time.

You can read more about this acquisition from the horses mouth so speak.

%d bloggers like this: