Proximity Placement Groups in Azure

When deploying your applications in Azure, spreading your IaaS resources across Azure Regions or Availability Zones creates network latency, which may impact the overall performance of your application. For e.g. Placing VMs in a single region reduces the physical distance between the instances. Placing them within a single availability zone will also bring them physically closer together. However, as the Azure footprint grows, a single availability zone may span multiple physical data centers, which may result in a network latency impacting your application.

A proximity placement group is an Azure Virtual Machine logical grouping capability that you can use to decrease the inter-VM network latency associated with your applications. When the VMs are deployed within the same proximity placement group, they are physically located as close as possible to each other. Proximity placement groups are particularly useful to address the requirements of latency-sensitive workloads. 

Use Proximity Placement Groups when you need

• Low latency between stand-alone VMs.
• Low Latency between VMs in a single availability set or a virtual machine scale set.
• Low latency between stand-alone VMs, VMs in multiple Availability Sets, or multiple scale sets. You can have multiple compute resources in a single placement group to bring together a multi-tiered application.
• Low latency between multiple application tiers using different hardware types. 

How to deploy VMs in a Proximity Placement Group (PPG)?

You can create a PPG from Azure Portal, CLI or PowerShell. I'm going to walk you through Azure CLI.

- Make sure you have the latest Azure CLI installed and authenticate to your subscription

- Create a Resource Group and a PPG

• az group create --name azurekcRG --location westus
• az ppg create -n myPPG -g azurekcRG -l westus -t standard

- Create VMs in the PPG

az vm create -n myVM1 --admin-username kumara --admin-password \ abcxyz123 -g azurekcRG --image UbuntuLTS \

--ppg myPPG  --size Standard_D1_v2  -l westus

az vm create -n myVM2 --admin-username kumara --admin-password \ abcxyz123 -g azurekcRG --image UbuntuLTS \

--ppg myPPG  --size Standard_D1_v2  -l westus

- You can query for the VMs placed in the Proximity Placement Groups

az ppg show --name myppg --resource-group azurekcRG \

--query "virtualMachines"

Best Practices

• For the lowest latency, use proximity placement groups together with accelerated networking. 
• Deploy all VM sizes in a single template. In order to avoid landing on hardware that doesn't support all the VM SKUs and sizes you require, include all of the application tiers in a single template so that they will all be deployed at the same time.
• If latency is your first priority, put VMs in a proximity placement group and the entire solution in an availability zone. But, if resiliency is your top priority, spread your instances across multiple availability zones (a single proximity placement group cannot span zones).

Conclusion

To achieve the lowest possible latency, you should deploy VMs within a proximity placement group. Some resources like Azure Shared Disks, SQL AlwaysOn, SAP Workloads are typically deployed in Proximity Placement Groups to achieve low latency. 

References

- Refer to Azure Docs for additional best practices and possible errors while deploying Proximity Placement Groups

Immutable Storage in Azure Storage

Financial Services organizations regulated by the Securities and Exchange Commission (SEC), Commodity Futures Trading Commission (CFTC), Financial Industry Regulatory Authority (FINRA), Investment Industry Regulatory Organization of Canada (IIROC), Financial Conduct Authority (FCA), and more are required to retain business-related communications in a Write-Once-Read-Many (WORM) or immutable state that ensures they are non-erasable and non-modifiable for a specific retention interval. The immutable storage requirement is not limited to financial organizations but also applies to industries such as healthcare, insurance, media, public safety, and legal services.

Immutable storage for Azure Storage Blobs enables:

• Time-based retention policy support: Users set policies to store data immutably for a specified interval of time.
• Legal hold policy support: When the retention interval is not known, users can set legal holds to store data immutably until the legal hold is cleared.
• Support for all Blob tiers: WORM policies are independent of the Azure Blob Storage tier and will apply to all the tiers, hot, cool and archive. This allows customers to store the data in the most cost-optimized tier for their workloads while maintaining the data immutability.
• Blob Container level configuration: Immutable storage for Azure Storage Blobs allows users to configure time-based retention policies and legal hold tags at the container level. Users can create time-based retention policies, lock policies, extend retention intervals, set legal holds, clear legal holds etc. through simple container level settings. The policies apply to all the Blobs in the container, both existing and new Blobs.

How to enable this feature?

1. Head over to Azure Portal

2. Create a new container or select an existing container to store the blobs that need to be kept in the immutable state. The container must be in a general-purpose v2 or Blob storage account.

3. Select Access policy in the container settings. Then select Add policy under Immutable blob storage.

4. To enable time-based retention, select Time-based retention from the drop-down menu. Enter the retention interval in days 

5. The initial state of the policy is unlocked allowing you to test the feature and make changes to the policy before you lock it. Locking the policy is essential for compliance with regulations like SEC 17a-4. Lock the policy. Right-click the ellipsis (...), and the following menu appears with additional actions:

6. Select Lock Policy and confirm the lock. The policy is now locked and cannot be deleted, only extensions of the retention interval will be allowed. Blob deletes and overrides are not permitted.

7. Follow the same process to enable Legal Holds.

Conclusion

Immutable storage for Azure Blob storage enables users to store business-critical data objects in a WORM (Write Once, Read Many) state. This state makes the data non-erasable and non-modifiable for a user-specified interval. For the duration of the retention interval, blobs can be created and read, but cannot be modified or deleted. Immutable storage is available for general-purpose v2 and Blob storage accounts in all Azure regions.

How to attach and detach a Public IP to an Azure Virtual Machine?

There are times you may have to detach a Public IP from a Virtual Machine to prevent access from the public internet. In this post let's understand the steps to attach and detach a Public IP for an Azure VM.

Attach the Public IP

1. Point your browser to Azure Portal

2. Go to your VM's Networking section

3. Click on the Networking Interface >> Settings >> IP configurations

4. Click on ipconfig1

5. Associate the Public IP address

6. You can create a new Public IP on this screen or select an IP that was created earlier from the drop down list box. Save the changes.

7.  Go back to the Settings >> Networking screen and verify if the Public IP was attached to the VM.

Detach the Public IP

Repeat the same process to detach the IP from the VM.

Click on Networking >> Network Interface >> IP Configurations >> ipconfig1

Click on Disassociate; Save the changes.

You can also attach/detach the Public IP via Azure CLI or PowerShell

Run a Hackathon or Classroom Labs in Azure

 

Azure Lab Services

Are you planning to conduct a hackathon or classroom labs in your organization but are short of time to procure hardware, licenses etc. Look no further — Azure Lab Services helps you to quickly set up a development, test, hackathon, or a classroom lab for your team or students in the cloud.

Some salient features of Azure Lab Services include

1. Automatic management of Infrastructure and scale: Azure Lab Services is a managed service, which means that provisioning and management of a lab’s underlying infrastructure is handled automatically by the service. Scale your lab to hundreds of virtual machines with a single click.

1. Simple experience for students/users: Invite your students/users via a registration link. Upon successful registration, they’ll directly access the lab VMs.

1. Cost Optimization and tracking: Keep your budget in check by controlling exactly how many hours your lab users can use the virtual machines. Set up schedules in the lab to allow users to use the virtual machines only during designated time slots or set up reoccurring auto-shutdown and start times.

1. Integration with Microsoft Teams: Azure Lab Services can be leveraged within Microsoft Teams using Azure Lab Services Teams App. Provides Single Sign On (SSO) from Teams to Azure Lab Services. Educators can set up labs so the students can access their VMs from within Teams.

Getting Started

- Setting up Azure Lab Services is a multi-step process. Head over to Azure Portal and search for Lab Services.

- Create a Lab Account in your Azure subscription

You can also attach a Shared Image Gallery to version your custom images as well as peer a virtual network to access resources in your VNet. For this demo, I’m going to skip these two options.

Once the lab account is created, head over  to  Lab Services Portal. The Lab VMs will be running in Microsoft’s managed tenant so you’ll not see any VMs in your subscription.

• Create a new Lab, provide VM credentials and set the Lab policies. The lab creation will take at least 20 minutes.

Once the lab is provisioned, you should see something like below

Click on the lab that you just created.

You will see the Lab’s Dashboard. From here you can work on the Template, add VM pool, Users and the Lab schedule.

Click on Template. Initially the template will be in Stopped State. Go ahead and start the template. RDP in to the template VM. This is like a base image VM in which you’ll install all your custom software. Now you’ll see an option to Publish the VM. This is the image that you’ll use to create Lab VMs or create new Labs in the future.

You can set the max VMs now or have an option to set the max VMs after the template is published.

Invite Students/Users to the Lab

You’ll see options to manually add users or upload a CSV.

Click on Invite all to send an invite to your students. Once the user completes the registration, they’ll get access to https://labs.azure.com and RDP into their Lab VM.

Set a Lab Schedule

As an example I created a lab schedule for a week from 8 am to 5 pm.

Conclusion

We have just scratched the surface  of Azure Lab Services. Microsoft has published an excellent documentation on Azure Lab Services. I highly recommend you to review the docs and consider using Azure Lab Services to conduct any hackathon or classroom labs in the Cloud.

References

- Azure Lab Services architecture

- Azure Lab Services Product team’s Blog

- Classroom Types in Azure Lab Services

- Azure Lab Services integration in Microsoft Teams

Getting Started with Azure

If you are getting started with Azure you might come across a few key terms that it’s important to have a good understanding of. In this blog I'll touch upon the core Azure architectural components like 

- Azure Regions and Availability Zones.

- Tenant, Subscriptions, Resource Groups and Resources.

- Sign up for a free Azure Account.

- Access the Azure Portal.

Let's start with Azure Docs Home Page

This page will give you a detailed overview of all the services available in Azure.

Azure Regions and Availability Zones

Region is a geographical area on the planet that contains at least one but potentially multiple datacenters that are nearby and networked together with a low-latency network. Pls refer to Azure Regions map.

Availability Zones are physically separate data centers within an Azure region. Each availability zone is made up of one or more data centers equipped with independent power, cooling, and networking. An availability zone is set up to be an isolation boundary. If one zone goes down, the other continues working. Availability zones are connected through high-speed, private fiber-optic networks. Pls refer to the Availability Zones map

Azure Tenant and Subscription

Tenant is a representation of an organization.  It refers to a single instance of Azure Active Directory, or, as it is often called “Azure AD”. Azure AD is a key piece of Microsoft’s cloud platform as it provides a single place to manage users, groups and the permissions they hold in relation to applications published in Azure AD. 

Azure AD Tenants are globally unique and are scoped using a domain that ends with ‘onmicrosoft.com’ (i.e. myazuread.onmicrosoft.com) and each has a ‘Tenant ID’ in the form of an UUID/GUID. Typically customers choose to connect their internal Active Directory environment to Azure AD to allow single or same sign-on for their staff and will also use a custom domain instead of the default ‘onmicrosoft.com’.

Subscription is a logical container into which any number of resources (Virtual Machines, Web Apps, Storage Accounts, etc) can be deployed.  

Resource Groups is a container that holds related resources for an Azure solution. The resource group includes resources that you want to manage as a group. 

Resource are instances of services which you can simply create, like Storage, Virtual Machines, Virtual Networks or SQL databases.

Sign up for a free Azure Account

- Point your browser to https://azure.microsoft.com/en-us/free/

-  Login using your MSN Live or Outlook account. The registration process is pretty much self explanatory.  You'll be asked to provide your credit card info for validation purposes but you won't be charged unless you exceed $200 limit. You should have your Azure account ready in less than 15 minutes. 

- Login to Azure Portal https://portal.azure.com using your initial admin user and password. Your home page will look something like below.

Conclusion

In this post we learnt about Azure Services, Regions, Availability Zones, Tenant and Subscription. We also created a new trial subscription and able to login to the Azure Portal. This is a good start to explore the exciting features of Azure Platform.