Starting and Stopping Azure Virtual Machines in Parallel

The commands Start-AzureRmVM and Stop-AzureRmVM give us a simple way to start and stop VMs in Azure. The only thing is, they work synchronously, so we have to wait for the whole startup or deallocation process to finish before the command returns. If you have to start up anything more than a few virtual machines then using these commands is going to take a long time. If you are working at serious scale in the cloud and are starting up tens or even hundreds of VMs at a time then using these commands is not going to be a option. It would simply take too long to start or stop them one by one. What we need is a way to run these commands asynchronously and startup/shutdown many VMs in parallel.

I want to demonstrate a few ways we can use multi threading in Powershell to achieve this.

Continue reading Starting and Stopping Azure Virtual Machines in Parallel

Custom Auto Scaling for Azure ARM Virtual Machines

Azure has always offered out of the box auto scaling for classic VM’s (virtual machines in cloud services) but for ARM virtual machines no such offering exists.

Azure does offer scale sets for auto scaling ARM VM’s but scale sets may not fit your workflow or you may have existing ARM virtual machine farms that you want to apply auto scaling to. I will demonstrate how we can use Azure VM diagnostics and Azure Automation to create auto scaling systems that can work using a variety of metrics and scale out (increase VM number) as well as scale up (increase VM size)
Continue reading Custom Auto Scaling for Azure ARM Virtual Machines

List all your resources in Azure

I want to share a handy script that lists out all the resources in your Azure subscriptions and exports that data to an excel workbook.

It really lists out every single Azure resource (classic and ARM) from virtual machines and NICS to automation accounts and alerts. There are also a few tricks in there to decorate the data with some extra information. e.g. whether a vm is powered on, what vnet it is in etc. You can use a similar approach to modify the script to output whatever data you are interested in.

The script is very useful at giving a quick overview of what your current azure usage is and is good for flagging up anything that shouldn’t be there.

Continue reading List all your resources in Azure

Auditing Management Certificates in Azure

The cmdlets Get-AzurePublishSettingsFile and Import-AzurePublishSettingsFile setup and configure management certificates in Azure and on the local machine to allow easy authentication to access classic resources in Azure.

man certs

I have seen several potential pitfalls with this approach.

  • Removing a user as co-admin on a subscription does not remove or invalidate the management certificates. Unless you have really on the ball Azure admins, this can leave users with full access to your classic resources even after they have been removed as subscription admins.
  • Management certificates can not be linked to specific users. This makes removing a specific users management certificates very tricky.
  • The anonymity of these certificates makes auditing user actions very difficult.

It is for all these reasons that I see the use of these certificates as a very big security risk and it is worth noting that the use of management certificates and publish settings has been deprecated for ARM resources.

In all the Azure environments I have worked in I have enacted a policy to disallow the use of management certificates completely and force all users and applications to authenticate into Azure using different methods (Azure active directory, service principals). The following scripts show how we can automate the auditing of these certificates and potentially automate the removal of unauthorised certificates.

Continue reading Auditing Management Certificates in Azure

Getting Serious about Powershell

Powershell is what I would describe as a ‘stackoverflow language’. Its the kind of language that, as long as you’ve got some previous experience developing on Windows, you can just get started with by reading a few stackoverflow posts and copying and pasting a few code snippets here and there.

Very few developers out there take their Powershell skills and knowledge seriously and simply use it as a means to an end. This often results in messy, sprawling, untestable and unextensible collections of scripts which end up impeding rather than enabling development.

I have seen this in many teams I’ve worked in and I’ve been that Powershell stackoverflow developer. I experienced first hand the impeding nature this had on the development and release cycle but thankfully a while ago I started taking Powershell development much more seriously and started using lots of new and emerging technologies and frameworks to treat Powershell as a first class language. Here are my top tips of things you should be doing to if you want to start taking Powershell development seriously

Continue reading Getting Serious about Powershell

TFS Build 2015 (vNext) – Scripts and Variables

This post is part of a series of articles on the new TFS Build vNext System.

So as I talked about before it looks like the main way we will be able to customise our builds is to simply add a powershell script task to the build. We can create custom tasks if we like but for most build activities it will be enough to just add a powershell script. So lets say we have a set of unit tests that run against a database and we need to drop and recreate the database before the unit tests run. Here’s a simple example of how to wire in a script that does just that. Continue reading TFS Build 2015 (vNext) – Scripts and Variables

Multi Threaded PowerShell Cookbook

Powershell scripting has never been my favourite area to work in. Coming from a background of C# and C++, I’ve always found Powershell to be a bit hacky, not very rigorous and quite time consuming to write and test. Recently, I had need to multi thread some long running Powershell scripts and the results I got as well as the processes and frameworks I used to achieve them have completely changed my opinion of Powershell.

I was able to get a process that previously took up to one hour, to complete in less than 2 minutes. What I found was a system that is intuitive, robust and scales incredibly well. I never thought I’d see these kind of results using Powershell but I have been very happily surprised.

Continue reading Multi Threaded PowerShell Cookbook