Microsoft Azure Services by Region

Have you ever wondered what Microsoft Azure services were available in what regions?  Well Microsoft has a webpage showing what services are available in what regions.  I highly recommend reviewing the chart as some services are not in all regions.  An simple example of this is not all VM instances are available in all regions.  It’s good to know this BEFORE you start designing and building Azure resources.

https://azure.microsoft.com/en-us/regions/#services

2016-05-24 09_13_03-Azure Cloud Services by Location or Region _ Microsoft Azure

My Microsoft Shared Web Hosting Plan was Suspended!

Update November 19, 2014

Either the upgrade to the latest version of WordPress solved my issue or whatever was causing spikes in CPU time and traffic stopped.  There my upgraded there hasn’t been any spikes.  I knew my personal site was low traffic so those spikes were odd. 

image

 

 

 

 

Original Post November 15, 2014

My personal website is hosted on Microsoft Azure as a shared web hosting plan using WordPress.  Since my WordPress database is over 20MB I do pay $9.99 a month for a larger DB through ClearDB.  Yesterday I went to post a blog to both Catapult’s website and my personal website.  When I attempted to post it to my personal website I received a 402 error in Windows Live Writer.  When I browsed to my personal website the page said it was temporary unavailable and to check back soon.  I’m sorry that I didn’t get a screenshot.  I wasn’t planning on blogging about this.  Knowing something wasn’t right I logged into Azure to manage my website and I noticed it was was suspended for excessive CPU cycles.  I guess your only allowed 4 hours of CPU time every 24 hours.  There are also quotas but since my personal website isn’t visited much I didn’t understand why I was hitting any quotas.  I’ve never had this problem in the past and if I have I didn’t know about it.  Sure enough everything eventually went back to normal but it looks like there are spikes every few days that might be suspending my account.  Since then I updated WordPress to version 4 and I’m going to monitor everything.  Hopefully that fixes this problem.  If it doesn’t I need to look at other things.  I could upgrade to a dedicated VM or add support but my personal website isn’t worth $30-$50 a month. 

screenshot.356 

 screenshot.364

 screenshot.365

 screenshot.366

 screenshot.367

 screenshot.368

 screenshot.369

 screenshot.370

 screenshot.371

 screenshot.372

 screenshot.373

 screenshot.374

 screenshot.375

 screenshot.376

My Microsoft Shared Web Hosting Plan was Suspended!

My personal website is hosted on Microsoft Azure as a shared web hosting plan using WordPress.  Since my WordPress database is over 20MB I do pay $9.99 a month for a larger DB through ClearDB.  Yesterday I went to post a blog to both Catapult’s website and my personal website.  When I attempted to post it to my personal website I received a 402 error in Windows Live Writer.  When I browsed to my personal website the page said it was temporary unavailable and to check back soon.  I’m sorry that I didn’t get a screenshot.  I wasn’t planning on blogging about this.  Knowing something wasn’t right I logged into Azure to manage my website and I noticed it was was suspended for excessive CPU cycles.  I guess your only allowed 4 hours of CPU time every 24 hours.  There are also quotas but since my personal website isn’t visited much I didn’t understand why I was hitting any quotas.  I’ve never had this problem in the past and if I have I didn’t know about it.  Sure enough everything eventually went back to normal but it looks like there are spikes every few days that might be suspending my account.  Since then I updated WordPress to version 4 and I’m going to monitor everything.  Hopefully that fixes this problem.  If it doesn’t I need to look at other things.  I could upgrade to a dedicated VM or add support but my personal website isn’t worth $30-$50 a month. 

screenshot.356 

 screenshot.364

 screenshot.365

 screenshot.366

 screenshot.367

 screenshot.368

 screenshot.369

 screenshot.370

 screenshot.371

 screenshot.372

 screenshot.373

 screenshot.374

 screenshot.375

 screenshot.376

Microsoft Azure Websites and ClearDB’s free MySQL database

A few weeks ago I used Microsoft Live Writer to create and post a blog article.  When I posted it to Catapult’s blog it worked.  When I posted it to my personal blog it failed.  I won’t discuss Catapult’s setup but my personal blog is WordPress running on Azure websites with ClearDB’s free MySQL database.  When I tried to post it to my personal blog I ended up getting some 500 error or something like that in Live Writer and it wouldn’t post.  When you’re in technology one question you always have to ask yourself is what changed between when something was working and when it stopped working.  That was pretty simple in this case.  My workstation crashed and I had to reload the operating system, software, and re-configure Live Writer on the new machine.  I was pretty sure that was the problem but I blew it off at the time since I had more important things to work on.  Today while trying to edit text in a WordPress tile it kept resorting back to what it originally was before I hit the update button.  That’s when I knew there was a problem bigger than an incorrect setting in Live Writer.  First I couldn’t post anything and now I can’t change a single word in a tile.  Now I was forced to troubleshoot my personal website.

I logged into my Azure account and clicked link to take me to my ClearDB account.  It turns out my free MySQL database was over the free 20MB limit.  Azure doesn’t tell you this but you’ll see it on your ClearDB page.  When you’re over your limit the database goes into a read only mode and nothing can write to it.  This explains the vague error when posting a new blog article and also why I couldn’t make any changes to the website from the WordPress admin site today.  It also explained why I couldn’t delete spam comments in the WordPress admin site today.  I’d hit delete and they’d come right back! 

Using guidance from the websites below I tried to clean it up through the MySQL workbench but it still didn’t take me below the 20MB limit.  I ended up having to upgrade my account from the free version to a paid version adding $10 a month to my budget for a 1GB database. 

I’m a little upset that I now have to spend more money on a DB for my website but overall the Azure website has been flawless.  I’ve never seen it offline unlike where I had my website hosted in the past.  Going from 20MB to 1GB hopefully I’ll never hit THAT database limit.

http://blogs.msdn.com/b/onemicrosoftvoice/archive/2013/01/02/using-mysql-workbench-with-windows-azure-web-sites.aspx

http://www.johnpapa.net/azurecleardbmysql/

Microsoft Azure Open Licensing for partners

“Microsoft Azure will be available for partners to resell in the open licensing programs on August 1st of this year(2014)”. 

 

This is great news as can be one less bill for companies to pay that are looking for a partner to implement and then manage certain aspects of IT.  It also combines the consulting and service fees in setting up a solution with ongoing costs.  I see this as a way for partners to keep a long term open relationship with a client. 

http://www.digitalwpc.com/Community/Perspectives/Pages/Announcing-Microsoft-Azure-in-Open-Licensing-for-partners.aspx#fbid=Ws6bDC9pQn-

Microsoft Unified Access Gateway 2010 using Microsoft Windows Azure for Multi-Factor Authentication

Passwords are not enough these days to protect someone from logging in as you.  Many public websites have Multi-Factor Authentication (MFA) as an added layer to their normal login process.  Microsoft, Yahoo, Google, Evernote, facebook and Twitter are just a few websites where you can enable MFA.  There are also companies that offer MFA that integrates with a company’s infrastructure.  Some popular names are Quest, SecureID, and PhoneFactor.  Now that Windows Azure offers MFA it’s possible to incorporate MFA into systems that are located at a data center or offices while taking advantage of the cloud.  This allows a company to implement MFA without having to rely on proprietary hardware that users have to carry around on their keyring.  Even with low end cell phones MFA is possible.  Also a company doesn’t need VPN to Azure, VMs on Azure, or host a website on Windows Azure. As long as the MFA server can talk to the internet MFA is possible.

 

As great as UAG is it’s even better with MFA.  This blog will discuss how to incorporate Windows Azure MFA with UAG.  Best practices, advanced topics, or discussion about the MFA server will not be discussed as they are out of scope for this blog.  The purpose of this blog is to get MFA working bare bones with UAG where in the future it can be improved, modified, and tweaked.  Some topics that won’t be covered are:

  • Other authentication methods
  • Differences in authentication
  • Planning
  • Integration for Exchange/Outlook webmail
  • Integration for websites
  • LDAP
  • MFA server redundancy
  • Anything else

 

Prerequisites:

  • A Windows Azure account
  • A workstation or server that will be dedicated as the multi-factor authentication server
  • A working UAG server

 

Rough Steps:

  • Create a new multi-factor provider in Windows Azure by clicking new, app services, active directory, multi-factor auth provider, quick create.  Name it and choose the usage model.  Per enabled user charges a fee per user per month.  Per authentication is a fee per authentication.  Please refer to the current Windows Azure prices.  It’s important to note that once a usage model is set it can’t be changed.  For the directory make sure it’s set to do not link a directory. Click create.
    screenshot.205
  • In a short amount of time the new multi-factor auth provider will be created.
    screenshot.206
  • Highlight the new multi-factor auth provider and click manage.
    screenshot.207
  • This will bring up a new window/tab.  Notice how the URL is a phonefactor.net website.  Click downloads.
    screenshot.208
  • A list of servers and workstations the multi-factor authentication server can installed and ran on will be listed.  It can be installed and ran on a server or workstation class machine.  Click the download link to download the software.
    screenshot.209
  • Once the software is downloaded copy it to the designated MFA server.  A recommendation would be to access the website from the MFA server because some copying and pasting will need to be done from the website to the MFA application.  Run the MFA software to install.
    screenshot.210
    screenshot.211
    screenshot.212
  • Once finished a setup wizard will appear.  Click next.
    screenshot.213
  • For the email and password go back to the website where the software was downloaded.  At the bottom of the webpage click generate activation credentials to get the activation email and password.
    screenshot.214
    screenshot.215
  • Enter the email and password that was generated on the website and click next.
    screenshot.216
  • Since this is a new install enter a new group name and click next.
    screenshot.217
  • Click next as enabling replication between MFA servers is out of scope for this blog.
    screenshot.218
  • Choose RADIUS as UAG will be a RADIUS client and MFA will be the RADIUS server.
    screenshot.219
  • Enter the IP address of the UAG server with a secure shared secret.  The authentication ports should be fine.  If there are more than one UAG server RADIUS clients can be added at a later time in the MFA server.  Click next.
    screenshot.220
  • Windows credentials needs to be passed so choose windows domain and click next.
    screenshot.221
  • Click next.
    screenshot.222
  • Click finish
    screenshot.223
  • MFA server will open up and the users section should be blank.  In this example AD users will be imported so click import from active directory at the bottom of the window.
    screenshot.224
  • There are many options but in this test AD environment there are only two users so clicking import will import both of those users.
    screenshot.225
  • When the import is finished a summary window will appear.  Click OK after reviewing it then click close in the import from active directory window.
    screenshot.227
  • Two users were imported and both are disabled.  For this blog we want to enable the user Adam, set a cell number(If AD is property populated this can be imported), and how to authenticate.  To do this highlight the user and click edit.
    screenshot.229
  • In the edit window put a check in enabled, enter a phone number with area code, and choose text message OTP.  This will enable the account, assign a phone number, and send a text message where the user will have to reply with the one time password to authenticate.  There are other methods but those are outside the scope of this blog.  Click apply then close when finished.
    screenshot.230
  • the user Adam is now enabled.
    screenshot.231
  • Since this is a new implementation of MFA it’s recommended to test before continuing.  To do so highlight the user and click test.  A window will appear with the username and primary authentication filled in.  Type in the password and click test.
    screenshot.232
  • At this time a text message will be sent to the users cell phone.  The message will say(123456 being random numbers)
    ”123456 Reply with this verification code to complete your sign in verification to Multi-Factor Authentication server.”
    wp_ss_20131215_0002
    screenshot.233
  • If the user replies and Windows Azure receives the text message the window below will appear.
    screenshot.234
  • If the user does not reply or Windows Azure does not receive it in time the window below will appear.
    screenshot.235
  • Now that MFA is at least communicating with Windows Azure it’s time to configure UAG to use MFA.
  • During the MFA setup the RADIUS client IP/Name, shared secret, and ports were configured.  In UAG the authentication server needs to be changed from domain controller to RADIUS for the trunk that is being tested and worked with.
  • In UAG create a new authentication server.  The server type will be RADIUS, name it under server name, IP address/host will be the MFA server that was created, port should not need to be changed, type in the secret key, and check support challenge-response mode.  Click OK then close.
    screenshot.238
  • In the trunk remove the current authentication server and replace it with the RADIUS one that was just created.  Click OK then activate the configuration in UAG.
    screenshot.239
    screenshot.240
    screenshot.241
  • Test by navigating to the UAG trunk page, typing in the username and password, then click log on.  A text message should be sent to the user’s cell phone that needs to be replied to.  During this time the browser will be working but it won’t change screens.  After Windows Azure receives the text message with the password in it the portal page should appear.
    wp_ss_20131215_0002
    screenshot.244
  • Notice how the browser is working(spinning circle in tab) waiting for the text message reply.

    screenshot.245

  • Windows Azure received the text message.
    screenshot.246
  • Of course since the MFA process adds time to log in the RADIUS timeouts will need to be increased in UAG.  This is true with most applications that will use MFA.
  • The RADIUS application will need to be named in the MFA server so the text message will be more meaningful.

 

Summary

Technically it’s quite easy to add MFA to UAG.