Azure DNS: What Comes First?

Oh, it’s that age old question – what comes first? The chicken or the egg?  With Windows Azure, the question often is about DNS. What comes first?  The IP address of the DNS server or the machine itself?

Honestly, it depends on what you plan on doing with your virtual machines and how you utilize the virtual networks.

Option 1: Spin up a VM as a “Quick Create”
When you do this, you are creating a VM without a custom virtual network that you control. The Azure fabric will assign an external IP address (VIP) and an internal IP address (DIP) isolated from all other machines. An appropriate DNS server from the fabric will be injected and your servername.cloudapp.net DNS name will be registered so your VM can be reachable from the Internet. All is done.

You could create other VMs the same way and the only way they would be reachable from one to the other is over the Internet via ports you opened. They would not share any “internal” networking.

Option 2: Create a Virtual Network and the create VMs attached to your VNET.
When you do this, you are controlling the internal address assignments and purposely joining VMs to that network so they can communicate with each other.  For that they need an “internal” DNS server.
Because the DNS settings are injected into the VM upon boot, you must have the IP address of that DNS server in mind before you begin and assign it within your Virtual Network settings, before creating the VMs themselves.

This DNS server could be from your on-premises network (if you are creating a site-to-site VPN) or one that does not yet exist in your Azure VNET, like an server acting as an Active Directory DC, perhaps.
When you create a virtual network, take note of the first IP address that would be assigned to a machine, or you can now choose to statically assign IP addresses using PowerShell. Add that address as the DNS server in your virtual network.  Then when you create VMs they will know to use the internal DNS you specify as the primary DNS.

An external address (VIP) would still be automatically assigned and the name of the cloud service would be either your server name or something else that fits into the design of what you are trying to accomplish. That DNS name would still be registered with Azure DNS, but your internal IP address would be registered with the DNS server you specified.

Happy networking!

********************
For more “Pieces of Azure” find them here:

Do You Need More Books? Of Course You Do!!

I’m sure you need a resolution for 2014 to read more books about technology!  If that happens to be one on your list, here are few that might interest you.

  • FREE eBook – Introducing Microsoft System Center 2012 R2 Technical Overview by Mitch Tulloch with Symon Perriman and the System Center Team. Read more about it at the Microsoft Press blog. This is also available in print format from Amazon, but you’ll need to pay for that.
  • Practical IPv6 for Windows Administrators by Edward Horley.  Due out by the end of December, you can currently pre-order this title.  The Kindle version should be available in January.
  • In early Spring, look for the release of Networking for VMware Administrators, by Chris Wahl and Steven Panto. While geared toward folks who work with VMware vSphere, I think it’s valuable to be able to understand virtual networking concepts and how they are used by various vendors, even if you aren’t a VMware shop. Estimated at about 350 pages, this isn’t going to be very light reading!

Do you have any reading recommendations? What’s on your list for 2014?

Getting Comfortable with Azure Virtual Networks and DHCP

One of the great features of Azure IaaS is being able to extend your existing internal network to the cloud over a site-to-site VPN. You can bring your own IP addresses, but remember, the devil is always in the details. Or rather, knowledge is power!

Azure IaaS supports the standard private IP network ranges – 10.x, 172.x and 192.x – so you can easily give your Azure network a range that is comparable to the network range you are using in your data center.

However, Azure expects all guests to receive their IP address via DHCP. This took me a bit to grow comfortable with, as I spent years in smaller datacenters were each server was lovingly assigned an IP address that had been selected from a master spreadsheet. (Old school, I know!)  My favorite servers were given “choice” addresses with easy to remember numbers.

But networking is changing and we must change with it, so I’m becoming more comfortable with having less control over the particular address assigned to a given machine. This is key thinking when it comes to network virtualization.  By abstracting away some of the nuts and bolts of the network, the ability to be more flexible is introduced – which is good.  Someone I was talking to at a conference recently compared it to the adoption of IPv6.  IPv6 addresses are so long you would never statically assign them to a machine, that is all automated.

But, can I give my Azure VM a static address? Well, lets just say nothing is stopping you. You can go into your VM IP settings and do whatever you want.  But the risk of introducing a future IP address conflict is high and you will eventually lose the ability to connect to your VM.  Azure expects to get periodic DHCP renewal requests and when those stop the Azure fabric will remove that IP as active and stop forwarding traffic to it. There is no way to connect to the “console” of your Azure VM, so lost remote access to a machine due to an addressing issue will make for a very unhappy day.

Let’s say my internal network for my servers is 192.168.10.x/24.  I have two basic options for my Azure network:

  1. Configure 192.168.10.x/24 in Azure, with a subnet for 192.168.10.128/25. I would need to make sure that everything in my physical datacenter was assigned IPs in the beginning half of the range, leaving 192.168.10.128 – 192.168.10.255 under Azure control. Azure also grabs a few other address out of the range for internal use, so I’d likely want to make sure I wasn’t using those in my physical network either. I think this option is messy and prone to errors. Also, I’m sure someone who does networking configuration all day will tell me it makes them cringe for more than one reason.
  2. Create an different address range for Azure and make sure my internal switching gear is set up to route to it, like 192.168.20.x/24.  This would allow me to use a numbering scheme that makes sense within my organization, but also makes it easy to quickly identify resources that are internal vs. Azure based.

Keep in mind that any server in Azure will be assigned a persistent private IP address from your range with an infinite lease time, so if you are worried about domain controllers or other servers where the current “best practice” is to have a static assigned address, you can relax.  The only time a machine would loose it’s IP lease is when it’s in the “Stopped – Deallocated” state.

Finally, keeping with my “plan twice, create once” mantra, once your add a machine to an Azure network, you can only make limited changes – like adding new subnets or adjusting subnets that are not yet used.

For more information visit the Windows Azure Virtual Networks Overview.

End of the Month Round Up

I’m looking forward to attending TechEd in Orlando in two weeks.  If you haven’t already signed up to attend, it might actually be too late!  TechEd is sold out this year and they are accepting names for the waiting list only at this time. I imagine it will be a crazy time, filled with lots of learning and networking with peers. 

I won’t be speaking this year, but that just gives me more time to attend some of the great sessions – I’ll be concentrating on Active Directory in Server 2012, Exchange 2010, PowerShell and some System Center.

If you are hoping for something more local to your home town, check out the Windows Server 2012 Community Roadshow. US locations will include Houston, Chicago, Irvine, New York and San Jose, just to name a few. Microsoft MVPs will be presenting the content, so don’t miss out a free chance to prepare for the release of Server 2012.

Another notable event that’s upcoming is the World IPv6 Launch. Check out which major ISPs and web companies are turning on IPv6 for the duration. 

Finally, if you are looking to make some improvements to your personal, cloud-based storage and file management for your personal computers, take a look at SugarSync.  I’ve been using it for several years and it’s been an easy way for me to access files from multiple computers and keep everything synced and backed up.  I’ve even got a link for a referral if you’d like to try it out.

IT Pro Events This Week!

Pacific IT Professionals has a few upcoming single day events this week, one in San Francisco and one in Los Angeles.

On Tuesday, Sept 20th in Los Angeles – Ed Horley and Richard Hicks will be talking about IPv6 and DirectAccess in the Enterprise.  Find out more at http://www.meetup.com/pacitprosla/events/26490521/?a=socialmedia.

On Friday, Sept 23th in San Francisco – CA Callahan will be covering SharePoint Administration for the Unexpected Administrator.  You know who you are – you inherited a SharePoint installation or have been asked to get one running.  Once you’ve got it going, then what?  This one day event will give you a chance to pick the brain of a true SharePoint expert and author of several books on SharePoint WSS 3.0 and SharePoint Foundations.  For $99, you can’t afford to miss out on this “everything but the kitchen sink” session – bring a question, you’ll get the answer!  For more details and to register go to http://techdays.org/2011/09/spwithca/

Ed Horley and Stephen Rose on RunAs Radio

Have you checked out RunAs Radio lately? 

Since 2007, RunAs Radio has been producing podcasts for Microsoft-centric IT Professionals and over the last few weeks has produced episodes featuring some of my favorite industry collegues – Ed Horley and Stephen Rose.  On 3/30/11, Ed Horley discussed the current state of the transition from IPv4 to IPv6 and on 3/23/11, Stephen covers Windows vNext, IE9 and Intune.

Here are a few other older podcasts from some others I know in the Microsoft technology space that you might enjoy.

  • 11/24/10 – Episode #187 – Mark Minasi on Cloud Technologies
  • 9/22/10 – Episode #178 – Alan Burchill on Group Policy Preferences
  • 9/8/10 – Episide #176 – Chris Jackson on app comp issues with those old IE6 applications

Upcoming – TechDays Technology Guru Speakers!

PacITPros and LearnIt have teamed up to bring you an opportunity to learn more about the future of mobile and cloud technologies. Todd Lammle and Mark Minasi will be joining forces on April 5th from 1pm-6pm, covering some great topics.

Todd will cover Cisco’s plans for taking wireless networks to a new level, Mark will cover the future of the cloud and then they will join forces to discuss IPv6 and the future of the related networking technologies.

When: Tuesday, April 5, 2011 (1pm – 6pm)
Where: Microsoft: San Francisco Office (835 Market St.)
Cost: $79 
Register at:
http://techdays.org/2011/03/todd-lammle/

This speaker series takes place right before the regular April PacITPros meeting, so rest up for a jam packed afternoon and evening of tech talk.

And With That, She’s Geeky Bay Area #4 Ends…

I had a fabulous time at She’s Geeky again this year.  Just like last year in Mountain View, it was a great chance to experience the various kinds of geekiness that bringing over 150 women together in a room generates. I hosted a small session about Systems Administration on the last day and spent the rest of the conference enjoying sessions on things like cyber identity issues, open source standards creation, “being present” while juggling new mobile technologies and wine tasting.  (Hey, there are many kinds of geekdoms!)
The next She’s Geeky will be held in Washington DC, so if you or someone you know is in the area (and happens to be a geeky woman), I totally recommend attending at least one of the days.  Personally I go to all of them, since it’s impossible to know ahead of time what each day will bring!

I’ve got some great ideas for some upcoming posts based on some of the things the event got me thinking about more, so stay tuned.  Meanwhile, don’t forget about the Pacific IT Professionals meeting tomorrow evening. Be sure to RSVP if you are planning to attend.

Finally in other news, today is the day that IANA has handed out it’s last block of IPv4 address.  Check out a quick post over at http://www.Howfunky.com that explains more

IPv6: Yes, My Head is in the Sand

There has been a fair amount of chatter about the depleting IPv4 address space how the adoption of IPv6 is looming. If you haven’t seen it, check out the post at Howfunky.com on “The Ostrich Effect“. Of particular interest is how a lot of network and system  administrators are ignoring IPv6 all together, and I admit I’m one of them.  My head is firmly entrenched in the sand. While it might not be the best approach, I’ll explain why I am where I am.
First, I’m not going to tell you that I don’t think IPv6 will stick. It will. Also, I find it pretty interesting and would love to be able to meet it head on when the time comes to make the transition.  But here’s the issue – I don’t see the pressing need right this moment for the infrastructure I work with and I have other projects that need my time and attention first.  IPv6 just isn’t an emergency.
For the enterprise that I manage, our public facing Internet presence is very small.  I have two /28 ranges assigned and I’m barely using half of those addresses as it is.  I predict that I won’t need any additional addresses anytime soon.  Internally, we are privately addressed and we have several legacy applications that will never be rewritten or patched to support IPv6.
Of course, I know that some of our newer servers and workstations are automatically establishing IPv6 addresses for themselves and we should be utilizing that by embracing the dual stack technology that’s built into our newer Windows machines.  If nothing else, I should have a better handle on what going on automatically when those machines connect to our network.
I also know that at some point we’ll need external IPv6 addresses on the ‘net, so others who are using the protocol can access our mail and web servers.  I’m sort of hoping that our ISP will contact me one day and say “Here! These IPv6 addresses are for you and this is what you do with them!”
Wishful thinking I know.  But right now, that’s all I can afford.

Don’t Miss Out on gogoNET Live! Videos

On Wednesday, I had the pleasure of doing the post-presentation interviews for the speakers at the gogoNET Live! IPv6 Conference. These short little chats should be posted at www.gogonetlive.com in the next few days and will give you a taste of what each presentation included and some tips for implementing IPv6.  Hopefully I’ll have some time in the next few weeks to listen to some of the full presentations (soon to be available as well), so here are few that will be on my list.

  • Bob Hiden, Check Point Fellow and Co-inventor of IPv6 – his presentation on why IPv6 was invented will give anyone a good overview of why IPv6 is a necessary move for anyone who uses or supports activities on the Internet.
  • Elise Gerich, Vice President of IANA and John Curran, President and CEO of ARIN – both spoke about the various aspects of the anatomy of IPv4 address depletion.  I’ve always been fascinated by the DNS and IP address infrastructures that make the internet work and you can’t get any closer to the source that with these industry executives.
  • Silvia Hagan, CEO of Sunny Connection – Silvia’s presentation was on how to convince your boss to make the move to IPv6. She’s also the author of the O’Reilly book on IPv6, so trust her ideas are good ones.
  • Jeremy Duncan, the Senior Director of IPv6 Network Services at Command Information – Jeremy focused on how to set up and get the most out of your test/lab network.  We all will have to start somewhere when it comes to learning about IPv6 and some good tips on getting your lab of the ground will go a long way.
  • Joe Klein, the Cyber Security Principal Architect at QinetiQ – IPv6 has many security features built right in.  Be sure to check out what Joe has to say about the features, changes and possibilities once IPv6 is well established. 

Special Note: As of this writing, the videos are not yet posted.  Make a note to check in a www.gogonetlive.com next week to see when they are available.