With Network Watcher, you can specify the direction of your desired network connection test (inbound or outbound) and select the source or destination. This can be your current IP address, a specific IP address, or an Azure service tag. Then, you can choose the port you want to test from a list of commonly used services and ports that are already configured. If you can't find the service or port you need, you can specify a custom port and its corresponding protocol.
When you initiate the connection test by clicking on "check connection", Network Watcher will verify whether the port and protocol specified are permitted for inbound or outbound traffic to the virtual machine (VM).
However, it's worth noting that Connection Troubleshoot only checks if the traffic is allowed or blocked in the Network Security Group for the VM and corresponding subnet. Even if Connection Troubleshoot reports that the traffic is allowed, it may not work as expected. To get a more detailed version of the connection troubleshooter, there is a link available on the connection troubleshoot page.
Update Management with Azure Automation
In addition to managing regular updates, you may also be concerned about security patches for your virtual machines (VMs) and want to have greater control over their installation. Fortunately, there is an easier way to accomplish this than by setting up a System Center Configuration Manager (SCCM) server and configuring Windows Server Update Services (WSUS) on all your servers.
Azure Automation offers a solution called Update Management, which is a free feature that allows you to patch both your Windows and Linux servers. With Update Management, you can access a centralized page where you can enable the feature on selected VMs, check their compliance status, define a deployment schedule, and monitor deployment status.
Azure compute galleries for deploying application to VMs
When setting up a new virtual machine (VM), you may need to install an application to make it fully functional. With the recent changes made by Microsoft, the Shared Image Gallery is now known as Azure compute gallery. This updated service not only stores and shares images, but also allows you to do the same for application packages.
Using Azure compute gallery, you can take advantage of the following benefits:
• Grouping and versioning of application packages
• Controlling access through Azure Role-Based Access Control (RBAC)
• Installing packages from storage accounts without requiring a direct internet connection
• Automating deployment with a DeployIfNotExists policy
For instance, if you need to update the antivirus software on all your servers, you can create an application package in Azure Compute Gallery and use an Azure Policy to automatically deploy the software to the servers. This eliminates the need to RDP into each server and manually install or update the software.
Collect logs with Azure VM Inspector
It is important to know when troubleshooting an application or service is often to examine the logs on the server. In Azure, you can use the VM Inspector feature to collect event logs, configurations, settings, and registry keys from your VMs and view the resulting report directly in the portal. However, as of January 2022, VM Inspector is still in preview, so you'll need to enable the feature for your subscription.
Please note that Microsoft recommends against using preview features in production, and that the price of a service may change when it is made globally available.
There are several prerequisites for using VM Inspector. For example, your VM must have managed disks and these disks cannot be encrypted. Additionally, since the feature is still in preview, it may not be available in all regions.
Once you have enabled VM Inspector on your subscription and connected it to a storage account (either an existing one or a new one), you can create your first report. The resulting report will be stored as a zip file in the connected storage account.
When combined with the Run Command feature, VM Inspector allows you to troubleshoot and fix most configuration and other simple errors remotely, without having to log in to each server individually.
Manage sensitive data with Azure Key Vault
Azure Key Vault provides a solution for managing certificates and secrets, which can often be a difficult and thankless task. This can involve waking up early on a Sunday morning to update a certificate and facing the consequences on Monday when an undocumented application using that certificate becomes partially unavailable to users. However, by leveraging the capabilities of Azure Key Vault, much of this headache can be avoided.
Using Azure Key Vault, it is possible to generate, import, or purchase a managed certificate, which can be configured for automatic renewal. By installing the Azure Key Vault extension on VMs, new versions of the certificate can be automatically deployed to those VMs.
Conclusion
In this blog post we want to emphasize how Azure offers a variety of powerful tools and features that can greatly simplify the management and maintenance of virtual machines in the cloud. These tools can save time and effort for IT professionals and developers. By taking advantage of these features, users can ensure the security, performance, and reliability of their Azure VMs, and focus on more important aspects of their business.