Azure Pack: Add a new user to a plan automatically

Update: It looks like SMA is not executing the script when a new Tenant is created, but rather when a subscription is added to the user.
Trying to get it confirmed from Microsoft if that is a bug that’s been introduced in one of the latest updates. See comments for more details.

Problem: When a new employee for TrueSec (our company) is logging into Azure Pack he has to be added to the “Tenants – TrueSec Employees” plan manually.

Solution: One way is to add a “signup code” to the plan and tell new employees to manually join the plan with that specific code. It could work, but does not feel like the most optimal solution.

The desired way would be if all new employees could be added to that plan automatically. Is that possible?
– Of course it is, with the help of SMA! Let me show one way to do this.

Pre-Requisits: Connection Asset, SMA Runbook, Link Runbook to a tasma_asset1sk.

In my case, I’m using the MgmtSvcAdmin asset which looks like this. But you can also create other types of Connections with working credentials. Just notice that you have to enter the name of the Admin Site server in the Asset, as the script will use that info. And the useraccount specified obviously need access to use the Admin site (to modify the subscriptions).

Add a new Runbook with the script below. In my case, I’m using ADFS to connect to the Admin site, so the script has to generate a ADFS token first.
if you are not using ADFS, you will have to modify the script to use a normal Windows authentication. It’s the most common way to authenticate, so there shouldn’t be any problems finding example code for.

Though, please note that the script is currently matching the new users e-mail address to (in our case) @truesec.com or @truesec.se. If you don’t use ADFS, it’s possible for a user to type any name they want during registration and then possibly get added to a plan they should not have access too.

And finally, add a new Automation Task, you do that under Clouds -> Automation.
Object: SPF Tenant
Action: Create
Runbook: New-Tenant

The script:

I hope this helps you automating things in your environment. If you can think of any other great usages for SMA or have need for automating something. Please make a comment, maybe I’ll be able to assist.

Azure Pack: SMA Script to set a Static MAC Address for New Virtual NICs

When a user is using AzurePack to add additional Virtual Network Adapters to a Virtual Machine, they end up with a Dynamic MAC Address. This is regardless of what the settings are in the VM Template that were used to create the VM. The NIC(s) created at deployment of the VM, will honor the setting in the Template. It’s just when additional NICs are added this happens.

vmnic1

We have had some issues with VM’s using Dynamic MAC Addresses, where they got a new MAC Address after migrating to another host, resulting in Linux machines being unhappy and som other servers getting new DHCP Addresses.

I figured that this could be an excellent task to get more familiar with SMA and use that cool feature of Azure Pack. So I made a script which will execute when a new Network Adapter is added to a VM through AzurePack, and will set the MAC Address to a Static entry and let SCVMM pick one from the pool.

You will need to create a new Runbook called New-NetworkAdapter with tag SPF, and paste the above code into that runbook.

sma1And also add a SMA Connection Asset, with credentials for connecting to SCVMM.
Name the connection VmmConnection. The script will look for a connection object called VmmConnection, use that Username + Password to connect to the SCVMM Server specified in the same connection object.
vmm1

And finally, create an Automated Task of this information. sma2

Please let me know if you find this useful, if you have any issues or suggestions on how to improve my script.

List all VM’s with a Dynamic MAC Address

Short, simple script to list all VM’s which has NIC’s with a Dynamic MAC Address set.

It will give a list of all VM’s and the number of VM’s in that list.
Small, simple and efficient.

Controlling my intrusion detection system (alarm) via Powershell!

I’ve recently invested in a alarm for my house, after quite a lot of research i finally went for Siemens SPC 5320 for all the cool features, it feels like one of the most modern alarms out there. As it can be controlled from the web, smartphone applications forĀ  iphone and android, usb, ethernet (ip) etc etc.

It’s more of a high-risk enterprise alarm, than a residence alarm as it got Grade 3 (and can have up to Grade 5) classification, making it usable for Banks and other high-risk objects, or to protect my geek lair (man-cave), son’s hideout, my wife’s gym, bedroom, the kitchen and other areas, also known as our home.

Another reason I bought that specific alarm is that a Swedish company called Lundix has recently released a Gateway that can talk with the Alarm and connect it to other systems. Or just execute things when specific triggers happen in the alarm. Like send a mail (to specific persons) when the Alarm goes off, or maybe notice the parents when a specific person arms or unarms the alarm, ie leaves and gets home from school.
It’s even possible to get noticed if that’s done outside the normal hours. For example if personnel in the store is late unarming the alarm, or arms it too early…

smart_home_integration3Summary: The SPC Web Gateway is providing a generic open web interface to Siemens SPC panels. The interface will simplify SPC integration with third party applications and products such as Home and Building Automation Systems, Smartphone Apps and Web applications. The Web API is using HTTP and REST principles (RESTful) for requests to SPC panel and WebSocket to reporting events from the SPC panel

And as the Gateway talks REST and WebSocket, it makes it possible to use Powershell! Looks how easy, cool, and smoth it is;

spcgateway

Next step is to add it to the new-user-creation workflow. So when a new user is created in AD, it will also create a user in the Alarm, generate a random PIN code and include that information in the Welcome Mail and SMS sent to new users.

Or possibly initiate a company wide erase of confidential data, in case of a Alarm. Anyone who can see that going wrong and causing problems? Especially as I saw some figures stating that more than 90% of all Alarms are false due to user error or indicator faults.

Well, I’ve just started playing around with it and if there is interest I’ll keep you posted on my progress and different automation scenarios i setup.

 

Recommended hotfixes for Windows Server

A great article listing all known issues and available hotfixes for Windows Server 2012 R2 Hyper-V Network Virtualization;

KB:2974503 – Recommended hotfixes, updates and known solutions for Windows Server 2012 and Windows Server 2012 R2 Hyper-V Network Virtualization (HNV) Environments
http://support.microsoft.com/kb/2974503/

Another fantastic source of information is Hyper-V.nu that always keeps a list to the latest updates for Windows Server (Cluster and Virtualization) here; http://www.hyper-v.nu/hotfixes/