As we have already saw at a previews post, we can use the Service Endpoints to protect an Azure SQL Server inside an Azure Virtual Network. Today we will see how we can protect a Storage Account.
First we need to enable the Microsoft.Storage Service Endpoint to an existing Virtual Network or create a new Virtual Network and enable it. At this port I am creating a new Virtual Network, so at the Azure Portal press New and at the search box type “Virtual Network”.
Enter the name of the Virtual Network and all the required fields. The only difference is to click “Enable” at the Service Endpoints and select the “Microsoft.Storage”.
After the Virtual Network we can proceed with the Storage Account. Create a Storage Account by going to Azure Portal, press New, search for “Storage Account” and press Create. At the “Create storage account” blade enter all the required fields. The difference here is to click “Enable” at the “Virtual Networks” and select the Virtual Network that you have enabled “Service Endpoints” and select the desired subnet.
After the Storage Account creation, open the Storage Account and go to the “Firewall and virtual network” setting. and you will see that the selected Virtual Network and Subnet are configured and all other networks and the Internet access are forbidden.
Now if you go to the File Service of the Storage Account you will get an “Access Denied” message, since you are accessing from the Internet.
In order to access the Storage Account File Service (And all other services like blob) I created a Virtual Machine inside the Virtual Network and opened the Portal from it. Now I can access the Storage Account services.
Of course we can add our Public IP and access the Storage Account configuration, make the required changes and then remove it.
Also we can add / remove existing and new networks
Add multiple managed disks to Azure RM VM
In this post I have created a PowerShell script to help add multiple managed disks to an Azure RM Virtual Machine.
The script to add multiple managed disks will prompt you to login to an Azure RM account, then it will query the subscriptions and ask you to select the desired. After that it will query the available VMs and promt to select the target VM from the VM list.
At this point I am checking the OS disk and define the storage type of the data disk. If we need to change the storage type we can check the comments at step 4. e.g. If the OS disk is Premium and you want Standard data disks.
The next step is to ask for disk size. You can check the sizes and billing here: https://docs.microsoft.com/en-us/azure/virtual-machines/windows/managed-disks-overview#pricing-and-billing
Finally it will ask for the number of the disk we need to create. After this input the script will create the disks, attach them to the VM and update it.
# 1. You need to login to the Azure Rm Account
# 2. The script will query the Subscriptions that the login account has access and will promt the user to select the target Subscription from the drop down list
$subscription = Get-AzureRmSubscription | Out-GridView -Title "Select a Subscription" -PassThru
Select-AzureRmSubscription -SubscriptionId $subscription.Id
# 3. The script will query the available VMs and promt to select the target VM from the VM list
$vm = Get-AzureRmVM | Out-GridView -Title "Select the Virtual Machine to add Data Disks to" -PassThru
# 4. I set the storage type based on the OS disk. If you want to spesify somehting else you can cahnge this to: $storageType = StandardLRS or PremiumLRS etc.
$storageType = $VM.StorageProfile.OsDisk.ManagedDisk.StorageAccountType
# 5. The script will promt for disk size, in GB
$diskSizeinGB = Read-Host "Enter Size for each Data Disk in GB"
$diskConfig = New-AzureRmDiskConfig -AccountType $storageType -Location $vm.Location -CreateOption Empty -DiskSizeGB $diskSizeinGB
# 6. Enter how many data disks you need to create
$diskquantity = Read-Host "How many disks you need to create?"
for($i = 1; $i -le $diskquantity; $i++)
$diskName = $vm.Name + "-DataDisk-" + $i.ToString()
$DataDisk = New-AzureRmDisk -DiskName $diskName -Disk $diskConfig -ResourceGroupName $vm.ResourceGroupName
$lun = $i - 1
Add-AzureRmVMDataDisk -VM $vm -Name $DiskName -CreateOption Attach -ManagedDiskId $DataDisk.Id -Lun $lun
Update-AzureRmVM -VM $vm -ResourceGroupName $vm.ResourceGroupName