Replace your bash terminal with zsh

The Mac or Linux shell can be replaced with zsh to open up a world of extra plugins, features and themes. And it’s a pretty nice UX/UI upgrade from bash tbh.

This post covers the installation and configuration required to set up a really nice zsh shell in your terminal. Your mileage may vary between different terminals, e.g. blackbox, gnome-terminal etc. Try opening different ones, once zsh is set up to see the differences, if any, and just stick with what works best for you.

Installation

sudo apt-get update && sudo apt-get install zsh

chsh -s $(which zsh)

sh -c "$(curl -fsSL https://raw.githubusercontent.com/ohmyzsh/ohmyzsh/master/tools/install.sh)"

mkdir -p ~/.local/share/fonts

cd ~/.local/share/fonts

curl -fLo "MesloLGS NF Regular.ttf" https://github.com/romkatv/powerlevel10k-media/raw/master/MesloLGS%20NF%20Regular.ttf

curl -fLo "MesloLGS NF Bold.ttf" https://github.com/romkatv/powerlevel10k-media/raw/master/MesloLGS%20NF%20Bold.ttf

curl -fLo "MesloLGS NF Italic.ttf" https://github.com/romkatv/powerlevel10k-media/raw/master/MesloLGS%20NF%20Italic.ttf

curl -fLo "MesloLGS NF Bold Italic.ttf" https://github.com/romkatv/powerlevel10k-media/raw/master/MesloLGS%20NF%20Bold%20Italic.ttf

fc-cache -fv

In your terminal of choice, replace the default font with "MesloLGS NF"

git clone --depth=1 https://github.com/romkatv/powerlevel10k.git ${ZSH_CUSTOM:-$HOME/.oh-my-zsh/custom}/themes/powerlevel10k

vi ~/.zshrc

Find and Edit the line: ZSH_THEME="powerlevel10k/powerlevel10k", save and exit vi.

source ~/.zshrc

Powerlevel10K Theme for Zsh

p10k has a number of customisable prompt elements. You will be prompted by a wizard upon first execution of the theme and it will run through various options/choices to create the .p10k.zsh config file sourced by your .zshrc file.

vi ~/.p10k.zsh and edit the left and right prompt elements contained in the following two sections.

typeset -g POWERLEVEL9K_LEFT_PROMPT_ELEMENTS=(
  os_icon
  dir
  vcs
  ...
)

typeset -g POWERLEVEL9K_RIGHT_PROMPT_ELEMENTS=(
  status
  command_execution_time
  background_jobs
  ...
)

After any changes, 

source ~/.p10k.zsh

Add syntax highlighting and auto suggestion

git clone https://github.com/zsh-users/zsh-autosuggestions ${ZSH_CUSTOM:-~/.oh-my-zsh/custom}/plugins/zsh-autosuggestions

git clone https://github.com/zsh-users/zsh-syntax-highlighting.git ${ZSH_CUSTOM:-~/.oh-my-zsh/custom}/plugins/zsh-syntax-highlighting

Autocorrection exemptions
If you make a mistake, zsh will offer a correction.  If you have certain commands or worlds that are repeatedly prompted with autocorrection options, you can add them to the exemption list in ~/.oh-my-zsh/lib/correction

Find and edit the load plugins line in ~/.zshrc
plugins=(git zsh-autosuggestions zsh-syntax-highlighting)

source ~/.zshrc



If you're happy everything works, replace your default shell in /etc/passwd for your user to /usr/bin/zsh

Prompt Elements

  1. os_icon: Operating system icon.
  2. dir: Current directory.
  3. vcs: Version control system (e.g., Git status).
  4. prompt_char: Prompt character.
  5. status: Exit status of the last command.
  6. command_execution_time: Duration of the last command.
  7. background_jobs: Indicator for background jobs.
  8. history: Command history number.
  9. time: Current time.
  10. date: Current date.
  11. battery: Battery status.
  12. user: Current user.
  13. hostname: Hostname of the machine.
  14. ip: IP address.
  15. load: System load.
  16. disk_usage: Disk usage.
  17. ram: RAM usage.
  18. swap: Swap usage.
  19. cpu: CPU usage.
  20. kubecontext: Kubernetes context.
  21. node_version: Node.js version.
  22. python_version: Python version.
  23. ruby_version: Ruby version.
  24. go_version: Go version.
  25. php_version: PHP version.
  26. java_version: Java version.
  27. aws: AWS profile.
  28. azure: Azure account.
  29. gcloud: Google Cloud account.
  30. terraform: Terraform workspace.
  31. nix_shell: Nix shell.
  32. context: Context (e.g., user@hostname).
Did you like this?
Tip cyberfella with Cryptocurrency

Donate Bitcoin to cyberfella

Scan to Donate Bitcoin to cyberfella
Scan the QR code or copy the address below into your wallet to send some bitcoin:

Donate Bitcoin Cash to cyberfella

Scan to Donate Bitcoin Cash to cyberfella
Scan the QR code or copy the address below into your wallet to send bitcoin:

Donate Ethereum to cyberfella

Scan to Donate Ethereum to cyberfella
Scan the QR code or copy the address below into your wallet to send some Ether:

Donate Litecoin to cyberfella

Scan to Donate Litecoin to cyberfella
Scan the QR code or copy the address below into your wallet to send some Litecoin:

Donate Monero to cyberfella

Scan to Donate Monero to cyberfella
Scan the QR code or copy the address below into your wallet to send some Monero:

Donate ZCash to cyberfella

Scan to Donate ZCash to cyberfella
Scan the QR code or copy the address below into your wallet to send some ZCash:

Make your bash prompt look like Kali Linux’s

Running Kali as a daily driver is doable since it’s Debian Linux, but is it suitable or really necessary. No. Not really. You should have a dedicated laptop for running it and only run it to use the tools when ethical or approved to do so.

But there are some features in the Kali UX that you might want to see in your daily driver distro.

One of these features for me is the zsh prompt. I really like the Kali prompt but I use bash.

To make your Linux bash prompt look like the zsh one in Kali Linux, you need to customize the Bash prompt by modifying the .bashrc file in your home directory. The Kali Linux terminal prompt is typically configured to display the username, hostname, and current working directory with specific colors and formats. Here’s how you can achieve a similar look:

Open the Terminal:
Open your terminal on your Linux distribution.

Edit the .bashrc File:
Use a text editor to open the .bashrc file in your home directory. You can use nano, vim, or any other text editor you prefer. Here, we will use nano:

nano ~/.bashrc

Modify the PS1 Variable:
Find the line that defines the PS1 variable. It might look something like this:

PS1=’${debian_chroot:+($debian_chroot)}\u@\h:\w\$ ‘
Comment it out (never delete anything!) with a hash and replace it with the following configuration to mimic the Kali Linux prompt:

#PS1=’${debian_chroot:+($debian_chroot)}\u@\h:\w\$ ‘
PS1='[\033[01;32m]\u@\h[\033[00m]:[\033[01;34m]\w[\033[00m]\$ ‘

Another example I found on the web looks like this. Try it out.

PS1=”\033[38;5;209m]┌──[\033[38;5;141m]\u\033[38;5;209m]:\033[38;5;105m]\h\033[38;5;231m]\W\033[38;5;209m]]\n\033[38;5;209m]└─\[\033[38;5;209m]$[\033[37m] “

Finally, here’s one I made. Retain the original PS1 line you commented out, then try appending it to your .bashrc file.

PROMPT_COMMAND=’PS1_CMD1=$(ip route get 1.1.1.1 | awk -F”src ” ‘”‘”‘NR == 1{ split($2, a,” “);print a[1]}'”‘”‘)’; PS1=’\[\e[38;5;191;2m\]Exit status: \[\e[22;7m\]$?\[\e[0m\] \[\e[38;5;202;2m\]${PS1_CMD1}\n\[\e[0;38;5;64;53m\]\d \[\e[38;5;155;2m\]\t\[\e[0m\] \[\e[38;5;202;1;53m\]\u\[\e[22;2;2m\]@\[\e[22m\]\H\[\e[0m\] \n\[\e[38;5;46;2m\]\[\e[38;5;246;4;53m\]\w\[\e[0m\] \n\[\e[38;5;249m\]\$\[\e[0m\]’

Note: You can limit the number of components in the working directory path by setting the PROMPT_DIRTRIM environment variable in your ~/.bashrc file. This is worth doing if you work with exceptionally deep directory paths.

Here’s what each part of this configuration does:

[\033[01;32m]: Sets the color to green.
\u: Displays the username.
@: Adds the “@” character.
\h: Displays the hostname.
[\033[00m]: Resets the color.
:: Adds a colon character.
[\033[01;34m]: Sets the color to blue.
\w: Displays the current working directory.
[\033[00m]: Resets the color.
\$ : Adds the dollar sign for normal users or a hash for the root user, followed by a space.
Save the Changes:
Save the changes in nano by pressing Ctrl+O, then Enter, and exit by pressing Ctrl+X.

Apply the Changes:
To apply the changes you made to the .bashrc file, either close and reopen the terminal or source the .bashrc file:


source ~/.bashrc
After completing these steps, your terminal prompt should look similar to the one in Kali Linux, displaying the username, hostname, and current working directory with the specified colors.

This cool little website allows you to generate custom PS1 prompts for bash that contain just the elements you want. Alternatively, just install zsh and enjoy the additional features that come with it.

Did you like this?
Tip cyberfella with Cryptocurrency

Donate Bitcoin to cyberfella

Scan to Donate Bitcoin to cyberfella
Scan the QR code or copy the address below into your wallet to send some bitcoin:

Donate Bitcoin Cash to cyberfella

Scan to Donate Bitcoin Cash to cyberfella
Scan the QR code or copy the address below into your wallet to send bitcoin:

Donate Ethereum to cyberfella

Scan to Donate Ethereum to cyberfella
Scan the QR code or copy the address below into your wallet to send some Ether:

Donate Litecoin to cyberfella

Scan to Donate Litecoin to cyberfella
Scan the QR code or copy the address below into your wallet to send some Litecoin:

Donate Monero to cyberfella

Scan to Donate Monero to cyberfella
Scan the QR code or copy the address below into your wallet to send some Monero:

Donate ZCash to cyberfella

Scan to Donate ZCash to cyberfella
Scan the QR code or copy the address below into your wallet to send some ZCash:

DELL/EMC Networker Backup Check Guide

Introduction

This post compliments the Networker Cheat Sheet here that was originally written in 2012 and maintained for a few years before moving on to other things.

This fresh take on checking backups in EMC’s Networker product has been initially generated by ChatGPT 4o and will be maintained manually, going forward.

It compliments the original Cheat Sheet, or rather the Cheat Sheet compliments it, since it contains the finer technical detail surrounding each of the steps described at a high level, below.

Both will continue to be maintained as deemed necessary/valuable.

EMC NetWorker Backup Check Guide
This guide provides a detailed process for an engineer to check and verify EMC NetWorker backups, ensuring data protection and recovery readiness.

Prerequisites
Access and Permissions:

Ensure you have appropriate permissions to access the EMC NetWorker server and relevant systems.
Familiarize yourself with the NetWorker Management Console (NMC) and command-line interface (CLI).

Software Requirements:

EMC NetWorker installed on the server.
EMC NetWorker Management Console (NMC).
Access to client machines if needed.

Documentation:

Backup schedules and policies.
List of critical systems and data to be backed up.
Contact information for the IT team and stakeholders.

Steps to Check EMC NetWorker Backups

Backup clients are configured within Backup Groups. Schedules are configured within Workflows.
Groups and Workflows are added to Policies.
Backup Clients, Groups, Schedules, Workflows and Policies


1. Verify Backup Schedules and Policies
Ensure that the backup schedules and policies are correctly configured:

Open the NMC and navigate to “Configuration.”
Check “Groups” for correct scheduling.
Review “Policies” and “Workflows” to ensure all critical data is included.

2. Monitor Recent Backup Activities
Using NMC:

Go to the “Monitoring” tab.
Select “Completed Jobs” to see recent backup activities.
Check for any failed or incomplete jobs.

Using CLI:

Open a terminal and use the mminfo command:

mminfo -avot -r "client-name,level,sscomp,totalsize,ssflags" -q "savetime>=24 hours ago"

Open a terminal and use the nsrwatch command:

nsrwatch

Review the output from mminfo and the live output in nsrwatch for any errors or issues with Uptime (server uptime), Devices (backup data storage devices), Write Completion (save sets completed, writing, 0 bytes, i.e. hung)

3. Validate Backup Completeness
Check Backup Logs:

In the NMC, navigate to “Monitoring” > “Logs.”
Review logs for errors or warnings related to backup jobs.
Using CLI:

Use the nsrinfo command to validate backup details for a specific client:

nsrinfo <client_name>

Confirm that all expected files and directories are listed.

4. Test Backup Recovery
Perform regular test recoveries to ensure data can be restored when needed:

Identify a non-critical system or a test environment for recovery.
In NMC, select “Recover” and follow the wizard to restore data.
Verify the integrity and completeness of the recovered data.

5a. Check Storage Utilization
Ensure there is sufficient storage space for backups:

In NMC, go to “Media” > “Media Management.”
Check the status and available space on storage devices.
Monitor tape or disk usage to prevent overflow.

5b. Check DataDomain Health/Capacity

The following list of commands are useful when checking the health of the DataDomain Storage Devices providing the storage media to the Networker backup servers.

enclosure show summary

net show settings

alerts show current

alerts show history

alerts clear alert-id "<alertID>"

user show list

user enable ddboost

disk show hardware

disk show state

disk fail/unfail

filesys show space

6. Review Alerts and Notifications
Configure and review alerts to stay informed about backup issues:

In NMC, navigate to “Configuration” > “Alerts.”
Set up notifications for backup failures, low storage, and other critical events.
Regularly check email or other configured notification channels.

7. Document and Report Findings
Create a Backup Status Report:

Summarize the status of recent backups.
Highlight any issues, errors, or anomalies.
Document actions taken to resolve issues.
Share with Stakeholders:

Distribute the report to relevant IT staff and management.
Schedule meetings to discuss any significant issues or improvements needed.

8. Perform Regular Maintenance
Update Software:

Ensure EMC NetWorker and any related software are up to date with the latest patches and updates.


Review and Adjust Policies:

Periodically review backup policies to adapt to changes in data volume or criticality.

9. Troubleshooting Common Issues
Failed Backups:

Check logs for specific error messages.
Ensure the client is reachable and has enough resources.
Verify network connectivity between the NetWorker server and clients.

Slow Backup Performance:

Monitor network bandwidth and server performance.
Optimize backup schedules to avoid peak usage times.
Verify that storage devices are functioning correctly.

Storage Space Issues:

Review retention policies to ensure data is not retained longer than necessary.
Add additional storage capacity if needed.

Conclusion
Regular checks and maintenance of EMC NetWorker backups are crucial for ensuring data integrity and availability. By following this guide, you can systematically verify backup schedules, monitor activities, validate backup completeness, test recovery processes, and maintain overall backup health. Always document findings and communicate with stakeholders to ensure transparency and readiness for data recovery.

For detailed command references and advanced troubleshooting, refer to the EMC NetWorker documentation and support resources.

Did you like this?
Tip cyberfella with Cryptocurrency

Donate Bitcoin to cyberfella

Scan to Donate Bitcoin to cyberfella
Scan the QR code or copy the address below into your wallet to send some bitcoin:

Donate Bitcoin Cash to cyberfella

Scan to Donate Bitcoin Cash to cyberfella
Scan the QR code or copy the address below into your wallet to send bitcoin:

Donate Ethereum to cyberfella

Scan to Donate Ethereum to cyberfella
Scan the QR code or copy the address below into your wallet to send some Ether:

Donate Litecoin to cyberfella

Scan to Donate Litecoin to cyberfella
Scan the QR code or copy the address below into your wallet to send some Litecoin:

Donate Monero to cyberfella

Scan to Donate Monero to cyberfella
Scan the QR code or copy the address below into your wallet to send some Monero:

Donate ZCash to cyberfella

Scan to Donate ZCash to cyberfella
Scan the QR code or copy the address below into your wallet to send some ZCash:

Linux Digital Clock Format (strftime)

To display seconds on the Raspberry Pi OS digital clock, you need to modify the clock settings on the taskbar. Here are the steps to achieve that:

Raspberry Pi OS Digital Clock Settings
  1. Accessing the Clock Settings: a. Right-click on the clock at the top-right corner of the Raspberry Pi OS desktop. b. From the context menu, select ‘Digital Clock Settings’ or a similar option (the name might vary slightly based on the version of Raspberry Pi OS you’re using).
  2. Adjusting Clock Format: a. In the Digital Clock Settings window, find the field named ‘Clock Format’ or ‘Format’. b. This field determines how the time is displayed. You’ll typically see some format strings like %H:%M which stands for Hour:Minute in 24-hour format. c. To add seconds, modify the string to %H:%M:%S. The %S denotes seconds. d. Once done, click ‘OK’ or ‘Apply’ to save the changes.
  3. The digital clock on your taskbar should now display hours, minutes, and seconds.

Note: The format strings are based on the strftime function format. You can further customize the time and date format using various codes. If you’re interested, you can look up strftime format codes online for more details.

The strftime function in the C programming language provides a way to format time and date. It’s used in various systems and software, and many programming languages provide similar functionality based on the C’s strftime.

Here’s a list of common strftime codes:

  • %a : Abbreviated weekday name (e.g., Wed).
  • %A : Full weekday name (e.g., Wednesday).
  • %b : Abbreviated month name (e.g., Jan).
  • %B : Full month name (e.g., January).
  • %c : Locale’s appropriate date and time representation.
  • %C : Century (year divided by 100, range 00 to 99).
  • %d : Day of the month as a zero-padded decimal number (e.g., 01 to 31).
  • %D : Equivalent to %m/%d/%y (e.g., 04/08/21).
  • %e : Day of the month as a space-padded number (e.g., 1 to 31).
  • %F : Equivalent to %Y-%m-%d (e.g., 2021-04-08).
  • %H : Hour (24-hour clock) as a zero-padded decimal number (e.g., 00 to 23).
  • %I : Hour (12-hour clock) as a zero-padded decimal number (e.g., 01 to 12).
  • %j : Day of the year as a zero-padded decimal number (e.g., 001 to 366).
  • %m : Month as a zero-padded decimal number (e.g., 01 to 12).
  • %M : Minute as a zero-padded decimal number (e.g., 00 to 59).
  • %p : Locale’s equivalent of either AM or PM.
  • %r : Time in AM or PM notation (e.g., 08:08:08 PM).
  • %R : Equivalent to %H:%M.
  • %S : Second as a zero-padded decimal number (e.g., 00 to 59).
  • %T : Equivalent to %H:%M:%S.
  • %u : Weekday as a number, where Monday is 1 and Sunday is 7.
  • %U : Week number of the year (Sunday as the first day of the week) as a zero-padded decimal number.
  • %V : ISO 8601 week number of the year with Monday as the first day of the week.
  • %w : Weekday as a decimal number, where Sunday is 0 and Saturday is 6.
  • %W : Week number of the year (Monday as the first day of the week).
  • %x : Locale’s appropriate date representation.
  • %X : Locale’s appropriate time representation.
  • %y : Last two digits of the year (e.g., 21 for 2021).
  • %Y : Full year (e.g., 2021).
  • %z : UTC offset in the form +HHMM or -HHMM.
  • %% : A literal % character.

You can combine these codes in various ways to create custom date and time formats. For example, %A, %B %d, %Y would produce “Wednesday, April 08, 2021”.

Did you like this?
Tip cyberfella with Cryptocurrency

Donate Bitcoin to cyberfella

Scan to Donate Bitcoin to cyberfella
Scan the QR code or copy the address below into your wallet to send some bitcoin:

Donate Bitcoin Cash to cyberfella

Scan to Donate Bitcoin Cash to cyberfella
Scan the QR code or copy the address below into your wallet to send bitcoin:

Donate Ethereum to cyberfella

Scan to Donate Ethereum to cyberfella
Scan the QR code or copy the address below into your wallet to send some Ether:

Donate Litecoin to cyberfella

Scan to Donate Litecoin to cyberfella
Scan the QR code or copy the address below into your wallet to send some Litecoin:

Donate Monero to cyberfella

Scan to Donate Monero to cyberfella
Scan the QR code or copy the address below into your wallet to send some Monero:

Donate ZCash to cyberfella

Scan to Donate ZCash to cyberfella
Scan the QR code or copy the address below into your wallet to send some ZCash:

Performance benchmarking with hashcat and sysbench

You can compare performance between linux systems using hashcat.

Install using sudo apt-get install hashcat

Run with hashcat -b

A series of cryptographic hashing algorithms are run and the resulting hashes/second reported.

Example output from LG Gram 17 laptop:

hashcat benchmark LG Gram 17

Example output from Raspberry Pi 4 Model B (8GB)

hashcat benchmark Raspberry Pi 4 Model B (8GB)

Before using sysbench, first you need to determine the number of CPU cores in your system.

Two ways to do this, either grep -c ^processor /proc/cpu or lscpu

Determine the number of CPU Cores

Then sysbench cpu –threads=4 run replacing 4 with the number of cores in your system, e.g. on Raspberry Pi 4 Model B…

sysbench cpu benchmark tool

On a LG Gram 17 laptop,

LG Gram 17 16 Cores
LG Gram 17
Did you like this?
Tip cyberfella with Cryptocurrency

Donate Bitcoin to cyberfella

Scan to Donate Bitcoin to cyberfella
Scan the QR code or copy the address below into your wallet to send some bitcoin:

Donate Bitcoin Cash to cyberfella

Scan to Donate Bitcoin Cash to cyberfella
Scan the QR code or copy the address below into your wallet to send bitcoin:

Donate Ethereum to cyberfella

Scan to Donate Ethereum to cyberfella
Scan the QR code or copy the address below into your wallet to send some Ether:

Donate Litecoin to cyberfella

Scan to Donate Litecoin to cyberfella
Scan the QR code or copy the address below into your wallet to send some Litecoin:

Donate Monero to cyberfella

Scan to Donate Monero to cyberfella
Scan the QR code or copy the address below into your wallet to send some Monero:

Donate ZCash to cyberfella

Scan to Donate ZCash to cyberfella
Scan the QR code or copy the address below into your wallet to send some ZCash:

Working with QR Codes

Consider this a crash course in working with QR codes on Linux.

A QR code is an image that represents a URL. It can be quickly and conveniently scanned by the camera on a mobile device to open the link, rather than having to type it in manually.

The following packages will need to be installed.

sudo apt-get install qrencode zbarimg feh 

Creating a QR Code

qrencode -o "./cyberfella.png" "https://www.cyberfella.co.uk" 

Viewing a QR Code

feh ./cyberfella.png

Reading a QR Code

zbarimg ./cyberfella.png

Did you like this?
Tip cyberfella with Cryptocurrency

Donate Bitcoin to cyberfella

Scan to Donate Bitcoin to cyberfella
Scan the QR code or copy the address below into your wallet to send some bitcoin:

Donate Bitcoin Cash to cyberfella

Scan to Donate Bitcoin Cash to cyberfella
Scan the QR code or copy the address below into your wallet to send bitcoin:

Donate Ethereum to cyberfella

Scan to Donate Ethereum to cyberfella
Scan the QR code or copy the address below into your wallet to send some Ether:

Donate Litecoin to cyberfella

Scan to Donate Litecoin to cyberfella
Scan the QR code or copy the address below into your wallet to send some Litecoin:

Donate Monero to cyberfella

Scan to Donate Monero to cyberfella
Scan the QR code or copy the address below into your wallet to send some Monero:

Donate ZCash to cyberfella

Scan to Donate ZCash to cyberfella
Scan the QR code or copy the address below into your wallet to send some ZCash:

Hybrid Cloud – Azure Cloud Management Infrastructure

The management infrastructure includes Azure resources and resource groups, subscriptions, and accounts. Understanding the hierarchical organization will help you plan your projects and products within Azure.

Azure resources and resource groups

A resource is the basic building block of Azure. Anything you create, provision, deploy, etc. is a resource. Virtual Machines (VMs), virtual networks, databases, cognitive services, etc. are all considered resources within Azure.

Resource groups are simply groupings of resources. When you create a resource, you’re required to place it into a resource group. While a resource group can contain many resources, a single resource can only be in one resource group at a time. Some resources may be moved between resource groups, but when you move a resource to a new group, it will no longer be associated with the former group. Additionally, resource groups can’t be nested, meaning you can’t put resource group B inside of resource group A.

Resource groups provide a convenient way to group resources together. When you apply an action to a resource group, that action will apply to all the resources within the resource group. If you delete a resource group, all the resources will be deleted. If you grant or deny access to a resource group, you’ve granted or denied access to all the resources within the resource group.

When you’re provisioning resources, it’s good to think about the resource group structure that best suits your needs.

For example, if you’re setting up a temporary dev environment, grouping all the resources together means you can deprovision all of the associated resources at once by deleting the resource group. If you’re provisioning compute resources that will need three different access schemas, it may be best to group resources based on the access schema, and then assign access at the resource group level.

There aren’t hard rules about how you use resource groups, so consider how to set up your resource groups to maximize their usefulness for you.

Azure subscriptions

In Azure, subscriptions are a unit of management, billing, and scale. Similar to how resource groups are a way to logically organize resources, subscriptions allow you to logically organize your resource groups and facilitate billing.

Azure Subscriptions

Using Azure requires an Azure subscription. A subscription provides you with authenticated and authorized access to Azure products and services. It also allows you to provision resources. An Azure subscription links to an Azure account, which is an identity in Azure Active Directory (Azure AD) or in a directory that Azure AD trusts.

An account can have multiple subscriptions, but it’s only required to have one. In a multi-subscription account, you can use the subscriptions to configure different billing models and apply different access-management policies. You can use Azure subscriptions to define boundaries around Azure products, services, and resources. There are two types of subscription boundaries that you can use:

  • Billing boundary: This subscription type determines how an Azure account is billed for using Azure. You can create multiple subscriptions for different types of billing requirements. Azure generates separate billing reports and invoices for each subscription so that you can organize and manage costs.
  • Access control boundary: Azure applies access-management policies at the subscription level, and you can create separate subscriptions to reflect different organizational structures. An example is that within a business, you have different departments to which you apply distinct Azure subscription policies. This billing model allows you to manage and control access to the resources that users provision with specific subscriptions.

Create additional Azure subscriptions

Similar to using resource groups to separate resources by function or access, you might want to create additional subscriptions for resource or billing management purposes. For example, you might choose to create additional subscriptions to separate:

  • Environments: You can choose to create subscriptions to set up separate environments for development and testing, security, or to isolate data for compliance reasons. This design is particularly useful because resource access control occurs at the subscription level.
  • Organizational structures: You can create subscriptions to reflect different organizational structures. For example, you could limit one team to lower-cost resources, while allowing the IT department a full range. This design allows you to manage and control access to the resources that users provision within each subscription.
  • Billing: You can create additional subscriptions for billing purposes. Because costs are first aggregated at the subscription level, you might want to create subscriptions to manage and track costs based on your needs. For instance, you might want to create one subscription for your production workloads and another subscription for your development and testing workloads.

Azure management groups

The final piece is the management group. Resources are gathered into resource groups, and resource groups are gathered into subscriptions. If you’re just starting in Azure that might seem like enough hierarchy to keep things organized. But imagine if you’re dealing with multiple applications, multiple development teams, in multiple geographies.

If you have many subscriptions, you might need a way to efficiently manage access, policies, and compliance for those subscriptions. Azure management groups provide a level of scope above subscriptions. You organize subscriptions into containers called management groups and apply governance conditions to the management groups. All subscriptions within a management group automatically inherit the conditions applied to the management group, the same way that resource groups inherit settings from subscriptions and resources inherit from resource groups. Management groups give you enterprise-grade management at a large scale, no matter what type of subscriptions you might have. Management groups can be nested.

Management group, subscriptions, and resource group hierarchy

You can build a flexible structure of management groups and subscriptions to organize your resources into a hierarchy for unified policy and access management. The following diagram shows an example of creating a hierarchy for governance by using management groups.

Nested Management Groups

Some examples of how you could use management groups might be:

  • Create a hierarchy that applies a policy. You could limit VM locations to the US West Region in a group called Production. This policy will inherit onto all the subscriptions that are descendants of that management group and will apply to all VMs under those subscriptions. This security policy can’t be altered by the resource or subscription owner, which allows for improved governance.
  • Provide user access to multiple subscriptions. By moving multiple subscriptions under a management group, you can create one Azure role-based access control (Azure RBAC) assignment on the management group. Assigning Azure RBAC at the management group level means that all sub-management groups, subscriptions, resource groups, and resources underneath that management group would also inherit those permissions. One assignment on the management group can enable users to have access to everything they need instead of scripting Azure RBAC over different subscriptions.

Important facts about management groups:

  • 10,000 management groups can be supported in a single directory.
  • A management group tree can support up to six levels of depth. This limit doesn’t include the root level or the subscription level.
  • Each management group and subscription can support only one parent.
Did you like this?
Tip cyberfella with Cryptocurrency

Donate Bitcoin to cyberfella

Scan to Donate Bitcoin to cyberfella
Scan the QR code or copy the address below into your wallet to send some bitcoin:

Donate Bitcoin Cash to cyberfella

Scan to Donate Bitcoin Cash to cyberfella
Scan the QR code or copy the address below into your wallet to send bitcoin:

Donate Ethereum to cyberfella

Scan to Donate Ethereum to cyberfella
Scan the QR code or copy the address below into your wallet to send some Ether:

Donate Litecoin to cyberfella

Scan to Donate Litecoin to cyberfella
Scan the QR code or copy the address below into your wallet to send some Litecoin:

Donate Monero to cyberfella

Scan to Donate Monero to cyberfella
Scan the QR code or copy the address below into your wallet to send some Monero:

Donate ZCash to cyberfella

Scan to Donate ZCash to cyberfella
Scan the QR code or copy the address below into your wallet to send some ZCash:

Hybrid Cloud – Azure Cloud Physical Infrastructure

Physical infrastructure

The physical infrastructure for Azure starts with datacenters. Conceptually, the datacenters are the same as large corporate datacenters. They’re facilities with resources arranged in racks, with dedicated power, cooling, and networking infrastructure.

As a global cloud provider, Azure has datacenters around the world. However, these individual datacenters aren’t directly accessible. Datacenters are grouped into Azure Regions or Azure Availability Zones that are designed to help you achieve resiliency and reliability for your business-critical workloads.

The Global infrastructure site gives you a chance to interactively explore the underlying Azure infrastructure.

Regions

A region is a geographical area on the planet that contains at least one, but potentially multiple datacenters that are nearby and networked together with a low-latency network. Azure intelligently assigns and controls the resources within each region to ensure workloads are appropriately balanced.

When you deploy a resource in Azure, you’ll often need to choose the region where you want your resource deployed.

Some services or virtual machine (VM) features are only available in certain regions, such as specific VM sizes or storage types. There are also some global Azure services that don’t require you to select a particular region, such as Azure Active Directory, Azure Traffic Manager, and Azure DNS.

Availability Zones

Availability zones are physically separate datacenters within an Azure region. Each availability zone is made up of one or more datacenters equipped with independent power, cooling, and networking. An availability zone is set up to be an isolation boundary. If one zone goes down, the other continues working. Availability zones are connected through high-speed, private fiber-optic networks.

Availability Zones in a Region

To ensure resiliency, a minimum of three separate availability zones are present in all availability zone-enabled regions. However, not all Azure Regions currently support availability zones.

Use availability zones in your apps

You want to ensure your services and data are redundant so you can protect your information in case of failure. When you host your infrastructure, setting up your own redundancy requires that you create duplicate hardware environments. Azure can help make your app highly available through availability zones.

You can use availability zones to run mission-critical applications and build high-availability into your application architecture by co-locating your compute, storage, networking, and data resources within an availability zone and replicating in other availability zones. Keep in mind that there could be a cost to duplicating your services and transferring data between availability zones.

Availability zones are primarily for VMs, managed disks, load balancers, and SQL databases. Azure services that support availability zones fall into three categories:

  • Zonal services: You pin the resource to a specific zone (for example, VMs, managed disks, IP addresses).
  • Zone-redundant services: The platform replicates automatically across zones (for example, zone-redundant storage, SQL Database).
  • Non-regional services: Services are always available from Azure geographies and are resilient to zone-wide outages as well as region-wide outages.

Even with the additional resiliency that availability zones provide, it’s possible that an event could be so large that it impacts multiple availability zones in a single region. To provide even further resilience, Azure has Region Pairs.

Region pairs

Most Azure regions are paired with another region within the same geography (such as US, Europe, or Asia) at least 300 miles away. This approach allows for the replication of resources across a geography that helps reduce the likelihood of interruptions because of events such as natural disasters, civil unrest, power outages, or physical network outages that affect an entire region. For example, if a region in a pair was affected by a natural disaster, services would automatically fail over to the other region in its region pair.

Not all Azure services automatically replicate data or automatically fall back from a failed region to cross-replicate to another enabled region. In these scenarios, recovery and replication must be configured by the customer.

Examples of region pairs in Azure are West US paired with East US and South-East Asia paired with East Asia. Because the pair of regions are directly connected and far enough apart to be isolated from regional disasters, you can use them to provide reliable services and data redundancy.

Region Pairs

Additional advantages of region pairs:

  • If an extensive Azure outage occurs, one region out of every pair is prioritized to make sure at least one is restored as quickly as possible for applications hosted in that region pair.
  • Planned Azure updates are rolled out to paired regions one region at a time to minimize downtime and risk of application outage.
  • Data continues to reside within the same geography as its pair (except for Brazil South) for tax- and law-enforcement jurisdiction purposes.

Most directions are paired in two directions, meaning they are the backup for the region that provides a backup for them (West US and East US back each other up). However, some regions, such as West India and Brazil South, are paired in only one direction. In a one-direction pairing, the Primary region does not provide backup for its secondary region. So, even though West India’s secondary region is South India, South India does not rely on West India. West India’s secondary region is South India, but South India’s secondary region is Central India. Brazil South is unique because it’s paired with a region outside of its geography. Brazil South’s secondary region is South Central US. The secondary region of South Central US isn’t Brazil South.

Sovereign Regions

In addition to regular regions, Azure also has sovereign regions. Sovereign regions are instances of Azure that are isolated from the main instance of Azure. You may need to use a sovereign region for compliance or legal purposes.

Azure sovereign regions include:

  • US DoD Central, US Gov Virginia, US Gov Iowa and more: These regions are physical and logical network-isolated instances of Azure for U.S. government agencies and partners. These datacenters are operated by screened U.S. personnel and include additional compliance certifications.
  • China East, China North, and more: These regions are available through a unique partnership between Microsoft and 21Vianet, whereby Microsoft doesn’t directly maintain the datacenters.
Did you like this?
Tip cyberfella with Cryptocurrency

Donate Bitcoin to cyberfella

Scan to Donate Bitcoin to cyberfella
Scan the QR code or copy the address below into your wallet to send some bitcoin:

Donate Bitcoin Cash to cyberfella

Scan to Donate Bitcoin Cash to cyberfella
Scan the QR code or copy the address below into your wallet to send bitcoin:

Donate Ethereum to cyberfella

Scan to Donate Ethereum to cyberfella
Scan the QR code or copy the address below into your wallet to send some Ether:

Donate Litecoin to cyberfella

Scan to Donate Litecoin to cyberfella
Scan the QR code or copy the address below into your wallet to send some Litecoin:

Donate Monero to cyberfella

Scan to Donate Monero to cyberfella
Scan the QR code or copy the address below into your wallet to send some Monero:

Donate ZCash to cyberfella

Scan to Donate ZCash to cyberfella
Scan the QR code or copy the address below into your wallet to send some ZCash:

Hybrid Cloud – Azure Free Account and Cloud Shell

What is the Azure free account?

The Azure free account includes:

  • Free access to popular Azure products for 12 months.
  • A $200 credit to use for the first 30 days.
  • Access to more than 25 products that are always free.

The Azure free account is an excellent way for new users to get started and explore. To sign up, you need a phone number, a credit card, and a Microsoft or GitHub account. The credit card information is used for identity verification only. You won’t be charged for any services until you upgrade to a paid subscription.

azure.microsoft.com/free

What is the Microsoft Learn sandbox?

Many of the Learn exercises use a technology called the sandbox, which creates a temporary subscription that’s added to your Azure account. This temporary subscription allows you to create Azure resources during a Learn module. Learn automatically cleans up the temporary resources for you after you’ve completed the module.

When you’re completing a Learn module, you’re welcome to use your personal subscription to complete the exercises in a module. However, the sandbox is the preferred method to use because it allows you to create and test Azure resources at no cost to you.

Accept permissions to create Azure resources on your behalf on your Azure account
Sandbox is created. Use for Educational Purposes Only!

Switch between PowerShell CLi and bash CLI in the Azure Cloud Shell easily.

bash in Azure Cloud Shell
pwsh in Azure Cloud Shell
az upgrade works in bash or pwsh
Interactive Mode 1/2
Interactive Mode 2/2

Once initialized, you can use the arrow keys or tab to help complete your commands. Interactive mode is set up specifically for Azure, so you don’t need to enter az to start a command (but you can if you want to or are used to it). Try the upgrade or version commands again, but this time without az in front.

Leave Interactive mode with the exit command.

Create VM in the Sandbox

Any exercise that uses the sandbox will require you to activate the sandbox subscription first. Once activated, you can login to the Azure portal and create resource without being billed for it by choosing the learn subscription during resource creation.

vm resource created using learn subscription in the Microsoft Sandbox Learn Directory in my Azure account
The resource groups in my Azure account
The Resources in my “learn” Resource Group
Select all Resources
Delete all resources in resource group
Confirm delete
double confirmation of resource delete operation

Troubleshooting The Sandbox

Subscriptions to free resources expire and need re-enabling from the Exercise page

This error occurs when the subscription button on the learn.microsoft.com page either hasn’t been clicked on or has timed out. Re-click the subscription acceptance button, usually at the top of the page for the exercise you’re doing.

Did you like this?
Tip cyberfella with Cryptocurrency

Donate Bitcoin to cyberfella

Scan to Donate Bitcoin to cyberfella
Scan the QR code or copy the address below into your wallet to send some bitcoin:

Donate Bitcoin Cash to cyberfella

Scan to Donate Bitcoin Cash to cyberfella
Scan the QR code or copy the address below into your wallet to send bitcoin:

Donate Ethereum to cyberfella

Scan to Donate Ethereum to cyberfella
Scan the QR code or copy the address below into your wallet to send some Ether:

Donate Litecoin to cyberfella

Scan to Donate Litecoin to cyberfella
Scan the QR code or copy the address below into your wallet to send some Litecoin:

Donate Monero to cyberfella

Scan to Donate Monero to cyberfella
Scan the QR code or copy the address below into your wallet to send some Monero:

Donate ZCash to cyberfella

Scan to Donate ZCash to cyberfella
Scan the QR code or copy the address below into your wallet to send some ZCash:

Hybrid Cloud – Consumption based model.

When comparing IT infrastructure models, there are two types of expenses to consider. Capital expenditure (CapEx) and operational expenditure (OpEx).

CapEx is typically a one-time, up-front expenditure to purchase or secure tangible resources. A new building, repaving the parking lot, building a datacenter, or buying a company vehicle are examples of CapEx.

In contrast, OpEx is spending money on services or products over time. Renting a convention center, leasing a company vehicle, or signing up for cloud services are all examples of OpEx.

Cloud computing falls under OpEx because cloud computing operates on a consumption-based model. With cloud computing, you don’t pay for the physical infrastructure, the electricity, the security, or anything else associated with maintaining a datacenter. Instead, you pay for the IT resources you use. If you don’t use any IT resources this month, you don’t pay for any IT resources.

This consumption-based model has many benefits, including:

  • No upfront costs.
  • No need to purchase and manage costly infrastructure that users might not use to its fullest potential.
  • The ability to pay for more resources when they’re needed.
  • The ability to stop paying for resources that are no longer needed.

With a traditional datacenter, you try to estimate the future resource needs. If you overestimate, you spend more on your datacenter than you need to and potentially waste money. If you underestimate, your datacenter will quickly reach capacity and your applications and services may suffer from decreased performance. Fixing an under-provisioned datacenter can take a long time. You may need to order, receive, and install more hardware. You’ll also need to add power, cooling, and networking for the extra hardware.

In a cloud-based model, you don’t have to worry about getting the resource needs just right. If you find that you need more virtual machines, you add more. If the demand drops and you don’t need as many virtual machines, you remove machines as needed. Either way, you’re only paying for the virtual machines that you use, not the “extra capacity” that the cloud provider has on hand.

Compare cloud pricing models

Cloud computing is the delivery of computing services over the internet by using a pay-as-you-go pricing model. You typically pay only for the cloud services you use, which helps you:

  • Plan and manage your operating costs.
  • Run your infrastructure more efficiently.
  • Scale as your business needs change.

To put it another way, cloud computing is a way to rent compute power and storage from someone else’s datacenter. You can treat cloud resources like you would resources in your own datacenter. However, unlike in your own datacenter, when you’re done using cloud resources, you give them back. You’re billed only for what you use.

Instead of maintaining CPUs and storage in your datacenter, you rent them for the time that you need them. The cloud provider takes care of maintaining the underlying infrastructure for you. The cloud enables you to quickly solve your toughest business challenges and bring cutting-edge solutions to your users.

Did you like this?
Tip cyberfella with Cryptocurrency

Donate Bitcoin to cyberfella

Scan to Donate Bitcoin to cyberfella
Scan the QR code or copy the address below into your wallet to send some bitcoin:

Donate Bitcoin Cash to cyberfella

Scan to Donate Bitcoin Cash to cyberfella
Scan the QR code or copy the address below into your wallet to send bitcoin:

Donate Ethereum to cyberfella

Scan to Donate Ethereum to cyberfella
Scan the QR code or copy the address below into your wallet to send some Ether:

Donate Litecoin to cyberfella

Scan to Donate Litecoin to cyberfella
Scan the QR code or copy the address below into your wallet to send some Litecoin:

Donate Monero to cyberfella

Scan to Donate Monero to cyberfella
Scan the QR code or copy the address below into your wallet to send some Monero:

Donate ZCash to cyberfella

Scan to Donate ZCash to cyberfella
Scan the QR code or copy the address below into your wallet to send some ZCash: