I wrote a post recently about troubleshooting connectivity for endpoints on Microsoft Azure VMs. The day the post went out I was greeted with this tweet:
http://t.co/Ww3MyYjwPu right on time context post for me @SQLRockstar tx sir. Need to see on ports for my #linux vms with #mysql running 🙂
— Shyam Viking (@myluvsql) April 30, 2015
So then I did what I usually do: I let my mouth (in this case, fingers) get ahead of my brain. Here was an opportunity for me to do more work! I answered the tweet with:
@SQLRockstar yes sir that’s one other thing I would have wanted to do through the script. — Shyam Viking (@myluvsql) April 30, 2015
Feeling like my Powershell script wasn’t getting the job done here I decided to pull together the code necessary to get all endpoints for VMs in an Azure subscription. So that’s what we have here. You’re welcome. As always, here is the usual disclaimer:
Script disclaimer, for people who need to be told this sort of thing:
DISCLAIMER: Do not run code you find on the internet in your production environment without testing it first. Do not use this code if your vision becomes blurred. Seek medical attention if this code runs longer than four hours. On rare occasions this code has been known to cause one or more of the following: nausea, headaches, high blood pressure, popcorn cravings, and the impulse to reformat tabs into spaces. If this code causes your servers to smoke, seek shelter. Do not taunt this code.
You can also download a copy of the Powershell script here.
<############################################## File: GetAllEndpoints.ps1 Author: Thomas LaRock, https://thomaslarock.com/contact-me/ https://thomaslarock.com/2015/05/get-all-endpoints-for-vms-in-an-azure-subscription Summary: This script will loop through all the virtual machines in an Azure subscription and report on the assigned endpoints. Date: May 11th, 2015 You may alter this code for your own purposes. You may republish altered code as long as you give due credit. THIS CODE AND INFORMATION IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE IMPLIED WARRANTIES OF MERCHANTABILITY AND/OR FITNESS FOR A PARTICULAR PURPOSE. ##############################################>
<# We are going to loop through all VM's in this subscription. However, if you want to filter for a subset, perhaps by name, you could use something like: #$VMlist = Get-AzureVM | Where-Object { ($_.Name -ilike “something”) } But we don't want to filter for our example, so we just grab all VMs and build an array #>
$VMlist = Get-AzureVM
<# We will now loop through each VM in the array #>
foreach ($VMServiceName in $VMlist) {
$obj = Get-AzureVM -ServiceName $VMServiceName.ServiceName -Name $VMServiceName.Name | Get-AzureEndpoint
$Output = New-Object PSObject
$Output | Add-Member VMName $VMServiceName.Name
$Output | Add-Member EndpointNames $obj.Name
$Output | Add-Member Endpoints $obj.LocalPort
Write-Output $Output
}
The Powershell script will output the details to the command window. Feel free to format the output as you see fit, I can imagine some might want to output to a text file. Of course, with Powershell you could output to Excel and create a donut chart if you wanted.
Enjoy!
Application Security Groups (ASG) are now Generally Available in all Microsoft Azure regions! Through Application Security Groups, Azure provides security micro-segmentation for your Virtual Networks (VNets). You can use this to define fine-grained network security policies based on workloads, centralized on applications, instead of explicit IP addresses. This provides the capability to group VMs with monikers and secure applications by filtering traffic from trusted segments of your network.