Setting up RDP access, antimalware and autoscaling when updating a Cloud Service (Extended Support) deployment

Overview

This post is a continuation of my previous post on Powershell Script to Update a Cloud Service (Extended Support) Deployment and Powershell Script to create a new Cloud Services (Extended Support) Deployment. In the previous posts, I covered all the steps necessary to create and update a Cloud Services resource using PowerShell. However, that was for just the basic Cloud Service. If you want to enable RDP access, set up auto-scaling and activate antimalware on the newly deployed Cloud Service, this post contains the steps on how to do that.  This post continues with the code as it is at the end of Powershell Script to Update a Cloud Service (Extended Support) Deployment.

As before, you will need to ensure that you have installed Powershell 7+ and the Az PowerShell Module before the script can be run. Restart all command prompt windows after you have installed these dependencies. Make sure to use the PowerShell 7 terminal and not the Windows PowerShell or Command Prompt terminal windows.

You will also have to set your PowerShell session to trust running scripts locally by setting the Execution Policy to RemoteSigned.

Set-ExecutionPolicy RemoteSigned

As usual, all the code can be found on my GitHub profile.

RDP Access

You need to add two more items to the Parameters.json file to set up the username and password for the RDP account. You should change the settings I have set below:

"rdpSettings": {
     "value": "<PublicConfig><UserName>rdpuser</UserName><Expiration>12/31/9999 12:00:00 PM</Expiration></PublicConfig>"
 },
 "rdpProtectedSettings": {
     "value": "<PrivateConfig><Password>P@ssword123!</Password></PrivateConfig>"
 }

You also need to add the new parameters to the top of the Template.json file, under swappableCloudService.

"rdpSettings": {
     "type": "string"
 },
 "rdpProtectedSettings": {
     "type": "securestring"
 },
 "antiMalwareSettings": {
     "type": "string"
 }

In the Template.json file, you need to add a new object under the “osProfile” object called “extensionProfile”. Within this extensionProfile, you need to add an array called “extensions”, with one object for the RDPExtension. The complete code for this is:

"extensionProfile": {
     "extensions": [
      {
           "name": "RDPExtension",
           "properties": 
           {
                "autoUpgradeMinorVersion": true,
                "publisher": "Microsoft.Windows.Azure.Extensions",
                "type": "RDP",
                "typeHandlerVersion": "1.2.1",
                "settings": "[parameters('rdpSettings')]",
                "protectedSettings": "[parameters('rdpProtectedSettings')]"
             }
         }
     ]
 }

Antimalware

Enabling antimalware is similar to enabling RDP access. You need to add the following item to the Parameters.json file. You need to configure this to your liking. day = the day of the week as a number, with 0 being Monday, time being the time in UTC and scanType being the scan type. The Exclusions section can be used to exclude certain parts of the file system from being scanned. You can find out more about AntiMalware here: https://learn.microsoft.com/en-us/azure/security/fundamentals/antimalware

"antiMalwareSettings": {
   "value": "<AntimalwareConfig><AntimalwareEnabled>true</AntimalwareEnabled><RealtimeProtectionEnabled>true</RealtimeProtectionEnabled><ScheduledScanSettings isEnabled=\"true\" day=\"6\" time=\"1140\" scanType=\"Full\" /><Exclusions></Exclusions></AntimalwareConfig>"
 }

You also need to add the new parameters to the top of the Template.json file, under rdpProtectedSettings that you added earlier..

"antiMalwareSettings": {
    "type": "string"
}

Autoscaling

Configuring scaling is effectively a second deployment that is done after you have deployed the Cloud Service. Therefore, you need to create two new .json files: ScalingParameters.json and ScalingTemplate.json.

We cannot use a hardcoded name for the Cloud Service in the ScalingParameter.json file, as the name will switch on each deployment.

{
    "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentParameters.json#",
    "contentVersion": "1.0.0.0",
    "parameters": {
        "cloudServiceName": {
            "value": "MzansiBytes"
        }
    }
}

In the ScalingTemplate.json file, paste the following. Go through it and adjust it as required, such as by adding additional profiles, or changing the capacity or rules.

{
    "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
    "contentVersion": "1.0.0.0",
    "parameters": {
        "cloudServiceName": {
            "type": "string"
        }
    },
    "variables": {
        "resourcePrefix": "[concat('/subscriptions/', subscription().subscriptionId, '/resourceGroups/', resourceGroup().name, '/providers/Microsoft.Compute/cloudServices/')]"
    },
    "resources": [
        {
            "apiVersion": "2022-10-01",
            "type": "Microsoft.Insights/autoscaleSettings",
            "name": "[concat(parameters('cloudServiceName'), '-Web-Autoscale')]",
            "location": "southafricanorth",
            "properties": {
                "name": "[concat(parameters('cloudServiceName'), '-Web-Autoscale')]",
                "enabled": true,
                "targetResourceUri": "[concat(variables('resourcePrefix'), parameters('cloudServiceName'), '/roles/Web')]",
                "profiles": [
                    {
                        "name": "Default",
                        "capacity": {
                            "minimum": "1",
                            "maximum": "2",
                            "default": "1"
                        },
                        "rules": [
                            {
                                "scaleAction": {
                                    "direction": "Increase",
                                    "type": "ChangeCount",
                                    "value": "1",
                                    "cooldown": "PT10M"
                                },
                                "metricTrigger": {
                                    "metricName": "Percentage CPU",
                                    "metricNamespace": "microsoft.compute/cloudservices/roles",
                                    "metricResourceUri": "[concat(variables('resourcePrefix'), parameters('cloudServiceName'), '/roles/Web')]",
                                    "operator": "GreaterThanOrEqual",
                                    "statistic": "Average",
                                    "threshold": 80,
                                    "timeAggregation": "Average",
                                    "timeGrain": "PT1M",
                                    "timeWindow": "PT5M",
                                    "Dimensions": [],
                                    "dividePerInstance": false
                                }
                            },
                            {
                                "scaleAction": {
                                    "direction": "Decrease",
                                    "type": "ChangeCount",
                                    "value": "1",
                                    "cooldown": "PT10M"
                                },
                                "metricTrigger": {
                                    "metricName": "Percentage CPU",
                                    "metricNamespace": "microsoft.compute/cloudservices/roles",
                                    "metricResourceUri": "[concat(variables('resourcePrefix'), parameters('cloudServiceName'), '/roles/Web')]",
                                    "operator": "LessThanOrEqual",
                                    "statistic": "Average",
                                    "threshold": 20,
                                    "timeAggregation": "Average",
                                    "timeGrain": "PT1M",
                                    "timeWindow": "PT5M",
                                    "Dimensions": [],
                                    "dividePerInstance": false
                                }
                            }
                        ],
                        "recurrence": {
                            "frequency": "Week",
                            "schedule": {
                                "timeZone": "South Africa Standard Time",
                                "days": [
                                    "Monday",
                                    "Tuesday",
                                    "Wednesday",
                                    "Thursday",
                                    "Friday",
                                    "Saturday",
                                    "Sunday"
                                ],
                                "hours": [
                                    23
                                ],
                                "minutes": [
                                    0
                                ]
                            }
                        }
                    }
                ],
                "notifications": [],
                "targetResourceLocation": "southafricanorth"
            },
            "tags": {}
        }
    ]
}

The scaling rules also require script changes so that the scaling is applied to the deployed Cloud Service. Add this before the code to swap VIPs, so that the Cloud Service is scaled before it is swapped.

# Apply Scaling Rules
$scalingParametersJson = Get-Content "$PSScriptRoot\ScalingParameters.json" | ConvertFrom-Json
$scalingParametersJson.parameters.cloudServiceName.value = $cloudServiceToDeploy
$scalingParametersJson | ConvertTo-Json | Set-Content "$PSScriptRoot\ScalingParameters.json"

New-AzResourceGroupDeployment -ResourceGroupName resourceGroupName -TemplateFile "$PSScriptRoot\ScalingTemplate.json" -TemplateParameterFile "$PSScriptRoot\ScalingParameters.json"

Now when you run the UpdateCloudService.ps1 script it should set up the RDP Access and Antimalware extensions, and then apply the scaling rules before swapping.

That’s it, you’re done!

Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.