Tag: CLI

Azure Default Service Principals vs Customer Created

· Leave a comment ·

The other day, a customer asked me to provide the number of Service Principals (SP) in their Azure tenant. Well, that is pretty easy right? Head over to the Azure AD service within the Azure Portal and browse the App registrations (Service Principals) here… But wait, I now want to extract the list of SPs to a file. Great, I can use the following CLI or PowerShell query “az ad sp list” or “Get-AzADServicePrincipal” to retrieve that information. Wait a second… now why do I see nearly 700 SPs in PowerShell, yet when I take a look at the Portal, I can see there are maybe 100 Service Principals at best. This cannot be right! Why is PowerShell/CLI generating a list of nearly 700 Service Principals, whereas the portal only shows me ~100 SPs? Something is up… Let’s take a deeper dive here.

Well, after some research, I ran into the following blog post from fellow Microsoft MVP, Rick Van Rousselt you can find that post HERE. Learning Microsoft creates a handful, ~600 Service Principals that are needed for various Azure services, ie. Azure AD, Office 365, Azure Policy, etc. This ia default behaviour for any Azure tenant, and is common for any tenant.

After you execute the following query (“az ad sp list” or “Get-AzADServicePrincipal“) you can see that for some of these ~600 SPs the Tenant ID does not match my customers… The appOwnerTenantId belongs to a Microsoft/Azure tenant. Interesting….

So how do you figure out which Service Principals are customer created/owned, and how do we differentiate between the customer and Microsoft?

Below is what I did, and this should help you identify which Service Principals belong to you (as the customer) and which belong to Microsoft/Azure.

  $result = az ad sp list --query "[].{ServicePrincipalName:appDisplayName,AppID:appId,TenantID:appOwnerTenantId}" --output table --all -o json | ConvertFrom-Json 
  $result | export-csv -Path "C:\temp\ServicePrincipals.csv"  -NoTypeInformation

Now I can filter the Service Principals based on the appOwnerTenantId to differentiate between customer created versus Microsoft/Azure created.

I hope this helped, and now you know Microsoft/Azure creates hundreds of Service Principals in every Azure tenant that are needed for various services, and roles.

Creating Easy Tier (Multi-tier) Pool with IBM Storwize

· Leave a comment ·

Creating an Easy Tier (aka Multi-tier) pool within IBM’s Storwize is pretty simple, just it cannot be done via its GUI. The GUI definitely lacks this functionality, and thus I had to resort to learning some IBM CLI for the Storwize(V5000). I have been told (from IBM) the command(s) are the same for both the Storwize v7000 and v3700 series as well.

The benefits of IBM’s Easy Tier is rather impressive, and I am sure (please correct me if I am wrong) this exists within other SAN vendors as well. In my pool, there are three types of disk drives, SSD and SAS (both enterprise grade and nearline). The benefits of the multi-tiered (easy tier) pool allows data to be (seamlessly) migrated to higher-IO drives/pools that provide higher performance, ie. SSD pools.

In my case this is great, as I will have heavy-hitting IOPS SQL virtual machines that will probably require the higher performing SAS if not SSD drives. And whereas low-IOPS hitting data such as Quorums on nearline drives.

As IBM states, “Easy Tier can automatically migrate data at the sub-LUN/sub-volume level to the most appropriate storage tier. This includes the ability to automatically and non-disruptively relocate logical volume extents with high activity to storage media with higher performance characteristics, while extents with low activity are migrated to storage media with lower performance characteristics.

So how is this all done?

I am going to assume you have already created your mdisk/RAID groups. In my case my SSD drives are a RAID-5 likewise with my SAS (enterprise) drives. RAID-6 for my SAS nearline drives.

Within the CLI, you will need to get the IDs of all your drives, you can do this by running the following command, “lsdrive“. Now you can see all your drives, and their disk types, IDs, etc.

1

Now you need to create your Easy Tier pool with the mkarray command. (More syntax info can be found HERE)

“mkarray -level <raidType> -drive <IDrangeOfDrivesPerDiskTypeGroupSepeartedByColon(s)> <YourPoolName>”

mkarray -level raid5 -drive 0:1:2:3 EasyTier-Pool
*Do not forget to leave 1 drive behind as a spare within your MDisk pool, otherwise you will have no hot-spare, and will have to rebuild*
4 5

Once you have created your pool, and assoicated all the drives to the Easy Tier pool, you can now see all the mdiskX groups, using the lsmdisk command.

2

For more details, use the lsmdiskgrp command.

3

We can now also confirm the Easy Tier pool within the GUI.

image004

Now we can start building/migrating or whatever it is your SAN was designed for! 🙂

 

For more literature on IBM’s Easy Tier, please visit the LINK.