Category Archives: Azure

Top five reasons to consider Azure DNS

Azure DNS was first announced at the Microsoft Ignite conference in Chicago in May of 2015. I was there in the conference session when it was announced, because I confess – I love DNS. In this blog post I will provide some criteria that can help you determine whether Azure DNS is right for your external DNS zones. Warning: This is a 300 level article – if you do not have an intermediate understanding of DNS, I recommend first reading this article (here).

Since Azure DNS was announced almost 12 months ago, the only administration interface for Azure DNS was PowerShell. This limited the early adoption of Azure DNS to hyper enthusiasts (like myself) or people who look for any excuse to use PowerShell (you know who you are!). Microsoft announced today that Azure DNS can now be managed in the new Azure Portal, which is now sure to increase interest and adoption of this service.  So if you are managing your DNS today, why switch to Azure DNS?  Here are a few principles that I suggest for guiding this decision:

  1. Are your external DNS zones hosted on an unsupported version of Windows Server? If so, then this would be an opportunity to migrate to a supported solution. I have witnessed many environments where external DNS is running on Windows 2003 and even Windows 2000. The scary thing is these are internet-facing services, and since these operating systems are no longer receiving security updates, this could be an open door for hackers or worms to infiltrate into the environment.
  2. Are all of your external DNS servers in the same physical location? If so, then Azure DNS provides an opportunity to migrate to a more resilient solution since Azure DNS is automatically load balanced across multiple regions.
  3. Have you heard of a routing technique called Anycast? Unless you have deployed your own external DNS infrastructure across the world, it will be hard to beat the performance that Azure DNS offers because of its implementation of “Anycast.” DNS queries automatically route to the closest name servers for the best possible performance. And this translates into better application performance since application latency won’t be waiting on DNS responses. For a nice PDF of how Anycast works (click here).
  4. Does the idea or need to programmatically create DNS records in PowerShell downright excite you? Then Azure DNS is for you. Get your geek on with this nice walkthrough by Alexandre Brisebois. Just. Because. You. Can. https://alexandrebrisebois.wordpress.com/2015/06/11/moving-to-azure-dns/
  5. Do you need very short TTL values? Some DNS providers like Network Solutions will not allow you to create a record with anything less than a 60 minute TTL. They do this because they do not charge you by query, so they would prefer to have less DNS traffic hitting their network. Microsoft, on the other hand, charges by individual query, so it benefits them to offer low TTL values, since every time the record expires from DNS cache, that results in another query and therefore more $$ to MSFT. Smart.

image

Pricing

Azure DNS is currently in preview and prices below reflect a 50% preview discount

image

https://azure.microsoft.com/en-us/pricing/details/dns/

Tips

  • Use DNSStuff.com to create a baseline of your current DNS performance before considering switching to Azure DNS. Then run the same report after you switch to see if performance improved favorably.
  • Configure TTL values of 3600 (60 minutes)  to keep the DNS queries low and therefore your price low. Lower TTL values will give you greater flexibility to quickly redirect traffic to another host, with the tradeoff of increased cost.

Limits

Contact Support if you need the limits below increased. These are the limits during preview, so they may change when Azure DNS reaches general availability.

image

https://azure.microsoft.com/en-us/documentation/articles/azure-subscription-service-limits/#dns-limits

Definitions

– A record set is two records with the same name. For example, two A records with the name ‘WWW’ pointing to two separate IP addresses is a single record set. You can have up to 20 ‘WWW’ records in a single record set.

– A record is a type of DNS entry such as ‘A’ ‘MX’ ‘CNAME’ ‘TXT’ ‘SRV’ and so on. You can have up to 1000 records per Azure DNS zone.

 

Getting started with Azure DNS

Disclaimer: DO not proceed on a production DNS zone –> this service is in Beta and the information below is for educational purposes only for LAB/Testing environments. Use at your own risk.

1. Create your new Zone in Azure DNS first.

image

SNAGHTML3e22816

2. Create DNS Records in your new zone

image

You can use the new GUI method when you have just a single record to update, but when you want to do bulk administration, . First, you have to have the right PowerShell modules installed and then logon to your Azure Tenant: https://azure.microsoft.com/en-us/documentation/articles/dns-getstarted-create-dnszone/

Then once you have powershell connected, a minimum of three lines of code are required to create a single record in your DNS zone. For example, to create an A record for WWW to point to 1.1.1.1, you would run these three commands:

$rs = New-AzureRmDnsRecordSet -Name “www” -RecordType “A” -ZoneName “contoso.com” -ResourceGroupName “Website” -Ttl 3600

Add-AzureRmDnsRecordConfig -RecordSet $rs -Ipv4Address 1.1.1.1

Set-AzureRmDnsRecordSet -RecordSet $rs
For more information on the PowerShell syntax, see: https://azure.microsoft.com/en-us/documentation/articles/dns-getstarted-create-recordset/

TIP:  If you were previously hosting your DNS zone on Godaddy, you can export your zone to a file for easy importing into Azure.

SNAGHTML3d328bb

5. When you are happy with your Zone then you are ready to point the world at it. This is done through Delegation. Read: “Delegate your domain to Azure” here for more info:
https://azure.microsoft.com/en-us/documentation/articles/dns-domain-delegation/

For example, in Godaddy, this is done in the Manage DNS and Settings tab > Manage.

image

These name servers can be found in your new Azure DNS settings here:

SNAGHTML3e520b5

Summary

Azure DNS is still in preview, so Microsoft’s official recommendation is to wait until it reaches the generally available milestone before migrating production zones onto it. However, if you think you would benefit from it, you can begin experimenting with it now to gain familiarity with it.

Often, hosting external DNS with your DNS registrar is free, but it may not always have the best performance. For example, when I queried the authoritative name servers for my DNS records, I received a 100ms TCP response. After switching to Azure DNS, queries against my DNS zone improved to 50ms! Therefore, Azure DNS might be worth the price when you consider the reduced latency in DNS lookups for your domain name, or the increase high availability compared to hosting it yourself.

ExpressRoute Providers in Southern California

If you work in Southern California, you may be interested in finding out which telecommunications providers have connectivity into Microsoft Data Centers such as Azure and Office 365.

The list below ranks providers based on their proximity to Southern California. For the full list of locations and providers, scroll down.

image

Note: This is not an endorsement for any particular provider, but just a list of those who have local connections near Los Angeles.

Need help with your next Office 365 Project? We can help you deploy any or all of the 21 features Included in Office 365 for a flat rate per month.  Contact us at [email protected].

The full list of providers is located here: https://azure.microsoft.com/en-us/documentation/articles/expressroute-locations/

Using the new Microsoft OMS to monitor Active Directory Health from Azure

Microsoft Operations Management Suite, which runs in Azure, can check the health of on-premises Active Directory, including replication health.

Why is it so important to check AD replication health? Well, if you are responsible for managing Active Directory then you know how easy it is for AD to become unhealthy, and you also know how problematic it can be to restore health. For example, a power outage that results in an Active Directory server going offline for longer than tombstone life of 180 days can cause ‘lingering objects’ to have to be removed.

So the best practice is to use monitoring tools to make sure AD remains healthy, so that you don’t have to spend long hours repairing AD.

image

 

Need help installing Microsoft OMS? We are here to help. Drop us a line at [email protected]

Azure AD Connect (Dirsync) Password Sync taking too long

I was assisting a customer who reported that Azure AD Connect (aka Dirsync) was taking too long for passwords to synchronize. It was such a huge lag that they assumed it was broken entirely.

Upon inspecting the Application Event Log on the Dirsync server for event ID 656, I observed a large gap between when the password was set on the Domain Controller and when the Event log on the Dirsync server picked up the change.

SNAGHTML61bdfde

This is not expected because the synchronization service polls on-premises AD for password changes every 2 minutes for password updates. The overhead to then hash the password, transfer it to Azure AD’s connector, and received on the far end is an additional minute (if all the stars are aligned). So three minutes is a reasonable expectation for passwords to sync to Azure AD. However, 14 minutes? Something ain’t right!

Upon inspection in the MIIS client, I observed that the domain controller that Dirsync was connecting to was 62 milliseconds away, and *not* the nearby DC in the same site as Dirsync. This is viewable in the ‘last used’ field in the screen shot below.

The Fix

Configuring Azure AD Connect to use preferred domain controllers solved the problem.

SNAGHTML6259900

Results

This reduced the synchronization lag from 14 minutes to 40 seconds! That is a 95% percent reduction in lag!

SNAGHTML623b3f5

Need help with an Office 365 Project? Visit our website at www.PatriotConsultingTech.com or drop us a line at [email protected]

When to use an Instance Level IP (ILPIP) in Azure

Instance Level IP addresses (ILPIP) are distinct from other types of IP addresses in Azure and have a very specific purpose and benefit. They are limited to 5 per Azure Subscription and intended to permit applications such as passive FTP to function, which requires a lot of open ports. They bypass the load balancer and firewall, allowing direct access to the VM. They do not take the place of the VIP assigned to the load balancer, but they can only be added alongside a VIP. At this time, an ILPIP cannot be added to VM’s that have multiple NICs (yet?).

image

Instance Level IP’s cannot be reserved and therefore are lost when the VM is shut down. They can dynamically register to a hostname that can be used in a CNAME record, so that if the IP changes, you are still fine as long as you point things to the CNAME record and not the IP address.  Another benefit is that the source IP address comes from the VM rather than from the IP of the load balancer.

Something to be aware of is that ILPIP’s do not use the Endpoints feature in Azure, and therefore all internet ports are open – requiring the use of a host-based firewall to be running on the VM to filter traffic.

You can assign ILPIP to an existing or new VM by piping set-AzurePublicIP as follows:

Get-AzureVM -ServiceName ftp01 -Name ftp01 | Set-AzurePublicIP -PublicIPName ftp01pip01 -IdleTimeoutInMinutes 4 -DomainNameLabel ftp01pip01 | Update-AzureVM

Then the CNAME record would point to the PublicIPFQDNs that is revealed when you run a get-AzureVM command. For example: ftppip01.ftp01.cloudapp.net

To request an ILPIP during VM creation you would use this command:

New-AzureService -ServiceName FTPService -Location "Central US"
$image = Get-AzureVMImage|?{$_.ImageName -like "*RightImage-Windows-2012R2-x64*"}
New-AzureVMConfig -Name FTPInstance -InstanceSize Small -ImageName $image.ImageName `
| Add-AzureProvisioningConfig -Windows -AdminUsername adminuser -Password MyP@ssw0rd!! `
| Set-AzurePublicIP -PublicIPName ftpip | New-AzureVM -ServiceName FTPService -Location "Central US"

References:

https://azure.microsoft.com/en-us/documentation/articles/virtual-networks-instance-level-public-ip/

http://blog.siliconvalve.com/2015/06/29/setting-instance-level-public-ips-on-azure-vms/

Containers in Windows Server 2016

Mark Russinovich demonstrates containers in Windows Server 2016. There are enhancements to the windows 2016 server kernel that allows multiple instances of user mode processes.

https://azure.microsoft.com/en-us/blog/an-early-look-containers-windows-server-2016-hyper-v-and-azure-with-mark-russinovich/

After watching the 15 minute video, here is the quiz:  what is the difference between a Windows Server 2016 Container and a Windows Server 2016 HyperV Container?

Answer: Hyper-V Containers provide isolation whereas Server 2016 Containers do not isolate the container processes form the host.

Which is right for you? A HyperV container or a Windows Server container?  Mark answers that question at 9:45.

When does a Windows Server container make sense over a HyperV container? It seems that when you do not require isolation, you would use Windows Server Containers.

Both of the above options are relevant for on-premises data centers. A 3rd option to evaluate is Azure Container Services, which is what cloud first companies will select first.

Azure AD Connect Password Sync fails for multiple forests

In two different environments I have reproduced behavior where Azure AD Connect does not synchronize passwords when it is configured for multiple source AD forests.

The fix has been to change the ‘Configure Directory Partitions’ credential setting from ‘Use default forest credentials’ to ‘Alternate credentials for this directory partition’

No service restart or reboot required. The way to test it is to reset a password and then monitor the Application event log on the Azure AD Connect Server. Within 2 to 3 minutes you should see an event log entry that the password has been successfully set.

image

How to see console output from a VM in Azure IaaS

Earlier this month (Sep ‘15) Microsoft announced a new diagnostic capability for VMs running in IaaS – the ability to see serial and console output from a running Virtual Machine. We take this capability for granted when we host our own data center, but having this capability for VM’s running in the public cloud is useful when troubleshooting boot failures.

This capability is available for new and existing version 2.0 virtual machines (aka Azure Resource Manager (ARM) created in the preview portal.

stackSelector

Then toggle the monitoring option

enableMonitoring

Note, screenshots and output can take up to 10 minutes to appear in your storage account.

What I learned at the Microsoft Ignite Conference (Chicago 2015)

The 2015 Microsoft Ignite Conference (May 4 – 8) was held in Chicago and included over 1,000 sessions on a range of Microsoft technologies.  The conference sessions and focused intent seemed to me to be predominately focused on the new “Cloud First” and “Mobile First” mission statement for Microsoft.

Historically, Microsoft uses events like Ignite to announce new products and features, so it is always an exciting time for IT Pro’s and customers alike.

I was fortunate enough to attend several of the sessions on Azure and Office 365, and I’m eager to share some of the highlights here. This is not intended to be an exhaustive or comprehensive list of what was unveiled, but rather, just my own individual experience and take-aways. I plan on watching several sessions that I missed – and you can too (see ‘Catching Up’ at the bottom of this blog post). 

For Julia White’s (General Manager of O365 Marketing) overview of Ignite, I recommend reading her blog post (here). Jennifer Marsman also wrote a great recap of the Build conference (here).

Azure Stack

Azure Stack is the private cloud version of what is known as Azure today. There was some initial confusion at the conference on whether this was a replacement for Azure Pack. When I spoke to the product managers at Microsoft, they said if customers are happy with their existing Azure Pack, that’s great, keep using it. But for those customers who want the same exact code as what is running in the Public Cloud, then Azure Stack is for them. Azure Pack relied upon System Center whereas Azure Stack will not. I would not be too shocked if Azure Pack is shelved because there appears to be clear overlap between these two private cloud offerings.

Azure Stack is scheduled for GA in H2 2015. When Azure Stack is released, it will not have all 48+ of the features in the public version of Azure, but it will have Compute and a few others.

Azure

  • Azure now has datacenters in more locations than Google and AWS combined
  • Venkat Gattamneni posted that Azure shines bright at Ignite! that “…in the last 12 months, we’re proud to have added over 500 features and services to the platform.”
  • Azure Resource Manager will allow you to deploy Gallery templates to both Azure Stack and Azure IaaS Public Cloud.
    In his blog post, Corey Sanders goes into lots of detail about ARM, templates etc. He says “This new template language will enable you to easily stitch together VMs, Virtual Networks, Storage Accounts, NICs, Load-balancers, and other PaaS services, like App Service and SQL Databases, in a single coherent application model.”
    The construction of a .JSON file is all that is required. Azure Resource Manager enables you to build and manage large scale applications in an agile and repeatable manner. Complex networking infrastructures can now be composed using simple JSON templates. Azure Resource Manager enables additional capabilities such as Role Based Access Control (RBAC), tagging of resources, and advanced auditing for resource usage. The significant change that ARM introduces is that when creating a VM in ARM mode, there is no dependency upon a cloud service. This enables ARM to spin up thousands of VM’s without the previous limitation that a cloud service imposed on a VM. For example, previously you could only deploy 50 virtual machines in a cloud service. So now, with a .JSON file, you can spin up 100 VM’s without the limitation of a cloud service holding you back.
  • DNS as a Service.  Think GTM (Global Traffic Management) in the Cloud. Azure DNS uses anycast networking, so that each DNS query is answered by the closest available DNS server. The only drawback is there is no GUI interface (yet) – just PowerShell management for now.  50 cents per DNS zone and 20 cents per million DNS queries.
  • Azure Cloud Service now supports multiple VIP’s
  • Several security enhancements: Host Guardian Service, Virtual Secure Mode, and Shielded VM: This is a virtualized vTPM module to support the encryption of guest virtual machines. Requires TPM 2.0.
  • Several network enhancements, ex: User defined routes, IP Forwarding, Floating Nics, ExpressRoute Premium Add-on. This add-on enables up to 10,000 BGP routes. Once your traffic enters an ExpressRoute meet-me site, you can reach ANY Azure region across the globe. Reserved IP addresses can now be moved between services. This supports scenarios where you want to quickly move an external IP between VMs.
  • Azure VPN gateway now supports Site-to-Site VPN and ExpressRoute coexistence.
    For additional details: http://azure.microsoft.com/blog/2015/05/05/new-networking-capabilities-for-a-consistent-connected-and-hybrid-cloud/
  • I learned that the Azure AD Proxy connector supports multiple connectors for automatic load balancing. On the roadmap is the ability to pin a particular app to a connector.
  • Azure Data Lake is “A hyper scale repository for big data analytic workloads.” See “What’s a Data Lake?” And check out Introducing Azure Data Lake for more info and to sign up to get notified when a preview is available. You might also watch this 3 minute video.
  • The public preview of client-side encryption in the Azure Storage client library for .NET. You can use client-side encryption to encrypt blob data, table data (you select the properties to encrypt), and queue messages. Client-side encryption also integrates with Azure Key Vault and allows for integrating with other key management systems if you prefer. client-side encryption blog post
  • Import/Export now also supports up to 6 TB hard drives. Click (here) for more information.
  • Azure Site Recovery enables customers to deploy application-aware availability on demand solutions. Azure Site Recovery solutions have been tested and are now supported for SharePoint, Dynamics AX, Exchange 2013, Remote Desktop Services, SQL Server, IIS applications and System Center family like Operations Manager. Read all the details in Abhishek Agrawal’s blog post
  • The Cloud Application Discovery feature is now Generally Available and integrated into the Azure preview portal. This tool can help identify ‘shadow IT’ where users are using 3rd party SaaS apps like DropBox without letting IT know about it. You get started by adding “Azure AD Cloud App Discovery” in the new Azure portal. You must first have an Azure AD Premium license assigned before you can use this tool. Cloud App Discovery enables you to:
    • Discover cloud applications in use within your organization
    • Identify which users in your organization are using an application
    • Export data so you can analyze it offline in other tools
    • Prioritize applications to bring under IT control, with single sign-on and user management.

Office 365

  • Equinix, AT&T, and BT will be the first MPLS carriers to enable connectivity between Office 365 and on-premises network (coming) Q3 2015. This enables end-to-end QoS which is particularly helpful when considering the Skype for Business Online (Formerly Lync Online) capabilities coming in September that will enable PSTN (dial tone) for outbound and inbound enterprise voice phone calls in the Cloud.

  • Sway is now part of Office 365. See this blog post for more information.

  • Office Delve organizational analytics. Provides an interactive dashboard for teams and individuals to identify key trends across employee engagement, team connections and even views like work life balance

  • Significant improvements in Office 365 Video management are coming. Admins will have the ability to remove or manage posted videos. Ability to share externally is coming too.

  • Significant improvements in Office 365 Groups management are coming (naming conventions, etc). A mobile app for Groups is coming.

  • Riverbed WAN optimization appliances can de-dupe Exchange Online traffic and SharePoint Online traffic by having your internal CA issue a certificate to masquerade as Outlook.com or Sharepoint.com. 90% traffic reduction in Exchange Online traffic! Downloading a 20 megabyte file from SharePoint Online would normally take ~60 seconds whereas with Riverbed it is 33x faster.

  • There is a new compliance center for Office 365 coming that will allow you to create one DLP policy that will then apply to SharePoint Online, OneDrive, Exchange and also the Office 2016 clients. For example, you can be in an Excel worksheet and type in a credit card number and you will get a policy tip notification that it is a violation of policy to have credit card data in Excel. Interesting!

  • There is a new Knowledge Management Portal for Office 365. Delve Boards are the building blocks. “Add to board” button will be added everywhere throughout Office 365.

  • This doesn’t belong in this category, but SharePoint 2010 farms will not have a direct upgrade path to SharePoint 2016. They will have to be upgraded to 2013 first (double-hop migration).

  • Modern Authentication for Office 2013 clients. http://channel9.msdn.com/Events/Ignite/2015/BRK3136

Exchange 2016

  • Architecture. CAS Role goes away. http://blogs.technet.com/b/exchange/archive/2015/05/05/exchange-server-2016-architecture.aspx
  • Deploying 2016
  • Exchange Server is now supported in Azure IaaS on Azure premium storage. Why anyone would do this… is for another blog post.
  • OAUTH now has a wizard in Exchange 2013 and 2016. This enables cross-premises Discovery and MRM. Also, cross-premises free/busy will attempt to use OAUTH first before the MSFT Federation Gateway, so it is a good idea to use OAUTH when possible. Why not?

Skype for Business

  • Broadcast Meetings up to 10,000 participants (up from 250 in Lync Online)
  • IIS ARR servers can be configured for Edge Caching – this enables users to view the skype broadcast meeting from the local cache rather than hammering the internet egress.
  • Call Quality Dashboard is available for download. Offers aggregated call quality information for on-premise deployments. In addition to a set of system reports that will be created as part of the install to help you view and diagnose network infrastructure issues affecting call quality, you will also be able to quickly and easily create additional reports tailored to your needs.
    http://www.microsoft.com/en-us/download/details.aspx?id=46916
  • To get the new Skype directory to appear, you need to remove the previously configured Skype Public Provider.
    See this article for more information: Enabling Skype Federation with Skype for Business Server or Skype for Business Online

Microsoft Operations Management Suite (OMS)

  • Click (here) for more details.
  • Includes Security Threat Analysis

Windows 10

  • Cortana is connected to PowerBI in the Windows 10 start menu

  • Device Guard in Windows 10

  • Windows Update for Business

Devops

Nano server is a tiny version of Windows Server.  Remember Windows Server Core? It’s like that but is 20x times smaller, hence the name “Nano.” In the demo I saw, the whole server consumed only 128 MB of Ram, and only 500 MB of hard disk space. Wow! From what I can tell, it is only managed externally through WMI or PowerShell, so there is no GUI or security logon inside of it.

Windows Nano Server was previously announced in April, but there were several more sessions on it at Ignite. Nano Server is best understood in the context of DevOps and the containerization of Docker. From what I can tell, Nano has little use outside of a development strategy that includes containerization (aka Docker).

Catching Up

All the ignite sessions and PPT presentations are available at Channel9 and here.

Vlad Catrinescu (MVP) posted a powershell script on Technet that allows you to download all the Ignite Videos and presentations. Or if you don’t have 300GB of disk space, you can also create a filter to just download the content you want, ex:

.\downloadignitevideosandslidesv4.ps1 -keyword “SharePoint,Azure,System Center
https://gallery.technet.microsoft.com/all-the-Ignite-Videos-and-b952f5ac

Read my LinkedIN post “Suggestions for staying on top of technology trends

Random Insights

VM level backups now available in Azure Backup

Leave a reply

As far as Azure IaaS goes, this is the biggest improvement to the platform since the ExpressRoute offering.

The announcement is here, and I highly recommend reading it:
http://azure.microsoft.com/blog/2015/03/26/azure-backup-announcing-support-for-backup-of-azure-iaas-vms/

The highlights:

  • With Azure Backup, you can now get application consistent backup of Windows VMs without having to shut down the VM.
  • “In order to backup IaaS VMs, the customer needs to deploy absolutely nothing”*
    Note: This is accurate insofar as you have the Azure VM Agent installed (see Prerequisites below)
  • Azure Backup truly achieves “set-and-forget” for VM backups.
  • Azure Backup does additional processing to determine the incremental changes between the last recovery point and the current VM state. By transferring and storing only the incremental changes, Azure Backup is highly storage efficient.

Azure VM Agent Prerequisite

  • A very important prerequisite is that the Azure VM Agent must be installed. This is performed when the VM is first created, but if you uncheck the box to install the agent, then you will not be able to back it up with the new VM level backup feature.
    image
  • If you do not have the Azure VM Agent installed, you will get an error message during the registration job step:
    ”Failed to install the Azure Recovery Services extension on the selected item. VM Agent is a pre-requisite for Azure Recovery Services Extension. Please install the Azure VM agent and restart the registration operation.”
  • You can manually download and install the VM Agent if it is not installed on the VM, see this article for more information:
    https://msdn.microsoft.com/en-us/library/dn832621.aspx
  • The VM agent itself can be downloaded directly from (here) and is very small and takes seconds to install.
  • After manually installing the agent, it is necessary to set the ProvisionGuestAgent value to true using Powershell or a REST call. If you do not set this value after manually installing the VM Agent, the addition of the VM Agent is not detected properly.)
  • See my blog post for manually installing the VM agent for step by step instructions:
    http://tctblgs.azurewebsites.net/manually-install-the-azure-vm-agent/

Seeing it in Action!

Assuming you have already setup your recovery vault, and your VM’s have the VM Agent installed, then there are three easy steps to start backing up VM’s in Azure IaaS

image

After clicking on ‘Discover Virtual Machines’ you then click on the Discover button at the bottom of the screen.

image

After discovery completes, you then click on the Register button.

image

This brings you to a screen to select the VM’s that you want to protect.

image

Clicking on the checkmark will spawn a register job that can be viewed on the Jobs tab. In my case, this job took 4 minutes to run.

image

Now that we have a VM registered, the next step to perform is step number 3, “Protect Registered Azure Virtual Machines.

image

image

Select the item you want to protect

image

You can then select an existing policy or create a new policy

image

When the backup has taken place, you can view it under protected items.

image

You can force a new backup or you can click on Restore to bring the VM back to life as a new VM standing next to the old one (it does not overwrite the existing VM).

image

Restoring a backup

A backup is only “good” if you can verify it by performing a restore. Until then, you should not trust your backups. I have learned this the hard way in the trenches =)

It is interesting that when you restore a VM, it does not overwrite the existing VM, but it instead deploys it alongside the current VM.

image

You can check the Jobs tab to see how long the restore will take. In my case, the restore took 23 minutes.

image

When the restore job completes, you can view the job notes:

image

To view the restored VM, I had to sign out and back into the Azure Management portal, but then I saw the restored VM amongst my other VM’s:

image

This raises a practical operational question where you need to be sure to shut off the old one before the new one starts up otherwise in a batch environment you wouldn’t want two VM’s running the same batch (you get the idea, you need to know what your VM’s are doing and coordinate properly).

Therefore, it would be good to have an option during the restore process for Azure to automatically shut down the original VM on your behalf to tighten-up the handoff, as you want to avoid having two machines with the same computer name and SID running on the network.

For example, in my restored VM, I can see it still has the original computer name (as I would expect) and so even though the name of the VM in Azure shows as ‘MyRestoredVM’ the actual computer name maintains the original name. (This is okay behavior, but just remember we need to shut off the original VM now too). I posted this feedback on the Azure Feedback portal, please click (here) to vote if you agree and would like the Azure Product team to include this feature in a future release.

image