Managing Microsoft Azure By Using System Center Virtual Machine Manager 2012 R2

 

VMM Administrator Console  is a graphical user interface (GUI) that you use to

• managing fabric (compute, network & storage)
• managing private cloud
• managing virtual machine

Besides that, we also can use VMM Administrator Console to manage Amazon AWS, please feel free to check out our previous post.

Guess what is included in UR6?

Now we can have a single pane of glass to manage Microsoft Azure Virtual Machine by using VMM Administrator Console. Do check out below on how do we able to manage Azure Virtual Machine.

Product:

• System Center Virtual Machine Manager 2012 R2
• Update VMM to Update Rollup 6
• Microsoft Azure Subscription

[Configuration]

1. Create a management certificate by using makecert.

makecert -sky exchange -r -n "CN=VMMLab2012R2" -pe -a sha1 -len 2048 -ss My "VMMLab2012R2.cer"

2. Upload the management certificate to Microsoft Azure Management Portal. Go to Settings | Management Certificate | Upload

3. Using VMM Administrator Console to add Azure Subscription. Click on Add Subscription from the toolbar (VM and Services Workspace)

4. Enter your subscription details:

• Display name


• Subscription ID (get it from Azure Management Portal)


• Certificate (from previous step)

5. Once added, you will be able to use VMM Administrator Console to perform actions:

• Start


• Stop


• Shutdown


• Restart


• Connect to RDP

Backup Azure Virtual Machine By Using Azure Backup

It is about time ! Something to cheer off on this enhancement to protect Azure Virtual machine..Recently Microsoft has added a new enhancement to Azure Backup which allow us to backup virtual machine on Microsoft Azure without any impact to production workloads and without shutdown of VM. Depend on your virtual machine guest operating system, Azure backup perform

• application level consistency for Windows OS
• file system level consistency for Linux OS

Let have a quick walkthrough on this feature:

[ Pre-requisite]

Created a Backup vault on the same region as IaaS VM

+New | Data Services | Recovery Services | Backup Vault

[ Our test scenario]

• 1 Windows Server 2008 R2 VM
• 1 Ubuntu VM
• 1 Windows Server 2012 R2 VM

[Configuration]

To configure, you must perform 3 steps:

• Run discovery
• Register VM
• Protect VM

Step 1: Go to Vault | Click Registered Items | Click Discovery

Step 2:- Register VM

Make sure virtual machine is up and running and not Deallocated state in order to successful on registration.

Click on Register | Select VM that you would like to protect

Once VM status is “Registered”, proceed to step 3

Step 3:- Backup VM

To configure backup policy, click PROTECT

Click PROTECT, select VM to backup and select your backup policy

You can set backup frequency to

• Daily
• Weekly
• Frequency :- Time every 30 minute
• Retention range- by default 30 days

It’s agentless backup and able to protect multiple virtual machine.

Once it is protected, you cannot add the same VM on another backup policy and add an additional backup time into same policy.

[ Perform on demand backup]

Click on PROTECTED ITEMS TAB, click “Backup Now”

In our test scenario, the on-demand backup work as when VM is running or DEALLOCATED state.

[ To Remove/ Modify Backup Policy ]

Click on POLICIES tab, select the policy that you would like to remove and press DELETE.

You can select the policy and modify the protection configuration.

One set back that we found is cannot remove each individual VM without remove the policy.

[ Tracking Progress and Success / Failure ]

To view detailed job view for tracking progress and success/failure.

Once backup has completed, you able to view the number of recovery point listed.

That’s all about our walkthrough. We are currently wondering if the back end system is running “Microsoft System Center Data Protection Manager”.  

What do you think ???

Synchronize Directory to Azure Using Microsoft Azure Active Directory Sync Services (AAD Sync)

 

We have been busy with recent project on Enterprise Mobility Suite (EMS) and the first tool that we are going to use is using Directory Synchronization tool. We used to use DirSync to synchronizes users, password, security groups, distribution lists, contacts, etc. However DirSync tool has been replaced by AAD Sync (Azure Active Directory Sync Services)

Here is a quick directory synchronization tool comparison:

Tools	Description
DirSync	support for single forest syncronization
AAD Sync	support single and multi forest synchronization Password write
AAD Connect	Includes AAD Sync Will assist to setup ADFS Will assist to setup Web Application Proxy

In this articles, we are going to deploy AAD Sync

[Download AAD Sync]

To download – [Last update Feb 2015] – Click here

[Installation]

• Define the location to install the Azure AD Sync

• Click on Install . It will install few components such as SQL Express, Synchronization Services. This will take a while

• Enter the Azure AD Account which has global administrator right and click Next. Remember to “Activate” Directory Synchronization in Azure.

• Enter your domain admin authentication and forest name. It will install AD connector services

Define the user matching attribute

• On Optional features page, select an additional features that AAD Sync perform. Example
• Exchange Hybrid Deployment
• Password Synchronization
• Password write back
• Azure AD App and attribute filtering

• Click Configure and wait for AAD Sync tool to perform the changes

Just wait for a while and it will start to sync directory to Azure. To check the result, go to Azure Management Portal and able to view on-premise user and group has sync to Azure Directory.

It is still a simple tool and work exactly like DirSync

For other tool, please check out

• AAD Connect

AD Intelligent Pack Available in Microsoft Azure Operational Insight

 

Not long ago, we have walkthrough about Microsoft Azure Operational Insight in this article:- http://www.ms4ucloud.info/2014/11/microsoft-azure-operational-insights_29.html

This round, we are going to look on new Intelligent Pack: Active Directory which recently released by Microsoft. Operational Insight AD Assessment Intelligence Pack assesses the risk and health of your Active Directory environment on a regular interval. It provides a prioritized list of recommendation tailored to your deployment. Let have a quick look on the beauty of AD IP.

1. Browse to Microsoft Azure Operational Insight portal:- https://preview.opinsights.azure.com/

2. Add new Intelligent Pack by click on Intelligent Pack

3. Select AD Assessment

Remember to deploy an agent into your domain controller server. We have leave an agent into our domain controller for a few days.

[ After few days….here is the result]

Oh my…the overall dashboard reported

• 5 High Priority
• 7 Low Priority
• And 83 Passed on check

[Let drill further]

The report was good as it provide explanation and highlighted that our AD issue. Example:-

- one of DC does not configure properly on the DNS

- since when our last backup of active directory database

- missing inbound replication links

- a single global catalog server

How about give a test and try out Microsoft Operational Insight in your environment. You will be surprised on the findings. Good luck on your AD IP test.

Download Azure VHD to On-Premise

We’ve created VM on Azure and tested on it. Then once complete your testing on it and you would like to move the virtual disk back to on-premise. There are few ways to do so:-

Option 1:- Use Save-AzureVHD cmdlet

Save-AzureVHD –source (azure storage account) –LocalFilePath (local destination)

#Download VHD from a blog to a file save-azurevhd -source https://ms4ustorageA.blob.core.windows.net/vhds/avtest01-avtest01-2015-03-03.vhd -LocalFilePath d:\azure\avtest01.vhd

Option 2:- Download from Azure Storage Container

Navigate to Azure Storage Container, select the disk and click DOWNLOAD

Option 3:- Use Import/ Export.

You can use Export service to transfer large quantities of data resident in Blob storage to your on-premises installations in a timely and cost-effective manner.

It is faster and save from using your organization Internet bandwidth. Just ship your 3.5” SATA II/III hard disk and make sure each disk is not more than 4TB. Remember to provide drive ID, which is the serial number assigned by the drive manufacturer to a specific hard disk on Azure Portal. Go to Azure Storage Dashboard and click Import/Export.

Click Create Export Job

If you’re from Malaysia, the caurier is using DHL. The wizard will let you know on which courier service to use.

Cost per disk is around RM200 (or USD 80) for retail price. For more detail, please use Azure calculator:- http://azure.microsoft.com/en-us/pricing/calculator/?scenario=full

Both option 1 and 2 require to have big Internet bandwidth throughput on-premise in order to download the fixed virtual disk. So think careful on which option that is suitable for you.

Once virtual hard has moved back to on-premise either any of the option above, you can use Hyper-V to run it.

Azure Active Directory Access Panel on Google Play Store

 

The Access Panel is a web based portal that allows an end user with an organization account in Azure Active Directory to view and launch cloud based application to which they have been granted access by the Azure AD administrator. You can view the portal from this link.

Some of you may prefer to access from android devices compare to use browser and may curious if an app is available on Google Play Store. Well, the answer is “Yes”. Microsoft has released an app called “My Apps Azure Active Directory”.

To download, click here

Let have a quick walkthrough on the app.

1. Sign in using Azure AD Account. Once key in your user account, page will changed to company branding page.

2. Once authenticated, you able to access and view your application.

3. Click on the application and you’ll redirected without enter your password as SSO has kicked in.

To navigate back to your application, you need to click on “My Apps” logo. A bit not user friendly since user may find it difficult to locate. Probably the best is add a HOME button, what do you think? Give it a try and provide feedback at Google Play Store to improve the application.

Backup Azure Virtual Machine Configuration

 

Previously we have configure blob snapshot to backup virtual disk on Azure. Blob Snapshot did not backup the VM configuration. To do so, we need to use Export-AzureVM cmdlet.

[ Configuration ]

Get azure vm list and identify your virtual machine service name and name.

Get-AzureVM

Backup VM Configuration file and store at your local computer either when VM in power off state or running state.

Export-AzureVM –ServiceName “VM Service Name” –Name “VM Name” –Path E:\vmname.xml

[XML result]

<?xml version="1.0" encoding="utf-8"?> <PersistentVM xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema">   <ConfigurationSets>     <ConfigurationSet xsi:type="NetworkConfigurationSet">       <ConfigurationSetType>NetworkConfiguration</ConfigurationSetType>       <InputEndpoints>         <InputEndpoint>           <LocalPort>5986</LocalPort>           <Name>PowerShell</Name>           <Port>5986</Port>           <Protocol>tcp</Protocol>           <EnableDirectServerReturn>false</EnableDirectServerReturn>           <IdleTimeoutInMinutes xsi:nil="true" />         </InputEndpoint>         <InputEndpoint>           <LocalPort>3389</LocalPort>           <Name>Remote Desktop</Name>           <Port>64669</Port>           <Protocol>tcp</Protocol>           <EnableDirectServerReturn>false</EnableDirectServerReturn>           <IdleTimeoutInMinutes xsi:nil="true" />         </InputEndpoint>       </InputEndpoints>       <SubnetNames>         <string>App</string>       </SubnetNames>       <PublicIPs />       <NetworkInterfaces />     </ConfigurationSet>   </ConfigurationSets>   <DataVirtualHardDisks />   <OSVirtualHardDisk>     <HostCaching>ReadWrite</HostCaching>     <DiskLabel>disk_vmware-vm1_00_os.vhd</DiskLabel>     <DiskName>disk_vmware-vm1_00_os.vhd</DiskName>     <OS>Windows</OS>     <IOType>Standard</IOType>   </OSVirtualHardDisk>   <RoleName>TestBackup01</RoleName>   <RoleSize>Basic_A1</RoleSize>   <RoleType>PersistentVMRole</RoleType>   <NoExportPrivateKey>false</NoExportPrivateKey>   <NoRDPEndpoint>false</NoRDPEndpoint>   <NoSSHEndpoint>false</NoSSHEndpoint>   <ProvisionGuestAgent>true</ProvisionGuestAgent>   <ResourceExtensionReferences>     <ResourceExtensionReference>       <ReferenceName>BGInfo</ReferenceName>       <Publisher>Microsoft.Compute</Publisher>       <Name>BGInfo</Name>       <Version>1.*</Version>       <ResourceExtensionParameterValues />       <State>Enable</State>     </ResourceExtensionReference>   </ResourceExtensionReferences> </PersistentVM>

Do keep the XML file in safe location and may come handy when restoration. Stay tuned for our next post about virtual disk restoration and configuration file

More information:-

• Backup Azure Virtual Disk

Backup Azure Virtual Machine By Using Blob Snapshot

 

We have setup Virtual Machine Azure. Next question you may wonder on how to backup Azure Virtual Machine. Too bad at this moment, we cannot using System Center Data Protection Manager or Azure Backup to backup virtual machine. However can use these backup to backup application data.

Then we have search around and found out that we can use Blob Snapshot to perform backup by referring to Keith Mayer guide. You can refer to here.

There are four (4) steps that you need to in order to backup Azure Virtual Machine.

• Select virtual machine to back up
• Identify virtual hard disks
• Create cloud storage container for storing backups
• Back up virtual machines in Windows Azure to cloud storage
• Backup VM Configuration by using Export-AzureVM

Well, we follow the guide provide by Keith Mayer and summarize it in this script:-

#to list down entire VM in Azure Get-AzureVM #Select 1 VM. Example: MS4UDir $VM = Get-AzureVM -ServiceName "MS4UDIR" -Name "MS4UDIR" #Temporary shutdown to a state when the virtual machine is not running but its configuration  is kept in a provisioned state $VM | Stop-AzureVM -StayProvisioned #to get os disk $VMOsDisk = $VM | Get-AzureOSDisk $VMOsDisk #to get data diskname and media link $VMDataDisks = $VM | Get-AzureDataDisk $VMDataDisks #determine the name of Windows Azure Storage Account by using MediaLink property $storageAccountName= $vmOSDisk.MediaLink.Host.Split('.')[0] $storageAccountName #Setting the current storage account Get-AzureSubscription | Set-AzureSubscription -CurrentStorageAccount $storageAccountName #Creating a new Windows Azure Storage Container $backupContainerName ="backupvhd" New-AzureStorageContainer -Name $backupContainerName -Permission Off #Confirming creation of storage container Get-AzureStorageContainer #Backup virtual machine $vmOsBlobName = $vmOsDisk.MediaLink.Segments[-1] $vmOsBlobName $vmOsContainerName = $vmOsDisk.MediaLink.Segments[-2].Split('/')[0] Start-AzureStorageBlobCopy -SrcContainer $vmOsContainerName -SrcBlob $vmOsBlobName -DestContainer $backupContainerName #Get-AzureStorageBlobCopyState to confirm that the copy process completed Get-AzureStorageBlobCopyState -Container $backupContainerName -Blob $vmOsBlobName -WaitForComplete #Backup Data Disk ForEach ($vmDataDisk in $vmDataDisks) { $vmDataBlobName = $vmDataDisk.MediaLink.Segments[-1] $vmDataContainerName = $vmDataDisk.MediaLink.Segments[-2].Split('/')[0] Start-AzureStorageBlobCopy -SrcContainer $vmDataContainerName -SrcBlob $vmDataBlobName -DestContainer $backupContainerName -Force Get-AzureStorageBlobCopyState -Container $backupContainerName -Blob $vmDataBlobName -WaitForComplete } #Confirm that a copy of each virtual hard disk now exist in the backup storage container location. Get-AzureStorageBlob -Container $backupContainerName #Start VM after backup complete $vm | Start-AzureVM

Screenshot:

The process is length but at last we managed to backup the virtual machine.

Hybrid RemoteApp Deployment

 

With recent RemoteApp has GA, it is time for us to test configure it and setup hybrid deployment whereby we are require to setup site to site vpn, on-premise DC sync via Dirsync and application will reside in Microsoft Azure. Microsoft Azure RemoteApp delivers your Windows application from the Azure Cloud.

We have configure the deployment and step by step guide has posted here:- http://www.ms4ucloud.info/2014/12/hybrid-remoteapp-deployment.html

Enjoy!

Video : Azure RMS in Action

 

We have wrote our first post about Azure RMS in here. To better show you the technology, we think it would be best that we try to show it in video format. Enjoy!

Video 1 – First time using Azure RMS

Video 2 – Share Protect a File

Video 3 – Protect any File

Video 4 – Showing RMS in Action in RMS Sharing App running on Android

Video 5 – What happen when sending to wrong recipient?

Video 6 – What happen when sending to correct recipient?

Azure Active Directory Connect (AD Connect) with Password Sync

Azure Active Directory Connect (AD Connect) with Password Sync

Azure AD Connect is "new" because it is now one integrated tool that includes all the advances of AAD Sync and Dirsync.
The Azure AD Connect wizard Public Preview 1 provides a guided experience for integratingone or multiple Active Directory forests with Microsoft Azure AD.  Optionally you can configure Exchange Hybrid deployment, password change write-back, AD FS and Web Application Proxy.
NOTE:- Azure AD Connect Public Preview 1 is recommended to be run in a lab environment and not in a production AD or AAD environment. To get the installer, click here.
If you plan to run on production environment, please download
Azure Active Directiory Dir Sync from here.
AAD Sync capabilities include the following;

• Active Directory and Exchange multi-forest environments can be extended now to the cloud.
• Control over which attributes are synchronized based on desired cloud services.
• Selection of accounts to be synchronized through domains, OUs, etc.
• Ability to set up the connection to AD with minimal Windows Server AD privileges.
• Setup synchronization rules by mapping attributes and controlling how the values flow to the cloud.
• Preview AAD Premium password change and reset to AD on-premises.

Let begin the AD Connect configuration

After installation , double click AD connect icon on your desktop

Accept the license agreement and click Continue

Note:- Before install this tool, remember to add .Net Framework 3.5 features first.
The AD Connect tool will download and install

• MS Online Services Sign in Assistant
• Windows Azure Active Directory Module for Windows Powershell
• Azure AD Sync Engine

Enter Azure AD Credential

Next page will asking about Express setting (default using password sign on) or Customize (allow to select password or Single Sign On)

Below screen is how it look when select “Customize”

Let select “Password Sync” ..
Enter your Active Directory credential

Select optional features

• Exchange hybrid deployment

- Allow for co-existence of exchange mailboxes both on-premise and in Azure by synchronizing a specific set of attributes from Azure AD back into your on-premise directory.

• Password write back

- this option allow password changes that originates with Azure AD will be written back to your on-premise directory

• Specify identify user in on-premise directories and Azure

Final step


[Verification in Microsoft Azure AD]
You will notice on-premise user account has sync to Azure AD