Interview with MVP

Kevin Kaminski is a Windows and Devices MVP, he had this brilliant idea of creating The Virtually There with Kevin Kaminski series  various people. I had the honor to be the first one.

Here is more details about is series and in special about this episode

The Virtually There with Kevin Kaminski series is a concept where I interview various people in the industry that I’ve come to know over the years in my journeys in IT as a Microsoft MVP. In this episode, I sit down with Marcos Nogueira who happens to be a co-worker of mine who I met several years ago when he first moved to Calgary. He is not only a Microsoft MVP but a long time Microsoft MCT with a very extensive consulting background.

We talk about some of the common challenges customers have implementing Azure in their environment along with the differences between the on-premises offerings known as Azure Pack and Azure Stack. We also take a moment to discuss how System Center fits into the mix as customers attempt to modernize how their infrastructure is hosted and managed.

Don’t forget to subscribe is channel.

Cheers,

Marcos Nogueira
Azure MVP
azurecentric.com
Twitter: @mdnoga

Implementing Azure Site Recovery – Part 2 – For Hyper-V Virtual Machines in SCVMM Clouds

After I post the series of Azure Site Recovery (ASR) Planning considerations, I received an enormous quantity of feedback how It should be implemented, following those considerations. So, this is the second post of a series of 4 (see the first post here), about how to implement Azure site recovery based protection on the scenarios describe on the previous series posts.

If you want to visit the series where I talked about the ASR Planning Considerations, you can do it by select the right scenario:

In this post, you will step through a sample implementation of Site Recovery with the on-premises primary site and the secondary site that is residing in Azure. Your intention is to protect on-premises Hyper-V virtual machines. In this scenario, you are using System Center Virtual Machine Manager to manage your Hyper-V hosts. Your implementation will consist of the following tasks:

  1. Creating one or more Azure virtual networks in your Azure subscription in the Azure region that meets your disaster recovery objectives.
  2. Creating an Azure storage account in the same subscription and the same region as the Azure virtual network.
  3. Creating a Recovery Services vault in the same subscription and the same region as the storage account and the virtual network.
  4. Preparing for the mapping of on-premises virtual machine networks to the Azure virtual networks. You need to make sure that all virtual machines you intend to protect are connected to the virtual machine networks you will be mapping to the Azure virtual networks.
  5. Specifying the protection goal of your implementation. When using the Azure portal, this is the first task in Step 1: Prepare Infrastructure of the GETTING STARTED Wizard and involves answering the following four questions:
    1. Where do you want to replicate your machines? Select the To Azure option.
    2. Are your machines virtualized? Select the Yes, with Hyper-V option.
    3. Are you using System Center VMM to manage your Hyper-V hosts? Select the Yes option.
    4. Are you managing the recovery site with another System Center VMM? Select the No option.
  6. Setting up the source environment. This consists of the following steps:
    1. Adding a System Center VMM server entry representing your on-premises VMM environment and selecting the VMM cloud that is hosting the virtual machines that you intend to protect.
    2. Downloading the Azure Site Recovery Provider setup file and Recovery Services vault registration key to the VMM server. Run the installation using the newly downloaded setup file and, when you receive a prompt, provide the vault registration key. You will also receive a prompt to accept or modify an SSL certificate for encryption of disks uploaded to the Recovery Services vault. Finally, you will have the option to enable synchronization of cloud metadata for all VMM clouds. Optionally, you can select individual VMM clouds that you want to be visible in the Azure portal.
    3. Downloading the setup file for the Azure Recovery Services agent and installing it on each Hyper-V host in the VMM cloud that is associated with the virtual machine network you will be mapping to the Azure virtual network.
  7. Setting up the target environment. As part of this step, you must specify the post-failover deployment model. In this walkthrough, you will choose Resource Manager, but Site Recovery also supports the classic deployment model. At this point, you will also have a chance to verify that you can use the virtual network and the storage account you created earlier to host replicas of protected virtual machines and their disks. You have the option to create the virtual network and the storage account if this is not the case. Finally, you must also configure network mapping between virtual machine networks and the Azure virtual network.
  8. Setting up replication settings. This step involves configuring a replication policy and associating it with the VMM cloud you selected in step 6.1. The policy includes settings such as copy frequency, recovery point retention, app-consistent snapshot frequency, and initial replication start time.
  9. Confirming that you have run the Capacity Planner. The wizard will include a drop-down list from which you need to select Yes, I have done it in order to successfully complete the Preparing infrastructure step.
  10. Selecting the VMM cloud and enabling its replication. This is part of Step 2: Replicate Applications in the GETTING STARTED Wizard. You will need to specify the VMM cloud you selected in step 6.1. You also will need to select the Azure virtual network and the storage account you want to use to host replicas of protected virtual machines and their disks. You also have the option to choose the target subnet. In addition, this step involves assigning the name to the target virtual machine and choosing its operating system. Finally, you also have to choose a replication policy that you want to take effect in this case.

Cheers,

Marcos Nogueira
azurecentric.com
Twitter: @mdnoga

Azure Site Recovery Planning Considerations – Part 3 – For Hyper-V Virtual Machines in SCVMM clouds

On these post series, I want to cover some of the planning considerations that I usually use, when I’m designing/planning with my costumers, an ASR deployment/infrastructure. I broke down in several posts so I can cover and make easy to find the considerations that you are looking for. In this post, I will cover additional considerations when you need to configure Azure-based protection of Hyper-V virtual machines based on System Center Virtual Machine Manager (SCVMM) Clouds. The general considerations you can find here.

When you are configuring Azure-based protection of Hyper-V virtual machines located in VMM clouds, the following additional considerations apply:

  • You must create virtual machine networks in your VMM environment. You associate virtual machine networks with VMM logical networks, which, in turn, link to private clouds containing protected virtual machines. Once you create virtual machine networks, you must map them to the corresponding Azure virtual networks. This ensures that, following a failover, the network configuration in Azure matches the one that exists in your on-premises environment. By mapping networks, you ensure that replicas of protected virtual machines, which reside on the same on-premises network, also reside on the same Azure virtual network. You can map multiple virtual machine networks to a single Azure virtual network.
  • You have the option to select individual VMM clouds that will appear in the Azure portal. You can choose this option if you want to ensure that the Azure Site Recovery Provider running on the VMM server does not upload all of your cloud metadata to the Recovery Services vault.
  • If you want to ensure that Site Recovery attaches a replica of a protected virtual machine to a specific subnet, then name the Azure virtual network subnet the same as the virtual machine network subnet.
  • The Azure Site Recovery Provider running on the VMM server must have outbound connectivity to Azure via TCP port 443. The Azure Site Recovery Services agent running on each Hyper-V server that is hosting the virtual machines that you want to protect also must have outbound connectivity to Azure via TCP port 443. You must allow access to the following URLs from the VMM server and Hyper-V servers:
    • *.accesscontrol.windows.net
    • *.backup.windowsazure.com
    • *.hypervrecoverymanager.windowsazure.com
    • *.store.core.windows.net
    • *.blob.core.windows.net
    • https://www.msftncsi.com/ncsi.txt
  • Depending on the outcome of your capacity planning, you have the option of adjusting the bandwidth available to the Hyper-V replication traffic on individual Hyper-V hosts. For details regarding this option, refer to the Azure Site Recovery Planning Considerations – Part 1 post.

Cheers,

Marcos Nogueira
azurecentric.com
Twitter: @mdnoga

Azure Backup – Part 4 – System Center and Azure Backup

On the first post (see here), I explained how the Azure backup works. On this post, I’m explaining how to integrate Azure Backup with System Center Data Protection Manager.

If your environment contains a large number of systems that require protection, you might want to consider implementing Microsoft Azure Backup Server. Alternatively, if you have an existing implementation of System Center Data Protection Manager (DPM), you will likely benefit from integrating it with Azure Backup by installing the Azure Site Recovery agent on the DPM server.

These two methods generally yield equivalent results. Microsoft Azure Backup Server provides the same set of features as DPM except for tape backups and integration with other System Center products. Azure Backup Server also offers the same management interface as DPM. Effectively, by implementing Microsoft Azure Backup Server, you gain enterprise-grade protection without requiring System Center licenses.

With both of these products, you can provide recovery for Linux and Windows operating systems that run on-premises or in Azure, as long as an Azure Backup Server or DPM server resides in the same location. DPM and Azure Backup Server support consistent application backups of the most common Windows server workloads, including SQL Server, Office SharePoint Server 2013 or 2016, and Microsoft Exchange Server. They also deliver superior efficiency and disk space savings because of built-in deduplication capabilities.

It is important to remember that unlike the other Azure Site Recovery agent–based methods, neither DPM nor Azure Backup Server can back up data directly to an Azure Recovery Services vault. Instead, they operate as disk-to-disk-to-cloud solutions, using their local disks as the immediate backup target, and afterward, copying data to Azure from the newly created backup.

To integrate System Center DPM with Azure Backup, you must perform the following steps:

  1. If you do not already have an available Recovery Services vault, create a new one.
    Note: You can use the same vault for protecting Azure virtual machines with the Azure Backup VM extension and systems that run an Azure Site Recovery agent, including System Center DPM.
  2. Specify the vault’s storage replication type.
  3. Specify Backup goal settings, including the:
    – Location of the workload: On-premises
    – Workload type: any combination of Hyper-V Virtual Machines, VMware Virtual Machines, Microsoft SQL Server, Microsoft SharePoint, Microsoft Exchange, System State, or Bare Metal Recovery
  4. On the Prepare infrastructure blade of the Azure Recovery Services vault, select the Already using System Center Data Protection Manager or any other System Center product check box.
  5. Download the vault credentials from the Prepare infrastructure blade. The Azure Site Recovery agent uses vault credentials to register with the vault during the installation process.
  6. Download and install the Azure Site Recovery agent from the Prepare infrastructure blade. Start by clicking the Download link. Once the download completes, run the installation and register the local computer running System Center Data Protection Manager with the vault. As part of the registration, designate a passphrase for encrypting backups.
  7. From the Protection workspace of the DPM Administrator Console, create a new protection group or modify an existing one. Within the protection group settings, enable the Online Protection option.
    Note: You must enable short-term protection by using local disks. While you cannot use tapes for this purpose, you can additionally enable long-term protection to tape. As part of the protection group configuration, specify an online backup schedule, online protection data, online retention policy, and initial online backup methodology. Similar to the Azure Backup consoles, you can choose between performing initial backup over the Internet and using the Azure Import/Export service to copy it offline.

Deploying Microsoft Azure Backup Server requires that you perform the following steps:

  1. If you do not already have an existing, available Recovery Services vault, create a new one.
    Note: You can use the same vault for protecting Azure virtual machines with the Azure Backup VM extension and systems that run an Azure Site Recovery agent, including System Center DPM.
  2. Specify the vault’s storage replication type.
  3. Specify Backup goal settings, including the:
    – Location of the workload: On-premises
    – Workload type: any combination of Hyper-V Virtual Machines, VMware Virtual Machines, Microsoft SQL Server, Microsoft SharePoint, Microsoft Exchange, System State, or Bare Metal Recovery
  4. On the Prepare infrastructure blade of the Azure Recovery Services vault, make sure that the Already using System Center Data Protection Manager or any other System Center product check box is cleared.
  5. Use the Download link on the Prepare infrastructure blade to download the Microsoft Azure Backup Server installation media, which are over 3 GB in size.
  6. Download the vault credentials from the Prepare infrastructure blade. The Microsoft Azure Backup Server setup uses vault credentials to register with the vault during the installation process.
  7. Once the download of the Microsoft Azure Backup Server installation media completes, extract the download package content by running MicrosoftAzureBackupInstaller.exe, and then start the setup process.
    Note: The product requires a local instance of SQL Server 2014 Standard. You have the option of using the SQL Server installation media in the package or deploying an instance prior to running the setup.
  8. When prompted, provide the path to the vault credentials that you downloaded earlier. When registering the Microsoft Azure Backup Server with the vault, you can designate a passphrase for encrypting backups.
  9. Because Microsoft Azure Backup Server has the same administrative interface as the System Center DPM, after the setup completes, the remainder of the configuration is equivalent to the one referencing a System Center DPM, with the exception of tape backup–related settings.

Cheers,

Marcos Nogueira
azurecentric.com
Twitter: @mdnoga

Transform the Datacenter – Part 4 – Extend to the cloud

This post is a continuation of series of posts about Transform your datacenter. You can see the previous post:

Extend into the cloud to scale on demand while keeping costs low and the complexity of the solution simple is the major challenge when you think to extend your datacenter to the cloud. You can meet unexpected needs or plan ahead for times when your business needs to run at peak demand.

One of the first thing that comes to my mind, when I’m talking to extend the datacenter to the cloud is security and how I can trust on the cloud provider.

Microsoft Azure security and trust

From all the public cloud providers, as per mu knowledge, Microsoft Azure is the one that have more security and clearance certifications. With the recent new division that Microsoft created (Cybercrime), Security is one of the top priorities. Just look how much they invest in security. For me that give me a boost on my confidence regarding my infrastructure.

These are the topics that concern me the most and I always look for on a public cloud provider:

Security

  • Secure development, operations, and threat mitigation practices provide a trusted foundation
  • Decades of experience building enterprise software & operating online services around the globe
  • Physical and platform security measures including access control, encryption, and network safeguards
  • Defense-in-depth and penetration testing help protect against cyber threats

 Privacy

  • Unmatched legal commitments govern data privacy, access and use
  • First to offer privacy protections via Data Processing Agreements, EU Model Clauses, and HIPAA BAA
  • No mining of customer data for advertising or other purposes
  • Customers control where their data resides and who has access to it

Compliance

  • Independent audits demonstrate compliance with regulatory standards
  • Certified for ISO, SSAE 16/SOC 1, and SOC 2 compliance, plus a range of industry and country specific security standards
  • Shares audit report findings and compliance packages with customers

 

Make hybrid capabilities part of your infrastructure

When we talk about the concrete benefits of hybrid, there are a number of areas to consider. IT Professionals often ask, “Where should I start,” so I’ve picked some of the places where you can most easily take advantage of cloud resources as an extension of your existing datacenter.

Microsoft Azure Infrastructure as a Service

That is one of the most truly reason of why Microsoft Azure is your hybrid cloud solution, if you compare to other public cloud providers. The consistent VM format between Hyper-V and Azure IaaS (for example), makes it easy to move existing applications to the cloud.

Scalable on demand and enterprise ready are other points to take in consideration, but if you compare with the other public cloud providers. The different is almost nothing.

Service provider cloud options

The Cloud OS Network is a worldwide group of select Service Providers that partner closely with Microsoft to offer organizations cloud solutions on the Microsoft Cloud Platform (Hyper-V, System Center, Windows Azure Pack) and Azure enabled solutions.

Cloud OS Network members are uniquely combining geographically affinity (Data Sovereignty, local Datacenters), value added services (Customer centric solutions, Azure enabled scenarios) and customer reach/relationship. Microsoft have now 100+ partners in the network to serve your specific needs, covering over 600 local datacenters and serving over 3.7mio customers.
Find a COSN partner in your region or join the conversation on Twitter @CloudOSNetwork.

Hybrid Cloud storage

Be able to reduce storage costs and manage data growth. Improve your data protection and recovery or even increase agility and shift resources to business drivers is some of the features of Microsoft Storsimple solution.

Business continuity

The goals, that Microsoft have, when building a cloud-based disaster recovery solution were to make disaster recovery available to everyone, available everywhere, and easy to use. That is where Azure Site Recovery is coming to place.

To have more information about Azure Site Recovery, see this post.

Hybrid networking

Azure ExpressRoute enables you to create private connections between Azure datacenters and infrastructure that’s on your premises or in a colocation environment. ExpressRoute connections do not go over the public Internet, and offer more reliability, faster speeds, lower latencies and higher security than typical connections over the internet. In some cases, using ExpressRoute connections to transfer data between on-premises and Azure can also yield significant cost benefits.

Express Route: connect directly to Azure from your datacenter, without going through the public internet.

With ExpressRoute, you can establish connections to Azure at an ExpressRoute location (Exchange Provider facility) or directly connect to Azure from your existing WAN network (such as a MPLS VPN) provided by a network service provider.

Hybrid identity

For identity and access, the breakthrough is an increased ability to maintain a single identity across multiple clouds. Continuous services and connected devices present a real challenge, with users expecting more and more from IT in terms of simple and fast access to resources and data. Microsoft offers multiple options in this area, including the advances in identity management in both Windows Server 2012 Active Directory and Microsoft Azure Active Directory. Cloud-based identity that integrates with your existing Active Directory solution will allow tremendous flexibility in building single sign-on capabilities across your cloud deployments. This is the identity platform you know, reinvented for cloud.

Microsoft is differentiated in this area by our ability to bridge from the on-premises datacenter to the cloud.  We understand that you need to balance security and compliance against ease of access for end users.  And we continue to innovate to make things easier—for example, the most recent updates to Azure Active Directory make it possible to federate identity across SaaS applications, such as Salesforce.com