Hybrid data backup solution with Azure Backup Server #MSOMS

When you run your workloads in different locations (on-prem & cloud) it would be tough situation how to manage data backup. Either you’ll end up using multiple backup software or else your backup vendor will assure you can manage both worlds from their tools Smile. Luckily Microsoft step-up with their hybrid data backup solution under the name tag “Azure Backup Server” In their own words “With Azure Backup Server, you can protect application workloads such as Hyper-V VMs, Microsoft SQL Server, SharePoint Server, Microsoft Exchange and Windows clients from a single console.”

Today I’ll take you through the journey of Azure Backup Server. Microsoft initially ran project with code name “Venus”. Now this is part of the OMS Suite (Operations Management Suite). For people who out there familiar with System Center Data Protection Manager think this is as DPM minus Tape drive support (and it’s free too Smile).

Most of the time I also really don’t entertain the idea of using Tape drives and I’m glad Microsoft team also carries same opinion as mine Smile. Some of the great features of Azure Backup Server service are,

Feature

Benefit

Automatic storage management

No capital expenditure is needed for on-premises storage devices. Azure Backup automatically allocates and manages backup storage, and it uses a pay-as-you-use consumption model.

Unlimited scaling

Take advantage of high availability guarantees without the overhead of maintenance and monitoring. Azure Backup uses the underlying power and scale of the Azure cloud, with its nonintrusive autoscaling capabilities.

Multiple storage options

Choose your backup storage based on need:

· A locally redundant storage block blob is ideal for price-conscious customers, and it still helps protect data against local hardware failures.

· A geo-replication storage block blob provides three more copies in a paired datacenter. These extra copies help ensure that your backup data is highly available even if an Azure site-level disaster occurs.

Unlimited data transfer

There is no charge for any egress (outbound) data transfer during a restore operation from the Backup vault. Data inbound to Azure is also free. Works with the import service where it is available.

Data encryption

Data encryption allows for secure transmission and storage of customer data in the public cloud. The encryption passphrase is stored at the source, and it is never transmitted or stored in Azure. The encryption key is required to restore any of the data, and only the customer has full access to the data in the service.

Application-consistent backup

Application-consistent backups on Windows help ensure that fixes are not needed at the time of restore, which reduces the recovery time objective. This allows customers to return to a running state more quickly.

Long-term retention

Rather than pay for off-site tape backup solutions, customers can back up to Azure, which provides a compelling tape-like solution at a low cost.

 

Even if you’re running your VM’s in VMware environment till you can leverage this backup solution. I guess high level picture will provide you’ll more sense by now Smile

azure-backup-overview

Of course in this solution we’re leveraging Azure Backup vault to retain the data. With the introduction of “Cool Storage” you can further reduce your storage cost for long term archival storage. (refer to my previous article to get more information about Cool storage”

Sounds cool and you want to get your hands dirty by trying this out? Step by step article will arrive soon. So stay tuned and hungry Smile

Reduce your cloud storage cost with “Azure Cool Blob Storage”

When I have conversation with my customers I recommend them to consider Azure storage as a best option to keep their data backup. So the rule of thumb goes up to 30 days data on-prem and rest are on the cloud (at least from my point of view)

All these times for data storage Microsoft had one storage option. But now they have introduced storage type called “Cool blob Storage” Basically this is a type with lower cost when you agree you’re not accessing the data stored on those storage accounts frequently.Example use cases for cool storage include backups, media content, scientific data, compliance and archival data. In general, any data which lives for a longer period of time and is accessed less than once a month is a perfect candidate for cool storage.

  • Cost effective: You can now store your less frequently accessed data in the Cool access tier at a low storage cost (as low as $0.01 per GB in some regions), and your more frequently accessed data in the Hot access tier at a lower access cost. For more details on regional pricing, see Azure Storage Pricing.
  • Compatibility: We have designed Blob storage accounts to be 100% API compatible with our existing Blob storage offering which allows you to make use of the new storage accounts in existing applications seamlessly.
  • Performance: Data in both access tiers have a similar performance profile in terms of latency and throughput.
  • Availability: The Hot access tier guarantees high availability of 99.9% while the Cool access tier offers a slightly lower availability of 99%. With the RA-GRS redundancy option, we provide a higher read SLA of 99.99% for the Hot access tier and 99.9% for the Cool access tier.
  • Durability: Both access tiers provide the same high durability that you have come to expect from Azure Storage and the same data replication options that you use today.
  • Scalability and Security: Blob storage accounts provide the same scalability and security features as our existing offering.
  • Global reach: Blob storage accounts are available for use starting today in most Azure regions with additional regions coming soon.

So how to create “Cool Storage”? Well not that big deal you have to log into your Azure portal and then go to “New” and select “Data + Storage” option

image

image

Under the storage account “Account kind” select “Blob storage”

image

After that you should be able to see the “Cool Storage” option,

image

By the time I’m writing this article sever data backup vendors has already started working with Microsoft to intergrade this feature with their backup products. (CommVault, Veritas NetBackup, SoftNAS, CloudBerry…etc) We would see this list growing really fast.

Azure Roadshow 2016–Colombo

Azure Cloud technology is no doubt going to be the next biggest technology roadmap to Microsoft Partners and also to customers. As a Microsoft Gold Partner in Cloud technology we all believe it’s our responsibility to share the updates with peer members and also with our customers.

With that intention we started our first Azure Roadshow align with Global Azure Bootcamp on 2015. This year we took the same step inviting all the local MVP’s to share their experience with Azure technology and how it can help customers.

Group photoDSC_0820DSC_1033DSC_0870DSC_0818DSC_0999DSC_0913DSC_0948DSC_0824DSC_0834DSC_0893DSC_0900DSC_0835

System Center Universe 2016 @ APAC

One of the best System Center summit happening around the world. As a Infront employee I’m happy to announce our company did host the event for the third time in APAC region. This time in Malaysia soon after that in Australia. All the well known System Center experts in one room sharing their knowledge. I’m glad that I got the opportunity to be among those experts and carry out two sessions.

Azure becoming key topic for developers and IT Professionals. How we can save time be leveraging templates. This is where we can leverage Azure Resource Manager Templates. Carried out a session to show how ARM really can help for IT Professionals in their journey.

Disaster recovery can be taken to next level by leveraging the Azure cloud. Delviered another session covering how Microsoft extend their love to protect VMWare customers as well Smile In this session we covered about Azure Site Recovery for HYPER-V, VMWare & Physical servers. We also demo what is “Enhanced mode for VMWare” and what that is so cool.

123SCU-2016-002SCU-2016-004SCU-2016-005SCU-2016-007SCU-2016-018SCU-2016-021SCU-2016-027SCU-2016-031SCU-2016-034SCU-2016-067SCU-2016-071SCU-2016-077SCU-2016-088SCU-2016-099SCU-2016-112SCU-2016-272

Linux Integration Services Version 4.1 for Hyper-V

Microsoft-Loves-Linux

Microsoft released the latest Linux Integration Services (LIS) for the guest Linux VM’s running on HYPER-V. With this latest update following improvement has been introduced.

•Expanded Releases: now applicable to Red Hat Enterprise Linux, CentOS, and Oracle Linux with Red Hat Compatible Kernel versions 5.2, 5.3, 5.4, and 7.2.
•Hyper-V Sockets.
•Manual Memory Hot Add.
•SCSI WNN.
•lsvmbus.
•Uninstallation scripts.

You can get the latest LIS from here.

Cannot upgrade SCOM 2012 R2 for UR7

This is another quick update which I came across during the field job (yes I’m back on the roots apart from sitting and designing solutions J). We’re in the process of making SCOM 2012 R2 environment updated to n-1 UR update. At this stage latest version is 8 and we decided to apply UR 7.

When I ran the command  greeted with following errors J

Msg 1105, Level 17, State 2, Procedure fn_AlertViewChanges, Line 2

Could not allocate space for object ‘sys.syscolpars’.’clst’ in database ‘OperationsManager’ because the ‘PRIMARY’ filegroup is full. Create disk space by deleting unneeded files, dropping objects in the filegroup, adding additional files to the filegroup, or setting autogrowth on for existing files in the filegroup.

Msg 1105, Level 17, State 2, Procedure fn_AlertViewChangesNoContext, Line 2

Could not allocate space for object ‘sys.sysobjvalues’.’clst’ in database ‘OperationsManager’ because the ‘PRIMARY’ filegroup is full. Create disk space by deleting unneeded files, dropping objects in the filegroup, adding additional files to the filegroup, or setting autogrowth on for existing files in the filegroup.

Msg 1105, Level 17, State 2, Procedure p_EffectiveMonitoringWorkflow, Line 3

Could not allocate space for object ‘sys.sysobjvalues’.’clst’ in database ‘OperationsManager’ because the ‘PRIMARY’ filegroup is full. Create disk space by deleting unneeded files, dropping objects in the filegroup, adding additional files to the filegroup, or setting autogrowth on for existing files in the filegroup.

Msg 1105, Level 17, State 2, Procedure p_GroomTypeSpecificLogTables, Line 2

Could not allocate space for object ‘sys.sysobjvalues’.’clst’ in database ‘OperationsManager’ because the ‘PRIMARY’ filegroup is full. Create disk space by deleting unneeded files, dropping objects in the filegroup, adding additional files to the filegroup, or setting autogrowth on for existing files in the filegroup.

Msg 1105, Level 17, State 2, Procedure p_InstallTypesAndReltypes, Line 3

Could not allocate space for object ‘sys.sysmultiobjrefs’.’clst’ in database ‘OperationsManager’ because the ‘PRIMARY’ filegroup is full. Create disk space by deleting unneeded files, dropping objects in the filegroup, adding additional files to the filegroup, or setting autogrowth on for existing files in the filegroup.

Msg 1105, Level 17, State 2, Procedure p_DiscoverySourcesEligibleForDeletionDueToOverridesProcedure, Line 2″

Looking carefully at the error messages it’s very clear disk full is the culprit. But again SCOM DB server having enough free storage. Problem related to low storage capacity define in the “OperationsManager” DB. Once the value has been modified UR7 upgrade ran smoothly.


Normally Log files capacity should be 50% of the size of Operations Manager DB J


Azure Active Directory Domain Services

When it comes to identity management Active directory have a long history plus many Enterprise companies rely on it. With the shift towards cloud based solutions and public cloud wave customers and Microsoft both has to think about how they manage their end user identities.

Right now Active Directory can be extending to cloud in couple of ways,

  1. Extend Active Directory to Azure by deploying DC in Azure and replicate with on premise Domain controller
  2. Extend on premise Active Directory with Azure Active Directory.

Latest option is AADDS (Azure Active Directory Domain Services). Think this is as Active Directory born purely in cloud. Your Azure virtual machines can be joined to Azure born Active Directory service. If you’re purely cloud born company and focus on clod based application this is ideal startup for you. Apart from that still you can import your on premise directory focus application to the cloud. Azure Active Directory Domain Service provided Windows Server Active Directory compatible set of API’s and protocols, delivered as a managed Azure service. This means as part of Azure AD you can now turn on support for all the critical directory capabilities your application and server VM’s need, including Kerberos, NTLM, Group Policy and LDAP.

So with this new AADDS you’ll get the ability to take any on-premises application that depends on Windows Server Active Directory and run it in Azure Infrastructure Services without having to worry about running, maintaining or patching Active Directory Domain Controller VMs. Those tasks will be taken care from Microsoft Azure team. (Isn’t this sound cool?)

Ok let’s have a high level steps how we can enable this new service.

  1. Create a Directory Service in the Azure portal,

    Make sure your domain name is a unique name.

  2. Create the ‘AAD DC Administrators’ group – Using the Azure management portal, create a group called ‘AAD DC Administrators’ and add all users who need to be administrators on the managed domain to it. These administrators will be able to join machines to the domain and to configure group policy for the domain.

  3. Select / Create the Azure virtual network in which to enable Azure AD Domain Services – you’ll need to create Azure virtual network to be associate with the AADDS. Ensure you pick a virtual network that satisfies the following criteria:

     

  • The virtual network belongs to a region supported by Azure AD Domain Services. See the region page for details.
  • Ensure the virtual network is a regional virtual network and doesn’t use the legacy affinity groups mechanism.
  • Ensure your workloads deployed in Azure Infrastructure services are connected to this virtual network.

  1. Enable Azure AD Domain Services for your Azure AD tenant – Enabling Azure AD Domain Services for your Azure AD tenant is a simple process. Navigate to the Azure AD tenant and click on the ‘Configure’ tab of your directory. You will notice a new section titled ‘Domain Services’.

    During this time make sure to select the correct virtual network you’ve created in the Step 3. You can also select custom domain name if you’ve already completed that step previously.

    Once the provision completed from Azure side you’ll see two Azure ADDS IP address will be available for you. Don’t be surprised if you don’t see two IP address at once. It can take 20-30 minutes for the first IP address to be displayed and another 20-30 minutes for the second IP to be available.

  2. Update DNS settings for the Azure virtual network – At this point, you can set these IP addresses as the DNS servers for the virtual network in which you had enabled Azure AD Domain Services. This enables virtual machines within that virtual network to ‘see’ the domain and connect to it for domain join, LDAP, authentication etc.

  3. Enable synchronization of legacy credential hashes to Azure AD Domain Services – This is an important step that you need to complete in order to use the domain you have just created. By default, Azure AD does not store the credential hashes required for NTLM/Kerberos authentication. You need to populate these credential hashes in Azure AD so users can use them to authenticate against the domain. The steps involved in populating these hashes Azure AD Domain Services are different for cloud-only and synced tenants.

     

    Cloud-only tenants – If your organization is a cloud-only Azure AD tenant, users that need to use Azure AD Domain Services will need to change their passwords. This step causes the legacy credential hashes required by Azure AD Domain Services for Kerberos and NTLM authentication to be generated in Azure AD and populated into Azure AD Domain services. You can either expire passwords for all users in the tenant that need to use Azure AD Domain Services or instruct these end-users to change their passwords.


     

    Users can use Azure AD’s self-service password change mechanism from the Azure AD Access Panel page in order to change their passwords. After users change their password, the hashes will be populated into Azure AD Domain Services. After the population is complete, users can then login to the domain using their newly changed password. Note that this is a one-time process and subsequent password changes will work automatically with Azure AD Domain Services.

  4. Going further you’ve completed most of the steps to use the ADDS service. If you’re creating the a new VM in the creation process you can select which virtual network VM should be provision. This will help the VM to receive the relevant DNS details.

    That’s about it! Azure AD Domain Services should be configured for your Azure AD tenant. Next step is to try out few scenarios in your new tenant like adding Azure VM to domain, importing on premise application…etc. You can get few scenario ideas from here.

Talk about pricing Azure AD Domain Services are available for all SKUs of Azure AD – i.e. Free, Basic and Premium. Azure Active Directory Domain Services usage is charged per hour, based on the total number of objects in your Azure Active Directory tenant, including users, groups, and domain-joined computers. Each tier supports a certain average user workload, 

Tier/Number of directory objects 1, 2

Approximate supported user workload

Preview price 2

General availability price 2

Less than 5,000

~1,250 users

Tier not available in preview

$0.05/hr 
(~$37.20/mo)

5,001 to 25,000

~6,250 users

$0.10/hr 
(~$74.40/mo)

$0.20/hr 
(~$148.80/mo)

25,001 to 100,000

~25,000 users

Tier not available in preview

$0.40/hr 
(~$297.60/mo)

Greater than 100,000

Contact us

Tier not available in preview

Contact us