Azure Backup stepping in RaaS (Restore-as-a-Service) model

I do hope this blog post readers are ware Azure offering free data backup solution called “Azure Data Protection Manager (DPM)” Basically it’s same as Data Protection Manager offered via System Center suite with the exception Tape drives are not supported by AzDPM. But again who needs tape drives Smile.  Nevertheless Azure Data Protection Manager offers the solution of protecting on-premise and Azure VM’s data backup. But sad story is when it comes to restore the time and complexity. Thanks to the new RaaS method things will get dramatically change when it comes to data restoration. Some of the key benefits of this method are,

Instant recovery of files – Instantly recover files from the VM’s hosted on Azure or on-premise. Whether it’s a case of accidental file deletion or simply validating the backup, instant restore drastically reduces the time taken to recover your first file.
Open and review files in the recovery volumes before restoring them – You can mount the previous backup as a snapshot and view them and decide which files you need to recover.

Even though this is in the preview level I look forward to see this on GA very soon.

1. In my Azure test VM I’ve created couple of test folders and copied few files in it.

image image

2. Using Azure backup I’ve already taken backup of this VM

image

3. Now let me go ahead and delete the folder1 in the Important data folder. After that I’m showing the current volumes in this VM.

image image

4. Now let’s get back to Azure portal to recover the data. for this I’m logging into the Azure portal within the Azure VM, this allows me to restore the files to the same VM which I’ve deleted folder in the first place. Keep an eye on the red arrow location. This is the new feature I’m highlighting today Smile. WE can select the snapshot we want to map to the Azure VM. Once that completed we run the PS to mount the snapshot volume to the Azure VM.

image imageimageimage

imageimage

5. As you can see in the last picture we manage to see the deleted data available in the mounted volume. Now we can copy them and restore to the location where we delete them accidently. Once the restore work is completed you need to stop the PS session and unmounts he volume from the Azure portal.

imageimage imageimage 

As you can see this is very easy and useful feature. According to Microsoft Azure Backup team this feature can be used to restore up-to 10GB of files. If you want to restore more than that it’s recommend to restore the entire VM from a snapshot. By the time I’m writing this post Azure Backup team has announced the supportability of restoring files from Linux VM’s as well. You can get more information about that from here.

PS: Same steps applies when you try to restore files for on-premise VM protected by Azure Backup service. Make sure you Azure Backup agent version is 2.0.9063.0

image

Migrating DPM data from one data storage to another data storage

Recently I’ve been involved in a project to help a customer to setup DPM 2012 R2 to backup VMware environment. Yes you heard it correct DPM 2012 R2 with UR11 support VMware backup. You can read more about it here. In our initial pilot stage we used DAS storage on the DPM server itself for test backup.  Once we verify local backup and Azure backup (replicating local backup copy to Azure) successful we wanted bring a SAN storage for the DPM server. My only challenge has been how to move the existing pilot backup to new storage introduced in the DPM server since we’ve been backing up production workload and I didn’t want to re-do that job again. Prior to that let’s find out my current protection group setup for a while,

image

As you can see it’s simple PG (Protection Group) protecting two SAP VM’s. Now let’s jump into the disk group structure from Disk management perspective. There are two DAS disks being utilized for the data backup, same time you can see I have introduced 3 disks connected via SAN for the DPM server.

image

Another view from the DPM point go view,

image

Challenge is to migrate the data from Disk1 and Disk2 to Disk3 without modifying the Protection group settings. For this you can use the DPM PS MigrateDatasourceDataFromDPM.ps. But first let’s try to identify the disk structure from PS console,

Get-DPMDisk -DPMServerName <DPM Server Name>) to display the disks.

image

As you can see in the above picture Disk1 and Disk2 is occupied for holding the Data. The trick is to identify the correct disk number and not to get deviated by NtDiskId. Once identified you can use following command with parameters to transfer the data,

./MigrateDatasourceDataFromDPM.ps1 -DPMServerName <DPM Server Name> -Source $disk[n] -Destination $disk[n]

Disk [n] has to be replaced by exact disk number. Once you define and executed the command DPM will start migrating data from existing disk the targeted disk. This may take some time based on the amount of disk storage.

image

Now you’ll notice in Disk Management the DPM replica and recovery point volume information which is location on Disk 1 and Disk 2 has been migrated to Disk 3. Any new recovery points for the respective data source will now be located on the new volumes on the new disk, the original volume data on Disk 1 and Disk 2 will still need to be maintained until the recovery point on them expire. Once all recovery points expire on the old disk(s), they will appear as all unallocated free space in disk management. After that we can safely remove them from the DPM storage pool.

Note: Once this task completed you may get replica inconsistent error messages. This is normal and is expected as there has been changes made to the volume and will need to be re-synchronized by running a synchronization job with consistency.

image

In the next article let me explain how can we use Azure import/ export Azure backup workload.

PS: If you don’t want to play around with PS that much and comfortable with GUI method then you’re in luck. Refer to this link where one MVP have written a PS script to do this job in GUI level.

Hybrid data backup solution with Azure Backup Server #MSOMS

When you run your workloads in different locations (on-prem & cloud) it would be tough situation how to manage data backup. Either you’ll end up using multiple backup software or else your backup vendor will assure you can manage both worlds from their tools Smile. Luckily Microsoft step-up with their hybrid data backup solution under the name tag “Azure Backup Server” In their own words “With Azure Backup Server, you can protect application workloads such as Hyper-V VMs, Microsoft SQL Server, SharePoint Server, Microsoft Exchange and Windows clients from a single console.”

Today I’ll take you through the journey of Azure Backup Server. Microsoft initially ran project with code name “Venus”. Now this is part of the OMS Suite (Operations Management Suite). For people who out there familiar with System Center Data Protection Manager think this is as DPM minus Tape drive support (and it’s free too Smile).

Most of the time I also really don’t entertain the idea of using Tape drives and I’m glad Microsoft team also carries same opinion as mine Smile. Some of the great features of Azure Backup Server service are,

Feature

Benefit

Automatic storage management

No capital expenditure is needed for on-premises storage devices. Azure Backup automatically allocates and manages backup storage, and it uses a pay-as-you-use consumption model.

Unlimited scaling

Take advantage of high availability guarantees without the overhead of maintenance and monitoring. Azure Backup uses the underlying power and scale of the Azure cloud, with its nonintrusive autoscaling capabilities.

Multiple storage options

Choose your backup storage based on need:

· A locally redundant storage block blob is ideal for price-conscious customers, and it still helps protect data against local hardware failures.

· A geo-replication storage block blob provides three more copies in a paired datacenter. These extra copies help ensure that your backup data is highly available even if an Azure site-level disaster occurs.

Unlimited data transfer

There is no charge for any egress (outbound) data transfer during a restore operation from the Backup vault. Data inbound to Azure is also free. Works with the import service where it is available.

Data encryption

Data encryption allows for secure transmission and storage of customer data in the public cloud. The encryption passphrase is stored at the source, and it is never transmitted or stored in Azure. The encryption key is required to restore any of the data, and only the customer has full access to the data in the service.

Application-consistent backup

Application-consistent backups on Windows help ensure that fixes are not needed at the time of restore, which reduces the recovery time objective. This allows customers to return to a running state more quickly.

Long-term retention

Rather than pay for off-site tape backup solutions, customers can back up to Azure, which provides a compelling tape-like solution at a low cost.

 

Even if you’re running your VM’s in VMware environment till you can leverage this backup solution. I guess high level picture will provide you’ll more sense by now Smile

azure-backup-overview

Of course in this solution we’re leveraging Azure Backup vault to retain the data. With the introduction of “Cool Storage” you can further reduce your storage cost for long term archival storage. (refer to my previous article to get more information about Cool storage”

Sounds cool and you want to get your hands dirty by trying this out? Step by step article will arrive soon. So stay tuned and hungry Smile

Reduce your cloud storage cost with “Azure Cool Blob Storage”

When I have conversation with my customers I recommend them to consider Azure storage as a best option to keep their data backup. So the rule of thumb goes up to 30 days data on-prem and rest are on the cloud (at least from my point of view)

All these times for data storage Microsoft had one storage option. But now they have introduced storage type called “Cool blob Storage” Basically this is a type with lower cost when you agree you’re not accessing the data stored on those storage accounts frequently.Example use cases for cool storage include backups, media content, scientific data, compliance and archival data. In general, any data which lives for a longer period of time and is accessed less than once a month is a perfect candidate for cool storage.

  • Cost effective: You can now store your less frequently accessed data in the Cool access tier at a low storage cost (as low as $0.01 per GB in some regions), and your more frequently accessed data in the Hot access tier at a lower access cost. For more details on regional pricing, see Azure Storage Pricing.
  • Compatibility: We have designed Blob storage accounts to be 100% API compatible with our existing Blob storage offering which allows you to make use of the new storage accounts in existing applications seamlessly.
  • Performance: Data in both access tiers have a similar performance profile in terms of latency and throughput.
  • Availability: The Hot access tier guarantees high availability of 99.9% while the Cool access tier offers a slightly lower availability of 99%. With the RA-GRS redundancy option, we provide a higher read SLA of 99.99% for the Hot access tier and 99.9% for the Cool access tier.
  • Durability: Both access tiers provide the same high durability that you have come to expect from Azure Storage and the same data replication options that you use today.
  • Scalability and Security: Blob storage accounts provide the same scalability and security features as our existing offering.
  • Global reach: Blob storage accounts are available for use starting today in most Azure regions with additional regions coming soon.

So how to create “Cool Storage”? Well not that big deal you have to log into your Azure portal and then go to “New” and select “Data + Storage” option

image

image

Under the storage account “Account kind” select “Blob storage”

image

After that you should be able to see the “Cool Storage” option,

image

By the time I’m writing this article sever data backup vendors has already started working with Microsoft to intergrade this feature with their backup products. (CommVault, Veritas NetBackup, SoftNAS, CloudBerry…etc) We would see this list growing really fast.

Azure Roadshow 2016–Colombo

Azure Cloud technology is no doubt going to be the next biggest technology roadmap to Microsoft Partners and also to customers. As a Microsoft Gold Partner in Cloud technology we all believe it’s our responsibility to share the updates with peer members and also with our customers.

With that intention we started our first Azure Roadshow align with Global Azure Bootcamp on 2015. This year we took the same step inviting all the local MVP’s to share their experience with Azure technology and how it can help customers.

Group photoDSC_0820DSC_1033DSC_0870DSC_0818DSC_0999DSC_0913DSC_0948DSC_0824DSC_0834DSC_0893DSC_0900DSC_0835

System Center Universe 2016 @ APAC

One of the best System Center summit happening around the world. As a Infront employee I’m happy to announce our company did host the event for the third time in APAC region. This time in Malaysia soon after that in Australia. All the well known System Center experts in one room sharing their knowledge. I’m glad that I got the opportunity to be among those experts and carry out two sessions.

Azure becoming key topic for developers and IT Professionals. How we can save time be leveraging templates. This is where we can leverage Azure Resource Manager Templates. Carried out a session to show how ARM really can help for IT Professionals in their journey.

Disaster recovery can be taken to next level by leveraging the Azure cloud. Delviered another session covering how Microsoft extend their love to protect VMWare customers as well Smile In this session we covered about Azure Site Recovery for HYPER-V, VMWare & Physical servers. We also demo what is “Enhanced mode for VMWare” and what that is so cool.

123SCU-2016-002SCU-2016-004SCU-2016-005SCU-2016-007SCU-2016-018SCU-2016-021SCU-2016-027SCU-2016-031SCU-2016-034SCU-2016-067SCU-2016-071SCU-2016-077SCU-2016-088SCU-2016-099SCU-2016-112SCU-2016-272

Azure Active Directory Domain Services

When it comes to identity management Active directory have a long history plus many Enterprise companies rely on it. With the shift towards cloud based solutions and public cloud wave customers and Microsoft both has to think about how they manage their end user identities.

Right now Active Directory can be extending to cloud in couple of ways,

  1. Extend Active Directory to Azure by deploying DC in Azure and replicate with on premise Domain controller
  2. Extend on premise Active Directory with Azure Active Directory.

Latest option is AADDS (Azure Active Directory Domain Services). Think this is as Active Directory born purely in cloud. Your Azure virtual machines can be joined to Azure born Active Directory service. If you’re purely cloud born company and focus on clod based application this is ideal startup for you. Apart from that still you can import your on premise directory focus application to the cloud. Azure Active Directory Domain Service provided Windows Server Active Directory compatible set of API’s and protocols, delivered as a managed Azure service. This means as part of Azure AD you can now turn on support for all the critical directory capabilities your application and server VM’s need, including Kerberos, NTLM, Group Policy and LDAP.

So with this new AADDS you’ll get the ability to take any on-premises application that depends on Windows Server Active Directory and run it in Azure Infrastructure Services without having to worry about running, maintaining or patching Active Directory Domain Controller VMs. Those tasks will be taken care from Microsoft Azure team. (Isn’t this sound cool?)

Ok let’s have a high level steps how we can enable this new service.

  1. Create a Directory Service in the Azure portal,

    Make sure your domain name is a unique name.

  2. Create the ‘AAD DC Administrators’ group – Using the Azure management portal, create a group called ‘AAD DC Administrators’ and add all users who need to be administrators on the managed domain to it. These administrators will be able to join machines to the domain and to configure group policy for the domain.

  3. Select / Create the Azure virtual network in which to enable Azure AD Domain Services – you’ll need to create Azure virtual network to be associate with the AADDS. Ensure you pick a virtual network that satisfies the following criteria:

     

  • The virtual network belongs to a region supported by Azure AD Domain Services. See the region page for details.
  • Ensure the virtual network is a regional virtual network and doesn’t use the legacy affinity groups mechanism.
  • Ensure your workloads deployed in Azure Infrastructure services are connected to this virtual network.

  1. Enable Azure AD Domain Services for your Azure AD tenant – Enabling Azure AD Domain Services for your Azure AD tenant is a simple process. Navigate to the Azure AD tenant and click on the ‘Configure’ tab of your directory. You will notice a new section titled ‘Domain Services’.

    During this time make sure to select the correct virtual network you’ve created in the Step 3. You can also select custom domain name if you’ve already completed that step previously.

    Once the provision completed from Azure side you’ll see two Azure ADDS IP address will be available for you. Don’t be surprised if you don’t see two IP address at once. It can take 20-30 minutes for the first IP address to be displayed and another 20-30 minutes for the second IP to be available.

  2. Update DNS settings for the Azure virtual network – At this point, you can set these IP addresses as the DNS servers for the virtual network in which you had enabled Azure AD Domain Services. This enables virtual machines within that virtual network to ‘see’ the domain and connect to it for domain join, LDAP, authentication etc.

  3. Enable synchronization of legacy credential hashes to Azure AD Domain Services – This is an important step that you need to complete in order to use the domain you have just created. By default, Azure AD does not store the credential hashes required for NTLM/Kerberos authentication. You need to populate these credential hashes in Azure AD so users can use them to authenticate against the domain. The steps involved in populating these hashes Azure AD Domain Services are different for cloud-only and synced tenants.

     

    Cloud-only tenants – If your organization is a cloud-only Azure AD tenant, users that need to use Azure AD Domain Services will need to change their passwords. This step causes the legacy credential hashes required by Azure AD Domain Services for Kerberos and NTLM authentication to be generated in Azure AD and populated into Azure AD Domain services. You can either expire passwords for all users in the tenant that need to use Azure AD Domain Services or instruct these end-users to change their passwords.


     

    Users can use Azure AD’s self-service password change mechanism from the Azure AD Access Panel page in order to change their passwords. After users change their password, the hashes will be populated into Azure AD Domain Services. After the population is complete, users can then login to the domain using their newly changed password. Note that this is a one-time process and subsequent password changes will work automatically with Azure AD Domain Services.

  4. Going further you’ve completed most of the steps to use the ADDS service. If you’re creating the a new VM in the creation process you can select which virtual network VM should be provision. This will help the VM to receive the relevant DNS details.

    That’s about it! Azure AD Domain Services should be configured for your Azure AD tenant. Next step is to try out few scenarios in your new tenant like adding Azure VM to domain, importing on premise application…etc. You can get few scenario ideas from here.

Talk about pricing Azure AD Domain Services are available for all SKUs of Azure AD – i.e. Free, Basic and Premium. Azure Active Directory Domain Services usage is charged per hour, based on the total number of objects in your Azure Active Directory tenant, including users, groups, and domain-joined computers. Each tier supports a certain average user workload, 

Tier/Number of directory objects 1, 2

Approximate supported user workload

Preview price 2

General availability price 2

Less than 5,000

~1,250 users

Tier not available in preview

$0.05/hr 
(~$37.20/mo)

5,001 to 25,000

~6,250 users

$0.10/hr 
(~$74.40/mo)

$0.20/hr 
(~$148.80/mo)

25,001 to 100,000

~25,000 users

Tier not available in preview

$0.40/hr 
(~$297.60/mo)

Greater than 100,000

Contact us

Tier not available in preview

Contact us