Cloud and Datacenter Management Blog

Microsoft Hybrid Cloud blogsite about Management


Leave a comment

#Microsoft Azure Migrate Assessments in Action #VMWare to #Cloud

Azure Migrate

This blogpost is about the Microsoft Azure Migrate tool in the Cloud doing Azure Migrate assessments to see if your on-premises Datacenter is ready for Azure Cloud Services. Before you migrate your workloads with Azure Migrate to the Microsoft Azure Cloud, you want to know the costs before the migration and what your options are in the transition. For example when you have hardware in your on-premises Datacenter which is too high qua hardware specs like Memory, CPU and storage and you can do with less Compute power, then the performance assessments are really interesting. From here you see a step-by-step guide for VMWare workload assessment(s) to Azure Cloud.

Azure Migrate preparation for VMware workload

When you search for ‘Azure Migrate’ in your Azure Subscription and click on the services you will see the Azure Migrate Overview screen. When you don’t have a Microsoft Azure subscription yet, you can get one here

Click on Assess and Migrate Servers.

Before we go further with the server migration assessments for VMware, there are more Azure Migration tools available to do assessments and migrations like the following goals :

 

For Databases Microsoft Azure Migrate uses the Data Migration Assistant for the Assessment and the Data migration to Azure SQL Cloud.
The Data Migration Assistant (DMA) helps you upgrade to a modern data platform by detecting compatibility issues that can impact database functionality in your new version of SQL Server or Azure SQL Database. DMA recommends performance and reliability improvements for your target environment and allows you to move your schema, data, and uncontained objects from your source server to your target server.

 

To identify the right Azure SQL Database / Managed Instance SKU for your on-premises Database you can use the CLI with a Script :

Here you find more detailed information about the Data Migration Assistant

When you have a Virtual Desktop Infrastructure on-premises and you want to migrate to Windows Virtual Desktop (WVD) you can use this Azure Migrate tool :

ISV Lakeside with SysTrack

You can vote for the tools or scenarios that you would like to be integrated with Azure Migrate via this Online form

When you are in the beginning of your Cloud Transition journey, what will go first to the Cloud?

  1. On-premises mail to Microsoft Office 365
  2. File Server Clusters to Office 365 into Teams, Onedrive for Business
  3. From Apps On-premises to SaaS or Paas solutions
  4. From On-premises Websites to Azure Cloud Solutions like Azure Web App.
  5. From SQL Clusters On-Premises to Azure SQL Managed Instances in the Cloud
  6. And at last Migrate Servers to Azure IaaS

Of course there are much more scenarios like Lift and Shift or modernize your workload in the Cloud like moving to Azure Kubernetes Services for example instead of IaaS Virtual Machines.

So when you want to start moving your On-premises Website(s) or WebApp, Microsoft Azure Migrate Services has a tool for that too :

Assess any app with an endpoint scan. Download the Migration Assistant and start your .NET and PHP app migration to Azure App Service.

Click on Assess

and from here you can plan your migration.

At last when you have to move a big enterprise On-premises Datacenter to the Azure Cloud with a lot of Servers for example 10.000, you can use Azure Data Box Migration
The Microsoft Azure Data Box cloud solution lets you send terabytes of data into Azure in a quick, inexpensive, and reliable way. The secure data transfer is accelerated by shipping you a proprietary Data Box storage device. Each storage device has a maximum usable storage capacity of 80 TB and is transported to your datacenter through a regional carrier. The device has a rugged casing to protect and secure data during the transit.

Azure Data Box

When you want to read more about Microsoft Azure Migrate go to the website.

Microsoft Azure Migrate assessment for VMware platform

First we make the Azure Migrate Project ready in the Microsoft Azure Portal.

Select the right Azure Subscription and Resource group to collect the metadata reported by your On-premises environment. Give your Migrate project a name and select the geography.

Here you can select from different Assessment Tools
Select Azure Migrate Server Assessment

Here you can select from different Migration Tools
Select Azure Migrate Server Migration

Add your Tools in the Azure Portal.

Here you see both Microsoft Azure Migrate tools for the Assessment and the Migration as well.
We are going for the Assessment quick start, so click on discover

From here we select with VMware vShere Hypervisor, so you can download the Azure Migrate Appliance for VMware ( 12GB Ova file).

You can also work with an Import CSV file but that’s Preview.

Now you can download and Install the Azure Migrate Virtual Appliance on VMware.
Follow the instructions here

When you have installed the Microsoft Azure Migrate Virtual Appliance for VMware successfully in your environment and has access to all the Virtual Machines then you can run the setup in the Appliance to make connectivity with your Azure subscription.

This will check all the prerequisites and get the updates.

Getting access to vCenter Server with the right permissions.

Now when your Azure Migrate Virtual Appliance for VMware is ready and collecting metadata, we see in the Microsoft Azure Portal the discovery running :

Discovery is in Progress.

After a view minutes we have discovered the Servers running on VMware platform On-premises.

Discovered Servers

Now we have the Servers in our metadata, we can do the Assessment(s) to get all the information we want for preparing to migrate to Azure Cloud Services. Click on Assess.

From here you give the Assessment a name and then you go to the properties of the assessment by clicking on View All

Here you can set the parameters for the assessment for example based on :

  1. Reserved instances
  2. Storage types
  3. Sizing criterion like Performance-Based
  4. Percentile Utilization
  5. Azure VM series to use
  6. Discount
  7. VM Uptime
  8. Offer pricing like Enterprise Agreement Support or Pay-As-You-Go
  9. Hybrid Benefit offer.

Here I made different Azure Migrate Assessment groups with different parameters to see the difference in Costs.

Here you see for example Migrate As Is On-Premises and Performance-Based, but also an Azure Migrate Assessment without SQL Cluster Nodes. In this way you can make your own Azure Migrate Assessment with all your Servers or just a view Servers of your On-premises solution which you want to Migrate to Azure Cloud Services.

Overview of your Azure Migrate Assessment

Server is ready for migration

 

Server Ready but with conditions

Microsoft Azure Migrate gives you all the information to make the right decisions to migrate you workload from VMware to Microsoft Azure Cloud. When the Azure Migrate Assessment(s) are ready you can make a CSV export file to check the information before you migrate.

Overview of the Azure Migrate Assessment

Azure Migrate Assessment based on Performance for the VM
and there is a separated tab for Storage.

When your assessment is done, you can do the migration by replicating them to Microsoft Azure.

Here you can see the Azure Migrate for VMware (Agentless) steps

More Microsoft Azure Feature resources :

Dependency mapping helps you to visualize dependencies across machines

Setup Agentless Dependency visualization for assessment (Preview) 

Assess the readiness of a SQL Server data estate migrating to Azure SQL Database using the Data Migration Assistant

Conclusion

Microsoft Azure Migrate gives you insight information about your own On-Premises Datacenter by doing assessments to get the right migration information to move to Microsoft Azure Cloud. It gives you Azure Cloud costs before you do any migration at all, based on Total Cost of Owner (TCO) ship you can calculate if your solution in the Microsoft Azure Cloud is cheaper or not. Realize that’s it is not always about the money but also :

  • Innovations
  • Time to market
  • New Features
  • Flexibility
  • Scalability
  • Availability
  • Not owning hardware anymore
  • Less management (Hardware)

Hope this blog post helps you by your transition journey to Microsoft Azure Cloud


Leave a comment

Backup – Restore – DR strategy in a Fast changing World #Data #Management

The world of data is moving and changing a lot with new IT technologies coming up like leaves on a tree.
Data is everywhere, on Servers, workstations, BYOD Devices in the Cloud but how do you keep your data save and protected for your business today and in the future? There are a lot of reasons why you should Backup your data :

  • One of your employees accidentally deleted important files for example.
  • Your data got compromised by a virus.
  • Your Server crashed
  • You have to save your data for a period of time by Law
  •  And there will be more reasons why you should do backup…………….

A lot of Enterprise organizations are moving to the Cloud with workloads for the Business, but how is your Backup and Disaster Recovery managed today? A lot of data transitions are made but what if your Backup and Disaster Recovery solution is out dated or reaching end of Life? You can have a lot of Questions like :

  • What data should I backup?
  • Should I just upgrade the Backup Solution?
  • How can I make my Data Management Backup -DR Solution Cheaper and ready for the future?
  • How can I make my new Backup-DR Solution independent? ( Vendor Lockin)

And there will be more questions when you are in this scenario where you have to renew your Backup – DR Solution.
Here we have the following Great Backup Solution from 2014 :

Offsite Microsoft DPM Backup Solution since 2014

Here we have 3 System Center Data Protection Manager Backup Pods with a Tape library and One DPM pod connected with a Microsoft Azure Backup Vault in the Cloud. You do the Security updates and the Rollups for Windows Server 2012 R2 and System Center Data Protection Manager 2012 to keep the Solution save and running.

Long Time Protection to Tape

DPM 2012 Server with direct attached Storage for Short time protection

The four DPM Backup Pods have the same Storage configuration for short time protection with a retention time of 15 days. After that Longtime protection is needed with Backup to tape and Backup to Microsoft Azure Backup Vault.
Since 2014 the Backup data is depending on these solution configurations.

Tape Management cost a lot of time and money

The fourth DPM Backup pod got a Azure Backup Vault in the Cloud to save Tape Management time.

DPM Backup to Microsoft Azure Cloud Backup Vault.

So this is the Start of the Journey to a New Data Management Backup – DR Solution transformation. The next Couple of weeks I will search for the different scenarios and solutions on the Internet and talk with the Community looking for Best Practices. I will do Polls on Social Media and a Serie of blogposts for the Data Management Backup – DR Solution to keep the business continuity.

Magic Quadrant for Data Center Backup and Recovery Solutions

Will it be a Cloud Backup – DR Solution?
Will it be a Hybrid Cloud Backup – DR Solution?
Everything in One Management Console?
Or More then One Backup -DR Solution for the right Job?

We will see what the journey will bring us based on Best Practices  😉


Leave a comment

#Microsoft Azure Security Center Overview #Cloud #Security #HybridCloud #Azure

Microsoft Azure Security Center provides unified security management and advanced threat protection across hybrid cloud workloads. With Security Center, you can apply security policies across your workloads, limit your exposure to threats, and detect and respond to attacks.

You can select an existing Log Analytics workspace to store data collected by Security Center. To use your existing Log Analytics workspace:
• The workspace must be associated with your selected Azure subscription.
• At a minimum, you must have read permissions to access the workspace.

You can edit the default security policy for each of your Azure subscriptions in Security Center. To modify a security policy, you must be an owner, contributor, or security administrator of the subscription. To configure security policies in Security Center, do the following:
1. Sign in to the Azure portal.
2. On the Security Center dashboard, under General, select Security policy.
3. Select the subscription that you want to enable a security policy for.
4. In the Policy Components section, select Security policy.
This is the default policy that’s assigned by Security Center. You can turn on or off the available security recommendations.
5. When you finish editing, select Save.

Here you find more on Set security policies in Azure Security Center

Some policies need the upgrade Enhanced Security

Contact information for Notifications

Azure Security Center provides unified security management and advanced threat protection for workloads running in Azure, on-premises, and in other clouds. It delivers visibility and control over hybrid cloud workloads, active defenses that reduce your exposure to threats, and intelligent detection to help you keep pace with rapidly evolving cyber attacks.
Pricing tiers
Security Center is offered in two tiers:
The Free tier is automatically enabled on all Azure subscriptions, and provides security policy, continuous security assessment, and actionable security recommendations to help you protect your Azure resources.
The Standard tier extends the capabilities of the Free tier to workloads running in private and other public clouds, providing unified security management and threat protection across your hybrid cloud workloads. The Standard tier also adds advanced threat detection capabilities, which uses built-in behavioral analytics and machine learning to identify attacks and zero-day exploits, access and application controls to reduce exposure to network attacks and malware, and more. The Standard tier is free for the first 60 days. Read here more…….

What are OS Security Configurations?
Azure Security Center monitors security configurations using a set of over 150 recommended rules for hardening the OS, including rules related to firewalls, auditing, password policies, and more. If a machine is found to have a vulnerable configuration, a security recommendation is generated.
Customization of the rules can help organizations to control which configuration options are more appropriate for their environment. This feature enables users to set a customized assessment policy and apply it on all applicable machines in the subscription.

Note
• Currently OS Security Configuration customization is available for Windows Server 2008, 2008R2, 2012, 2012R2 operating systems only.
• The configuration applies to all VMs and computers connected to all workspaces under the selected subscription.
• OS Security Configuration customization is available only on Security Center’s Standard tier.

Download the Baseline configuration JSON file

You can make a Custom Baseline with Visual Studio Code and Upload to Azure

Microsoft Azure Security Center QuickStart :

Configure Security Policy

Managing security recommendations in Azure Security Center

Security health monitoring in Azure Security Center

Managing and responding to security alerts in Azure Security Center

Documentation :

Microsoft Azure Security Center Documentation 

Microsoft Azure Security Center Forum

Planning guide
This guide covers a set of steps and tasks that you can follow to optimize your use of Security Center based on your organization’s security requirements and cloud management model. To take full advantage of Security Center, it is important to understand how different individuals or teams in your organization use the service to meet secure development and operations, monitoring, governance, and incident response needs. The key areas to consider when planning to use Security Center are:

Security Roles and Access Controls
Security Policies and Recommendations
Data Collection and Storage
Ongoing non-Azure resources
Ongoing Security Monitoring
Incident Response

Here you will learn how to plan for each one of those areas and apply those recommendations based on your requirements.

All Events view in Azure Security Center

Upgrade to standard Tier for Hybrid Security

Search with analytics

Queries can be used to search terms, identify trends, analyze patterns, and provide many other insights based on your data.

Have a look and play with Azure Log Analytics.

Getting Started with the Analytics Portal

in this tutorial you will learn to write Azure Log Analytics queries. When completing this tutorial you will know how to:

  • Understand queries’ structure
  • Sort query results
  • Filter query results
  • Specify a time range
  • Select which fields to include in the results
  • Define and use custom fields
  • Aggregate and group results

Getting Started with Queries

Azure Security Center gives you Recommendations

For example to Encrypt your Virtual Machines in Azure with a Link

Integrated Azure security solutions
Security Center makes it easy to enable integrated security solutions in Azure. Benefits include:

Simplified deployment: Security Center offers streamlined provisioning of integrated partner solutions. For solutions like antimalware and vulnerability assessment, Security Center can provision the needed agent on your virtual machines, and for firewall appliances, Security Center can take care of much of the network configuration required.
Integrated detections: Security events from partner solutions are automatically collected, aggregated, and displayed as part of Security Center alerts and incidents. These events also are fused with detections from other sources to provide advanced threat-detection capabilities.
Unified health monitoring and management: Customers can use integrated health events to monitor all partner solutions at a glance. Basic management is available, with easy access to advanced setup by using the partner solution.

More on Integrated Azure Security Solutions

Compute Security Overview

Compute Security and Components view

Networking Security Overview

Storage & Data Security Overview

Identity and Access Overview in Azure Security Center

Application Whitelisting

Just in time virtual machine (VM) access can be used to lock down inbound traffic to your Azure VMs, reducing exposure to attacks while providing easy access to connect to VMs when needed.

Attack scenario
Brute force attacks commonly target management ports as a means to gain access to a VM. If successful, an attacker can take control over the VM and establish a foothold into your environment.

One way to reduce exposure to a brute force attack is to limit the amount of time that a port is open. Management ports do not need to be open at all times. They only need to be open while you are connected to the VM, for example to perform management or maintenance tasks. When just in time is enabled, Security Center uses Network Security Group (NSG) rules, which restrict access to management ports so they cannot be targeted by attackers.

More on Just in Time Virtual Machine

Security Alerts

Azure Security Center’s advanced detection capabilities, helps you identify active threats targeting your Microsoft Azure resources and provides you with the insights needed to respond quickly

More on Azure Security Center detection capabilities

Custom Alert Rules

What are custom alert rules in Security Center?

Security Center has a set of predefined security alerts, which are triggered when a threat, or suspicious activity takes place. In some scenarios, you may want to create a custom alert to address specific needs of your environment.

Custom alert rules in Security Center allow you to define new security alerts based on data that is already collected from your environment. You can create queries, and the result of these queries can be used as criteria for the custom rule, and once this criteria is matched, the rule is executed. You can use computers security events, partner’s security solution logs or data ingested using APIs to create your custom queries.

More information about Custom Alert Rules in Azure Security Center

Threat Intelligence

Azure Security Center Playbooks

What is security playbook in Security Center?
Security playbook is a collection of procedures that can be executed from Security Center once a certain playbook is triggered from selected alert. Security playbook can help to automate and orchestrate your response to a specific security alert detected by Security Center. Security Playbooks in Security Center are based on Azure Logic Apps, which means you can use the templates that are provided under the security category in Logic Apps templates, you can modify them based on your needs, or you can create new playbooks using Azure Logic Apps workflow, and using Security Center as your trigger.

More on Azure Security Center Playbook

Hope this Microsoft Azure Security Center Overview will help to make your Hybrid IT more Secure !


Leave a comment

#Microsoft MAP Toolkit 9.6 Now Available! #Winserv #SQL2016 #Azure #Office365 #Cloud #Tool

maptoolkit-9-6

Microsoft MAP Toolkit 9.6

The Microsoft Assessment and Planning Toolkit (MAP) is an agentless, automated, multi-product planning and assessment tool for quicker and easier desktop, server and cloud migrations. MAP provides detailed readiness assessment reports and executive proposals with extensive hardware and software information, and actionable recommendations to help organizations accelerate their IT infrastructure planning process, and gather more detail on assets that reside within their current environment. MAP also provides server utilization data for Hyper-V server virtualization planning; identifying server placements, and performing virtualization candidate assessments. More information about MAP Toolkit can you find here

Software Requirements:
        • Operating system. Any of the following:
          • Windows 10 (Professional, Enterprise and Ultimate editions only)
          • Windows 8.1 (Professional and Enterprise editions only)
          • Windows 8 (Professional and Enterprise editions only)
          • Windows 7 with Service Pack 1 (Professional, Enterprise, and Ultimate editions only)
          • Windows Server 2012 R2
          • Windows Server 2012
          • Windows Server 2016
          • Windows Server 2008 R2 with Service Pack 1
        • .NET Framework 4.5 (download from http://go.microsoft.com/fwlink/?LinkId=389161)
        • Installation of all updates for the operating system. Note: In some cases updates may not install automatically. To download updates for your computer manually, go to http://update.microsoft.com/.
        • By default, the MAP Toolkit will install SQL Server 2012 Express LocalDB during setup. You may also use an existing installation of SQL Server 2008, SQL Server 2008 R2, or SQL Server 2012 if you create an instance named “MAPS” before running the MAP Toolkit installer. The MAP Toolkit requires the collation order of the database engine to be set to “SQL_Latin1_General_CP1_CI_AS”.

Notes:

        • Some of these prerequisites require restarting your computer. You may have to restart multiple times if all the prerequisites are not met prior to running Microsoft Assessment and Planning Toolkit setup.

Scenario-dependent requirements:

    • For machines that will be used to run the Forefront Endpoint Protection Usage Tracking, Lync Usage Tracking, Exchange Server Usage Tracking, or Volume Licensing scenarios, please note: PowerShell 2.0 or higher must be installed.
    • For machines that will be used to collect Oracle schema information, please note: The 64 bit Oracle client must be installed on the MAP machine to collect the schema information. If the 64 bit client is not installed, MAP will only be able to collect instance information. MAP will not collect schema information if the 32 bit Oracle client is installed.

windows-server-2016-assessment

Export results in Excel for Windows Server 2016 Assessment Example

azure-virtual-machine-sizing

Microsoft Azure Virtual Machine Sizing Example in Excel

map-toolkit-training

With MAP Toolkit Training available 😉

You can download MAP Toolkit 9.6 here

microsoft-mvp-cdm-azure-advisor-banner


Leave a comment

Happy Holidays and Thank you ! #MSOMS #Azure #AzureStack #Hyperv #Sysctr #HybridCloud

merry-christmas-and-happy-new-year-2017

Thank you for following me @Jamesvandenberg
Thank you Community 😉
Thank you Microsoft
Wish you all the Best !
#MVPbuzz


Leave a comment

#Microsoft #Linux Integration Services Version 4.1 for #HyperV Available

HyperV Linux Integration

Linux Integration Services (LIS) 4.1 allows Linux guests to use Hyper-V virtualization on the following host operating systems:

 Windows Server 2008 R2 (applicable editions)

 Microsoft Hyper-V Server 2008 R2

 Windows 8 Pro and 8.1 Pro

 Windows Server 2012 and 2012 R2

 Microsoft Hyper-V Server 2012 and 2012 R2

 Windows Server Technical Preview

 Microsoft Hyper-V Server Technical Preview

 Microsoft Azure.

Current version: 4.1.0 Please refer to the Linux Virtual Machines on Hyper-V topics for up to date information on the LIS feature set, all supported Linux distributions, availability and download locations.

New with Linux Integration Services 4.1:

•Expanded Releases: now applicable to Red Hat Enterprise Linux, CentOS, and Oracle Linux with Red Hat Compatible Kernel versions 5.2, 5.3, 5.4, and 7.2.

•Hyper-V Sockets.
•Manual Memory Hot Add.
•SCSI WNN.
•lsvmbus.
•Uninstallation scripts.

When installed in a supported Linux virtual machine running on Hyper-V, the Linux Integration Services provide:

•Driver support: Linux Integration Services supports the network controller and the IDE and SCSI storage controllers that were developed specifically for Hyper-V.

•Fastpath Boot Support for Hyper-V: Boot devices now take advantage of the block Virtualization Service Client (VSC) to provide enhanced performance.

•Time Keeping: The clock inside the virtual machine will remain accurate by synchronizing to the clock on the virtualization server via Timesync service, and with the help of the pluggable time source device.

•Integrated Shutdown: Virtual machines running Linux can be shut down from either Hyper-V Manager or System Center Virtual Machine Manager by using the “Shut down” command.

•Symmetric Multi-Processing (SMP) Support: Supported Linux distributions can use multiple virtual processors per virtual machine. The actual number of virtual processors that can be allocated to a virtual machine is only limited by the underlying hypervisor.

•Heartbeat: This feature allows the virtualization server to detect whether the virtual machine is running and responsive.

•KVP (Key Value Pair) Exchange: Information about the running Linux virtual machine can be obtained by using the Key Value Pair exchange functionality on the Windows Server 2008 virtualization server.

•Integrated Mouse Support: Linux Integration Services provides full mouse support for Linux guest virtual machines.

•Live Migration: Linux virtual machines can undergo live migration for load balancing purposes.

•Jumbo Frames: Linux virtual machines can be configured to use Ethernet frames with more than 1500 bytes of payload.

•VLAN tagging and trunking: Administrators can attach single or multiple VLAN ids to synthetic network adapters.

•Static IP Injection: Allows migration of Linux virtual machines with static IP addresses.

•Linux VHDX resize: Allows dynamic resizing of VHDX storage attached to a Linux virtual machine.

•Synthetic Fibre Channel Support: Linux virtual machines can natively access high performance SAN networks.

•Live Linux virtual machine backup support: Facilitates zero downtime backup of running Linux virtual machines.

•Dynamic memory ballooning support: Improves Linux virtual machine density for a given Hyper-V host.

•Synthetic video device support: Provides improved graphics performance for Linux virtual machines.

•PAE kernel support: Provides drivers that are compatible with PAE enabled Linux virtual machines.

Here you can download Linux Integration Services Version 4.1 for Hyper-V 

Hyperv and Linux

 


Leave a comment

Wish you all Merry Christmas & Happy New Innovative Year 2016 !

Merry Christmas and Happy New Year

Wow a lot has happened in 2015, I don’t even know where to begin with a recap of 2015 in a Mobile and Cloud first world ! What I have learned that’s it’s all about
applications on your Mobile Phone, Tablet, or any Device to Work, Learn in any environment you want. Sharing Microsoft technology with the Community and in Education via Social media is what I love to do on a daily bases. I hope you enjoyed the information in 2015 with Microsoft Products like :

I wish you all a Healthy Life and a lot of Success in 2016 !

Microsoft is transforming Datacenters with New Technology and making Hybrid Cloud possible for your Applications.
What I personally like is the Microsoft Hololens this is something different, but very Cool to be in a Virtual Reality World with
awesome possibilities in 2016 and in the Future 🙂

Thank you Community, Followers, Microsoft Product Teams, MVP Award Program, MVP’s, Developers, ITpro’s, Students, for Sharing !

Best Regards, James van den Berg.

System Center 2016 TP4Windows Server 2016 TP4nanoserver

Microsoft Azure Banner