The world of data is moving and changing a lot with new IT technologies coming up like leaves on a tree.
Data is everywhere, on Servers, workstations, BYOD Devices in the Cloud but how do you keep your data save and protected for your business today and in the future? There are a lot of reasons why you should Backup your data :
One of your employees accidentally deleted important files for example.
Your data got compromised by a virus.
Your Server crashed
You have to save your data for a period of time by Law
And there will be more reasons why you should do backup…………….
A lot of Enterprise organizations are moving to the Cloud with workloads for the Business, but how is your Backup and Disaster Recovery managed today? A lot of data transitions are made but what if your Backup and Disaster Recovery solution is out dated or reaching end of Life? You can have a lot of Questions like :
What data should I backup?
Should I just upgrade the Backup Solution?
How can I make my Data Management Backup -DR Solution Cheaper and ready for the future?
How can I make my new Backup-DR Solution independent? ( Vendor Lockin)
And there will be more questions when you are in this scenario where you have to renew your Backup – DR Solution.
Here we have the following Great Backup Solution from 2014 :
Offsite Microsoft DPM Backup Solution since 2014
Here we have 3 System Center Data Protection Manager Backup Pods with a Tape library and One DPM pod connected with a Microsoft Azure Backup Vault in the Cloud. You do the Security updates and the Rollups for Windows Server 2012 R2 and System Center Data Protection Manager 2012 to keep the Solution save and running.
Long Time Protection to Tape
DPM 2012 Server with direct attached Storage for Short time protection
The four DPM Backup Pods have the same Storage configuration for short time protection with a retention time of 15 days. After that Longtime protection is needed with Backup to tape and Backup to Microsoft Azure Backup Vault.
Since 2014 the Backup data is depending on these solution configurations.
Tape Management cost a lot of time and money
The fourth DPM Backup pod got a Azure Backup Vault in the Cloud to save Tape Management time.
DPM Backup to Microsoft Azure Cloud Backup Vault.
So this is the Start of the Journey to a New Data Management Backup – DR Solution transformation. The next Couple of weeks I will search for the different scenarios and solutions on the Internet and talk with the Community looking for Best Practices. I will do Polls on Social Media and a Serie of blogposts for the Data Management Backup – DR Solution to keep the business continuity.
Will it be a Cloud Backup – DR Solution?
Will it be a Hybrid Cloud Backup – DR Solution?
Everything in One Management Console?
Or More then One Backup -DR Solution for the right Job?
We will see what the journey will bring us based on Best Practices 😉
Microsoft Azure Cloud Services is evolving really fast with New solutions and features every day for your business. In the following step-by-step guide we will see all the options and features when you create a virtual machine in the Azure Cloud. For this you need a Microsoft Azure subscription to start. When you are in the Azure Portal you begin with + Create a Resource and from there you see all the create items. Click on Computeand you will see the picture above what you can create. I’m going to create a Windows Server 2019 datacenter edition Virtual Machine in the Microsoft Azure Cloud. In the Azure Portal is a step by step wizard to help you with your choices.
Basic tab
We start by selecting the right Azure subscription ( if you have Multiple) like a Hub-Spoke model design
you can choose for your deployment. Then select a Resource Group or Create New. I made a new Resource Group called RSG-Winserv.
When you go further down, you must give your Virtual Machine a name and select the Microsoft Azure region where your VM will run. I Choose West Europe because I life in the Netherlands. For availability options of the Virtual Machine you can choose out of three options :
No infrastructure redundancy required
Availability zone
Availability set
Availability Zones is a high-availability offering that protects your applications and data from datacenter failures. Availability Zones are unique physical locations within an Azure region. Each zone is made up of one or more datacenters equipped with independent power, cooling, and networking
An Availability Set is a logical grouping capability that you can use in Azure to ensure that the VM resources you place within it are isolated from each other when they are deployed within an Azure datacenter. Azure ensures that the VMs you place within an Availability Set run across multiple physical servers, compute racks, storage units, and network switches
Microsoft Azure got a lot of software operating images, I installed Windows Server 2019 Datacenter but have a look at Browse all Public and Private images :
Small Disk Images
More images like Kali and Red Hat
The next step is the VM Size, the “hardware” requirements of the Virtual Machine. When you choose your VM size you have to know the possibilities and feature set of the Virtual Machine. This articledescribes the available sizes and options for the Azure virtual machines you can use to run your Windows apps and workloads. It also provides deployment considerations to be aware of when you’re planning to use these resources.
Here is Microsoft Azure showing 250 different VM sizes
In this window you see the following items of the Virtual Machine specs :
VM Size
Offering
Family
vCPUs
Memory RAM
Data Disks
Max IOPS
Temporary Storage
Premium Disks (Yes or No)
Cost / Month Estimated
So pick the right VM Size for your solution to do the job.
Allow Public Internet Inbound Port Rules
If you need this for example a website, then you can set it right away, but you can set it on None and change the Network Security Group (NSG) or Azure App Gateway or Azure Firewall later and keep it Closed for now. I will show this in the NSG later to get RDP access.
Hybrid Benefit
You can enable great savings in Azure with Windows Server Software Assurance by using Azure Hybrid Benefit for Windows Server. Azure Hybrid Benefit for Windows Server allows you to use your on-premises Windows Server licenses and run Windows virtual machines in Microsoft Azure at a reduced cost (i.e. at Linux rates). You can use your licenses for Windows Server 2008 R2, Windows Server 2012, Windows Server 2012 R2, and Windows Server 2016. The Azure Hybrid Benefit for Windows Server is applicable to Windows Server Standard and Datacenter editions as well as other versions obtained via custom images. With Azure Hybrid Benefit for Windows Server, you can save 40 percent or more1 on Windows Server virtual machines by paying only the base compute2 rates—adding value to your Software Assurance investments. The benefit is available across all Azure regions. Read more here
Disks tab
Disk storage is important for performance, that’s why you can choose for Standard HDD, Standard SSD or
Premium SSD for your OS Disk. When your server need a Data disk, you can add it here or later on.
Here you can read more on Managed disks What disk types are available in Azure?
Networking tab
Here you create your Virtual Network / subnet with a public IP. You can see here when you choose for a specific Virtual machine, you can not use accelerated networking because It’s not supported by the VM size selection.
Here you can choose for a Load Balancer or a Application Gateway
Azure Application Gatewayis a web traffic load balancer that enables you to manage traffic to your web applications. Traditional load balancers operate at the transport layer (OSI layer 4 – TCP and UDP) and route traffic based on source IP address and port, to a destination IP address and port.
Azure Application Gateway
With Azure Load Balancer, you can scale your applications and create high availability for your services. Load Balancer supports inbound and outbound scenarios, provides low latency and high throughput, and scales up to millions of flows for all TCP and UDP applications.
Load Balancer distributes new inbound flows that arrive on the Load Balancer’s frontend to backend pool instances, according to rules and health probes.
Additionally, a public Load Balancer can provide outbound connections for virtual machines (VMs) inside your virtual network by translating their private IP addresses to public IP addresses.
Azure Load Balancer is available in two SKUs: Basic and Standard. There are differences in scale, features, and pricing. Any scenario that’s possible with Basic Load Balancer can also be created with Standard Load Balancer, although the approaches might differ slightly. As you learn about Load Balancer, it is important to familiarize yourself with the fundamentals and SKU-specific differences.
Management tab
When you have deployed your virtual machine, you want to manage it like monitoring and backup for example.
You can do these options also after the Virtual Machine deployment.
Backup of the Virtual Machine can be added when you deploy the VM.
I have a existing Backup Vault called WACvault1
From here you can create your own backup recovery Vault with your Own backup policy and retention times.
The feature provides Azure services with an automatically managed identity in Azure AD. You can use the identity to authenticate to any service that supports Azure AD authentication, including Key Vault, without any credentials in your code. What is managed identities for Azure resources?
Advanced tab
In the advanced tab you can select extensions for your Virtual Machine. These are add-ons and will installed during the deployment. You can now also select Gen 2 VM in Preview. Microsoft Azure has a lot of extensions for your Virtual machine :
List of extensions for your VM
Click on Create for adding Microsoft Antimalware on your VM
Select the options and exclusions
Tags tab
Here you can Tag your deployment
After you apply tags, you can retrieve all the resources in your subscription with that tag name and value. Tags enable you to retrieve related resources from different resource groups. This approach is helpful when you need to organize resources for billing or management. Read more on Tags here
At this moment the validation has passed for deployment with all your settings, but don’t forget to have a look at “Download a template for Automation” before you hit Create.
Here you can download or save the JSON ARM Template
When you you go Back and click on Create the Virtual Machine, this will deploy the VM in Minutes.
The following Azure items are deployed in RSG-Winserv
Now your Virtual Machine is deployed in Microsoft Azure Cloud and is running, you can have a look at all the features of the Virtual Machine in the Portal.
To connect to the Virtual Machine you have to Manage access for your RDP session via the NSG in my case:
Double click on the NSG
I added a new rule to give my IP-address access to the VM
From here you can access the Windows Server 2019 Datacenter Virtual Machine in Microsoft Azure Cloud.
Management of your Virtual Machine
When your Azure Virtual Machine with Windows Server 2019 is running, you want to monitor the VM and see what is happening inside the Virtual Machine. Azure Monitor Insights can help you with this.
Health State of the VM
Connections
When Microsoft Azure Monitoring is on and running you want have important alerts on your Mobile by sms or
via E-mail notification to take action.
Alerts on Winserv2019 VM
High CPU Alert
Here we make an Alert about the CPU which is going higher then 80% average.
Making an Action group for email notification of the Alert
Action Group made
Alert made for the VM
Alert details
Alert rule is set and running for this Virtual Machine.
Conclusion
You can create every virtual machine you want for your business, Windows Server or Linux..
You can mange your own performance for the VM on demand by selecting the right VM Size.
You can set Networking and High Availability
You can set Disk Performance for your IOPS
You can configure your management settings and dashboard for Monitoring.
Security can be set on different levels.
Backup of the Virtual Machine can be set with the right policy before deployment.
and more…….
And keep watching your Azure Advisor for better changes :
New Advise will come !
and of course there are more features and options on this Virtual Machine, Have a look :
To be the first with the Microsoft Windows Insiders Community testing all the New features is awesome to do!
I’m a Windows Insider since October 1st, 2014 and I like to see every week what’s new? In the Feedback HUB Preview you can Follow other Windows Insiders and see the Challenges and features requests. From there you can give them feedback or vote for the new features.
Windows Insiders Feed Back HUB
To become a Microsoft Windows Insider, you have to register your self here : BECOME AN INSIDER
In the Windows Insiders HUB you find also the New announcements of the Preview Build versions. Microsoft Windows Insiders also have a blogsite here to follow:
When you are active in the Microsoft Windows Insiders Community you can Earn badges and Learn a lot of the New Features Microsoft releases every week. This gives you always a step a head and It’s fun 🚀😎👍
Earning Badges
It’s not only the Windows 10 Insiders program but also Windows Server Insiders or Microsoft Edge Insiders
Here you find more information :
Save Profiles.json and you will see that the background will be Awesome in Ubuntu Terminal :
How Awesome is this !! 😎🚀👍
Conclusion:
I Love my Hobby and my Hobby is my Work !
The Microsoft Windows Insiders Program is Awesome together with the Community to make Windows a Great product for everyone.
When you install Azure Virtual Machines or Kubernetes Clusters in the Microsoft Cloud, It’s important to monitor your workload and keep your IT department in Control for the Business. Metric alerts in Azure Monitor work on top of multi-dimensional metrics. These metrics could be platform metrics, custom metrics, popular logs from Azure Monitor converted to metrics and Application Insights metrics.
IT Department of a company has most of the time different teams with each having it’s own responsibility of workloads in the Microsoft Cloud. For example, the Servicedesk is supporting the Business and they like to see if all the Services are up and running for the Business. The Infrastructure Team wants the same, but on deep level components of the Services like Memory, Network, Storage, CPU, Performance, Availability and more. The Technical Application Team is interested if the application is running and working with all the Interfaces, Databases, and/or Azure Pipelines.
Each Team can build there own Azure Dashboard(s) in the Microsoft Cloud.
Here I Have made an easy example of my Windows Server 2019 Virtual Machines and my Azure Kubernetes Cluster in One Microsoft Azure Dashboard :
You can Start from Azure Monitor Metrics
Or you can Start from the Virtual Machine Blade here.
When you have your Azure Monitor metrics ready with the right information then you can create it in your Azure Dashboard for your Team.
Select another Dashboard.
Create your Own Dashboard.
Now we have the first VM with CPU percentage in the Azure Dashboard.
Here I have added More Virtual Machines to the Same Metric Chart.
When you have Azure Kubernetes Cluster to monitor :
From here you can Add Container Insights information into your Azure Dashboard :
Adding Azure Monitor Container Insights of KubeCluster01
The Azure Monitor Container Insights logs for your Dashboard information, with Pin to Dashboard.
Azure Monitor for containers is a feature designed to monitor the performance of container workloads deployed to either Azure Container Instances or managed Kubernetes clusters hosted on Azure Kubernetes Service (AKS). Monitoring your containers is critical, especially when you’re running a production cluster, at scale, with multiple applications.
Azure Monitor for containers gives you performance visibility by collecting memory and processor metrics from controllers, nodes, and containers that are available in Kubernetes through the Metrics API. Container logs are also collected. After you enable monitoring from Kubernetes clusters, these metrics and logs are automatically collected for you through a containerized version of the Log Analytics agent for Linux and stored in your Log Analytics workspace.
Install AKS-Preview extension via Azure Cloudshell
NOTE ! This is a Preview blogpost, do not use in production! (only for test environments)
To create an AKS cluster that can use multiple node pools and run Windows Server containers, first enable the WindowsPreview feature flags on your subscription. The WindowsPreview feature also uses multi-node pool clusters and virtual machine scale set to manage the deployment and configuration of the Kubernetes nodes. Register the WindowsPreview feature flag using the az feature register command as shown in the following example:
I Have registered the following Preview Features from the Azure CloudShell :
az feature register –name WindowsPreview –namespace Microsoft.ContainerService
az feature register –name MultiAgentpoolPreview –namespace Microsoft.ContainerService
az feature register –name VMSSPreview –namespace Microsoft.ContainerService
This will take a few minutes and you can check the registration with the following command :
az feature list -o table –query “[?contains(name, ‘Microsoft.ContainerService/WindowsPreview’)].{Name:name,State:properties.state}”
When ready, refresh the registration of the Microsoft.ContainerService resource provider using the az provider register command:
Creating Azure Kubernetes Cluster
First you create a Resource Group in the right Azure Region for your AKS Cluster to run:
az group create –name myResourceGroup –location eastus
I created Resource Group KubeCon in location West-Europe.
Creating KubeCluster
With the following CLI command in Azure Cloudshell, I created the Kubernetes Cluster with a single node:
The Azure Kubernetes Cluster “KubeCluster”is created in the resource group “KubeCon” in a view minutes.
Adding a Windows Pool
Adding a Windows Server Node Pool
By default, an AKS cluster is created with a node pool that can run Linux containers. Use az aks nodepool add command to add an additional node pool that can run Windows Server containers.
az aks nodepool add –resource-group KubeCon –cluster-name KubeCluster –os-type Windows –name pool02 –node-count 1 –kubernetes-version 1.14.0
I added the Windows Server Pool via the Azure Portal.
When this has finished, we have an Azure Kubernetes Cluster with Multi node Pools for Linux and Windows Server Containers :
Pools for Linux and Windows Server Containers
The following will be created in Microsoft Azure too :
VNET, NSG and Virtual Machine Scale Set (VMSS)
Azure Monitor for containers is a feature designed to monitor the performance of container workloads deployed to either Azure Container Instances or managed Kubernetes clusters hosted on Azure Kubernetes Service (AKS). Monitoring your containers is critical, especially when you’re running a production cluster, at scale, with multiple applications.
Azure Monitor for containers gives you performance visibility by collecting memory and processor metrics from controllers, nodes, and containers that are available in Kubernetes through the Metrics API. Container logs are also collected. After you enable monitoring from Kubernetes clusters, these metrics and logs are automatically collected for you through a containerized version of the Log Analytics agent for Linux and stored in your Log Analytics workspace.
Container Insights Monitoring of the Linux Node
Container Insights Monitoring of the Windows Server Node
Azure Cloud Shell is an interactive, browser-accessible shell for managing Azure resources. It provides the flexibility of choosing the shell experience that best suits the way you work. Linux users can opt for a Bash experience, while Windows users can opt for PowerShell.
In this quick overview you will see the possibilities of Microsoft Azure Cloudshell functionalities and tools.
Azure Cloudshell Editor
Azure Cloud Shell includes an integrated file editor built from the open-source Monaco Editor. The Cloud Shell editor supports features such as language highlighting, the command palette, and a file explorer.
This can be handy with JSON and YAML files.
When you have your App YAML file for your Azure Kubernetes Cluster on your Cloud drive, you can edit the file online with your browser and save it in the Azure Cloud. I like this editor in the Cloudshell, especially when you are not behind your own laptop or pc and you have to make a quick change.
I have a Kubernetes Cluster installed on Azure and with this editor I can explore my Azure logs, Cache, and config files for the information I need to work with in Bash, Powershell to do my CLI commands for example 😉
For the Powershell Gurus
Azure PowerShell provides a set of cmdlets that use the Azure Resource Manager model for managing your Azure resources. Learn here more about Azure Powershell
Kubectl is a command line interface for running commands against Kubernetes clusters. kubectl looks for a file named config in the $HOME/.kube directory. You can specify other kubeconfig files by setting the KUBECONFIG environment variable or by setting the –kubeconfig flag. Read here more about Kubectl
Terraform CLI is Available
What is Terraform?
Terraform is a tool for building, changing, and versioning infrastructure safely and efficiently. Terraform can manage existing and popular service providers as well as custom in-house solutions.
Configuration files describe to Terraform the components needed to run a single application or your entire datacenter. Terraform generates an execution plan describing what it will do to reach the desired state, and then executes it to build the described infrastructure. As the configuration changes, Terraform is able to determine what changed and create incremental execution plans which can be applied.
The infrastructure Terraform can manage includes low-level components such as compute instances, storage, and networking, as well as high-level components such as DNS entries, SaaS features, etc.
The key features of Terraform are:
Infrastructure as Code
Infrastructure is described using a high-level configuration syntax. This allows a blueprint of your datacenter to be versioned and treated as you would any other code. Additionally, infrastructure can be shared and re-used.
Execution Plans
Terraform has a “planning” step where it generates an execution plan. The execution plan shows what Terraform will do when you call apply. This lets you avoid any surprises when Terraform manipulates infrastructure.
Resource Graph
Terraform builds a graph of all your resources, and parallelizes the creation and modification of any non-dependent resources. Because of this, Terraform builds infrastructure as efficiently as possible, and operators get insight into dependencies in their infrastructure.
Change Automation
Complex changesets can be applied to your infrastructure with minimal human interaction. With the previously mentioned execution plan and resource graph, you know exactly what Terraform will change and in what order, avoiding many possible human errors.
It’s really easy to Upload or Download your Files.
AzCopyis a command-line utility designed for copying data to/from Microsoft Azure Blob, File, and Table storage, using simple commands designed for optimal performance. You can copy data between a file system and a storage account, or between storage accounts.
Microsoft Azure Cloudshell is very powerful to work with, creating your infrastructure from the Command Line Interface (CLI) or with JSON / YAML scripts. Some features or commands are not available in the Azure portal and that’s where Azure Cloudshell can help you out. Try the different Azure Cloudshell Tools and look what you like most to use for your work. From here you can work on any device with a browser and do your work. #MVPBuzz
Have a look at the Microsoft Ignite 2019 Agenda
