Category: Azure

SCOM 2016 + OMS Toronto Meetup! – Reminder

Hi All,

Just a quick reminder, next week, November 16th, I will be hosting a SCOM 2016 and OMS meetup. It will be hosted at the University of Toronto, Nov 16, 2016. Please see the link below for more details!

Seating is free (but limited!), so RSVP your spot soon!! For more details on the Meetup, please see HERE.

 

See you all there!

Step-by-Step: Setup and Configure Azure Site Recovery (ASR) for On-Premises Virtual Machine with Azure Resource Manager (ARM)

This post is a series of blog posts for Azure Site Recovery (ASR).

Here is a step by step walk-through on how to go about setting up and configuring ASR (Azure Site Recovery) and backing up your On-Premises Virtual Machines (VMs) with Azure Resource Manager (ARM).

First things, first, Azure’s Recovery Service Vault is a unified vault/resource that allows you to manage your backup and data disaster recovery needs within Azure. For example, if you are hosting your VMs on-premises you can create a link between your on-prem site and Azure to allow your VMs to be backed-up into Azure. This is regardless of your hypervisor, it can be either ESX or Hyper-V, either will work. However for the interest of this blog post, I will be setting up ASR for VMs being hosted on your On-Premises environment on a Hyper-V 2012R2 environment.



Configuring Azure

Step 1: Create a Recovery Services Vault

Within Azure Resource Manager (ARM), if we select New, within the Marketplace, select Monitoring + management, then select Backup and Site Recovery (OMS) within the featured apps. Of course if this is no longer present, just search for it within the marketplace.

1

Next we will now need to create our vault.

Give it a meaningful name, and you can either create a new Resource Group, or use an existing. I opted with existing, as I will (another post) next setup a Site-to-Site ASR.

2

Give this a few seconds, maybe minutes to do its thing…

Great, now our Vault is up and ready to go!

3

Step 2: Choose your Protection Goal(s)

Click Settings > Site Recovery (Under Getting Stated) > Step 1: Prepare Infrastructure > Protection Goal > And specify the following > Click OK:

  • Replicating to: Azure
  • Machines Virtualized: Yes, with Hyper-V
  • Using SCVMM (Virtual Machine Manager): No

4

Step 3: Setup the Source Environment

Next, we will now need to give our Hyper-V site a name, “Ravi-OnPrem” makes sense here, but give it something meaningful.

5

6

Once validated, we can now go ahead with the Azure Backup Agent. Download the Azure Backup Agent, and also, download the Backup Credentials.

7

Download the Agent and Credentials to the server you will be backing up. In my example, I will be backing up a Windows Server 2016 (RTM).

Step 4: Microsoft Azure Recovery Site (MARS) Agent Install

The Microsoft Azure Recovery Site (MARS) Agent is a pretty simple install, but here is what I experienced when installing:

1

2

Since my environment is pretty open, ie. No Proxy, no changes required here.

3

Your call here..

4

All good with the MARS prerequisites… Hit Install!

5

All good, time to register our server to our Recovery Services Vault.

 

Step 5: Register Server to Azure Recovery Services Vault

6

Here is where we will need that VaultCrentials file.. I hope you downloaded it as mentioned earlier… As you can see, back in the first few steps, when we created our Vault, the settings are now automatically inputted.

7

Here, I decided to let the wizard generate the Passphrase. I then saved the key locally to the server.

 

8

Perfect! Now we can go ahead and with the Azure Back: Site Recovery/Backup Schedule, etc.

Step 6: Configuring Microsoft Azure Backup

Going back to our On-Prem server, which by the way is a Windows 2016 OS, let’s launch Microsoft Azure Backup

Click on Schedule Backup within the (Right) Actions Pane:

1

Since this is a basic server, I only allocated 1 drive for this example, once we hit Backup, I am presented with the available drives.

2

Now we can begin defining our Backup Schedule

Step 7: Specify Backup Schedule

3

For this example, I want to back up the following server with the following properties:

  • Backup once a week @ 4AM, every Monday

Retention Policy will be as follows, see below:

4

Once you are satisfied with the policy, go ahead and hit next. Since we want to back up to Azure, and not an offline backup, we will backup over the network.

5

Have a look over before we do the initial backup.

6

Step 7: Initiate Backup Now

Going back to the main console, within the right pane, within Actions, let’s initiate our Back Up Now.

7

If we now double click within the job, we can see the Backup has begun….

8

Step 8: Validate Backup

If we go back to Azure, and take a look at our Vault properties, we can see there is a Backup in progress.

9

If we drill down within the Backup, we can see our server being backed-up.

10

After a few minutes, we can go back to the server, and track its progress:

11

 

And likewise, if we go within to the Azure Resource Manager, and within the Vault Backup jobs, and take a look at the details, we can see data is being updated to Azure.

12

 

Perfect!

Step-by-Step: Setup and Configure Azure Site Recovery (ASR) Virtual Machines (VMs) in Azure with Azure Resource Manager (ARM)

This post is a series of blog posts for Azure Site Recovery (ASR).

  • ASR for VMs hosted On-Premises, coming soon…
  • ASR for Hyper-V hosted On-Premises, coming soon…
  • ASR for an ESXi hosted On-Premises, coming soon…

Here is a step by step walk-through on how to go about setting up and configuring ASR (Azure Site Recovery) and backing up your On-Premises Virtual Machines (VMs) with Azure Resource Manager (ARM).

First things, first, Azure’s Recovery Service Vault is a unified vault/resource that allows you to manage your backup and data disaster recovery needs within Azure. For example, if you are hosting your VMs on-premises you can create a link between your on-prem site and Azure to allow your VMs to be backed-up into Azure. This is regardless of your hypervisor, it can be either ESX or Hyper-V, either will work. However for the interest of this blog post, I will be setting up ASR for VMs hosted within Azure.


Configuring Azure

Step 1: Create a Recovery Services Vault

Within Azure Resource Manager (ARM), if we select New, within the Marketplace, select Monitoring + management, then select Backup and Site Recovery (OMS) within the featured apps. Of course if this is no longer present, just search for it within the marketplace.

1

Next we will now need to create our vault.

Give it a meaningful name, and you can either create a new Resource Group, or use an existing. I opted with existing, as I will (another post) next setup a Site-to-Site ASR.

2

Give this a few seconds, maybe minutes to do its thing…

Great, now our Vault is up and ready to go!

3

Step 2: Backup Goal/Target

Select +Backup, and let’s setup create a backup strategy:

4

5a

As mentioned, in this walk-through, we will be setting up ASR for our VMs within Azure. So, this workload will be running against our Azure environment, and we want to backup our VMs.

Step 3: Create a Backup Policy

Now we want to create a backup policy. You can chose the default, which I believe is a daily snap-shot and the retention is 30 days. This may be too aggressive, or too conservative. Nevertheless, let’s create our own.

6a

Give it a name “ASRBackup14Days“, for this example, I want to backup my VMs in the following manner:

  • Backup every day @ 2AM
  • Retain the daily backup of the VM for 2 weeks (14 days)
  • Retain the weekly backup of the VM for 2 weeks
  • Retain the monthly backup of the VM for 2 months (~60 days)
  • Also, begin this policy the first day of January 2016…

Of course these options are..optional, you only need to specify either the daily, weekly or monthly retention…

Once complete, we now need to select the VM(s) we would like to back-up.

7a

Select one, or select them all, but keep in mind, this could get costly $$$$, more VMs and more often the back-up frequency.

8

Step 4: Initial Backup

Great! Now, Enable backup. Now, if we go back to our ASR Vault, should see a job already in progress, as Azure already started the initial backup.

9

10

As you can see, the VM is being backed up now!

Step 5: On-Demand Backup

If you ever want to do an ad-hoc backup, just go back to the ASR Vault, within the Protected Items, select the VM(s) you are interested, and schedule an immediate backup.

11

SCOM 2016 + OMS Toronto Meetup!

This November, I will be hosting a SCOM 2016 and OMS meetup. The intended target audience is for SCOM and OMS User groups within the Toronto and Greater Toronto Area, however not limited to. It will be hosted at the University of Toronto, November 9th, 2016. Please see the link below for more details!

Meetup has been re-scheduled for November 16th, 2016. 

Topics will include, but not limited to:

  • What’s new in SCOM 2016
  • What is OMS

Seating is limited, so RSVP your spot soon!! For more details on the Meetup, please see HERE.

 

See you all there!

Creating a Site-to-Site (S2S) VPN with Azure Resource Manager (ARM) and Windows 2012R2

To begin, I am setting up a Site-to-Site VPN (Virtual Private Network) between my home-lab and Azure. The same concept(s) can be applied to an On-Premises/Data-Center environment and enterprise grade firewalls/routers.

For starters you will need to know the IP of your home network, my IP is dynamic, so it is continuously changing. If you don’t know your public IP, go HERE to get that now. Also, I will be using the Azure Resource Manager portal, and not the classic portal, and lastly working with IPv4, not IPv6. Lastly, I am going to assume you already know a few things about Azure, Windows Server 2012R2 RRAS (Routing and Remote Access Service) and the basics of Networking.

This setup consists of 2 steps — Step 1, setting up and configuring Azure, and Step 2, setting up and configuring your Windows RRAS server. Let’s begin:


Setting up/Configuring Azure:

Step 1: Create a Resource Group

1

Step 2: Create a Virtual Network

Now we need to create a Virtual Network. This virtual network will provide IPs to machines assigned within this resource group. The IP spacing can be whatever you choose, however it is best to choose an address space different from your home-network. I have chosen a 172.10.0.0/24; my home network is a 10.10.10.0/24.The resource group will always the one you created back in Step 1.

2a

Next I will add two subnets, one for the back-end and one for the gateway of my servers. Within your Virtual Network, select Subnets, and add as many subnets as needed.

2b

Step 3: Create a Virtual Network Gateway

Next we will create the Virtual Network Gateway. The virtual network gateway will be responsible for sending and receiving data. Essentially the bridge between (gateway) Azure and your RRAS server/home-network.

I have kept the defaults, VPN as the Gateway type, and Route based for the VPN type. The resource group will always the one you created back in Step 1.

Depending on your environment and requirements, you will need to decide which VPN type is best for you.

  • Route based, will support dynamic routing and support multiple VPN connections, using IKEv2.
  • Policy based, will support static routing, supporting a single VPN connection, and will use IKEv1.

3

  • The Virtual Network will be what we just created in Step 2,
  • The Public IP address will be one of Azure’s Public IPs,
  • Gateway type will be VPN,
  • VPN type will be Route based.

Once you have entered all the properties successfully, it will take about an hour for Azure to create the Virtual Network Gateway. (Good time for lunch/a break)

Step 4: Create a Local Network Gateway

Now we need to create the local network gateway, this gateway will be configured with all of your on-premises network.

  • IP address will be the IP address of your VPN endpoint, ie. Public Facing IP
  • Address space will be the address space you are using on-premises, in my case my home network is on a 10.10.10.0/24 network. (If you have multiple address spaces on-premises, then add them all here (only add if you want a machine in that space to be Azure accessible))

Keep in mind, the address space here MUST NOT overlap with the address space in Azure (this is why my Azure Local Network was provided a 172.10.0.0/24 address space to differentiate)

The resource group will always the one you created back in Step 1.

4a

Step 5: Create the VPN connection

Now that all the fun stuff is done, now we need to create the VPN connection. Within the Local Network Gateway we just created (Step 4) go within the Connections, and configure a VPN connection.

5b

  • You will need to specify the Virtual and Local LAN gateways we created in Step 3 and Step 4, for the Virtual Network Gateway and Local Network Gateway, respectively.
  • The Shared key (PSK) will need to be a string that will be used between the VPN connection and your RRAS server to encrypt and authenticate. I used a password generator with 32 characters, and only used letters and numbers (no special characters). Make sure to save this key, because you will need it in the Windows RRAS setup to complete the Site-to-Site connection!

 

Great Step 1 – Azure done! After configuring the RRAS server, we will need to come back to Azure, and connect/confirm the VPN traffic is flowing.

 



 

Setting up/Configuring Windows RRAS:

Step 1: Install the RRAS Windows Role 

Microsoft explains this pretty well and it is pretty straight-forward, so I won’t bother, see HERE.

Step 2: Configure and Enable Routing and Remote Access

Right click on the Network Interface, and select a New Demand-dial Interface

1a

Call it something meaningful…

1

Continue through the wizard, choose VPN.

2

Use IKEv2 Encryption here for the VPN Type (as we chose back in Step 5 within the VPN Connection configuration for Azure; they must match…duh)

3

Here you need to specify the Azure Public IP:

4

If you don’t know your Azure Public IP, go to your Virtual LAN Gateway, and see within the Essentials properties:

5

Leave Route IP packets on this interface enabled….

6

Since we are providing a PSK, credentials here don’t matter.. I just entered, Azure and left the rest blank…

7

Now add the Static Route for your local network, as mentioned, my network is a 10.10.10.0/24; 255.255.255.0.

10

Once complete, right-click on the interface we just created, and go to the Security settings. By default “Use machine certificates” will be enabled, select the preshared key for authentication option, and now enter that PSK we used in Step 5 of Azure….

8

Hit OK, and now let’s try to connect…..

Step 3: Test Connection on Server

11

Give this a few minutes, I gave it about 5 minutes, and it finally connected to Azure.

Step 4: Establish/Test Connection on Azure VPN

Go back to Azure, and within your VPN connection, hit Connect. For me, this took some time. Initially it connects, then fails, and repeats for a few minutes. I’d say after 5 minutes or so, it finally connected and stayed connected! YAY!

vpn_connection_success

 

vpn_connection_success_2

After all that, we now have a VPN connection established between Azure and my home network. This is evident as we can see traffic going in and out via Azure’s Gateway! Sweet!!!

 


(more…)

OMS – SCOM Assessment Solution

It’s been a few days since I last logged into OMS. Earlier today, as I was browsing through the Solutions Gallery, I had to do a double-check, as I saw a coming soon, SCOM Assessment Solution. Yes, that is right, OMS will soon be releasing a SCOM Assessment Solution!

As a SCOM/System Center consultant, I can’t even count the number of SCOM Health Checks I have done in my past — this is very exciting as maybe I can rely on OMS to do this for me… hmmm.

From the solution description, it will assess “the risk and health of your SCOM environment on a regular basis. It will provide a prioritized list of recommendations tailored to your deployments”….

As it appears today the solution is still, “coming” so hopefully Microsoft/OMS team can roll this out soon!

capture

Azure Automation PowerShell ISE Add-On

Not too long ago, Microsoft released a new PowerShell module add-on for Azure Automation. This is great as it allows us to work locally and connects directly to Azure, connecting us to our existing Runbooks, gather subscription and account information, etc. This is great for anyone that is interested in OMS Hybrid-Runbooks, DSC (Desired State Configuration) and the future! 🙂

Here’s a link to Microsoft’s blog post, HERE.

Cheers!

How to deploy OMS Agent on Linux

There are multiple ways how to deploy the OMS agent on your Linux server. In my post,  I am going to make use of GitHub and do a quick install on a Linux server.

In my environment, I am deploying the OMS Linux (Preview) agent (version 1.1.0-124) on a 64-bit Ubuntu server, version 14.04.4. Your Ubuntu server will of course need an Internet connection (directly or via Proxy). At the time of this post, the following Linux Operating systems are currently supported, and I am deploying the Linux agent version 1.1.0-124.

*image/source, Technet.Microsoft.com

Let’s get started…

Copy and save your OMS Workspace ID and Primary Key, as your OMS agent will need these to authenticate against. These can be found within your OMS Settings > Connected Sources:

4a

Within your Ubuntu shell/terminal, you will need to execute the following three commands in order to download and install the OMS Agent. First we will download the latest OMS Agent from GitHub.

1

  • Followed by,
    • sha256sum ./omsagent-1.1.0-124.universal.x64.sh

2

  • Finally,
    • sudo sh ./omsagent-1.1.0-124.universal.x64.sh –upgrade -w <WORKSPACE ID> -s <WORKSPACE PRIMARY KEY>

3

If all goes well, you should now have an added server to your Connected Sources. Yay!

4b

Very quickly, I can see my Ubuntu server is already transmitting data to OMS.

5

Like Windows servers, we can now start collecting data from the Syslog, collecting performance metrics in Near Real Time, and if your Linux box is deployed with Nagios and/or Zabbix, we can link this data into OMS too!

For additional information on configuring Linux Performance Counters, please visit the following page, HERE.

Lastly, don’t forget to add some important syslog OMS Data Log Collection, here is what I have configured:

6

Cheers!

Monitoring VMware (ESX/ESXi) with OMS

We all know monitoring Hyper-V and/or SCVMM with OMS is rather straight forward, and native. However, what about VMware (ESX/ESXi)?

In my VMware environment, I am using ESXi Host version 5.5 and vCenter version 6.0.

The following post is to help you monitor your ESX/ESXi environment with OMS.

  • First, you will need to enable the ESXi Shell, or SSH on your ESXi host, see HERE how
  • Next, you will need to configure the syslog(s) on your ESXi host, see HERE how

My ESXi server’s IP 10.10.10.30, and I will be forwarding the syslog(s) to my vCenter Windows Server IP 10.10.10.34. To be safe, I am going to configure both port 514 UDP and TCP .

ConfiguringSyslogOnESXiviaSSH

  • Remember to disable the firewall(s) on your vCenter Windows server
  • Now on your vCenter Windows Server, you will need to deploy the OMS Agent (Microsoft Monitoring Agent), see HERE how
    • Once your vCenter server is communicating with OMS, we can move on to the next step
  • Within OMS, if you haven’t already, you will need to enable “Custom Logs“; Settings > Preview Features > Enabled Custom Logs

EnableCustomLogs

  • Next, set up the following syslog file as your custom log on your vCenter server. In my case, my ESXi hostname is ‘RaviESXi’ and its IP is 10.10.10.30.
  • Followed by importing your syslog into OMS for the first time (see below for instructions)

C:\ProgramData\VMware\vCenterServer\data\vmsyslogcollector\yourESXiHostnameHere\syslog.log

For me, that path translates to, “C:\ProgramData\VMware\vCenterServer\data\vmsyslogcollector\RaviESXi\syslog.log

In my example, I then created an OMS custom log named “VMwareWin” for ESXi syslog. (By default, _CL suffix will be automatically added, which will result as, “VMwareWin_CL”) If you are unfamiliar with OMS’ Custom Logs, see HERE.

Once you have completed this step, it make take some time for your data to start showing up in OMS. Give it an hour or so…

  • Now we can start creating some custom fields within OMS. For example, ESXi Hostname, vmkernel, hostd, etc. See HERE about OMS’ custom fields in log analytics.
    • If you have done everything correctly, you should have custom logs and custom fields similar to this:

CreatingCustomLogs(2)

CreatingCustomFields

  • Now  you can start creating some dashboards with some custom queries!

For example, here’s one query I tested with and thought was worthy for its own dashboard:

All events and number of occurrences:

Type=VMwareWin_CL | measure count() by VMwareProp_CFDashboard1Example

Of course the number of queries and dashboards is endless at this point. Feel free to let me know your thoughts and some queries/dashboards you have come up with!

Lastly, don’t forget to add some important syslog OMS Data Log Collection, here is what I have configured:

6

Cheers!

Deploying OMS Agent for On-Premise Server(s)

This post is intended for monitoring Windows based servers with OMS. For starters I am going to assume the following prerequisites have been met (see below). In addition I am going to assume you are not using SCOM 2012R2 (UR6 or better) at the moment. Okay, so let’s begin!

  1. Azure Environment Setup — Check
  2. Azure Operational Insights Created — Check (see post here)
  3. OMS Workspace Created — Check (see post here)
  4. Monitor On-Premise Servers — See below

 

For my demo, I am using a Windows 2012R2 server, so I will be making use of the x64 agent. Download the agent on your machine, and begin the installer. Take note (copy the Workspace ID and Key(s)) as you will need them later.

1

  • Start/Launch the agent installer

2

  • We will be connecting to Azure (not SCOM)

3

  • The Workspace ID and Workspace Key can be retrieved from your OMS settings page.

4

5

6

Once the agent install is complete, we can view the OMS/Azure configuration properties within the agent configuration, as seen below:

7

  • If we go back to our OMS portal, we can now see we have another server we are now monitoring in OMS 🙂

8

  • At this point we are not really capturing much data, so let’s configure some log data capturing. For now, I just setup Windows event logs, looking for Event IDs 6006 and 6008.

9

  • About 3 hours later (for me at least) I started to see data being collected. As we bring more agents into OMS and/or couple our on-prem SCOM environment, we will start to see a wealth of data. (Remember 500Mb of data is free, anything more you will need to upgrade your Azure subscription)

10

Cheers!