Tag: Azure

Step-by-Step: Setup and Configure Azure Site Recovery (ASR) for On-Premises Hyper-V Host with Azure Resource Manager (ARM)

This post is a series of blog posts for Azure Site Recovery (ASR).

Here is a step by step walk-through on how to go about setting up and configuring ASR (Azure Site Recovery) and backing up your On-Premises Virtual Machines (VMs) with Azure Resource Manager (ARM).

First things, first, Azure’s Recovery Service Vault is a unified vault/resource that allows you to manage your backup and data disaster recovery needs within Azure. For example, if you are hosting your VMs on-premises you can create a link between your on-prem site and Azure to allow your VMs to be backed-up into Azure. This is regardless of your hypervisor, it can be either ESX or Hyper-V, either will work. However for the interest of this blog post, I will be setting up ASR for a Hyper-V 2012R2 host.



Configuring Azure

Step 1: Create a Recovery Services Vault

Within Azure Resource Manager (ARM), if we select New, within the Marketplace, select Monitoring + management, then select Backup and Site Recovery (OMS) within the featured apps. Of course if this is no longer present, just search for it within the marketplace.

1

Next we will now need to create our vault.

Give it a meaningful name, and you can either create a new Resource Group, or use an existing. I opted with existing, as I will (another post) next setup a Site-to-Site ASR.

2

Give this a few seconds, maybe minutes to do its thing…

Great, now our Vault is up and ready to go!

3

Step 2: Choose your Protection Goal(s)

Click Settings > Site Recovery (Under Getting Stated) > Step 1: Prepare Infrastructure > Protection Goal > And specify the following > Click OK:

  • Replicating to: Azure
  • Machines Virtualized: Yes, with Hyper-V
  • Using SCVMM (Virtual Machine Manager): No

4

Step 3: Setup the Source Environment

Next, we will now need to Prepare our source give our Hyper-V site a name, “Ravi-OnPrem” makes sense here, but give it something meaningful.

5

6

Now we need to download the ASR Provider Installer, along with the Vault Registration Key.

set-source3

Step 4:  Install and Configure the ASR Provider on Hyper-V Host

1

2

3

4

5

This Hyper-V host is not behind any Proxy…

6

If we go back to Azure, we can now see our Hyper-V host populated.

7

Step 5: Create a Replication Policy

Within our Vault properties > Settings > Manage: Site Recovery Infrastructure > For Hyper-V Sites: Replication Policies > +Replication Policies

8

Step 6: Associate Hyper-V Site(s)

Next we will need to Associate our Hyper-V site:

9

10

Great! Now we can continue on with Step 3 (Target Environment) of Step 1 (Preparing Infrastructure).

Step 7: Create a Storage Account + Virtual Network

8

9

Within the Replication, we have a few options here. I left mine as default (GRS) Geo-Redundant.

Next, we need to create a Target Virtual Network:

11

Now we can go ahead and setup the replication settings:

Step 8: Setup Replication Settings

12

Since we create the Replication Policy beforehand, this auto-filled. Next we need to do some Capacity Planning. Since this is simply a walk-through example, I elected to skip this, but for a real-production environment, I would highly recommend doing this.

Here is a link to Microsoft’s Capacity Planner for Hyper-V Replica.

14

Hit OK, and now we are ready to to move on to Step 2 (Replication Application)

15

16

This all should have populated since we created our Storage account and Virtual Network just earlier… If not, add them.

Now Azure should have connected with our Hyper-V host, we can now see our VMs within our Hyper-V host. Here we now need to select which machines we will want to include within ASR. For simplicity and variety, I am going to select a domain controller and a Linux machine.

17

Now we need to configure the VMs properties:

18

Once we are good, we can go ahead and apply the Replication Policy to our VMs.

19

Once satisfied, go ahead and hit “Enable Replication“.

20

 

Lastly, Step 3, we now need to complete creating our Recovery Plan:

Step 9: Create Recovery Plan

21

Great! All done? Before we say all done, let’s go back to our Hyper-V host, and configure the Network/Throttling bandwidth.

Step 10: Network/Throttle Bandwidth

My Hyper-V host is not equipped with a GUI as I am using Windows 2012R2 Minimal Server, so navigate here to launch the Microsoft Azure Backup Agent, “C:\Program Files\Microsoft Azure Recovery Services Agent\bin\“. Launch, “wabadmin“.

23

In the Actions pane, select “Change Properties” >> Select the Throttling tab.

24

Change these settings as to your needs. I wanted to increase my non-work hours to 4MB, but looks like 1MB is the max.

Great! Since we already hit, enable replication, this process should have already started… Let’s go back to Azure:

If we take a look at the Vault > Settings > Protected Items > Replicated Items 

25

Once these VMs are 100% Synchronized, the next steps will be to simulate a fail over, both Test and Planned.

26

 

Step-by-Step: Setup and Configure Azure Site Recovery (ASR) for On-Premises Virtual Machine with Azure Resource Manager (ARM)

This post is a series of blog posts for Azure Site Recovery (ASR).

Here is a step by step walk-through on how to go about setting up and configuring ASR (Azure Site Recovery) and backing up your On-Premises Virtual Machines (VMs) with Azure Resource Manager (ARM).

First things, first, Azure’s Recovery Service Vault is a unified vault/resource that allows you to manage your backup and data disaster recovery needs within Azure. For example, if you are hosting your VMs on-premises you can create a link between your on-prem site and Azure to allow your VMs to be backed-up into Azure. This is regardless of your hypervisor, it can be either ESX or Hyper-V, either will work. However for the interest of this blog post, I will be setting up ASR for VMs being hosted on your On-Premises environment on a Hyper-V 2012R2 environment.



Configuring Azure

Step 1: Create a Recovery Services Vault

Within Azure Resource Manager (ARM), if we select New, within the Marketplace, select Monitoring + management, then select Backup and Site Recovery (OMS) within the featured apps. Of course if this is no longer present, just search for it within the marketplace.

1

Next we will now need to create our vault.

Give it a meaningful name, and you can either create a new Resource Group, or use an existing. I opted with existing, as I will (another post) next setup a Site-to-Site ASR.

2

Give this a few seconds, maybe minutes to do its thing…

Great, now our Vault is up and ready to go!

3

Step 2: Choose your Protection Goal(s)

Click Settings > Site Recovery (Under Getting Stated) > Step 1: Prepare Infrastructure > Protection Goal > And specify the following > Click OK:

  • Replicating to: Azure
  • Machines Virtualized: Yes, with Hyper-V
  • Using SCVMM (Virtual Machine Manager): No

4

Step 3: Setup the Source Environment

Next, we will now need to give our Hyper-V site a name, “Ravi-OnPrem” makes sense here, but give it something meaningful.

5

6

Once validated, we can now go ahead with the Azure Backup Agent. Download the Azure Backup Agent, and also, download the Backup Credentials.

7

Download the Agent and Credentials to the server you will be backing up. In my example, I will be backing up a Windows Server 2016 (RTM).

Step 4: Microsoft Azure Recovery Site (MARS) Agent Install

The Microsoft Azure Recovery Site (MARS) Agent is a pretty simple install, but here is what I experienced when installing:

1

2

Since my environment is pretty open, ie. No Proxy, no changes required here.

3

Your call here..

4

All good with the MARS prerequisites… Hit Install!

5

All good, time to register our server to our Recovery Services Vault.

 

Step 5: Register Server to Azure Recovery Services Vault

6

Here is where we will need that VaultCrentials file.. I hope you downloaded it as mentioned earlier… As you can see, back in the first few steps, when we created our Vault, the settings are now automatically inputted.

7

Here, I decided to let the wizard generate the Passphrase. I then saved the key locally to the server.

 

8

Perfect! Now we can go ahead and with the Azure Back: Site Recovery/Backup Schedule, etc.

Step 6: Configuring Microsoft Azure Backup

Going back to our On-Prem server, which by the way is a Windows 2016 OS, let’s launch Microsoft Azure Backup

Click on Schedule Backup within the (Right) Actions Pane:

1

Since this is a basic server, I only allocated 1 drive for this example, once we hit Backup, I am presented with the available drives.

2

Now we can begin defining our Backup Schedule

Step 7: Specify Backup Schedule

3

For this example, I want to back up the following server with the following properties:

  • Backup once a week @ 4AM, every Monday

Retention Policy will be as follows, see below:

4

Once you are satisfied with the policy, go ahead and hit next. Since we want to back up to Azure, and not an offline backup, we will backup over the network.

5

Have a look over before we do the initial backup.

6

Step 7: Initiate Backup Now

Going back to the main console, within the right pane, within Actions, let’s initiate our Back Up Now.

7

If we now double click within the job, we can see the Backup has begun….

8

Step 8: Validate Backup

If we go back to Azure, and take a look at our Vault properties, we can see there is a Backup in progress.

9

If we drill down within the Backup, we can see our server being backed-up.

10

After a few minutes, we can go back to the server, and track its progress:

11

 

And likewise, if we go within to the Azure Resource Manager, and within the Vault Backup jobs, and take a look at the details, we can see data is being updated to Azure.

12

 

Perfect!

Step-by-Step: Setup and Configure Azure Site Recovery (ASR) Virtual Machines (VMs) in Azure with Azure Resource Manager (ARM)

This post is a series of blog posts for Azure Site Recovery (ASR).

  • ASR for VMs hosted On-Premises, coming soon…
  • ASR for Hyper-V hosted On-Premises, coming soon…
  • ASR for an ESXi hosted On-Premises, coming soon…

Here is a step by step walk-through on how to go about setting up and configuring ASR (Azure Site Recovery) and backing up your On-Premises Virtual Machines (VMs) with Azure Resource Manager (ARM).

First things, first, Azure’s Recovery Service Vault is a unified vault/resource that allows you to manage your backup and data disaster recovery needs within Azure. For example, if you are hosting your VMs on-premises you can create a link between your on-prem site and Azure to allow your VMs to be backed-up into Azure. This is regardless of your hypervisor, it can be either ESX or Hyper-V, either will work. However for the interest of this blog post, I will be setting up ASR for VMs hosted within Azure.


Configuring Azure

Step 1: Create a Recovery Services Vault

Within Azure Resource Manager (ARM), if we select New, within the Marketplace, select Monitoring + management, then select Backup and Site Recovery (OMS) within the featured apps. Of course if this is no longer present, just search for it within the marketplace.

1

Next we will now need to create our vault.

Give it a meaningful name, and you can either create a new Resource Group, or use an existing. I opted with existing, as I will (another post) next setup a Site-to-Site ASR.

2

Give this a few seconds, maybe minutes to do its thing…

Great, now our Vault is up and ready to go!

3

Step 2: Backup Goal/Target

Select +Backup, and let’s setup create a backup strategy:

4

5a

As mentioned, in this walk-through, we will be setting up ASR for our VMs within Azure. So, this workload will be running against our Azure environment, and we want to backup our VMs.

Step 3: Create a Backup Policy

Now we want to create a backup policy. You can chose the default, which I believe is a daily snap-shot and the retention is 30 days. This may be too aggressive, or too conservative. Nevertheless, let’s create our own.

6a

Give it a name “ASRBackup14Days“, for this example, I want to backup my VMs in the following manner:

  • Backup every day @ 2AM
  • Retain the daily backup of the VM for 2 weeks (14 days)
  • Retain the weekly backup of the VM for 2 weeks
  • Retain the monthly backup of the VM for 2 months (~60 days)
  • Also, begin this policy the first day of January 2016…

Of course these options are..optional, you only need to specify either the daily, weekly or monthly retention…

Once complete, we now need to select the VM(s) we would like to back-up.

7a

Select one, or select them all, but keep in mind, this could get costly $$$$, more VMs and more often the back-up frequency.

8

Step 4: Initial Backup

Great! Now, Enable backup. Now, if we go back to our ASR Vault, should see a job already in progress, as Azure already started the initial backup.

9

10

As you can see, the VM is being backed up now!

Step 5: On-Demand Backup

If you ever want to do an ad-hoc backup, just go back to the ASR Vault, within the Protected Items, select the VM(s) you are interested, and schedule an immediate backup.

11

Creating a Site-to-Site (S2S) VPN with Azure Resource Manager (ARM) and Windows 2012R2

To begin, I am setting up a Site-to-Site VPN (Virtual Private Network) between my home-lab and Azure. The same concept(s) can be applied to an On-Premises/Data-Center environment and enterprise grade firewalls/routers.

For starters you will need to know the IP of your home network, my IP is dynamic, so it is continuously changing. If you don’t know your public IP, go HERE to get that now. Also, I will be using the Azure Resource Manager portal, and not the classic portal, and lastly working with IPv4, not IPv6. Lastly, I am going to assume you already know a few things about Azure, Windows Server 2012R2 RRAS (Routing and Remote Access Service) and the basics of Networking.

This setup consists of 2 steps — Step 1, setting up and configuring Azure, and Step 2, setting up and configuring your Windows RRAS server. Let’s begin:


Setting up/Configuring Azure:

Step 1: Create a Resource Group

1

Step 2: Create a Virtual Network

Now we need to create a Virtual Network. This virtual network will provide IPs to machines assigned within this resource group. The IP spacing can be whatever you choose, however it is best to choose an address space different from your home-network. I have chosen a 172.10.0.0/24; my home network is a 10.10.10.0/24.The resource group will always the one you created back in Step 1.

2a

Next I will add two subnets, one for the back-end and one for the gateway of my servers. Within your Virtual Network, select Subnets, and add as many subnets as needed.

2b

Step 3: Create a Virtual Network Gateway

Next we will create the Virtual Network Gateway. The virtual network gateway will be responsible for sending and receiving data. Essentially the bridge between (gateway) Azure and your RRAS server/home-network.

I have kept the defaults, VPN as the Gateway type, and Route based for the VPN type. The resource group will always the one you created back in Step 1.

Depending on your environment and requirements, you will need to decide which VPN type is best for you.

  • Route based, will support dynamic routing and support multiple VPN connections, using IKEv2.
  • Policy based, will support static routing, supporting a single VPN connection, and will use IKEv1.

3

  • The Virtual Network will be what we just created in Step 2,
  • The Public IP address will be one of Azure’s Public IPs,
  • Gateway type will be VPN,
  • VPN type will be Route based.

Once you have entered all the properties successfully, it will take about an hour for Azure to create the Virtual Network Gateway. (Good time for lunch/a break)

Step 4: Create a Local Network Gateway

Now we need to create the local network gateway, this gateway will be configured with all of your on-premises network.

  • IP address will be the IP address of your VPN endpoint, ie. Public Facing IP
  • Address space will be the address space you are using on-premises, in my case my home network is on a 10.10.10.0/24 network. (If you have multiple address spaces on-premises, then add them all here (only add if you want a machine in that space to be Azure accessible))

Keep in mind, the address space here MUST NOT overlap with the address space in Azure (this is why my Azure Local Network was provided a 172.10.0.0/24 address space to differentiate)

The resource group will always the one you created back in Step 1.

4a

Step 5: Create the VPN connection

Now that all the fun stuff is done, now we need to create the VPN connection. Within the Local Network Gateway we just created (Step 4) go within the Connections, and configure a VPN connection.

5b

  • You will need to specify the Virtual and Local LAN gateways we created in Step 3 and Step 4, for the Virtual Network Gateway and Local Network Gateway, respectively.
  • The Shared key (PSK) will need to be a string that will be used between the VPN connection and your RRAS server to encrypt and authenticate. I used a password generator with 32 characters, and only used letters and numbers (no special characters). Make sure to save this key, because you will need it in the Windows RRAS setup to complete the Site-to-Site connection!

 

Great Step 1 – Azure done! After configuring the RRAS server, we will need to come back to Azure, and connect/confirm the VPN traffic is flowing.

 



 

Setting up/Configuring Windows RRAS:

Step 1: Install the RRAS Windows Role 

Microsoft explains this pretty well and it is pretty straight-forward, so I won’t bother, see HERE.

Step 2: Configure and Enable Routing and Remote Access

Right click on the Network Interface, and select a New Demand-dial Interface

1a

Call it something meaningful…

1

Continue through the wizard, choose VPN.

2

Use IKEv2 Encryption here for the VPN Type (as we chose back in Step 5 within the VPN Connection configuration for Azure; they must match…duh)

3

Here you need to specify the Azure Public IP:

4

If you don’t know your Azure Public IP, go to your Virtual LAN Gateway, and see within the Essentials properties:

5

Leave Route IP packets on this interface enabled….

6

Since we are providing a PSK, credentials here don’t matter.. I just entered, Azure and left the rest blank…

7

Now add the Static Route for your local network, as mentioned, my network is a 10.10.10.0/24; 255.255.255.0.

10

Once complete, right-click on the interface we just created, and go to the Security settings. By default “Use machine certificates” will be enabled, select the preshared key for authentication option, and now enter that PSK we used in Step 5 of Azure….

8

Hit OK, and now let’s try to connect…..

Step 3: Test Connection on Server

11

Give this a few minutes, I gave it about 5 minutes, and it finally connected to Azure.

Step 4: Establish/Test Connection on Azure VPN

Go back to Azure, and within your VPN connection, hit Connect. For me, this took some time. Initially it connects, then fails, and repeats for a few minutes. I’d say after 5 minutes or so, it finally connected and stayed connected! YAY!

vpn_connection_success

 

vpn_connection_success_2

After all that, we now have a VPN connection established between Azure and my home network. This is evident as we can see traffic going in and out via Azure’s Gateway! Sweet!!!

 


(more…)

Monitoring VMware (ESX/ESXi) with OMS

We all know monitoring Hyper-V and/or SCVMM with OMS is rather straight forward, and native. However, what about VMware (ESX/ESXi)?

In my VMware environment, I am using ESXi Host version 5.5 and vCenter version 6.0.

The following post is to help you monitor your ESX/ESXi environment with OMS.

  • First, you will need to enable the ESXi Shell, or SSH on your ESXi host, see HERE how
  • Next, you will need to configure the syslog(s) on your ESXi host, see HERE how

My ESXi server’s IP 10.10.10.30, and I will be forwarding the syslog(s) to my vCenter Windows Server IP 10.10.10.34. To be safe, I am going to configure both port 514 UDP and TCP .

ConfiguringSyslogOnESXiviaSSH

  • Remember to disable the firewall(s) on your vCenter Windows server
  • Now on your vCenter Windows Server, you will need to deploy the OMS Agent (Microsoft Monitoring Agent), see HERE how
    • Once your vCenter server is communicating with OMS, we can move on to the next step
  • Within OMS, if you haven’t already, you will need to enable “Custom Logs“; Settings > Preview Features > Enabled Custom Logs

EnableCustomLogs

  • Next, set up the following syslog file as your custom log on your vCenter server. In my case, my ESXi hostname is ‘RaviESXi’ and its IP is 10.10.10.30.
  • Followed by importing your syslog into OMS for the first time (see below for instructions)

C:\ProgramData\VMware\vCenterServer\data\vmsyslogcollector\yourESXiHostnameHere\syslog.log

For me, that path translates to, “C:\ProgramData\VMware\vCenterServer\data\vmsyslogcollector\RaviESXi\syslog.log

In my example, I then created an OMS custom log named “VMwareWin” for ESXi syslog. (By default, _CL suffix will be automatically added, which will result as, “VMwareWin_CL”) If you are unfamiliar with OMS’ Custom Logs, see HERE.

Once you have completed this step, it make take some time for your data to start showing up in OMS. Give it an hour or so…

  • Now we can start creating some custom fields within OMS. For example, ESXi Hostname, vmkernel, hostd, etc. See HERE about OMS’ custom fields in log analytics.
    • If you have done everything correctly, you should have custom logs and custom fields similar to this:

CreatingCustomLogs(2)

CreatingCustomFields

  • Now  you can start creating some dashboards with some custom queries!

For example, here’s one query I tested with and thought was worthy for its own dashboard:

All events and number of occurrences:

Type=VMwareWin_CL | measure count() by VMwareProp_CFDashboard1Example

Of course the number of queries and dashboards is endless at this point. Feel free to let me know your thoughts and some queries/dashboards you have come up with!

Lastly, don’t forget to add some important syslog OMS Data Log Collection, here is what I have configured:

6

Cheers!

Deploying OMS Agent for On-Premise Server(s)

This post is intended for monitoring Windows based servers with OMS. For starters I am going to assume the following prerequisites have been met (see below). In addition I am going to assume you are not using SCOM 2012R2 (UR6 or better) at the moment. Okay, so let’s begin!

  1. Azure Environment Setup — Check
  2. Azure Operational Insights Created — Check (see post here)
  3. OMS Workspace Created — Check (see post here)
  4. Monitor On-Premise Servers — See below

 

For my demo, I am using a Windows 2012R2 server, so I will be making use of the x64 agent. Download the agent on your machine, and begin the installer. Take note (copy the Workspace ID and Key(s)) as you will need them later.

1

  • Start/Launch the agent installer

2

  • We will be connecting to Azure (not SCOM)

3

  • The Workspace ID and Workspace Key can be retrieved from your OMS settings page.

4

5

6

Once the agent install is complete, we can view the OMS/Azure configuration properties within the agent configuration, as seen below:

7

  • If we go back to our OMS portal, we can now see we have another server we are now monitoring in OMS 🙂

8

  • At this point we are not really capturing much data, so let’s configure some log data capturing. For now, I just setup Windows event logs, looking for Event IDs 6006 and 6008.

9

  • About 3 hours later (for me at least) I started to see data being collected. As we bring more agents into OMS and/or couple our on-prem SCOM environment, we will start to see a wealth of data. (Remember 500Mb of data is free, anything more you will need to upgrade your Azure subscription)

10

Cheers!

 

Azure Site Recovery (ASR) – Windows 2016 (TP4)

In the event you are running a lab/demo for Azure ASR (Azure Site Recovery) and want to use the latest and greatest Windows 2016… STOP! Turns out Windows Server 2016 – Technical Preview 4 (TP4) is not supported at this time. So, hopefully you read this and don’t waste your time, like me. 🙂 Note, Windows Server 2012 R2 is supported, and works just fine (obviously). I will (soon) be posting a complete Azure ASR setup for Windows Server 2012R2 (VMs) on VMware ESX 6.0.

Of course the ASR Wizard did not indicate any issues at the time of running the installer, but definitely got this error nearing completion.

7 - Install OnPrem Components Wizard (3) 7 - Install OnPrem Components Wizard (Error)

Automating Start and Stop Times for Azure VMs

So you have set up an Azure lab, but you are now starting to see your billing costs are higher than you anticipated, or maybe you are getting tired of logging in to the Azure portal, every morning and every evening to start and shutdown your lab/Virtual Machine(s). Unfortunately there is no UI in the Azure portal that allows you to input a start and stop time for your Virtual Machines to be powered on and/or off, however there are some clever workarounds! Below are the steps I have taken to automate this problem.

Of course you will need an Azure environment, at least one Virtual Machine and some (very) basic PowerShell knowledge.

For starters, I have already built my VM, and I have already created an account that is a member of the domain administrators.


  • Log into the Azure portal and expand the Browse All icon, located on the left pane.

1

  • Select Automation Accounts and create a new Automation Account. I called mine “MachineStartStopAutomation”.

2

  • Next under the new account, select Assets

3

  • Here we will assign credentials associated to this Automation account. Within Assets, select Credentials

4

5

  • Once you have created the Credentials, next we will need to create the Runbook
  • Go back to the Automation Account, and this time select Runbooks

6

  • Provide some descriptive name for the Runbook. I used “Start<hostname>VM”. Also, I had some issues creating/editing the Runbook script when using the Graphical Runbook type, so I used the PowerShell Workflow. I would advise using the PowerShell Workflow option.

7

  • Within the script, use the code similar here. Note, your workflow will be name of your Runbook name. Also, in line 5, the -Name <hostname> will be your VM you are interested in automating the PowerOn. To be safe, I specified the FQDN.

8

  • Once complete, you can test and/or publish the Runbook. (You will need to Publish the Runbook in order to make use of it)
  • Next you will need to create a schedule. Go back to the Runbook, and select Schedules

9

  • Since I would like to start this VM daily, I set it for daily Recurrence.

10

You will now need to repeat all the steps above (starting at step 7) to create an automated shutdown Runbook. The PowerShell code will be almost exactly the same, but you will make use of the “Stop-VM -Name <hostname>” Cmdlets.

Once complete, your new Automation Runbook should look similar to this. Hopefully this will keep your Azure billing costs down, and hopefully no more daily/manual starting and shutting down your lab/Virtual Machine(s). =)

11

OMS SQL Assessment Solution

First things, first, what is the SQL Assessment Solution? OMS SQL Assessment Solution does exactly what it sounds like, it assesses a given SQL environment, providing a health check and risk assessment. The solution executes on a fixed (for now) interval monitoring and evaluates your SQL environment.

With the solution, it provides six focus areas, where it allows you and your SQL team(s) to understand where your environment may need attention either soon, or immediately. The focus areas provide recommendations based on Microsoft’s KB and Microsoft’s engineers across multiple environments, industries and scenarios. These recommendations are suggested in order to get your environment back in good standing.

Six Focus Areas:

  1. Security and Compliance
  2. Availability and Business Continuity
  3. Performance and Scalability
  4. Upgrade, Migration and Deployment
  5. Operations and Monitoring
  6. Change and Configuration Management

Each focus area will break down its recommendations based on a weighted system. The weighted system is based on three metrics: Impact, Probability and Effort.

Each metric can be broken down as follows:

  • The Impact of the issue on your organization if it does cause a problem. The higher the impact equates to a larger overall score for the recommendation.
  • The Probability that an issue identified will cause problems within the environment. The higher the probability equates to a larger overall score for the recommendation.
  • The Effort required to implement the suggested recommendation. A higher effort equates to a smaller overall score for the recommendation.

For example, if the “Schedule full database backups at least weekly,” is weighted with 4.0, this means after implementing the recommendations and satisfying the assessment, this will improve our SQL assessment score from 88% to 92%, an overall increase of 4%.

temp

Implementing the OMS Solution

To get the SQL Assessment Solution implemented, you will obviously need a SQL environment to monitor, and its Microsoft Monitoring Agent (MMA) either configured to OMS, or the agent/server a member of the OMS server group with SCOM.

Here are the steps you will need to follow to configure the SQL Run As account in the SCOM console:

Note, the Run As account you will be using, needs to be a member of the Local Administrators group on all of the Windows Servers hosting the SQL Server Instances.

  1. In SCOM, go to the Administrations tab
  2. Under the Run As Configuration, click Accounts
  3. Create the Run As Account, following through the Wizard, creating a Windows account
    1. Under Distribution Security, select More secure
  4. Go back to the Run As Configuration and click Profiles
  5. Search for the SQL Assessment Profile
  6. Assuming you are using SCOM 2012 R2 UR7, the profile name should be, “Micorsoft System Center Advisor SQL Assessment Run As Profile
  7. Right click and update its properties, and add the recently created Run As Account we just created in step 3
  8. Now you need to add the Run As account to the SQL database, and grant it the permissions it will need. Use the SQL code below, this will need to be executed on all SQL instances you are interested in incorporating into the SQL Assessment Solution. (I used this from the OMS documentation site; link can be found at the bottom of this blog)

---
    -- Replace "DOMAIN\UserName" with the actual user name being used as Run As Account (removing the quotes).
    USE master

    -- Create login for the user, comment this line if login is already created.
    CREATE LOGIN ["DOMAIN\UserName"] FROM WINDOWS

    -- Grant permissions to user.
    GRANT VIEW SERVER STATE TO ["DOMAIN\UserName"]
    GRANT VIEW ANY DEFINITION TO ["DOMAIN\UserName"]
    GRANT VIEW ANY DATABASE TO ["DOMAIN\UserName"]

    -- Add database user for all the databases on SQL Server Instance, this is required for connecting to individual databases.
    -- NOTE: This command must be run anytime new databases are added to SQL Server instances.
    EXEC sp_msforeachdb N'USE [?]; CREATE USER ["DOMAIN\UserName"] FOR LOGIN ["DOMAIN\UserName"];'

Once you have implemented the steps above, and assuming everything went successfully, soon, with OMS, you will see your SQL environment under the SQL Assessment Solution.

Hopefully there isn’t too much to fix. =)

SQL Assessment OMS

(more…)

Connecting Operations Management Suite (OMS) to SCOM

Assuming you are now equipped SCOM 2012 R2 UR7 the following procedure below to link your SCOM environment to your OMS workspace should be almost identical. If you are running on SCOM 2012 R2 UR6, then the steps below are similar, however please note, Microsoft was still referring to OMS as Operational Insights. With the UR7 update, the name was changed to Operations Management Suite.

For starters, I am going to assume you have an OMS workspace created and an Azure subscription. I am also going to assume you have a SCOM 2012 R2 (UR6 or higher) and some servers within your SCOM environment.

  • To begin, you will need to launch the Operations Manager console and go to the Administration tab/pane.
  • Within the Administration settings, select the Operations Management Suite (or Operational Insights on UR6).
  • Expand Operations Management Suite, and select connection.
  • Select Configure Operations Management Suite and follow the wizard instructions.
  • After you have successfully paired SCOM with OMS you can now add servers to your OMS Computer Group. Select Add a Computer/Group.

1 (3)

  • Within the Search, find the servers you want to add to the OMS group

2 (3)

  • Select the servers/computers, and hit OK
  • Once the servers have been added, you will now be able to see them within the Managed Computers, under the Operations Management Suite node

3 (3)

  • Now if you go back to the Operations Management Suite web portal, and select Connected Sources, under your settings, you should not only see your SCOM Management Group name, but also see the servers we have now added to the OMS group via SCOM.

4 (3)