Image

Tag Archives: backup

Migrate AWS to Azure Part 2

/ / Leave a comment

Appalacian Trail

“In a chronically leaking boat, energy devoted to changing vessels is more productive than energy devoted to patching leaks.” -Warren Buffett

 

 

Using the Azure Command Line Tools

Getting familiar with Azure CLI

Connecting to your Azure subscription

Open command line windows from Start->Run (Windows+R)


 

 

At the command prompt type ‘azure login’ as shown below

 


Once you press the enter key, instructions will be displayed on the command line to authenticate the machine.

Depending on number of subscriptions you may have for the credentials, it may take few seconds for the subscriptions to load up at the command line

 

Because the Azure Resource Manager mode is not enabled by default, use the following command to enable Azure CLI Resource Manager commands.

 

azure config mode arm
Select the subscription under context, you can do this by listing the subscriptions and selecting the one that is needed:

azure account list

 

If you have more than one subscription you should set the subscription by typing in azure account set ‘your subscription name


 

 

Enumerating Resource Groups and resources in a Resource Group

By executing azure group list, you get the listing of all resource groups in the subscription.

azure group list
Update the properties of the resource group (adding a tag):

azure group set labrg –tags ‘Department=LAB’

To list the resources in a ‘resource group’ execute the below command.

azure group show labrg

 

Enumerate Virtual Machines

Since the resource group is already set, you can list the virtual machines by executing the below command.

azure vm list

 

Start/Stop a Virtual machine

You can stop the SQL Virtual Machine in the previously created scale set by executing the following command (Note: if your resource group or machine name was different you will need to specify those values here)

azure vm stop ARMHackathonScaleSet armsql

This will simply stop the VM. To deallocate the VM and stop it from incurring compute costs you will have to execute stop with deallocate as follows:

azure vm deallocate ARMHackathonScaleSet armsql

You can start the SQL virtual machine back up executing the following command:

azure vm start ARMHackathonScaleSet armsql

 

Connecting to your Azure subscription

Like the Azure CLI, the PowerShell cmdlets need access to your subscription so they can manage your services. On the Windows machine, click the Windows logo in the bottom corner and start typing Azure PowerShell.
The PowerShell console should appear.


 

 

Execute the following command to login using Azure Resource Manager (in class mode this is Add-AzureAccount).

Login-AzureRmAccount

 

Provide authentication details in the pop-up window to associate the PowerShell instance with the Azure subscription.

Depending on the number of subscriptions associated with your Microsoft account or organizational account, all the subscriptions are loaded. Type the following command to select a particular subscription:

Select-AzureRmSubscription –SubscriptionId <Subscription ID>

 

At this point, all commands that you execute will be against this one particular selected subscription id.

Enumerating Resource Groups and resources in a Resource Group

To enumerate all the Resource Groups, type the below command:

Get-AzureRmResourceGroup

 

To enumerate all the resources in a subscription, type the below command:

Get-AzureRmResource

 

Enumerate Virtual Machines

To enumerate virtual machines in a ResourceGroup, type the below command:

Get-AzureRmVM

 

Start/Stop a Virtual machine

Type the following command to stop a VM (in PowerShell this deallocates the virtual machine).

Stop-AzureRmVM–ResourceGroup ARMHackathonScaleSet -Name ARMSQL

 

Type the following command to start a VM

Start-AzureRmVM–ResourceGroup ARMHackathonScaleSet -Name ARMSQL

 

Delete the ARMHackathonScaleSet resource group

Delete the existing deployment (to save on core quota) by opening the Azure portal (portal.azure.com) in your browser.

Click Resource groups


 

Click the ARMHackathonScaleSet resource group (or whatever you named your deployment)

Click Delete, and then confirm by typing in the name of the resource group.

 

Leverage resource group template and create the scenario

Login to your Azure account at https://portal.azure.com
We will do a template based deployment. In order to save time, you will use a pre-defined template out of the Azure template quick-starts repository.

Launch a browser and navigate to the following URL:

https://github.com/Azure/azure-quickstart-templates/tree/master/201-userdefined-routes-appliance

Click the Deploy to Azure button on the bottom of the page:


 

Specify the following values:
  • Location: [closest region to you]
  • NEWSTORAGEACCOUNTNAME: <Provide unique storage account name>
  • ADMINUSERNAME: demouser
  • ADMINPASSWORD: demo@pass1
  • UNIQUEPREFIXFORVM: rva
  • VMNAMEPREFIX: Dynamic
  • PUBLICIPADDRESSTYPE: Dynamic
  • WINDOWSOSVERSION: 2012-R2-Datacenter
Click OK
Provide the following details for rest of the settings:
  • Name of resource group: UDR
  • Resource group location: [choose the same region]
  • Review and accept the legal terms
Click Create to kick off the deployment.

At the end of deployment, you will have the following resources created:


Understand the deployment

Let us navigate through the deployment to understand the virtual machines and routes that were created.

 

Once you click on BasicNVA, you will be able to see the route and the associated Subnet- FrontendSubnet.

If you look at the resource template file that we used- https://github.com/Azure/azure-quickstart-templates/blob/master/201-userdefined-routes-appliance/azuredeploy.json, IP forwarding is enabled at the Dynamic1 VM.

 

 

Configure Routing and Remote Access for the appliance VM

Login to the Dynamic0 [FrontEndSubnet] VM


 

 

Once in, open the command prompt by right clicking on the Windows logo in the bottom left corner and clicking Run.


 

 

From Dynamic0 [FrontendSubnet] to Dynamic2 [BackendSubnet] if you were to trace the route, based on the routing table we should get one hop to Dynamic1 [RVASubnet]. But since we haven’t yet configured Routing and Remote Access we get Timeout.


 

 

Minimize Dynamic0 VM window and connect via RDP to the Dynamic1 VM.


 

 

Once in the virtual machine right click on the Windows Logo in the bottom left corner, click Run and enter Services.msc.


 

 

In the services console, locate ‘Routing and Remote Access’ service, right click and click properties. Change from disabled to automatic and click OK. Then right click on the service and select start.


 

This service offers routing over LAN and WAN.
Switch back to the Dynamic0 VM and trace the route to Dynamic2. This time we can see the Dynamic1 (the appliance) is the hop 1.


Next we want to meet this objective


Login to your Azure subscription in two PowerShell Sessions

Login to the LABVM created in the first lab.
Once in, right click on the Windows logo, click Run and type ‘PowerShell’


 

 

Repeat this step so you have two PowerShell sessions open.


 

 

Set the PowerShell context to the relevant subscription by logging in to your Azure account using the Login-AzureRmAccount cmdlet.

Execute this in both PowerShell sessions.

Login-AzureRmAccount

 

This command will prompt a sign-in window, please provide the necessary credentials to sign-in to your Azure account. This will take several seconds to associate the context with PowerShell window.

Depending on the number of subscriptions associated with your Microsoft account or organizational account, all the subscriptions are loaded. Execute a get command in one of the sessions to get the list.

Get-AzureRmSubscription

 

This will display list of subscriptions. Copy the name of the subscription you are interested in.

Type the following command to select a particular subscription. Paste the subscription ID from step 4 above.

Execute this in both PowerShell sessions.

Select-AzureRmSubscription –SubscriptionID<Subscription ID>

 


At this point, all commands that you execute will be against this one particular selected subscription.

Create virtual network 1 with gateway configuration

Values for VNet1:

  • Virtual Network Name = VNet1
  • Resource Group = RGFORVNET1
  • Address Space = 10.1.0.0/16
  • Region = Choose a region close to you
  • GatewaySubnet = 10.1.0.0/28
  • Subnet1 = 10.1.1.0/28

Identify the names of the regions you will use for the lab by executing the following command in the first console.

((Get-AzureRmResourceProvider -ProviderNamespace Microsoft.Compute).ResourceTypes | Where-Object ResourceTypeName -eq virtualmachines).Locations

 

Execute the following command in the first console, ensure you replace the placeholder value with the closest region to you:

$region1 = ‘[location name]’

 

Execute the following command in the second console, ensure you replace the placeholder value with a secondary region:

$region2 = ‘[location name]’

 

Create a resource group in the first console, for the first virtual network in the first region.

New-AzureRmResourceGroup-NameRGFORVNET1 Location$region1

 

Execute the rest of the commands in this exercise in the in the first console.

Create the virtual network with two subnets as part of this resource group. Please note that one of the subnets is a gateway subnet.


$subnet = New-AzureRmVirtualNetworkSubnetConfig -Name ‘GatewaySubnet’ -AddressPrefix 10.1.0.0/28

 

$subnet1 = New-AzureRmVirtualNetworkSubnetConfig -Name ‘Subnet1’ -AddressPrefix ‘10.1.1.0/28’

 

New-AzureRmVirtualNetwork -Name VNet1 -ResourceGroupName RGFORVNET1 -Location $region1 -AddressPrefix 10.1.0.0/16 -Subnet $subnet, $subnet1

 

Request for public IP address. This public IP shall be associated with the gateway configuration which should be publicly accessible for the VPN connectivity. Ensure you specify the same location as the virtual network.

$gwpip= NewAzureRmPublicIpAddressName gwpip1 –ResourceGroupNameRGFORVNET1Location$region1 AllocationMethodDynamic

 

Create the gateway configuration with the above public IP and gateway subnet.

$vnet = GetAzureRmVirtualNetworkNameVNet1ResourceGroupNameRGFORVNET1

 

$subnet = GetAzureRmVirtualNetworkSubnetConfigName‘GatewaySubnet’VirtualNetwork $vnet

 

$gwipconfig = NewAzureRmVirtualNetworkGatewayIpConfigName gwipconfig1 –SubnetId $subnet.IdPublicIpAddressId $gwpip.Id

 

Create the gateway itself using the gateway configuration from the previous step. Ensure you use the same location as the virtual network.

NewAzureRmVirtualNetworkGatewayName vnetgw1 –ResourceGroupNameRGFORVNET1 Location$region1 IpConfigurations $gwipconfig –GatewayTypeVpnVpnTypeRouteBased

At this point we have a virtual network with one two subnets, one for VM provisioning in the private network and other as gateway subnet with public IP configuration.

Note: Please continue to the next exercise while the first gateway provisions.

Create virtual network 2 with gateway configuration

Values for VNet2:

  • Virtual Network Name = VNet2
  • Resource Group = RGFORVNET2
  • Address Space = 10.2.0.0/16
  • Region = a remote virtual network
  • GatewaySubnet = 10.2.0.0/28
  • Subnet1 = 10.2.1.0/28

Execute the rest of the commands in this exercise in the in the second console.

We will create this network and resource group in the second region. Start by creating the resource group in the second region.

New-AzureRmResourceGroup-NameRGFORVNET2 Location$region2

 

Create the virtual network with two subnets as part of this resource group. Please note that one of the subnets is a gateway subnet. Ensure you specify the same location as the resource group.

$subnet = NewAzureRmVirtualNetworkSubnetConfigName‘GatewaySubnet’AddressPrefix10.2.0.0/28

 

$subnet1 = NewAzureRmVirtualNetworkSubnetConfigName‘Subnet1’AddressPrefix‘10.2.1.0/28’

 

NewAzureRmVirtualNetworkNameVnet2ResourceGroupNameRGFORVNET2 Location$region2 AddressPrefix10.2.0.0/16Subnet $subnet, $subnet1

 

Request for public IP address. This public IP shall be associated with the gateway configuration which should be publicly accessible for the VPN connectivity. Ensure you specify the same location as the virtual network.

$gwpipRG2= NewAzureRmPublicIpAddressName gwpip1RG2 –ResourceGroupNameRGFORVNET2Location$region2 AllocationMethodDynamic

 

Create the gateway configuration with the above public IP and gateway subnet.

$vnet = GetAzureRmVirtualNetworkNameVnet2ResourceGroupNameRGFORVNET2

 

$subnet = GetAzureRmVirtualNetworkSubnetConfigName‘GatewaySubnet’VirtualNetwork $vnet

 

$gwipconfigRG2 = NewAzureRmVirtualNetworkGatewayIpConfigName gwipconfig1RG2 –SubnetId $subnet.IdPublicIpAddressId $gwpipRG2.Id

 

Create the gateway itself using the gateway configuration from the previous step. Ensure you specify the same location as the previous resources.

NewAzureRmVirtualNetworkGatewayName vnetgw2 –ResourceGroupNameRGFORVNET2 Location$region2IpConfigurations $gwipconfigRG2 –GatewayTypeVpnVpnTypeRouteBased

 

You must wait until both gateways have been created before proceeding to Exercise 4.

Connect the gateways

For communication from VNet1 to VNet2 execute the steps below.

$vnetgw1 = GetAzureRmVirtualNetworkGatewayName vnetgw1 –ResourceGroupNameRGFORVNET1

 

$vnetgw2 = GetAzureRmVirtualNetworkGatewayName vnetgw2 –ResourceGroupNameRGFORVNET2

 

NewAzureRmVirtualNetworkGatewayConnectionName conn1 –ResourceGroupNameRGFORVNET1VirtualNetworkGateway1 $vnetgw1 –VirtualNetworkGateway2 $vnetgw2 –Location$region1 ConnectionTypeVnet2VnetSharedKey‘abc123’

 

For communication from Vnet2 to Vnet1 execute the steps below.

$vnetgw1 = GetAzureRmVirtualNetworkGatewayName vnetgw2 –ResourceGroupNameRGFORVNET2

 

$vnetgw2 = GetAzureRmVirtualNetworkGatewayName vnetgw1 –ResourceGroupNameRGFORVNET1

 

NewAzureRmVirtualNetworkGatewayConnectionName conn2 –ResourceGroupNameRGFORVNET2VirtualNetworkGateway1 $vnetgw1 –VirtualNetworkGateway2 $vnetgw2 –Location$region2 ConnectionTypeVnet2VnetSharedKey‘abc123’

 

Verify the connections

Create a virtual machine in resource group RGFORVNET1 from the portal. Login to the https://portal.azure.com and select a Windows 2012 image as below.


 

 

On the screen that comes up, select “Resource Manager” deployment model and click “Create”.


 

Provide the ‘basic settings’ as follows:


 

 

Name of the VM: rvavnet1vm
User name: demouser
Password: demo@pass1
Subscription: Select the relevant subscription
Resource group: select RGFORVNET1
Location: Choose the same location as the first virtual network.
Choose DS1 as the size of VM.


 

 

On the settings blade, select the 1st virtual network created above and the subnet with name ‘Subnet1’:


 

 

Click OK on the ‘Settings’ blade and on the ‘Summary’ blade. This will create the virtual machine in VNET1.
Create a virtual machine in resource group RGFORVNET2 from the portal. Login to the https://portal.azure.com and select a Windows 2012 image as below.


 

 

On the screen that comes up, select “Resource Manager” deployment model and click “Create”.


 

 

Provide the ‘basic settings’ as follows:

Name of the VM: rvavnet2vm

User name: demouser

Password: demo@pass1

Subscription: Select the relevant subscription

Resource group: select RGFORVNET2

Location: Specify the region of the second virtual network

Choose DS1 as the size of VM.


 

 

On the settings blade, select disk type as standard, select the VNET2 and Subnet 1.
Click OK on the ‘Settings’ blade and on the ‘Summary’ blade. This will create the virtual machine in VNET2.
We will now try to login to “rvavnet2vm” (VM in the second region) from a virtual machine “rvavnet1vm” from US West using rvanet2vm’s private IP.
Login to the rvanet1vm VM in the first region


 

 

Once in the virtual machine, press Windows+R, and enter mstsc


 

 

In the computer name for ‘remote desktop connection’ enter the IP for the VM in the second regionrvavnet2vm. You can get the private IP this from the portal as below:


 

 

Enter that IP at the computer name and click ‘Connect’. That should log you in to the Japan East virtual machine over site-to-site VPN connection. Please note that in your case this IP may be different.


.

Deploying a Geo-Redundant Solution with Traffic Manager

Provision web servers in two regions.

Create a new Windows Server 2012 R2 virtual machine.


 

 

Choose the “Resource Manager” deployment model and click “Create”.


 

 

For the virtual machine provide the following configuration:
Name: WebApp1
User name: demouser
Password: demo@pass1
Subscription: choose your Azure subscription.
Resource Group: Create a new resource group called WebApp1RG.
Location: choose the closest region to you.
For the size of the virtual machine select Standard D1.

In the settings section, ensure Standard storage is selected, click Network Security Group, and then click Add an inbound rule.
Add an inbound rule as below:

 

 

Click all OK buttons and create the virtual machine.

Repeat the previous steps to create a second virtual machine and provide the following configuration
Name: WebApp2
User name: demouser
Password: demo@pass1
Subscription: Choose a relevant one.
Resource Group: Create a new resource group called WebApp2RG.
Location: Specify a different region from the first.
At this point, you should have two Windows 2012 R2 Servers in two different regions.

Add IIS role to the Windows Servers.

After each virtual machine is provisioned login using remote desktop by clicking the Connect button on the virtual machine configuration blade and logging in with the administrative credentials.
Once inside the VM, click the PowerShell icon on the task bar.
In the PowerShell console execute the following command to install IIS:

Add-WindowsFeature -Name“Web-Server”

 

Repeat the steps for both virtual machines to install IIS.
AfterOnce IIS has completed installation open the file C:\InetPub\wwwroot\iisstart.htm in notepad on each server.  Below the div with the id of container add the region name the server is located in and an HTML break <br /> (example below). Save both files.

Configure DNS Labs on the Web Server Public IPs

In the Azure Management Portal click Browse ->Resource Groups and select WebApp1RG.
Click the Public IP resource WebApp1.

 

 

Click Configuration and specify a unique DNS name label and click Save on the toolbar.

Repeat the steps and open WebApp2RG, then set a unique DNS name on the WebApp2 public IP.

Configure Traffic Manager

In the Azure Management Portal click Browse ->Traffic Manager Profiles
Click the Add button from the toolbar to create a new profile

Name: A unique name for the Traffic Manager profile

Routing method: Priority (this is formerly failover)

Resource Group: ARMTMRG

Location: Choose the region closest to you

 

 
Click Create to create the Traffic Manager profile.
Change the Traffic Manager DNS TTL to 30 seconds (easier to validate a failover)

 

 

Click the Endpoints tile.

 

Click Add

 

 

Add an endpoint to the Traffic Manager profile for the first virtual machine.

Name: WebApp1

Priority 1:

Resource Group: WebApp1RG

Target resource type: Public IP Address

Target Resource WebApp1

 

 
Add another endpoint for the second virtual machine.

Name: WebApp2

Priority 2:

Resource Group: WebApp2RG

Target resource type: Public IP Address

Target Resource WebApp2

Test the failover.

Back in the portal navigate to the traffic manager blade


Click the Traffic Manager Profile name to open.

 

Observe that the two end points we added are reflected here.
Click the DNS name to load the website through the Traffic Manager endpoint.
If you added west site before, then west site will come up because the traffic manager profile is ‘priority’ or in other words ‘failover’. Only when west site is unreachable for 30 seconds will the traffic manager switch to the Central site.
In the Portal, open the configuration blade for the WebApp1 virtual machine and click Stop on the toolbar.
Go back to the browser and refresh the Traffic Manager DNS profile URL. This should give you an error that the webpage is not available.
Wait for 30 seconds (since we had set the TTL for the traffic manager profile as 30 seconds), and refresh the browser again. Traffic Manager will display the webpage from the second region.

Protecting a Virtual Machine with Azure Backup

Create VMs to backup

Create two virtual machines which will be configured for backup using the Azure backup vault.
Login to the “classic” Azure management portal- https://manage.windowsazure.com.
Click on ‘New’ button on the left bottom.

 

 

In the screen that pops-up, select COMPUTE , VIRTUAL MACHINE, QUICK CREATE

Provide the virtual machine details as follows:

DNS Name: winvmbkp
IMAGE: Windows Server 2012 (default one)
SIZE: A1 (we won’t be logging into this machine so minimum size is just fine)
USER NAME: demouser
NEW PASSWORD: demo@pass1
CONFIRM: demo@pass1
REGION: East US

Click on “CREATE A VIRTUAL MACHINE”.

Let us repeat the above steps to create a LINUX virtual machine.
Click on ‘New’ button on the left bottom.

 

 

In the screen that pops-up, select COMPUTE, VIRTUAL MACHINE, QUICK CREATE


 

 

Provide the virtual machine details as follows:

DNS Name: linuxvmbkp
IMAGE: Ubuntu Server 15.10
SIZE: A1 (we won’t be logging into this machine so minimum size is just fine)
USER NAME: azureuser (default, you cannot change this here)
NEW PASSWORD: demo@pass1
CONFIRM: demo@pass1
REGION: East US

Click on “CREATE A VIRTUAL MACHINE”.

After 5-7 minutes, these virtual machines should be up and running.


 

 

In the steps that follow, we will configure Azure VM backup vault to backup these two VMs. Please note that machines created using ‘resource manager’ will not be visible from within this portal as Azure Backup does not support ARM yet.

Create a backup Vault

Login to the Azure management portal- https://manage.windowsazure.com.
Click on the ‘New’ button on the left bottom-


 

 

Click Recovery Services > New > Data Services > Recovery Services > Backup Vault and Quick Create. In Name, enter a name to identify your vault and in the Region field select the geographic region for the vault. Click Create Vault.

 

 

Note: The Backup vault needs to be in the same region as the virtual machines you want to protect. If you have virtual machines in different regions create a vault in each one.

Register Virtual Machines

Click on the ‘Recovery Services’ module on the left. Double-click the vault to open it


 

 

Click the Registered Items and in the Action Bar click Discover at the bottom.


 

 

Once the machines are discovered, it will give the following message:


 

Once the discovery process completes, Click Register.


 

 

In the Register Items dialogue box, select the virtual machines you want to register and click the check mark to register them.


 

 

Note: The registration process deploys the Recovery Services extension on the virtual machine and enables backup. This extension enables Backup to take an application-consistent backup with the Volume Shadow Copy Service (VSS), without needing to shut down the virtual machine.

After registration finishes the virtual machine will appear on the page with ‘Registered’ status.
Click on the ‘Protect’ option at the bottom.


 

On the Select items to protect page check the virtual machines for which you want to enable protection and click next (the right pointing arrow).


 

 

On the configuration page, select the options as shown below-


 

SELECT POLICY: select Create New.
POLICY NAME: VMBkpPolicy (give name for the policy).
BACKUP FREQUENCY: Daily | 6:30PM (pick a suitable frequency and time).

On the Retention Range page, select the retention periods as required. Azure supports daily, weekly, monthly and yearly retention policies. Customers can now retain their data for up to 99 years in Azure!


 

 

It will appear with the ‘Protected (initial backup pending)’ status until the initial backup finishes and then with a ‘Protected’ status.

You can as well choose to manually trigger a backup by selecting “BACKUP NOW” in the PROTECTED ITEMS view. Select each machine and click the Backup Now button to initiate the first backup.

 

 

The running backups can be monitored in the Jobs tab.


 

Until next year….

TwitterFacebookGoogle