Tuesday, June 27, 2017

Secure transfer required

Secure transfer required now available in Azure Storage Account

"Secure transfer required" option enhances the security of your storage account by only allowing requests to the storage account from secure connections.

How enable "Secure transfer required" in the Azure portal

This is how you Enable Secure transfer required setting both when you create a storage account in the Azure portal, and for existing storage accounts.

Enabling Require secure transfer when you create a storage account

1.     Open the Create storage account blade in the Azure porta
2.     Under Secure transfer required, select Enabled.




Enabling Require secure transfer for an existing storage account

1.     Select an existing storage account in the Azure portal.
2.     Select Configuration under SETTINGS in the storage account menu blade.
3.     Under Secure transfer required, select Enabled.















Alert - Guidance Concerning "Petya Ransomware

Alert - Guidance Concerning "Petya Ransomware

This alert is to provide you with guidance concerning the ransomware issue being discussed broadly in the press starting on Tuesday, June 27, 2017, and causing a large volume of customer inquiries.  This ransomware is being described by the press and security researchers as “Petya Ransomware.”

Overview

Microsoft’s antivirus software detects and protects against this ransomware. Our initial analysis found that the ransomware uses multiple techniques to spread, including two which were addressed by a security update (MS17-010) previously provided for all platforms from Windows XP to Windows 10.
  
Malware Detection

Windows Defender, System Center Endpoint Protection, and Forefront Endpoint Protection detect this threat family as Ransom:Win32/Petya. Ensure you have a definition version equal to or later than:
·        Threat definition version: 1.247.197.0
·        Version created on: 12:04:25 PM : Tuesday, June 27 2017
·        Last Update: 12:04:25 PM : Tuesday, June 27 2017
In addition, the free Microsoft Safety Scanner http://www.microsoft.com/security/scanner/ is designed to detect this threat as well as many others.
Those with a solution from an antivirus provider other than Microsoft should check with that company.

Recommendations

Three specific steps customers can take to mitigate against new ransomware: 
1.      Ensure you have the latest security updates installed
2.      Ensure you have the latest AV Signatures from your preferred AV vendor
3.      Do not open email/attachments from unknown/untrusted sources



Additional Resources

·        The Microsoft Security Tech Center: https://technet.microsoft.com/en-us/security/default
·        The Microsoft Security Update Guide: http://aka.ms/securityupdateguide

Sunday, June 25, 2017

Azure Site Recovery now supports managed disks

Azure Site Recovery supports managed disks

Azure Site Recovery (ASR) now supports managed disks. This follows the announcement of Azure’s support for managed disks in February. With the integration of managed disks into ASR, you can attach managed disks to your machines during a failover or migration to Azure. 
Managed disks provide the following advantages:
  1. Simplified disk management for Azure IaaS VMs by removing the hassle of managing storage accounts for your machines after failover to Azure.
  2. Improved reliability for Availability Sets by ensuring that the disks of the failed over VMs are automatically placed in different storage scale units (stamps) to avoid single points of failure.
To attach managed disks to your machine on a failover, set “Use managed disks” to “Yes” in the Compute and Network settings for the virtual machine as shown below.

Below are a few considerations to keep in mind when using this feature: 
  • Managed disks can be created only for virtual machines deployed using the Resource manager deployment model.  
  • Virtual machines with managed disks can only be part of availability sets with "Use managed disks" property set to "Yes". Learn more about managed disks and availability sets.
  • If the storage account used for replication was encrypted with Storage Service Encryption (SSE) at any point in time, creation of managed disks during failover will fail. In such a scenario, you can either set "Use managed disks" to "No" in the Compute and Network settings for the virtual machine and retry failover or disable protection for the virtual machine and protect it to a storage account which did not have Storage service encryption enabled at any point in time. Learn more about managed disks and Storage service encryption.
  • For Hyper-V VM’s managed by/not under the management of System Center VMM, set the option to use managed disks only if you intend to migrate your machine to Azure. This is because failback from Azure to on-premises Hyper-V environment is not currently supported for machines with managed disks.
  • Data from on-premises VMs replicates to a target storage account in Azure, as is with the experience today. Managed disks are created and attached to your machine only on a failover to Azure.
  • Disaster Recovery of Azure IaaS machines with managed disks is not supported currently and will be made available in the future.
The latest Deployment Planner tool, version 1.3, supports managed disks. You can download the tool from the ASR Deployment Planner doc. For a complete understanding of how managed disks works, please refer to the detailed Managed disks documentation.

Note: DR for Azure IaaS machines with managed disks is not supported currently

Thursday, June 22, 2017

Azure Backup for Windows Server system state and applications

Azure Backup for Windows Server system state and applications

With the new version of Azure Backup Server it easier for you to protect your windows Server and the ability to perform on-premises system state backup.
Azure Backup is less complex and less expensive than traditional backup solutions, where you would have to pay for the tape, maintenance and personnel of an offsite. Retrieving tape from an offsite location is time consuming, and the functionality of the tape is not guaranteed.

Cost-effective storage with latest version of Azure Backup Server

Azure Backup is a compliant and cost-effective backup solution that makes it easier to protect application workloads running on your Windows Server environment. As a hybrid solution, Azure Backup enables you to store data onto disk and in Azure. Azure Backup Server is included with the Azure Backup service, and you can use it to make disk backups for Microsoft workloads such as SQL Server, Exchange and SharePoint running on physical servers, Hyper-V or VMware. Azure Backup Server has been redesigned to reduce the backup storage consumed on disk, so you can have lower storage costs. You can use Azure Backup Server when you need to meet tight recovery time objectives (RTO) for restoring data from disk to your on-premises Windows Server in a few minutes. To further reduce costs, stop paying for an offsite location to save backups for compliance purposes and use Azure Backup to store your backups in Azure for long term retention, up to 99 years.

Windows Server system state backup to Azure

Azure Backup also helps you protect Windows Server virtual machines running in Azure, and you can even restore data from Azure to on-premises. Starting today, you can use Azure Backup to back up your on-premises Windows Server system state to Azure. In the event something happens to your Windows Server, Azure Backup can give you a snapshot of your system state, including files, Active Directory settings and certification services stored in Azure. You can then restore your system state from Azure back to your on-premises Windows Server.
Whether you are backing up data to disk or to Azure, you can manage your backups from the Azure portal. Azure Backup reduces cost and increases compliance by giving you a single backup solution that supports your on-premises or Azure Windows Servers.

Monday, June 19, 2017

Protect Windows Server 2016 and vCenter/ESXi 6.5 using Azure Backup Server

Protect Windows Server 2016 and vCenter/ESXi 6.5 using Azure Backup Server


Azure Backup Server is a cloud-first backup solution that helps in protecting business critical applications as well as virtual machines running on Hyper-V or VMware VMs. With the latest release of Azure Backup Server, you can protect applications such as SQL 2016, SharePoint 2016, Exchange 2016, and Windows Server 2016, locally to disk for short term retention as well as to cloud for long term retention. Azure Backup Server also introduces Modern Backup Storage technology that helps in reducing overall Total Cost of Ownership (TCO) by providing savings on storage and faster backups. Azure Backup Server also guards your critical data not only against accidental deletion but also against various security threats such as ransomware. You also get free restores from cloud recovery points, thereby further reducing backup TCO.

Native Integration of Azure Backup Server with Windows Server 2016

Azure Backup Server natively integrates with Windows Server 2016 capabilities to provide more secure, reliable and efficient backups.
Value Propositions
  1. Efficient: Azure Backup Server’s Modern Backup Storage technology leverages Windows Server 2016 capabilities such as ReFS Block Cloning, VHDX, and Deduplication to reduce storage consumption and improve performance. This leads to 3X faster disk backups and 50% reduction in on premise storage consumption. Azure Backup Server’s workload-aware backup storage technology gives you the flexibility to choose appropriate storage for a given data source type. This flexibility optimizes overall storage utilization and thus reduces backup TCO further.
  2. Reliable: Azure Backup Server uses RCT (the native change tracking in Hyper-V), which removes the need for time-consuming consistency checks. Azure Backup Server also uses RCT for incremental backup. It identifies VHD changes for virtual machines, and transfers only those blocks that are indicated by the change tracker. With Hyper-V building this tracking feature natively within the platform, you can avoid painful consistency checks that would have led to restarting backups.
  3. Secure: Azure Backup Server’s ability to do backup and recovery of Shielded VMs securely helps in maintaining security in backups. Azure Backup Server can protect Shielded VMs and maintain the security in the backups as well. Azure Backup Server’s security features are built on three principles – Prevention, Alerting, and Recovery – to enable organizations increase preparedness against ransomware attacks and equip them with a robust backup solution.
  4. Flexible: Windows Server 2016 comes with Storage Spaces Direct (S2D), that eliminates the need for expensive shared storage and related complexities. Azure Backup Server can backup Hyper-V VMs on Windows Server 2016 deployed on Storage Spaces Direct. Azure Backup Server can also auto protect SQL instances and VMware VMs to cloud as well. Upgrading Azure Backup Server from an older release is simple and will not disrupt your production servers. After upgrading to latest version of Azure Backup Server and upgrading agents on production servers, the backups will continue without rebooting production servers.

Support for vCenter and ESXi 6.5

VMware VM backup with Azure Backup Server was announced as part of Update 1 of the previous release. There are a couple of enhancements with respect to VMware VM protection with the new version of Azure Backup Server:
  1. Azure Backup Server comes with support for vCenter and ESXi 6.5 along with support for 5.5 and 6.0
  2. Azure Backup Server comes with the added feature of auto protecting VMware VMs to cloud. If VMware VMs are added to a folder, they will be automatically protected to disk and cloud.
If Azure Backup Server is installed on Windows Server 2016, protection of VMware VMs is in preview mode until VMware releases support for VDDK 6.5 for Windows Server 2016.


Tuesday, June 6, 2017

Replicating from Azure to Azure

Replicating from Azure to Azure
















This Post is about how to replicate Azure virtual machines (VMs) between Azure regions, using the Azure Site Recovery service in the Azure portal.

Support matrix for Azure VM replication

Networking guidance document

Before you start
·        Azure user account needs permission to enable replication of an Azure VMS
·        Subscription should be enabled to create VMs in the target location you want to use as DR region.




Creating the Recovery vault.

Log in to the Azure portal Click New > Monitoring & Management > Backup and Site Recovery.
Add a name to identify the vault, select subscription, create a resource group or use an Exciting One. Specify an Azure region






















If you want to quickly access the vault from the dashboard, click Pin to dashboard and then click Create.

Enable replication


In Recovery Services vaults, click the vault name. In the vault, click Replicate button on the top.



 




Configure Source

Select Azure - PREVIEW in the Source.Select the source Azure region where the VMs are currently running.Select VM Deployment model Resource Manager or Classic.Select the Source resource group of the VMs.



















After all this configuration  Click Ok.


Virtual machines

When clicked Ok it automatically moves the VM selection 















In my case i have an IIS Server  that i will replicate as you can see in the above image.

After Selecting VM Click OK for the Next step.


Configure settings

By default, Site Recovery automatically creates settings in the target location using settings that are configured in the source location, including a target resource group, storage accounts, virtual network, and availability sets (all are created with the suffix asr).











Click Customize to override the default target settings and specify the settings of your choice.

Customize target resources

In case you want to change the defaults used by ASR, you can change the settings based on your needs.
  1. Customize: Click it to change the defaults used by ASR.
  2. Target resource group : You can select the resource group from the list of all the resource groups existing in the target location within the subscription.
  3. Target Virtual Network: You can find the list of all the virtual network in the target location.
  4. Availability set : You can only add availability sets settings to the virtual machines which are a part of availability in source region.
  5. Target Storage accounts:

By default, Site Recovery creates a replication policy that takes app-consistent snapshots every 4 hours, and retains recovery points for 24 hours. To create a policy with different settings, click Customize next to Replication Policy.

To Customize Click Replication policy  Customize
































Click Create target resources to start provisioning. It should take a minute or so. Don't close the blade during provisioning, or you'll need to start over.











Click Enable replication. This Start replication of the selected VMs.














Global Vnet Peering

g  Global Vnet Peering Configuration  Ø Global VNet Peering enables peering virtual networks in different Azure regions. Ø Tr...