Tag Archives: Azure HighAvailability

Step-by-Step Guide to protect Azure VM using Azure Backup

Azure Backup is capable of replacing typical on-premises backup solutions. It is cloud-based, secure, reliable solution. It has four components which can use to backup different types of data.

Component

Protected data

Can use with On-premises?

Can use with Azure?

Azure Backup (MARS) agent

Files, Folders, System State

Yes

Yes

System Center DPM

Files, Folders, Volumes,

VMs, Applications, Workloads, System State

Yes

Yes

Azure Backup Server

Files, Folders, Volumes,

VMs, Applications, Workloads, System State

Yes

Yes

Azure IaaS VM Backup

VMs, All disks (using PowerShell)

No

Yes

More details about azure backup and components limitations can be find on https://docs.microsoft.com/en-us/azure/backup/backup-introduction-to-azure-backup 

In this article we are going to look in to Azure VM backup (Azure IaaS VM Backup). 

How Azure VM Backup works? 

Azure VM backup doesn’t need any special agent installed in VM. It also does not need to have any additional components (backup server) install either to enable backup. When very first backup job is triggered, it installs backup extension inside the VM. If its Windows VM, it installs VMSnapshot extension and if its Linux VM, it installs VMSnapshotLinux extension. VM must be in running state in order to install extension. After extension in place, it takes point-in-time snapshot of the VM. If VM is not running during backup window, it takes snapshot of VM storage. If its windows VM, backup service uses Volume Shadow Copy Service (VSS) to get consistence snapshot of VM disk. If its Linux VM, users can create custom scripts to run before and after backup job to keep application consistency. Once snapshot is taken it will transfer to the backup vault. Service can identify the recent changes and only transfer the block of data which changed from last backup. Once the data transfer completes snapshot will removed and recovery point will be created. 

vmbackup-architecture

Image Source: https://docs.microsoft.com/en-us/azure/backup/media/backup-azure-vms-introduction/vmbackup-architecture.png 

Performance of backup depends on,

1) Storage account limitations 

2) Number of disks in VM

3) Backup Schedule – if all jobs running in same time it can create traffic jam

According to Microsoft following are recommended when you use Azure backup for Azure VMs. Reference: https://docs.microsoft.com/en-us/azure/backup/backup-azure-vms-introduction 

1) Do not schedule more than 40 VMs to backup same time.

2) Schedule VMs backup when minimum IOPs been used in your environment (In relevant storage accounts). 

3) Better not to back up more than 20 disks in single storage account. If you have more than 20 disks in single storage account spread those VMs across the multiple policies to maintain required IOPS. 

4) Do not restore a VM running on Premium storage to same storage account. Also try to avoid restore while backup process is running on same storage account.

5) For Premium VM backup, ensure that storage account that hosts premium disks has at least 50% free space for staging snapshot for a successful backup.

6) Linux VM needs python 2.7 enabled for backup.

Next step is to see this in action.

1) Log in to Azure Portal as Global Administrator

2) First step is to create Azure Recovery Service Vault. In order to do that, go to All Services and click on Recovery Service vaults under storage section. 

bk1

3) Then click on Add in new window

bk2

4) It will open up wizard and there provide vault name, subscription, resource group and location. Once done, click on Create.

bk3

5) Now we have vault created, next step is to create backup policy. To do that click on vault we just created from the Recovery service vault window.

bk4

6) Then click on Backup Policies 

bk5

7) There is default policy from Azure VM backup. It backup VMs daily and keep it for 30 days.

bk6

8) I am going to create new policy to do backup every day at 01:00 am and keep it for 7 days. To do that click on add option in policy window. 

bk7

9) Then select the policy type. for VMs, it should be Azure Virtual Machine

bk8

10) In next window we can define time and retention period of data. Once done with the details click on Create

bk9

11) Next step of the configuration is to enable backup. In order to do that, go to the VM you like to backup. Then click on the option Backup 

bk10

12) Then in new window select the vault and policy we created before and then click on enable backup

bk11

13) Once it is done we can run backup by going in to same backup window. If you like to take ad-hoc backup, click on Backup Now

bk12

14) We can see the progress of the backup job by clicking View All Jobs

bk13

bk14

15) Once backup jobs completed we can see the status of it in same backup window.

bk15

16) To test the restore I installed Acrobat Reader in this server and created test folder in desktop. 

bk16

17) Now I am going to do a restore to an earlier day. To do that go to VM backup page, then click on Restore VM

bk17

18) In next window it asks which backup to restore. I am selecting back up from 3 days.

bk18

19) In next window it allows me to restore it as new VM or as disk. In here I am going to restore it as new VM

bk19

20) Once selection is done click on Restore to begin the process.

21) We also can check the status of the job using backup job window.

bk20

22) Once restore completed, I can see a new VM. 

bk21

23) Once log in to the VM I can’t see the folder and application I installed, as expected. 

bk22

This marks the end of this blog post. If you have any questions feel free to contact me on rebeladm@live.com also follow me on twitter @rebeladm to get updates about new blog posts.

Azure virtual machine scale sets – part 02 – Deploy Application to scale set

In my previous post Azure virtual machine scale sets – part 01, we learned what is VM scale set and how we can create a scale set in Azure. if you not read it yet please go through it before we start on this post as reset of the steps in this post depend on it http://www.rebeladmin.com/2018/04/azure-virtual-machine-scale-sets-part-01/ 

In this post we are going to deploy a sample application to scale set. In my previous post I have created a new scale set using,

New-AzureRmVmss `

  -ResourceGroupName "rebelResourceGroup" `

  -Location "canadacentral" `

  -VMScaleSetName "rebelScaleSet" `

  -VirtualNetworkName "rebelVnet" `

  -SubnetName "rebelSubnet" `

  -PublicIpAddressName "rebelPublicIPAddress" `

  -LoadBalancerName "rebelLoadBalancer" `

  -BackendPort "80" `

  -VmSize "Standard_DS3_v2" `

  -ImageName "Win2012Datacenter" `

  -InstanceCount "4" `

  -UpgradePolicy "Automatic"

In above it created an Azure Load balancer and TCP port 80 been load balanced among 4 instances. Under Azure Load Balancer | Inbound NAT rules it does have default rules for port 3389 and 5985. Those ports are mapped to custom TCP ports in order to give external access. 

scaleapp1

As an example, in above sample, I can RDP to instance0 using 52.237.8.186:50000. Likewise, we can connect to each instance and install apps if need. instead of that we can use centralized remote deployment, so the configuration is same across the instance. 

In my config I didn’t use static ip address. You can find public ip address by running following azure PowerShell command,

Get-AzureRmPublicIpAddress -ResourceGroupName rebelResourceGroup | Select IpAddress

scaleapp2

In order to push application, first need to prepare app config. in my demo I got a file in GitHub repository. 

$customConfig = @{

  "fileUris" = (,"https://raw.githubusercontent.com/rebeladm/rebeladm/master/simplewebapp.ps1");

  "commandToExecute" = "powershell -ExecutionPolicy Unrestricted -File simplewebapp.ps1"

}

My config is very simple one. In PowerShell script I have following,

Add-WindowsFeature Web-Server

Set-Content -Path "C:\inetpub\wwwroot\Default.htm" -Value "Test webapp running on host $($env:computername) !"

It will install IIS and then create HTML file which will print text with the instance name. 

scaleapp3

As next step lets go and retrieve info about scale set,

$vmss = Get-AzureRmVmss `

          -ResourceGroupName "rebelResourceGroup" `

          -VMScaleSetName "rebelScaleSet"

scaleapp4

After that, lets create custom script extension

$vmss = Add-AzureRmVmssExtension `

  -VirtualMachineScaleSet $scaleconfig `

  -Name "customScript" `

  -Publisher "Microsoft.Compute" `

  -Type "CustomScriptExtension" `

  -TypeHandlerVersion 1.8 `

  -Setting $customConfig

In above,

 –Publisher specifies the name of the extension publisher. This can find using Get-AzureRmVMImagePublisher 

 –Type specify the extension type. we can use Get-AzureRmVMExtensionImageType find the extension type. 

TypeHandlerVersion specify the extension version. It can view using Get-AzureRmVMExtensionImage.

scaleapp5

Next step of the configuration is to update scale set with the custom extension,

Update-AzureRmVmss `

  -ResourceGroupName "rebelResourceGroup" `

  -Name "rebelScaleSet" `

  -VirtualMachineScaleSet $vmss

scaleapp6

Now it is time to do testing. Let’s go to public IP address and see if it’s got the app we submit. 

As I refresh we can see the instance number get updated. That means script is successfully running on scale set as expected. 

scaleapp7

scaleapp8

scaleapp9

This marks the end of this blog post. If you have any questions feel free to contact me on rebeladm@live.com also follow me on twitter @rebeladm to get updates about new blog posts.  

Azure Virtual Machine Scale Sets – Part 01 – What is it and How to set it up?

There are many different solutions available to load balance applications. It can be based on separate hardware appliances, virtual appliances or system inbuilt method such as NLB (Network Load Balancer). However, there are few common challenges on these environments. 

If its third-party solution, additional cost involves for licenses, configuration and maintenance 

Applications or services not always use all of the allocated resources. It may depend on demand and time. Since its fixed number of instance, infrastructure resource will be wasted in non-peak time. if its cloud service, it going to waste money!

When the number of server instances increase, it makes it harder to manage systems. Too many manual tasks!

Azure virtual machine scale sets answers all above challenges. It can automatically increase and decreases number of vm instances running based on demand or schedule. No extra virtual appliances or licenses involves. It also allows to centrally manage, configure large number of instances. Following points are recognized as key benefits of Azure virtual machine scale sets.

It supports Azure load balancer (Layer-4) and Azure Application Gateway (Layer-7) traffic distribution.

It allows to maintain same VM configuration across the instance including VM size, Network, Disk, OS image, Application installs. 

Using Azure Availability Zones, if required we can configure to distribute VM instances in scale set to different datacenters. It adds additional availability. 

It can automatically increase and decrease number of vm instances running based on application demand. It saves money!

It can grow up to 1000 vm instances, if its own custom images, it supports up to 300 vm instances. 

It supports Azure Managed Disks and Premium Storage. 

Let’s see how we can setup Azure virtual machine scale set. In my demo I am going to use Azure PowerShell. 

1) Log in to Azure Portal as Global Administrator
 
2) Open Cloud shell (right hand corner)
 
ss1
 
3) Make sure you are using PowerShell Option
 
ss2
 
4) In my demo scale set configuration as following
 
New-AzureRmVmss `
  -ResourceGroupName "rebelResourceGroup" `
  -Location "canadacentral" `
  -VMScaleSetName "rebelScaleSet" `
  -VirtualNetworkName "rebelVnet" `
  -SubnetName "rebelSubnet" `
  -PublicIpAddressName "rebelPublicIPAddress" `
  -LoadBalancerName "rebelLoadBalancer" `
  -BackendPort "80" `
  -VmSize "Standard_DS3_v2" `
  -ImageName "Win2012Datacenter" `
  -InstanceCount "4" `
  -UpgradePolicy "Automatic"
 
In above,
 

Parameter

Description

New-AzureRmVmss

This is the command use to create Azure Virtual Machine Scale Set

-ResourceGroupName

This define the resource group name and it is a new one.

-Location

This defines the resource region. In my demo its Canada Central

-VMScaleSetName

This defines the name for the Scale Set

-VirtualNetworkName

This defines the virtual network name

-SubnetName

This defines the subnet name. if you do not define subnet prefix, it will use default 192.168.1.0/24

-PublicIpAddressName

This defines the name for public IP address. If not define allocation method using -AllocationMethod , it will use dynamic by default.

-LoadBalancerName

This defines the load balancer name

-BackendPort

This creates relevant rules in loadbalancer and load balance the traffic. in my demo I am using TCP port 80.

-VmSize

This defines the VM size. if this is not defined, by default it uses Standard_DS2_v2

-ImageName

This defines the VM image details. If no valuves used it will use default value which is Windows Server 2016 Datacenter

-InstanceCount

This defines the initial number of instance running on the scale set

-UpgradePolicy

This defines upgrade policy for VM instances in scale set

Once this is run it will ask to define login details for instances. After completes, it will create the scale set.

ss3

This also can do using Portal. In order to use GUI, 

1) Log in to Azure Portal as Global Administrator

2) Go to All Services | Virtual Machine Scale Set

ss4

3) In new page, click on Add

ss5

4) Then it will open up the form, once fill in relevant info click on create 

ss6

5) We also can review the existing scale set properties using Virtual machine scale sets page. On page click on scale set name to view the properties. If we click on Instances, we can see the number of instances running

ss7

6) Scaling shows the number of instances used. If need it can also adjust in here. 

ss8

7) Size defines the size of the VM, again if need values can change in same page. 

ss9

8) Also, if we go to Azure Portal | Load Balancers, we can review settings for load balancer used in scale set.

ss10

9) In my demo I used TCP port 80 to load balance. Those info can find under Load Balancing rules

ss11

10) Relevant public ip info for scale set can be find under inbound NAT rules

ss12

 

This marks the end of this blog post. In next post we will look in to further configuration of scale set. If you have any questions feel free to contact me on rebeladm@live.com also follow me on twitter @rebeladm to get updates about new blog posts.