Azure Backup for Iaas V2 released on Public Preview

Update 2 : MS just confirmed me (but not published) that Azure Site Recovery is supported via the new portal, via Recovery Services

Update : MS released the official documents, I was just announcing here Smile

https://azure.microsoft.com/en-us/documentation/articles/backup-azure-vms-first-look-arm/

Great news for Azure IaaS V2 users (ARM). Yesterday, Microsoft announced the release of the Public Preview of Azure Backup for IaaS V2 via ‘Recovery Services Vaults’

This is a quick step be step to rapidly configure your VMs backup

NB : Azure Backup via Recovery Services Vaults will let you backup V1 and V2 VMs (Classic and ARM). It’s recommended that you will use it just to get your hands on and not for Production, since it’s not covered by any SLA or commitment (Preview). MS has not published guides to migrate existing Backup vaults to Recovery Services Vaults, but I think this is planned.

Let’s start:

Login to the Azure Portal (https://portal.azure.com). Go to Browse –> Recovery Services vaults

0923

Click the Add + button

0924

Type a Name for the RS vault, choose a Subscription, a Resource Group and a Region. You need to know that the Recovery Services vault in tied to a Region. you cannot Backup/Restore resources to/from a different region.

0925

After the vault creation. you can discover the different options available. Just for Information : Recovery Services Vaults include Azure Backup services (VMs, Files, SCDPM) and ASR (Azure Site Recovery). ASR is currently on Private Preview and is not yet released. File and SCDP support we come soon too.

To configure a Backup, click on Backup +

0926

Select the Backup type. As mentioned, only Azure Virtual Machine Backup is supported by now

0927

You will now choose the Backup Policy. You can select an existing policy or create a new one.

0928

The policy have the following options:

Name : Type a Name for your policy (Class1, Class2, Class3). Just a recommendation, Do not make naming like ‘Daily’ or ‘weekly’ since the retention may differ for two ‘daily’ based policies

Backup Frequency : There are only two options and a start hour. You can make Daily Backups or Weekly backups

Retention : This is great about Azure Backup since on the same policy you can configure your retention and  long term retention (Daily, Weekly, Monthly and Yearly!!)

0929

Once the Policy is selected, you can choose which Virtual Machines to backup with this Policy. Note that Classic VMs and ARM VMs can be backed up with the same policy.

0930

You can verify that the VMs selected are under the Backup Items blade, in addition to some other information like the Last Backup status, the Policy…

0931

On the Backup Jobs Blade, you can find all the Backup Jobs of all VMs. You can change the period using the Filter Button

0932

This just a teaser, more is coming, try it, you can ask me question on the comments, but as a reminder:

  • Do not use on Production, wait for the GA (Maybe 2 months)
  • ASR is not supported yet
  • A lot of enhancements are coming (User Experience mainly), stay tuned
Advertisements

Add or change an ARM Virtual Machine’s Availability Set

Hi all,

One of the limitations we may encounter when dealing with Azure ARM Virtual Machines is the ability to manipulate the VM’s availability Set configuration after the VM deployment. In fact :

  • You can’t change the VM’s Availability Set once the VM is created
  • You can’t add an Azure VM to an Availability Set once the VM is created
  • You can’t remove a VM from an Availability Set

This is a big limitation since we may need such feature, in different cases:

  • We need to add an existing VM to a highly available pool
  • We want to change the Availability Set name
  • We messed up with the Availability Set  naming

I think this feature will come in the future, but the far or the near future, I have no idea. Maybe by the end of the year (Q4 !)

Till that time, I wrote this Powershell script, which will enable you to manage an ARM VM’s availability Set

Features

  • Add a VM to an Availability Set
  • Change a VM’s Availability Set
  • Remove a VM from an Availability Set

How it works ?

The script will:

  1. Get the VM configuration
  2. Save it to a local location (If something goes wrong, we can recreate the VM)
  3. Remove the VM (Only the configuration, all related objects are kept)
  4. Create a new  VM configuration with the AS config (Add AS, Remove AS, Change AS)
  5. Recreate the VM

How to use it ?

1- Download the script and save it to local location

2- Run it and provide the requested parameters

or

2- ./Set-ArmVmAvailabilitySet.ps1 –VmName ‘The VM Name’ –ResourceGroup ‘Resource Group’ –AvailabilitySetName ‘As Name’ –SubscriptionName  ‘The Subscription name’

 

To remove a VM from an AvailabilitySet:

./Set-ArmVmAvailabilitySet.ps1 –VmName ‘The VM Name’ –ResourceGroup ‘Resource Group’ –AvailabilitySetName 0 –SubscriptionName  ‘The Subscription name’

 

 

Download Link

Version 1.01 : https://gallery.technet.microsoft.com/Set-Azure-Resource-Manager-f7509ec4

Version 1.0 : (Retired)

How to create a Multiple NIC Azure Virtual Machine (ARM)

Hi all,

A lot of people asked me to write a short post of how to create an Azure Virtual Machine with multiple NICs. After some googling an binging, I was not able to find a blog or an article which explains how to achieve it in a simple manner. And here we are !

I- Considerations and requirements

To be able to create a multiple NIC ARM virtual machine, the next requirements should be respected :

  • Not all the virtual machines sizes support multiple NICs. Check if your VM size is supported ( https://azure.microsoft.com/en-us/documentation/articles/virtual-machines-size-specs/)
  • The Virtual NICs must be connected to Subnets within the same VNET. You cannot deploy a VM on multiple VNETs
  • You can use Azure CLI, Azure API or Powershell to make this operation. The portal does not provide a way to deploy multiple NIC VM
  • In this post I’m using Azure Powershell 1.0. If you are using the 0.9.8 or prior, remove the ‘Rm’ suffix from your commands and change the mode to ResourceManager. It highly recommended to update to Azure Powershell 1.0 or later
  • To add a NIC to a existing VM, use this post instead

II- Create a Multiple NIC Virtual Machine

Use the  ‘sample’ Powershell script  to create a multic NIC VM. This script will deploy a Windows Server 2012 R2 Virtual Machine from the gallery. Adjust it to deploy other Operating Systems or to add extra configurations like Availability Set, Static IP, Public IP…

The most important step are :

  • The creation of the VNIC resource before the VM creation. 

$VNIC01 = New-AzureRmNetworkInterface -Name $NIC01Name -ResourceGroupName $RGName -Location $Region -SubnetId $SUBNET01.Id
$VNIC02 = New-AzureRmNetworkInterface -Name $NIC02Name -ResourceGroupName $RGName -Location $Region -SubnetId $SUBNET02.Id

  • Adding the VNICs to the VM configuration object. You must set one VNIC as Primary

$VM = Add-AzureRmVMNetworkInterface -VM $VM -Id $VNIC01.Id -Primary
$VM = Add-AzureRmVMNetworkInterface -VM $VM -Id $VNIC02.Id

Download LINK : https://gallery.technet.microsoft.com/Create-Multi-NIC-Azure-cf216b2d

How to access an ARM Azure virtual machine from Internet

Hi readers,

Lack of documentation ! This is my starting point for this post. I’m a regular answerer of the Microsoft TechNet forum, and I noticed a repeatable question, or an issue related to the same subject : How to access an Azure Resource Manager virtual machine (RDP, SSH, publish a port…). To avoid repeating the same answer each time I decided to write a post instead. This way, I can just do the  easy Copy/paste (Ctrl c/ Ctrl v)

So what is the goal of this post:

  1. Understand the ways you can access a virtual machine in Microsoft Azure (Azure Service Management vs Azure resource Manager)
  2. Show you how to implement it for Azure Resource Manager virtual machines
  3. Show you how to assign static Public IP addresses to Azure VMs

Before continuing : In this post, I will only talk about accessing an Azure virtual machine from the public network, internet. Accessing a VM from a private network (S2S VPN, P2S VPN, ExpressRoute…) is out of the scope of this reading as it’s considered as an internal access, just like you access a server from your corporate network (The VM is directly exposed to you unless you have a firewall or an NSG)

Suppose you created an virtual machine on Azure. Now you want to access it and you wonder how it’s happening.

I- Azure Service Management (Classic)

With the classic deployment model (which is accessible from both the classic portal and the new portal), when you create a virtual machine, you are forced to deploy it within a cloud service. A cloud service is a container of your VM or VMs like depicted on Picture 1 (You can deploy multiple VMs within the same cloud service).

CS

Picture 1 : VMs and Cloud Services

 

There are two ways to access a virtual machine in this case (Picture 2) :

  1. We can access a VM by assigning a Public IP address to the Virtual Machine. This IP called PIP belongs to the Virtual Machine  itself
  2. We can access a VM by accessing it through a public IP address assigned to the Cloud Service.This IP called VIP belongs to the Cloud Service and can be used to access all the VMs within the Cloud Service

CS-IP-PIP

Picture 2 : VMs, Cloud Services, VIP and PIP

What is the difference between accessing a VM using a PIP or the VIP ?

Using the PIP

It’s clear, the PIP belongs to the Virtual Machine itself, so when you try to access a VM using this IP, your packets will land directly on the VM (Picture 3, Left). The only obstacle between you and the VM is :

  • The VM’s firewall : you have to allow the inbound traffic for the ports you want to access the VM from (Example : 3389 for RDP or 21 for SSH or an application port)
  • A Network Security Group applied to the VM or to the subnet : You have to allow the inbound traffic for the ports wherever you are using NSG
  • ACL : If you are using ACLs, you have to allow the access to the VM also

–> If you are using nothing of the things above, then you can access the VM on any opened port. Look to this link to know how to assign a Public IP address (PIP also called ILPIP) to an Azure VM

Using the VIP

As explained above, the VIP belongs to the Cloud Service, so if you want to access a VM using the VIP, you have to tell Azure about your need. You have to tell Azure for example that if it receives a packet on the VIPx on port Y, it have to redirect it to a VM  (which belongs the cloud service) on port Z. It’s simply NAT. This is achieved using VM Endpoints (Picture 3, right). Like the link explains, you have to configure a VM endpoint each time you want to access a VM on a specific port using it’s VIP. The VM endpoint is simply a NAT rule that Azure adds to the cloud service’s configuration. It’s important to keep in mind that VM endpoints are configured at the VM level but they are related to the cloud service’s Virtual IP (VIP). As you can notice, you cannot access two VMs belonging to the same Cloud Service using the same external port.

PS : Do not forget that the Internal port used when configuring an Endpoint must be allowed (if any) at the VM’s firewall level, NSG or ACL.

 

Access VIP PIP

Picture 3 : VMs, Cloud Services, VIP and PIP

II- Azure Resource Manager

With Azure Resource Manager, things changed. And the big change concerning us is : No more Cloud Services. So the question is how to access a VM in this case!

There are two ways to access a virtual machine in the ARM case (Picture 4 ) :

  1. We can access a VM by assigning a Public IP address to the Virtual Machine. This IP called PIP belongs to the Virtual Machine  itself*. It’s the same thing than the Classic mode
  2. We can access a VM by using  NAT rules added to a Load Balancer.  This is new in comparison with the classic mode which require an explanation.

* The VM’s network configuration in Azure Resource Manager differs from the classic mode.  The network configuration for a classic VM is hold by the VM itself, which means for our case that the Public IP is hold by the VM. In ARM, things changed. For each VM’s object, a virtual NIC is created and then attached to the VM. This VNIC will hold the Network configuration like the VNET/Subnet, the internal IP and the Public IP address. A VM with multiple addresses (like A3 VMs) will have multiple VNICs attached.

ARM

Picture 4 : Access an ARM VM (PIP or Azure LB)

II.1- Using the Public IP address

You can assign a Public IP address to the VM’s VNIC. You can choose to create a new Public IP address or use an existing one.

Via the Azure Portal

Go to the Azure Portal –> Virtual Machines –> Your VM –> All Settings –> Network Interfaces –> VNIC –> All Settings –> IP Addresses –> Public Ip Address Settings. Click on Enable and choose to create or use an existing IP address

0746

Via the Azure Powershell

The following Azure Powershell commands will allow you to create a Public IP Address and assign it the first VM’s VNIC


Function Create-PublicIP ($IPName, $RG, $Region, $AllocMethod, $DomainLabel)

        {

        $publicIP = New-AzureRmPublicIpAddress -Name $IPName -ResourceGroupName $RG -Location $Region –AllocationMethod $AllocMethod -DomainNameLabel $DomainLabel.ToLower()

        return $publicIP

        }

$ELBPublicIPName = Read-host ‘Public IP Address Name’
    $AllocMethod = Read-host ‘Allocation Method (Static/Dynamic)’
    $DomainLabel = Read-host ‘Domain Label’
    $RG = Read-host ‘Resource Group’
    $Region = Read-host ‘Region/Location’
    $VMName = Read-host ‘VM Name’

     # 1- Create the Public IP for the Load balancer

    $ELBPublicIP = Create-PublicIP -IPName $ELBPublicIPName -RG $RG -Region $Region -AllocMethod $AllocMethod -DomainLabel $DomainLabel

    #2- Assign the IP to the VM first IP
    $VM = Get-AzureRmVM | where {$_.Name -eq $VMname }
    $VNIC = Get-AzureRmNetworkInterface | where {$_.Id -eq $VM.NetworkInterfaceIDs[0] }
    $EIPPublicIP = Get-AzureRmPublicIpAddress | where {$_.Name -eq $EIPName}

    $VNIC.IpConfigurations[0].PublicIPAddress = $ELBPublicIP
    Set-AzureRmNetworkInterface -NetworkInterface $VNIC


II.2- Using the Azure Load Balancer

Why it’s so complicated, and why do we need to create a Load Balancer and then create NAT rules :/

To be honest, it’s not complicated and Microsoft did not change anything, they just change  names, and give you more customization. We have to thank them for this. Let me explain the steps to access a VM using this method:

  1. Create the Azure Load Balancer
  2. Create a Backend pool and associate it with the Load Balancer
  3. Create a NAT rule
  4. Associate a NAT rule to a VM’s NIC (VNIC)

II.2.1- Create the Azure Load Balancer

Microsoft provides at no extra cost the ability to deploy Load Balancers which provide load balancing features. More about the Azure Load Balancer here. Keep in mind that he goal of deploying a Load Balancer in our case is to create NAT rules and not load balancing rules. In addition, in our case, we want to create an Internet Facing Load Balancer because we aim to access internal resources from the public internet. This link is the official Microsoft link of how to create an Internet facing Load Balancer. https://azure.microsoft.com/en-us/documentation/articles/load-balancer-get-started-internet-arm-ps/

The following are the steps to create an Internet Facing Load Balancer:

  1. Create a Public IP address resource (If not already created) : In this step, you will create a Public IP address Resource. You can choose between a Static IP (Reserved) or a Dynamic IP, which is subject to change over time. This Public IP will be used to access the Load Balancer, and it’s used on the next step
  2. Create the Front End IP : The Front End IP is the frontal IP for the load balancer. It’s a configuration to which we will associate the Public IP address
  3. Create the Load Balancer resource

The following is a Powershell code to create an Internet Facing LB


#Variables

$IPName : The Name for the Public IP resource

$RG : The resource Group name where the resources will be created

$Region : Thee location where to deploy the resource (north europe…)

$AllocMethod : The IP allocation method, there are two possible values : Dynamic or Static

$DomainLabel : The DNS prefix for the Public IP. The public IP address will have a  DNS record associated to it of the form : $domainlabel.region.cloudapp.azure.com

$FEName : The name of the Front End configuration

$ELBName : The name of the Load Balancer resource

# 1- Create the Public IP for the Load balancer

   $PublicIP = New-AzureRmPublicIpAddress -Name $IPName -ResourceGroupName $RG -Location $Region –AllocationMethod $AllocMethod -DomainNameLabel $DomainLabel.ToLower()

   # 2- Create the front End IP for the Load balancer using the created Public IP

   $FEConfig =  New-AzureRmLoadBalancerFrontendIpConfig -Name $FEName -PublicIpAddress $PublicIP

   # 3- Create LB
   $ELB = New-AzureRmLoadBalancer -ResourceGroupName $RG -Name $ELBName -Location $Region -FrontendIpConfiguration $FEConfig

 

II.2.2- Create the BackEnd Address pool

The Backend Address pool will contain the target objects (IPs) targeted by the Load Balancer. If you want to redirect (via NAT) a packet using the Load Balancer to a VM , The VM’s NIC should be part of Backend pool

The following is a Powershell code to create a Backend Address Pool


#Variables

$BEPoolName : The name of the Backend Address Pool

1# Create the Backend Address Pool

New-AzureRmLoadBalancerBackendAddressPoolConfig -Name $BEPoolName

2# Add the Backend Address pool to the created Load Balancer

Add-AzureRmLoadBalancerBackendAddressPoolConfig -LoadBalancer $ELB -Name $BEPoolName |  Set-AzureRmLoadBalancer


 

II.2.3- Create a NAT rule

A NAT rule is a very simple and logic rule :

  • Frontal Port or External port : This is the port on which the Load Balancer will listen to incoming requests. It’s the port you will send packets to, when you are connecting from the external.
  • Frontal IP : This is the IP (Public IP) on which the Load Balancer will listen. In fact, this is mandatory since a Load Balancer can have multiple Front End IPs. This is the FrontEnd configuration of the Load Balancer
  • Protcol : tcp or udp
  • Backend Port : This is the Private port on which the service is really listening, and to which the Load Balancer will redirect the traffic

The following is a Powershell code to create a NAT rule and associate it to the Load Balancer


#Variables

$NATName : The name of the NAT rule

$Prot : tcp or udp

$FEport : The frontal port o the public port

$BEPort : The Backend port or the Private port

# Create and add a NAT rule to the Load Balancer

$ELB | Add-AzureRmLoadBalancerInboundNatRuleConfig -Name $NATName -FrontendIpConfiguration $FEconfig -FrontendPort $FEport  -BackendPort $BEPort -Protocol $Prot

$ELB | Set-AzureRmLoadBalancer


II.2.4- Associate a VNIC with a NAT rule

This is the final step. You can notice that during all the previous step, the Backend IP was not set. The Backend IP is the IP of the VM. With Azure Resource Manager, it actually means the VNIC.

The following is a Powershell code to get a VNIC resource, add it to the Backend address pool and add it as a target of the NAT rule


$VNIC = Get-AzureRmNetworkInterface –id ‘VNIC id’

$VNIC.IpConfigurations[0].LoadBalancerBackendAddressPools = $BEPool

$VNIC.IpConfigurations[0].LoadBalancerInboundNatRules = $NATRule

$SetVNIC = Set-AzureRmNetworkInterface -NetworkInterface $VNIC


BONUS

As a BONUS, I uploaded here a ‘preview’ script containing all the previous commands. This script is interactive, and will let you create an End to End NAT rule using an Azure Load Balancer or assign a Public IP address to a VM’s NIC

Download it and just run it –> https://gallery.technet.microsoft.com/Create-a-NAT-rule-on-Azure-6e48dd84

NB : Please, read the release note of the script

How to add a NIC to an Azure Virtual Machine (ARM)

Hi all,

In this short post, I will show you how to add a  NIC (third, fourth…) to an Azure virtual machine under Azure Resource Manager and using Azure Powershell.

Before continuing, keep in mind:

– Not all the virtual machines sizes support multiple NICs. Check if your VM size is supported ( https://azure.microsoft.com/en-us/documentation/articles/virtual-machines-size-specs/)

– The VM should already have at least two NICs. It’s not supported to pass from a single NIC VM to multiple NIC VM and vice versa

If you are creating the VM with multiple NICs (Use this post to do it), the resource group to which you are deploying the VM must contain only [multiple NIC]’s VM types. In other words, you cannot create a VM with multiple NICs in a resource group containing [single NIC]’s VMs It seems that this limitation was removed

– The VM will be rebooted when adding a virtual NIC

– You can use Azure CLI, Azure API or Powershell to make this operation. The portal does not provide a way to add a  NIC.

– In this post I’m using Azure Powershell 1.0. If you are using the 0.9.8 or prior, remove the ‘Rm’ suffix from your commands and change the mode to ResourceManager

Walkthrough

This is easy, only two steps:

  1. Create a new Virtual NIC
  2. Attach the VNIC to the virtual machine

1- Create a new Virtual NIC

The first step is to create a Virtual NIC to associate it later to to the virtual machine. You will need to provide the following information:

  • The  Name of the virtual NIC to be created : $NICName
  • The Resource Group Name where the VNIC will be created : $NICResourceGroup
  • The location/region where the VNIC will be created, of course it has to match the VNET/Subnet location : $Location
  • The subnet ID to which you will connect the VNIC, you can get it via Powershell (See my example below) : $SubnetID
  • The IP address you want to assign to the NIC : $IPAddress

Powershell

# Get the VNET to which to connect the NIC
$VNET = Get-AzureRmVirtualNetwork -Name ‘VnetV2’ -ResourceGroupName ‘RGNetworkV2’
# Get the Subnet ID to which to connect the NIC
$SubnetID = (Get-AzureRmVirtualNetworkSubnetConfig -Name ‘VNETV2Subnet01’ -VirtualNetwork $VNET).Id
# NIC Name
$NICName = ‘A3VM-NIC3’
#NIC Resource Group
$NICResourceGroup = ‘RG’
#NIC creation location
$Location = ‘north europe’
#Enter the IP address
$IPAddress = ‘10.20.30.21’

#–> Create now the NIC Interface

New-AzureRmNetworkInterface -Name $NICName -ResourceGroupName $NICResourceGroup -Location $Location -SubnetId $SubnetID -PrivateIpAddress $IPAddress

 

2-  Attach the VNIC to the Virtual Machine

The second and last step is to associate the created VNIC to to the virtual machine. You will need to provide the following information:

  • The virtual machine Name : $VMname
  • The Virtual machine resource Group : $VMRG

Powershell

$VMname = ‘VMname’
$VMRG =  ‘VM-RG’

#Get the VM
$VM = Get-AzureRmVM -Name $VMname -ResourceGroupName $VMRG

#Add the second NIC
$NewNIC =  Get-AzureRmNetworkInterface -Name $NICName -ResourceGroupName $NICResourceGroup
$VM = Add-AzureRmVMNetworkInterface -VM $VM -Id $NewNIC.Id

# Show the Network interfaces
$VM.NetworkProfile.NetworkInterfaces

#we have to set one of the NICs to Primary, i will set the first NIC in this example
$VM.NetworkProfile.NetworkInterfaces.Item(0).Primary = $true

#Update the VM configuration (The VM will be restarted)
Update-AzureRmVM -VM $VM -ResourceGroupName $VMRG