You Do Not Need To Run SCVMM To Replicate Hyper-V To Azure

If you follow Microsoft then you are used to December being a dead month. So I checked my Twitter feed last night and was stunned by some big Azure announcements.

The most important of the announcements to me was the change that is being made to Azure Site Recovery (ASR), AKA DR in the cloud. Previous to last night, you need to run SCVMM on premises to replicate Hyper-V to Azure. This baffled me:

  • You had to install the protection agent on each host/cluster node anyway
  • SMBs, the companies that are most likely to use ASR, cannot afford System Center
  • There is a low adoption rate of SCVMM with System Center/Hyper-V customers

The feedback on this was given – and Microsoft made a change. Last night they announced the general availability of Disaster Recovery (DR) to Azure for Branch offices and SMB feature in our Azure Site Recovery (ASR) service … AKA ASR without SCVMM. This will allow you to replicate Hyper-V VMs into Azure without using System Center on premises.

The hosts must be running WS2012 R2 Hyper-V. Replication is done using Hyper-V Replica. You get centralized replication monitoring and orchestration as a part of the service. And you get the one-click test, planned and unplanned failover types.


Why am I so excited? The original releases of ASR were targeted at customers with System Center licensing. Those are mid-large customers and are likely the ones that already have DR sites. Adoption rates were going to be low. The customer base that needs ASR are the SMBs that run Hyper-V hosts on-premises. That is a huge breadth market. Microsoft partners can enable those customers via Azure in Open licensing – buy some credits ($100 value each), try out ASR with no long term CAPEX or contractual commitments, and see what it can do for your business. And then give your insurance company a call to see what having a remote DR site will do for the company’s insurance premium.

Azure Backup & SCDPM Public Feedback Opportunity

Microsoft is giving you the chance to provide feedback and vote on existing ideas for Azure Online Backup and System Center Data Protection Manager. This is a great idea. Personally speaking, it’s validating a number of things that I have fed back to Microsoft already, and a number of things that customers have fed back to me.

I’ve been working with Azure IaaS since January of this year. Before that, Azure was meaningless to me; it was a direct sell by Microsoft to developers – yes, even with IaaS there. But then I found out that Azure was coming to Open licensing so partners could resell it, and I started learning. And we at MicroWarehouse started to promote Azure to our customers (the Microsoft partners that resell licensing and implement solutions for their customers) and that’s when I started to get a better feel for what worked in the real world.

Azure Online Backup was the thing that grabbed people’s attention. Who can argue with €0.15/GB/month? That’s less than half of the cheapest discount rate that we found for online backup that is typically sold in Ireland by resellers. However, there were issues.

The biggest one is that there is no centralized portal. Partners use this to manage backups and get reports. That all has to be done on-premises with Azure Online Backup and that increases the cost of operations significantly.

The other hot issue for me is the lack of a backup mechanism for VMs running in Azure. The only offered solution is to install an agent in the guest OS and then we’re back to the bad old days of backup. VM backup should be “select a VM and backup magically happens”, grabbing the files and state that make up the VM. We don’t have that in any way in Azure.

So that’s why I went onto the site to provide feedback and to vote this morning. You should do the same if you have any interest in Azure. Here’s the top vote getters as they are right now:


You Cannot Switch To Azure Open Licensing – Yet

There are a number of ways that you can purchase Azure. You can get it as a part of an enterprise agreement (high cost of entry, but highest value). You can get it via one of these means:

  • Pay direct (credit card)
  • Trial
  • MSDN benefit

We in the licensing biz bundle those options up as MOSP (Microsoft online subscription program). And then there is Open volume licensing (low cost of entry with control over spending and no long/big commitment).

I was told that at WPC (I was not there) attendees were briefed that customers who were subscribing to Azure via MOSP (see above) could switch to Open licensing.

That is not true; at this point, if you have been consuming Azure via direct payment (credit card), trial, or MSDN benefit, then you cannot switch to Open licensing – yet.

Microsoft is addressing this issue, and we believe a change of some kind is coming this calendar year (no promises because I do not work for Microsoft). That will allow:

  • Customers paying by credit card to centralize and take control of their Azure spending
  • Use a free trial to evaluate and price an Azure deployment, and switch to their desired Open licensing

So right now, not possible, despite what we were allegedly told at WPC, but a change is coming to enable switching to Azure on Open.

Technorati Tags: ,

Could Not Upload Certificate To Azure – AKA Lessons in Swearing

I’m doing to test work in the lab with Microsoft Azure at the moment, trying to tell which part of Microsoft is telling the truth about certain aspects of pricing. A necessary step in my tests was to upload an administrative certificate. I used MAKECERT to create the cert. The private cert is in Personal on the server that I’m working with. The public cert was on my PC. I opened the Azure portal and attempted to Manage Certificate to upload the .CER file but this failed after about 5 seconds. Recreate the cert, try again, fail again. No joy.

Then after I taught some of my Eastern European colleagues some new ways to swear in English, I had a realization that some dev in Microsoft probably did something dumb.

I bet they expect the private cert to be installed on the machine that you’re uploading the cert from … because we all browse from our servers, right? (WRONG, I hope).

So I exported the PFX to my PC, imported the cert, and attempted the upload again. And it finally worked.

Dumb. I can imagine “private” certs flying all around the network, and admins browsing from servers if this isn’t fixed by Microsoft.

On the bright side, my colleagues now are equipped with the verbiage to accompany flipping off your PC with the double bird.

How My Site Went Offline On Friday, July 25th 2014

My site is hosted on Azure in the Dublin (Europe North) region. On Friday morning, I was checking something when I saw my site was not loading correctly – it was either offline or VERY slow. So I check the Azure status and saw it was offline. I restarted the application pool and the problem remained. I rebooted. MySQL took an age to load, but the site was still not loading … from home.

I have endpoint monitoring configured. Notice that Amsterdam was showing an issue and Chicago was not. Strange, eh? I’ve worked in hosting and I know how localised these problems can be. So it was time to start digging.

I asked online and people in Denmark were OK. Folks in Belfast and Netherlands had connection problems. Later, Denmark went offline and Amsterdam came back!



From Home (Vodafone Ireland – very slow/no access) I ran a tracert:


From the lab at work (Magnet ISP – access OK) I had different results:


From a VM with an ISP (Blacknight – access OK) I had different results again:


It was very odd. Nothing was red on the Azure status site. I’m guessing there was a localized issue within Azure that affected just a subset of us, or there was an external routing issue that affected some ISPs.

It’s still like this as I post … in other words, the site is fine for some and offline for others.

EDIT (30/7/2014):

I came home today to find that my site was once again available via my ISP.


Technorati Tags: ,

Microsoft Data Centres Going Greener

Microsoft’s data centres are pretty “green”. And when I say green, I mean that they build & install only what they absolutely need, and they focus very heavily on power. A common measurement stick is Power Usage Effectiveness (PUE), which Wikipedia defines as:

… how much energy is used by the computing equipment (in contrast to cooling and other overhead).

The lower the number, the better. Microsoft does not share their PUE publicly, but according to the Green (Low Carbon) Data Center Blog the:

… PUE figures for its newest data centers which range from 1.13 to 1.2.

That’s an incredibly efficient achievement. I know quite a bit about how Microsoft do this, but I’m under NDA, after NDA, after NDA 🙂 All I can say is jump at the chance if you ever have an opportunity to tour on of the Microsoft Global Foundation Services modern data centres.

So what drives Microsoft? Sure, getting the likes of Greenpeace on your side is always good,especially when trying to sell business to environmentally sensitive customers. But the biggest reason for electrical efficiency is to save money. Electricity is only becoming more and more expensive. Data centers are growing in size and number, and are competing for this limited resource with each other, and with us (customers, consumers, businesses, etc). So saving a hundredth from a PUE figure could be worth millions of dollars every year (if not more!).

According to, Microsoft has gone one step further by acquiring 20 years of power supply from a wind farm in Illinois, USA. This produces 175MW of power, all for Microsoft! And before that, Microsoft agreed to purchase 100% of production from a wind farm in Texas.

In theory, this is a renewable energy source with a pretty fixed cost. That contrasts nicely with competing for electricity from producers that are using dwindling carbon-based fuels. The strategy allows Microsoft to budget long-term, and it doesn’t hurt that renewable power will get a nod of approval from those wearing vegan trousers. It makes sense that Microsoft will continue this trend worldwide, thus making property costs and climate the only variations in the cost of operating Azure in different regions.

Technorati Tags: ,

Azure Site Recovery & InMage Scout – And Bad Decision Making

Microsoft announced last week that they had acquired InMage, a company that specialises in replication to the cloud. Microsoft is adding InMage to Azure Site Recovery (ASR) to enable replication to Azure. ASR enables you to use Hyper-V Replica (HVR) to replicate VMs to Azure IaaS. So what does InMage Scout (the product) add?

The key piece of the list of features is:

Support for major enterprise platforms, including Windows, AIX, Linux, VMware, Solaris, XenServer and Hyper-V

Imagine being able to replicate not just Hyper-V, but also vSphere and physical (Windows and Linux) workloads to Azure. Potentially, this is a much bigger solution. Potentially.

And potential is … lost opportunity.

That’s because the decision makers in ASR are, in my opinion, disconnected from reality living way too nicely in the Microsoft ivory tower. Why?

  • ASR can only be used by customers that manage Hyper-V using SCVMM. SCVMM can only be bought as a part of the System Center SML. The SML is cheap for larger businesses, but it’s way too expensive for most SMEs.
  • Only EA customers (large businesses) can get access to InMage:

The Azure Site Recovery subscription license will be available through the Microsoft Enterprise Agreement beginning August 1, 2014 and is the only offer through which InMage Scout usage may currently be purchased.

So, SME’s cannot use ASR or the cool new features that are coming. Large enterprises typically already own or want to own their own DR. And the sweet spot market for a hosted virtual DR (DRaaS) is the SME … the market that cannot afford or get access to ASR.

Oh, the madness continues.

Creating a VNet-to-VNet VPN in Microsoft Azure

A while ago I read about how to connect VMs between two VNets and it was nasty: before we could create a VPN tunnel we had to open Endpoints (punch holes through firewalls) and hope for the best!

Since TechEd NA 2014, we have had new functionality where we can connect two VNets, in the same or different data centers, in the same or different regions, or in the same or different subscriptions, via an encrypted & secure VPN tunnel.

As usual, this stuff is announced normally via blogs (it was mentioned in the TechEd keynote I think) and finding instructions can be fun. The first few guides I found were messy, involving exporting VNet configs, editing XML files, and importing configs.

You do not need to do this to set up a simple configuration to connect two VNets. I looked at the instructions, used by experience from site-to-site VPNs with Azure, and tried out a method that uses a temporary local network to enable you to create the VPN gateway and gateway VIPs for each vNet – these are required to create a local network for each VNet. We use local networks to define the details (public VPN IP address and routable private network IP address) of the network that will connect to a VNet.

I tried my method and it worked. And then I found instructions on MSDN that are similar to the method that I used. My method:

  1. Create the two VNets
  2. Create a temporary local network with made up gateway IP address (public VPN IP) and address space (private network address that will route to the VNet subnets)
  3. Configure each VNet to allow site-to-site VPN connections from the temporary local network
  4. Enable the gateway with dynamic routing on each VNet. This can take 15-20+ minutes for Azure to do for you. Plan other work or a break for this step.
  5. Record the address space and gateway IP address of both VNets
  6. Create a local network for each VNet – use the Gateway IP Address and Address Space of the VNet for the details of its local network
  7. Modify the site-to-site VPN configuration of each VNet to dump the temporary local network and use the local network of the other VNet – you’re telling the VNet the details of the other VNet for connection and routing
  8. Use Azure PowerShell cmdlets to run Set-AzureVNetGatewayKey. This will be used to configure a common VPN shared key for both VNets.
  9. Wait … the VPN connection will start automatically … there might be a failure before or just after you st the shared key. Be patient, and one VNet might show a connected status before the other. Be patient!

And that’s it. There is a FAQ on this topic. I’ll be publishing some deeper articles on the subject on in the next few weeks.

My AidanFinn.Com Blog Has Moved To Microsoft Azure

Tonight I completed the migration of this WordPress blog to Windows Azure.



I was having performance and health issues with the VM that I was renting from a local hosting company. The admin portal was proving to be a nightmare. I had upgrade the VM but the VM wasn’t upgraded. The hard disk was filling frequently and killing MySQL, and therefore killing the WordPress blog.

Why was I on a VM? Because I needed more processor & bandwidth capacity.

A failure last week led me to look at my options. I’ve grown comfortable with Microsoft Azure so this was the place that I decided to move to. My free €75 credit per month thanks to my MSDN account doesn’t hurt either!

I looked at the website hosting options but they provide too little disk space. The VMs, even the smaller ones, give you loads of disk space. I decided to fire up a cloud service, blob, virtual network and a small VM instance just for my new web server VM. I installed IIS, added the sites, installed PHP, WordPress, MySQL, and a few other bits and bobs and started the laborious process of migrating from the old VM.

I could have cheated but I decided to do a fresh install. It was more time consuming, especially when I had to split the WordPress export file into 40 smaller export files (the import of 2MB files was timing out). I added and configured all the plugins. And then the final steps:

  • After some tests I configured the website to bind to and
  • I changed the DNS A records for those two URLs to switch to the public IP of the Azure cloud service.

My next steps will be:

  • Configure MySQL automated export
  • Deploy Windows Azure Online Backup to backup the IIS Inetpub folder and the MySQL export

And maybe I’ll configure the endpoint monitoring option in the Azure portal Smile

Set A Static IP Address For An Azure VM

Windows Azure (errr Microsoft Azure) has a weird system for assigning IP addresses to VMs in virtual networks. Like VMM, it uses a pool of IP addresses. And that’s where the similarities end. Azure’s method appears to be more like DHCP.

For example:

  • When you log into the guest OS, the VM is configured to use DHCP
  • The address is not reserved like with DHCP. It is possible that a VM could be offline, come back, and get a new IP address.

The latter bit is bad, especially for services such as Active Directory and DNS where a predictable IP address is required.

Note: The first step in configuring a valid network configuration is to set the DNS servers and subnet masks for your virtual network in the Azure portal.

There is no nice GUI method for reserving an IP address. There is a PowerShell method, which gives you a clue as to how this stuff works under the hood.

The first step is to get your VM:

$VM=Get-AzureVM -ServiceName “Demo-MWH-A” -Name “Azure-DC1”

As you can see above, I am configuring a static IP address for a domain controller. Next, I set the static IP. Note that we are configuring a static virtual network IP for the VM.

Set-AzureStaticVNetIP -VM $VM -IPAddress “” | Update-AzureVM

Also note, that in my tests, most of the time that I run Update-AzureVM, the VM is restarted. It doesn’t happen all of the time with these two cmdlets, but it happens most of the time.

Armed with these two cmdlets, you could set up a CSV file with Service/VM names and IP addresses, and run a loop to configure lots of VMs at once.


To be clear, the above steps do not configure a static IP inside the guest OS – you should not do that. The above steps simply configure the virtual network to assign the same IP to your VM’s vNIC every time the VM starts up. You are manipulating the system to get the results you need.

Technorati Tags: ,,