Suggestion added to Azure Feedback Forums

Automatically enable MFA for all members of an Azure AD Group.

Add the ability to automatically enable MFA for all members of an Azure AD group as they are added, in addition ask if MFA should be automatically disabled for users being removed. This could be via an option within the users setting of an Azure AD group.

To vote for the suggestion follow the link below.



Events: Silversands Azure Seminar at Mercedes Benz World

One of the activities I get involved with from time to time is presenting at customer seminars. Recently I was asked to participate in an Azure round table event hosted at Mercedes Benz World.

Key discussion points included:

  • Azure Site Recovery
  • Azure Backup
  • RemoteApp
  • StorSimple
  • Azure AD Premium
  • Express Route

The feedback from the event was great and two lucky customers were even able to take to the test track.



Azure Backup: Application Workloads (Disk to Disk to Cloud)

Microsoft has added the ability to backup SQL Server, Hyper-V VMs, SharePoint and Exchange Workloads to Azure without the need for System Center Data Protection Manager.

It is now possible to backup the following workloads to Azure:

  • Azure IaaS Virtual Machines
  • Windows Client (Windows 7 Windows 8, Windows 8.1 and Windows 10)
  • Server Based Workloads using SCDPM
  • SQL Server, Hyper-V VMs, SharePoint and Exchange Workloads using the NEW Application Workloads (Disk to Disk to Cloud) Agent

Azure backup is beginning to become an ever more interesting prospect for SMEs and I’m in no doubt that with the addition of these features, Azure Backup adoption will see a sharp increase.

Microsoft® Azure Backup Agent Download



Suggestion added to Azure Feedback Forums

Something that I have been asked about a couple of times during Azure workshops has been “Can we backup to Azure Backup directly from Azure Site Recovery?”

Clients that already replicate on-premises virtual machines to ASR, especially with limited internet bandwidth, would like the ability to backup directly to the backup vault from the replica copy of the virtual machine they have already seeded to Azure. Currently its necessary to setup a second seed to copy essentially the same data to a different location in Azure, one for ASR and one for the Backup Vault.

It seems an obvious suggestion to me, however the technicalities involved could be another thing. I imagine it depends how ASR stores the recovery images and as to whether its then possible to extract files for a file level restore should they be backup up to Azure backup.

I decided to add the suggestion to the Azure Feedback Forums and it will be interesting to see if there is any interest in the idea.

You can find the suggestion here if you want to vote or just check how its going Add Backup of VMs in ASR to Backup Vault



DR for VMware Virtual Machines and Physical Servers to Azure using ASR

Today (26th March 2015) Microsoft announced the Preview of Disaster Recovery for VMware Virtual Machines and Physical Servers to Azure using ASR. These new features of Azure Site Recovery build on the technology that InMage made available to Microsoft when it was purchased.

To read more on this and see the full feature list, check out this Azure blog Announcing the Preview of Disaster Recovery for VMware Virtual Machines and Physical Servers to Azure using ASR

System Center Virtual Machine Manager 'SCVMM'

Deploying SCVMM Technical Preview in HA

I have been playing with the Technical Preview of Windows Server and SCVMM and thought in this post I would document the configuration and deployment process involved for my two node HA SCVMM sandbox install.


The first thing to do is sort the couple of prerequisites that are required for the build.

  • Create a Service Account in AD for SCVMM (in this example SVC_VMM)
  • Download Windows Assessment and Deployment Kit for windows 8.1

Build Cluster Nodes:

Next, build two cluster nodes with Windows Technical Preview Server.

  • SCVMM01
  • SCVMM02

I have used the hardware guides for SCVMM 2012 R2 for this:

System Center 2012 R2 servers

Processor (min)

Processor (rec)

RAM (min)

RAM (rec)

Hard drive space (min)

Hard drive space (rec)

VMM Management Server (Less than 150 users)

Pentium 4, 2 GHz (x64)

Pentium 4, 1 GHz CPU

2 GB

2 GB

2 GB

2 GB

In addition I have assigned two NICs:

  • NIC1 Cluster Network
  • NIC2 Production Network

Once the two servers have been built, on each node:

1. Install Windows Server Technical Preview
2. Configure NIC1 with a private IP for inter cluster communication
3. Configure NIC2 with a production IP for communication to the rest of the production network
4. Rename the server
5. Join the server to domain
6. Add the Failover Clustering feature


7. Download the Windows Assessment and Deployment Kit for windows 8.1 and install the Deployment Tools and Windows Preinstallation Environment Features
8. Add the SCVMM service account to the local administrator group


Configure SCVMM Failover Cluster:

The next part of the deployment is to create the two node SCVMM cluster.

1. Open Failover Cluster Manger, right click on Failover Cluster Manager in the left window and select Create Cluster from the popup menu. This starts up the Create Cluster Wizard


2. Step through the wizard adding the nodes that will be part of the cluster, the cluster name and then confirm the cluster configuration before clicking the Next button


3. Once the cluster has been created, its possible to open it up in Failover Cluster Manger to check that the resource is up and there are no cluster events that need resolving.


Configuring Distributed Key Management in VMM:

NOTE: We need to configure the DKM because VMM is being installed in HA and its possible that the service may failover to another node in the cluster, under this scenario the second node also requires access to the encryption key to be able to access the VMM database. Therefore we need to store it in a central location such as a container in AD DS.

1. Open ADSI Edit (adsiedit.msc)
2. Right-click the ADSI Edit object, select Connect To, generally leave the default connection settings and click OK to connect to the Default Naming Context


3. Expand the connection object and then right click the domain’s container. Select New, then Object which opens the Create Object wizard


4. Select Container from object list, then click next before giving it a value of VMMDKM
5. Click Finish

When installing SCVMM we will require the DN of the container we have just created. It’s probably worth making note of this whilst we are still in ADSI Edit.


For Example: CN=VMMDKM,DC=contoso,DC=com

The final step to this is to give the service account created for VMM the required permissions on this container. Right click the CN=VMMDKM container you just created and select properties. Select the security tab and give the VMM Service account created earlier (in this example SVC_VMM) Full control on this object and all descendant objects.

Pre-create the VMM database:

1. Open up SQL Management Studio
2. Create a new database with the following settings:

  • Name: VirtualManagerDB
  • Collation: Latin1_General_100_CI_AS, but aligned with the specific SQL Server instance collation

3. Grant db_owner permissions for this database to the VMM service account
4. Grant SQL Server Roles for the VMM Service account of:

  • dbcreator
  • processadmin
  • securityadmin

Installing SCVMM:

Node One:

1. The first thing to do is extract the SCVMM Technical Preview .exe to a local folder location. I have used C:\Source\SCVMM_TP or similar. Open the folder and locate Setup.exe and run it


2. When the VMM installer splash screen appears, select the Install option which will begin the installation wizard
3. Select VMM management server. At this point the installer detects that the node is part of a cluster and asks if SCVMM should be installed in HA. Obviously select Yes then Next


4. On the next screen add your NameOrganisation Name and Product Code and click Next
5. On the next screen tick the box to say you have read the license agreement then Next
6. On the next screen yes or no to the Customer Experience Improvement Program (DEIP) then Next
7. Select the installation location and Next
8. Review any issues with prerequisite checks and then Next
9. Fill in the remote database information on the next screen with the details of the database created in the previous step, then click Next


10. On the next screen fill in the cluster resource name users will connect to the SCVMM cluster and then Next
11. Configure the service account and distributed key management then select Next


12. Accept the default ports unless you have a requirement to change any


13. No need to select a SCVMM Library as we are installing SCVMM in HA and need to complete this after our install. Click Next
14. Review installation summary and then click Install.


Node Two:

Essentially installing SCVMM on Node 2 is a rinse and repeat of the install steps on Node 1. The main difference is that as long as when the install is run, the cluster install option is again selected, node 2 will automatically pick up the DB settings, the service account, DKM and port details. Only the service account password will be required during the install on this node.


That’s it for this post!

At this point, the basic deployment of an HA SCVMM server has been complete, but I still need to configure and assign a SCVMM Library and then configure SCVMM ready to begin building the Hyper-V environment.


If anyone notices any mistakes, please don’t hesitate to let me know so I can resolve them, thanks.


SAN Replication and DR with Azure Site Recovery – Now Generally Available!

Today, Microsoft announced, the General Availability release of Enterprise-Grade Array-Based Replication and Disaster Recovery with ASR and System Center. This offers the ability to leverage replication capabilities of existing Storage Area Network (SAN) Arrays to enable high performance synchronous and asynchronous replication across on-premises Hyper-V Sites. Integrated with System Center Virtual Machine Manager (SCVMM) and Azure Site Recovery, managing the whole DR process.

To read more on this check out this Azure blog announcement Enterprise-Grade Array-Based Replication and Disaster Recovery with ASR and System Center – Now Generally Available!