Cloud security with Microsoft Antimalware

For those who were not too sure about moving into the cloud thinking that your VMs won’t be protected from security threats do not need to worry about with Microsoft Cloud. During TechEd Europe 2014 Microsoft has introduced Microsoft Antimalware, a cloud based security solution for your Azure tenants.

Microsoft Antimalware uses the same engine behind Microsoft Security Essentials and Forefront EndPoint Protection & Windows Defender. Some say that these not so great products but guess what? I’ve seen a POC where it caught 99% of security threats in a customer environment that was designed for security testing where all the other vendors were not able to get that far.

It’s actually a Security-as-a-Service products which will run real time and download all the heuristics and definitions directly from the cloud. And most importantly user interaction required is minimal in this as it would be running in background and intelligently protecting your workloads against security threats.

Lets see what is required to use Antimalware in Azure.

  • Windows Server 2008 R2 or higher OS. Windows Server 2008 & Server Technical Preview is not yet supported.
  • VM Agent – You can enable VM agent at the time on VM creation or enable it later.
  • Latest Microsoft Azure PowerShell SDK Tools which contains the PowerShell cmdlets for Antimalware should be installed.
  • Azure Storage account for antimalware event collection.

How it works

  1. By default this extension is installed in Cloud Services but has been disabled. You can enable it using PowerShell. Please refer here for complete reference of PowerShell cmdlets for Antimalware.
  2. For VMs you can install this via Azure Portal as below or use the PowerShell cmdlets.Microsoft Antimalware VM
  3. Use Visual Studio Server Explorer for Azure for installing in VMs
  4.  Antimalware service management APIs- both VMs & Cloud services.

So remember to use Microsoft Antimalware for Azure workloads from now on if you are not too sure about the security that Microsoft has in place already.

Azure Operational Insights | Agent Installation Explained

Microsoft has announced the all new Azure Operational Insights, the successor to System Center Advisor. It is an online service that allows you to collect statistics from your servers in your data center, analyze them and take proactive actions against any compliance issues. Apart from that Operational Insights allows you to keep you servers inline with change tracking and configuration management.

Today I’m going to discuss how do you connect your environment to Ops Insights. Actually there are two methods to achieve this.

  1. Connecting via SCOM Management server – You’ll need SCOM 2012 SP1/R2 server that is deployed in your environment for this. In this approach you’ll be collecting data from SCOM server by connecting to System Center Advisor service.
  2. Connecting to servers directly – We are going to discuss how do we enable direct connection to Ops Insights in this tutorial.

Prerequisites

  • An active Azure Operational Insights Subscription. You can request one free from here as it’s in public limited preview yet.
  • Microsoft Account/Organizational Account – This is required for signing up with Ops Insights subscription.
  • .NET Framework 3.5 should be installed in the server for enabling intelliTrace Logs. This is a PowerShell Interface to collect advanced application diagnostics data.

Installing Operational Insights Agent

  1. Download the Ops Insight Agent from here or you can sign into your Ops Insight Account and download the agent from there as below.Azure Operational Insights Installation 1
  2. Run the setup file on the server which you need to on board. Make sure that you have opened TCP Port 5723 for the agent communication.Azure Operational Insights Installation 2
  3. Accept the EULA and select the agent install location.Azure Operational Insights Installation 3 Azure Operational Insights Installation 4
  4. In the next screen select Connect the agent to Microsoft Azure Operational Insights option.Azure Operational Insights Installation 5
  5. Provide the Workspace ID & Key in the next screen. These values can be found on Ops Insights portal > Overview > Usage > Direct Server Configuration (Refer Step 1)Azure Operational Insights Installation 6
  6. Select whether you want to configure Windows update to automatically update the agent. I’ll leave that with default NO.Azure Operational Insights Installation 7
  7. Click Install and wait for the Installation to complete.Azure Operational Insights Installation 8Azure Operational Insights Installation 9
  8. Additionally you can change the agent setting through Control Panel > System and Security > Microsoft Monitoring AgentAzure Operational Insights Installation 10Keep in mind as a regular SCOM agent setup your server won’t be visible at once in the Ops Insights portal so give it some time at least 24 hours. Once your servers are connected you can configure Intelligent Packs to analyze your environment.

IIS Web site migration with Azure Website Migration Assistant

As I promised in my last post today we are going to migrate a simple IIS hosted web site to Azure websites.  Note that this tool only supports IIS 6.0 and higher versions.

For this demonstration I have used a standalone Azure VM with a static webpage. I admit that below website is ugly but it serves the purpose.

Azure Website Migration Assistant 17

Setting up Azure Websites Migration Assistant

  1. Navigate to https://www.movemetothecloud.net from your client PC or the IIS server itself.
  2. Click Dedicated IIS Server and then and then Install Tool. This will launch a Click-once Installation. based on my past experience with Click-once I strongly recommend you to use Internet Explorer. Also you can Download for offline use to install in another Server/PC. Note that there is an additional option to Upload an existing migration report which is described later.Azure Website Migration Assistant 1Azure Website Migration Assistant 2
  3. Click yes to Install Web Deploy.Azure Website Migration Assistant 3
  4. In the next screen it will check for all  the dependencies required for the migration. If required it will install the missing components.Azure Website Migration Assistant 4
  5. Choose Migrate sites and databases on the local server to azure option and click Continue, if your are running the tool inside your IIS server. If not select the second option and provide the administrative credentials.Azure Website Migration Assistant 5
  6. It will check for the websites and their relevant dependencies and will allow you to choose which websites you want to migrate. In my scenario I have a simple web page in Default web site so I selected same. Azure Website Migration Assistant 6
  7. It will generate a migration readiness report containing all the configuration information of your IIS instance and dependencies. You can click Upload to continue or Save it locally and upload at a later time. (Refer step 2)Azure Website Migration Assistant 7
  8. Azure will perform a readiness analysis based on the report you uploaded and reports if any errors are found. Click Begin Migration to continue.Azure Website Migration Assistant 8
  9. You will be prompted to provide your Azure credentials here. Azure Website Migration Assistant 10
  10. Select your Tenant, Subscription and the respective region that you want to deploy this website/s and click Start Migration.Azure Website Migration Assistant 11
  11. In the Migration screen it will allow you to customize site level and global settings for the migration such as website names, databases, database sizes etc… Since my IIS server is also an Azure VM I have provided it a name and changed the Site Mode to Free to avoid unwanted credit consumption. Click Create to begin the migration. Azure Website Migration Assistant 12 Azure Website Migration Assistant 13
  12. Migration Assistant will perform the actual migration and once migrated click Publish to publish your site to Azure. Also at the end of the migration if there is any error occurred it will immediately revert the migration and let you to report the error directly to Azure Team via e-mail.Azure Website Migration Assistant 14 Azure Website Migration Assistant 15Azure Website Migration Assistant 16
  13. There were no errors in my migration so the new site looks like below.Azure Website Migration Assistant 18
  14. Additionally if you look at your Azure Portal you can see the new website is running and you and further customize the site as you would do for a regular Azure website. (i.e scale up)Azure Website Migration Assistant 19

Introducing Azure Websites Migration Assistant

Do you want to migrate your IIS hosted web site to Azure easily? Thinking about all the headache that you have to face when doing so? Now it’s time that Microsoft has taken away that burden.

Azure Websites Migration Assistant lets you to migrate your IIS 6.0 or higher hosted website to Azure without any implication. This great tool will thoroughly examine your IIS web server, report back which web sites can be migrated and if there anything that cannot be migrated it will notify same. Just in a matter of few clicks you can migrate compliant websites along with their configuration files and back-end web databases.

How to migrate?

Just few easy steps.

  1. Port bindings (i.e http or SSL mappings)
  2. Application Pools
  3. Virtual directories and web applications
  4. Databases
  • Upload the migration report that you generate from the tool.
  • Migrate your website. You’ll have to enter your Azure credentials along with which region you want this site to run on.

In a later post I’m going to show you how to migrate a simple website to Azure Websites using Migration Assistant.

System Center 2012 R2 Update Rollup 4 is now available

During the breakout of TechED Europe 2014 we got some fantastic news on Microsoft technologies and the announcement for System Center 2012 R2 UR4. It seems every product except Orchestrator and Configuration Manager got something new. I thought giving you all little insight on what this means for two products that I’ve been working on.

Virtual Machine Manager

VMM now officially supports 64 bit versions of below Linux distributions to run as guest OS.

  • Red Hat Enterprise Linux 7
  • Oracle Linux 7
  • CentOS Linux 7

Also there is number of bug fixes that has been done with this version. You can find all the details from here.

Data Protection Manager

  • SQL 2014 workload protection is now available. But SQL 2014 is not supported as the backed database for DPM.
  • Both workload protection and to use it as DPM configuration database for SQL 2012 SP2 is available.
  • Simplified process to register a DPM server with a Azure Backup Vault.

It’s always better to wait a few days to apply this UR, I would do it in a test lab first to see for any issue. You can download the documentation and relevant update packages from here.

Assigning Static Internal IP for an Azure VM

If you are doing your DEV/Test in Azure and de-allocating your VMs frequently you may have noticed that the Internal IPs assigned to your VMs are changing. By nature Azure wants you to run your VM continuously to have a reservation for your Internal IPs as there are million tenants like you using Azure over the world and to ensure everybody gets equal service.

If you are running DNS server in Azure you need to have a static IP regardless you de-allocate the VM, you need the same IP to work next time to prevent name resolution conflicts. Today I’m going to show you how to assign a Static DIP to Azure VM and some of the best practices that you should keep in mind when assigning DIPs.

Keep in Mind

  • If you have both IaaS & PaaS services in your tenant (i.e VMs and Cloud Services) it is always recommended to keep them in different subnets if you are using DIPs. Just in case if you are de-allocating a VM with static DIP it prevents your cloud services from acquiring the same DIP if they are in the same subnet.
  • Only assign DIPs for workloads that needs them the most (i.e DNS). Again this is not a requirement but you’l have to worry less if you have only fewer configuration changes.
  • Always use a Virtual Network with subnets properly assigned. Otherwise it would be pointless to use a DIP as there won’t be any allocation at all.

Lets take a look on the process.

Check the availability of the IP Address

You have to make sure the IP Address that you are going to use from your IP Pool is available prior assigning.

Test-AzureStaticVNetIP –VNetName JCBVNet –IPAddress 192.168.1.5

In the above example I’m checking the availability of the IP address 192.168.1.5 for the Virtual Network JCBVNet.

Assigning Static DIP

For a new VM

Make sure you get your PowerShell cmdlets right. You can use variables instead of hard coded placeholders for parameters like -Name but again that’s upto you. Parameters like -ImageName has lengthier vaules to it is better to get the image name and store it in a variable when you pass the value to a cmdlet. Some of these parameters like -AffinityGroup are not mandatory but will be useful depending on your deployment. For a complete reference just bing (yes bing not google) the cmdlet name.

New-AzureVMConfig -Name jcbdipvm1 -ImageName $img –InstanceSize Small | Set-AzureSubnet –SubnetNames JCBVNet | Set-AzureStaticVNetIP -IPAddress 192.168.1.5 | New-AzureVM –ServiceName jcbdipsvc –AffinityGroup “jcbAG”;

For an existing VM

From my experience, it is always better if you can stop the VM before you perform this on a existing VM. This is because the Update-AzureVM cmdlets restarts the VM once it has assigned the DIP. If the VM was running it will take some time and believe me you don’t want that to happen on something like DNS server. If you have previously assigned a DIP you will have to remove it first.

Get-AzureVM -ServiceName jcbdipsvc -Name jcbdipvm2| Set-AzureStaticVNetIP -IPAddress 192.168.1.6 | Update-AzureVM

Removing a DIP

Get-AzureVM -ServiceName jcbdipsvc -Name jcbdipvm1 | Remove-AzureStaticVNetIP | Update-AzureVM

As part of the update VM will automatically receive a new IP address once it is restarted by the Update-AzureVM cmdlet.

It’s not rocket since if you read carefully. This is very useful for a production environment or if you have a lab environment that is not going to be running continuously to save Azure credits but still require static IP addresses for the workloads. My advice is to learn PowerShell a bit before you deal with Azure or you can keep blaming the platform not being good enough. (Which is so not true.)

Microsoft Virtual Machine Converter 3.0

Recently Microsoft has announced the latest release of MVMC 3.0, a standalone product by Microsoft for P2V & V2V conversion. After System Center 2012 SP1 there were no built in support for P2V conversion in the VMM so as IT PROs we had to rely on MVMC & Disk2VHD.

What’s new?

  • P2V conversion of Windows 2008/ Windows Vista or above operating systems has been included in this version. Being said that those who want to convert legacy Windows OS up to Windows Advanced Server 2000 SP4 can still leverage Disk2VHD.
  • Native PowerShell capability that can be integrated with System Center Orchestrator workflows.
  • Conversion of Linux guest operating systems from VMware to Hyper-V

Prerequisites for MVMC 3.0 Installation

  • Windows Server 2012 R2/Windows Server 2012/or Windows Server 2008 R2 SP1
  • Microsoft .NET Framework 3.5 and .NET Framework 4 (MVMC on Windows Server 2008 R2 SP1)
  • Microsoft .NET Framework 4.5 (MVMC on Windows Server 2012/R2 or Windows 8/8.1)
  • For PowerShell cmdlets released with MVMC 3.0 requires Windows PowerShell Runtime 3.0 and these will only function on Windows Server 2012 R2 or Windows 8.1 or above.
  • Bits Compact server windows feature should be installed
  • Visual C++® Redistributable for Visual Studio® 2012 Update 1

What MVMC can do?

  • P2V Conversion (Windows Server 2008/Windows Vista or above)
  • V2V Conversion (VMware to Hyper-V)
  • V2V Conversion (Hyper-V to Microsoft Azure)

You can download and try this great tool from here.

Azure Site Recovery | Things you should keep in mind

Hi folks, we have successfully deployed an ASR solution throughout this series and today we are going to look at some FAQs people have. First lets take a look at how to clean the demo environment that we setup for ASR.

Cleanup your ASR Deployment.

There are actually two ways to do this.

  1. Remove the VMM server from registered servers in ASR Vault. This will disassociate the VMM server with your ASR vault. But yet again you will need to remove storage account and ASR vault manually from Azure portal if you don’t require them any longer. Although you may need to remove obsolete registry entries of the VMM server as described in here.
  2. Use the Cleanup script from TechNet. This is useful when you no longer have access to the Azure account. It’s quite simple actually. All you have to do is run the PowerSehll Script in the VMM server that has been registered with ASR. Actually this script will remove the registration information and cloud pairing information  of the protected clouds of the  VMM Server from Azure. Assuming you are not the administrator of the Azure account using this script is much more safer.

Also you can disable the protection of VM separately. Refer this article from TechNet in order to achieve this.

Lets take a look on some common FAQs related to ASR

Q. I have a existing VMware environment. Can I leverage ASR for DR in my environment?

A. Yes & No. For VMware workloads Microsoft has a separate product called Microsoft Migration Accelerator. You can use this to move your VMs to the cloud from AWS or VMware. In order to provide replication Inmage Scout by Microsoft is the best tool.

Q. What are the system requirements for ASR?

A. Note that ASR doesn’t support VHDX file format yet as it is not available is Azure still. Also there are number of compliant Linux distros that are supported as Guest OS.

  • An Azure Subscription
  • Management certificate
  • System Center Virtual Machine Manager 2012 R2
  • Windows Server 2012 R2 Hyper-V – used as VM host
  • Gen 1, fixed disk .vhd VMs in Hyper-V
  • Guest OS Windows Server 2008 or later

Q. I have full System Center suite deployed in my environment. How can I leverage that with ASR?

A. As all our system center products support Microsoft Azure, this depends on how you want use them with Azure. For an example you can use Orchestrator runbooks for automatic fail over to Azure, SCOM to generate alerts during fail over window etc…

Q. How can I get the pricing information for ASR?

A. Visit this link to learn more about the product and pricing

Azure Site Recovery is a emerging and continuously evolving product. With the announcement of vNext of System Center & Windows Server platform we can expect lot of new & exciting features with Azure pretty soon.

Azure Site Recovery | Testing & Configuring Fail over to the Cloud

To test the ASR fail over you can create a Recovery Plan which contains multiple VMs or test the fail over for a single VM. However it is important that you create recovery plans for your production environment in order to specify how the fail over should happen. Let’s take each scenario and see how we can address them.

Important

  • Should your require to RDP after you fail-over your VM to Azure, you must enable Remote Desktop Connection in on-premise VM before you do test or actual fail over. This is a MUST. Also same should be done with SSH access for Linux VMs.
  • After the test fail over you’ll use a public IP address to remote into the Azure VM. In this case make sure your firewall doesn’t restrict that address. If you have configured the network mapping then you’ll get a private IP from your on-premise network. So you still RDP into LAN. I’d use this only after I have created a production recovery plan and use same for actual fail over.

Test Fail over from on-premise to Azure

In a test fail over you simulate the actual fail over sequence before you move it into production. For that you’ll need to choose between an existing isolated VM network or you can select NONE so that your test fail over will be done in an isolated environment without a VM network attached. Note that once you complete the test, Microsoft Azure will remove all the items like the test  VM that was used to simulate the test.

Test Failover (1)

  • Select the VM network that you want to test the ASR. This should be a separate VM network or you can select NONE.

Test Failover (2)

  • You’ll need to create an End Point to allow RDP to the test VM. It’s pretty much straight forward as below.

Add End Point Test Failover (1) Add End Point Test Failover (2) Add End Point Test Failover (3)

 

  • Once RDP end point has been created you can try remote into the test VM and see everything fits.

Test Failover (7)

  • Remember you still need to complete the test in order to clear the test deployment as below.

Test Failover (4)

  • It will prompt you to comment on the test scenario. Select the check box to clean up the environment.

Test Failover (5)

  • Once the environment is cleaned and the test is done you can see the status of the test fail over as all complete.

Test Failover (6)Creating Recovery Plan

For production deployment you’ll have to create a recovery plan. It will run a sequence of actions that you define to perform the fail over. You can customize the plan to include VM groups to specify start sequences, scripts to run once fail over sequence starts etc… Refer this article from TechNet for more information on customizing the recovery plan.

Create Recovery Plan (1)

  • Select Source and Target followed by the VMs that needs to be included in this recovery plan.

Create Recovery Plan (2) Create Recovery Plan (3)Performing a production fail over

Planned fail over is always pre – planned. For an example you want fail over your corporate web site at the end of each month when you update the web site. In such situations you can leverage ASR to plan it first hand, which VMs start first, any clean up tasks that should run etc.. Additionally you can configure an orchestrator workflow to automate same if you are using system center.

Unplanned fail over is more robust. This can be leveraged in a disastrous situation. It is something that you do not expect but you can create  DR recovery plan for this

Let’s see how to work with a planned fail over. Note that steps are same for both planned and unplanned.

  • Select Planned Fail over from the menu. Here I have only select the VM that I need to fail over. You can select a recovery plan that include multiple VMs if you need.

Planned Failover (1)

  • Select the fail over direction. Since this is fail over it would be from on-premise to Azure.

Planned Failover (2)

  • Let the process continue. As this depends on the network speed and size of the VM this may take some time.

Planned Failover (3)

  • Once the fail over is done as above  you’ll have to commit the fail over. Once it is committed your VM will be up and running from the cloud.

Planned Failover (4) CommitFail back to original state

Once you completed the fail over  you’ll need to move back to on-premise VM. Let’s see how you can do that. I have done this is again for a single VM not for a recovery plan to save time.

  • You may notice that the VM in on premise VMM is in a halt status once the fail over has been done.

Reverse Fail over (1)

  • Select the VM from Recovery Services and select the fail over accordingly. If you did planned before select planned again. I have selected the second option to minimize the fail over time but it’s up to you whether you want to go back to pre – fail over state or not.

Reverse Fail over (2)

 

  • You’ll notice that several actions are skipped in the fail back job as we are syncing only the data that has been changed during the fail over window.

Reverse Fail over (3)Reverse Fail over (4)

  • If you have selected Synchronize data before fail over option additionally you’ll have to select Complete Fail Over button in the job window.

Reverse Fail over (5)

  • To complete the fail over click Commit Button.

Reverse Fail over (8)We have successfully configured fail over scenario from on premise Azure. In the last post of this series lets discuss the best practices, hiccups and how to clean the ASR configuration in VMM in a demo VMM environment.

Azure Site Recovery | Setting up the Environment

In this post we are going to see how to setup ASR for VMM clouds. For this scenario I have used one VMM cloud called ASR Cloud that contains one Windows Server 2012 R2 Standard VM. Also I have another Linux VM in this cloud that is also protected using ASR.

Create the Azure Site Recovery Vault

  • Login to the Azure Portal
  • Click NEW
  • Click Recovery Services
  • Select Site Recovery Vault
  • Give it a proper name and select your region of preference. Make sure you use the same region across all your ASR components to avoid sync issues.

Create ASR Vault Creating a Storage account for ASR

Creating a storage account is pretty much straight forward. But make sure you select the same region as your ASR vault and Geo Redundant as the replication type.

Create Storage AccountInstalling the  Azure Site Recovery Provider in VMM Server

  • Click the Site Recovery Provider you just created and select “Between an on-premises site and Microsoft Azure” from the drop down list.
  • Click generate Registration Key and save the registration key.

Generate Registration Key

  • In the Dashboard select and download the Microsoft Azure Site Recovery Provider for Installation VMM servers
  • Double click the setup file and install the Provider.
  • Select the check box to automatically restart VMM service after the installation.

Installing ASR Provider (1)

  • Opt out Windows Update if you don’t wish to proceed with  the automatic ASR provider updates.

Installing ASR Provider (1)

  • If you have a proxy enabled for Internet connect specify the settings.

Installing ASR Provider (3)

  • Select the generated certificate so it will detect the vault automatically.

Installing ASR Provider (4)

  • Select Synchronize Cloud Meta data  check box so that it will sync the metadata of your VMM clouds with ASR. This step is optional so consider this if it doesn’t conflict with your organizational policy. This happens only once and you can sync each cloud in your VMM individually in the cloud properties of VMM.
  • Data Encryption option allows you to provide a SSL certificate that will be used in data decryption between On-premise to Azure. This needs to be kept safe as you will need it to perform a fail over from on-premise to cloud if you supplied one here.

Installing ASR Provider (5)

  • The ASR Provider is complete and the wizard will tell you if your VMM sever has been successfully registered with the ASR service or not.

Installing ASR Provider (6)Installing the ASR Agent for Hyper-V Hosts

  • Click the Site Recovery Provider you just created and download the Agent for Hyper-V Hosts from the main page.
  • Make sure pre-requisites are met before proceeding with the installation.Installing ASR agent for Hyper-V (1)

Configuring Cloud Protection

Now that you have successfully installed everything required it’s time to configure the protection settings for the cloud that you need to be protected by ASR.

  • Click Set up protection for VMM clouds on the quick start page
  • Click the cloud that you need to protect from Protected Items tab and then click Configure.
  • Select Microsoft Azure as the target.
  • Select the storage account you have created for ASR VMs.
  • Turn off Encrypt stored data – whether data should be encrypted and then replicated between the on-premises site and Azure.
  • Leave the default value for Copy frequency – This defines the replication frequency between the two sites. Once this has been set it can be only changed from here itself not from VMM.
  • Leave the default value for Retain recovery point – Zero means that only the latest recovery point for a VM is stored on a replica host server.
  • Leave the default value for Frequency of application-consistent snapshots. – This value defines how often you need to create snapshots for your VMs. If you supply a value here make sure it is always less than the number of recovery points specified earlier.
  • Enter a value for Replication start time for the initial replication of data to Azure.

Configure Cloud Protection (1) Configure Cloud Protection (2)

Once you click save it will start the initial replication between your on-premise VMM server to Azure. Note that this will take some time depending the size of the VHD. If you need to view the status of the replication you can click Jobs tab and see individual details for each job.

Configure Network Mapping

You can safely test the fail over in an isolated environment. However for a planned or unplanned fail-over to happen seamlessly you should map an Azure VM network with your on-premise VMM VM network. You can follow below two guides from Microsoft to setup Network Mapping.

  1. Prepare for network mapping
  2. Configure network mapping

Network Mapping (1)Network Mapping (2)

Enable Protection on VMs

Now we can enable protection on VMs. Please note that some of the below screenshots refer the Linux machine I have on my VMM cloud but don’t worry steps are same for Windows server VMs as well.

  • Select the VM from VMM and click properties
  • Click Configure Hardware section
  • Click Hyper-V Recovery Manager and click the Enable Hyper-V Recovery Manager protection for this VM check box.
  • Select the desired Replication Frequency. This is defined in Protection settings of the Cloud in Azure portal.
  • Click OK to update the configuration change on VM.

Enable Protection on VM (1)

  • Go to Azure portal and select the ASR Service, on the Virtual Machines tab in the cloud in which the virtual machine is located, click Enable protection and then select Add virtual machines.
  • From the list of virtual machines in the cloud, select the one you want to protect.

Enable Protection on VM (2)Enable Protection on VM (3)

Job progress can be viewed from Jobs section.

In the next post I’m going to demonstrate how to configure recovery plans, perform test, planned or unplanned failovers for your VMs.