O365-email-encryption-using-office-365

Here is the step by step guide on how to configure Email Encryption using O365. The content of this article was performed in a test environment and tested to be working as expected.

Why Email Encryption?
In the Digital era, Emails have become most sophisticated means of communication. Given the current technology, the traditional email system is less secure and it becomes easy to access/read what is being sent by others since most of the email communication happens as clear text. For a better and safer email communication, Email encryption is the only recommended solution.
Having said that, Office 365 message encryption is the most reliable and efficient method of email encryption that is available today. With O365, one’s information remains secure and allows users to send and receive encrypted emails. The recipients can be internal or external to one’s organization and can be on any messaging platform.
Advantages:
 The Recipients is ‘only’ expected to have a valid email address, regardless of the backend email system or domain.
 Recipients can access this message on any device (Browser compatibility).

Contents:
• Setting up Office 365 Message Encryption?
• Set up Azure Rights Management for Office 365 Message Encryption
• Disable IRM templates in OWA and Outlook
• Create Transport Rules to Encrypt Messages

Setting up Office 365 Message Encryption

NOTE:
1. RBAC version should be updated (contact support to verify the current version).
2. Encryption rule (Transport Rule) to be created in the EMC.

Steps to configure:
1. Check the current RBAC version using the following PowerShell command.

Get-OrganizationConfig | fl *rb*

2. As called out earlier, please reach out to Microsoft Support to get the RBAC version updated (if required).
(Microsoft Support usually takes 2-3 business days to get the RBAC version updated)

Pre Update:

 Post Update:


3. Login into O365 admin portal (http://portal.microsoftonline.com)
4. SelectSERVICE SETTINGS on the left pane
5. Go to Rights Management

6. Under RIGHTS MANAGEMENT, click Manageon the right as shown.

7. In the Rights Management page, click Activate

8. A warning window would popup. To confirm activation, click Activate

9. Once activated, we would get a confirmation screen which would show the right management to be activated.

Set up Azure Rights Management for Office 365 Message Encryption
Now that we have the rights management activated, it’s time to setup Azure

1 Login to azure active directory (runas administrator)

2 To connect and import the session, run the following command and Choose Y.
Set-ExecutionPolicy RemoteSigned(Help topic:http://go.microsoft.com/fwlink/?LinkID=135170)

3 Post keying in the credentials, use the following command to Import the session.

$cred = Get-Credential $Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri
https://outlook.office365.com/powershell-liveid/ -Credential $cred -Authentication Basic –AllowRedirection
Import-PSSession $Session
4 After importing the session, use the Exchange Management Shell to configure the RMS Online key sharing location in Exchange Online. Use the RMS key sharing URL corresponding to your location.

Location

RMS key sharing location

North America

https://sp-rms.na.aadrm.com/TenantManagement/ServicePartner.svc

European Union

https://sp-rms.eu.aadrm.com/TenantManagement/ServicePartner.svc

Asia

https://sp-rms.ap.aadrm.com/TenantManagement/ServicePartner.svc

South America

https://sp-rms.sa.aadrm.com/TenantManagement/ServicePartner.svc

Office 365 for Government
(Government Community Cloud)

https://sp-rms.govus.aadrm.com/TenantManagement/ServicePartner.svc 1

5 In the example below, we have used ASIA location. Before we set, check IRM configuration using the below command.
PS C:\Windows\system32> Get-IRMConfiguration

10. Set up Key location using the below command let.
PS C:\Windows\system32> Set-IRMConfiguration -RMSOnlineKeySharingLocation https://sp-rms.ap.aadrm.com/TenantManagement/ServicePartner.svc

11 Import the Trusted Publishing Domain (TPD) from RMS OnlineImport-RMSTrustedPublishingDomain -RMSOnline -name “RMS Online”

12 Verify successful setup of IRM in Exchange Online
Test-IRMConfiguration –sender user@domain.com

Test results
PS C:\Windows\system32> Test-IRMConfiguration -sender User@domain.com

Disable IRM templates in OWA and Outlook

Now, it’s time to disable IRM templates in the clients as part of the set-up. Run the following commands to disable the client access and enable internal licensing.

1 Set-IRMConfiguration -ClientAccessServerEnabled $false

2 Enable IRM for Office 365 Message Encryption
Set-IRMConfiguration -InternalLicensingEnabled $true

3 Confirm the IRM ConfigurationGet-IRMConfiguration

Create Transport Rules to Encrypt Messages

The following settings are to be performed in the Office 365 admin portal to enable encryption.
1 Open the Office 365 Admin Portal (https://portal.microsoftonline.com)
2 Open Exchange Admin Center

3 Under Mail Flow, click the + and create your transport rule. I have created two simple rules for reference.

 

 

4 This sample rule would encrypt anything that is sent external with an attachment larger than 1MB.

 

5 Save the rule before exiting the window.

6 Now, user can start sending encrypted email. The below samples would show how an encrypted email is being sent.

7 When a user wants to send an encrypted email, the sender is expected to type “Encrypt” in the subject line.

8 At the Recipient’s end, the user would receive the email as below.

9 To view the message content, the recipient is expected to open the attachment in the email.

10 To view the message content, the recipient is expected to open the attachment in the email.

11 The recipient would receive the one-time passcode on a separate email.

12 Continue, once after entering the one-time password. The encrypted email would decrypt and the recipient will be able to see the content of the email.

With this O365 email encryption is complete. It’s a one-time activity. The users are expected to type “encrypt” in the subject line of any email to be encrypted. Encryption as a standard practice will help to protect your information and prevent the unauthorized access. Get in touch with us to know more.

Written by Lakshmanan

Lakshmanan is a Technology Specialist in Kryptos. He is a tech savvy person with deep knowledge in Exchange, Windows & handles office 365 migration at Kryptos. He is a MCITP certificate holder who keeps expanding his knowledge by reading and learning a lot. He spends his free time with his family and loves playing cricket.

Double take configuration

In today’s IT world, the magical word that drives all businesses is “Zero Downtime”. More than a requisite, it is the key for any organization to deliver exceptional customer experience. With data availability being the key to achieve zero downtime, Double take would be one of the best solutions.

Double Take is a data recovery solution for Microsoft windows server to protect the business critical data from loss without downtime. Disaster Recovery plays a vital role in any IT strategy and one need to have a proper DR plan in place based on the business requirement. Double take enables to replicate data, application to any storage without any disruption. This article would walk you through systematic configuration of Double take.

 

Basic Operations:

Double take performs 3 operations.

  • Mirroring
  • Replication
  • Failover

 

  • Mirroring

By mirroring process, the data from the source will be replicated to the target and would enable high availability. The Double-Take solution mirrors all of the selected data that included the file attributes and permissions.

  1. Identical files are not mirrored.
  2. New files, different files can be mirrored.
  3. Checksums can calculate blocks of data to be mirrored.

• Replication

Double-Take replication process enables to track the changes at the file system level. Replicating is a more efficient method of maintaining a real-time copy and transmit of file to the target server.
1. A user or application updates part of a file.
2. Only the changed portion of the file is replicated to the target.
3. An up-to-date copy of the file is maintained on the target.

• Failover
Failover is the process in which a target stands in case of the source fails. As a result, user and application requests that are directed to the failed source are routed to the target.

Double-Take monitors the source status and tracks the requests and responses exchanged between the source and target. When a monitored source does not respond to the target’s requests, Double-Take assumes that the server has failed. Double-Take initiates the failover if it is configured automatically, if not, it stimulates the network administrator. The failover target assumes the identity of the failed source, and user and application requests destined for the source server or its IP address(es) are routed to the target.

Prerequsites:

  • Double take Availability Applications should run on a separate server.
  • Source server and Destination server should be on the same operating system.
  • Minimum Memory and hard disk should be 2 GB and 33 GB respectively.
  • Both servers should be in the same domain.

Installing Double-Take Availability Software

STEP 1:

  • Launch the Double-Take installer and select Double Take Availability to begin the installation process.

  • In the next few steps, you will be prompted to install pre-requisites and perform a check for an updated installer from the manufacturer website.
  • It is highly recommended that you accept all updates and prerequisites automatically applied by the installer.

STEP 2:

  • Select Client and Server Components to install the application and the management utilities.
  • Install the management utilities on both servers, as they will be needed in the event of a system failure.

STEP 3:

  • Enter the activation code provided by the manufacture for this deployment and click Add. Once the code is accepted, click Next to continue.

STEP 4

  • Specify the amount of RAM to be dedicated to the Double Take application. While the minimum requirement is 512MB, it is recommended that we allocate at least 1024MB of RAM.

STEP 5:

Continue through the installation process until the wizard is complete. The Double-Take application server is now installed and ready to be configured.

Configuring Double-Take Data Replication

STEP 1

  • Choose Start > Programs > Double-Take and load the Double-Take Console. From the Tasks menu, choose Add Servers.

 

STEP 2

  • Enter the hostname of the primary server in the Server box. Enter a valid user name and password with administrator permissions on the host, and click Add. Repeat this step to add the destination server, and click OK to exit the wizard.

 

STEP 3

  • Click the Manage Servers icon at the top of the console and verify that both hosts have been added.

If it throws an error, delete the hosts and add them again post verifying the credentials entered.

STEP 4

  • To configure replication, right click the server icon and select protect in the list.

STEP 5

  • Choose the Workload types to replicate.
  • The source server is the replication master that will hold the primary dataset that will be mirrored to the destination server
  • Then, click next and the next page would let us choose the Destination Server.

STEP 6

  • After selecting the destination server, in the next page,we need to configure the SET OPTIONSunder the Failover identity select Retain Target Network Configuration and then enable Update DNS Server.
  • In the DNS OPTIONS, give the credentials of the DNS servers which would be updated during failover, by clicking Change
  • Select the Target IP Address by clicking the drop down menu.

STEP 7

  • Under the Reverse Protection and Routing Select the Target Server Route.
  • Then Enable the Reverse Protection and mention the Reserved IP Address for both source and Target Servers.
  • Under the Compression tab, enable the Compression and select as medium. Then Click Next to Continue.


Step 8

Migrating Services to a Failover Server

  • After Completing the Step 8, Double Take will review the checklist automatically. Once done, Click finish. (Avoid Warnings and click finish).
  • Under the Manage jobs, you will see the files and data synchronising between source and destination. It takes a Few minute to complete the Synchronising.
  • After completion of synchronising,the source server is ready to protect. When the source server fails, the destination server will give the Failover option.


STEP 9

  • Here, the Source system is ready to failover. Now we can shut down the source system.

  • After the source server shutdown, then the double take management service cannot communicate with source server and it will make decision as – met failover.
  • Now, click the Manage Jobs icon and select the job to failover.
  • If the primary server is offline the job will show in failed state.
  • Right-click the job and choose Failover from the menu to start the failover wizard.

 

STEP 10

  • Select the Fail over live data radio button and click Failover to transfer services to the secondary server.
  • Once the failover job is submitted, the IP address from the primary server gets configured on the secondary server and it appears on the network as the primary server.
  • During the time of failover process, the destination server will be restarted automatically and you will see the source server data and files in the destination server (it changes the source server now).

STEP 11

REVERSE MIGRATION:

  • When the primary server becomes active (on state), it is kept as a destination server so that when the current Source server fails, it takes the reverse option to take the Destination server by giving the reverse option.
  • Turn on the primary server (172.16.36.214)

  • While it turns on, it is kept as a Stand by only. When the current server fails then it takes over the Secondary server.
  • After giving the reverse migration, the server 172.16.36.214 becomes Secondary and 172.16.36.181 becomes Primary.*IP taken from the example
  • When the primary server 172.16.36.181 fails, it would again failover to 172.16.36.214.
  • It takes some time to restore the files. After completion of restoring the server (172.16.36.181), it is kept as primary and the 172.16.36.214 as a secondary

With this, the Double take configuration is complete and would enable us to reduce downtime & increase availability of resources. Be it a small or larger enterprise data recovery is very important, so for a BCP (Business Continuity Planning) Double take is a proper solution to consider to protect your application and server. If you have any questions about Double-Take, drop us an Email.

Written by Pasupathi

Pasupathi, an enthusiastic and a go-getter working as a Junior- Technology Specialist in Kryptos handling Exchange, O365, Azure, AWS, Citrix and VMware virtualization. He is Microsoft certified solution expert, Azure Infrastructure Architect and AWS Certified Solution Architect. He is a gadget freak and finds time to pen down his thoughts as poems.

Do you wish to migrate simple

O365 E-mail migration needs to be approached with accuracy and diligence, failing which can lead to a Pandora’s box of mailbox issues.

  • Organisations try to perform migration services in-house, increasing workload for its valuable people resources who should be delivering on their core competencies. And this results in poor productivity & resource management.
  • Organisations that value their core competencies and pursue them diligently never give their time away trying to manage what can be outsourced, E-mail migration services for example.
  • O365 migration of mailboxes can become complicated without the right support.

That is why the choice of your Office365 E-mail migration services partner becomes crucial. It is the first giveaway about how smart you are as a business.

Kryptos presents the best O365 e-mail migration services now on a special offer.
We call it
MigrateSimple

With 12 months of Email management & Support @ Zero Cost

6 Reasons your Microsoft O365 Migration Partner should be Kryptos

Low Costs Increased Efficiency 24/7 Support
Client Testimonials White labelled services Professionalism

This is the difference between ‘working’ and ‘working smart’. We set up your mailboxes, handle your e-mail migration, & customise it for your needs. The MigrateSimple Offer does all of these & more at an attractive price.

We have had multiple successful migrations with this offer and continuing. Our clients are experiencing true ROI and the leverage their businesses can get, by working with us. We are in the last leg of the offer and we want you to take advantage of it.

Talk to our experts for more details.

Enquire Now

Replicate vmware virtual machines to azure

when deciding to Migrate workloads from on-premise VMware platform to Azure.

NB : This post also includes the possible actions (when applicable) to make in order to migrate the workloads to the Azure Resource Manager stack (IaaS V2)

1- What are the migration paths

There are many migration paths which can be used, but each one have it’s own advantages and disadvantages. The following table shows the different paths that will be discussed in this article:

  • Extend the application roles to Azure
  • Manual upload of the Virtual Machine’s virtual hard disks to Azure
  • Use MVMC (Microsoft Virtual Machine Converter)
  • Use Azure Site Recovery

2- Migration paths description

In this section, the different migration paths presented on 1- What are the migration paths. will be detailed, and the advantages and disadvantages of each one will be presented.

2.1- Extend the application roles to Azure

2.1.1- Description

This this the first path that can be took to migrate workloads to Azure. It depends on the application itself, and it’s not related to the OS underlying stack (Physical, Virtual, VMware or Hyper-V…).

This approach is only possible for application and workloads that supports high Availability or Load Balancing over multiple instances, and usually does not require using third party tools.

Example:

Active Directory Domain Services : If you have one domain controller, you can add an additional domain controller to your topology. This way, users or resources using these DCs can authenticate on either the first or the second DC. The migration path will be the following .

  1. Add a second domain controller on Azure
  2. Verify that users, servers and the other resources can successfully authenticate using the domain controller on Azure
  3. Transfer the FSMO roles to the Azure DC
  4. Stop the on-premise DC

–> This way, you migrated the ADDS infrastructure to Azure, in a transparent way, with zero downtime.

The following are the general steps that can be followed for any application that supports extending:

  1. Create 1 or more virtual machines in Azure. These VMs will hold the application roles that will be extended. The OS and VM configuration depends on the application.
  2. Extend the application role to the (or more) virtual machine in Azure
  3. Verify that the new server in Azure is operational and can handle the application services and requests. (A test plan should be run)
  4. Plan a transition step to ‘cut’ the on-premise server. This way, only Azure servers are requesting the application services.

The following ‘services’ can generally support this migration path:

Service:

Web services (IIS, Apache…) — The Web services generally support Load Balancing. Extending a Web service farm is usually supported.

The following the Pro and Cons related to this migration path:

Pro:

  • Does not require resort to third-party tools
  • Zero or near-zero downtime Fast and guaranteed rollback

Cons:

  • Different extension method for each type application
  • Need specialized people, for each product to be extended
  • Change of the application configuration Not applicable for standalone applications

2.2- Manual upload of the Virtual Machine’s virtual hard disks to Azure

2.2.1- Description

This this the second path that can be took to migrate workloads to Azure. This time, it doesn’t depend on the application.

This approach is applicable for both virtual and physical servers. And may need prerequisites prior to start the migration itself.

The next paragraph describes the different steps to successfully migrate workloads using this method:

Physical servers

  1. The physical server disks should be converted to the VHD format. There are two possible manners to do it :
  2. Use Disk2VHD : This tool can make an online conversion of physical server’s disks to VHD files format. The obtained VHDs are a consistent point-in-time snapshots of the converted volumes. (Only for Windows supported operating systems, Linux operating systems are not supported)
  3. Convert the whole Physical server to a virtual machine. There are two ways to finally obtain the desired VHD format
  4. If your target virtualization stack is VMWare :
  5. You can use VMware vCenter Converter. This tool will allow the P2V (Physical to Virtual) conversion of you physical server to a VMWare virtual machine.
  6. You should convert your VMDK disks to the VHD format. This can be done via several ways :
  • If you have a Hyper-V virtualization platform: You can make a V2V conversion of the VMware virtual machines to Hyper-V virtual machines. That way, you will obtain the desired VHD format. The following blog (Link1, Link2) describes the way to convert VMWare VMs to Hyper-V VMs
  • You can convert directly VMDK virtual hard disks to the VHD format using conversion tools like MVMC (Link1, Link2) or third-party tools like Starwind V2V converter (Link1). But i recommend using MVMC
  1. If your target virtualization stack is Hyper-V : Use MVMC to make a P2V conversion toward a a Hyper-V server (Only for Windows supported operating systems, Linux operating systems are not supported). Choose the VHD format for the disks type.
  2. Upload the machine VHD files to Azure. The best two options to use:
  3. For fixed VHD files format : Use AzCopy
  4. For dynamic or fixed VHD files format : Use Add-AzureVHDpowershell command. Follow this blog to optimize the usage of this tool
  5. Creation of the virtual machine using the uploaded virtual hard disks : Use the Provisioning script to create a virtual machine from an existing virtual hard disk.

Virtual machines

  1. The goal is to obtain the virtual machines disks under VHD format
  2. If your virtualization stack is VMWare: You should convert your VMDK disks to the VHD format. This can be done via several ways :
  3. If you have a Hyper-V virtualization platform: You can make a V2V conversion of the VMware virtual machines to Hyper-V virtual machines. That way, you will obtain the desired VHD format. The following blog (Link1, Link2) describes the way to convert VMWare VMs to Hyper-V VMs
  4. You can convert directly VMDK virtual hard disks to the VHD format using conversion tools like MVMC (Link1, Link2) or third-party tools like Starwind V2V converter (Link1). But i recommend using MVMC
  5. If your virtualization stack is Hyper-V : Hyper-V supports 2 formats : VHD and VHDx
  6. If your virtual machines disks format are VHDx : You should convert the VHDx files to VHD. For that you can the powershell command Convert-VHD
  7. If your virtual machines disks format are VHD : No steps to be done
  8. Upload the machine VHD files to Azure. The best two options to use:
  9. For fixed VHD files format : Use AzCopy
  10. For dynamic or fixed VHD files format : Use Add-AzureVHDpowershell command. Follow this blog to optimize the usage of this tool
  11. Create a virtual machine using the uploaded virtual hard disks : Use the Provisioning script to create a virtual machine from an existing virtual hard disk.

2.2.2- Pro and Cons

The following the Pro and Cons related to this migration path:

Pro:

  • Does not require a change to the application configuration
  • Does not require application experts
  • Fast and guaranteed rollback, Applicable for standalone workloads

Cons:

  • May take long time (Conversion + Upload = Hours)
  • Require server downtime (hours)
  • Several prerequisites
  • Manual process, Not supported for all Operating Systems

2.3- Use Microsoft Virtual Machine Converter (MVMC)

2.3.1- Description

This this the third path that can be took to migrate workloads to Azure.

This approach is applicable only for virtual machines residing on supported VMWare hosts (ESX/VSphere/VCenter)

The next paragraph describes the different steps to successfully migrate workloads using this method:

NB : Because the current version of MVMC (3.1) does not support Azure Resource Manager storage containers, extra steps will be conducted to successfully make the migration. These steps will be marked with green color.

  1. Install the MVMC tool on a server which ‘preferably’ belongs to the same network as the VCenter server. The following details the installation prerequisites (Link1). You can download MVMC from the following link (Link2)
  2. Make the following steps as prerequisites to use MVMC to migrate VMWare VMs to Azure. The most important step is to upload a management certificate to Azure (Link1)
  3. Create a classic (V1 Azure Service Management) storage account where the VHDs will be uploaded. This storage account will be used as an intermediate during the migration
  4. There are two options which can be used to convert VMWare virtual machines : Using the MVMC graphical wizard, or use the MVMC cmdlets.
  5. Use the MVMC GUI : Follow this link and follow the steps to connect to a VCenter/ESX server and convert/upload VMware Virtual machine VHDs to the already created storage account in step 3 (VMWare to Azure using MVMC GUI)
  6. Use the MVMC cmdlets : The following document contains a sample script which can be used to convert and migrate VMware virtual machines to Azure. Download the MVMC_cmdlets.doc from the following link (MVMC_cmdlets.doc)
  7. Move the uploaded virtual hard disks from the temporary classic storage account (created on step 3) to the target storage account (ARM) where the virtual machine storage should reside. The move can be easily done via few steps using the Start-AzureStorageBlabCopy Azure powershell command. Use the ‘Initiating an Asynchronous Copy Request (authenticated source)‘ section (Copy VHDs between Azure BLOBs). You should install Azure Powershell as a prerequisite (Downland Azure Powershell)
  8. Create a virtual machine using the uploaded virtual hard disks : Use the Provisioning script to create a virtual machine from an existing virtual hard disk.
  9. Delete the VHDs residing on the classic storage account

NB: MVMC can be used with MAT (Microsoft Automation Toolkit) to make bulk conversion operations. Look the Microsoft Automation Toolkit section on this page (MVMC with MAT)

2.3.2- Pro and Cons

The following table resumes the Pro and Cons related to this migration path:

Pro:

  • Does not require a change to the application configuration
  • Does not require application experts
  • Fast and guaranteed rollback
  • Applicable for standalone workloads

. Optimal for low scale migration

Cons:

  • May take long time (Conversion + Upload = Hours)
  • May require server downtime (hours)
  • Extra steps due to lack of ARM storage accounts support
  • Manual process (though can be automated)

. Not optimal for an Enterprise migration path

2.4- Use Azure Site Recovery

2.4.1- Description

This this the fourth path that can be took to migrate workloads to Azure.

This approach is applicable only for virtual machines residing on supported VMWare hosts (ESX/VSphere/VCenter), and for physical servers.

This method is the most complicated method deploy, but once deployed, it will me a one-click solution to easly migrate workloads to Azure.

NB : Azure Site Recovery does not currently support Azure Resource Manager, hence it will not be possible to use it with Azure IaaS V2. In the meanwhile, the same steps are applicable when it will be supported in few months (Mid Q4 2015)

In this description, i will highlight the necessary steps to use Azure Site Recovery as a migration solution from VMWare to Azure (But the same steps apply to Hyper-V/Physical). For a detailed explanation, you can refer the Microsoft official documentation (Migrate VMWare to Azure using Azure Site Recovery)

2.4.1.1- What is ASR and what are its components

ASR is an Azure Service which can be used to migrate/protect different kind of workloads from a source site to a target site. For a complete list of Sources and Targets, visit this page : Azure Site Recovery Overview

The following pictures shows the components involved on a ASR protection/Migration of workloads to Azure.

(Image Credit : Microsoft)

The following components should be used and installed on-premise and on Azure in order to enable workloads protection (Table copied from Migrate VMWare to Azure using Azure Site Recovery)

2.4.1.2- ASR replication mechanism

This section explains how to migrate a VMware virtual machine to Azure using ASR. I will highlight the high level steps, explaining the End to End process:

A- Create the Azure Site Recovery vault

The first step is to create an Azure Site Recovery vault. A vault is just a container which will be targeted later for your replication mechanism. After creating the vault, a storage account (GRS type) will be created, it will store the replicated data.

B- Set up the configuration server component on Azure

The configuration server is a server residing on your Azure subscription. As explained on ‘2.3.1.1- What is ASR and what are its components’, the configuration server coordinates communication between protected machines, the process server, and master target servers in Azure. It sets up replication and coordinates recovery in Azure when failover occurs. An standard A3 virtual machine is recommended for this component. This server should added to the already created vault

C- Set up the Master Target component on Azure

Now, an Azure VM should be created to hold the master target role. Disks will be attached to this VM, and each disk will receive data from its analogue disk on-premise. So if you are migrating a VM with N disks, the VM should support at least N+1 data disks (Be aware that the maximum supported data disks per VM is limited by its size and series, look to Azure Virtual Machine Sizes). If the Master Target VM reaches the maximum data disks count, you can add a second Master Target VM or upgrade the current size to a size which support the data disks count (N+1)

D- Set up the Process Server component on-premise

A server must be created on-premises and hold the Process server component. It’s recommended to create the server on the same network than the ESX infrastructure. This server with be registered with the Configuration server. It’s recommended to install VMWare VSphere CLI 5.5.0

E- Check the components server updates

It’s highly recommended to install the last windows updates on the component servers

F- Create protection groups

On the Azure portal, create a protection group and configure the default replication settings. We will add later the virtual machines to be migrated to this protection group. One protection group can include multiple virtual machines.

G- Set up the replication for the virtual machines

For each VMware virtual machine to protect, the Mobility Service agent will be installed. Then, the VM will be added to the protection group already created. The Properties for the target virtual machine in Azure can be configured (Name, IP…)

H- Planned Failover

After the initial replication completes, we can make a planned failover. A failover plan should be created which will include the failover properties (one or more VMs, order…)

NB: A planned failover will cause downtime. In fact, the source machine is stopped, the delta between hard disks is synchronized to have an exact clone of the source machine.

I- Validate migration

Once the virtual machine is running on Azure, verify its connectivity with on-premise.

2.4.3- Pro and Cons

The following table resumes the Pro and Cons related to this migration path:

* The protection of a virtual machine is free for the first 31 days (The Initial replication and failover time will always be less than 31 days), so the ASR service is considered free for a migration path. However, the Master Target and the process server will use Azure compute and storage resources, which will be accounted on the bill.

3- Migration paths comparison

In this final section, i will present a summary comparison table comparing the different migration options discussed in this post.

* Only If the source virtual machines are not under the VHD format

** Depends on the data to be uploaded to Azure and on the outbound bandwidth

4- Which migration path to choose

The following table describes my ‘personal’ recomdantions toward which migration path to choose

* Once the initial replication is completed, you can decide whether or not to failover the virtual machine to Azure. The VM will keep replicating with the on-premise server until you decide to make the failover.

Sample Enterprise Plan

Azure Web Job Scheduling

How to schedule an AZURE web job?

At the outset, let us first see what Azure web job is all about its advantages and one of the deployment methodologies. The aim of the web job is to make developing and running the scripts on your website easier. In short, it simplifies the programming task such as image processing, RSS aggregation, file maintenance, queue processing and sending emails.

There are three ways by which one can run the program in Azure web job: on-demand, continuously or on schedule. In this article we will see how to schedule the web jobs and CRON expression to trigger the schedule. When it comes to scheduling right now we have only two options

  1. Continuous – Run always
  2. Triggered— schedule

Right now, TRIGGERED isn’t the straight forward to schedule a WEB JOB. It accepts only CRON expression.

What is CRON expression?

They are used to configure instances of CronTrigger. Cron expressions are strings that are actually made up of seven sub-expressions, which describe individual details of the schedule. These sub-expressions are separated with white-space, and represent:

  1. Seconds
  2. Minutes
  3. Hours
  4. Day-of-month
  5. Month
  6. Day-of-week
  7. Year (Optional filed)

For example, “0 0/5 * * *?” expression means to create a trigger that simply fires every 5 minutes.

The important note while doing web job through scheduling methodology is to configure the website as Always On.

At a very high level let’s see how to create a WEB JOB in AZURE for easy navigation and understanding we have explained the scheduling process step by step with screen shots.

Login to AZURE portal using:

  1. https://portal.azure.com/
  2. Select NEW à WEB+MOBILE à WEB APP (or select APP SERVICE directly from the left hand navigation).
  3. Provide the APP name and select the subscription if you have multiple
  4. Create or use the existing resource group
  5. APP service plan would change based on the subscription.
  6. Once you’re done, the final screen should look something like the below screen shot.
  7. You can access the WEB APP by accessing the URL.
  8. To deploy the WEB APP, select WEB APP as mentioned below:

Click ADD in the next screen;

Provide a Name for the WEB JOB and Upload the file (remember as of now it just accepts the file in ZIP Format).

For more information about the web job scheduling contact our Kryptos team.

 

The world held at ransom are you safe

This past Friday we witnessed a coordinated global cyber attack known as WannaCry. It is one of the biggest cyber attacks that we have ever seen impacting over 150 countries and infecting more than 250,000 machines. WannaCry is a type of malicious software (malware) classified as ransomware.

It encrypts essential files on your Windows device and requires that you pay a ransom to unlock those files. Our prompt team of experts at Kryptostech were quick to the task. Our domain expertise in cloud managed services ensured we were quickly able to diagnose the issue and provide solutions for the same. Although it primarily focuses on organizational or business networks – as was the case with Wanna Cry – you can do your part to stop the spread of this by doing the following:

  • Apply any Microsoft Windows security patches that Microsoft has sent you. If you are using an older version of Microsoft’s operating systems, such as Windows XP or Windows 8, click here to download emergency security patches from Microsoft.
  • Be careful what you click on. Phishing emails distributed this malware. You should only click on emails that you are sure came from a trusted source.
  • Be sure to back up all your computing devices. Regularly backing up your devices helps you recover your information should your computer become infected with ransomware.

You can learn more about WannaCry here.

Hybrid Cloud Future of IT

Hybrid Cloud – future of IT?

Organizations are changing their way of doing business and the market dynamics demands the support system to accustom to its new business models and for its rapid growth. It is when the organizations started giving importance to their IT infrastructure to support their business goals. When traditional IT infrastructure gave way to cloud people captured the advantages of moving to cloud to enhance, to scale up their business and to achieve their goals faster.

Cloud migration era

There is an increasing acceptance and migration to cloud based IT infrastructure by small, medium and larger enterprises because it helps companies to unburden the physical back end architecture and maintenance issues as it will be managed effectively by experts in cloud services. That said, for all its benefits, there is still reluctance prevailing in moving to the cloud due to several reasons like cost control, flexibility, data security etc.

Cloud centric to Hybrid

Organizations who are in the middle way of on premise to cloud migration are looking for new solutions to meet their changing IT needs. The optimal solution would be Hybrid cloud: a combination of public, private and on-premise It infrastructure. Even enterprises are ready to adopt multi clouds option having a hybrid IT system as one of them because it will combine the benefits and help to deliver better outcomes.

“As per Gartner prediction 50 percent of enterprises will have Hybrid clouds by 2017.

The survey by RightScale 2017 State of the Cloud report also backs the former statement by revealing that the percentage of enterprises that have a strategy to use multiple clouds grew to 85 percent with 58 percent planning on the Hybrid “

This proves the acknowledgement of enterprise search for Hybrid cloud adoption to utilize the advantages of both the public & private cloud IT base.

Yes, its true enterprises prefer hybrid infrastructure management,but, why?

There could be many reasons, for each level of enterprises from small to large for seeking cloud migration services, like zero investment in data centres, no maintenance cost, easy to deploy, time factor and more importantly businesses can concentrate on their core and align their IT with their business needs.

Owing to the combination of public, private & on-premise, hybrid ecosystem provides enterprises more control of their data, reduced IT cost, versatility and user friendliness and striking a perfect balance between the cloud and on-premise datacentres thereby increasing the business efficiency.

The changing business needs accelerate the innovation in IT infrastructure. Without doubt Hybrid cloud is one going to be the changing face of the Cloud computing.Top of Form

Bottom of Form

Top of Form

 

 

Reference:

  1. http://www.gartner.com/newsroom/id/2599315
  2. http://www.rightscale.com/blog/cloud-industry-insights/cloud-computing-trends-2017-state-cloud-survey

Cloud Expertise not everyone’s cup of tea

Cloud. The magic word for the last couple of years. It has built, shaped, & transformed companies. But, at the same time it has damaged the firms that just didn’t respond fast enough. While small & mid-size enterprises cope with the changes, master the technologies, & also begin consultation on the best practises; the larger enterprises focus on having the first-mover advantage. They are enabling businesses who are embracing new advancements. There is a plethora of opportunities in the cloud computing space and everybody wants a piece of the pie.

Hence, it was no surprise when Verizon wanted to jump on the cloud bandwagon as well. They began in 2011 with the purchase of CloudSwitch. The growth curve has been upward with the development of Verizon Cloud and acquisition of data centers. But, in 2016 they closed a deal to sell their data centers, and a few days back, IBM has gained ownership of their cloud services unit. The curve simply ceased to exist for the cloud services post that.

While there are many big players in the cloud managed services space, there is no guarantee about their ratio of success. Hence it is crucial to partner with the right firms who specialise in individual services such as infrastructure servicesdatabase services or cloud services. It is also important to understand that older organizations need not necessarily have the best expertise in the market.

We at Kryptos have understood this dearth of knowledge in the status quo; we customize our services based on your requirement, providing better cloud managed services. Our team of experts are young & dynamic, much like the cloud services. We have been involved with numerous successful cloud migrations & management services for over a decade. Be it cloud managed services, cloud migration services or cloud backup solutions we have an extensive portfolio to cater to your needs.

 

For more information, call us at +91 (44) 4391 5153/ 21 or write to us at sales@kryptostech.com

Source: http://www.fiercetelecom.com/telecom/verizon-sells-cloud-services-unit-to-ibm

 

Will you recover from the lack of a recovery site

You have a flourishing business that is growing exponentially. Your technical team is prompt, aware & enterprising. And then, *god forbid* your datacentre gets affected.

It could be an interruption due to a backup failure, a hardware failure or worse a natural disaster.

And your operation comes to a standstill.

What do you do?

If the first thing to have crossed your mind is the Recovery Site, then, you’re right on track.

Recovery Site acts like a secondary data centre which is placed on a Different location: either Physical or in Cloud. It has the capacity to run the entire organization during a disaster attack.

While there has been a lot of buzz around recovery sites, it will surprise you to know that according to the latest Symantec’s SMB Disaster Preparedness Survey, only half of the surveyed business organisations had plans in place for the event of a disaster.

In an extremely competitive world it is essential to have the lowest down time for your customers and guarantee security for your data.

But, of all the recovery sites available which one is the most suited for your business?

Do keep in mind you require an efficient yet economical solution.

Enter Microsoft Azure.

Microsoft Azure is a growing collection of integrated cloud services which developers and IT professionals use to build, deploy, and manage applications through the global network of datacenters. With Azure, you get the freedom to build and deploy wherever you want, using the tools, applications, and frameworks of your choice.

Kryptostech  with its years of experience, especially in Azure Cloud suggests Azure recovery site to be in the cloud environments with minimal maintenance cost.

If you are worried about how complicated the process is, well fear not. You can set up your DR site in 3 easy steps:

  • Calculate the price of the DR in cloud environment: https://azure.microsoft.com/en-in/pricing/calculator/
  • Once you arrive at a solution within the Budget you can move forward to buy a subscription from Microsoft.
  • Once the subscription is purchased the implementation of the recovery site will commence.

And this is where we at Kryptostech will pitch in. Our decade of experience in managed service and handling recovery sites for clients results in professionally implementing DR sites in any scenario.  We truly are value-for-money and our client list will testify to that. Check out Kryptostech for more on this.