- Azure VM Restore Scenarios
- Download the MARS Agent
- Microsoft SC-400 Certification
- Technical requirements- Microsoft SC
Configure Target Settings and Properties- Understanding Disaster Recovery
Next, you will need to configure the target settings and properties. To do so, perform the following:
- Select the Parameters tab in the Assign Policy workflow. Clear the Only Show Parameters That Need Input Or Review check box. The parameters you need to configure are shown in Figure 17.53.
FIGURE 17.53 Assign Policy – Parameters
2. Select the appropriate values for the parameters:
Source Region— Enter the source region of the VMs for which the policy will apply.
Target Region— Enter the location where your source VM data will be replicated. Site Recovery provides the list of target regions that you can replicate to.
Target Resource Group— Enter the resource group where all your replicated VMs belong. By default, Site Recovery creates a new resource group in the target region. Vault Resource Group— Enter the resource group in which the Recovery Services vault exists.
Recovery Services Vault— This is the vault where all the VMs of the scope will be protected. The policy can create a new vault on your behalf, if required.
Recovery Virtual Network (optional)—C hoose an existing virtual network in the target region to be used for the recovery virtual machine. The policy can create a new virtual network for you, if required.
Target Availability Zone (optional)—E nter the availability zone of the target region where the virtual machine will fail over.
Cache Storage Account (optional)— Azure Site Recovery uses a storage account for caching replicated data in the source region. Select an account.
Tag Name (optional)— You can apply tags to your replicated VMs to help organize them.
Tag Values (optional)— Use this field to enter a tag value.
Tag Type (optional)—U se tags to include VMs as part of the policy assignment. You can choose:
Tag type = Inclusion— Ensures that only the VMs that have the tag are included in the policy assignment.
Tag type = Exclusion— Ensures that the VMs that have the tag are excluded from the policy assignment.
Effect—E nable or disable the execution of the policy. Select DeployIfNotExists to enable the policy as soon as it’s created.
3. Click Next to decide on remediation tasks.
Configure Remediation
Next comes remediation. Replication on preexisting VMs is not automatically enabled, so you will need to create a remediation task. To create a remediation task and set other properties, perform the following:
- On the Remediation tab in the Assign Policy workflow, select the Create A Remediation Task check box. Azure Policy will create a managed identity, which will have owner permissions to enable Azure Site Recovery for the resources in the scope.
- You can configure a custom noncompliance message for the policy on the Non- compliance Messages tab.
- Click Next on the Review + Create tab at the top of the page to move to the next segment of the assignment wizard.
- Review the selected options, and then click Create at the bottom of the page.
Summary
After the policy is assigned, you will have to wait for up to 1 hour for replication to be enabled. After an hour you can go to the Recovery Services Vault and check for the replication job.
Summary
Azure has a wide variety of security tools and features that allow you to customize security in order to meet your company’s security needs and make it possible to create secure solutions by using the Azure subscription platform.
Microsoft Sentinel provides security analytics and threat intelligence as well as providing attack detection, threat visibility, proactive hunting, and threat response. Microsoft Sentinel collects data for users, devices, applications, and infrastructure, both on- premises and in multiple clouds.
Microsoft Defender for Cloud helps you find and fix security vulnerabilities, block malicious activity by applying access and application controls, detect threats by using analytics, and if you are under attack, helps you to respond. With Microsoft Defender for Cloud’s enhanced security features enabled, you can have Advanced Detection, which triggers security alerts.
Microsoft Defender for Cloud has a workflow automation feature that can trigger Logic Apps on items such as security alerts, recommendations, and changes to regulatory compliance.
Organizations can protect against data loss by using the practice of backup and recovery. A backup creates a copy of data that can be recovered in the event of a failure. Recovery involves restoring lost or damaged data to the original location from a backup.
Azure Backup can be used to back up and restore your data in the Microsoft cloud. You can manage and monitor Azure Backup by using the Backup Center.
To back up and recover files, folders, volumes, or system state data from an on- premises computer to Azure, Azure Backup uses the Microsoft Azure Recovery Services (MARS) agent.
A Recovery Services Vault is an Azure storage entity that holds data. It stores recovery points that have been created over a period of time.
Microsoft Azure Backup Server (MABS) is a server product that you can use to protect application workloads using a single console. A backup policy will specify when to take snapshots of the data to create recovery points. It also specifies how long to keep recovery points.
A recovery plan gathers machines into recovery groups and helps define the recovery process. The recovery plan determines how the machines fail over and the order in which they start after failover. Recovery plans can be used for both failover to and failback.
Azure Policies help enforce rules on your Azure resources and check the compliance of those resources.
Exam Essentials
Understand Azure Security. Know the six functional levels of Azure security: Applications, Computer, Identity and Access, Networking, Operations, and Storage. Know some of the tools and features of each. Know how to identify and remediate security issues by using Azure services.
Know how to monitor on- premises servers and Azure IaaS VMs by using Microsoft Sentinel. Understand how to use Microsoft Sentinel. Know how to onboard and how to enable Microsoft Sentinel and set up data connectors.
Know how to identify and remediate security issues on-p remises servers and Azure
IaaS VMs by using Microsoft Defender for Cloud. Understand how to use Microsoft Defender for Cloud. Know how to enable Microsoft Defender for Cloud and how to manage and respond to security alerts. Understand Azure Logic Apps and how to create them. Know about vulnerability assessment solutions and how to deploy an integrated scanner to your Azure and hybrid machines.
Understand how to manage backup and recovery for Windows Server. Know how to install and manage Azure Backup. Understand how to work with the Microsoft Azure Recovery Services (MARS) agent, including how to download, install, and register. Know how to back up using the Azure Recovery Services Vault and how to create a recovery services vault. Understand how to monitor and manage Recovery Services Vaults. Know how to manage backup alerts.
Know how to use the Azure Backup Center. Know how to move around the Azure Backup Center. Understand how to configure and manage backups in a Recovery Services Vault using the Backup Center. Know how to configure a backup vault. Know how to perform different restore and backup options using the Recovery Services Vault.
Know how to back up and recover using Azure Backup Server. Understand how to install and manage Azure Backup Server. Know how to extract and install the Azure Backup Server. Know how to configure backup for Azure virtual machines using the built- in backup agents. Understand how to use Instant Restore.
Understand how to create a backup policy. Know how to create a backup policy and restore a VM. Understand the different Azure VM Restore scenarios and how to select a restore point.
Understand how to recover a VM using temporary snapshots and recover VMs to new Azure VMs. Know how to restore a VM. Understand how to choose a VM restore configuration. Understand how to recover a VM using snapshots.
Understand how to implement disaster recovery by using Azure Site Recovery. Know Site Recovery features. Know how to configure Azure Site Recovery networking. Understand how to modify the network interface settings.
Exam Essentials
Know how to configure site recovery for on-p remises VMs, configure a recovery plan, and configure Site Recovery for Azure VMs. Understand how to create a Recovery Services Vault to be used for Site Recovery. Know how to configure a recovery plan. Know how to configure site recovery for Azure VMs. Understand how to implement VM Replication to a secondary datacenter or Azure Region. Know how to enable replication for an Azure VM.Know how to configure Azure Site recovery policies. Understand what an Azure Policy is. Understand how to create a policy assignment. Know how to configure target settings and properties. Understand remediation.