Blog Archive

Save the Photographs!

My wife takes digital photos and downloads them onto her laptop.  Then she deletes them from the camera.  If you have ever taken a hard-drive apart, on those rainy days to avoid doing dull IT tasks, you’ll know how fragile they are.  Lots of memories on those small platters of film.  No matter how many external hard drives I buy, or funny-shaped USB sticks to persuade her to back up her files, she never does.  So it’s with great anticipation that Microsoft Azure Backup Vaults now support Windows client OS (Windows 7 and Windows 8) as well as Windows Server.

Windows Client backup to Azure

 

If you’re a techie, you might be thinking why didn’t I set up a home active directory domain on an HP Microserver, back-up the client devices that log-on, including my wife’s laptop, and then back the server and thus the client files up to Azure?  Well, I did but the big blue light on the front on the Microserver started to annoy me at night because it was really bright so I keep turning it off and that’s not really a good infrastructure decision.

Let’s walk through how to set your home pc to back-up to the Azure cloudy goodness.  A couple of basics first; you will need an Azure subscription and this back-up solution will cost you money.  However, backups are compressed, encrypted, triple-replicated inside Microsoft’s datacenters and once you’ve set up your back-up schedule, it’s automatic.  And think of your photographic memories safe and sound (although of course you should periodically test your recovery processes as well).

Log onto www.azure.com and go to the Azure portal.  Select Recovery Services and create a new Backup Vault.  Once you have your vault, the dashboard will show you the next steps to take.

Azure backup vault dashboard

 

The client machine needs to register with the Azure Backup Vault.  A few months ago this required creating a certificate but now Azure simply provides a credentials file to download and save onto your local machine.  Next, download the Microsoft Azure Recovery Services (MARS) agent onto the local pc and run it.  The Azure portal provides two options for the backup agent; pick the first option (Windows Server or System Center Data Protection Manager or Windows Client).  The setup wizard is going to ask about proxy settings and will also download the pre-requisites but typically on a home network, you’ll be able to breeze through accepting the defaults.

Azure backup agent installation

 

Azure backup agent installation

 

Azure backup agent installation

 

The final step allows you to Proceed to Registration (or you can Close the setup but if you’re ready to schedule the backup, you may as well proceed to register your pc with the backup vault).  The backup agent will ask for the vault credentials file that you downloaded and then you’ll need to specify a passphrase.  This will be used for encrypting the data before transfer to Azure.  Note the data is encrypted on the client device and stored in Azure encrypted.  Microsoft do not hold the passphrase so it’s vital this is kept safe and secure otherwise you’ll only be able to restore encrypted data.  In fact, the agent will not let you proceed to the next step until the passphrase is saved to another location.

Azure backup agent

Once you’ve registered the server (the agent still refers to your client pc as a server; can’t change everything overnight), the Azure Backup app will be started and you can set your backup schedule.

Azure backup app

The wizard is pretty straight-forward to navigate; you select the items from you local pc to backup (note that Azure will only backup the data that changes after the initial backup).

Azure backup app

The next step is to set up the frequency of the backup, i.e. when it will run, and how long Azure will retain the backups for.  A recent change was the increase of the maximum retention period to 3,360 days; essentially about 9 years so this is an archiving solution as well as a disaster recovery.  However, remember your costs.  Even though Azure backup will compress the data before storage, the more backups you keep, the more storage you’ll use and the higher the monthly cost.  There’s also a limit of 120 recovery points so you may need to balance the frequency with the retention range or you’ll get an error message when you hit the Next button.  For example, the screenshot below is trying to backup once a week and keep these recovery points for 9 years which would easily exceed 120 points.  However, if I set the frequency to monthly (4 weekly to be exact), I’d be fine.

Azure backup app

There’s also a size limit of 1700GB per volume to each backup operation (so if you’re backing up files from multiple drives, you have around 1.7TB from each).  You can stop the backup or change the items to backup and then schedule by clicking Schedule Backup in the main Azure Backup application window.

Recovering items is also straightforward; you can specify the recovery point (date) to restore from and which items you want to restore.  You can also restore these items to the original location or a new location.

Back in the Azure portal, you can see the registered server (or in this case client pc) and also view the protected items and the recovery points.  You can register up to 50 machines against each backup vault and as of December 2014, you can have up to 25 backup vaults per Azure subscription.

Azure backup protected items

And just as a final part to this blog, we have to thanks one of our trainers, Thomas Lee who scored this coup by asking nicely for it!


Windows Per-User Licensing

We recently wrote a blog for Microsoft explaining the new Enterprise Cloud Suite (ECS).  ECS includes a licence called Windows SA per-user.  You can read the post on the Microsoft UK Volume Licensing site.  In this post, I want to delve a little deeper into how Windows licensing can work on a per-user basis.

Windows and Office have historically been licenced per-device; the machine you use these on had to have a licence.  Software Assurance provided a little bit of flexibility by allowing roaming rights in which the primary user of a licenced device could access the software from outside of the work domain (e.g. at home).  However, mobility is the new norm.  People work on lots of devices and in lots of locations and licensing software per-device is very limiting in these instances.  Office 365 has seen enormous success with per-user licensing (overtaking the number of seats of traditional Office 2013) and Windows 8.1 can now also offer a similar flexibility.

Let’s cover some facts first:

  1. Per-device licensing is not going away and there are myriad cases where it’s preferable; for example libraries, hospitals, warehouses, etc. where many people use the same device.
  2. Office 365 allows 5 local installations of the full Office applications for the licensed user.  Windows per-user allows the user to install Windows 8.1 on an unlimited number of devices for their own use, subject to some pre-requisites which I’ll detail in this blog post.
  3. Windows per-user is not a cloud based service like Office 365.  It can therefore enjoy downgrade rights so the user could install Windows 7 in place of Windows 8.1 for example.
  4. Windows per-user is a subscription licence.  If the subscription is not continued, the licence expires and Windows must be uninstalled.  Whether there’s a mechanism to check for the subscription and remove functionality as there is with Office 365, I don’t know at the moment.
  5. Windows per-user is only available through Enterprise Agreements at the moment so it’s not a case of popping to PC World and buying Windows 8.1 per-user I’m afraid.

I’ll start by looking at some current scenarios.  That will highlight some limitations which ECS can address.

Windows 8.1 is licenced per-device.

Anyone at all can use Windows on the device, anywhere at all (e.g. at work or at home).  It helps to have the device-owner’s permission but that’s just politeness and not a licensing requirement.

Windows 8.1 licenced per device

Running Windows 8.1 virtually.

Many organisations utilise virtual desktop infrastructure (VDI) whereby the client OS is not locally installed on the licenced device but stored on a network server and then remotely accessed by the user.  If the Windows 8.1 licence for the device includes Software Assurance (SA), these virtual rights, known as Virtual Desktop Access (VDA) come as a benefit of the SA.  In this way, a user can access a virtual Windows desktop through VDI from a licenced Windows device.  This is fairly simple if the device is corporate-owned, for example, a laptop provided by the company for the user.  If the user wants to use their own (or a 3rd party) device to access their virtual Windows desktop, SA provides roaming rights to the primary user so they can access their desktop from outside work but 3rd party devices cannot be used to access virtual Windows desktops from within the corporate network, i.e. at work.  The primary user is defined as being the person who uses a pc for more than half the time in any 90-day period.  Let’s mention a few scenarios: the user can use their main work desktop pc whilst in the office; they can also access a virtual Windows desktop from their personal pc at home using VDI; they could also use a corporate laptop to access a virtual Windows desktop both at work and outside work (as long as the laptop is also licenced for Windows); they could not however bring their personal devices into work and access a virtual Windows desktop.  I can sense you’re frowning so time for an illustration.

Windows 8.1 VDI licensing scenarios

In summary:

  1. Anyone can use Windows 8.1 locally on a licenced device, anywhere, no matter who owns the device.
  2. To use Windows virtually, the user must be a primary user of a device licenced with Windows 8.1 + SA and furthermore if the device on which the virtual desktop is being accessed is not owned by the company with the Windows 8.1 SA licence, it must be used outside the workplace.

Windows 8.1 licenced per-user still requires a licenced device.

Windows per-user isn’t exactly a case of licensing a user.  The user must already be the primary user of a device already licenced with Windows 7 Professional or Windows 8 Pro.  Then that user is eligible to be licenced for Windows 8.1 per-user.  What if the user doesn’t have a primary device that is already licenced with Windows Pro?  There is an alternative called Windows VDA per-user which negates the requirement for a licenced device but as you can imagine is priced higher because Microsoft can’t count on the underlying Windows licence.  So we end up with two choices: Windows SA per-user or Windows VDA per-user.

Ways to obtain Windows per-user

Whichever way you choose, the licensing benefits are the same.  Firstly, it gets around the ‘cannot bring a 3rd party device into work and access Windows’ restriction.  Secondly it allows the licenced user to install Windows 8.1 onto any number of devices.  Yes, that’s pretty generous isn’t it?  I mentioned in the facts at the start of this post there are some pre-requisites and the condition for installing Windows is that on devices with a screen size of 10.1″ and above, there must already be a Windows 7 Professional or Windows 8.1 Pro licence.  Even if the device already has a Windows 8.1 Pro licence, Windows per-user allows you to install Windows 8.1 Enterprise and you can access virtual Windows desktops from inside and outside work.  Time for a final illustration.

Running Windows when licenced per-user

That’s a lot of green and green is good unless we’re drinking milk.  The only red is that you cannot install Windows 8.1 on an iPhone, iPad or Android device but you can run it virtually.

In summary, there are still a few things to bear in mind, for example underlying Windows device licences don’t quite go away in most cases, but licensing Windows for a user gives enormous flexibility in allowing people to work wherever they are, whatever the device is and whoever it’s owned by.