In this Ask the Admin, I’ll show you how to get advice on tuning and securing Active Directory, SQL, or SharePoint running on Azure virtual machines.
Managing your own infrastructure in the cloud presents challenges that not all system administrators are ready to face. But last year, Microsoft released an optimization tool that provides advice on how to back up, secure, and optimize performance for servers running in the cloud.
While such tools cannot replace experienced consultants, the Virtual Machine Optimization Assessment Tool gives a surprisingly in-depth assessment of how to configure systems to avoid common issues and should give cloud newcomers a sense of assurance that they’re following best practices.
The report generated by the tool contains useful advice on how to secure and protect Active Directory, SQL or SharePoint. The recommendations are based on real-world experience gained by Microsoft engineers when dealing with customer issues, and the report is divided into six key focus areas:
- Security and compliance
- Availability and business continuity
- Performance and scalability
- Upgrade, migration and deployment
- Operations and monitoring
- Change and configuration management
Install the Virtual Machine Optimization Assessment Tool
In this article, I’m going to focus on using the optimization tool to get advice on Active Directory. Note that when using the tool to collect and analyze information about Active Directory, it needs to be run with a user account that has read access to the target domain.
The Virtual Machine Optimization Assessment Tool can be downloaded from the Microsoft Azure website and can be installed on Windows 7 and later, and Windows Server 2008 R2 and later server operating systems. The only other requirement is the .NET Framework 4.0. Once you’ve met the prerequisites, run the installer on the domain controller (DC) you want to assess, and make sure that Launch Microsoft Azure Virtual Machine Optimization Assessment is checked, and click Close to start the tool.
Assessing a Virtual Machine Environment
The tool should have started when the installed completed, but if not, you can start it by running ExpressClient.exe in C:\Program Files (x86)\Microsoft Azure Virtual Machine Optimization Assessment.
- On the Start screen, select Active Directory from the drop-down menu. Optionally, you can check I agree to upload my data to help improve this product.
- Click Start Assessment.
- On the Requirements screen, you’ll be reminded that you need network and domain access to the target environment. Click Next to continue.
- The next part of the assessment involves answering a set of questions about your environment. Click Next to start the questionnaire and follow through the questions about security and disaster recovery (DR).
Once you’ve provided answers to all the questions, you’ll be taken to the Collect & Analyze tab where you’ll have to wait while the tool gathers data about Active Directory, and compiles the information, along with your answers to the previous questions, into a customized report.
- On the Finished tab, click Save and view report, and choose a convenient location to save the Word document in the Save Report As… dialog.
- Open the document from the saved location to view the report.
Each recommendation is given a percentage weighting. For example, if a DR issue is weighted at 10%, addressing the problem will improve your ability to recovery from a disaster by 10%.