An essential part of our Ransomware defense strategy is having an update to date Disaster Recovery Solution. In a Ransomware attack, the only option might be recovering to a DR Site like Azure.

1. Logon to TMWAC01 (Windows Admin Center server) as Administrator.

2.Open Edge and browse to https://localhost

3.Click Advanced and accept the Security Warnings to continue.

4. Logon with Domain Admin Credentials.

5. Click on 192.168.11.254 (TMWAC01), Click on Azure Hybrid Center, Click on Set up Azure Arc.

6.On Setup Azure Arc, choose your Azure Subscription

7.On Resource Group, select use existing, and select TMAdvancedCyberSecurity

8.Click Set up.

9.The installation of Azure Arc fails.

10.Why does it fail?

It fails because the LAB Host VM is an Azure Virtual Machine, and the Azure Arc Agent checks to see if a system has pre-installed Azure VM Guest Agent Extensions.

If you try to install the agent manually, you will see an error message like this.

For this lab, we do not need to have Azure Arc installed on the Hyper-V host system.

12.In Azure Hybrid Center, click on Setup Azure Site Recovery Set Up

13.We will use Azure Site Recovery later when we attack domain controller Virtual Machines and other workloads.

14.On Setting up host with Azure Site Recovery Choose your Azure Subscription

15.On Resource Group select Use Existing and select TMAdvancedCyberSecurity

16.On Recovery Service Vault select use existing and choose WACVault1

17.Click Set Up.

18. Verify that the setup of Azure Site Recovery completes.

19. On the inventory tab, you can see the Status for Disaster Recovery Change once ready.

20. Configure Azure Site Recovery protection for TMTMDC03. Select TMTMDC03, click Manage and select Replicate using Azure Site Recovery.

21. On the Protect TMTMDC03 with Azure Site Recovery screen select create new on Storage Account and type tmadvancedcybersg and click Protect VM.

22. Configure Azure Site Recovery protection for TMTMDC03. Select TMTMDC03, click Manage and select Replicate using Azure Site Recovery.

23. On the Protect TMDC03 with Azure Site Recovery pop up select use existing on Storage Account. Select tmadvancedcybersg and click Protect VM.

24. Verify that the VM Protection has started.

25.You can also view the progress on the Hyper-V Host in the Lab by opening Hyper-V Manager.

26.You can check the status of the VM’s and see that Sending Initial Replica has commenced.

27. You can also right click on the VM and select view Replication Health we can see that the target Replica Server is Microsoft Azure.

28. You can also see the status of the replicated items in the Recovery Service Vault WACVault1 | Replicated Items.

Hope you enjoy this post.

Dave Kawula