Migrate Ubiquiti Unifi Security Gateway (USG) to Unifi Dream Machine Pro (UDM Pro)

Some of my customers using Ubiquiti components in there networks, because of the great price and performance ratio and the easy administration. On of my customers the Unifi Security Gateway had a defect shortly before christmas. We decided to renew the both components (Unifi Security Gateway and Unifi Cloud Key Gen 2 Plus) with the Unifi Dream Machine Pro. On my research for the best upgrade process I do not found a good article how is the best way to migrate the Ubiquiti environment from the USG to a UDM Pro. In this article I will explain this in a short way, because with the actual release of the UniFi OS, the upgrade process is smooth and simple.

Preperation

The preparation is not necessary, but I will recommend to do this for easy device management, when something go wrong.

  • upgrade all devices to the latest available firmware
  • Note all ssh logins for your existing Unifi devices
  • take a backup on a secure place (e.g. OneDrive)

Preparing the Unifi Cloud Key

Go to your Unifi Network Portal (Client or Unifi Cloud Key based) and upgrade the USG and all devices to the latest available firmware.

After the update process is successfully completed download a backup from your Cloud Key. Did you use a Cloud Key Gen 2 with Camera Protection also update it to the latest available version and download the configuration file for the protect software.

Install the UDM Pro

Firstly install the UDM Pro into your existing network. Use the UDM Pro WAN Port and connect it with the existing network and connect a notebook with the UDM over one of the existing switch ports. This helps to bring the UDM Pro online and does not affect the existing network, when you use the WAN Port. Open a browser from your notebook and go to 192.168.1.1. The UDM Pro setup website will be open and you can go trough the easy steps to setup and connect the UDM Pro with an existing Ubquiti account.

After you finished the setup process update the hole software

  • Unifi OS of UDM Pro
  • Network Application
  • Protect Application

to the latest available update (in my case 6.5.55)

Preparing the Unifi Cloud Key

On the Unifi Cloud Key Gen 2 it also necessary to update to the latest available update (in my case 6.5.55). After the firmware are up to date, take a backup from the Network and Protect application.

Replace the USG with the UDM

Disconnect the WAN Port and access the UDM Pro admin site 192.168.1.1 and configure the UDM Pro with the same IP as of the USG. Save the configuration and shutdown the UDM Pro in the admin portal.

Disconnect the USG and the Cloud Key (when exist) from the network and replace it with the UDM Pro and start the UDM Pro.

The UDM Pro will be available shortly under the same IP as the USG and you can enter the UDM Pro admin site. Login and go firstly to the Network application and import the backup file. After the import is successfully completed the UDM Pro will reboot. After the reboot the migration of the network part is complete and all devices are up and connected to the new UDM Pro.

Do the same for the Protect application, when you had available Unifi camera devices. After the import of the backup file is completed, the cameras are now report directly to the UDM Pro.

Reinstall Azure Backup Windows Workload to fix UserErrorSQL NoSysadminMembership for SQL Server in Azure VM

In the last couple of days I try to optimize some Azure environments from security and cost perspective. One customer has a SQL Server Express installed inside an Azure VM. The backup was configured for the hole VM, but there is no need to backup the Datadisk which contains the SQL databases. In this article I will explain how you can reinstall the Azure Backup Windows Workload extension to fix the issue when the service account will not listed on the Azure SQL Server VM. This fix the issue only did you not find the service account in the SQL Server management studio. To add the account in the right way, please refer to the article from Wim Matthysen.

Continue reading Reinstall Azure Backup Windows Workload to fix UserErrorSQL NoSysadminMembership for SQL Server in Azure VM

Recap of 2021 and Looking forward to 2022

2021 is over and it was a challenging and interesting year from many perspectives. I think the most important thing in these times is health and consideration for the community. Looking back to 2021, I was a speaker at many virtual events and that was quite interesting because of the different organization and audience. What I miss most is feedback and discussing different solutions with the event attendees. This was a little bit sad, because the virtual events feel more like a YouTube streaming and less a in-person event. So when I look in direction of spring, I hope we can get back more to in-person event.

Looking forward to 2022

I’am really looking forwad to 2022. We planning some great Azure Bonn Meetups and will start in January with Esther Barthel and Transitioning Ops to the Cloud and in February we will welcome David O Brien.

The 3rd Cloud Identity Summit is also on our List and we hope we can start this event first time as a Hybrid conference – so stay tuned and follow our Twitter account for latest updates.

Finally, I have a few tasks on my list. I will update my sessions to focus more on governance, security and cloud reviews because I see many growing cloud environments with little review iterations, yet there are some services that can help clean up your cloud environments and get them in good shape.

I will also expand my activities on Youtube, where I will conduct more frequent AMA sessions on various Azure topics. You can find there a AMA Session about Azure VM Best Practice for the Festive Techcalendar where I discuss different best pratice with Eric Berg, Marcel Meurer and the audience for the Festive Tech Calendar.

I am also looking forward to a adesso meeting in Frankfurt where we will share the important Azure topics for 2022. When you interested in meet me live and discuss the interesting topics for 2022 please join our (german) event “Wolkenreicher Start in den Frühling” on 09/03/2022.

And you will recognize me better now that I have a small logo for my activities 🙂

I would like to take this opportunity to thank some great community heroes for the past year and your support: Melanie Eible, Thomas Naunheim, René de la Motte, Eric Berg and Marcel Meurer

Finally I noted the upcoming #community events, that I aware of it on my event page. Upcoming Conferences and Open CFPs | Gregor Reimling

Recap of 2021

Continue reading Recap of 2021 and Looking forward to 2022

Starting my new journey at adesso SE

Welcome adesso SE

On November 01 I will start my new role as Managing Consultant at adesso SE in the LOB Microsoft. I am very exited about this opportunity and hope that with my broad Azure background I can develop new solutions and contribute to strengthening the cloud capabilities. adesso has grown a lot in the last few years and I am excited to see what new challenges will come my way.

Continue reading Starting my new journey at adesso SE

Microsoft release Azure AD Connect V2 with tons of new features and remove support for WS 2012 R2 or Older

Update 18/08/2021

Added some details about v. 1.6.11.3 which fixes a security issue.

Microsoft released a major update of Azure AD Connect. This major release brings a lots of new features and requirements for the local infrastructure. In this article I will cover the latest information and how you can upgrade to the new release.

The new version 2 of Azure AD Connect was released on 20/07/2021 and bring the product to the version 2.0.3.0 the lastet release of version 1 was 1.6.4.0 1.6.11.3. Microsoft found a security issue in 1.6.4.0 and 2.0.3.0 and updated the Azure AD Connect v2 to 2.0.8.0.

Microsoft released also an update for AAD Connect v1 and brings it to 1.6.11.3. This is for customers who running an older version of Windows Server who can not upgrade to WS 2016 and fixes an security issue in 1.6.4.0.

Continue reading Microsoft release Azure AD Connect V2 with tons of new features and remove support for WS 2012 R2 or Older

MY UPCOMING COMMUNITY ENGAGEMENTS IN 2ND HALF OF 2021

Summer is here and I hope many enjoy the time on vacation. In this article I would like to give a little preview on which community events you can find me in the 2nd half of 2021.

GeekSprech Podcast

I had the pleasure of visiting Eric Berg and Weimar on the 3rd weekend in July. We had a great time and talked a lot about the community, new projects and more. On Sunday, Eric and I had the idea to record a new GeekSpeak episode with the news about the Microsoft Inspire 2021. We had a lot of fun recording it and hope you do too. The podcast is in German.

German AVD UserGroup – Azure Files

Patrick Köhler and Marcel Meurer are the founder of the German Azure Virtual Desktop User Group. The host a monthly meetup with different topics around AVD. Both invited me to speak about Azure Files and is this the perfect profile store solution. I am really looking forward to the event and hope that I can give you a good overview about the different file store solutions in Azure.

Cloud Identity Summit 2021

In 2020 based on the initial idea of my best buddy Thomas Naunheim we started as Azure Bonn Team the Cloud Identity Summit 2020. The speaker lineup was awesome and the feedback was so great that we decided to repeat this in 2021. This year the Cloud Identity Summit will another virtual conference and take place at 30/09/2021. We hope you attend our 2nd edition. The agenda and the speaker will announce in August 2021.

CloudInspires Podcast

Thomas and I founded in June our own CloudInspires.me Podcast. Do not miss the latest two episodes (in German). We have so many great speaker on our timeline – stay tuned 🙂

AVD TechFest Fall 2021

I am very happy to speak for a 2nd time at the well organized AVD Techfest. This a free online conference with all topics related to Azure Virtual Desktop. There are so many sessions on the agenda, it’s worth taking a look if you work in the AVD space. I’ll be giving a session on Azure Files as an AVD profile storage solution, and diving into the different ways you can use the Azure Files solution for AVD. This means that I will introduce Azure Files and Azure NetApp Files and show in which scenarios some of these options are the better solution.

IT Tage Konferenz

One of the last conferences this year is the German IT Tage Konferenz in December. This is a really big conference running about 4 days with a wide range of topics. I had a pleasure to hold a session about Azure VM Best Practices.

I will add additional events, when I know about.

Azure Bastion supports SCALABILITY for SSH/RDP Connections with the new Standard SKU

Update 1 on 01/12/2021 :

Microsoft has changed the #AzureBastion minimum subnet size from /27 to /26. Installed #Azure Bastion are unaffected, but new deployments require the new subnet size. Please remember this. https://docs.microsoft.com/en-us/azure/bastion/bastion-faq#subnet

Azure Bastion is a fully managed PaaS service to secure access Azure VMs via SSH/RDP without the need for Internet connectivity on the selected VMs. Azure Bastion was released as part of the Microsoft Ignite 2019. As part of the ongoing Microsoft Inspire 2021, Microsoft has launched a new SKU for Azure Bastion called Standard.

Difference between Basic and Standard SKU

When you create an Azure Bastion instance Microsoft creates in the backend an optimized Azure VM that runs all the processes they are needed for Azure Bastion. This Azure VM is called a Instance and had some limitations. In general when you deploy the Azure Bastion Basic SKU Microsoft deploys two instances which supports 20-24 concurrent sessions which means each instance support 10-12 sessions.

The Standard SKU allows you to specify the number of instances called as host scalling.

Please note that when using an Azure Bastion Standard SKU, the AzureBastionSubnet size should be increased to a subnet size of approximately /26 or larger.

Azure BastionBasicStandard
Instances2 Defaultup to 50
Max. supported concurrent sessions20-24up to 500
Supported configurationAzure Portal, Powershell, CLIOnly Azure Portal

Deploy an Azure Bastion Standard SKU

Only the Azure Portal allows to deploy an Azure Bastion Standard SKU with the host scalling feature, because the feature is in public preview.

Continue reading Azure Bastion supports SCALABILITY for SSH/RDP Connections with the new Standard SKU

Microsoft MVP for Azure 2021-2022

The first of July starts with the new fiscal year for Microsoft and with some important informations for many people around the globe. This date marks the Renewal date for awarded Microsoft MVPs.

I am very honored and grateful to be recognized as an MVP in the Microsoft Azure category for the third year in a row. This makes me happy about many different reasons:

Continue reading Microsoft MVP for Azure 2021-2022

Connect physical/virtual servers to Azure Arc for centralized Azure management

The Cloud usage grows in the last years rapidly, but in many customer environments we had servers and applications they can´t migrate to the cloud about different reasons. There are many reasons why applications can not migrated to the cloud e.g. data regulations, connections and latency challenges and more. On the other hand customers whish to use different cloud providers. In summary the hybrid cloud is one of the most use cases in many customer environments. Microsoft released Azure Arc as a solution for hybrid cloud environments. Azure Arc was announced as public preview at Ignite 2019 and going GA on Ignite 2020.

In this article I will cover how connect Windows VMs to Azure Arc.

Azure Arc in General

Azure Arc capabilities – Image from Microsoft Docs

Azure Arc is a solution to extend the Azure management capabilitites to services outside of Azure. This gives the possibilites to manage different services, in different environments from one central place with same capabilities across different services layers.

Microsoft release the first version for Server management and has since expanded the range of functions over Dataservices, Kubernetes and new since some days Azure applications.

Continue reading Connect physical/virtual servers to Azure Arc for centralized Azure management