Backing up Servers to Windows Azure Backup via Recovery Services

  • Article

Looking for a quick method to back up your Windows servers however you don’t want to consume any more onsite storage? Windows Azure Backup Vault is the answer.

Windows Azure Backup Agent is an add-on for Windows Server 2012 and Windows Server 2008 R2 Service Pack 1 that you can download and install to schedule file and folder backups from your server to Windows Azure Backup. Windows Azure Backup is a part of Windows Azure Recovery Services that is managed by Microsoft. To transfer data between servers running Windows Server 2012 and Windows Azure Backup you can use the Windows Azure Backup Agent or the Windows Azure Backup cmdlets for Windows PowerShell.

***New Features Announced March 31, 2015 https://azure.microsoft.com/blog/2015/02/16/new-features-in-azure-backup-long-term-retention-offline-backup-seeding-and-more/

Compatibility:

· Windows Server 2008 SP2: https://azure.microsoft.com/blog/2014/10/06/announcing-support-for-backup-of-windows-server-2008-with-azure-backup/

· Windows Server 2012

Let’s get started…

CREATING A WINDOWS AZURE BACKUP VAULT

1. Navigate to https://manage.windowsazure.com/ and either log into your account or sign up for a trial account.

2. Once you’re logged into Windows Azure you’ll see a variety of options on the left hand navigation. Go ahead and Select +NEW at the bottom left hand corner:

clip_image001

3. Select DATA SERVICES -> RECOVERY SERVICES -> BACKUP VAULT and finally QUICK CREATE:

clip_image003

4. Add a NAME, select a REGION, and select the CREATE VAULT check mark at the bottom of the screen:

clip_image005

That’s it, your Windows Azure Backup Vault is now created!

CONNECTING A SERVER TO YOUR WINDOWS AZURE BACKUP VAULT

First we’ll need to create a certificate to establish secure communications between the server and Windows Azure…

CERTIFICATION CREATION PROCESS

For the certificate creation process I like to use the Visual Studio command prompt.

Open a Visual Studio 2012 command prompt

clip_image007

Note: if you don’t have Visual Studio you can download the makecert.exe from here: https://msdn.microsoft.com/en-us/library/windows/desktop/aa386968%28v=vs.85%29.aspx

Run the following command:

makecert.exe -r -pe -n CN=CertificateName -ss my -sr localmachine -eku 1.3.6.1.5.5.7.3.2 -len 2048 -e 01/01/2016 YourCertificateName.cer

clip_image009

Source: https://msdn.microsoft.com/en-us/library/dn169036.aspx

Once the certificate is created you’ll need to export the private key to be used later on a server being backed up.

CERTIFICATE EXPORT

On the machine where the certificate was created, open an MMC (command prompt -> MMC, enter)

Chose File and Add/Remove Snap-in…

clip_image011

Select “Certificates” from the menu of items, “then ADD >” and finally “Computer account”:

clip_image013

Select to manage for the local machine and complete wizard.

Drill down to the Personal folder then to Certificates. Look for the “CertificateName” of your certificate you created (in my example it is literally CertificateName):

clip_image015

Right click on the certificate go to “All Tasks” and “Export”:

clip_image017

Select “Next” on the welcome screen.

Select “Yes, export the private key” and then “Next”.

clip_image019

Leave the defaults on the Export File Format screen:

clip_image021

On the Security screen check Password and type a password in, then select “Next”:

clip_image023

Select “Browse” and type in a name for the file:

clip_image025

Select “Save” and then finish the export process.

ADDING THE CERTIFICATE TO A SERVER TO BE BACKED UP

Now that you’ve exported the certification you’ll need to install it on the server or servers you’ll be backing up to Windows Azure.

1. Copy the certificate over to the server to be backed up.

2. Right click on the certificate and select “Install PFX”:

clip_image027

Once the install process is completed, the certificate will be discoverable via the Windows Azure Backup Vault management agent.

EXPORT CERTIFICATE FOR USE IN WINDOWS AZURE

On the machine where the certificate was installed (from above), open an MMC (command prompt -> MMC, enter)

Chose File and Add/Remove Snap-in…

clip_image002

Select “Certificates” from the menu of items, “then ADD >” and finally “Computer account”:

clip_image004

Select to manage for the local machine and complete wizard.

Drill down to the Personal folder then to Certificates. Look for the “CertificateName” of your certificate you created (in my example it is literally CertificateName):

clip_image006

Right click on the certificate go to “All Tasks” and “Export”:

clip_image008

Select “Next” on the welcome screen.

Leave default selection and select “Next

clip_image010

Leave default selection and select “Next

clip_image012

Provide a name and save to a preferred location:

clip_image014

Now you’ll need to upload the .cer to Windows Azure Backup Vault

Log into Windows Azure on the machine you saved the .cer on and select “RECOVERY SERVICES” on the left navigation:

clip_image015

Find and select your Backup Vault under the “TYPE” column:

At the bottom of the page select “MANAGE CERTIFICATE”:

clip_image018

Browse and select the .cer saved on your machine and select the check mark:

clip_image020

INSTALLING THE WINDOWS AZURE BACKUP AGENT

Log into Windows Azure and locate the Backup Vault under the “TYPE” column and select it:

clip_image029

On the entry page select “Download Agent”:

clip_image031

Once the agent is downloaded install it as you would any other program.

Note: the install .exe will go by the name of WABInstaller.exe – after installation you may see there is a newer version in the backup agent console. Go ahead and download and install it.

UPDATE: Install the following hotfix where the agent is installed to backup 1.65TB of data: https://support.microsoft.com/kb/2989574

LAUNCHING THE WINDOWS AZURE BACKUP AGENT

After the agent is installed an icon that looks like the following will be placed on the desktop of the server.

clip_image032

Launch the Windows Azure backup console via the desktop shortcut.
Next you'll need to register your server by using the “Register Server” link under Actions:

clip_image034

Configure or skip the proxy configuration:

clip_image036

Remember that certificate you imported at the beginning? Here’s where you’ll browse for it. Select OK to confirm the certificate.

Note: it will automatically detect the certificate.

clip_image038

Once the certificate is confirmed you’ll need to select a backup vault (the one you created in Azure a few lines up), select “Next”:

clip_image040

Now you’ll need to generate a passphrase. I recommend using the “Generate Passphrase” button. It will be stored in a .txt file in a location of your choice so no need to write it down.

clip_image042

Select “Register” at the bottom of the dialog and your server will register with Windows Azure Backup Vault.

BACKING UP FILES TO Windows Azure Backup Vault

Launch Windows Azure backup agent using the shortcut

Let’s schedule a backup now using the “Schedule Backup” link in the console:

clip_image044

I’m going to skip the Getting started screen…

On the next screen you have the option to add items (e.g. files) or set exclusion for file types, folders, or specific locations.

clip_image046

I chose to add “MyFiles” folder however this could be any folder on your server:

clip_image048

Select “OK” to confirm your choice(s):

clip_image050

Specify the days of the week you’d like to back up the data:

clip_image052

On the next screen you’ll set the retention period for the data, either 7, 15, or 30 days.

Don’t be confused by the retention period as the backup will always keep the latest version of the backup. However once the file is deleted, moved, renamed, or overwritten, the older file is stored for the number of days (e.g. retention period) specified before it’s removed completely.

clip_image055

Proceed to the next screen to confirm your settings and Finish the backup schedule:

clip_image057

RECOVER DATA

To recover data launch the Windows Azure Backup console and select “Recover Data”:

clip_image059

I’m going to select the local server and select “Next”:

clip_image061

On this screen I can either browse or search for files. I’m going to select Browse for files and select “Next”:

clip_image063

Select a volume. Since I’m only backup up data on the C: drive I’ll select it and then select “Next”:

clip_image065

Here is where you’ll select date of the backup you wish to recover. Since I only have one backup so far I’ll select it and then select “Next”:

clip_image067

Here is where you’ll select items to recover based on what was chosen to backup:

clip_image069

Select files to recover and then select “Next”:

clip_image071

On the recovery options page there are a wide variety of options most organizations demand. I chose to restore the files to another location as specified below. However choose the options to fit your needs and select “Next”:

clip_image073

Lastly select “Recover” to recover the selected files:

clip_image075

Let it run until the job is completed:

clip_image077

Take a look at the completed jobs in the Windows Azure Backup console:

clip_image079

Finally, let’s look at the recovered files:

clip_image081

Congratulations! You’ve backed up to your Windows Azure Backup Vault.

ADDITIONAL RESOURCCES

Windows Azure Backup Overview https://technet.microsoft.com/library/hh831419.aspx

Azure Backup - Monthly bill estimate and TCO calculator

https://gallery.technet.microsoft.com/Azure-Backup-Monthly-bill-093fd095

March 31, 2015 new features: https://azure.microsoft.com/blog/2015/02/16/new-features-in-azure-backup-long-term-retention-offline-backup-seeding-and-more/

Comments

  • Anonymous
    January 01, 2003
    Couple of questions: Why use this instead of DPM? Why not bake this into Windows Server Backup? Why does Azure "Vault" cost more than just raw BLOB storage - isn't it the same thing? If you are using the same thing, couldn't this process be much simpler by having a tool that does all of this but just needs the security keys for Azure BLOB storage instead of mucking with all the cert 'stuff?' Thanks!

  • Anonymous
    January 01, 2003
    Hi doodlemania, Here are my thoughts regarding your questions, Why use this instead of DPM? Courtenay: There are organizations who may not have invested in System Center yet and require a quick method to backup data and store it offsite.  System Center Data Protection Manager (DPM) allows backup to Windows Azure as well (via the same Azure backup service) for organizations who require an enterprise level backup solution. Why not bake this into Windows Server Backup? Courtenay: After the agent is installed it’s integrated into the Windows Server Backup MMC if that is what you’re asking. Why does Azure "Vault" cost more than just raw BLOB storage - isn't it the same thing? If you are using the same thing, couldn't this process be much simpler by having a tool that does all of this but just needs the security keys for Azure BLOB storage instead of mucking with all the cert 'stuff?' Courtenay: BLOB storage and the Windows Azure Backup Vault are different forms of storage.  I am unable to comment on the current pricing.  I suggest providing feedback via the Windows Azure site. Additional Resources: System Center Data Protection Manager: technet.microsoft.com/.../hh758173.aspx Windows Azure: www.windowsazure.com/en-us

  • Anonymous
    November 01, 2013
    Thank you. This article helped me a lot. I was almost there, but I missed the "local machine" store but instead was importing to "current user". I blogged about your link here vijaytech.net/.../azure-recovery-service-vault