In this post, I will explain how you can use a preview feature of the Azure Backup MARS agent to backup and restore system state for Windows Server machines.
The MARS agent is one of the 3 ways that we can use Azure Backup to protect on-premises data to the cloud. In my experience, MARS has been the most commonly adopted solution for enabling small businesses to backup files and folders, usually from the only server that a small business has. I have been talking and writing about Azure Backup for around 3 years now. One of the common requests was for MARS to support protection of system state. Please note that System Center Data Protection Manager and Microsoft Azure Backup Server already offer this.
Why was system state protection required? The one server that a small business has is also the domain controller. It is also the way that we protect Active Directory to do a system state backup. Not having support for system state meant that another backup solution was required. System state also includes meta data for the server, such as file server or web server configuration.
I found that the request for System State protection was one of the factors that prevented adoption by some companies of Azure Backup. One factor has been centralized management, which is being worked on. Another is support for applications and virtualization by MARS agent, which is also being worked on. Those services do have support via Microsoft Azure Backup Server (MABS) at this time.
A preview program has been launched, which enables the MARS agent to protect System State via a seamless integration with Windows Server Backup. This is available on Windows Servers. Additional backup tools or solutions are not required for following roles:
- File servers, including file-cluster configurations
- IIS, including the IIS Metabase
- Active Directory Domain Services
System State will count as another instance. In fact, it is normally under 50GB. It is technically a half instance and costs half of the full instance price, RRP of $10. You should normally see a charge of $5 for a system state backup, including Azure Storage.
You might be concerned about sensitive data from Domain Services being sent to the cloud. Azure Backup always encrypts your data before it leaves the on-premises server. It uses a key that only you have access to. Microsoft does not have a way to store or access the key, so your sensitive data is safe. It stays encrypted until it comes back on-premises in the event of a restore.
Support for system state protection using the MARS agent is available for:
- Windows Server 2008 R2
- Windows Server 2012
- Windows Server 2012 R2
- Windows Server 2016
Backing Up System State
This is a preview release, so things are going to be a little fiddly. We must first enable system state support.
Open an elevated command prompt and stop Azure Backup with this command:
Net stop obengine
Open the registry editor with elevated permissions. Create a new REG_DWORD value called TurnOffSSDFeature in HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Azure Backup\Config\CloudBackupProvider and set the value to 2.
Close the registry editor, return to the elevated command prompt, and restart Azure Backup by running:
Net start obengine
Now, when you schedule a backup job, you have the option to select System State, as well as files and folders.
In the preview, we cannot restore the System State directly to a Windows Server from Azure Backup. We can restore the files and use Windows Server Backup to apply those files to the System State. It is a 2-step restore but this is a preview feature.