Data protection is an all-time priority for IT administrators. It doesn’t really matter if the server catches fire or the hard disk roasts, as long as the data is safe. Even the slightest hint of data loss can send even the most experienced administrators into a tizzy. That’s a reason why there are dozens of backup solutions available in the market designed to protect objects, applications, servers and even complete sites.
A lot of meticulous planning is needed when it comes to designing a backup strategy: deciding between the types of storage to be used, the frequency of backup, and deploying complex products that often have a learning curve. Another important aspect of choosing a reliable backup solution is ensuring that it protects the data against site-wide failure in case of a catastrophe.
Microsoft Azure Online Backup — former known as Windows Azure online backup — offers a very quick and easy-to-configure entry-level backup solution for Windows Server. Once set up, it backs up your mission critical data at regular intervals to the cloud. It uses the familiar Windows Server Backup-type interface for ease of use. This is a cost-effective solution that is especially helpful in cases in which you want to quickly set up a data protection mechanism without having to bear the pain of procuring storage or setting up an offsite at a distant location to protect against a site-wide failure.
This functionality of Microsoft Azure IaaS leverages Microsoft Azure blob storage to store the backups. In this blog post, let’s try to configure a lab environment and see how that works in a little more detail using a Windows Server 2012 R2 box. For better understanding, I’m going to break this process into four steps.
How to Configure Microsoft Azure Online Backup
Step 1: Create Backup Vault in Azure
If you don’t already have an Azure subscription, you may want to sign up for one. There is a free 30-day Microsoft Azure trial (you may need a credit card to register). Once done, login to the Azure Management Portal.
- On the left, click on Recovery Services and click on Create a New Vault.
- Select Data Services > Recovery Services > Backup Vault > Quick Create.
- Give it a meaningful name, select a region close to your location, and click on Create Vault.
- Once that completes, you should see a “successfully created” message at the bottom of the Management Portal.
Step 2: Configure Certificates
This part can be a bit tricky if you’re not too familiar with certificates. You will need the makecert.exe tool from the Windows SDK (already present if you have Visual Studio installed or you’ll need to install the Windows SDK) to create a certificate (if not using an external CA) to be uploaded to Azure and installed on the server to be backed up. Note that a self-signed certificate made using IIS Manager does not seem to work (due to difference in enhanced key usage attribute).
- Go to the folder location of makecert.exe and open a command prompt there as an Administrator.
- Type the following, then hit Enter:
makecert.exe -r -pe -n CN=CertificateName -ss my -sr localmachine -eku 184.108.40.206.220.127.116.11.2 -len 2048 -e 01/01/2016 CertificateName.cer
- Click on Manage Certificates in Azure Management Portal to upload the CertificateName.cer file from the same folder (as makecert) to Azure.
- If the server to be backed up is not the same as the server on which the makecert.exe was run on, then export the CertificateName certificate as a .pfx file with private key from the Certificates store using the mmc, and import it on the server to be configured for backup.
Step 3: Register Server
To add the server for backup in Azure, you’ll first need to download and install the Microsoft Azure Backup Agent for Windows Server on it to connect it to the Backup Vault created in step 1.
- In the Azure Management Portal, click on Download Agent and select the Agent for Windows Server.
- Run the Agent setup on the target server. It’s a fairly simple process: Accept the license agreement and go with the defaults. Any missing prerequisites will be installed automatically by the wizard. Once done, you should see a “Windows Azure Backup Agent installation has completed successfully” message. Optionally, you can also choose to check for newer updates of the agent on the terminal screen.
- Open the Windows Azure Backup from the Start menu and pin it for convenience.
- Run the Register Server wizard from the Actions pane on the right.
- Enter proxy configuration (if you happen to have a proxy).
- Choose the CertificateName (or what you named your certificate) and the Backup Vault from the drop-down.
- Generate a passphrase and save it to a safe isolated location.
- Click on Register and Close when you get the “Windows Azure Backup is now available for this server message” on screen.
- Verify if this was successfully set up by going to the Azure Management Portal; you should see this newly added server under the Servers tab of your backup vault.
Step 4: Schedule Backup
Most of your work is done. A final part of the job is to schedule the backups itself. You can choose the frequency of backup, time, bandwidth throttling, and encryption settings from here.
- Open Windows Azure Backup and click on Schedule Backup from the Actions pane on the right and skip past the Getting started page.
- Add Items you want to be backed up: files, folders, or entire drives. Click Next.
- Specify the backup times and hit Next. It is advisable to do this during the non-peak hours so that lowering of the internet speed due to this does not affect productivity.
- Specify the data retention settings, which is the number of days the copies of older backups will be retained. I’ll leave it to be the default of seven days and hit Next.
- On the confirmation page, go through what you’ve set up and click on Finish. Once this is done you should see a “You have successfully created a backup schedule message” on screen.
- To verify this, you can again log into the Management Portal and check the Protected Items tab of your backup vault.
Testing the Setup
You can now either wait for the backup process to be triggered at the scheduled time or manually force it. We’ll try to manually force it to see how this looks. Here’s how we go about that:
- Click on Back up Now in the Actions pane on the right.
- Verify that the listed items are those that you want to backup and hit the Back Up button. Now, this may take some time depending on your bandwidth and amount of data. You can probably go have cup of coffee or two in the meantime. Once done, it should display a “Job completed” message on screen.
That’s it! You’re now ready to roll. The recovery process is quite simple as well. I’ll leave that up to the readers to figure out. If you’ve got any questions, jot them down in the comments section.