WAC: Azure Backup

If you’ve connected Windows Admin Centre to Azure you’ll find a section called Azure Backup. This will allow you to back up your on-site workloads to Azure using the Microsoft Azure Recovery Services agent. It’s ideal for backing up physical servers or individual virtual machines, however if you’re after backing up all the guests on your Hyper-V host you’re better off looking into Azure Backup Server, which runs on the host rather than the guest.

In this post I’m going to look at configuring and backing up a server through Windows Admin Centre, and then at how to recover the data – both for a partial failure (such as some files being deleted but the server still boots) and a total failure.

Creating the Vault

The first step here is to create a Recovery Services Vault in Azure if you haven’t already got one. From the Azure Portal go to Recovery Services Vault and create a new vault. There’s not much to fill in here, just the vault name and region.

Once you’ve made this, click into the vault and then onto Properties. Scroll down to Backup Configuration and click on Update. Select the storage replication type you want to use and save. Locally-redundant data is cheapest but less resilient, through to Geo-redundant which is the most expensive but most resilient. You can find pricing details here including an explanation of how the charges are worked out for each replication type.

Select the Storage Replication Type you want for the vault. You’ve got to do this first of all because, as you can see in this screenshot, you can’t change it once you’ve started using the vault.

Configure Azure Backup

Next step is to configure Azure Backup on the server you want to protect. From Windows Admin Centre, click onto your server, then onto Azure Backup on the left hand menu, and finally Set up Azure Backup.

Click the button to get started! There’s also a handy link to the pricing details page if you’ve not already checked it out.

Now follow through the steps to log in to Azure and select the items you want to back up – in this example I’m backing up the System State and C:\ Drive Files and Folders, there are a few other options for this depending on the workload such as SharePoint farms, Exchange servers and SQL databases. Pick the backup frequency and retention schedule and enter the encryption key – generate a random long string for this and keep it somewhere safe.

Run through the steps to set up Azure Backup on the server. If you’re keeping an eye on the server’s console you’ll notice an icon for Azure Backup eventually appears on the desktop – we’re going to concentrate on backing up through WAC so we don’t need to touch this yet.

It will take a while to set everything up and eventually present you with a screen showing the backup overview – obviously you’ve not run any backup jobs yet so this will just be some charts showing nothing has happened. If you want to kick things off, scroll down to Protected Items (it’s off-screen on my screenshot) and click on Backup Now – otherwise wait for your first scheduled backup to run.

The Azure Backup Overview screen once configuration has completed.

You can monitor the state of the current backup by clicking on the Jobs tab, although it’s not too detailed it will tell you what’s happening just don’t expect progress indicators.

Once your backup’s complete, if you want to check on the status of all your backups you can take a look inside the Recovery Services Vault in Azure, then into Protected Items > Backup Items, then Azure Backup Agent.

Check the list of protected items and the backup status from the Recovery Services Vault section of the Azure Portal.

Configure Monitoring

So now we’ve got our backups running, what next? Well ideally we’d want to be alerted when something has gone wrong (or even alerted when it’s gone right – then we know if we miss an email we’re expecting daily something has happened). On the Backup Jobs page there is a button named Alerts and Notifications – click this and it will open the Azure Portal and take you to your Recovery Services Vault’s Backup Alerts page.

Backup Alerts for my Recovery Services Vault. No alerts at the moment! This is the place to be to configure notifications.

Here you’ll see a list of any alerts which are currently active (none here, lovely) and you can click Configure Notifications. The nice bit about this is that the alerts are sent from Azure rather than from your WAC server, so there’s no configuring SMTP settings or anything like that to worry about.

Configure your alert notification type, frequency and recipients.

Currently it only supports sending e-mail alerts however you can send to multiple recipients and you can either notify once per alert or with an hourly digest – if you’ve got lots of backups and are notifying on success you’d maybe want the digest to cut down the number of emails you’re receiving. Select the alert severity from Critical, Warning and Information (or any mix of these).

Recovering Data

You can’t rely on any backup if you’ve not tested that you can actually recover it. If the server is still working you’ll have noticed that on the Recovery Points tab there’s a button called Recover Data. Clicking it will tell you that you can’t recover data through Windows Admin Centre at the moment (hopefully in a future update to the Azure Backup extension guys?) so you’d have to drop to the server and open the Azure Backup application, or use PowerShell. I’m just going to go through using the GUI application here, but see the Microsoft docs for how to do this using PowerShell.

Recovering data – not quite so easy, you need to go to the Azure Backup application on the server’s desktop or use PowerShell.

Recovering to the same server

If your server is still functional and you just want to roll back to a previous backup, or recover some files, it’s fairly easy. Open the Azure Backup application and click on Recover Data.

Launch the Recover Data wizard to get started.

Work through the wizard – you can select from the following types of restore:

  • Individual files and folders – useful if you’ve deleted something by mistake
  • Entire volume
  • System State

You can only pick one type of restore so you might need to run through this a couple of times depending on what you’re trying to do.

Once you’ve picked the recovery type and volume (if applicable) you’ll be asked to pick which restore point you want to use.

Pick the recovery point you want to use and click Mount. It’ll now go away and load the data – if you want to monitor this you can do so from Windows Admin Centre as this shows up as an active job.

If you’ve chosen to restore files and folders it will mount the backup as a virtual disk for you to go have a look at in file explorer.

Recover files and folders – the backup’s mounted as a virtual disk and you can copy files using any of the usual tools – explorer, PowerShell, robocopy etc. Click Unmount once done.

If you’ve chosen to recover an entire volume, you’ll be given the choice to recover to the original or a different location, along with what to do if the data already exists, and whether you want to restore the NTFS file permission ACLs on the recovered data.

Restore the entire volume settings screen

Finally if you’re restoring the system state, this is a little more involved. You’ll be asked where you want to save the System State files to – just pick a folder and it’ll make a system state archive. I’d strongly recommend avoiding the C drive, however I don’t want to add a second drive onto this system that exists purely for demonstrating Azure Backup.

System State recovery is a little more involved than file/folder or volume recovery.

If you’ve chosen to restore the system state archive to the C: drive, you’ll now need to put the data somewhere accessible. The backup wizard won’t restore an archive off the C: drive without you looping back via the UNC path, and the path above is too long for Windows to cope with. I just moved everything from c:\recovery\C_Vol\Program Files\Microsoft Azure Recovery Services Agent\Scratch\SSBV\ to C:\recovery.

Next we’ll need to open Windows Server Backup, you can find this under Administrative Tools on the server. Click on Local Backup in the tree view, then Recover at the right hand side. Work your way through the wizard:

  • Select “Backup stored at another location” (even if you’ve restored the system state archive to this machine)
  • Select Local drives if you’ve saved it anywhere local other than the C: drive and browse to the path indicated by the wizard when you created the system state archive. Otherwise you’ll have to go via the network path if it’s on another system or on the C drive. In this case I’ve had to enter \\servername\c$\recovery.
  • Select the available backup
  • Select System State as the recovery type
  • Select Original Location as the recovery destination.
  • If you are restoring an Active Directory Domain Controller you’ll be asked if you want to perform an authoritative restore. Be careful and only select this if you actually need to do so.
  • The server should now restore its system state and eventually reboot.
Windows Server Backup now restoring the System State Archive that Azure Backup downloaded for us. It’s a bit complicated but it works.

Recovering to a new server

If your server is completely unusable you can recover your backup to a new target server. You’ll need to build up a server for this, running the same version of Windows as the original server, and then download and install the Azure Backup agent. Once it’s installed you’ll be asked to register your backup vault and you’ll get a screen like this asking for the credentials.

You’ll need the Vault Credentials file, and your encryption string, to connect back up to Azure Backup.

To get your vault credentials, go back to the Azure Portal and into your Recovery Services Vault. Click on Properties, then scroll down to Backup Credentials and tick that you’re using the latest agent (as you’ve just downloaded and installed it). Finally, click Download to get your credentials file. This needs to be saved onto a local disk on the target server, you can’t put it on a network drive.

Next enter the encryption string. This doesn’t have to be the one you used when setting up Azure Backup at the beginning, as it’s what will be used to back this server up in future, rather than for restoring from another computer. Finish the wizard and it will register the new server, and launch the Microsoft Azure Recovery Service Agent console.

To recover data, you now need to click Recover Data as we did earlier when restoring to the same server. This time we’ll say the data was backed up on a different server, and provide the vault credentials again.

This time we’re recovering data backed up by a different server, and we’ll have to provide the vault credentials again – this second step is actually useful if you have multiple vaults as you don’t have to register the server with the same vault you’re restoring from.

Next it should connect to the vault and show a list of protected servers. Pick the server you want to restore from, and enter the encryption string that you set up back when you first protected the server.

When restoring from another server we supply the vault credentials and then just select the server we want to restore from the list.

Now we’ve got this far, it’s basically the same steps as if you were restoring to the original source server with the instructions above.

Further Reading:

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.