Azure Backup Server - protecting our Hyper-V workload
We recently migrated our VMWare 3-node plus SAN cluster to a 2-node hyperconverged Hyper-V setup, and after reviewing a few options for backing the thing up I decided on Azure Backup Server.
Our previous setup involved Veeam doing the local backups, then Cloudberry transferring all this into an Azure storage account periodically. I like this setup but want to simplify it (and save money). Best thing here is Azure Backup Server is essentially free - you're just paying for the data transfer and storage costs in Azure - which I am already paying for - and a fixed fee per item. It will do local backups, i.e. Disk-to-disk, but also allow you to back up to Azure (hence the name), i.e. Disk-to-disk-to-cloud. Perfect.
First thing is to set up your backup server, I'm using a Server 2016 box with a 20TB volume for backups. You will need to install .Net Framework 3.5 (via Powershell or Server Manager -> Add Feature), don't forget you need to point it at the X:\\Sources\\SXS folder on the installation ISO or it won't install.
Next step I always do before trying to install anything complicated is give the server a restart, as 9 times out of 10 you will waste 20 minutes while the setup wizard checks things only to tell you a restart is pending.
You can download Azure Backup Server from https://www.microsoft.com/en-us/download/details.aspx?id=57520 -it's a strange one as there's 7 .BIN files and a small .EXE, download them all and then run the EXE, it will extract the contents. Not sure why they didn't just go for an ISO here given it's 4.2GB. Once it's all extracted you can browse to the folder and run the main installer. Don't try running this from a network drive or the SQL Express step is likely to fail.
I'm not going to go through all the steps as it's basically "Next, Next, Next, Next" but just go through the installer, in one step you'll need either an existing SQL instance or, as I did, just allow it to set up its own SQL Express.
Eventually you will be asked to provide the Vault Credentials. Interesting. It actually means "go to Azure and make a Recovery Services Vault". So let's do so.
In the Azure Portal, search for "Recovery Services" (in the search bar at the top, not the Market place one) or just click here. Create a new Recovery Services Vault - it doesn't ask for many details, just the name and the region you want to use. Once it's created, go to the vault and then look for Getting Started on the left hand side. Click on Backup and then fill out the fields:
Select On-Premises for your workload location, and Hyper-V Virtual Machines for what you want to back up. Then click Prepare Infrastructure.
Click on the button, then you're at a second screen to fill out:
Tell them that you've already got Azure Backup Server, then click on Download. You will need to save this vault credential file onto a local drive on your backup server, if you try it on a mapped drive it will claim it can't read the file.
Switch back to Azure Backup setup, feed it the vault credentials file and finish the setup wizards. It will ask you to create an encryption key for your Azure backups, you can save this to a location on your network or in an Azure Key Vault. Restart the server once done.
Don't bother trying to install the console on a local PC, it is only supported with the paid-for version of DPM and not the Azure Backup Server. (Why's it on the same installer then Microsoft?)
Now we need to set up the disk storage for backup, and the backup jobs. Azure Backup Server needs an entire volume to itself so ensure you've got a free volume (on my first go through here I had a 20TB volume for backups but 2TB was in use by Veeam - so I had to shrink the volume and create a second one). Shrinking a 20TB volume took at least 12 hours so it's something you will want to leave working overnight.
Now in the Azure Backup Console, go to Management -> Disk Storage -> Add. Work your way through the screens adding the volume you wish to dedicated to local backup.
Next step is to add the workload we want to protect. You can add any server, however for my purposes I'm trying to protect a workload on a Hyper-V cluster. I'm going to add the Hyper-V hosts and not bother with guest level backup, but you can add other servers for guest-level backup if you like.
The wizard will try to remotely install the backup agent - I found I needed to run this on each server to be able to remotely install the agent if firewalls are on.
netsh advfirewall firewall add rule name="Allow DPM Remote Agent Push" dir=in action=allow service=any enable=yes profile=any remoteip=<IPAddress>
Now we need to add the servers we wish to protect, so run through the Management -> Protection -> Add Servers wizard. I'll not go into much detail or screenshots here as it's just a simple case of selecting the servers and it will even search through Active Directory for you. It will try to install the agent on any servers selected here (unless you opt not to - in which case you need to find it in the Azure Backup Server's installation directory, or in the Agents folder on the installation media, and manually install it). In my case I just selected the two Hyper V hosts.
Go to Protection -> Add Protection Group.
Select the servers you wish to include - in this case I'll expand the cluster and pick everything as I only need one group. Annoyingly you have to expand each guest VM and tick the item that appears, and you can't just right click the cluster and "include all".
Select the backup types you want - not much choice, Disk or Azure or both.
Next you will need to pick which volume you want to use when backing up locally - not much choice for me as I've only got one volume set up.
Now you will need to set the backup schedule for the copy uploaded into the Azure Recovery Services Vault.
There's a couple more steps on the wizard but they are self explanatory. When setting your Azure retention policy don't forget it's not free storage!
With any luck you will then be able to have a look at the Monitoring page and see that all your jobs are taking their initial backup. If you have any failing with curious errors it is worth dropping into Hyper-V manager and checking the VM in question can actually perform a Production snapshot - in my case, the MEMCM server refused to backup until I spent a day fixing the SQL database. (Change Tracking was preventing it from backing up, even through the SQL management studio).
Don't forget to head into Options on the ribbon bar at the top and configure notifications if you want some alerts about jobs failing etc.