If you have a small number of servers to protect and you currently have no backup solution, you are using the in box Windows Server backup tool on these servers, or use a third party backup solution, Windows Azure Back may be a viable option for you. If you have a larger infrastructure and already using System Center 2012 and using DPM for protection and you want to keep replicas offsite, Windows Azure backup is a brilliant solution. In this post we will look at both of these scenarios and give you the information you need to get started, including a Step-by-Step on how to deploy, configure and manage Windows Azure Backup on Windows Server 2012 R2. This post is part of the Windows Server 2012 R2 Launch Series.
Windows Server 2012 R2 Launch Blog Series Index at http://aka.ms/w012r2-01
The amount of data organizations are collecting and now storing is rising. Analysis tells us that data rates are growing at over 40% per year. 90% of the world’s current data was created in the past 2 years. This rapid rise means that the cost of storing this data is rising year on year. The good news is the cost per terabyte is falling year on year, but unfortunately not at the same rate as data growth. The cost of backup is also rising, from purchasing a solution, running it, and training people to use it. The cost and complexity of managing the storage is a factor - you have to manage all the backup media, store it, and test it in case you need it. All this leads to the possibility that important data may go unprotected, either entirely or for longer periods than is ideal. As we consider these challenges, let’s see how Windows Azure Backup helps address them.
Windows Azure Backup helps protect server data against loss and corruption by enabling backup to offsite cloud storage in Windows Azure. It provides a consistent experience configuring, monitoring, and recovering backups across local disk and cloud storage, integrating with the in-box backup program in Microsoft Windows Server or System Center Data Protection Manager. Windows Azure Backup encrypts and protects your backups in offsite cloud storage with Windows Azure, adding a layer of protection in case data loss or disaster impacts your servers. It can integrate with the backup tools in Windows Server or System Center Data Protection Manager as well as being driven by PowerShell scripting. You can manage cloud backups from these familiar tools to configure, monitor, and recover backups across local disk and cloud storage with ease. Windows Azure Backup delivers efficient data protection. It minimizes network bandwidth use, provides flexible data retention policies, and provides a cost-effective data protection solution that can be Geo replicated with ease. Data stored in Windows Azure is geo-replicated among Windows Azure data centers, for additional protection. Your data is encrypted before it leaves your premises, and remains encrypted in Windows Azure – only you have the key. Incremental backups provide multiple versions of data for point-in-time recovery. Plus, you can recover just what you need with file-level recovery.
We charge for backup based on the amount of data stored in the Backup service. We do not charge additionally for bandwidth, storage, storage transactions, compute, or other resources associated with providing the Backup service. Windows Azure Backup was made generally available on October 10, 2013. Promotional preview pricing remains in effect until November 30, 2013. If you have less than 5gb of data to backup per month it is absolutely FREE. I really like free but that is not the good news. The good news is the cost when using it at scale in production. On Dec 1st the price will change to $.50 cents per GB per month. Yep, that’s right you can backup your server for the month for about the cost of a cup of coffee. See Chart Below… Keep up with the most recent pricing and review the 6 or 12-Month Plan options for even more savings at http://www.windowsazure.com/en-us/pricing/details/backup/
1 For monetary credit offers, backup will be charged at the billable tier.
The amount of storage for which you are billed is determined by the compression ratio and the number of backups retained. The charge for backup storage is prorated daily. For example, if you consistently utilized 20 GB of storage for the first half of the month and none for the second half of the month, your average daily amount of compressed data stored would be 10GB for that month. Since the first 5GB each month is included at no charge, your bill for that month would be $2.50 (5GB x $0.50) for that month (Way less than a cup of coffee).
First let me say, from a backup perspective, I would recommend that you use a different data center for your backup than your physical location. If you are backing up on-premise machines and you are on the east coast set your backup storage to be on the west coast. If you are backing up Windows Azure machines that are configured for East, back them up in west.
Backup is available in the following regions:
If you’re already using System Center Data Protection Manager, you can start using Windows Azure Backup today – it integrates with System Center Data Protection Manager. If you’re a small business or branch office and have a small number of servers to protect, Windows Azure Backup integrates with the in-box Windows Server backup tools you may already be using. Windows Azure Backup is suitable for any workload, file servers, SharePoint®, SQL, Exchange, or others. Windows Azure Backup integrates with Windows Server technologies to make this happen.
if you have a small number of servers and you want to protect the data they hold using the tools built-in to Windows Server 2012 R2, the process to configure Windows Azure Backup is relatively simple. First, sign up for a Windows Azure account. This will provide you access to the Windows Azure Management Portal. From there, you can select the Recovery services option and add the Windows Azure Backup service to your account. The next step involves an exchange of data. We’ll cover the certificate part later on in the security section, but for now the important part is the installation of the agent on the server or servers that you want to register to use the Windows Azure Backup service. As mentioned, the Windows Azure Backup agent integrates with the existing Windows Server backup tool. When you start the tool after the agent installation, you register this server using your certificate. The certificate can be self-signed or public. Then you configure what data you want to back up and what schedule you want to use. That is it. If you are using a schedule, the server will now back up your data to that schedule. You can monitor it from the backup tool, to see when the backup ran, when the next one will run, and view any issues. If you need to recover data at any time, for example a server failure, or even an accidental deletion of a file or folder from a location being protected, you can use the backup tool to recover that data. Windows Azure Backup provides very granular recovery options, either to the original server or a different one. Recovering data to an alternative server is a good practice for testing recovery procedures. If you don’t have a physical server to restore to, create one on Windows Azure .
Let’s now look at how Windows Azure Backup works in an environment where you are using System Center Data Protection Manager. Most of this procedure is the same as we’ve just seen.
First, sign up for a Windows Azure account as we talked about above. The next step involves installing the agent on the DPM server, not, as in the previous example onto the server you want to protect. The Windows Azure Backup agent integrates with DPM. When you restart DPM after the tool has been installed, you register this server using your certificate. Then you configure what data you want to back up and what schedule you want to use. The DPM server will continue to protect the existing server as it did before the agent was installed, but the server will now back up data from servers you have configured. If you need to recover data at any time, for example a server failure, or even an accidental deletion of a file or folder from a location being protected, you can use DPM to recover that data, while still continuing to monitor and protect the other servers.
The first stage in the transfer process is the encryption of your data on premise using your key. Your data stays encrypted with your key while in transit over the wire to Windows Azure storage. Your data stays encrypted while in Windows Azure storage. It is never decrypted while it resides in Windows Azure storage. Your data can only be decrypted once it’s restored on your premises. Only you have the decryption key to do this. This makes it very important to protect this key. Make sure you back up your key, keep it safe, and store a copy offsite. Your data cannot be decrypted without it. In the event of key loss, Microsoft cannot help you as Microsoft does not keep a copy of your key and has no access to it. The key is never passed to Windows Azure during any Windows Azure backup. If you need at some point to change the key, it is easy to do. Simply create a new key upload it to Windows Azure and tell Windows Azure Backup to use the new key.
Windows Azure Backup is deployed by configuring or enabling the services on Windows Azure then installing an agent on the server that communicates with the service. In this Step-By-Step post we will go through the entire process Step By Step so you can easily deploy in your environment. Special Thanks to Blain Barton for his work in helping put together this Step-By-Step guide.
Here we go with the details…
a. Create or Login to your Microsoft Account (LiveID): How To Sign up for a Free Microsoft Account (aka LiveID) Step-By-Stephttp://aka.ms/GuruLiveID
b. Signup for a Windows Azure Account: Getting Started With Windows Azure–Step-By-Step http://aka.ms/az-easy
c. You may have to disable IE Enhanced Security: Click Server Manager – Local Server – IE Enhanced Security Configuration – change the On to Off for administrators – Close browser then reopen browser.
1) Create a self-signed computer certificate to be used for authentication between the host to be backed up and the Windows Azure Backup Vault. How To Create A Self-Signed Computer Certificate using PowerShell Step-By-Step http://aka.ms/GuruCert
a. Run PowerShell from the machine you want to create certificate on: Start then type PowerShell then Right-Click on PowerShell icon and select Run as Administrator.
b. Download the text file, open it … Highlight the text in http://ITProGuru.com/downloads/SelfSignedCertificate.txt right-click select copy
c. Right-click the PowerShell window to paste and watch the magic
d. Navigate to c:\ to see your new certificate which will be called “GuruCert_YourMachineName” Make a note of this location, you will need it later.
2) Enable Windows Azure Backup (Preview) Feature. Notice this is Preview so it is not supported by SLA yet.
a. Login to Windows Azure Management Portal http://manage.windowsazure.com b. In a new Tab or New Windows Navigate to http://www.windowsazure.com/en-us/services/preview/ c. Scroll down to Backup and click on the “try it now” button. Then click the checkmark/OK button. d. After you add the Backup Preview to your account, switch back to your Portal browser tab and refresh it. You should now see the Recovery Services icon in the left navigation sidebar i. You should now see Recovery Services on the left pane (you may need to scroll down – Scroll bars are hidden in the right part of the blue NavBar [hover to activate the scroll bar])
a. Login to Windows Azure Management Portal http://manage.windowsazure.com
b. In a new Tab or New Windows Navigate to http://www.windowsazure.com/en-us/services/preview/
c. Scroll down to Backup and click on the “try it now” button. Then click the checkmark/OK button.
d. After you add the Backup Preview to your account, switch back to your Portal browser tab and refresh it. You should now see the Recovery Services icon in the left navigation sidebar i. You should now see Recovery Services on the left pane (you may need to scroll down – Scroll bars are hidden in the right part of the blue NavBar [hover to activate the scroll bar])
a. Create a Windows Azure Backup Vault: select Recovery Services from the left navigation sidebar in the Windows Azure portal.
b. Click Create A New Vault.
c. Enter a name for your Backup Vault (eg. TestBackup) and select the closest Region to your location. Click Create Vault to continue.
d. After a few seconds the Vault is successfully creation and it is Active
e. Click on the Vault name (eg. TestBackup) to view the Quick Start screen
f. Click on Manage Certificate (under “Upload your public certificate to the backup vault” or in the bottom taskbar)
g. Click the folder to upload your certificate. Browse to your certificate location (eg. C:\GuruCert_YourMachineName), select the certificate file, and click the Circled Checkmark to continue.
h. You will get a message that says “Successfully uploaded the certificate to the vault.” Click the checkmark near OK
a. While logged into the server you will be backing up to Azure, go ahead and add a file to the desktop so we can confirm that it can be restored. Right-Click Desktop - New – Text Document – Enter. There is now a new text document on the deskop.
b. In the Windows Azure portal, you should still be on the Quick Start screen for your Backup Vault after you uploaded your certificate. If not, navigate to Recovery Services, then click on the name (TestBackup) of your backup vault.
c. Click on Download Agent. For either Windows Server or Windows Server Essentials depending on what flavor you are running.
d. Click Run to install the Windows Azure Backup Agent.
e. Go through the agent installation. After you have installed the Agent, click the Circled Checkmark to close the pop-out window. The Agent installation program will create a Desktop icon and Start Screen tile.
f. Launch the Windows Azure Backup Agent from Desktop
g. In the Actions pane on the right, click Register Server. The Register Server Wizard will launch.
h. Proxy Configuration: Set your appropriate settings if necessary. Click Next.
i. Vault Identification. Click Browse and select the certificate that was just uploaded to Azure (eg. C:\GuruCert_YourMachineName)
j. Select your certificate and click OK.
k. After you select the certificate, select your Backup Vault from the drop-down menu. Click Next.
l. Encryption Settings. Enter your own paraphrase or click Generate Paraphrase. Select the location to store the paraphrase txt file. Click Register.
m. After the server has been successfully registered, click Close.
n. Your server has now been successfully registered with your Windows Azure Backup Vault.
After your server has been successfully registered, you have to configure the Windows Azure Backup Agent to be able to test the backup function.
a. You should still be in the Backup Agent. In the Actions Pane, select Schedule Backup. The Schedule Backup Wizard is launched.
b. Getting started. Click Next.
c. Select Items to Backup. Select Add Items to continue. For the purpose of this lab just select c:\users only Click Next.
d. Specify Backup Time. Choose your Days and Times to backup.
e. Click Next.
f. Specify Retention Setting. Choose your setting or select the default. Click Next.
g. Confirmation. Click Finish to create the scheduled backup job.
h. Completed. Click Close.
i. Now that you have created a scheduled backup job, the Back Up Now option becomes available. So, let’s run a backup.
j. In the Actions pane on the right, select Back Up Now. The Back Up Now Wizard is launched. Click Back Up.
k. Back Up Now completed. Click Close.
l. You will have a completed job in the Jobs pane.
m. Congratulations! You have successfully backed up to Windows Azure
You ALWAYS have to test your backup to make sure it is working so let’s do that.
a. From your backed up server, right-click the “New Text Document” on the desktop and select Delete. We will restore this file
b. Launch the Windows Azure Backup Agent from Desktop
c. In the Actions Pane, Click Recover Data
d. Getting Started click Next
e. Select Recovery Mode Click Next
f. Select the volume, choose c:\ Click Next (note the date options available)
g. Select Items to recover, expand c:\Users\username\Desktop Select “New Text Document.txt” Click Next
h. On Recovery Options, take a look at options then just click Next (don’t need to change anything)
i. Confirmation: Click Recover
j. When finished, click Close; Note that the file you deleted in step a. above has been restored J