Hi everyone, Shane Brasher here, and today I’m going to walk through configuring Data Protection Manager to perform backups and recoveries using the Azure cloud.
Note: This article assumes that you have already registered an account for use with Azure and have already installed the Azure Backup agent on the DPM server. This link should provide you with the necessary steps for both registration and access to the Azure agent: http://technet.microsoft.com/en-us/library/hh831761.aspx
We will go over the following:
1. System Center 2012 Data Protection Manager (DPM 2012) Service Pack 1 (SP1) verification 2. Azure agent installation verification 3. DPM 2012 SP1 registration with Azure 4. Protection Group creation 5. DPM 2012 SP1 recovery from Azure
DPM 2012 SP1 installation verification
First let’s verify that the DPM 2012 server has SP1 installed. This is easily done via visual GUI observation. You can look at the DPM administrative console and at the very top it will note: “System Center 2012 Service Pack 1 DPM Administrator Console”.
You can also verify by selecting the “About DPM” icon:
Once you click on that you will see the following verification:
DPM 2012 SP1 Azure Agent Installation Verification
DPM 2012 SP1 will need to have the Azure agent installed. The agent is an executable to be downloaded named OBSinstaller.exe and you can verify the presence of the agent via the following ways:
1. Add\Remove programs will show “Windows Azure Online Agent” present.
2. Services will show the process “obengine” with a description of “Windows Azure Online Agent”
3. The default install path with be “C:\Program Files\Windows Azure Online Backup Agent”
DPM 2012 SP1 Azure Registration
Once we have verified that we have SP1 installed on the DPM 2012 server, we will start off by registering our DPM server with Azure. We already have an account registered with Azure and now we will use that account to register the DPM server itself. Within the DPM console, select “Management” on the left hand side, then select “Online”, then select “Register” at the top left of the console.
This starts the registration wizard. The first window we specify our user name and password we used when we created our Azure account.
This part in the registration wizard you can specify the proxy settings if needed. As a troubleshooting step if left blank and registration fails, the first thing you should try is to verify that no proxy settings are needed OR specify proxy settings for testing.
Once specified, or left blank, select “Next”
Here are the bandwidth throttling settings that you can specify if you choose:
a. bandwidth throttling for work hours b. bandwidth throttling for non work hours c. the time frame for “work hours”. d. the days the “work hours” time frame applies to.
Once you make your settings if you choose to do so, then select Next.
Here we specify the recovery folder settings. This is a temporary staging location for the information being recovered. The amount of space needed should be at least as large as the data being recovered.
Example: If the data being recovered is at least 100GB, then the staging location will need to allow for at least 100GB.
Once you choose a location, then select “Next”.
Here you choose a secure passphrase for encryption. If you choose to use your own passphrase then you will have to make sure to meet the guidelines shown in the GUI. Of course you can always select to let the wizard “generate passphrase” for you. Either way it is critical that you save the passphrase used in a safe location should you wish to de-register and\or re-register the DPM server with Azure. Please note that we have the option to “copy to clipboard” just for this purpose. This passphrase is associated with your Azure online recovery points.
Once your passphrase is saved safely, you can select “Next”.
Creating the Protection Group for backups to Azure
Here we will create a new protection group, and during this creation we will specify to allow for backups to the cloud to take place.
We will navigate to the “Protection” on the left hand side and specify “New”
You will see the “Create Protection Group” wizard start.
Select “Next” and then select “Servers”, then “Next” again.
The next window will show you your servers with the DPM 2012 SP1 agent installed on them. From there you can select a server. In this demonstration we will select the Domain controller.
We will expand the DC to enumerate the datasources available to be backed up. In this case we will select some flat files on the DC. In this case I will select just a simple folder with flat files in it. Select “Next”.
This window gives us the option to name the protection group and to also select whether or not we want to specify “online protection” (backup to Azure) or not.
Select “Next”. This window allows us to specify a retention range and recovery point times. Go ahead and accept the defaults, then “Next” again.
We are now brought to a window to review the disk allocation as seen below:
Go ahead and accept the defaults, then select “Next”. Here we see the option for Replica Creation.
Accept the defaults then select “Next”. This brings us to the “Consistency Check Options”. Accept the defaults then choose “Next”.
We are now presented with which data sources we want to allow to be saved to our online backup storage or rather to Azure.
We will select our only option in this case, then choose “Next”.
Here is another important Azure setting for us to consider. We can choose our “Retention Range in days”, our “synchronization frequency” and the “Synchronization Schedule” itself.
Note: You can only synchronize to Azure twice per day.
In this case I will select 11AM and 9PM, then choose “Next”.
We are then taken to the Summary window. Accept our choices and then select “Create Group”.
Once the protection group is created and the initial replica is finished, we can go to the Protection group itself and verify that everything is green.
If we go to the “Monitoring” tab and select the “All Jobs in progress” during this time we will see the following:
Note the backup type is shown as “Online recovery point”.
If we choose, we can create an adhoc backup for the datasource. Just go to the “Protection” tab and select the datasource. Right click and choose “create recovery point”.
Here you will be shown the options for:
a. Short term to disk
b. Online protection
If you want the adhoc online backup to be done, just select it and away you go.
Please be mindful though that you can only choose 2 recovery points to Azure per day.
Example: During the creation of your protection group, you specify backups to Azure at 9AM and 4PM. At 12PM you decide to create an adhoc backup to Azure. As such, the 4PM backup to Azure will not be done.
If we go to the Protection Group itself we can also note the following:
Recovery From Azure
When you go to the Recovery tab and select the datasource you wish to recover, the “cloud” icon (below) shows ONLY if you select a specified time in which a backup to the cloud was done.
The recovery process if pretty easy to perform, just right click the datasource and select “recover” to initialize the wizard. Here you will see confirmation that a restore from Azure is to be done.
Go ahead and select “Next”.
From there you can specify “recover to the original location” or “recover to an alternate location”. In this case I will choose the C: drive on the DPM server.
Note: There is no folder named “Azure Agent”. If our recovery is successful, there will be one once we are finished.
Go ahead and complete the Recovery Wizard accepting the defaults. Once the recovery starts, if we go to the monitoring tab in DPM we can see the jobs in progress showing tasks for:
a. Online recovery b. Restore from the staging location
Going to the “Completed” jobs we can see the successful completion of both.
Just for a solid confirmation, if we go to the root of C: we can see the successful restore of the “Azure Agent” folder.
As you can see, the integration of DPM 2012 SP1 does incorporate a few steps that need to be done. Primarily the installation of the Azure agent and the registration of the DPM server with Azure. Once this is done, you can configure your backups to the cloud either during the creation of a protection group or you can modify an existing protection group to specify backups to the cloud.
Shane Brasher | Senior Support Escalation Engineer | Management and Security Division
Get the latest System Center news on Facebook and Twitter:
System Center All Up: http://blogs.technet.com/b/systemcenter/ System Center – Configuration Manager Support Team blog: http://blogs.technet.com/configurationmgr/ System Center – Data Protection Manager Team blog: http://blogs.technet.com/dpm/ System Center – Orchestrator Support Team blog: http://blogs.technet.com/b/orchestrator/ System Center – Operations Manager Team blog: http://blogs.technet.com/momteam/ System Center – Service Manager Team blog: http://blogs.technet.com/b/servicemanager System Center – Virtual Machine Manager Team blog: http://blogs.technet.com/scvmm
Windows Intune: http://blogs.technet.com/b/windowsintune/ WSUS Support Team blog: http://blogs.technet.com/sus/ The AD RMS blog: http://blogs.technet.com/b/rmssupp/
The Forefront Endpoint Protection blog : http://blogs.technet.com/b/clientsecurity/ The Forefront Identity Manager blog : http://blogs.msdn.com/b/ms-identity-support/ The Forefront TMG blog: http://blogs.technet.com/b/isablog/ The Forefront UAG blog: http://blogs.technet.com/b/edgeaccessblog/
Is the Azure Backup service still in "Preview". Is there any word on when it will be available for production use?
It looks as if with the agent only going on the DPM server that any data can be stored online ... for example I can backup Server 2008R2 onto azure just fine? Asking for clarification because depending on where you look some sites imply its for server 2012 only.