Protecting Your Windows Servers With Azure Backup In Windows Admin Center @AzureBackup @ServerMgmt

Introduction

Windows Admin Center (WAC) is a flexible, locally-deployed, browser-based management platform and solution. It contains core tools for troubleshooting, configuration, management and maintenance for Windows Server, Windows Client, Software-Defined Storage (SDS), Software-Defined Network (SDN), Microsoft Hyper-V Server, and more.

At Microsoft Ignite in Orlando this week, Microsoft announced a new integration service between Azure Backup and Windows Admin Center. For additional Azure integration services, please check the following link.

In this post, I will show you how to backup and protect on-premises Windows Severs to the cloud with Azure Backup and Windows Admin Center.

Prerequisites

The prerequisites are very simple.

First you need to make sure you are running Windows Admin Center (WAC) Version 1809 and you have installed Azure Backup extension. If you are currently using version 1804 of Windows Admin Center, please make sure to upgrade to version 1809.

Next, you need to register Windows Admin Center gateway with Azure. You can register the gateway with Azure from the same window. Once you authenticate with Azure, you need to select the Tenant ID to grant permission, and finally click Register.

You are almost done! in the last step, you’ll need to visit the Azure portal and grant permissions to the application.

Go to the Azure AD app registration | Select ‘Settings‘ > ‘Required permissions‘, then click ‘Grant Permissions‘ > ‘Yes

Once permission is granted, you are ready now to enable Azure Backup.

Enable Azure Backup in Windows Admin Center

To enable Azure Backup, take the following easy steps:

  1. Add the desired Windows Server to Windows Admin Center
  2. Once you add the server, connect to it, select Backup on the left-hand side, and then click Set up Azure Backup.
  3. Click Login into Microsoft Azure portal, if you don’t have an Azure account, you can directly Sign-up and create a new account.
  4. Once you login, Windows Admin Center automatically pulls subscription details from your Azure account, so that everything in Azure is set up for you to quickly Backup your Windows Server. Thanks to the automatic provisioning of resources in Azure, you can pretty much just review the selections including the Recovery Services Vault where your server backup will be stored, and simply skip to Step 3 to select Backup Items and Schedule for your servers backup.
  5. In this example, I will update the settings in Step 2 to match the nearest Azure datacenter and the desired Recovery Services Vault.
  6. In Step 3: Select Backup Items and Schedule. You can select System State or additional volumes, and quickly estimate the size of your total backup, and then select from one or more presets for backup and retention schedules to meet your backup needs.
  7. The final step, is to secure your backup with an Encryption Passphrase, so your backup data is protected both in transit and at rest. Enter minimum 16 characters encryption passphrase and click Apply. As a side note, the encryption key should be stored in a safe place such as Azure Key Vault. Otherwise, cloud recovery is kind of, well, impossible later.
  8. Windows Admin Center does the magic of provisioning resources in your Azure subscription, and setting up your server with Azure Backup while configuring the selected backup and retention schedules. 

 

Monitor Azure Backup in Windows Admin Center

Once the set up is completed, you will be taken to the Azure Backup dashboard that has a rich set of monitoring and management tools.

As you can see in the screenshot below, at the top in the Overview page, you can actually see various essential information’s such as Recovery Services Vault where your backups are kept, you can also look at when the latest recovery point was created what was the last backup status, and additional information.

Manage Azure Backup in Windows Admin Center

In the same Overview page, you can also performing frequent operations such as an ad-hoc Backup, this is especially useful when you want to patch your server.

You can also go the Jobs page, and see the list of all backup operations and their status. You can even click on any job and see it’s status in details. This is very useful to troubleshoot failed jobs and figure out what is the problem. And you can even configure Alerts and Notifications for completion and failures of various backup jobs that are triggered on the server, so you can remotely monitor your server backups. 

You can click on Recovery Points page and see all the recovery points that have been created for the server and even recover data from this place.

 

Last but not least, let’s look at the enhanced security aspect of Azure Backup in Windows Admin Center that helps prevent your backups from being attacked by Ransomware and other malicious corruptions and deletions. So when the attacker is trying to delete backup data from your server, in that case, it will be actually prompted to enter a security PIN. Now the hacker might not have access to your server, but to get the security PIN, it needs to be able to access the Recovery Services Vault in Azure and then get the PIN to delete the Backup. Well, if a malicious Admin who had access to the Recovery Services Vault and deleted your backups, there’s no need to worry though, because Azure Backup actually retains these backups for up to 14 days so you can recover this data. This way you can actually protect your backups and always ensure you have multiple recovery points to recover from, in case your server is attacked by Ransomware or otherwise.

That’s it! Very simple.

Summary

Azure Backup in Windows Admin Center will automatically sets up the Microsoft Azure Recovery Services (MARS) agent and allows managing the MARS agent without having to RDP into the server. So it is not replacing the MARS agent but instead providing an interactive experience (single pane of glass) that allows for remote management of the MARS Agent from setting it up, to applying policy, to performing frequent operations and monitoring, and being able to restore remotely. This is especially useful for server core which does not have GUI.

As you have seen, Microsoft is investing more and more in Windows Admin Center (WAC), which is making it easy for Windows Server admins to easily leverage services in Azure and ensure a seamless and effective management of servers by providing the best of Azure and on-premises through a single management interface. Thus providing first class management of hybrid infrastructure with the use of optimal combination of on-premises infrastructure and the cloud.

Last but not least, Windows Admin Center is a freely available management tool for anyone to use and makes managing a set of servers with or without GUI remotely, very easy, especially for “day-to-day activities”. Download a copy of Windows Admin Center 1809 from here and enjoy modern management.

__
Thank you for reading my blog.

If you have any questions or feedback, please leave a comment.

-Charbel Nemnom-

About Charbel Nemnom 391 Articles
Charbel Nemnom is a Cloud Solutions Architect and Microsoft Most Valuable Professional (MVP), totally fan of the latest's IT platform solutions, accomplished hands-on technical professional with over 17 years of broad IT Infrastructure experience serving on and guiding technical teams to optimize performance of mission-critical enterprise systems. Excellent communicator adept at identifying business needs and bridging the gap between functional groups and technology to foster targeted and innovative IT project development. Well respected by peers through demonstrating passion for technology and performance improvement. Extensive practical knowledge of complex systems builds, network design and virtualization.

Be the first to comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.