Updated – 09/09/2019 – Azure Backup Server v3 now supports Windows Server 2019 workloads for protection.
In October 2015, Microsoft released the first version of Microsoft Azure Backup Server MABS v1 (known as project VENUS). And last year, in May 2017, Microsoft released the second version of Microsoft Azure Backup Server MABS v2.
The user voice was very active in the previous months, and many users including myself were requesting if MABS will be updated to support the latest features and enhancement introduced in SC DPM Semi-Annual Channel (SAC) version 1801 and 1807.
Microsoft is listening to us, and today they released the third version of Microsoft Azure Backup Server (MABS v3).
As I mentioned in my previous article, Microsoft Azure Backup Server (MABS) inherits the same functionality of System Center Data Protection Manager (SC DPM) for workloads backup, if you are familiar with SC DPM, MABS looks very similar. However, MABS does not provide protection on tapes nor can integrate with any System Center component, so if you need System Center integration then you need the full SC DPM license for that. The good news is, MABS comes with free SQL Server license that can only be used for MABS database, and it is free to download. Did I say free? Yes, it’s FREE! I believe the vast majority of customers will choose Microsoft Azure Backup Server (MABS), and saving on System Center licensing cost.
With Microsoft Azure Backup Server v3, you can protect application workloads such as Hyper-V VMs, Microsoft SQL Server, SharePoint Server, Microsoft Exchange, VMware VMs, and Windows clients to:
- Disk (D2D), giving high Recovery Time Objectives (RTOs) for tier 1 workloads, short-term protection on-premises.
- Azure (D2D2C) for long-term online and off-site protection. (Backup to Tape is NOT supported).
At the time of this writing, MABS v3 does NOT support to protect Windows Server 2019 workloads, however, MABS v3 can be installed on Windows Server 2019. So we need to wait for the next release of MABS to protect any workload that runs on top of Windows Server 2019.
On September 9th, 2019, Microsoft announced that Azure Backup Server V3 now supports Windows Server 2019 workloads for protection as well. To see the entire support matrix for Azure Backup Server, please check the following document.
What’s New in Azure Backup Server V3
MABS v3 has the same functionality as MABS v2 in addition to the following enhancements which were also introduced in DPM 2016 UR5 & DPM 2016 UR6, DPM 1801 and DPM 1807:
- SQL Server 2017 as MABS database: MABS v3 can be installed with SQL 2017. You can either upgrade your SQL server from SQL 2016 to SQL 2017 or you can use a fresh instance of SQL 2017. With MABS v3 you can seamlessly back up Microsoft SQL Server 2017 workload.
- Transport Layer Security (TLS) protocol version 1.2 support. For MABS v3, TLS 1.2 is applicable for protecting workloads to cloud.
- Backup Storage Migration similar to SC DPM 2016 with Update Rollup 4.
- Prevent unexpected data loss: With MABS v3 you can disable volume(s) from being used as target storage using PowerShell similar to SC DPM 2016 with Update Rollup 4. All volumes and mount points, except System Volumes, are available for MABS storage.
- VMware Backup (VMware VM Backup was not supported in production environment with MABS V2). With MABS v3, this is supported in production environment.
- Optimized Consistency Check (CC) for Hyper-V VMs with RCT: MABS v3 optimizes network and storage consumption by transferring only the changed data during any CC for RCT VMs, the native change tracking starting with Windows Server 2016 Hyper-V onward.
- Custom Size Allocation: With MABS v3 you can configure the storage to accept the default volume size, instead of calculating the size of each file and folders being backed up.
Prepare Azure Backup Server V3 Installation
You can download MABS v3 directly from here (4.2 GB), or you can download it from the Azure Portal under Recovery Services Vault | Backup | Prepare Infrastructure as shown in the following screenshot:
Next, you need to download the vault credentials file, which is a certificate generated by the Azure portal and valid only for 2 days. From the Azure portal, open your Recovery Services Vault and browse to the Settings section. Click on Properties, and under Backup Credentials select Already using the latest Recovery Services Agent and then click the Download button. Make sure that the vault credentials file is saved on your MABS Server because we will use it in a subsequent step.
Install Azure Backup Server V3 on Windows Server 2019 and SQL Server 2017
The installation of MABS is straightforward, you can check my previous article on how to Install Microsoft Azure Backup Server V2 on Windows Server 2016 and SQL Server 2016 using the graphical user interface (GUI).
In this article, I will show you how to automate the installation of Microsoft Azure Backup Server (MABS V3) and SQL Server 2017 on top of Windows Server 2019. The same steps will also apply to Windows Server 2016.
Automate SQL Server 2017 Installation
Please note that Microsoft Azure Backup Server supports only local machine SQL Instance, remote SQL instance is not supported. As mentioned earlier, SQL Server 2017 shipped for free along with MABS v3, it’s the recommended version.
Open the command prompt window as Administrator, then navigate to the SQLSVR2017 path located within Microsoft Azure Backup Server v3 extracted media, and run the following command on a single line:
Make sure to update the domain name, SQL service accounts and passwords according to your environment.
Setup.exe /Q /ACTION=install /IACCEPTSQLSERVERLICENSETERMS /FEATURES=SQLEngine /INSTANCENAME=MABSV3DB /INSTANCEDIR="D:\Program Files\Microsoft SQL Server" /INSTALLSHAREDWOWDIR="D:\Program Files (x86)\Microsoft SQL Server" /INSTALLSHAREDDIR="D:\Program Files\Microsoft SQL Server" /SQLSVCACCOUNT="VIRT\sqldpm" /SQLSYSADMINACCOUNTS="VIRT\sqldpm" /SQLSVCPASSWORD="dpm2016+1" /AGTSVCACCOUNT=”NT AUTHORITY\Network Service” /SECURITYMODE=SQL /SAPWD="dpm2016+1" /SQLTEMPDBDIR="D:\Program Files\Microsoft SQL Server\TempDB\\" /SQLUSERDBDIR="D:\Program Files\Microsoft SQL Server\SQLData\\" /SQLUSERDBLOGDIR="D:\Program Files\Microsoft SQL Server\SQLLog\\"
After short period of time, the installation will complete as shown in the screenshot below:
Starting from SQL 2016 onward, SQL Server Reporting Services (SSRS) and SQL Server Management Studio (SSMS) are now packaged and installed separately with only a web link to each download page within the SQL Server Installation Center. The good news is, Microsoft has included both installation packages in the same SQLSVR2017 folder.
Within the same command prompt window, type the following command to install SQL Server Management Studio (SSMS) in silent mode:
SSMS-Setup-ENU.exe /install /quiet /norestart /log log.txt
Within the same command prompt window as well, type the following command to install SQL Server Reporting Services (SSRS) as Developer free edition in silent mode:
SQLServerReportingServices.exe /quiet /InstallFolder="D:\Program Files\Microsoft SQL Server Reporting Services" /norestart /IAcceptLicenseTerms /Edition=Dev
Once you install both packages, open SQL Server Management Studio (SSMS) and verify you are able to connect to the SQL instance name that you specified in the previous step.
Now there is an important point to consider before you proceed with MABS installation, and this step is applicable only if you install SQL Server separately and not through the MABS UI. There is a missing security login account that you want to add to SQL server otherwise the installation will fail with error ID: 811 stating “The DPM database was not created“. This is because when you install MABS through the UI, you have two options, either you can Install a new instance of SQL Server or Use an exiting instance of SQL server, which actually add the required security account as part of SQL install through MABS.
If you are following the automated installation as documented in this article, then make sure to create a new security login in SQL Server Management Studio (SSMS) with the login name: BUILTIN\Administrators and select sysadmin under Server Roles.
Automate MABS V3 Installation
MABS supports Item-Level Recovery (ILR), which allows you to do granular recovery of files, folders, volumes, and virtual hard disks (VHDXs) from a host-level backup of Hyper-V virtual machines. Therefore, the Hyper-V Role and PowerShell Management Tools features are required to be installed on Microsoft Azure Backup Server.
Open an elevated command-line window, type the following command, and then restart MABS server:
dism.exe /Online /Enable-feature /All /FeatureName:Microsoft-Hyper-V /FeatureName:Microsoft-Hyper-V-Management-PowerShell /quiet /norestart
Open Notepad and copy the following code and save it on the MABS Server (i.e. MABSV3Setup.ini).
When creating MABSV3Setup.ini file, please make sure to replace the text inside < > with values based on your own environment.
[OPTIONS] UserName=administrator CompanyName=<Microsoft Corporation> SQLMachineName=localhost SQLInstanceName=<SQL instance name> SQLMachineUserName=administrator SQLMachinePassword=<admin password> SQLMachineDomainName=<machine domain> ReportingMachineName=localhost ReportingInstanceName=<reporting instance name> SqlAccountPassword=<admin password> VaultCredentialFilePath=<vault credential full path and complete name> SecurityPassphrase=<passphrase> PassphraseSaveLocation=<passphrase save location> UseExistingSQL=<1/0 use or do not use existing SQL>
Here is an example of MABSV3Setup.ini file ready to deploy.
After saving the file, open an elevated command prompt window and type the following:
Start /wait .\Setup.exe /i /f D:\MABSV3Setup.ini /l D:\MABSv3Log.txt
Sit back and get cup of coffee… After approximately 15 minutes, MABS v3 will be installed automatically as shown in the following screenshot :)
Last but not least, switch to the Azure Portal and verify your MABS management server is registered with Azure Recovery Services Vault.
Upgrade From MABS V2 to MABS V3
Microsoft Azure Backup Server extends on-premises data protection by using Azure as an off-site location while reducing backup infrastructure cost to maintain. Additionally, the integration between Azure Backup Server and Azure helps prevent your backups from being attacked by Ransomware and other malicious corruptions and deletions. So when the attacker is trying to delete backup data from your server on-premises, in that case, it will be actually prompted to enter a security PIN. Now the hacker might not have access to your server, but to get the security PIN, it needs to be able to access the Recovery Services Vault in Azure and then get the PIN to delete the Backup. Well, if a malicious user who had access to the Recovery Services Vault and deleted your backups, there’s no need to worry though, because Azure Backup actually retains these backups for up to 14 days so you can recover this data. This way you can actually protect your backups and always ensure you have multiple recovery points to recover from, in case your server is attacked by Ransomware or otherwise. Better safe than sorry!
I hope this article is helpful to you.
Make sure to order my recent Microsoft System Center Data Protection Manager Cookbook for in depth details about data protection and hybrid backup!
Thank you for reading my blog.
If you have any questions or feedback, please leave a comment.