Automate Cloud Backup Integration In #DPM With #AzureBackup And #PowerShell @SCDPM @AzureBackup

| ,

Published on | Updated on December 6, 2020

6 Min. Read

Introduction

Azure Backup is the Azure-based service you can use to back up (or protect) and restore your data in the Microsoft cloud. Azure Backup replaces your existing on-premises or off-site backup solution with a cloud-based solution that is reliable, secure, and cost-competitive. System Center Data Protection Manager (SC DPM) and Microsoft Azure Backup Server (MABS) can be integrated with Azure Backup service so you can protect your data in the cloud without worrying about Ransomware attack and data corruption.

For more information about Azure Backup, please check my recent published Whitepaper here.

Cloud Backup Integration Process

When you are planning to integrate System Center Data Protection Manager (SC DPM) and Microsoft Azure Backup Server (MABS) with Azure Backup, there are multiple steps involved such as:

  1. Having a healthy DPM environment.
  2. Create a new Recovery Services Vault in Azure.
  3. Set up the appropriate storage replication type (Geo-redundant / Locally-redundant).
  4. Download the latest Microsoft Azure Recovery Services (MARS) agent.
  5. Download Azure Recovery Vault Credentials file.
  6. Install Microsoft Azure Recovery Services (MARS) agent.
  7. Register DPM Server with Azure Backup Service.
  8. Configure DPM cloud settings such as (cloud recovery staging area directory, networking, and passphrase encryption key)
  9. Finally, keep the passphrase key safe and secure once it is set, because you will not be able to restore data from Azure without this passphrase.

So it’s a long process and time consuming especially if you have multiple DPM servers that you want to integrate with Azure Backup service.

Microsoft has a detailed document on how to prepare back up workloads to Azure with DPM, so if you are interested in the manual approach, please check the following guide.

In this blog post, I will share with you how to automate the entire Cloud Backup integration process in DPM and Azure Backup.

Automate Cloud Backup Integration

I was working lately on a PowerShell tool that will help me to automate the cloud backup integration process with Azure Backup. So instead of repeating the same steps above every time, I developed that tool to automate the entire process. When you run this tool on the DPM server, it will install the required PowerShell modules, then download the latest Microsoft Azure Recovery Services (MARS) agent, and then install it in silent mode if it’s not installed. You will be prompted to authenticate to Azure, the tool will create a new Recovery Services Vault and set it’s storage replication type. Then it will register DPM server with Azure Backup service for online protection, then configure DPM cloud settings, and finally store the Encryption Passphrase Key in Azure Key Vault.

You can run this tool as follows and watch it doing its magic:

.\Register-DPMCloud.ps1 -AzureSubscription "Subscription ABC" -ResourceGroupName "backup-dpm-rg" -KeyVault "BackupKeyVault" -StagingArea D: -StorageType LRS -Verbose

Automate Cloud Backup Integration In #DPM With #AzureBackup And #PowerShell @SCDPM @AzureBackup 1

Open the Azure Portal and check your DPM server is registered successfully with Azure Backup service.

Automate Cloud Backup Integration In #DPM With #AzureBackup And #PowerShell @SCDPM @AzureBackup 2

Browse to Azure Key Vaults and check the Passphrase Encryption Key is stored safely. Please remember that you will not be able to restore data from Azure without this passphrase key.

Automate Cloud Backup Integration In #DPM With #AzureBackup And #PowerShell @SCDPM @AzureBackup 3

Finally, launch the DPM Administrator Console and you are good to go to start protecting your workloads to Azure Backup.

Automate Cloud Backup Integration In #DPM With #AzureBackup And #PowerShell @SCDPM @AzureBackup 4

PowerShell Code

The complete script is detailed below to automate the entire cloud backup integration process:

<#
.SYNOPSIS
Register DPM in Azure Backup Service.

.DESCRIPTION
Automate Cloud Backup Integration With DPM and Azure Backup.

.NOTES
File Name : Register-DPMCloud.ps1
Author    : Charbel Nemnom
Version   : 1.0
Date      : 03-September-2018
Update    : 13-September-2018
Requires  : PowerShell Version 5.1 or later
Module    : AzureRM Version 6.8.1

.LINK
To provide feedback or for further assistance please visit:
Cover Page
.EXAMPLE .\Register-DPMCloud.ps1 -AzureSubscription [Azure Subscription Name] -ResourceGroupName [Resource Group Name] -KeyVault [Azure Key Vault Name] -StagingArea [Volume] -StorageType [LRS/GRS] -Verbose This example will install the required PowerShell modules, then download and install the latest Microsoft Azure Recovery Services (MARS) agent if it's not installed. You will prompted to authenticate to Azure, the tool will create a new Recovery Services Vault and set it's storage replication type. Then it will register DPM server with Azure Backup service for online protection, configure DPM cloud settings, and finally store the Encryption Passphrase Key in Azure Key Vault. .EXAMPLE .\Register-DPMCloud.ps1 -AzureSubscription "Subscription ABC" -ResourceGroupName "backup-dpm-rg" -KeyVault "BackupKeyVault" -StagingArea D: -StorageType LRS -Verbose This example will install the required PowerShell modules, then download and install the latest Microsoft Azure Recovery Services (MARS) agent if it's not installed. You will prompted to authenticate to Azure, the tool will create a new Recovery Services Vault and set it's storage replication type. Then it will register DPM server with Azure Backup service for online protection, configure DPM cloud settings, and finally store the Encryption Passphrase Key in Azure Key Vault. #> [CmdletBinding()] Param ( [Parameter(Position=0, Mandatory=$true, HelpMessage = 'Please Provide Azure Subscription Name')] [Alias('AzureSub')] [String]$AzureSubscription, [Parameter(Position=1, Mandatory=$true, HelpMessage='Please Provide Azure Resource Group Name')] [Alias('AzureRG')] [String]$ResourceGroupName, [Parameter(Position=2, Mandatory=$true, HelpMessage='Please Specify Azure Key Vault Name')] [Alias('KeyVault')] [String]$BackupKeyVault, [Parameter(Position=3, Mandatory=$true, HelpMessage='Please Specify Cloud Recovery Staging Area Volume')] [Alias('Volume')] [String]$StagingArea, [Parameter(Position=4, Mandatory=$true, HelpMessage='Please Specify Storage Replication Type')] [ValidateSet("LRS", "GRS")] [String]$StorageType ) Function Install-NuGet { Install-PackageProvider NuGet -Force -Confirm:$false -Verbose:$false } Function Install-PowerShellGet { Set-PSRepository -Name PSGallery -InstallationPolicy Trusted -Verbose:$false Install-Module -Name PowerShellGet -Force -Confirm:$false -Verbose:$false } Function Install-AzureRM { Set-PSRepository -Name PSGallery -InstallationPolicy Trusted -Verbose:$false Install-Module -Name AzureRM -Force -Confirm:$false -Verbose:$false } Function Check_MARS_Installed ( $programName ) { $Check = ((Get-ChildItem "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\") | ` Where-Object {$_.Name -like "*$programName*"}).Length -gt 0; return $Check} #! Check volume drive letter Try { $Vol = ($StagingArea -replace (":|\\",'')) $CheckVolume = Get-PSDrive -Name $Vol -ErrorAction Stop } Catch { Write-Warning -Message "No volume found for drive letter: `"$Vol`", Please specify a correct volume" Break } #! Check NuGet Provider Try { Import-PackageProvider -Name NuGet -ErrorAction Stop -Verbose:$false | Out-Null Write-Verbose "Importing NuGet Provider..." } Catch { Write-Warning "NuGet Provider was not found..." Write-Verbose "Installing NuGet Package Provider..." Install-NuGet } #! Check PowerShellGet Module Try { Import-Module -Name PowerShellGet -ErrorAction Stop -Verbose:$false | Out-Null Write-Verbose "Importing PowerShellGet Module..." } Catch { Write-Warning "PowerShellGet Module was not found..." Write-Verbose "Installing the latest PowerShellGet Module..." Install-PowerShellGet } #! Check AzureRM PowerShell Module Try { Import-Module -Name AzureRM -ErrorAction Stop -Verbose:$false | Out-Null Write-Verbose "Importing Azure RM PowerShell Module..." } Catch { Write-Warning "Azure Resource Manager PowerShell Module was not found..." Write-Verbose "Installing Azure Resource Manager PowerShell Module..." Install-AzureRM } #! Check Azure Cloud Connection Try { Write-Verbose "Connecting to Azure Cloud..." Login-AzureRmAccount -Environment AzureCloud -Subscription $AzureSubscription -ErrorAction Stop | Out-Null } Catch { Write-Warning "Cannot connect to Azure environment. Please check your credentials. Exiting!" Break } #! Check C:\Temp directory if exists and create if not $TempDir = "C:\Temp" if (!(Get-Item $TempDir -ErrorAction SilentlyContinue)) { New-Item -ItemType Directory -Path $TempDir | Out-Null } #! Download the latest Microsoft Azure Recovery Services Agent (MARS) Write-Verbose "Downloading Microsoft Azure Recovery Services Agent..." $URL = 'http://aka.ms/azurebackup_agent' $wc = New-Object System.Net.WebClient $wc.DownloadFile($url, $($TempDir + "\MARSAgentInstaller.exe")) # Installing MARS Agent in silent mode if it's not installed $MARS = Check_MARS_Installed("Windows Azure Backup") If (!$MARS) {Start-Process -FilePath $($TempDir + "\MARSAgentInstaller.exe") -ArgumentList "/q"} While ($MARS -eq $false) { Write-Verbose "Installing Microsoft Azure Recovery Services Agent in silent mode..." $MARS = Check_MARS_Installed("Windows Azure Backup") Sleep 10 } #! Creating a new Recovery Services Vault and configure it's storage type Write-Verbose "Creating a new Recovery Services Vault named $env:ComputerName" New-AzureRmRecoveryServicesVault -Name $env:ComputerName -ResourceGroupName $ResourceGroupName ` -Location (Get-AzureRmResourceGroup -Name $ResourceGroupName).location -Confirm:$false -Verbose:$false | Out-Null Write-Verbose "Configuring Storage Replication Redundancy to $StorageType..." $RSVault = Get-AzureRmRecoveryServicesVault -ResourceGroupName $ResourceGroupName If ($StorageType -eq "LRS" ) { Set-AzureRmRecoveryServicesBackupProperties -Vault $RSVault -BackupStorageRedundancy LocallyRedundant } #! Downloading Recovery Vault Credentials file Write-Verbose "Downloading Azure Recovery Vault Credentials file..." $RSVaultFile = Get-AzureRmRecoveryServicesVaultSettingsFile -Backup -Vault $RSVault -Path $TempDir #! Registering DPM with Azure Backup Service Write-Verbose "Registering DPM with Azure Backup Service..." Start-DPMCloudRegistration -DPMServerName $env:ComputerName -VaultCredentialsFilePath (Get-ChildItem -Path $TempDir -Filter *.VaultCredentials).FullName #! Configuring DPM Initial Cloud Settings Write-Verbose "Cloud Initial configuration settings..." $Setting = Get-DPMCloudSubscriptionSetting -DPMServerName $env:ComputerName #! Configure Staging Area Write-Verbose "Configuring Cloud Recovery Staging Area directory..." $Destination = "$(($Vol)+":\")"+"StagingArea" if (!(Get-Item $TempDir -ErrorAction SilentlyContinue)) { $Destination = New-Item -Name "StagingArea" -Path $(($Vol)+":") -ItemType Directory -Force Set-DPMCloudSubscriptionSetting -DPMServerName $env:ComputerName -SubscriptionSetting $Setting -StagingAreaPath $Destination.FullName } Else { Set-DPMCloudSubscriptionSetting -DPMServerName $env:ComputerName -SubscriptionSetting $Setting -StagingAreaPath $Destination } #! Configure Proxy Settings Write-Verbose "Configure DPM cloud networking..." Set-DPMCloudSubscriptionSetting -DPMServerName $env:ComputerName -SubscriptionSetting $Setting -NoProxy Set-DPMCloudSubscriptionSetting -DPMServerName $env:ComputerName -SubscriptionSetting $setting -NoThrottle #! Configure Encryption Settings Write-Verbose "Configuring Encryption Passphrase Key..." $Passphrase = (New-Guid).Guid $EncryptionPassPhrase = ConvertTo-SecureString -string $Passphrase -AsPlainText -Force Set-DPMCloudSubscriptionSetting -DPMServerName $env:ComputerName -SubscriptionSetting $setting -EncryptionPassphrase $EncryptionPassPhrase #! Commit the changes Set-DPMCloudSubscriptionSetting -DPMServerName $env:ComputerName -SubscriptionSetting $setting -Commit #! Add DPM Backup Encryption Key to Azure Key Vault Try { Write-Verbose "Adding DPM Backup Encryption Key to Azure Key Vault" Set-AzureKeyVaultSecret -VaultName $BackupKeyVault -Name $env:ComputerName -SecretValue $EncryptionPassPhrase -ContentType "Passphrase Encryption Key" -ErrorAction Stop | Out-Null } Catch { Write-Warning "$_ Exiting!" Break } # Clean-up Temp Environment Write-Verbose "Clean-up Temp Environment..." Remove-Item -Path $TempDir -Recurse -Force

Roadmap

I am planning to improve this tool in the future. This is still version 1.0. If you have any feedback or changes that everyone should receive, please feel free to leave a comment below.

Until then… Stay protected and secure with DPM and Azure Backup.

__
Thank you for reading my blog.

If you have any questions or feedback, please leave a comment.

-Charbel Nemnom-

Related Posts

Previous

Getting Started With CloudBerry Explorer PRO For Microsoft Azure Blob Storage @CloudBerryLab

Protect Windows Servers With Azure Backup in Windows Admin Center @AzureBackup @ServerMgmt

Next

Let me know what you think, or ask a question...

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Subscribe to Stay in Touch

Never miss out on your favorite posts and our latest announcements!

The content of this website is copyrighted from being plagiarized! You can copy from the 'Code Blocks' in Black.

Please send your feedback to the author using this form for any 'Code' you like.

Thank you for visiting!