Last month, Microsoft announced Azure Stack 1807 update. This update includes huge improvements, new features, and fixes. You can check what’s new in Azure Stack 1807 update here.
One of the new feature is, automatic infrastructure backup. This one of the great feature introduced in 1807 update, because in the previous update, infrastructure backup was a manual task (on-demand backup).
In this quick post, I will show you how to leverage the new Azure Stack PowerShell module for infrastructure backup to enable automatic backups.
In Azure Stack 1807 update, Microsoft added two new fields for infrastructure backup, the first one is called Backups frequency, and this indicates how often backups should happen within a day, this is measured in hours (valid range: 4-12), and the second field is Retention period, this specifies the number of days that backup should be retained on the backup share (valid range: 2-14), anything older than the retention period would automatically get cleaned up by the infrastructure backup service.
Enable Infrastructure Backup
Now before you start enabling automatic backup, make sure that you update to version 1.4 of the Azure Stack admin PowerShell cmdlets, this is a requirement now that you are on 1807 update. You can run the following PowerShell command to install Azure Stack PowerShell module version 1.4.0.
Install-Module -Name AzureStack -RequiredVersion 1.4.0
I was working lately on a PowerShell tool that will help me to automate and enable Azure Stack Infrastructure Backup. So instead of going every time to Azure Stack Admin portal and configure backup, I developed that tool to automate the entire process. The script will connect to Azure Stack admin endpoint, verify the backup share is accessible, generate backup encryption key, and then configure the backup. Finally it will save the encryption key in Azure Key Vault for additional security. Configuring Azure Stack infrastructure backup is very important, but the encryption key should be stored in a safe place. Otherwise, Azure Stack recovery is kind of, well, impossible later.
You can run the script in two different scenarios as follows:
.\Enable-AzureStackBackup.ps1 -SharePath [\\ServerIP\Share] -ShareCred [firstname.lastname@example.org] -AzureCred [email@example.com] -BackupKeyVault [Azure-Vault-Name] -Verbose
This example will enable Azure Stack Backup to the specified Share Path with the default backup frequency 12 hours and retention 7 days, and finally enable Automatic Backups. As part of enabling Azure Stack backup, the Encryption Key will be saved in an Azure Key Vault for additional security.
.\Enable-AzureStackBackup.ps1 -SharePath [\\ServerIP\Share] -ShareCred [firstname.lastname@example.org] -AzureCred [email@example.com] -BackupKeyVault [Azure-Vault-Name] -Frequency [4-12] -Retention [2-14] -Verbose
This example will enable Azure Stack Backup to the specified Share Path including backup frequency and retention days that you specify, and finally enable Automatic Backups. As part of enabling Azure Stack backup, the Encryption Key will be saved in an Azure Key Vault for additional security.
Here is a screenshot showing how to use this tool.
The complete script is detailed below to automate the entire process:
<# .SYNOPSIS Enable Azure Stack Backup. .DESCRIPTION Configure Azure Stack Infrastructure Backup with PowerShell. .NOTES File Name : Enable-AzureStackBackup.ps1 Author : Charbel Nemnom Version : 1.3 Date : 17-August-2018 Update : 10-September-2018 Requires : PowerShell Version 5.1 or above Module : Azure Stack Version 1.4.0 .LINK To provide feedback or for further assistance please visit:
Azure Stack Infrastructure Backup is designed to internalize the complexity of backing up and restoring data for infrastructure services, ensuring Azure Stack operators can focus on managing the solution and maintaining an SLA to end-users. And with this tool it becomes even faster to configure backup and save the encryption key in Azure Key Vault.
Storing the backup data to an external share is required to avoid storing backups on the same system. The external share gives you the flexibility to determine where to store the data based on the existing company BC/DR policy. And most important is to store the encryption key in a safe place. Otherwise, Azure Stack recovery is kind of, well, impossible later.
I am planning to improve this tool in the future. This is still version 1.3. If you have any feedback or changes that everyone should receive, please feel free to leave a comment below.
Until then… Stay protected with Azure Stack Infrastructure Backup.
Thank you for reading my blog.
If you have any questions or feedback, please leave a comment.