The Venusian: How To Backup & Recover Hyper-V Virtual Machines Using Microsoft Azure Backup Server?

Venus is at its best right now 

The basic Azure online Backup service just went to the next level. On October 7th, 2015 Microsoft announced the evolution of Azure Backup with the introduction of a customized version of System Center Data Protection Manager which is referred to Azure Backup Server. With the introduction of Microsoft Azure Backup Server (MABS), codenamed “Venus”, you can perform on-premises backups of files & folders as before, but now it adds capabilities to protect Hyper-V Virtual Machines, SQL Server, SharePoint Server, Exchange, and Windows clients as well, then you configure a policy to send an encrypted copy of subset or all of your data to Microsoft Azure. The Azure Backup server keeps short-term retention on-premises and the Azure Backup vault keeps long term retention. This is fantastic!

As Microsoft mentioned clearly, the Microsoft Azure Backup server inherits the functionality of Data Protection Manager (DPM) for workload backup, so if you are familiar with DPM, MABS looks similar. However Microsoft Azure Backup Server does not provide protection on tape or integrate with System Center suite, so you’ll need the full DPM license for that. I believe the vast majority of customer will go that way, saving on System center licensing.

With the introduction of Microsoft Azure Backup Server (MABS), you can protect application workloads such as Hyper-V VMs, Microsoft SQL Server, SharePoint Server, Microsoft Exchange and Windows clients to:

• Disk (D2D), giving high RTOs for tier 1 workloads, short-term retention.
• Azure (D2D2C) for long term retention.

You can manage the protection of various protected entities (servers and clients) from a single on-premises user interface.

In this article, I will show you how to deploy Microsoft Azure Backup Server, so you can back up and recover your Hyper-V Virtual Machines on-premises and to Azure.

Download Microsoft Azure Backup Server

You can download MABS directly from here (3GB) or using a link from Azure backup vault.

You can deploy Microsoft Azure Backup server as:

• A physical standalone server.
• A Hyper-V virtual machine hosted on an on-premises Hyper-V host server to back up on-premises data.
• A Windows virtual machine in VMware – In this scenario Microsoft Azure Backup Server can be deployed as a physical standalone server, as a Hyper-V virtual machine, or as a Windows virtual machine in VMware.
• An Azure virtual machine – You can run Microsoft Azure Backup Server as a virtual machine in Azure to back up cloud workloads running as Azure virtual machines.

Microsoft Azure Backup Requirements

Microsoft Azure Backup Server can only be used by Azure customers, and the setup requires you to provide backup vault credentials. Although the Microsoft Azure Backup Server licensing is free, so you’ll need a Windows Server license to run it on.

• Microsoft Azure Backup can be installed on Windows Server 2008 R2 SP1, 2012 and 2012 R2.
• Microsoft Azure Backup server cannot be installed on a machine which has the SCDPM or SCDPM RA agent installed.
• Microsoft Azure Backup server cannot be installed on a machine that has Microsoft Azure Backup agent installed and registered with an Azure Backup vault.

Microsoft Azure Backup Prerequisites

• Processor: Minimum: 1 GHz, dual-core CPU, Recommended: 2.33 GHz quad-core CPU.
• RAM: Minimum: 4GB, Recommended: 8GB.
• Hard Drive Space: Minimum: 3GB Recommended: 3GB.
• Disks for backup storage pool: The recommended storage pool size is 1.5 times the size of protected data.
• MABS require space for a scratch location; which is a folder that have at least 5% free space of the data backed-up to cloud.
• The server should have connectivity to Internet. Microsoft Azure should be accessible by the Azure Backup server.
• Microsoft Azure Backup server must be domain joined.
• Microsoft Azure Backup server must have .Net 3.5, .Net 4.0, .Net 3.5 SP1 features installed.
• Microsoft Azure Backup server should have Windows Management Framework 4.0 installed.
• Active Directory Domain Service.

Create a Backup Vault

1. Sign in to Azure Management Portal
2. Click New > Data Services > Recovery Services > Backup Vault and choose Quick Create.

Azure Backup – Storage Redundancy

By default when you crate the Vault, the storage redundancy is set to GEO REDUNDANT. The best time to identify your storage redundancy option is right after vault creation, and before any machines are registered to the vault. Once an item has been registered to the vault, the storage redundancy option is locked and cannot be modified.

Download the vault credential file

1. Sign in to Azure Management Portal
2. Click on Recovery Services in the left navigation pane and select the backup vault which you have created above. Click on the cloud icon to get to the Quick Start view of the backup vault.
3. The portal will generate a vault credential using a combination of the vault name and the current date. Click Save to download the vault credentials to the local account’s downloads folder, or select Save As from the Save menu to specify a location for the vault credentials. The vault credential file is required when we install Azure Backup Server later on.

Install Microsoft Azure Backup server on-premises

After you’ve downloaded all MABS files, click MicrosoftAzureBackupInstaller.exe. The Microsoft Azure Backup Setup Wizard will appear.

Follow the wizard…

Click on Extract to begin extracting the setup files.

Select Execute setup.exe to begin installing Microsoft Azure Backup server and click Finish.

Click Microsoft Azure Backup to launch the setup wizard.

Click Next.

Click Check to determine if your hardware and software prerequisites for Microsoft Azure Backup server are have been met.

If all of the prerequisites are have been met successfully, you will see a message as the following indicating that the computer meets the requirements.

Click Next.

Microsoft Azure Backup server requires SQL Server Standard. Select an existing SQL Server 2014 Standard local instance or let the wizard install SQL Server Standard. In my demo, I will select to install new Instance.

Click Check and Install to make sure server has required SQL prerequisites installed.

You might encounter the following error messages. Make sure .Net 3.5 SP1 features are installed, and then restart the machine.

Once the prerequisites are successfully installed, click Next.

Provide a location for the installation of Microsoft Azure Backup server files (Application, Scratch location and Database).

Note: You need to ensure the scratch location is at least 5% of the data planned to be backed up to the cloud.

Click Next.

Provide a strong password for restricted local user accounts, this password does not expire.

Click Next.

Select whether you want to use Microsoft Update to check for updates and click Next. I strongly recommend to select the update which offers security and important updates for Windows and other products like Microsoft Azure Backup server.

Review the Summary of Settings and click Install.

Click Next to launch the installation phase of the Microsoft Azure Recovery Services Agent (The wizard will check for direct Internet connectivity).

Click Install. (The wizard checks for prerequisites and installs them if it finds any missing).

The wizard will install Azure Recovery Services Agent locally on the server.

When the installation of the agent completes, click Next to register this server with Azure Backup vault.

Provide your Azure Backup vault credentials to register the server and click Next.

Provide a passphrase minimum 16-character used to encrypt/decrypt the data sent to Azure and provide a location to store this passphrase. Or you can automatically generate a passphrase. Click Next.

Note: Microsoft Azure Backup server does not send this passphrase along with your data to Azure. You need to store this passphrase, which will be needed when you restore data from Azure, in a secure location

The installation proceeds to the installation and configuration of SQL Server Standard 2014, this will take several minutes to complete.

Have a break and then come back!

Once SQL installation completes, then Microsoft Azure Backup server components are installed.

Congrats! The product has been installed successfully.

Click Close.

Double-click the icon to launch Microsoft Azure Backup Server.

Add a disk to the storage pool

To back up workloads to disk and Azure, you first need to add a disk to the storage pool on-premises.

The same Disk storage DMP prerequisites will apply. For more information about adding disks, see Configure storage pools and disk storage.

I will a 100GB Virtual Hard Disk to the Storage Pool.

Deploy Microsoft Azure Backup Agent

Click Management> Data Services > Agents > Install Agents

I will install the agent on my Hyper-V two nodes Cluster.

Specify a username and password with enough admin rights to install agents.

Click Next.

I prefer to restart my Hyper-V cluster manually.

Click Next.

Review the summary and click Install.

If you hit the following error (Error 347: An error occurred when the agent operation attempted to create the DPM Agent Coordinator service), then make sure you don’t have any previous Microsoft Azure Recovery Services Agent installed, because it’s conflicting with the updated one.

In my demo, I had the previous Azure Recovery Services Agent installed on each Hyper-V node.

Uninstall the previous agent and you are good to go…

Short-Term Protection (D2D), and Long Term Protection (D2D2C)

Open Microsoft Azure Backup console > Click Protection > New >

Click Next.

Select Servers and click Next.

Select the Virtual Machine(s) you want to protect, and click Next.

For this demo, I will select clustered VM-T01

Here you can select the protection method you like, either short-term protection (D2D), long-term protection (D2D2C) or both.

I will choose both protection methods, and click Next.

Specify Short-Term Goals on-prem recovery option.

I will specify 15 days as retention range, and click Next.

Review the default Disk Allocation. I strongly recommend to select Automatically grow the volumes when more disk space is required.

Click Next.

Choose when and how you want to create the replica.

For this demo, I will select now… Click Next.

Select Run a consistency check if a replica becomes inconsistent.

Click Next.

The remaining wizard options are dedicated to Azure online protection.

Select the members that you want to protect online (long term protection).

Click Next.

Define the schedule when you wan to create a backup copy.

I will select one time daily @ 10.00 PM (maximum allowed is two times a day).

Click Next.

Here the interesting online retention policy and the power of Azure.

Daily for 180 Days, Weekly for 104 Weeks, Monthly for 60 Months and Yearly for 10 Years! 

Choose the Online or Offline Replication, if you have a lot of data to protect online and your bandwidth is limited, then you can create offline backup by filling the workflow below and then ship the disk to Azure Datacenter.

For more information about Offline Backup, please read here.

Here you can review the complete summary for Short-term and long term protection.

Click Create Group.

Review the status, and click Close.

Sit back and relax while your data is being replicated to Azure.

Recovery from Azure

Open Microsoft Azure Backup console > Click Recovery > Local DPM Data > Expand protected data

Right Click Online\… Recoverable Item and select Show all recovery points.

Select Online and click Recover. (You can recover from Disk as well which is on-premises).

The Recovery Wizard will open… Review the recovery selection and click Next.

Select Recovery Type…

Recover to original instance which will overwrite the current files, Recover as virtual machine to any Hyper-V host or Copy to a network folder.

For this demo, I will copy the VM to a network folder.

Click Next.

Select Destination path where you want to recover the virtual machine and click OK.

Review the destination path and space available.

Click Next.

Here you can specify the recovery options such as (Restore security permissions, Network bandwidth usage throttling, SAN Recovery and email Notification).

The Network bandwidth usage throttling is very helpful, you can specify the amount of bandwidth you want to allow during work-hours and non-work hours.

Review the summary of the recovery settings and click Recover.

You will hit the recovery staging error message that it has not been configured yet.

In order to recover from Azure, you have to configure the staging area.

The Azure Backup agent running on the Azure Backup Server needs temporary storage for data restored from the cloud (local staging area).

Launch Microsoft Azure Backup console > Click Management > Click Online > Click Configure

The Subscription Settings Wizard will open. If you are using a proxy server, please add it here.

Click Next.

Enable internet bandwidth usage throttling for online backup operations.

Click Next.

This is very important step, you need to enter a folder location with sufficient space to hold the recoverable items in parallel.

As mentioned in below screenshot, for example: if you want to recover 10 Virtual Machines from online protection in parallel and the size of each VM backup is up to 100GB, then select a folder which can hold 10 X 100GB = 1TB of data.

Click Next.

You must specify a minimum of 16 characters to encrypt all backups from Azure Backup Server to Azure online.

It’s very important to keep a copy of your passphrase in a safe location, because for any reason Azure customer support will not be able to assist you in recovering access to your backed up data.

Click Finish.

Review the configuration completed successfully.

Click Close.

Re-try the online recovery operation now as described in this section and it should work as expected.

Item Level Recovery (disk protection only)

The item level recovery for Hyper-V virtual machines is supported for disk protection (on-premises) based recovery point only and not from Azure. Item level recovery will work only if the base VHD and differencing VHDs are on the same volume.

Open Microsoft Azure Backup console > Click Recovery > Local DPM Data > Expand protected data > All Protected Hyper-V Data

Double Click Online\VM…

Keep double-clicking until you reach the Virtual Hard Disk.

Select the single item that you wish to recover, right click and select Recover…

Review the Recovery Selection… As you noticed the Recovery option is from Disk only.

Click Next.

The Recovery Type for item level recovery is to a network folder.

Click Next.

Specify the destination path.

Click Next.

Specify the recovery options where needed and click Next.

Review Summary and click Recover…

And here you go :)

I hope this lengthy article gave you a solid foundation to start protecting your data on-premises and to Azure!

From Venus with Love… enjoy your weekend!

Cheers,
-Charbel