Protecting Exchange with Azure Backup (Part 2)
If you would like to read the other parts in this article series please go to:
Download and Install the Software Package
After creating the Backup Vault, it’s time to download the package that will install the backup services.
- On the Windows Azure Portal, click Recovery Services and open the Dashboard of the service previously created. From there there’s an option to Download Microsoft Azure for Applications (Figure 1). The download page will then open (Figure 2).
Figure 1: Download Microsoft Azure for Applications
Figure 2: Microsoft Azure Backup download page
- After you've downloaded all the files, click MicrosoftAzureBackupInstaller.exe. This will start the Microsoft Azure Backup Setup Wizard to extract the setup files to a location specified by you. Continue through the wizard and click on the Extract button to begin the extraction process (Figure 3, Figure 4 and Figure 5).
Figure 3: Microsoft Azure Backup Setup Wizard
Figure 4: Select Destination Location
Figure 5: Ready to Extract
- Once the extraction process completes, check the box to launch the extracted setup.exe to begin installing Microsoft Azure Backup Server and click on the Finish button (Figure 6). Click Microsoft Azure Backup to launch the setup wizard (Figure 7). Please be aware that the setup installs the Microsoft Visual VC++ 2010 components (Figure 8).
Figure 6: Execute setup.exe
Figure 7: Install Microsoft Azure Backup
Figure 8: Microsoft Visual VC++ 2010
- On the Welcome screen click the Next button (Figure 9). This takes you to the Prerequisite Checks section (Figure 10). On this screen, click on the Check button to determine if the hardware and software prerequisites for Azure Backup Server have been met. If all of the prerequisites have been met successfully, you will see a message indicating that the machine meets the requirements. Click on the Next button.
Figure 9: Microsoft Azure Backup setup
Figure 10: Prerequisite Checks
- Microsoft Azure Backup Server requires SQL Server Standard, and the Azure Backup Server installation package comes bundled with the appropriate SQL Server binaries needed. When starting with a new Azure Backup Server installation, you should pick the option Install new Instance of SQL Server with this Setup and click the Check and Install button (Figure 11). Once the prerequisites are successfully installed, click Next.
Figure 11: SQL Settings
- If some of the prerequisites for SQL Server are not met, the installation will not continue and you’ll get a message like the one depicted in Figure 12. Click Cancel, install the necessary requisites and then re-launch the wizard. Hopefully, on the second time, the prerequisite check will pass with no errors (Figure 13). Click Next.
Figure 12: SQL Settings errors
Figure 13: SQL prerequisites check
- Provide a location for the installation of Microsoft Azure Backup server files and click Next (Figure 14). The scratch location is a requirement for back up to Azure. Ensure the scratch location is at least 5% of the data planned to be backed up to the cloud. For disk protection, separate disks need to be configured once the installation completes. For more information regarding storage pools, see Configure storage pools and disk storage.
Figure 14: Installation Settings
- Provide a strong password for restricted local user accounts and click Next (Figure 15).
Figure 15: Security Settings
- Select whether you want to use Microsoft Update to check for updates and click Next (Figure 16).
Figure 16: Microsoft Update Opt-In
- Review the Summary of Settings and click Install (Figure 17).
Figure 17: Summary of Settings
- The installation happens in phases. In the first phase the Microsoft Azure Recovery Services Agent is installed on the server. The wizard also checks for Internet connectivity. If Internet connectivity is available you can proceed with installation, if not, you need to provide proxy details to connect to the Internet. Click Next (Figure 18):
Figure 18: Proxy Configuration
Figure 19: Installation
Figure 20: Installation (cont.)
- The next step is to configure the Microsoft Azure Recovery Services Agent. As a part of the configuration, you will have to provide your vault credentials to register the machine to the backup vault. The vault credential file is downloaded through a secure channel from the Azure portal.
In the left navigation pane of the Azure Management Portal, click Recovery Services, and then select the backup vault that you created. On the Quick Start page, click Vault credentials (Figure 21).The portal generates a vault credential by using a combination of the vault name and the current date. The vault credentials file is used only during the registration process and expires after 48 hours.
Save the file to local disk and, back to the Register Server Wizard (Figure 22), browse to the file location and click Next.
Figure 21: Vault credentials
Figure 22: Vault Identification
- You will also provide a passphrase to encrypt/decrypt the data sent between Azure and your premises. You can automatically generate a passphrase or provide your own minimum 16-character passphrase (Figure 23). Click Next and continue with the wizard until the agent has been configured.
I got the error depicted on Figure 24. I tried once again by clicking Previous and Next, and the error went away.
Figure 23: Encryption Setting
Figure 24: Server Registration error
- Once registration of the Microsoft Azure Backup server successfully completes, the overall setup wizard proceeds to the installation and configuration of SQL Server. Once the SQL Server component installation completes, the Azure Backup Server components are installed (Figure 25). Click Close.
Figure 25: Installation successful
- When the installation step has completed, the product's desktop icons will have been created as well. Just double-click the icon of Microsoft Azure Backup Server to launch the management console.
You need to add backup storage even if you plan to send data to Azure, since the first backup copy is kept on storage attached to the Azure Backup Server machine. In the current architecture of Azure Backup Server, the Azure Backup vault holds the second copy of the data while the local storage holds the first (and mandatory) backup copy.
- In Microsoft Azure Backup Console, in the Management task area, on the Disks tab, in the Actions pane, click Add (Figure 26). In case a warning pops-up stating that the disk will be converted to dynamic, click Yes. The disk will show up as belonging to the DPM storage pool (Figure 27).
Figure 26: Add Disks to Storage Pool
Figure 27: Storage Pool Disks
Azure Backup Server requires connectivity to the Azure Backup service for the product to work successfully. To validate whether the machine has the connectivity to Azure, use the Get-DPMCloudConnection cmdlet in the Azure Backup Server PowerShell console. If the output of the cmdlet is TRUE then connectivity exists (Figure 28), else there is no connectivity.
Figure 28: Get-DPMCloudConnection
At the same time, the Azure subscription needs to be in a healthy state. To find out the state of your subscription and to manage it, log in to the subscription portal (Figure 29).
Figure 29: Azure Management Portal
Once you know the state of the Azure connectivity and of the Azure subscription, you can use the table below to find out the impact on the backup/restore functionality offered.
|Connectivity State||Azure Subscription||Backup to Azure||Backup to disk||Restore from Azure||Restore from disk|
|Connected||Deprovisioned||Stopped||Stopped||Stopped and Azure recovery points deleted||Stopped|
|Lost connectivity > 15 days||Active||Stopped||Stopped||Allowed||Allowed|
|Lost connectivity > 15 days||Expired||Stopped||Stopped||Allowed||Allowed|
|Lost connectivity > 15 days||Deprovisioned||Stopped||Stopped||Stopped and Azure recovery points deleted||Stopped|
Table 1: Backup/restore functionality
If you have a firewall or a proxy that is preventing access to Azure, you need to whitelist the following domain addresses in the firewall/proxy profile:
Configure the Agent
Before you continue, make sure that all the prerequisites for using Microsoft Azure Backup to protect workloads have been met. These prerequisites include the following:
- A backup vault on the Azure site has been created.
- Agent and vault credentials have been downloaded to the Azure Backup Server.
- The agent is installed on the Azure Backup Server.
- The vault credentials were used to register the Azure Backup Server.
To install the DPM protection agent (yes, it’s called DPM agent) on the Exchange server, open the Microsoft Azure Backup Server console, go to the Management pane and click Install to launch the agent installation wizard.
In some circumstances, you must install the protection agent manually, for example, when the computer that you want to protect is behind a firewall, in a workgroup, or in a domain that does not have a two-way trust relationship with the domain where the Azure Backup Server is located in. After manually installing an agent, you have to attach the computer in Microsoft Azure Backup Server console.
- To manually install the protection agent on the targeted computer, open an elevated Command Prompt window, and then run the following command, as depicted in Figure 31:\\<DPMServerName>\Program Files\Microsoft System Center 2012\DPM\DPM\ProtectionAgents\RA\4.1.<build number>.0\amd64\<language code>\DpmAgentInstaller_x64.exe <DPMServerName>
Figure 30: Location of the agent installation files
Figure 31: Manual installation of the agent
Figure 32: Agent installation completed successfully
- In Microsoft Azure Backup Server console, on the navigation bar, click Management, and then click the Agents tab. In the Actions pane, click Install. The Protection Agent Installation Wizard opens. On the Select Agent Deployment Method page, select Attach agents, select Computer on trusted domain, and then click Next (Figure 33).
- On the Select Computers page (Figure 34), select one or more computers from the Computer name list, click Add, and then click Next.
Figure 33: Select Agent Deployment Method
Figure 34: Select Computers
- On the Enter Credentials page (Figure 35), type the user name and password for a domain account that is a member of the local administrators group on all selected servers and click Next.
- On the Summary page (Figure 36), click Install to begin the installation. On the Installation page, the results appear on the Task tab to indicate whether the installation is successful or not. Click Close.
Figure 35: Enter Credentials
Figure 36: Summary
Figure 37: Attach completed
In the second part of this article we covered the installation of the Azure Backup Server and the configuration of the DPM agent. In the next and final part of this article we’ll cover how to protect Exchange Server and restore mailbox databases and single user mailboxes.
If you would like to read the other parts in this article series please go to: