Protecting Exchange with Azure Backup (Part 2)

If you would like to read the other parts in this article series please go to:

Download and Install the Software Package

After creating the Backup Vault, it’s time to download the package that will install the backup services.

  1. On the Windows Azure Portal, click Recovery Services and open the Dashboard of the service previously created. From there there’s an option to Download Microsoft Azure for Applications (Figure 1). The download page will then open (Figure 2).

Image
Figure 1: Download Microsoft Azure for Applications

Image
Figure 2: Microsoft Azure Backup download page

  1. After you’ve downloaded all the files, click MicrosoftAzureBackupInstaller.exe. This will start the Microsoft Azure Backup Setup Wizard to extract the setup files to a location specified by you. Continue through the wizard and click on the Extract button to begin the extraction process (Figure 3, Figure 4 and Figure 5).

Image
Figure 3: Microsoft Azure Backup Setup Wizard

Image
Figure 4:
Select Destination Location

Image
Figure
5: Ready to Extract

  1. Once the extraction process completes, check the box to launch the extracted setup.exe to begin installing Microsoft Azure Backup Server and click on the Finish button (Figure 6). Click Microsoft Azure Backup to launch the setup wizard (Figure 7). Please be aware that the setup installs the Microsoft Visual VC++ 2010 components (Figure 8).

Image
Figure
6: Execute setup.exe

Image
Figure
7: Install Microsoft Azure Backup

Image
Figure
8: Microsoft Visual VC++ 2010

  1. On the Welcome screen click the Next button (Figure 9). This takes you to the Prerequisite Checks section (Figure 10). On this screen, click on the Check button to determine if the hardware and software prerequisites for Azure Backup Server have been met. If all of the prerequisites have been met successfully, you will see a message indicating that the machine meets the requirements. Click on the Next button.

Image
Figure
9: Microsoft Azure Backup setup

Image
Figure
10: Prerequisite Checks

  1. Microsoft Azure Backup Server requires SQL Server Standard, and the Azure Backup Server installation package comes bundled with the appropriate SQL Server binaries needed. When starting with a new Azure Backup Server installation, you should pick the option Install new Instance of SQL Server with this Setup and click the Check and Install button (Figure 11). Once the prerequisites are successfully installed, click Next.

Image
Figure
11: SQL Settings

  1. If some of the prerequisites for SQL Server are not met, the installation will not continue and you’ll get a message like the one depicted in Figure 12. Click Cancel, install the necessary requisites and then re-launch the wizard. Hopefully, on the second time, the prerequisite check will pass with no errors (Figure 13). Click Next.

Image
Figure
12: SQL Settings errors

Image
Figure
13: SQL prerequisites check

  1. Provide a location for the installation of Microsoft Azure Backup server files and click Next (Figure 14). The scratch location is a requirement for back up to Azure. Ensure the scratch location is at least 5% of the data planned to be backed up to the cloud. For disk protection, separate disks need to be configured once the installation completes. For more information regarding storage pools, see Configure storage pools and disk storage.

Image
Figure
14: Installation Settings

  1. Provide a strong password for restricted local user accounts and click Next (Figure 15).

Image
Figure
15: Security Settings

  1. Select whether you want to use Microsoft Update to check for updates and click Next (Figure 16).

Image
Figure
16: Microsoft Update Opt-In

  1. Review the Summary of Settings and click Install (Figure 17).

Image
Figure
17: Summary of Settings

  1. The installation happens in phases. In the first phase the Microsoft Azure Recovery Services Agent is installed on the server. The wizard also checks for Internet connectivity. If Internet connectivity is available you can proceed with installation, if not, you need to provide proxy details to connect to the Internet. Click Next (Figure 18):

Image
Figure
18: Proxy Configuration

Image
Figure
19: Installation

Image
Figure
20: Installation (cont.)

  1. The next step is to configure the Microsoft Azure Recovery Services Agent. As a part of the configuration, you will have to provide your vault credentials to register the machine to the backup vault. The vault credential file is downloaded through a secure channel from the Azure portal.
    In the left navigation pane of the Azure Management Portal, click Recovery Services, and then select the backup vault that you created. On the Quick Start page, click Vault credentials (Figure 21).The portal generates a vault credential by using a combination of the vault name and the current date. The vault credentials file is used only during the registration process and expires after 48 hours.
    Save the file to local disk and, back to the Register Server Wizard (Figure 22), browse to the file location and click Next.

Image
Figure
21: Vault credentials

Image
Figure
22: Vault Identification

  1. You will also provide a passphrase to encrypt/decrypt the data sent between Azure and your premises. You can automatically generate a passphrase or provide your own minimum 16-character passphrase (Figure 23). Click Next and continue with the wizard until the agent has been configured.
    I got the error depicted on Figure 24. I tried once again by clicking Previous and Next, and the error went away.

Image
Figure
23: Encryption Setting

Image
Figure
24: Server Registration error

  1. Once registration of the Microsoft Azure Backup server successfully completes, the overall setup wizard proceeds to the installation and configuration of SQL Server. Once the SQL Server component installation completes, the Azure Backup Server components are installed (Figure 25). Click Close.

Image
Figure
25: Installation successful

  1. When the installation step has completed, the product’s desktop icons will have been created as well. Just double-click the icon of Microsoft Azure Backup Server to launch the management console.

You need to add backup storage even if you plan to send data to Azure, since the first backup copy is kept on storage attached to the Azure Backup Server machine. In the current architecture of Azure Backup Server, the Azure Backup vault holds the second copy of the data while the local storage holds the first (and mandatory) backup copy.

  1. In Microsoft Azure Backup Console, in the Management task area, on the Disks tab, in the Actions pane, click Add (Figure 26). In case a warning pops-up stating that the disk will be converted to dynamic, click Yes. The disk will show up as belonging to the DPM storage pool (Figure 27).

Image
Figure
26: Add Disks to Storage Pool

Image
Figure
27: Storage Pool Disks

Network Connectivity

Azure Backup Server requires connectivity to the Azure Backup service for the product to work successfully. To validate whether the machine has the connectivity to Azure, use the Get-DPMCloudConnection cmdlet in the Azure Backup Server PowerShell console. If the output of the cmdlet is TRUE then connectivity exists (Figure 28), else there is no connectivity.

Image
Figure
28: Get-DPMCloudConnection

At the same time, the Azure subscription needs to be in a healthy state. To find out the state of your subscription and to manage it, log in to the subscription portal (Figure 29).

Image
Figure
29: Azure Management Portal

Once you know the state of the Azure connectivity and of the Azure subscription, you can use the table below to find out the impact on the backup/restore functionality offered.

Connectivity State Azure Subscription Backup to Azure Backup to disk Restore from Azure Restore from disk
Connected Active Allowed Allowed Allowed Allowed
Connected Expired Stopped Stopped Allowed Allowed
Connected Deprovisioned Stopped Stopped Stopped and Azure recovery points deleted Stopped
Lost connectivity > 15 days Active Stopped Stopped Allowed Allowed
Lost connectivity > 15 days Expired Stopped Stopped Allowed Allowed
Lost connectivity > 15 days Deprovisioned Stopped Stopped Stopped and Azure recovery points deleted Stopped

Table 1: Backup/restore functionality

If you have a firewall or a proxy that is preventing access to Azure, you need to whitelist the following domain addresses in the firewall/proxy profile:

  • www.msftncsi.com
  • *.microsoft.com
  • *.windowsazure.com
  • *.microsoftonline.com
  • *.windows.net

Configure the Agent

Before you continue, make sure that all the prerequisites for using Microsoft Azure Backup to protect workloads have been met. These prerequisites include the following:

  • A backup vault on the Azure site has been created.
  • Agent and vault credentials have been downloaded to the Azure Backup Server.
  • The agent is installed on the Azure Backup Server.
  • The vault credentials were used to register the Azure Backup Server.

To install the DPM protection agent (yes, it’s called DPM agent) on the Exchange server, open the Microsoft Azure Backup Server console, go to the Management pane and click Install to launch the agent installation wizard.

In some circumstances, you must install the protection agent manually, for example, when the computer that you want to protect is behind a firewall, in a workgroup, or in a domain that does not have a two-way trust relationship with the domain where the Azure Backup Server is located in. After manually installing an agent, you have to attach the computer in Microsoft Azure Backup Server console.

  1. To manually install the protection agent on the targeted computer, open an elevated Command Prompt window, and then run the following command, as depicted in Figure 31:\\<DPMServerName>\Program Files\Microsoft System Center 2012\DPM\DPM\ProtectionAgents\RA\4.1.<build number>.0\amd64\<language code>\DpmAgentInstaller_x64.exe <DPMServerName>

Image
Figure
30: Location of the agent installation files

Image
Figure
31: Manual installation of the agent

Image
Figure
32: Agent installation completed successfully

  1. In Microsoft Azure Backup Server console, on the navigation bar, click Management, and then click the Agents tab. In the Actions pane, click Install. The Protection Agent Installation Wizard opens. On the Select Agent Deployment Method page, select Attach agents, select Computer on trusted domain, and then click Next (Figure 33).
  2. On the Select Computers page (Figure 34), select one or more computers from the Computer name list, click Add, and then click Next.

Image
Figure
33: Select Agent Deployment Method

Image
Figure
34: Select Computers

  1. On the Enter Credentials page (Figure 35), type the user name and password for a domain account that is a member of the local administrators group on all selected servers and click Next.
  2. On the Summary page (Figure 36), click Install to begin the installation. On the Installation page, the results appear on the Task tab to indicate whether the installation is successful or not. Click Close.

Image
Figure
35: Enter Credentials

Image
Figure
36: Summary

Image
Figure
37: Attach completed

Summary

In the second part of this article we covered the installation of the Azure Backup Server and the configuration of the DPM agent. In the next and final part of this article we’ll cover how to protect Exchange Server and restore mailbox databases and single user mailboxes.

If you would like to read the other parts in this article series please go to:

About The Author

Leave a Comment

Your email address will not be published. Required fields are marked *

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Scroll to Top