Microsoft Azure AZ-801 — Section 11: Manage backup and recovery for windows Server Part 2
67. Back up and recover using Azure Backup Server
All right. Now, as I get into working with the Microsoft Azure backup services, I’m going to add another disk to my NYC-SVR1. Now, to do that, here I am in Hyper-V, I’m just going to right click my NYC-SVR1, I’m going to go to Settings and I’ve removed existing disk and in all of that.
So, one point I had failover clustering and all that. I just went ahead and removed all that just to free up memory. In your case, if you are playing around with this stuff, if you got plenty of memory and all that stuff, then you can leave stuff in place. It’s no big deal, but I’ve removed it Now. What I’m also going to do is go here to add another hard drive. All right. And so it says virtual disk. I’m going to click new click. Next, it’s going to be a dynamically expanding disk, and I’m just going to call this my backup drive. All right. And so we’re just pretending like this is another hard drive. But it is going to be a virtual drive and we’ll just leave it at 127 gigs. We’ll click Finish. All right. At that point, the new drive has been added and I’m going to jump over to. My Server1 virtual machine. And then I’ve got Microsoft Azure backup that I’ve already installed. I’m just going to double click on that. And that is going to bring up the Azure backup tool now. When we get in this backup tool, the main thing we’ve got to do is we’ve got to add this storage. All right? However, if you go right here and you click on Manage on the manage workspace and you go to disk storage and then click Add, you’ll see the volume is not there yet.
So, we need to initialize that volume. All right. To do that, what we’re going to do is we’re just going to right click the Start button here. We’re going to go to disk management. And there’s our new disk. We’re going to right click it and bring it online. All right. And then we’re going to right click it and initialize it as GPT. All right. And then I’m going to right click and say new volume, and we’re just going to create a new volume. I’m just going to do I’m going to set it to 100,000. I’m going to leave a little bit of space unused there and we’ll make that the E drive, NTFS, Perform quick format. And it looks like our new drive is just about ready to go there. Yep. So, it looks like it is officially ready to go. So, let’s go back into the Microsoft Azure Backup Server. Pull that back up. And now, now that we’ve initialized it and we’ve created that volume, our Microsoft Azure Backup Server should be able to recognize that storage.
So, here we are back on management. We’ve got disk storage here. We’re going to click Add. Now, does this take just a few seconds for this to appear? But there it is. I’m going to click Add. DPM will format the volume before adding it to the pool. Any data we present? Yes, that’s fine. Tell it to go ahead and format. I’m just going to give it a friendly name of backup. All right. We’re going to click. Okay. And we’ve now officially added that disk storage.
So, now I am ready to install my production server. So, I’m going to go to production server. I’m going to click Add. This is Windows Server, or you can use VMware Server, but we’re using Windows. Then it asks, There’s two options for installing the software. So, in order to do this backup, you have to have some agent software installed. And there’s two options. One is called install agents or attach agent.
So, install agent will allow the server to just install the agent itself, which makes life easy. The attach agent, you would have to manually install it onto the machine. And the reason for that is because of a firewall. So, it says recommended for computers that are not behind a firewall. So, now what if it is behind a firewall? You can add exceptions to the servers that you want to back up.
The idea here is that MABS is going to go out and is going to be able to backup data from these other servers. But you do have to have that agent software installed.
Now, there’s a little article about this deploy the VPN protection agent if you actually do a quick Google or Bing search on just deployed VPN protection agent, you’ll pull this article up. And they tell you the firewall exceptions. So, there’s a series of firewall exceptions that you can go through. It’s basically this little Table right here I wouldn’t worry about right now trying to memorize these. That’s not something I would worry about. But you would need to address the firewall.
How do we go about doing that? Well, we jump over. We would need to write these different port numbers and things down. We would jump over to our NYC-DC1. We would go to control panel. All right. We’d open up Windows Defender Firewall, we would click on Advanced Settings. All right. And we would need to go through and create these various port rules that they’re mentioning. So, whatever port rules that they mention, we’d go through here. We just add each one. We open each one. All right. And then that would that would essentially take care of this now, just for the sake of speeding things up. And I’m wanting to get the agent installed and all that. I’m just going to temporary turn the temporarily turn the firewall off. All right. So, to do that. Plus, I don’t know. You might have some other type of third party firewall. You’d have to consider that. So, either way, you’d have to consider it how you want to do it. I’m just going to turn the firewall off, though.
Now, we’re done that. We’re going to go into backup to this tool on NYC-SVR1. We’re going to click Install agent. We’re going to choose NYC-DC1. We’re going to click Next. We’re going to put in our privileges, our I’m sorry, our credentials, which should have the privileges needed, our admin credentials. And we’re going to go ahead and click Next. So, as you might need to restart the protection agent, computer’s installed agent, do you want it to restart it? If it needs to, yes. So, we’ll do that. We’re going to go ahead and click Install. And I’m going to pause the recording while that’s being installed. All right. Now, that’s done, I’m going to hit Close. And as you can see, it is showing that my NYC-DC1 server is showing up here. The agent has successfully been installed.
Something else I can do to verify that it’s that it’s there is. I can jump back over to NYC-DC1 and if I go into control panel I can go to my programs and features and I can see on programs and features that the Azure backup server agent is there. So, everything is good to go there.
Now, what I’m going to do is I’m going to open up File Explorer. I’m just going to create some data, so I’m going to create a folder on the C drive called Important Data, and I’m going to create a file called A. Important report. All right. We’ll say this is just like some kind of important report and we’ll say blah, blah, blah, important stuff for our company, blah, blah, blah. All right.
So, we’re going to save that. We’ve now created some important information that we want to back up and we’re now ready to jump back over to Server1. All right. Now, we are ready to create what’s called a protection group. So, to do that, we’re going to go over to the protection workspace and we’re going to click new up here on the ribbon.
Now, a protection group would be a group of servers that you want to back up. In my case, I’m just going to be backing up in my DC1, but so I’m going to click new and I’m going to basically going to run through this little wizard here. I’m on the welcome screen. We’re going to click Next and we are backing up servers as opposed to clients. So, we’ll choose that. We’re going to expand out NYC-DC1, we’re going to expand out volumes and then the C drive. And then there is my important data folder that I want to back up. So, I’m going to choose that and I’m going to click Next. Then it says, “What do you want to call the protection group?” I’m just going to call this the NYC-DC1 group because I don’t really have multiple servers in this case that I’m backing up. So, select your protection method. I want to do short term protection, a disk backup, and also want to do, maybe, an online protection. We’re going to do an online protection, but in order to do an online protection, you’ll notice that we have to choose disk protection as well. So, it’s a requirement that you have both of those.
So, we’re going to go ahead and click Next on that. Specify your short term recovery goals for the disk based protection, the retention period, five days. You can do synchronous frequency every 15 minutes if you want. In this case, you can set what you want your recovery points to be. 8 a.m., 12 p.m., 6 p.m. Then you can click Next. All right. And this is all your data sources C drive. You’re backing up to the E drive, right? So then we’ll click Next. The PM must create a replica to copy the selected data to the BPM server. How do you want to create the replica? We’ll just say automatically happen over the network and we’ll click Next. It’s going to do it’s one it’s wanting to run a consistency check to make sure that everything is consistent. Select this method if you want the BPM to automatically run a consistency check which finds the replicas inconsistent. State. This method may require BPM to use additional CPU in my case, because I don’t have a lot of performance on my VMs, I’m going to turn that off. We’re going to click Next. There’s the folder here, right, that we want to back up. So, we’re going to click Next and schedule back up every day the following times a day. And it’s basically saying 9 p.m. All right. And so I’m just going to say let’s do 7:30 a.m. And then at the following times a day. Let’s see. And we’ll do. How about we do 5 p.m.? So, we’ll click Next. All right. And then if we want to set retention policy, monthly retention policy is how long it will keep it. So, specify the retention policy with DPM will use to generate protection plan. So, I could choose any of that I want or change any of that, and I’m going to do automatically. And we’re going to go ahead and click to create the group. So, it’s now going through the process of creating this protection group. So, I’ll go ahead and pause recording while that’s happening. All right. And as you can see, it’s done. So, I’m going to hit Close and I’ve got the green check mark indicating that everything is good to go. All right. We’ve officially set up our backup using the Microsoft Azure backup service.
Now, if you want to force your backup to be triggered immediately, you don’t want to wait on the schedule. You can right click right here and you can click create a recovery point. And then you should be able to choose online protection and then you will click Okay. All right. And at that point, it will create a recovery point. Keep in mind that once this recovery point is created, it can take about 15 minutes before it’ll show up inside of Azure. But eventually you should be able to open up and go to portal.azure.com. And should be able to go into your recovery vault if you’ve created one. And you should be able to verify that it’s there. But remember, it can take about 15 minutes to show up. It is not it’s not the fastest thing in the world. A lot of times people will create one of these and then they want to see instant instantly that it’s there. And it’s just like many other things in Azure, things do not happen instantly. All right. You have to wait. You have to be patient with it.
So, like I said, give it about 15 minutes. But now after I wait about 15 minutes, I should be able to go down here to in my recovery vault. I should be able to go to backup items and I can see the Azure backup server option here. I’ve also had backed up an Azure file earlier, but Azure backup server. And I can see that it was successfully backed up by this NYC-DC1 and that was back up from the NYC-DC1 and it was backed up to this NYC-SVR1. So, you can see that. That this has successfully performed a backup.
68. Manage backups in Azure Recovery Services vault
I now want to take a look at our Azure Recovery Vault, Recovery Services vault and see how we can look at the backups that have occurred and just kind of get a feel for how the configuration of all this work.
So, here we are on portal.azure.com. You can see I got Recovery Vault right there. You can always go to the menu button and go to all services and do a search. You can also go to your resource group. If you create a resource group to store your recovery service, the vault in which of course you have to have a resource group to store a recovery services vault in like many other most everything in Azure. Anyway, here is our recovery vault right here.
So, we’re going to click on that. And we’re going to go down here to backup items and we can see the different things that different things that have been backed up. For example, earlier I with the storage account I created Let’s go let’s go look at that real fast. If I go to storage accounts from the menu option, we can click on the LP storage account demo and I have a file share that I had set up. Called images. Right. And I have this image here and all that.
So, I’ve actually scheduled a backup. I had scheduled backup for that. And I can see it if I go back over to my recovery services vault. Right here. Back up. I had actually gone through and selected Azure and file share and went through the backup process on that. All right. So, I’ve done that already, but I think I scheduled it too.
So, if I go over here or backup items, you can see I’ve got Azure Storage, Azure files, and then there it is right there and it has been backed up. Keep in mind, if you went through that process and you scheduled it and it hasn’t occurred yet, you can always go right here and click back up now and you can force it to go ahead and back up. All right. And you need to give it about 15 minutes. But now that’s officially backed up. So, you can see very easily the stuff here that’s been backed up. Now, if I want, I can also go through and restore the entire share if I want or I could do file recovery, just an individual file. So, like if I wanted to do individual file recovery, I could do that. So, why don’t we… Let’s go back over to our resource group. And to our storage account. And our file share. Images. And let’s delete this. Let’s delete the image. So, go right here. We’ll delete it. Oh, no. I’ve accidentally deleted my data. Right.
So, now what we’ll do is we’ll come back over here to our storage account and go to our recovery vault. Okay, We’ll go to backup items. Click on our Azure Files here. All right. Click on view details and we’re going to say file recovery. Says you store point. So, I do have this restore point and that’s fine. That’s the one that basically the backup that I created. And if there’s a conflict, you could say override existing. So, that’s fine. Say add files and that’s the file we’re going to add because that’s the one we backed up, right? So we’re going to go ahead and restore that. And we’ve now triggered a restore to occur. All right. Of course. We’ll take just a moment to do that and I’ll pause the recording while that’s happening. All right.
That’s done. I should be able to go to menu, go to resource groups. And we’ll click on Storage count demo, and let’s go back into our storage account. All right. File shares. Images. And there it is. Our image has been restored.
So, all in all, hopefully you can find that working with the Azure Recovery Services Vault is actually very easy. I think Microsoft has made a pretty intuitive system here for managing it at all. The one thing I’ll also kind of point out when it comes to this, this vault is you can control who can have access to it in your environment.
So, you can do that right here on the access control, the which is the I am blade, as they call it, which is the identity and access management is what I am stands for. And so what you can do is you can do this thing called admiral assignment and you can give users the ability to do stuff. If you want to allow another admin to have the ability to work with the backup but not have any admin, like be able to set permissions and things on it, you can do contributor if you need an admin to be able to set permissions on it like I’m doing now. You go owner you could also if you just need somebody to have access to read it you could do that here.
Then if you wanted to do that you would just click view and from there you’d specify. Well, let’s do whichever of these roles which are I’m sorry, whichever of these actions. Right. That we want to go with, if we’re wanting if we’re going to do a contributor or we’re wanting to do owner, we can choose. What don’t we do? Contributor and then we could select members, we could select whoever we want to be able to do this. So, I’ve got some users here. You may not. If you’re playing around with this, you might have to create some users, but you basically just select, select your user, click, select and review and assign. And there you go. You’ve now given that person the ability to be a contributor.
Again, that is how we can work with our Recovery Services vault pretty straightforward. I think, again, Microsoft has made it very, very straightforward. You can also click the activity log, by the way, which will show you the different tasks that’s been performed.