How to backup on-premises server workloads with Azure Backup

Case #

You have one of the following on-premise server workloads and data and you need to take backup of them by using the Azure Backup service.

  • Files and folders
  • Hyper-V or VMWare virtual machines
  • Exchange Server
  • Sharepoint Server
  • SQL Server
  • Physical server for bare metal backup and recovery

This KB articles provides step-by-step guidance on how to backup on-premises server workloads with Azure Backup.

The article focuses on the files and folders backup and recovery option which is feasible with the usage of Microsoft Azure Recovery Services (MARS) agent. The MARS agent high level architecture is the following.

Solution #

Configure Azure Recovery Services Vault #

Azure Backup service utilizes Azure Recovery Service vault to create the following configurations. It is based on an agent application or virtual machine acting as the proxy between the on-premises workloads and the Azure Backup service.

Follow the steps below.

  • In the Overview section create a new backup configuration inside the created Azure Recovery Services vault.
  • Choose which types of on-premise server workloads you need to take backup of.
  • For on-premise workloads, you have the following possible backup sources.
  • For the purpose of this KB article, we will choose “Files and folders” only.
  • Choose the storage replication options (LRS, ZRS or GRS), as shown below.
  • Click on “Prepare Infrastructure”. This will provide you with the appropriate Azure Backup agent to use for your backups, as explained below.
  • Download the required Azure Backup agent, depending on the type of on-premise server workload you chose to backup, as follows:

Download and configure MARS agent #

In the case of on-premise server files and folders, first download the MARS agent and then download the vault credentials to register the on-premise server to the Azure Recovery Services vault.

  • Install the Azure MARS Agent on the source on-premise server. Follow the wizard to complete the installation.
  • After launching the MARS management console wizard, register the on-premise server to the vault. Click “Proceed to registration”.
  • Browse to the downloaded vault authentication credentials and click Next.
  • Generate a passphrase and browse to a local path to temporarily save the passphrase file.
  • Click “Finish” and then “Yes” to the warning to continue.
  • Restoration should now be successful. Click Close to continue.

You can now use the Azure MARS management console on the on-premise server and the associated Azure Recovery Services vault in the management portal to manage the following aspects of your Azure backups:

  • Schedule backup using Recovery Services Agent UI. 
  • Once the backups are scheduled, you can use backup jobs page to monitor the backups. 
  • Restore any files and folders backup set (point in time)

Configure Azure Backup alerts #

You can also Configure Notifications from the Azure Recovery Services Vault alerts page to receive email alerts for backup failures. Click on “Configure Notifications”. 

Configure Azure Key Vault #

You should also create an Azure Key Vault resource to keep your Azure Backup encryption passphrase file in encrypted format. You should never keep the passphrase file in the same infrastructure from which backups are taken, to protect your data from infrastructure corruption or ransomware attacks.

A Key Vault can keep the following types of data:

  • Secrets
  • Keys
  • Certificates

To create a new Azure Key Vault in the Azure management portal, follow the steps below.

  • Create a new Key Vault resource.

Provide the project details and recovery options, as shown below and click Next.

Provide access policy details for the key vault, as shown below and click Next.

Provide the Azure Key Vault desired networking configuration and click Next.

Click create. The Azure Key Vault is now created.

Powered by BetterDocs