Cloud Computing

Backing Up Files and Folders Using Azure Backup


In this post I will document an online backup solution for small businesses, branch offices, and mobile workers, where Azure Backup can be used to cost effectively protect files and folders in the cloud.



Sponsored Content

What is “Inside Microsoft Teams”?

“Inside Microsoft Teams” is a webcast series, now in Season 4 for IT pros hosted by Microsoft Product Manager, Stephen Rose. Stephen & his guests comprised of customers, partners, and real-world experts share best practices of planning, deploying, adopting, managing, and securing Teams. You can watch any episode at your convenience, find resources, blogs, reviews of accessories certified for Teams, bonus clips, and information regarding upcoming live broadcasts. Our next episode, “Polaris Inc., and Microsoft Teams- Reinventing how we work and play” will be airing on Oct. 28th from 10-11am PST.

Note that this post is written for those using Azure Backup via the Recovery Services Vault in the newer Azure Portal, and not the Backup Vault in the old Azure Management Portal.

The MARS Agent

The solution that we are looking at deploying is the Microsoft Azure Recovery Services (MARS) agent. This is a simple disk-cloud backup solution; that means that the agent creates a backup that is sent directly to the cloud.

Right now (and this is changing in the future), the MARS agent is restricted in the following ways:

  • Files and folders only: The MARS agent cannot back anything other than files and folders. No Hyper-V VMs from the host, no SQL Server databases, no Exchange Server, no SharePoint, and no System State. In training, I find that I have to repeat this many times and promise physical remedial reminders: MARS will protect only files and folders … but this will change.
  • Local management only: There is no central console for the MARS agent. Each machine that you backup must be managed locally using the MARS console; this will also change.

MARS is improving — see Project Venus. Although MARS might be limited right now, it’s proven to be a popular solution for online backup in the small to midsized enterprise, probably thanks to the very competitive pricing of Azure Backup and Azure (hot) blob storage.

Download the MARS Agent

The first prerequisite that you will need is a Recovery Services Vault (RSV); create an RSV in the Azure Portal and be sure to do the following:

  1. Decide if you want to use locally redundant storage (LRS) or geo-redundant storage (GRS).
  2. Configure email alerts.

Open the settings of the RSV and browse to Getting Started > Backup. Do the following in the subsequent wizard:

  1. In Backup Goal, select On Premises as the location in which your workload is running, and Files And Folders as the workload you want to protect.
  2. A Prepare Infrastructure blade will appear after you click OK. Click the link to Download Agent For Windows Server Or Windows Client to download the installer for the MARS agent. You should also click the Download button to retrieve a vault credentials file.

Download the Azure Backup MARS agent and vault credentials [Image Credit: Aidan Finn]
Download the Azure Backup MARS agent and vault credentials [Image Credit: Aidan Finn]
You can use the MARS agent installer repeatedly — it is recommended that you intermittently ensure that you have the latest version of the agent. Azure Backup upgrades the agent several times per year and the result is usually new functionality or improved performance.

Vault Credentials

The vault credentials file is used to connect a MARS agent installation with the RSV; it also provides a secret that is used to permit the MARS agent to connect to the RSV.

You do not need to download a set of credentials for every installation. The credentials file can be used repeatedly for many agent installations, which will use the same RSV, over the next 48 hours. After 48 hours, the secret in the file will expire and you’ll need to get a new credentials file for further installations.

Install the MARS Agent

Copy the setup file to the machine that you want to backup and run the installer; it’s little more than a next-next-next. There is one setting to mind; Azure Backup needs a cache location. This location must have access to free space that is at least 5 percent of the size of the data being backed up. If you have a proxy server, then you can configure the necessary settings.

At the end of the wizard, you will be prompted to start a registration; click Proceed To Registration.

Register Server Wizard

This is where you will associate the MARS agent with the RSV in Azure. Click Browse and navigate to/select the vault credentials file. Assuming that all is well, the wizard will update with details of your RSV.

A successful Azure Backup vault identification [Image Credit: Aidan Finn]
A successful Azure Backup vault identification [Image Credit: Aidan Finn]
The next screen is where you configure a passphrase (a secret that is longer than a password) that is used to protect access to your encrypted backups. You can enter a passphrase of your own, but I prefer to get a random string by clicking Generate Passphrase.

You are forced into saving this passphrase into a text file. Save the file locally, and immediately copy it to somewhere secure — you cannot restore data without this passphrase and Microsoft cannot restore the passphrase for you because it never sees it. A tip that I got from one of my customers was to upload the passphrase file to an Azure storage account in your subscription as well as keeping it in 1-2 other secure locations.

Generate a passphrase for the Azure Backup MARS agent [Image Credit: Aidan Finn]
Generate a passphrase for the Azure Backup MARS agent [Image Credit: Aidan Finn]
My tip is that you reuse the same passphrase if you are backing up more than one machine to the same RSV. This will simplify passphrase logistics for you. Deploy more than one RSV if you need different security boundaries.

The registration should complete successfully now. However, sometimes it fails for me and I just go back a screen and repeat and everything works out fine.

Microsoft Azure Backup Console

Launch the Microsoft Azure Backup console. Click Change Properties and navigate to Throttling. This is where you can restrict the bandwidth used by the MARS agent on this machine.

Throttling bandwidth utilization of the Azure Backup MARS agent [Image Credit: Aidan Finn]
Throttling bandwidth utilization of the Azure Backup MARS agent [Image Credit: Aidan Finn]
Click Schedule Backup to create a backup configuration. Click Add Items in Select Items To Backup, and browse to and select the files/folders that you want to back up to Azure on a scheduled basis. You can click Excluded Items to exclude file types or specific files/folders from the selection.

Specify Backup Schedule allows you to select when the backup schedule will execute. This can be:

  • 1-3 times every day
  • 1-3 times on selected days, every 1-4 weeks.

Azure Backup can retain up to 9,999 recovery points (times from when you restore files) for up to 99 years. Most of my customers go with something simple like retaining 30 days of data. But Azure Backup offers a very configurable retention schedule, as shown below:

Enable a complex retention policy for backed up data [Image Credit: Aidan Finn]
Enable a complex retention policy for backed up data [Image Credit: Aidan Finn]
Azure Backup will do an online backup by default for the first backup. But some customers might have terabytes of data that they want to ship by secure disk instead; Azure Backup can cater for this need. Once the first backup is completed, Azure Backup switches to a “changes only” backup.

A backup schedule is created when you complete the wizard. You can wait for the first backup to take place, or you can trigger a manual backup by clicking Back Up Now in the Actions pane of the Microsoft Azure Backup console.

Related Topics:


Don't have a login but want to join the conversation? Sign up for a Petri Account

Comments (0)

Leave a Reply

Aidan Finn, Microsoft Most Valuable Professional (MVP), has been working in IT since 1996. He has worked as a consultant and administrator for the likes of Innofactor Norway, Amdahl DMR, Fujitsu, Barclays and Hypo Real Estate Bank International where he dealt with large and complex IT infrastructures and MicroWarehouse Ltd. where he worked with Microsoft partners in the small/medium business space.
External Sharing and Guest User Access in Microsoft 365 and Teams

This eBook will dive into policy considerations you need to make when creating and managing guest user access to your Teams network, as well as the different layers of guest access and the common challenges that accompany a more complicated Microsoft 365 infrastructure.

You will learn:

  • Who should be allowed to be invited as a guest?
  • What type of guests should be able to access files in SharePoint and OneDrive?
  • How should guests be offboarded?
  • How should you determine who has access to sensitive information in your environment?

Sponsored by:

Live Webinar: Active Directory Security: What Needs Immediate Priority!Live on Tuesday, October 12th at 1 PM ET

Attacks on Active Directory are at an all-time high. Companies that are not taking heed are being punished, both monetarily and with loss of production.

In this webinar, you will learn:

  • How to prioritize vulnerability management
  • What attackers are leveraging to breach organizations
  • Where Active Directory security needs immediate attention
  • Overall strategy to secure your environment and keep it secured

Sponsored by: