Backing Up Files and Folders Using Azure Backup
In this post I will document an online backup solution for small businesses, branch offices, and mobile workers, where Azure Backup can be used to cost effectively protect files and folders in the cloud.
Passwords Haven’t Disappeared Yet
123456. Qwerty. Iloveyou. No, these are not exercises for people who are brand new to typing. Shockingly, they are among the most common passwords that end users choose in 2021. Research has found that the average business user must manually type out, or copy/paste, the credentials to 154 websites per month. We repeatedly got one question that surprised us: “Why would I ever trust a third party with control of my network?
Note that this post is written for those using Azure Backup via the Recovery Services Vault in the newer Azure Portal, and not the Backup Vault in the old Azure Management Portal.
The MARS Agent
The solution that we are looking at deploying is the Microsoft Azure Recovery Services (MARS) agent. This is a simple disk-cloud backup solution; that means that the agent creates a backup that is sent directly to the cloud.
Right now (and this is changing in the future), the MARS agent is restricted in the following ways:
- Files and folders only: The MARS agent cannot back anything other than files and folders. No Hyper-V VMs from the host, no SQL Server databases, no Exchange Server, no SharePoint, and no System State. In training, I find that I have to repeat this many times and promise physical remedial reminders: MARS will protect only files and folders … but this will change.
- Local management only: There is no central console for the MARS agent. Each machine that you backup must be managed locally using the MARS console; this will also change.
MARS is improving — see Project Venus. Although MARS might be limited right now, it’s proven to be a popular solution for online backup in the small to midsized enterprise, probably thanks to the very competitive pricing of Azure Backup and Azure (hot) blob storage.
Download the MARS Agent
The first prerequisite that you will need is a Recovery Services Vault (RSV); create an RSV in the Azure Portal and be sure to do the following:
- Decide if you want to use locally redundant storage (LRS) or geo-redundant storage (GRS).
- Configure email alerts.
Open the settings of the RSV and browse to Getting Started > Backup. Do the following in the subsequent wizard:
- In Backup Goal, select On Premises as the location in which your workload is running, and Files And Folders as the workload you want to protect.
- A Prepare Infrastructure blade will appear after you click OK. Click the link to Download Agent For Windows Server Or Windows Client to download the installer for the MARS agent. You should also click the Download button to retrieve a vault credentials file.
You can use the MARS agent installer repeatedly — it is recommended that you intermittently ensure that you have the latest version of the agent. Azure Backup upgrades the agent several times per year and the result is usually new functionality or improved performance.
The vault credentials file is used to connect a MARS agent installation with the RSV; it also provides a secret that is used to permit the MARS agent to connect to the RSV.
You do not need to download a set of credentials for every installation. The credentials file can be used repeatedly for many agent installations, which will use the same RSV, over the next 48 hours. After 48 hours, the secret in the file will expire and you’ll need to get a new credentials file for further installations.
Install the MARS Agent
Copy the setup file to the machine that you want to backup and run the installer; it’s little more than a next-next-next. There is one setting to mind; Azure Backup needs a cache location. This location must have access to free space that is at least 5 percent of the size of the data being backed up. If you have a proxy server, then you can configure the necessary settings.
At the end of the wizard, you will be prompted to start a registration; click Proceed To Registration.
Register Server Wizard
This is where you will associate the MARS agent with the RSV in Azure. Click Browse and navigate to/select the vault credentials file. Assuming that all is well, the wizard will update with details of your RSV.
The next screen is where you configure a passphrase (a secret that is longer than a password) that is used to protect access to your encrypted backups. You can enter a passphrase of your own, but I prefer to get a random string by clicking Generate Passphrase.
You are forced into saving this passphrase into a text file. Save the file locally, and immediately copy it to somewhere secure — you cannot restore data without this passphrase and Microsoft cannot restore the passphrase for you because it never sees it. A tip that I got from one of my customers was to upload the passphrase file to an Azure storage account in your subscription as well as keeping it in 1-2 other secure locations.
My tip is that you reuse the same passphrase if you are backing up more than one machine to the same RSV. This will simplify passphrase logistics for you. Deploy more than one RSV if you need different security boundaries.
The registration should complete successfully now. However, sometimes it fails for me and I just go back a screen and repeat and everything works out fine.
Microsoft Azure Backup Console
Launch the Microsoft Azure Backup console. Click Change Properties and navigate to Throttling. This is where you can restrict the bandwidth used by the MARS agent on this machine.
Click Schedule Backup to create a backup configuration. Click Add Items in Select Items To Backup, and browse to and select the files/folders that you want to back up to Azure on a scheduled basis. You can click Excluded Items to exclude file types or specific files/folders from the selection.
Specify Backup Schedule allows you to select when the backup schedule will execute. This can be:
- 1-3 times every day
- 1-3 times on selected days, every 1-4 weeks.
Azure Backup can retain up to 9,999 recovery points (times from when you restore files) for up to 99 years. Most of my customers go with something simple like retaining 30 days of data. But Azure Backup offers a very configurable retention schedule, as shown below:
Azure Backup will do an online backup by default for the first backup. But some customers might have terabytes of data that they want to ship by secure disk instead; Azure Backup can cater for this need. Once the first backup is completed, Azure Backup switches to a “changes only” backup.
A backup schedule is created when you complete the wizard. You can wait for the first backup to take place, or you can trigger a manual backup by clicking Back Up Now in the Actions pane of the Microsoft Azure Backup console.