In this post I will document an online backup solution for small businesses, branch offices, and mobile workers, where Azure Backup can be used to cost effectively protect files and folders in the cloud.
Note that this post is written for those using Azure Backup via the Recovery Services Vault in the newer Azure Portal, and not the Backup Vault in the old Azure Management Portal.
The solution that we are looking at deploying is the Microsoft Azure Recovery Services (MARS) agent. This is a simple disk-cloud backup solution; that means that the agent creates a backup that is sent directly to the cloud.
Right now (and this is changing in the future), the MARS agent is restricted in the following ways:
MARS is improving — see Project Venus. Although MARS might be limited right now, it’s proven to be a popular solution for online backup in the small to midsized enterprise, probably thanks to the very competitive pricing of Azure Backup and Azure (hot) blob storage.
The first prerequisite that you will need is a Recovery Services Vault (RSV); create an RSV in the Azure Portal and be sure to do the following:
Open the settings of the RSV and browse to Getting Started > Backup. Do the following in the subsequent wizard:
You can use the MARS agent installer repeatedly — it is recommended that you intermittently ensure that you have the latest version of the agent. Azure Backup upgrades the agent several times per year and the result is usually new functionality or improved performance.
The vault credentials file is used to connect a MARS agent installation with the RSV; it also provides a secret that is used to permit the MARS agent to connect to the RSV.
You do not need to download a set of credentials for every installation. The credentials file can be used repeatedly for many agent installations, which will use the same RSV, over the next 48 hours. After 48 hours, the secret in the file will expire and you’ll need to get a new credentials file for further installations.
Copy the setup file to the machine that you want to backup and run the installer; it’s little more than a next-next-next. There is one setting to mind; Azure Backup needs a cache location. This location must have access to free space that is at least 5 percent of the size of the data being backed up. If you have a proxy server, then you can configure the necessary settings.
At the end of the wizard, you will be prompted to start a registration; click Proceed To Registration.
This is where you will associate the MARS agent with the RSV in Azure. Click Browse and navigate to/select the vault credentials file. Assuming that all is well, the wizard will update with details of your RSV.
The next screen is where you configure a passphrase (a secret that is longer than a password) that is used to protect access to your encrypted backups. You can enter a passphrase of your own, but I prefer to get a random string by clicking Generate Passphrase.
You are forced into saving this passphrase into a text file. Save the file locally, and immediately copy it to somewhere secure — you cannot restore data without this passphrase and Microsoft cannot restore the passphrase for you because it never sees it. A tip that I got from one of my customers was to upload the passphrase file to an Azure storage account in your subscription as well as keeping it in 1-2 other secure locations.
My tip is that you reuse the same passphrase if you are backing up more than one machine to the same RSV. This will simplify passphrase logistics for you. Deploy more than one RSV if you need different security boundaries.
The registration should complete successfully now. However, sometimes it fails for me and I just go back a screen and repeat and everything works out fine.
Launch the Microsoft Azure Backup console. Click Change Properties and navigate to Throttling. This is where you can restrict the bandwidth used by the MARS agent on this machine.
Click Schedule Backup to create a backup configuration. Click Add Items in Select Items To Backup, and browse to and select the files/folders that you want to back up to Azure on a scheduled basis. You can click Excluded Items to exclude file types or specific files/folders from the selection.
Specify Backup Schedule allows you to select when the backup schedule will execute. This can be:
Azure Backup can retain up to 9,999 recovery points (times from when you restore files) for up to 99 years. Most of my customers go with something simple like retaining 30 days of data. But Azure Backup offers a very configurable retention schedule, as shown below:
Azure Backup will do an online backup by default for the first backup. But some customers might have terabytes of data that they want to ship by secure disk instead; Azure Backup can cater for this need. Once the first backup is completed, Azure Backup switches to a “changes only” backup.
A backup schedule is created when you complete the wizard. You can wait for the first backup to take place, or you can trigger a manual backup by clicking Back Up Now in the Actions pane of the Microsoft Azure Backup console.