Tag Archives: backup

Step-by-Step Guide to protect Azure VM using Azure Backup

Azure Backup is capable of replacing typical on-premises backup solutions. It is cloud-based, secure, reliable solution. It has four components which can use to backup different types of data.


Protected data

Can use with On-premises?

Can use with Azure?

Azure Backup (MARS) agent

Files, Folders, System State



System Center DPM

Files, Folders, Volumes,

VMs, Applications, Workloads, System State



Azure Backup Server

Files, Folders, Volumes,

VMs, Applications, Workloads, System State



Azure IaaS VM Backup

VMs, All disks (using PowerShell)



More details about azure backup and components limitations can be find on https://docs.microsoft.com/en-us/azure/backup/backup-introduction-to-azure-backup 

In this article we are going to look in to Azure VM backup (Azure IaaS VM Backup). 

How Azure VM Backup works? 

Azure VM backup doesn’t need any special agent installed in VM. It also does not need to have any additional components (backup server) install either to enable backup. When very first backup job is triggered, it installs backup extension inside the VM. If its Windows VM, it installs VMSnapshot extension and if its Linux VM, it installs VMSnapshotLinux extension. VM must be in running state in order to install extension. After extension in place, it takes point-in-time snapshot of the VM. If VM is not running during backup window, it takes snapshot of VM storage. If its windows VM, backup service uses Volume Shadow Copy Service (VSS) to get consistence snapshot of VM disk. If its Linux VM, users can create custom scripts to run before and after backup job to keep application consistency. Once snapshot is taken it will transfer to the backup vault. Service can identify the recent changes and only transfer the block of data which changed from last backup. Once the data transfer completes snapshot will removed and recovery point will be created. 


Image Source: https://docs.microsoft.com/en-us/azure/backup/media/backup-azure-vms-introduction/vmbackup-architecture.png 

Performance of backup depends on,

1) Storage account limitations 

2) Number of disks in VM

3) Backup Schedule – if all jobs running in same time it can create traffic jam

According to Microsoft following are recommended when you use Azure backup for Azure VMs. Reference: https://docs.microsoft.com/en-us/azure/backup/backup-azure-vms-introduction 

1) Do not schedule more than 40 VMs to backup same time.

2) Schedule VMs backup when minimum IOPs been used in your environment (In relevant storage accounts). 

3) Better not to back up more than 20 disks in single storage account. If you have more than 20 disks in single storage account spread those VMs across the multiple policies to maintain required IOPS. 

4) Do not restore a VM running on Premium storage to same storage account. Also try to avoid restore while backup process is running on same storage account.

5) For Premium VM backup, ensure that storage account that hosts premium disks has at least 50% free space for staging snapshot for a successful backup.

6) Linux VM needs python 2.7 enabled for backup.

Next step is to see this in action.

1) Log in to Azure Portal as Global Administrator

2) First step is to create Azure Recovery Service Vault. In order to do that, go to All Services and click on Recovery Service vaults under storage section. 


3) Then click on Add in new window


4) It will open up wizard and there provide vault name, subscription, resource group and location. Once done, click on Create.


5) Now we have vault created, next step is to create backup policy. To do that click on vault we just created from the Recovery service vault window.


6) Then click on Backup Policies 


7) There is default policy from Azure VM backup. It backup VMs daily and keep it for 30 days.


8) I am going to create new policy to do backup every day at 01:00 am and keep it for 7 days. To do that click on add option in policy window. 


9) Then select the policy type. for VMs, it should be Azure Virtual Machine


10) In next window we can define time and retention period of data. Once done with the details click on Create


11) Next step of the configuration is to enable backup. In order to do that, go to the VM you like to backup. Then click on the option Backup 


12) Then in new window select the vault and policy we created before and then click on enable backup


13) Once it is done we can run backup by going in to same backup window. If you like to take ad-hoc backup, click on Backup Now


14) We can see the progress of the backup job by clicking View All Jobs



15) Once backup jobs completed we can see the status of it in same backup window.


16) To test the restore I installed Acrobat Reader in this server and created test folder in desktop. 


17) Now I am going to do a restore to an earlier day. To do that go to VM backup page, then click on Restore VM


18) In next window it asks which backup to restore. I am selecting back up from 3 days.


19) In next window it allows me to restore it as new VM or as disk. In here I am going to restore it as new VM


20) Once selection is done click on Restore to begin the process.

21) We also can check the status of the job using backup job window.


22) Once restore completed, I can see a new VM. 


23) Once log in to the VM I can’t see the folder and application I installed, as expected. 


This marks the end of this blog post. If you have any questions feel free to contact me on rebeladm@live.com also follow me on twitter @rebeladm to get updates about new blog posts.

Azure Backup to Protect your Data from Disaster – Part 2

In my previous post I explain what Azure backup is and its features. If you not read it yes you can find it here. In this post I am going to explain how to configure azure backup and how to use it to back up your data.

Create Azure backup vault

1)    Log in to the Azure Portal
2)    Click on +New and then in search type “backup” and press enter


3)    From the list click on Azure Backup


4)    Then it will open the feature page. It will give you brief description about azure backup feature. Click on “create


5)    Then it will open up the azure management portal and give you option to create the backup vault. Type the name for the vault and also select the region you need. Then click create vault


6)    Then it will create the vault


7)    Now we need to download azure vault credential file. On-premise backup agent need to register with backup vault in order to backup data. Azure vault credential file is a certificate generate by the portal for each backup vault. Then the public key of the file will upload to the access control service. This file will use during the initial agent registration process. This credential file only valid for 48 hours. So if you need to register another machine you need to download the latest credential file from portal. Even someone else manage to get the keys it will prevent them using it to connect the backup vault. To download, click on the backup vault and then dashboard.


8)    Next is to download the backup agents. It is can find on the same page.


Backup On-Premises Data

Now we have the backup vault created in cloud and next step is to start the agent install and register process.

1)    Log in to the on-premises server or pc you like to backup as administrator
2)    Download the agent and latest vault credential file as explain on previous
3)    For demo I am using an on-premises DC server which running on windows server 2016 TP4. Double click on MARSAgentInstaller.exe to start the agent install
4)    In first window select the folder path for installation and cache. You can change the paths as you like.


5)    In next window you can define proxy settings if you behind proxy server. Click next to continue


6)    In next window it ask to allow windows update to update agent if any update available. Click on next to continue after selection


7)    In next window click on install to start the agent installation


8)    After install, need to start the registration, click on “Proceed to registration


9)    In next window it ask to brows for the vault credential file which is downloaded from the portal. Then click next to proceed


10)    In next screen you can define a passphrase to encrypt and decrypt backup data. You must save this information as, if you do not have this info you will not be able to use backup data in recovery process. Then click on finish to complete the register process.


11)    Once it’s done we can start to setup backup jobs by launching agent.


Azure Backup Job configuration

1)    To configure backup job, double click on Microsoft Azure Backup icon in on-premises server


2)    After open the console, you can start to configure schedule backup using “Scheduled Backup


3)    Then it start the console, click next to continue


4)    In next windows can select the data you need to backup, then click next to proceed


5)    Here we can define the schedule for the backup, click next to proceed


6)    In next window we can define the data retention policy. You can keep data up to 99 years. Once done click on next to proceed


7)    Next step is to define the initial backup settings. You can either do it via internet or offline seeding.


8)    Next it will give the confirmation about backup and click on finish to exit


Now it’s all done, let’s check azure backup portal to see the registration status.
Under the registered item now we can see the new server we added and its status.


Under the protected items can see the status of the protection, how many recovery points etc.


Recover an Item

Let’s see how to recover a file easily.

1)    Launch the azure backup console in local computer
2)    Click on Recover Data Option
3)    In wizard you need to select where the backup was generated. For demo I am trying to restore to same server.


4)    Then in next window can select recovery mode. Then click next to proceed


5)    Next we need to select the volume, date, time to recover from


6)    Then in next window select the file or folder to recover


7)    Next we can define if its need to restore to original or alternative location. Also what to do if the item with same name exist in the location.


8)    Then click on “recover” to get the file


9)    As we can see its recovered the file successfully at the end.


Hope this article help you to understand the azure backup in operations.

If you have any questions feel free to contact me on rebeladm@live.com

Azure Backup to Protect your Data from Disaster – Part 1

Data is the value for any organization operations, so it’s important to make sure organization have access to its data in any time. Backup of valued data will ensure seamless access to data in a disaster. Businesses uses different type of backup technologies, tools to backup data. It can be traditional tape backups, on-premises backup, off-shore backup etc. each of these technologies, tools got their own characteristics.

Azure Backup is a solution where you can bring your backups to cloud. Let’s see why it’s different from other solutions.


Zero Capital investment – Disaster recovery solutions are costly. You need to buy additional storages, spaces in remote data centers, software licenses, support contracts etc. when all these adds up its not cheap. But with azure backup you can start the backup without any of the above concerns.   All you need to do is enable the service in azure portal. Then in next minute you can start to back up your data in to the cloud.

Minimum maintenance cost – Maintaining disaster recovery solution is not easy either. When the data grows you need to plan for the expanding your backup infrastructure as well. Also need to consider about software upgrades, staff training etc. But if you use azure backup, Microsoft taking care of all these maintenance problems for you.

Protect Data from anywhere – your data can be in different formats and in different geographical locations. Also some data may in cloud. Azure backup can protect your data from anywhere and all you need is internet access. In disaster it will be available to you from anywhere as well. 

Replacement for Tape – even tapes are old school backup type still organizations are using it for long-term retention. With azure backup you can keep your data up to 99 years. Also it’s available to you in low cost and faster recovery than tapes.

Secure – When people talk about the cloud service a common question you get is how secure it is. With Azure backup, the data will be encrypted before it leaves your infrastructure. Then it will be deliver via secure connection and will be store in azure datacenters as encrypted data.

Reliable – Azure backup will store 3 copies of your data in azure datacenter and in additional you can save copies in remote datacenters in different geographical locations.

Throttling – when you backup data over internet one of the problem people face is bandwidth. With bandwidth throttling we can control the impact of backup jobs to company uplinks. Ideally backup jobs can use the full benefit of bandwidth in off-peak times.

Compression – Data will be compressed before it upload in to azure. So it will use less bandwidth and less storage.

Advanced Workload Protection– Azure backup can integrate with SCDPM (System Center Data Protection Manager) and can use to protect enterprise workload such as SharePoint, exchange, SQL servers, Hyper-V VM. It also gives Granular restore capability such as mailbox recovery for Exchange, DB level recovery for SQL, and ILR for SharePoint. DPM works seamlessly with the Hyper-V Volume Shadow Copy Services (VSS) writer to ensure that consistent versions of virtual machines are captured and protected without affecting virtual machine access.

Offline Seeding – The initial backup for large servers over internet is pain. Azure backup allow you to create initial backup locally and can deliver to the nearest azure datacenter for upload.

In next post let’s see how we can configure azure backup and start protecting data.

If you have any questions feel free to contact me on rebeladm@live.com

Image source: https://azure.microsoft.com/en-us/documentation/articles/fundamentals-introduction-to-azure/

Automatic DHCP server Backup

Dynamic Host Configuration Protocol (DHCP) server in organization may require backup and restore dhcp database in event of hardware failure, software failure, migration or in fault configuration change. How many of you guys know that Microsoft automatically backup your dhcp database? Sounds strange right? but yes system automatically backup the DHCP server config. In this post let’s see how we can adjust the default parameters of this automatic backup process.

In my demo I am using a server with windows server 2012 R2 in a domain. It do have DHCP server role installed and configure.

To start the process log in to server as Domain admin or Enterprise admin.
Then Server Manager > DHCP


Once mmc load, right click on the server node and click properties.


In the new window you can see it shows backup path as C:\Windows\system32\dhcp\backup. This is the default path. But we can change it to local folder or network share. Click on brows to select the new path. In my demo it is set to C:\DHCPBackup. Once path set click on ok.



System automatically backup the config in every 60 minutes time. But we also can change this schedule as per our requirement.
To do that we need to do some registry key edit. To open the registry mmc, go to Run > regedit


Then go to path HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\DHCPServer\Parameters
In there you will be able to see a key called BackupInterval.


To edit the value double click on it, and then once open select, decimal value option.


As you can see default value is 60, to change it type the value you needs (the value represent the number of minutes) and press ok. In my demo I am going to set for 10 minutes.

Once done we can check the folder path we set to confirm the backup it’s made.


If you have any questions feel free to contact me on rebeladm@live.com

How to create Active Directory Snapshots?

In one of my previous posts I explain what system state is and how we can use it to backup active directory data. With windows 2008 server Microsoft introduces a new feature called active directory snapshots which can use to backup active directory data. Basically this tools creates a shadow copy of volumes that holds active directory data (Database and logs) using “Volume Shadow Copy Service (VSS)” running on server.

In order to create, view or restore AD snapshots, you need to be member of domain admin group or the enterprise administrator group.

Let’s see how we can create active directory snapshots.

1)    Log in the domain controller as a domain administrator or enterprise administrator with appropriate permissions.
2)    Right click on start button and select “Command Prompt (Admin)". It will open up the command line interface.


3)    In command prompt type ntdsutil and enter to open up the ntdsutil tool.


4)    Then type snapshot and press enter.


5)    In next type activate instance ntds and press enter.


6)    Then type create and press enter. It will start to create snapshot and give the similar output as following.


7)    Type and enter quit to exit from the utility. You have to do it twice.

Before we use a snapshot created by this process we need to mount it using active directory mounting tool. Let’s see how we can do it.

1)    Log in the domain controller as a domain administrator or enterprise administrator with appropriate permissions.
2)    Right click on start button and select “Command Prompt (Admin)". It will open up the command line interface.
3)    In command prompt type ntdsutil and enter to open up the ntdsutil tool.
4)    In next type activate instance ntds and press enter.
5)    Then type snapshot and press enter.


6)    Then type list all


7)    It will list down all the snapshot created.
8)    Then run command mount 2 ( this is the order number showing in list of snapshot and I needed to mount the one listed in number 2)


9)    Then as it saying it successfully mounted to the C: drive with folder $SNAP_201502260503_VOLUMEE$


10)    Then enter quit command twice to exit from utility.

Now to connect with the mounted snapshot we need to execute following,

dsamain –dbpath C:\$SNAP_201502260503_VOLUMEE$\ADDB\ntds.dit –ldapport 10000

In here the dbpath will change according to the snapshot mount you made. Ldapport is any openport in the server to run this snapshot instance.



Now we can access snapshot using port 10000.

Keep this open till we finish with next steps.

Let’s see how we can view the content of snapshot using active directory users and computers console.

1)    Go to server manager > tools > active directory users and computers


2)    In mmc right click on active directory users and computers option and select change domain controller option


3)    In here type the domain controller name and the port. Then click ok. Here according to my demo the port should be 10000 ( the one we use with snapshot)  


4)    As we can see here it successfully connect with the instance.


Disconnect and unmounts snapshot

In order to disconnect from the running instance, open the command line we left open and press CTRL+C


1)    Then type ntdsutil to go in to ntdsutil tool
2)    In next type activate instance ntds and press enter.
3)    Then type snapshot and press enter.
4)    Then type list all
5)    It will list down all the snapshot created.


6)    Then type unmount 2 ( this is the snapshot number I mapped before ). It will unmount the snapshot.
7)    Then enter quit command twice to exit from utility.


In this article I explain what active directory snapshot is and how we can use it for recoveries. If you have any questions feel free to contact me on rebeladm@live.com