Protecting your online and on premises assets IaaS style!: Introducing #windowsazure Online Backup … #meetbe

Since this week Windows Azure Recovery Services have been put in preview modus. Time to put this tech to the test and see what we can do with it. Now seeing that this is an ONLINE service, why not use it completely in the Windows Azure ecosystem. For this purpose I’ve created a VM based on Windows Server 2012.


First things first: since this is a preview feature one must activate this feature through the Account / Preview Features site

Once activated we can start fiddling around.


The feature will show as the one before last icon on the menu in the portal

The feature can be added by going to the “New” à “Data Services” à “Recovery Services” à “Backup Vault”

So far nothing newJ.

The “Vault” has been created, which kind of reminds me of the FallOut Game series J. But unfortunately you are not allowed to call it 101 ;-)

Anyway: Once the vault is created you’ll get the traditional dashboard view.

First thing you notice is that it states that you need to upload a certificate, and next to that to Download the Agent for your server.

Now the certificate can either be a self-signed one or a bought one. More on that later ..

The other 2 tabs (Protected Items, Servers) will become only important once we’ve gone through the entire setup, config and the first backup set taken.


Time to RDP in to our VM. Once we’re there, go to the Management Portal and click on the “Download Agent’ link. Additionally this gives you 2 choices: an Agent for Windows Server 2012 & System Center 2012 SP1 – DPM or an Agent for Windows Server 2012 Essentials

Since I’m running Server 2012 I picked the first link. Download and run it:

Agree on the EULA:

Then there’s a pre-requisites check, and as always, in the background there’s powershell J

Set the installation path and cache path

Then decide on your update strategy

And start with the install:

Once installed you get 2 new icons on the Start / home view:


Now we need to have a certificate on both the service as on the machine. As I stated earlier: you can have both bought ones from a trusted authority as self-signed certificates. Since I didn’t have any lying around, I decided to go for the latter one.

Easiest way to go here is to use the makercert
part of the Windows SDK, but with a small note that this hasn’t been verified et for Windows Server 2012!

Very Important part here are following pre-reqs :

  • Has to have a valid ClientAuthentication EKU
  • The certificate Is currently valid with a validity period that does not exceed 3 years

Especially the validity is important or elseway your certificate WILL NOT UPLOAD. So you need to give some parameters on this tool: open a commandline with administrator privileges and execute following command in the folder where you’ve extracted the tool:

makecert.exe -r -pe -n CN=
MyWindowsAzureBackup -ss my -sr localmachine -eku  -e 12/31/2015 -len 2048 “

where “MyWindowsAzureBackup” is the DNS or Server name you wish to add to the vault. Of course you need to create this on the server you wish to add to make sure the thumbprint matches.

Alternatively you can use he PowerShell command New-SelfSignedCertificate to create the same kind of certificate but for some reason this doesn’t add up when activating the agent on the server and will return following error:

Once uploaded the portal will verify with the certificate thumbprint showing on the dashboard.


Now it’s time to start configuring the Agent and make sure the server gets registered in the Vault.

Open the Agent. And click Register Server

It will first ask you if you are using a proxy to configure in order to get clearance to the internet:

Now let’s make sure we can use our earlier created certificate:

Click Browse and automatically it will recognize the created cert:

Click ok to continue. Then select the associated vault you wish to use, and click next.

Enter a passphrase in the next window and a location to store the encryption key. DO NOTE: it’s NOT a best practice to keep this on the machine as I did, this was demo purposes only!

Wait until the operation finishes and you’re done registering, You’ll see a nice message stating your server now has Windows Azure Backup Available.

If we nnow check the portal we do see the server in the Server tab:

Hey You! BACK UP!

Now that that’s behind us, let’s get operational. We now need to schedule our backups. So let’s create a backup scheme:

Select the files or folders you wish to backup:

End you can even choose which ones you want to exclude.

Now choose when and how many times and or recurrence you want your backup to be executed

For network optimization you can even keep an eye out on the throttling, to make sure no issues will occur during the backup:

After this you need to set your retention policy:

After this you need to confirm your settings:

And done scheduling:

Now this will show in the agent’s dashboard

You can force the backup anytime allowing you full flexibility in you backup strategy or maintenance plans:

Also some overview exists in the dashboard giving you info on job statuses and alerts:

With more details inside:

Also on the management portal this will show up:

The only good backup … is a working backup … !

Something lot’s of people tend to forget is that when you have a backup and DRP strategy you also need to make sure it works! So test your restores!!!!

I deleted a file on purpose and will restore it:

I killed the CAB file

So let’s restore it, click Recover Data on the main screen. A wizard will appear. First select the server.

Now you can either select whether you want to search for a certain file or to navigate to the already known location:

After doing than, you choose what set you wish to use, by selecting the volume and the available dates on which the backup was taken.

Once the set has been opened you can now select what to restore, what’s selected will be restored.

As in any good backup tool you get to choose where to recover/restore your files : same location or a different one by choice.

Plus the choice whether to get either a copy, to overwrite the file or no recovery for items still existing, plus also an option on ACL recovery, which is pretty cool, cause you really would like to keep your permissions as they were!

Only thing remaining is confirming the operation:

And wait:

And as you can see, this tooling is pretty easy. Now the fun thing is that you can easily take it along in your System Center tooling (I want to do a tutorial / walkthrough on that one too, but don’t have the infrastructure yet) for a more streamlined DRP process.

Now as an addition the tooling also provides in a PowerShell module and cmdlets:

This allows you easily to remote into the server and execute a backup or get a status, without the need of opening the server, rdp’ing in to one or logging in to the Windows Azure Portal.


The product is without hassle (if you get the certs ok that is J ) and integrates nicely into your daily operations and tooling if you want it to!

I hope this was helpful. Feel free to poke me on the subject any time J

Happy backup

8 thoughts on “Protecting your online and on premises assets IaaS style!: Introducing #windowsazure Online Backup … #meetbe

  1. Pingback: Windows Azure Community News Roundup (Edition #62) - Windows Azure - Site Home - MSDN Blogs

  2. Pingback: Wazurr Community

  3. Pingback: Backup to the cloud using Windows Azure Backup | UP2V

  4. Pingback: Build Microsoft Hyper-V-based Hybrid Cloud (Private+Azure) Backup Mode | Точка

  5. Pingback: Windows Azure 社区新闻综述(#62 版) - 微软云计算: Windows Azure 中文博客 - Site Home - MSDN Blogs

  6. Pingback: Windows Azure Community News Roundup (Edition #62) | AI 1

  7. Pingback: Windows Azure Community News Roundup (Edition #62) | Watson Philosopher Entrepreneur

  8. Pingback: Windows Azure Community News Roundup (Edition #62) | IBM Watson Cloud Computing

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s