Protecting your online and on premises assets IaaS style!: Introducing #windowsazure Online Backup … #meetbe

Since this week Windows Azure Recovery Services have been put in preview modus. Time to put this tech to the test and see what we can do with it. Now seeing that this is an ONLINE service, why not use it completely in the Windows Azure ecosystem. For this purpose I’ve created a VM based on Windows Server 2012.

Activate

First things first: since this is a preview feature one must activate this feature through the Account / Preview Features site

Once activated we can start fiddling around.

Instantiate

The feature will show as the one before last icon on the menu in the portal

The feature can be added by going to the “New” à “Data Services” à “Recovery Services” à “Backup Vault”

So far nothing newJ.

The “Vault” has been created, which kind of reminds me of the FallOut Game series J. But unfortunately you are not allowed to call it 101 ;-)

Anyway: Once the vault is created you’ll get the traditional dashboard view.

First thing you notice is that it states that you need to upload a certificate, and next to that to Download the Agent for your server.

Now the certificate can either be a self-signed one or a bought one. More on that later ..

The other 2 tabs (Protected Items, Servers) will become only important once we’ve gone through the entire setup, config and the first backup set taken.

Setup

Time to RDP in to our VM. Once we’re there, go to the Management Portal and click on the “Download Agent’ link. Additionally this gives you 2 choices: an Agent for Windows Server 2012 & System Center 2012 SP1 – DPM or an Agent for Windows Server 2012 Essentials

Since I’m running Server 2012 I picked the first link. Download and run it:

Agree on the EULA:

Then there’s a pre-requisites check, and as always, in the background there’s powershell J

Set the installation path and cache path

Then decide on your update strategy

And start with the install:

Once installed you get 2 new icons on the Start / home view:

CERT TIME

Now we need to have a certificate on both the service as on the machine. As I stated earlier: you can have both bought ones from a trusted authority as self-signed certificates. Since I didn’t have any lying around, I decided to go for the latter one.

Easiest way to go here is to use the makercert
part of the Windows SDK, but with a small note that this hasn’t been verified et for Windows Server 2012!

Very Important part here are following pre-reqs :

  • Has to have a valid ClientAuthentication EKU
  • The certificate Is currently valid with a validity period that does not exceed 3 years

Especially the validity is important or elseway your certificate WILL NOT UPLOAD. So you need to give some parameters on this tool: open a commandline with administrator privileges and execute following command in the folder where you’ve extracted the tool:

makecert.exe -r -pe -n CN=
MyWindowsAzureBackup -ss my -sr localmachine -eku 1.3.6.1.5.5.7.3.2  -e 12/31/2015 -len 2048 “
MyWindowsAzureBackup.cer”

where “MyWindowsAzureBackup” is the DNS or Server name you wish to add to the vault. Of course you need to create this on the server you wish to add to make sure the thumbprint matches.

Alternatively you can use he PowerShell command New-SelfSignedCertificate to create the same kind of certificate but for some reason this doesn’t add up when activating the agent on the server and will return following error:

Once uploaded the portal will verify with the certificate thumbprint showing on the dashboard.

SUPER AGENT AZURE

Now it’s time to start configuring the Agent and make sure the server gets registered in the Vault.

Open the Agent. And click Register Server

It will first ask you if you are using a proxy to configure in order to get clearance to the internet:

Now let’s make sure we can use our earlier created certificate:

Click Browse and automatically it will recognize the created cert:

Click ok to continue. Then select the associated vault you wish to use, and click next.

Enter a passphrase in the next window and a location to store the encryption key. DO NOTE: it’s NOT a best practice to keep this on the machine as I did, this was demo purposes only!

Wait until the operation finishes and you’re done registering, You’ll see a nice message stating your server now has Windows Azure Backup Available.

If we nnow check the portal we do see the server in the Server tab:

Hey You! BACK UP!

Now that that’s behind us, let’s get operational. We now need to schedule our backups. So let’s create a backup scheme:

Select the files or folders you wish to backup:

End you can even choose which ones you want to exclude.

Now choose when and how many times and or recurrence you want your backup to be executed

For network optimization you can even keep an eye out on the throttling, to make sure no issues will occur during the backup:

After this you need to set your retention policy:

After this you need to confirm your settings:

And done scheduling:

Now this will show in the agent’s dashboard

You can force the backup anytime allowing you full flexibility in you backup strategy or maintenance plans:

Also some overview exists in the dashboard giving you info on job statuses and alerts:

With more details inside:

Also on the management portal this will show up:

The only good backup … is a working backup … !

Something lot’s of people tend to forget is that when you have a backup and DRP strategy you also need to make sure it works! So test your restores!!!!

I deleted a file on purpose and will restore it:

I killed the CAB file

So let’s restore it, click Recover Data on the main screen. A wizard will appear. First select the server.

Now you can either select whether you want to search for a certain file or to navigate to the already known location:

After doing than, you choose what set you wish to use, by selecting the volume and the available dates on which the backup was taken.

Once the set has been opened you can now select what to restore, what’s selected will be restored.

As in any good backup tool you get to choose where to recover/restore your files : same location or a different one by choice.

Plus the choice whether to get either a copy, to overwrite the file or no recovery for items still existing, plus also an option on ACL recovery, which is pretty cool, cause you really would like to keep your permissions as they were!

Only thing remaining is confirming the operation:

And wait:

And as you can see, this tooling is pretty easy. Now the fun thing is that you can easily take it along in your System Center tooling (I want to do a tutorial / walkthrough on that one too, but don’t have the infrastructure yet) for a more streamlined DRP process.

Now as an addition the tooling also provides in a PowerShell module and cmdlets:

This allows you easily to remote into the server and execute a backup or get a status, without the need of opening the server, rdp’ing in to one or logging in to the Windows Azure Portal.

Conclusion

The product is without hassle (if you get the certs ok that is J ) and integrates nicely into your daily operations and tooling if you want it to!

I hope this was helpful. Feel free to poke me on the subject any time J

Happy backup

Advertisements

My 2012 blogposts in review #MEETBE #WINDOWSAZURE #ALM #TFS

Thanks all for reading my posts in 2012, please help me in 2013 to reach more readers :-) (btw : you all rock!!! #CommunityRocks). I’m going to try make 2013 a better blog year (couple of post are being cooked up!) Meanwhile the WordPress.com stats helper monkeys prepared a 2012 annual report for this blog.

Here’s an excerpt:

600 people reached the top of Mt. Everest in 2012. This blog got about 2,100 views in 2012. If every person who reached the top of Mt. Everest viewed this blog, it would have taken 4 years to get that many views.

Click here to see the complete report.

another #windowsazure cool event: the online conference named windowsazureconf.net/

In 14 days from now the only official Windows Azure Online conference will be held. This event will take place on November 14th. This conference will host a keynote held by Scott Guthrie. This conference will be given by MVP’s and Windows Azure enthusiasts. All the sessions will be real life driven, so no classic ooh demo’s but actual real life scenario based presentations! Make sure you check this out. More info and registration to be found at : http://www.windowsazureconf.net/

TFS Building

Did you ever encounter build issues on TFS refering to an error like the one below and not inside your IDE:

sourcedir\codefile.cs (297): ‘namespace’ does not contain a definition for ‘X’ and no extension method ‘Y’ accepting a first argument of type ‘Z’ could be found

(are you missing a using directive or an assembly reference?)


If so, this has to do with the MSBUILD Target Engine , it’s not well documented at first and you get the impression that it is a permissions issue or related.

What you need to do to resolve this is, open the build definition, navigate to the process tab and change the MSBuild Platform to the X86 version. this occurs most of the time when assemblies are not able to compile toward x64 architecture.