7 Using N2W with Azure

Following are the steps for setup, backup, and recovery of Azure VMs and Disks:

Before starting, configure N2W Backup and Recovery according to Configuring N2W.
After the final configuration screen, prepare your Azure Subscription by adding the required permissions and custom IAM role in AWS. See section 7.1.
In N2W, add an Azure account with the custom N2W role. See section 7.2.
Create an Azure policy in N2W with Azure backup targets. See section 7.3.
Back up the policy. See section 7.4.
Recover from a backup. See section 7.5.

7.1 Setting Up Your Azure Subscription

N2W Backup and Recovery needs the following permissions to perform backup and recovery actions. In addition, see

For the minimal permissions for Azure, see https://n2ws.zendesk.com/hc/en-us/articles/28833036917021-Required-Minimum-Azure-permissions-for-N2W-operations
Add your subscription ID value to the subscriptions attribute in the minimal permissions JSON.

{
    "properties": {
        "roleName": "CPM",
        "description": "",
        "assignableScopes": [
            "/subscriptions/<subscriptionID>"
        ],
        "permissions": [
            {
                "actions": [
                    "Microsoft.Compute/virtualMachines/read",
                    "Microsoft.Compute/disks/read",
                    "Microsoft.Compute/snapshots/write",
                    "Microsoft.Network/networkInterfaces/read",
                    "Microsoft.Compute/snapshots/read",
                    "Microsoft.Resources/subscriptions/resourceGroups/read",
                    "Microsoft.Compute/disks/write",
                    "Microsoft.Compute/snapshots/delete",
                    "Microsoft.Resources/subscriptions/resourceGroups/delete",
                    "Microsoft.Network/virtualNetworks/read",
                    "Microsoft.Network/virtualNetworks/subnets/read",
                    "Microsoft.Network/networkInterfaces/write",
                    "Microsoft.Network/virtualNetworks/subnets/join/action",
                    "Microsoft.Network/networkInterfaces/join/action",
                    "Microsoft.Compute/virtualMachines/write",
                    "Microsoft.Compute/diskEncryptionSets/read",
                    "Microsoft.Compute/virtualMachines/powerOff/action",
                    "Microsoft.Compute/virtualMachines/start/action",
                    "Microsoft.Compute/availabilitySets/read",
                    "Microsoft.Compute/availabilitySets/vmSizes/read"
                ],
                "notActions": [],
                "dataActions": [],
                "notDataActions": []
            }
        ]
    }
}

2. In the Azure Portal, go to your subscription. Select a subscription that you want to use with N2W Backup & Recovery. 3. Select Access control (IAM), select +Add, and then select Add custom role.

4. Complete the form by providing a Custom role name, such as N2WBackupRecoveryRole, and then select the JSON file saved in step 1.

5. Create the role with the new JSON file.

7.2 Adding an Azure Account to N2W

Log on to N2W using the root username and password used during the N2W configuration.
Select the Accounts tab.
If you have a license for Azure cloud, select Azure account in the + New menu.
Complete the New Azure Account screen using the App Registration view information in the Azure portal as needed.

Name - Copy from your App Registration name.
In the User list, select your username. Or, select + New to add a new user. See section 18 in the N2W Backup & Recovery User Guide.
Directory (tenant) ID – Copy from your App Registration.
Application (client) ID – Copy from your App Registration.
Client Secret – Copy from your App registration Certificates & Secrets in the App Registration view, or set a new secret.

5. Select Save. The new account appears in the Accounts list as an Azure Cloud account.

7.3 Creating an Azure Policy

To backup resources in Azure, create an N2W policy.

In N2W, select the Policies tab.
In the + New list, select Azure policy.
In the New Azure Policy screen, complete the fields:

Name – Enter a name for the policy.
User – Select from the list.
Account – Select from the list. Or, select + New to add an account. See section 7.2.
Enabled – Clear to disable the policy.
Subscription – Select from the list.
Schedules – Optionally, select one or more schedules from the list, or select + New to add a schedule. See section 4.3.
Auto Target Removal – Select Yes to automatically remove a non-existing target from the policy.

4. Select the Backup Targets tab. 5. In the Add Backup Targets menu, select the targets to backup, Disks and/or Virtual Machines. The Add Virtual Machines / Disks screen opens. 6. When selecting Virtual Machines, it is required to filter by the Location of the target resources using the list in the upper left corner before selecting the individual targets. Filtering by Resource Group is optional.

7. When finished selecting targets, select Add selected. The Backup Targets tab lists the selected targets.

8. To determine which disks for each Virtual Machines target to backup, selectConfigure. In the Which Disks list of the Policy Virtual Machine and Disk Configuration screen, select the disks to include or exclude in the backup. 9. When finished, in the Backup Targets tab, select Save.

7.4 Backing Up an Azure Policy

If the policy has a schedule, the policy will backup automatically according to the schedule. To run a policy as soon as possible, in the Policies view, select the policy and selectRun ASAP.

To view the policy progress and backups, select Backup Monitor.

The backup progress is shown in the Status column.
Use the Cloud buttons to display the Azure policies.

7.5 Recovering from an Azure Backup

Only one VM is recoverable during a recovery operation.

After creating a backup, you can recover it from the Backup Monitor.

In the VM recovery Basic Options, there are Azure options for replicating data to additional locations in order to protect against potential data loss and data unavailability:

Availability Zone – A redundant data center (different building, different servers, different power, etc.), within a geographical area that is managed by Azure.
Availability Set – A redundant data center (different building, different servers, different power, etc.) that can be launched and fully configured by the customer and managed by the customer.
No Redundancy Infrastructure Required – By selecting this option, the customer can choose not to replicate its data to an additional (redundant) location in another zone or set. By choosing this option, the customer would save some money, but in rare cases (usually 11 9s of durability and 99.9% of availability), the customer can experience some degree of data loss and availability.

In the Disk Recovery screen, you may be presented with an option to change the encryption when recovering certain disks.

To add an additional layer of encryption during the recovery process, see https://docs.microsoft.com/en-us/azure/virtual-machines/disks-enable-customer-managed-keys-portal.
Disk encryption settings can be changed only when the disk is unattached or the owner VM is deallocated.

7.5.1 Recovering a VM and Disks

To recover a VM with or without attached disks:

In the Backup Monitor, select the backup, and then select Recover.

2. Select the VM snapshot that you want to recover from, and then select Recover.

3. In the Virtual Machines tab of the Recover screen, select 1 VM, and then select Recover. The Basic Options tab opens.

4. In the Availability Type list, select one of the following:

No Infrastructure Redundancy Required – Select to not replicate data at a redundant location in another zone or set.
Availability Zone – Select a zone in the Availability Zone list.
Availability Set – Select a set in the Availability Set list.

5. In the Private IP Address box, assign an available IP address, or switch the Custom toggle key to Auto assigned.

6. In the Disks tab, enter a new Name for each disk. Similar names will cause the recovery to fail.

7. Select Recover Virtual Machine.

8. To view the recovery progress, select Recovery Monitor. Use the Cloud buttons to display the Azure () recoveries.

7.5.2 Recovering Only Disks of a VM

To recover only disks attached to the VM:

Select Recover Disks Only.

2. In the Disks tab, enter a new Name for each disk. Similar names will cause the recovery to fail.

3. See Note above about changing the Encryption Set for certain disks.

4. Change other settings as needed, and select Recover Disk.

5. To view the recovery progress, select Recovery Monitor. Use the Cloud buttons to display the Azure () recoveries.

7.5.3 Recovering Independent Disks

To recover from backups with independent disks:

Select the backup, and then select Recover as in step 1 of the VM recovery.

2. In the Independent Disks tab, enter a new Name for each disk to recover. Similar names will cause failure.

3. See Note above about changing the Encryption Set for certain disks.

4. Change other settings as needed, and select Recover Disk.

5. To view the recovery progress, select Recovery Monitor. Use the Cloud buttons to display the Azure () recoveries.

Previous6 How to Configure N2W with CloudFormation NextAppendix A - AWS Authentication with N2W

Last updated 2 months ago

hashtag7.1 Setting Up Your Azure Subscription

hashtag7.2 Adding an Azure Account to N2W

hashtag7.3 Creating an Azure Policy

hashtag7.4 Backing Up an Azure Policy

hashtag7.5 Recovering from an Azure Backup

hashtag7.5.1 Recovering a VM and Disks

hashtag7.5.2 Recovering Only Disks of a VM

hashtag7.5.3 Recovering Independent Disks