7 Using N2WS with Azure

Following are the steps for setup, backup, and recovery of Azure VMs and Disks:

  1. Before starting, configure N2WS Backup and Recovery according to Configuring N2WS.

  2. After the final configuration screen, prepare your Azure Subscription by adding the required permissions and custom IAM role in AWS. See section 7.1.

  3. Register the CPM app in Azure. See section 7.2.

  4. Create an N2WS account user as usual and configure resource limitations for Azure.

  5. In N2WS, add an Azure account with the custom N2WS role. See section 7.2.

  6. Create an Azure policy in N2WS with Azure backup targets. See section 7.3.

  7. Back up the policy. See section 7.4.

  8. Recover from a backup. See section 7.5.

7.1 Setting Up Your Azure Subscription

N2WS Backup and Recovery needs the following permissions to perform backup and recovery actions.

  1. Add your subscription ID value to the subscriptions attribute in the minimal permissions JSON.

{
    "properties": {
        "roleName": "CPM",
        "description": "",
        "assignableScopes": [
            "/subscriptions/<subscriptionID>"
        ],
        "permissions": [
            {
                "actions": [
                    "Microsoft.Compute/virtualMachines/read",
                    "Microsoft.Compute/disks/read",
                    "Microsoft.Compute/snapshots/write",
                    "Microsoft.Network/networkInterfaces/read",
                    "Microsoft.Compute/snapshots/read",
                    "Microsoft.Resources/subscriptions/resourceGroups/read",
                    "Microsoft.Compute/disks/write",
                    "Microsoft.Compute/snapshots/delete",
                    "Microsoft.Resources/subscriptions/resourceGroups/delete",
                    "Microsoft.Network/virtualNetworks/read",
                    "Microsoft.Network/virtualNetworks/subnets/read",
                    "Microsoft.Network/networkInterfaces/write",
                    "Microsoft.Network/virtualNetworks/subnets/join/action",
                    "Microsoft.Network/networkInterfaces/join/action",
                    "Microsoft.Compute/virtualMachines/write",
                    "Microsoft.Compute/diskEncryptionSets/read",
                    "Microsoft.Compute/virtualMachines/powerOff/action",
                    "Microsoft.Compute/virtualMachines/start/action",
                    "Microsoft.Compute/availabilitySets/read",
                    "Microsoft.Compute/availabilitySets/vmSizes/read"
                ],
                "notActions": [],
                "dataActions": [],
                "notDataActions": []
            }
        ]
    }
}

4. Complete the form as follows using N2WSBackupRecoveryRole as the Custom role name, and then select the JSON file saved in step 1.

5. Create the role with the new JSON file.

7.2 Registering Your Azure App

  1. In the Azure portal Dashboard section, go to the App registrations service.

  2. In the Name box, type CPM-on-Azure and select Register.

3. Select the app. 4. Save the Application (client) ID and Directory (tenant) ID for use when adding the Azure account to N2WS.

7.3 Adding an Azure Account to N2WS

  1. Log on to N2WS using the root username and password used during the N2WS configuration.

  2. Select the Accounts tab.

  3. Complete the New Azure Account screen using the App Registration view information in the Azure portal as needed.

  • Name - Copy from your App Registration name.

  • In the User list, select your username. Or, select + New to add a new user. See section 18 in the N2WS Backup & Recovery User Guide.

  • Directory (tenant) ID – Copy from your App Registration.

  • Application (client) ID – Copy from your App Registration.

  • Client Secret – Copy from your App registration Certificates & Secrets in the App Registration view, or set a new secret.

5. Select Save. The new account appears in the Accounts list as an Azure Cloud account.

7.4 Creating an Azure Policy

To backup resources in Azure, create an N2WS policy.

  1. In N2WS, select the Policies tab.

  2. In the + New list, select Azure policy.

  3. In the New Azure Policy screen, complete the fields:

  • Name – Enter a name for the policy.

  • User – Select from the list.

  • Account – Select from the list. Or, select + New to add an account. See section 7.2.

  • Enabled – Clear to disable the policy.

  • Subscription – Select from the list.

  • Schedules – Optionally, select one or more schedules from the list, or select + New to add a schedule. See section 4.3.

  • Auto Target Removal – Select Yes to automatically remove a non-existing target from the policy.

4. Select the Backup Targets tab. 5. In the Add Backup Targets menu, select the targets to backup, Disks and/or Virtual Machines. The Add Virtual Machines / Disks screen opens. 6. When selecting Virtual Machines, it is required to filter by the Location of the target resources using the list in the upper left corner before selecting the individual targets. Filtering by Resource Group is optional.

7. When finished selecting targets, select Add selected. The Backup Targets tab lists the selected targets.

7.5 Backing Up an Azure Policy

To view the policy progress and backups, select Backup Monitor.

  • The backup progress is shown in the Status column.

  • Use the Cloud buttons to display the Azure policies.

7.6 Recovering from an Azure Backup

Only one VM is recoverable during a recovery operation.

After creating a backup, you can recover it from the Backup Monitor.

In the VM recovery Basic Options, there are Azure options for replicating data to additional locations in order to protect against potential data loss and data unavailability:

  • Availability Zone – A redundant data center (different building, different servers, different power, etc.), within a geographical area that is managed by Azure.

  • Availability Set – A redundant data center (different building, different servers, different power, etc.) that can be launched and fully configured by the customer and managed by the customer.

  • No Redundancy Infrastructure Required – By selecting this option, the customer can choose not to replicate its data to an additional (redundant) location in another zone or set. By choosing this option, the customer would save some money, but in rare cases (usually 11 9s of durability and 99.9% of availability), the customer can experience some degree of data loss and availability.

In the Disk Recovery screen, you may be presented with an option to change the encryption when recovering certain disks.

7.6.1 Recovering a VM and Disks

To recover a VM and/or attached disks:

b. In the Availability Type list, select one of the following:

  • No Infrastructure Redundancy Required – Select to not replicate data at a redundant location in another zone or set.

  • Availability Zone – Select a zone in the Availability Zone list.

  • Availability Set – Select a set in the Availability Set list.

c. In the Private IP Address box, assign an available IP address or switch the Custom toggle key to Auto assigned. d. In the Disks tab, enter a new Name for each disk. Similar names will cause the recovery to fail. e. Select Recover Virtual Machine.

3. To recover only Disks attached to the VM, select Recover Disks Only. a. In the Disks tab, enter a new Name for each disk. Similar names will cause the recovery to fail. b. See Note in section 7.5 about changing the Encryption Set for certain disks. c. Change other settings as needed. d. Select Recover Disk.

7.6.2 Recovering Independent Disks

To recover from backups with independent disks:

2. In the Independent Disks tab:

a. Enter a new Name for each disk to recover as similar names will cause failure. b. See Note in section 7 about changing the Encryption Set for certain disks. c. Change other settings as needed.

d. Select Recover Disk.

Last updated