26 Using N2WS with Azure
Manage the backup and recovery of your Azure resources.
Previous25 Monitoring Costs and Savings with N2WSNextAppendix A Recommended Configuration for Copy to S3 with N2WS
Last updated
Manage the backup and recovery of your Azure resources.
Last updated
Following are the steps for setup, backup, and recovery of Azure VMs, Disks, and SQL Servers:
Before starting, configure N2WS Backup & Recovery according to section .
After the final configuration screen, prepare your Azure Subscription by adding the required permissions and custom IAM role in Azure. See section .
Register the CPM app in Azure. See section .
Create an N2WS account user as usual and configure resource limitations for Azure as described in section .
Assign a custom role to your app. See section .
In N2WS, add an Azure account with the custom N2WS role. See section .
Create a Storage Account Repository for your data objects. See section .
Create an Azure policy in N2WS with Azure backup targets. See section .
Configure Azure Disaster Recovery. See section .
Back up the policy. See section .
Recover from a backup, including file-level recovery. See section .
N2WS Backup & Recovery needs the following permissions to perform backup and recovery actions.
Add your subscription ID value to the subscriptions attribute in the minimal permissions JSON.
4. Complete the form as follows using N2WSBackupRecoveryRole as the Custom role name, and then select the JSON file saved in step 1. 5. Create the role with the new JSON file.
In the Azure portal Dashboard section, go to the App registrations service.
In the Name box, type CPM-on-Azure and select Register.
3. Select the app. 4. Save the Application (client) ID and Directory (tenant) ID for use when adding the Azure account to N2WS.
In Azure, go to the Subscription service and select your subscription.
Select Access control (IAM).
Select Add and then select Add role assignment.
In the Role list, select your custom role.
In the Select list, select the app that you created.
Select Save.
In the Role assignments tab, verify that the custom role is assigned.
Log on to N2WS using the root username and password used during the N2WS configuration.
Select the Accounts tab.
Complete the New Azure Account screen using the App registration view information in the Azure portal as needed.
Name - Copy from your App registration name.
Directory (tenant) ID – Copy from your App registration.
Application (client) ID – Copy from your App registration.
Client Secret – Copy from your App registration Certificates & secrets in the App registration view, or set a new secret.
Scan Resources - Select to include the current account in tag scans performed by the system. The scan will cover all VMs and disks in all locations.
5. Select Save. The new account appears in the Accounts list as an Azure Cloud account.
A single Azure Storage Account container can have multiple repositories.
In N2WS, select the Storage Repositories tab.
In the New Storage Account Repository screen, complete the following fields, and select Save when complete.
Name - Type a unique name for the new repository, which will also be used as a folder name in the Azure Storage Account container. Only alphanumeric characters and the underscore are allowed.
Description - Optional brief description of the contents of the repository.
User – Select the user in the list.
Account - Select the account that has access to the Storage Account.
Subscriptions – Select the subscription that owns the Storage Account.
Resource Group – Select the Storage Account’s resource group.
Location – Select the Storage Account’s location.
Storage Account Name – Select the name of the Storage Account from the list.
Immutable Backups - Select to protect data store in the repository from accidental deletion or alteration. When enabled, the N2WS server puts a Lease on every object stored in the Storage Account repository. A leased object cannot be deleted or modified until the Lease is cancelled. You can specify the string that will be used as the Lease (in a UUID format), or let N2WS create one for you.
You can delete all snapshots copied to a specific Storage Account repository.
Deleting a repository is not possible when the repository is used by a policy. You must change the policy's repository to a different one before you can delete the Target repository.
Select the Storage Repositories tab.
Select the repository to delete.
Select Delete.
To back up resources in Azure, create an N2WS Azure policy.
In N2WS, select the Policies tab.
In the New Azure Policy screen, complete the fields:
Name – Enter a name for the policy.
Enabled – Clear to disable the policy.
Subscription – Select from the list.
Auto Target Removal – Select Yes to automatically remove a non-existing target from the policy.
4. Select the Backup Targets tab. 5. For each resource type to back up, in the Add Backup Targets menu, select a target. The applicable screen opens.
6. Before completing a policy with SQL Server backup targets, select a Target repository for the policy in the Storage Repository tab, and then select Save.
7. In the Backup Targets tab, review the selected targets, and then select Save.
An SQL Server backup is performed by a worker. The worker parameters for each SQL Server target are configured in the Policy SQL Server and Database Configuration screen, as shown in step 3 below. Backups are always full to enable fast restores.
Following are possible backup configurations for an SQL Server target:
Back up all databases
Include or Exclude only pre-selected databases in the backup process
Before selecting individual SQL Servers, it is required to filter by the Location of the target resources using the list in the upper left corner. Filtering by Resource Group is optional.
To add an SQL Server target:
In the Add Backup Targets menu, select SQL Servers. The Add SQL Servers table opens.
2. When finished selecting targets, select Add selected. The Backup Targets tab lists the selected targets.
4. In the Which Databases list, choose whether to back up All Databases on this server, or select databases, and then choose Include Selected or Exclude Selected.
5. For each database, change Private DNS Zone, SSH Key, Virtual Network, Subnet, Security Group, and Network Access as needed, and then select Apply.
6. In the Storage Repository tab, select the Target repository for the SQL Server backup, and then select Save.
Before selecting individual Virtual Machine targets, it is required to filter by the Location of the target resources using the list in the upper left corner. Filtering by Resource Group is optional.
On the Add Backup Targets menu, select Virtual Machines. The Add Virtual Machines table opens.
2. Select the virtual machines for backup, and then select Add selected. The Backup Targets tab lists the selected targets.
4. In the Which Disks list, select the disks to Include or Exclude in the backup. Change additional information as needed, and then select Apply.
1. In the Add Backup Targets menu, select Disks.
Enabling Immutable Backups will prevent the unauthorized deletion of Azure VM and disk snapshots. When a policy is enabled for Immutable Backups, a ‘Delete’ lock type is assigned to a disk snapshot until the lock is removed. The lock is removed by N2WS before Cleanup or by user-initiated deletion.
To enable immutable backups:
Select the relevant policy.
In the More Options tab, select Enable Immutable Backups.
To view the Lock Type in Azure:
On the Azure console, go to the Snapshot page and select Locks.
The DR operation copies managed disk snapshots to selected locations.
In the DR tab, select Enable DR.
Complete DR Frequency and DR Timeout.
In the Target Locations list, select the DR target locations.
Azure can manage private access disks using a Disk Access resource, which is based on subscription and location. For disk targets using private access, provide a tag with the ID of the Disk Access resource on the selected DR locations.
To provide a Disk Access ID, add a tag to the resource as follows:
Key: ‘cpm_dr_disk_access’ or ‘cpm_dr_disk_access:<LOCATION>’; Value: ‘<Disk Access ID>’
If disks are attached to a Virtual Machine target and same Disk Access is used for all backed up disks, it is sufficient to add the tag to the Virtual Machine and not each disk.
If a single DR location is selected, there is no need for ‘:<LOCATION>’ in the tag key.
If the policy has a schedule, the policy will backup automatically according to the schedule.
After creating a backup, you can recover it from the Backup Monitor.
In the VM recovery Basic Options, there are Azure options for replicating data to additional locations
to protect against potential data loss and data unavailability:
Availability Zone – A redundant data center (different building, different servers, different power, etc.) within a geographical area that is managed by Azure.
Availability Set – A redundant data center (different building, different servers, different power, etc.) that can be launched and fully configured by the customer and managed by the customer.
No Redundancy Infrastructure Required – By selecting this option, the customer can choose not to replicate its data to an additional (redundant) location in another zone or set. By choosing this option, the customer would save some money, but in rare cases (usually 11 9s of durability and 99.9% of availability), the customer can experience some degree of data loss and availability.
In the Disk Recovery screen, you may be presented with an option to change the encryption when recovering certain disks.
To recover a VM and/or attached disks:
b. In the Availability Type list, select one of the following:
No Infrastructure Redundancy Required – Select to not replicate data at a redundant location in another zone or set.
Availability Zone – Select a zone in the Availability Zone list.
Availability Set – Select a set in the Availability Set list.
c. In the Private IP Address box, assign an available IP address or switch the Custom toggle key to Auto assigned. d. In the Disks tab, enter a new Name for each disk. Similar names will cause the recovery to fail. e. Select Recover Virtual Machine.
To recover from backups with independent disks:
In the Independent Disks tab:
Enter a new Name for each disk to recover as similar names will cause failure.
Change other settings as needed.
Select Recover Disk.
When recovering from a backup that includes DR (DR is in Completed state), the same Recover screen opens but with the addition of the Restore to Location drop-down list.
Default location is Origin, which will recover all the objects from the original backup. It will perform the same recovery as a policy with no DR.
When choosing one of the other regions, the objects are listed and are recovered in the selected location.
You can recover an SQL Server and some of or all its databases or just the SQL databases.
To recover an SQL Server with some or all its databases:
3. In the Server Admin Login and Password boxes, provide the credentials to use in the recovered SQL Server.
4. In the Network tab:
a. Select the Minimum TLS Version in the list.
b. Select Firewall Rules and Virtual Network Rules, or select Deny Pubic Network Access.
5. In the SQL Databases tab, select the databases to recover.
6. In the Worker Options tab, set values to enable communication between the Worker and the SQL Server.
7. Select Recover SQL Server.
To recover SQL Databases only:
In the SQL Databases tab, enter a new Name for each database. Similar names will cause the recovery to fail.
3. Change other settings as needed.
4. Select Recover SQL Database.
When you back up an Azure Virtual Machine or disks, you can recover individual files from the backup without having to recover the entire Virtual Machine or all disks.
To recover individual files from a snapshot of an Azure disk or Virtual Machine:
To explore files from an entire virtual machine, go to the Virtual Machine tab, select the virtual machine, and then select Explore Disks Files.
To explore files from one or more disks belonging to a virtual machine, go to the Virtual Machine tab, select the virtual machine, then select Recover Disks Only. Select one or more disks, and then select Explore Disks.
To explore files from an independent disk, go to the Independent Disks tab, select the disk, and then select Explore Disks.
If multiple backups of the chosen target exist, you will be prompted to select the number of different backups to explore. Select the desired number, and then select Start Session.
N2WS allows recovering an AWS volume backup to Azure.
Limitations:
Cross-cloud recovery is supported only for Instance Volume backups copied to S3.
From the UI, such recovery can only be initiated for one volume at a time chosen from the Volume Recovery from Instance screen.
OS\root disk functionality doesn’t migrate from AWS to S3. If N2WS recovers an AWS root volume to Azure, an Azure VM can’t be spined up from that disk.
To recover an volume from S3 to Azure:
In the Backup Monitor, select an Instance backup that was copied to S3, and then select Recover.
In the Recover screen, select the instance from which the volume is to be recovered.
In the Restore from list, choose the repository to which the volume was copied.
In the Restore to Account list, choose the Azure account to restore to.
In the Subscription list, choose the subscription to restore to.
Select Recover volumes only.
7. In the Volume Recovery from Instance screen, select one volume to recover.
8. In the Disk Name box, type the name of the disk to be recovered in Azure.
9. In the Resource Group list, choose the resource group to which the disk will be recovered.
10. Optionally, choose an Availability Zone to recover to and the Encryption Set to use on the recovered disk.
11. Select Recover Volume.
For the minimal permissions for Azure, see
2. Log on to the Azure Portal, , and go to your subscription. Select a subscription that you want to use with N2WS Backup & Recovery. 3. Select Access control (IAM), select +Add, and then select Add custom role.
5. Select Add a certificate or secret. 6. Select New client secret. 7. Complete the secret values, and save.
If you have a license for Azure cloud, select Azure account in the + New menu.
In the User list, select your username. Or, select New to add a new user. See section .
Storage Account repositories are where backups of SQL servers are stored. Storage Account repositories can also serve as cross-cloud storage for AWS volume snapshots via a Lifecycle policy. For more details, see section .
In the New menu, select Storage Account Repository.
Use the Cloud buttons to display the Azure repositories.
Before saving a policy with an SQL Server backup target, the policy must have a Storage Account Repository. To create a Storage Account Repository, see ‎section .
On the New menu, select Azure policy.
User – Select from the list. Or, select New to add a user. See section .
Account – Select from the list. Or, select New to add an account. See section .
Schedules – Optionally, select one or more schedules from the list, or select New to add a schedule. See section .
For Virtual Machines, see section ‎.
For SQL Servers and their databases, see section ‎.
For Azure disks, see section ‎.
3. To choose which databases to back up for each SQL Server, select a server, and then select Configure. The Policy SQL Server and Database Configuration screen opens.
3. To choose which disks to back up for each Virtual Machine target, select a machine, and then select Configure. The Policy Virtual Machine and Disk Configuration screen opens.
2. Select the Disks to back up, and then selectConfigure for each target.
3. Configure disk information, such as Encryption Set. To expand the configuration section for a disk, select the right arrow . Change the Name to the desired name for the recovered disk, and then select Close.
To run a policy as soon as possible, select the policy and select Run ASAP in the Policies view.
To view the policy progress and backups, select Backup Monitor, and use the Cloud button to display the Azure () policies. The backup progress is shown in the Status column.
After choosing the objects to recover, you can view the recovery process by selecting Recovery Monitor. Use the Cloud buttons to display the Azure () recoveries.
To add an additional layer of encryption during the recovery process, see .
After choosing the objects to recover, you can view the recovery process by selecting Recovery Monitor. Use the Cloud buttons to display the Azure ( ) recoveries.
In the Backup Monitor, select the backup and then selectRecover.
2. To recover a VM, with or without its attached disks, select the VM snapshot that you want to recover from and then selectRecover.
a. In the Virtual Machines tab of the Recover screen, select 1 VM and then selectRecover. The Basic Options tab opens.
3. To recover only Disks attached to the VM, select Recover Disks Only. a. In the Disks tab, enter a new Name for each disk. Similar names will cause the recovery to fail. b. See Note in section about changing the Encryption Set for certain disks. c. Change other settings as needed. d. Select Recover Disk.
Select the backup and then selectRecover as in step 1 of the VM recovery.
See section about changing the Encryption Set for certain disks.
In the Backup Monitor, select the backup, and then select Recover.
Select the SQL Server snapshot that you want to recover from and then select Recover.
2. In the SQL Servers tab of the Recover screen, select 1 SQL Server and then select Recover. The Basic Options tab opens.
Select the SQL Server snapshot that you want to recover from and then select Recover SQL Databases Only.
Complete the steps required to configure a worker to be launched in the account, subscription, and location of the source snapshot. See section .
In the Backup Monitor, select the backup, and then select Recover.
12. To follow the progress of the recovery, select the Open Recovery Monitor link in the ‘Recovery started’ message at the top right corner, or select the Recovery Monitor tab.
13. To view details of the recovery process, select the recovery record, and select Log. Select Refresh as needed.
