# 26  Using N2W with Azure

Following are the steps for setup, backup, and recovery of Azure VMs, Disks, and SQL Servers:

1. Before starting, configure N2W Backup & Recovery according to section [2](https://docs.n2ws.com/user-guide/2-configuring-n2ws).
2. After the final configuration screen, prepare your Azure Subscription by adding the required permissions and custom IAM role in Azure. See section [26.1](#26.1-setting-up-your-azure-subscription).
3. Enable Azure Cloud as one of your UI defaults in N2W **Server Settings > General Settings > User UI Default**.
4. Register the CPM app in Azure. See section [26.2](#26.2-registering-your-azure-app).
5. Create an N2W account user as usual and configure resource limitations for Azure as described in section [18.3](https://docs.n2ws.com/user-guide/18-user-management#18-3-user-definitions).
6. Assign a custom role to your app. See section [26.3](#26.3-assigning-the-custom-role-to-your-app).
7. In N2W, add an Azure account with the custom N2W role. See section [26.4](#26.4-adding-an-azure-account-to-n2ws).
8. Create a Storage Account Repository for your data objects. See section [26.5](#26.5-the-storage-account-repository).
9. Create an Azure policy in N2W with Azure backup targets. See section [26.6](#26.6-creating-an-azure-policy).
10. Configure Azure Disaster Recovery. See section [26.7](#26.7-configuring-azure-dr).
11. Back up the policy. See section [26.8](#26.8-backing-up-an-azure-policy).
12. Recover from a backup, including file-level recovery. See section [26.9](#id-26.9-recovering-from-an-azure-backup).

{% hint style="info" %}
You can design a Recovery Scenario to automatically coordinate sequential recoveries for several or all backup target types in a single Azure policy during one recovery session. See section ‎‎[24.3](https://docs.n2ws.com/user-guide/24-orchestrating-recovery-scenarios#24-3-creating-a-recovery-scenario).

For Recovery Scenarios, it is important to configure the recovery details for each VM and SQL Server target.
{% endhint %}

## 26.1  Setting Up Your Azure Subscription

N2W Backup and Recovery needs the following permissions to perform backup and recovery actions.

1. For the minimal permissions for Azure, see <https://n2ws.zendesk.com/hc/en-us/articles/33252710830109--4-5-0-Required-Minimum-Azure-permissions-for-N2W-operations>
2. Add your subscription ID value to the `subscriptions` attribute in the minimal permissions JSON.

```
{
    "properties": {
        "roleName": "CPM",
        "description": "",
        "assignableScopes": [
            "/subscriptions/<subscriptionID>"
        ],
        "permissions": [
            {
                "actions": [
                    "Microsoft.Compute/virtualMachines/read",
                    "Microsoft.Compute/disks/read",
                    "Microsoft.Compute/snapshots/write",
                    "Microsoft.Network/networkInterfaces/read",
                    "Microsoft.Compute/snapshots/read",
                    "Microsoft.Resources/subscriptions/resourceGroups/read",
                    "Microsoft.Compute/disks/write",
                    "Microsoft.Compute/snapshots/delete",
                    "Microsoft.Resources/subscriptions/resourceGroups/delete",
                    "Microsoft.Network/virtualNetworks/read",
                    "Microsoft.Network/virtualNetworks/subnets/read",
                    "Microsoft.Network/networkInterfaces/write",
                    "Microsoft.Network/virtualNetworks/subnets/join/action",
                    "Microsoft.Network/networkInterfaces/join/action",
                    "Microsoft.Compute/virtualMachines/write",
                    "Microsoft.Compute/diskEncryptionSets/read",
                    "Microsoft.Compute/virtualMachines/powerOff/action",
                    "Microsoft.Compute/virtualMachines/start/action",
                    "Microsoft.Compute/availabilitySets/read",
                    "Microsoft.Compute/availabilitySets/vmSizes/read"
                ],
                "notActions": [],
                "dataActions": [],
                "notDataActions": []
            }
        ]
    }
}

```

&#x20;   2\. Log on to the Azure Portal, <https://portal.azure.com>, and go to your subscription. Select a subscription that you want to use with N2W Backup & Recovery. <img src="https://content.gitbook.com/content/5oB64hgFIX2jdQ2O72cF/blobs/HzS7KwgL0mLUln4CUPtT/Azure%20subscription.png" alt="" data-size="line"> \
&#x20;   3\. Select **Access control (IAM)**, select **+Add**, and then select **Add custom role**.

![](https://content.gitbook.com/content/5oB64hgFIX2jdQ2O72cF/blobs/2YGvhjcwsJx2RxOVwTrv/image.png)

&#x20;   4\. Complete the form adding a name for the c**ustom role**, and then select the JSON file saved in step 1.\
&#x20;   5\. Create the role with the new JSON file.

![](https://content.gitbook.com/content/5oB64hgFIX2jdQ2O72cF/blobs/cTK5JPKE2ZPu4P7tHNFL/Azure%20create%20custom%20role%202.png)

## 26.2  Registering Your Azure App

1. In the Azure portal **Dashboard** section, go to the **App registrations** service.
2. In the **Name** box, type **CPM-on-Azure** and select **Register.**

![](https://content.gitbook.com/content/5oB64hgFIX2jdQ2O72cF/blobs/suZPjMVUCO9LGCSs2bDk/image.png)

&#x20;   3\. Select the app.\
&#x20;   4\. Save the **Application (client) ID** and **Directory (tenant) ID** for use when adding the Azure account to N2W.

![](https://content.gitbook.com/content/5oB64hgFIX2jdQ2O72cF/blobs/Jz52K6Wxpu9SdNELNoKR/image.png)

&#x20;   5\. Select **Add a certificate or secret**.\
&#x20;   6\. Select<img src="https://content.gitbook.com/content/5oB64hgFIX2jdQ2O72cF/blobs/mTpJiDA1RBi5iMwm7abe/New%20icon.png" alt="" data-size="line"> **New client secret**.\
&#x20;   7\. Complete the secret values, and save.

![](https://content.gitbook.com/content/5oB64hgFIX2jdQ2O72cF/blobs/pGnyORtcv9TdfDnOhHJR/image.png)

## 26.3  Assigning the Custom Role to your App

1. In Azure, go to the **Subscription** service and select your subscription.
2. Select **Access control (IAM).**
3. Select **Add** and then select **Add role assignment**.
4. In the **Role** list, select your custom role.
5. In the **Select** list, select the app that you created.
6. Select **Save**.
7. In the **Role assignments** tab, verify that the custom role is assigned.

![](https://content.gitbook.com/content/5oB64hgFIX2jdQ2O72cF/blobs/UFyOB8UO7poIgVTh1vE8/26-3%20azure%20role.png)

{% hint style="info" %}
It might take time for Azure to propagate the changes in IAM.
{% endhint %}

## 26.4  Adding an Azure Account to N2W

1. Log on to N2W using the root username and password used during the N2W configuration.
2. Select the **Accounts** tab.
3. If you have a license for Azure cloud, select **Azure account** in the **+ New** menu.  <img src="https://content.gitbook.com/content/5oB64hgFIX2jdQ2O72cF/blobs/6ZLHDWJ49RTtv9Mb6Vsd/image.png" alt="" data-size="original">
4. Complete the New Azure Account screen using the App registration view information in the Azure portal as needed.

<figure><img src="https://content.gitbook.com/content/5oB64hgFIX2jdQ2O72cF/blobs/4Ls2W9MbPVi36zDMNoBG/26-4%20New%20Azure%20Acct.png" alt=""><figcaption></figcaption></figure>

* **Name** - Copy from your App registration name.
* In the **Use**r list, select your username. Or, select <img src="https://content.gitbook.com/content/5oB64hgFIX2jdQ2O72cF/blobs/mTpJiDA1RBi5iMwm7abe/New%20icon.png" alt="" data-size="original"> **New** to add a new user. See section [18](https://docs.n2ws.com/user-guide/18-user-management).
* **Directory (tenant) ID** – Copy from your App registration.
* **Application (client) ID** – Copy from your App registration.
* **Client Secret** – Copy from your App registration Certificates & secrets in the App registration view, or set a new secret.
* **Scan Resources** - Select to include the current account in tag scans performed by the system. The scan will cover all VMs and disks in all locations.

&#x20; 5\. Select **Save**. The new account appears in the Accounts list as an Azure Cloud account.

![](https://content.gitbook.com/content/5oB64hgFIX2jdQ2O72cF/blobs/iu1EqGPGcoQGJS5I5ocp/26-4%20add%20azure%20acct%20to%20n2ws-cropped.png)

&#x20;\
&#x20;  &#x20;

## 26.5  The Storage Account Repository

Storage Account repositories are where backups of SQL servers are stored. Storage Account repositories can also be used to store disk snapshots via Lifecycle policy or serve as cross-cloud storage for AWS volume snapshots via a Lifecycle policy. For more details, see section [21](https://docs.n2ws.com/user-guide/21-managing-snapshots-with-lifecycle-policies).

A single Azure Storage Account container can have multiple repositories.

### 26.5.1  Configuring an Azure Storage Repository

<figure><img src="https://content.gitbook.com/content/5oB64hgFIX2jdQ2O72cF/blobs/DBu6SdF9pWuW8GE21Wx7/image.png" alt=""><figcaption></figcaption></figure>

1. In N2W, select the **Storage Repositories** tab.
2. In the <img src="https://content.gitbook.com/content/5oB64hgFIX2jdQ2O72cF/blobs/mTpJiDA1RBi5iMwm7abe/New%20icon.png" alt="" data-size="line"> **New** menu, select **Azure** **Storage Repository**.
3. In the Storage Repositories screen, complete the following fields, and select **Save** when complete.

![](https://content.gitbook.com/content/5oB64hgFIX2jdQ2O72cF/blobs/McqJcOXGgGFmHcpsEsUs/Azure%20storage%20acct%20new%20add%20page.png)

* **Name** - Type a unique name for the new repository, which will also be used as a folder name in the Azure Storage Repository container. Only alphanumeric characters and the underscore are allowed.
* **Description** - Optional brief description of the contents of the repository.
* **User** – Select the user in the list.
* **Account** - Select the account that has access to the Storage Repository.
* **Subscriptions** – Select the subscription that owns the Storage Repository.
* **Resource Group** – Select the Storage Repository's resource group.
* **Location** – Select the Storage Repository’s location.
* **Storage Account Name** – Select the name of the Storage Account from the list.
* **Immutable backups** - Select to protect data stored in the repository from accidental deletion or alteration. When enabled, the N2W server puts a Lease on every object stored in the Storage Repository. A leased object cannot be deleted or modified until the Lease is cancelled. You can specify the string that will be used as the Lease (in a UUID format), or let N2W create one for  you.

### 26.5.2 Deleting a Storage Repository

You can delete all snapshots copied to a specific Storage Repository.

{% hint style="warning" %}
Deleting a repository is not possible when the repository is used by a policy. You must change the policy's repository to a different one before you can delete the Target repository.
{% endhint %}

1. Select the **Storage Repositories** tab.
2. Use the **Cloud** buttons to display the Azure <img src="https://content.gitbook.com/content/5oB64hgFIX2jdQ2O72cF/blobs/ICyTpsAjmKgLfNmesZMl/Azure%20icon.png" alt="" data-size="line">repositories.
3. Select the repository to delete.
4. Select ![](https://content.gitbook.com/content/5oB64hgFIX2jdQ2O72cF/blobs/WzNaBNo1dd8QYLWbXEff/image.png) **Delete**.

## 26.6 Creating an Azure Policy

To back up resources in Azure, create an N2W Azure policy.&#x20;

{% hint style="info" %}
Before saving a policy with an SQL Server backup target, the policy *must* have a Storage Repository. To create a Storage Repository, see ‎section [26.5](#26.5-the-storage-account-repository).
{% endhint %}

1. In N2W, select the **Policies** tab.
2. On the <img src="https://content.gitbook.com/content/5oB64hgFIX2jdQ2O72cF/blobs/mTpJiDA1RBi5iMwm7abe/New%20icon.png" alt="" data-size="line"> **New** menu, select **Azure policy**.
3. In the New Azure Policy screen, complete the fields:

* **Name** – Enter a name for the policy.
* **User** – Select from the list. Or, select<img src="https://content.gitbook.com/content/5oB64hgFIX2jdQ2O72cF/blobs/RmzySuMCCFVbhuAcapZ4/image.png" alt="" data-size="line"> **New** to add a user. See section [18](https://docs.n2ws.com/user-guide/18-user-management).
* **Account** – Select from the list. Or, select <img src="https://content.gitbook.com/content/5oB64hgFIX2jdQ2O72cF/blobs/RmzySuMCCFVbhuAcapZ4/image.png" alt="" data-size="line"> New to add an account. See section [26.2](#26.2-registering-your-azure-app).
* **Enabled** – Clear to disable the policy.
* **Subscription** – Select from the list.
* **Schedules** – Optionally, select one or more schedules from the list, or select <img src="https://content.gitbook.com/content/5oB64hgFIX2jdQ2O72cF/blobs/mTpJiDA1RBi5iMwm7abe/New%20icon.png" alt="" data-size="line"> **New** to add a schedule. See section [4.1.1](https://docs.n2ws.com/user-guide/4-defining-backup-policies#4-1-1-defining-schedules).
* **Auto Target Removal** – Select **Yes** to automatically remove a non-existing target from the policy.

&#x20;   4\.  Select the **Backup Targets** tab.\
&#x20;   5\.  For each resource type to back up, in the **Add Backup Targets** menu, select a target. The applicable screen opens.

* For Virtual Machines, see section ‎[26.6.2](#26.6.2-adding-an-azure-virtual-machine).
* For SQL Servers and their databases, see section ‎[26.6.1](#26.6.1-adding-an-sql-server-target).
* For Azure disks, see section ‎[26.6.3](#26.6.3-adding-an-azure-disk-backup-target).

&#x20; 6\.  Before completing a policy with SQL Server backup targets, select a **Target repository** for the policy in the **Storage Repository** tab, and then select **Save**.

&#x20; 7\.  In the **Backup Targets** tab, review the selected targets, and then select **Save**.

![](https://content.gitbook.com/content/5oB64hgFIX2jdQ2O72cF/blobs/1NYowaPgx02FxlL9OKjv/Azure%20VM%20bckup%20targets%20tab%20edited.png)

### **26.6.1 Adding an SQL Server Target**

An SQL Server backup is performed by a worker. The worker parameters for each SQL Server target are configured in the Policy SQL Server and Database Configuration screen, as shown in step 3 below.&#x20;

* Backups are always full to enable fast restores.
* Backups are kept in an Azure Repository.

{% hint style="warning" %}
The default behavior for workers has changed in 4.3.0. The worker used for SQL Backup & Recover now uses a private IP instead of a public IP. To change:

1\.     Connect to your N2W Backup and Recovery Instance with SSH Client.

2\.     Type sudo su.

3\.     Add the following lines to `/cpmdata/conf/cpmserver.cfg`:

&#x20;        `[azure_worker]`

&#x20;        `assign_public_ip_to_public_sql_server_workers=True`

4\.     Run service apache2 restart

5\.     Choose the worker’s Vnet and subnet as the SQL Server.
{% endhint %}

Following are possible backup configurations for an SQL Server target:

* Back up all databases
* Include or Exclude only pre-selected databases in the backup process

{% hint style="warning" %}
*Before* selecting individual SQL Servers, it is *required* to filter by the **Location** of the target resources using the list in the upper left corner. Filtering by **Resource Group** is optional.
{% endhint %}

**To add an SQL Server target:**

1. In the **Add Backup Targets** menu, select **SQL Servers**. The Add SQL Servers table opens.

<figure><img src="https://content.gitbook.com/content/5oB64hgFIX2jdQ2O72cF/blobs/6alw5bv5jBu9AF0GukdB/Azure%20SQL%20Server%20bckup%20cropped.png" alt=""><figcaption></figcaption></figure>

&#x20;2\. When finished selecting targets, select **Add selected**. The **Backup Targets** tab lists the selected targets.

![](https://content.gitbook.com/content/5oB64hgFIX2jdQ2O72cF/blobs/TKG78m0FVf6CBOMxzqUi/Azure%20VM%20bckup%20trget%20cropped.png)

&#x20;  3\. To choose which databases to back up for each SQL Server, select a server, and then select <img src="https://content.gitbook.com/content/5oB64hgFIX2jdQ2O72cF/blobs/bdc8yYXivvOVPuEqXLBQ/Configure%20icon.png" alt="" data-size="line"> **Configure**. The Policy SQL Server and Database Configuration screen opens.

<figure><img src="https://content.gitbook.com/content/5oB64hgFIX2jdQ2O72cF/blobs/T8JN8juIvsT6tChrDd8l/Azure%20SQL%20Server%20bckup%20config-cropped.png" alt=""><figcaption></figcaption></figure>

&#x20;4\. In the **Which Databases** list, choose whether to back up **All Databases** on this server, or select databases, and then choose **Include** Selected or **Exclude Selected**.

&#x20;5\. For each database, change **Private DNS Zone**, **SSH Key**, **Virtual Network**, **Subnet**, **Security** **Group**, and **Network Access** as needed, and then select **Apply**.

&#x20;6\. In the **Storage Repository** tab, select the Target repository for the SQL Server backup, and then select **Save**.

### &#x20;26.6.2 Adding an Azure Virtual Machine

{% hint style="warning" %}
*Before* selecting individual Virtual Machine targets, it is *required* to filter by the **Location** of the target resources using the list in the upper left corner. Filtering by **Resource Group** is optional.
{% endhint %}

1. On the **Add Backup Targets** menu, select **Virtual Machines**. The Add Virtual Machines table opens.

![](https://content.gitbook.com/content/5oB64hgFIX2jdQ2O72cF/blobs/n95cAU2ewVMAQ1nBCDuk/26-6%20Azure%20policy-cropped.png)

&#x20; 2\. Select the virtual machines for backup, and then select **Add selected**. The **Backup Targets** tab lists the selected targets.

<figure><img src="https://content.gitbook.com/content/5oB64hgFIX2jdQ2O72cF/blobs/1NYowaPgx02FxlL9OKjv/Azure%20VM%20bckup%20targets%20tab%20edited.png" alt=""><figcaption></figcaption></figure>

&#x20;3\. To choose which disks to back up for each Virtual Machine target, select a machine, and then select <img src="https://content.gitbook.com/content/5oB64hgFIX2jdQ2O72cF/blobs/bdc8yYXivvOVPuEqXLBQ/Configure%20icon.png" alt="" data-size="line"> **Configure**. The Policy Virtual Machine and Disk Configuration screen opens.

&#x20;4\. In the **Which Disks** list, select the disks to Include or Exclude in the backup. Change additional information as needed, and then select **Apply.**

### 26.6.3 Adding an Azure Disk Backup Target

**To define backup success, retries, and failures for alerting:**

1. In the **Add Backup Targets** menu, select **Disks**.
2. Select the Disks to back up, and then select![](https://content.gitbook.com/content/5oB64hgFIX2jdQ2O72cF/blobs/RFmEyWaPtbFVpTbPBifo/Configure%20icon.png) **Configure** for each target.
3. Configure disk information, such as Encryption Set. To expand the configuration section for a disk, select the right arrow ![](https://content.gitbook.com/content/5oB64hgFIX2jdQ2O72cF/blobs/Q7uQxQRn1N3IaG4keP8E/right%20arrow%20icon.png). Change the **Name** to the desired name for the recovered disk, and then select **Close**.

### 26.6.4  Setting Backup Success and Retry Policy

**To define backup success, retries, and failures for alerting:**

1. Select the relevant policy.
2. In the **More Options** tab, complete the backup, retry, and alert options as described in section [‎4.2.4](https://docs.n2ws.com/user-guide/4-defining-backup-policies#id-4-2-4-more-options).

{% hint style="info" %}
N2W version 4.4.0 *does not* support 'partial retry' for SQL Server targets.
{% endhint %}

<figure><img src="https://content.gitbook.com/content/5oB64hgFIX2jdQ2O72cF/blobs/m7dwpuypFtzuHv8jUj01/Azure%20More%20Options.png" alt=""><figcaption></figcaption></figure>

### 26.6.5  Enabling Immutable Backups

Enabling Immutable Backups will prevent the unauthorized deletion of Azure VM and disk snapshots. When a policy is enabled for Immutable Backups, a ‘Delete’ lock type is assigned to a disk snapshot until the lock is removed. The lock is removed by N2W before Cleanup or by user-initiated deletion.

**To enable immutable backups:**

1. Select the relevant policy.
2. In the **More Options** tab, select **Enable Immutable Backups**.

**To view the Lock Type in Azure:**

On the Azure console, go to the **Snapshot** page and select **Locks.**

<figure><img src="https://content.gitbook.com/content/5oB64hgFIX2jdQ2O72cF/blobs/VXMInE389tXPjw7bandg/Azure%20immutable%20backups.png" alt=""><figcaption></figcaption></figure>

{% hint style="info" %}
The following permissions are required:

o   Microsoft.Authorization/locks/read

o   Microsoft.Authorization/locks/write

o   Microsoft.Authorization/locks/delete
{% endhint %}

## 26.7 Configuring Azure DR

The DR operation copies managed disk snapshots to selected locations. Policies may be enabled for cross-location and cross-subscription DR.

1. In the **DR** tab, select **Enable DR**.
2. Complete **DR Frequency** and **DR Timeout**.
3. Select **Cross-Location Backup (DR**) or **Cross-Subscription Backup (DR).**
4. If you selected **Cross-Location Backup (DR**), select the DR target locations in the **Target Locations** list.

![](https://content.gitbook.com/content/5oB64hgFIX2jdQ2O72cF/blobs/JIRlFuZRMyIcvp1niBAM/Azure%20policy%20DR%20locations.png)

&#x20; 5\.  If you selected **Cross-Subscription Backup (DR**), complete the following:

* **To Subscription** – Select the subscription to copy the snapshots to.\
  All policy account subscriptions can be the DR subscription target, except for the subscription of the policy (the original subscription).
* **DR Subscription Target Locations** – Select the location (or locations) you want to copy the snapshots of the policy to. To include all Target locations selected for backup, select Original Location(s) in the list. Select additional locations as needed.
* **Keep Original Snapshots** – By default, the original snapshot from the source location is kept. If disabled, once the snapshot is copied to the DR subscription, it will be deleted from the source location.

<figure><img src="https://1476770828-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F5oB64hgFIX2jdQ2O72cF%2Fuploads%2F6LgOObQqf7aM16zatmUx%2Fimage.png?alt=media&#x26;token=fdc1e091-83fa-49b4-aacc-f0cdd2b83975" alt=""><figcaption></figcaption></figure>

{% hint style="info" %}
To use a different Resource Group on the target location/subscription for copied snapshot, add a tag to the backup target resource (disk or VM):

·       Tag key - `cpm_dr_resource_group`

·       Tag value - TARGET\_RESOURCE\_GROUP\_NAME
{% endhint %}

### 26.7.1 Setting a Tag for Managed Disks with Disk Access

Azure can manage private access disks using a Disk Access resource, which is based on subscription and location. For disk targets using private access, provide a tag with the ID of the Disk Access resource on the selected DR locations.

**To provide a Disk Access ID, add a tag to the resource as follows**:

Key: ‘**cpm\_dr\_disk\_access’** or ‘**cpm\_dr\_disk\_access:`<LOCATION>`’;** Value: ‘**`<Disk Access ID>`’**

* If disks are attached to a Virtual Machine target and same Disk Access is used for all backed up disks, it is sufficient to add the tag to the Virtual Machine and not each disk.
* If a single DR location is selected, there is no need for ‘:`<LOCATION>`’ in the tag key.

## 26.8 Backing Up an Azure Policy

If the policy has a schedule, the policy will backup automatically according to the schedule.&#x20;

1. To run a policy as soon as possible, select the policy and select<img src="https://content.gitbook.com/content/5oB64hgFIX2jdQ2O72cF/blobs/TPVGj3TAigrylJcEUzTq/Run%20icon.png" alt="" data-size="line"> **Run ASAP** in the Policies view.
2. To view the policy progress and backups, select **Backup Monitor**, and use the Cloud button to display the Azure (![](https://content.gitbook.com/content/5oB64hgFIX2jdQ2O72cF/blobs/lHtnFDMzIkYse7HrNknZ/Azure%20icon.png)) policies. The backup progress is shown in the **Status** column.&#x20;

![](https://content.gitbook.com/content/5oB64hgFIX2jdQ2O72cF/blobs/YXLKPGcqGvcXcu6fnJlO/26-8%20Bckup%20Azure%20policy-cropped.png)

## 26.9  Recovering from an Azure Backup

To recover from a Wasabi Repository, see section ‎[27.3](https://docs.n2ws.com/user-guide/27-using-wasabi-storage#id-27.3-recovering-from-wasabi-repositories).

To orchestrate recovery scenarios with Azure targets, see section ‎[24](https://docs.n2ws.com/user-guide/24-orchestrating-recovery-scenarios).

{% hint style="info" %}
Only one VM is recoverable during a recovery operation.
{% endhint %}

After creating a backup, you can recover it from the **Backup Monitor**.

After choosing the objects to recover, you can view the recovery process by selecting **Recovery Monitor**. Use the **Cloud** buttons to display the **Azure** (![](https://content.gitbook.com/content/5oB64hgFIX2jdQ2O72cF/blobs/lHtnFDMzIkYse7HrNknZ/Azure%20icon.png)) recoveries.

In the VM recovery **Basic Options**, there are Azure options for replicating data to additional locations&#x20;

to protect against potential data loss and data unavailability:

* **Availability Zone** – A redundant data center (different building, different servers, different power, etc.) within a geographical area that is **managed by** **Azure.**
* **Availability Set** – A redundant data center (different building, different servers, different power, etc.) that can be launched and fully configured by the customer and **managed by the customer.**
* **No Redundancy Infrastructure Required** – By selecting this option, the customer can choose not to replicate its data to an additional (redundant) location in another zone or set. By choosing this option, the customer would save some money, but in rare cases (usually 11 9s of durability and 99.9% of availability), the customer can experience some degree of data loss and availability.

In the Disk Recovery screen, you may be presented with an option to change the encryption when recovering certain disks.

{% hint style="info" %}

* To add an additional layer of encryption during the recovery process, see <https://docs.microsoft.com/en-us/azure/virtual-machines/disks-enable-customer-managed-keys-portal>.&#x20;
* Disk encryption settings can be changed only when the disk is unattached or the owner VM is deallocated.
  {% endhint %}

After choosing the objects to recover, you can view the recovery process by selecting **Recovery Monitor**. Use the **Cloud** buttons to display the **Azure** (![](https://content.gitbook.com/content/5oB64hgFIX2jdQ2O72cF/blobs/lHtnFDMzIkYse7HrNknZ/Azure%20icon.png) ) recoverie&#x73;**.**

### 26.9.1 Recovering a VM and Disks

**To recover a VM and/or attached disks:**

![](https://content.gitbook.com/content/5oB64hgFIX2jdQ2O72cF/blobs/bVdMWSGwIVyGOpTLNC68/26-9-1%20Recovr%20VM%20and%20disks%201-cropped.png)

1. In the **Backup Monitor**, select the backup and then select<img src="https://content.gitbook.com/content/5oB64hgFIX2jdQ2O72cF/blobs/N715zPA8tn3VNU6yOr2K/Recover%20icon.png" alt="" data-size="line">**Recover**.

![](https://content.gitbook.com/content/5oB64hgFIX2jdQ2O72cF/blobs/gwxgqMznGiFbFHam8pIk/26-9-1%20Recovr%20VM%20and%20disks%202-cropped.png)

&#x20;   2\.  To recover a VM, with or without its attached disks, select the VM snapshot that you want to recover from, and then select <img src="https://content.gitbook.com/content/5oB64hgFIX2jdQ2O72cF/blobs/N715zPA8tn3VNU6yOr2K/Recover%20icon.png" alt="" data-size="line"> **Recover**.

&#x20;        a. In the **Virtual Machines** tab of the Recover screen, select 1 VM, and then select <img src="https://content.gitbook.com/content/5oB64hgFIX2jdQ2O72cF/blobs/N715zPA8tn3VNU6yOr2K/Recover%20icon.png" alt="" data-size="line"> **Recover**. The **Basic Options** tab opens.

![](https://content.gitbook.com/content/5oB64hgFIX2jdQ2O72cF/blobs/2O06Rk3KXbrkkJOnH17Z/26-9-1%20Recovr%20VM%20and%20disks%203-cropped.png)

&#x20;        b. In the **Availability Type** list, select one of the following:

* **No Infrastructure Redundancy Required** – Select to not replicate data at a redundant location in another zone or set.
* **Availability Zone** – Select a zone in the **Availability Zone** list.
* **Availability Set** – Select a set in the **Availability Set** list.

&#x20;        c. In the **Private IP Address** box, assign an available IP address or switch the **Custom** toggle key to **Auto assigned**.

&#x20;        d. The default **Preserve Tags** action during recovery is **Preserve Original** for the virtual machine. To manage tags, see section ‎‎[10.3](https://docs.n2ws.com/user-guide/10-performing-recovery#id-10-3-instance-recovery).\
&#x20;        e. In the **Disks** tab, enter a new **Name** for each disk. Similar names will cause the recovery to fail.

<figure><img src="https://content.gitbook.com/content/5oB64hgFIX2jdQ2O72cF/blobs/IAFaj2yerufs9OIWQmNy/VM%20Disk%20recovery.png" alt=""><figcaption></figcaption></figure>

&#x20;        f. Select **Recover Virtual Machine**.

&#x20;   3\.  To recover only Disks attached to the VM, select **Recover Disks Only**.\
&#x20;        a. In the **Disks** tab, enter a new **Name** for each disk. Similar names will cause the recovery to fail.\
&#x20;        b.  See Note in section [26.5](#26.5-the-storage-account-repository) about changing the **Encryption Set** for certain disks.\
&#x20;        c.  Change other settings as needed.\
&#x20;        d.  Select **Recover Disk**.

### 26.9.2  Recovering a VM with Virtual Machine Scale Set

Following are the basic steps in recovering a VM with a Virtual Machine Scale set:

* In AWS, create a backup and recover disks.
* In Azure, create and configure a VM, and then attach the recovered disks.

**To recover a VM with a Virtual Machine Scale Set:**

1. Select a **successful backup**, and then select **Recovery**.
2. Select the **VM**, and choose **Recovery only Disks**.
3. Select the disks to recover, and then select **Recover Disk**.
4. After the disks are successfully recovered, go to the Azure portal, and locate the recovered root disk.
5. Select "**+ Create VM**".
6. Configure the **VM**:
   1. In **Availability Options**, select **Virtual Machine Scale Set**, and then proceed with the setup.
   2. In the **Disks** tab, make sure to **attach the existing recovered disks**.

### 26.9.3  Recovering Independent Disks

**To recover from backups with independent disks:**

1. &#x20;Select the backup and then select <img src="https://content.gitbook.com/content/5oB64hgFIX2jdQ2O72cF/blobs/N715zPA8tn3VNU6yOr2K/Recover%20icon.png" alt="" data-size="line"> **Recover** as in step 1 of the VM recovery.
2. &#x20; In the **Independent Disks** tab:
   1. Enter a new **Name** for each disk to recover as similar names will cause failure.
   2. See section [26.10](#id-26.10-cross-cloud-recovery-of-aws-volume-to-azure) about changing the **Encryption Set** for certain disks.
   3. The default **Preserve Tags** action during recovery is **Preserve Original** for the independent disks associated with the virtual machine. To manage tags, see section ‎‎[10.3](https://docs.n2ws.com/user-guide/10-performing-recovery#id-10-3-instance-recovery).
   4. Change other settings as needed.
   5. Select **Recover Disk**.

![](https://content.gitbook.com/content/5oB64hgFIX2jdQ2O72cF/blobs/9SeXRo67UL20JuMGvPDK/26-9-2%20Azure%20recover%20ind%20disks.png)

### 26.9.4 DR Recovery

When recovering from a backup that includes DR (DR is in **Completed** state), the same Recover screen opens but with the addition of the **Restore to Location** drop-down list.

* Default location is **Origin**, which will recover all the objects from the original backup. It will perform the same recovery as a policy with no DR.
* When choosing one of the other regions, the objects are listed and are recovered in the selected location.

![](https://content.gitbook.com/content/5oB64hgFIX2jdQ2O72cF/blobs/5X1mNIpfYDwFvAYast22/28-8-3%20azure_dr%20-%20new.png)

#### **For cross DR policies:**

<figure><img src="https://1476770828-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F5oB64hgFIX2jdQ2O72cF%2Fuploads%2FR7E6kyOPe8SjINGsw7XG%2Fimage.png?alt=media&#x26;token=afc46872-e430-4d67-9e12-43a7291a297b" alt=""><figcaption></figcaption></figure>

* If cross-subscription DR was set in policy, **Restore From** dropdown list contains backup target’s (original) and DR subscriptions.
* To perform cross-subscription recovery, select a different target subscription from **Restore to Subscription** dropdown list, which contains all subscriptions of the selected backup policy’s account.
* If multiple locations were set for cross-location DR, **Restore to Location** contains original location and DR locations.

### 26.9.5 Recovering an SQL Server and Databases

You can recover an SQL Server and some of or all its databases or just the SQL databases.

{% hint style="info" %}
For **Recover SQL Databases Only**, enable **Allow Azure services and resources to access this server**.
{% endhint %}

In the **Backup Monitor**, select the backup, and then select ![](https://content.gitbook.com/content/5oB64hgFIX2jdQ2O72cF/blobs/N715zPA8tn3VNU6yOr2K/Recover%20icon.png) **Recover**.

![](https://content.gitbook.com/content/5oB64hgFIX2jdQ2O72cF/blobs/mUcS7rR5OB0AW29e3XVC/26-9-4%20Recovr%20SQL%20server%20&%20DBs-cropped.png)

**To recover an SQL Server with some or all its databases:**

1. Select the SQL Server snapshot that you want to recover from and then select ![](https://content.gitbook.com/content/5oB64hgFIX2jdQ2O72cF/blobs/N715zPA8tn3VNU6yOr2K/Recover%20icon.png) **Recover**.

![](https://content.gitbook.com/content/5oB64hgFIX2jdQ2O72cF/blobs/uVHkqCYIIycE2dbfn9yX/Azure%20SQL%20Server%20Recovery%20cropped.png)

&#x20; 2\. In the **SQL Servers** tab of the Recover screen, select 1 SQL Server, and then select ![](https://content.gitbook.com/content/5oB64hgFIX2jdQ2O72cF/blobs/N715zPA8tn3VNU6yOr2K/Recover%20icon.png) **Recover**. The **Basic Options** tab opens.

![](https://content.gitbook.com/content/5oB64hgFIX2jdQ2O72cF/blobs/nwIbRrfRnsklMAOCsNwL/Azure%20SQL%20Server%20recovery%20basic.png)

&#x20; 3\. In the **Server Admin Login** and **Password** boxes, provide the credentials to use in the recovered SQL Server.

&#x20; 4\.  The default **Preserve Tags** action during recovery is **Preserve Original** for the servers. To manage tags, see section **‎‎**[10.3](https://docs.n2ws.com/user-guide/10-performing-recovery#id-10-3-instance-recovery).

&#x20; 5\. In the **Network** tab:

&#x20;     a. Select the **Minimum TLS Version** in the list.

&#x20;     b. Select **Firewall Rules** and **Virtual Network Rules**, or select **Deny Pubic Network Access**.

<figure><img src="https://content.gitbook.com/content/5oB64hgFIX2jdQ2O72cF/blobs/JHZLXvGMfjJxfDitw7lH/Azure%20SQL%20Server%20recovery%20network%20cropped.png" alt=""><figcaption></figcaption></figure>

&#x20; 6\. In the **SQL Databases** tab, select the databases to recover.&#x20;

* The default **Preserve Tags** action during recovery is **Preserve Original** for the database. To manage tags, see section ‎‎[10.3](https://docs.n2ws.com/user-guide/10-performing-recovery#id-10-3-instance-recovery).

![](https://content.gitbook.com/content/5oB64hgFIX2jdQ2O72cF/blobs/ukCEMY3zbBUcPf0SniT7/Azure%20SQL%20Server%20recover%20DBs%20cropped.png)

&#x20;  7\. In the **Worker Options** tab, set values to enable communication between the Worker and the SQL Server.

<figure><img src="https://content.gitbook.com/content/5oB64hgFIX2jdQ2O72cF/blobs/H9HUffK56tD6FVp7bgiM/Azure%20SQL%20Server%20recover%20worker%20opts%20cropped.png" alt=""><figcaption></figcaption></figure>

&#x20; 7\. Select **Recover SQL Server**.

**To recover SQL Databases only:**

![](https://content.gitbook.com/content/5oB64hgFIX2jdQ2O72cF/blobs/oA5tQne3sCPg8GOLnXiR/26-9-4%20Recovr%20SQL%20server%20&%20DBs-4-cropped.png)

1. Select the SQL Server snapshot that you want to recover from and then select ![](https://content.gitbook.com/content/5oB64hgFIX2jdQ2O72cF/blobs/N715zPA8tn3VNU6yOr2K/Recover%20icon.png) **Recover SQL Databases Only**.
2. In the **SQL Databases** tab, enter a new **Name** for each database. <mark style="color:red;">Similar names will cause the recovery to fail.</mark>
3. The default **Preserve Tags** action during recovery is **Preserve Original** for the database. To manage tags, see section ‎‎[10.3](https://docs.n2ws.com/user-guide/10-performing-recovery#id-10-3-instance-recovery).
4. Change other settings as needed.
5. Select **Recover SQL Database**.

![](https://content.gitbook.com/content/5oB64hgFIX2jdQ2O72cF/blobs/2f1PXNLd83pEmQdHkKW8/26-9-4%20Recovr%20SQL%20server%20&%20DBs-5-cropped.png)

&#x20;

### 26.9.6  File-level Recovery from a Snapshot of an Azure Disk or Virtual Machine

When you back up an Azure Virtual Machine or disks, you can recover individual files from the backup without having to recover the entire Virtual Machine or all disks.

**To recover individual files from a snapshot of an Azure disk or Virtual Machine**:

<figure><img src="https://content.gitbook.com/content/5oB64hgFIX2jdQ2O72cF/blobs/Fp4DxT6GB2aLlCL2ZkEj/26-9-5%20FLR%20fr%20Azure%20disk%20or%20VM%20snap.png" alt=""><figcaption></figcaption></figure>

1. Complete the steps required to configure a worker to be launched in the account, subscription, and location of the source snapshot. See section [22](https://docs.n2ws.com/user-guide/22-configuring-workers).
2. In the **Backup Monitor**, select the backup, and then select ![](https://content.gitbook.com/content/5oB64hgFIX2jdQ2O72cF/blobs/N715zPA8tn3VNU6yOr2K/Recover%20icon.png) **Recover**.
3. To explore files from an entire virtual machine, go to the **Virtual Machine** tab, select the virtual machine, and then select **Explore Disks Files**.
4. To explore files from one or more disks belonging to a virtual machine, go to the Virtual Machine tab, select the virtual machine, then select **Recover Disks Only**. Select one or more disks, and then select **Explore Disks**.
5. To explore files from an independent disk, go to the **Independent Disks** tab, select the disk, and then select **Explore Disks**.&#x20;
6. If multiple backups of the chosen target exist, you will be prompted to select the number of different backups to explore. Select the desired number, and then select **Start Session**.

## 26.10 Cross-Cloud Recovery of AWS Volume from S3 to Azure

N2W allows recovering an AWS volume backup to Azure.

**Limitations:**

* Cross-cloud recovery is supported only for Instance Volume backups copied to S3.
* From the UI, such recovery can only be initiated for one volume at a time chosen from the **Volume Recovery from Instance** screen.

{% hint style="warning" %}
OS\root disk functionality *doesn’*&#x74; migrate from AWS to S3. If N2W recovers an AWS root volume to Azure, an Azure VM *can’t* be spined up from that disk.
{% endhint %}

**To recover a volume from S3 to Azure:**

{% hint style="info" %}
Worker configuration is required. The recovery process uses a worker machine launched in Azure to write the required data to the volume.    &#x20;
{% endhint %}

1. In the **Backup Monitor**, select an Instance backup that was copied to S3, and then select **Recover**.
2. In the **Recover** screen, select the instance from which the volume is to be recovered.
3. In the **Restore from** list, choose the repository to which the volume was copied.
4. In the **Restore to Account** list, choose the Azure account to restore to.
5. In the **Subscription** list, choose the subscription to restore to.
6. Select **Recover volumes only**.

<figure><img src="https://content.gitbook.com/content/5oB64hgFIX2jdQ2O72cF/blobs/bBjtP3GWNhbQLAtzV8lt/backup%20monitor%20for%20aws%20to%20azure.png" alt=""><figcaption></figcaption></figure>

&#x20; 7\.  In the **Volume Recovery from Instance** screen, select **one** volume to recover.

&#x20; 8\.  In the **Disk Name** box, type the name of the disk to be recovered in Azure.

&#x20; 9\.  In the **Resource Group** list, choose the resource group to which the disk will be recovered.

&#x20; 10\. Optionally, choose an **Availability Zone** to recover to and the **Encryption Set** to use on the recovered disk.

&#x20; 11\. Select **Recover Volume**.

<figure><img src="https://content.gitbook.com/content/5oB64hgFIX2jdQ2O72cF/blobs/u47wlVTnNNgipBTM4DSR/Volume%20recovery%20from%20instance%20to%20azure.png" alt=""><figcaption></figcaption></figure>

&#x20; 12\. To follow the progress of the recovery, select the **Open Recovery Monitor** link in the ‘Recovery started’ message ![](https://content.gitbook.com/content/5oB64hgFIX2jdQ2O72cF/blobs/beT5auDfK6xUUCX6Gxa0/recovery%20started%20msg.png)at the top right corner, or select the **Recovery Monitor** tab.&#x20;

<figure><img src="https://content.gitbook.com/content/5oB64hgFIX2jdQ2O72cF/blobs/cyZw7FV1lwCJ7wAS5EPj/Recovery%20monitor%20to%20azure.png" alt=""><figcaption></figcaption></figure>

&#x20; 13\. To view details of the recovery process, select the recovery record, and select ![](https://content.gitbook.com/content/5oB64hgFIX2jdQ2O72cF/blobs/VezUOUWjsYzVcW32JJwb/Show%20log%20icon.png) **Log**. Select ![](https://content.gitbook.com/content/5oB64hgFIX2jdQ2O72cF/blobs/Z969MBord1BVCQjhU93L/Refresh%20icon.png) **Refresh** as needed.&#x20;

<figure><img src="https://content.gitbook.com/content/5oB64hgFIX2jdQ2O72cF/blobs/8tX0rnBskwDmsD93vzAV/Recovery%20to%20azure%20log.png" alt=""><figcaption></figcaption></figure>

## 26.11 Using Lifecycle Management to Lower Cost of Managed Disk Snapshots

Snapshots of Azure Managed Disks can be stored in a Storage Repository at a lower cost.

N2W allows creation of lifecycle policies. In lifecycle policies, older snapshots are automatically moved from high-cost to low-cost storage tiers. The snapshots can be stored in any Storage Repository supported by your N2W license:

* AWS Storage (S3) Repository
* Azure Storage Repository
* Wasabi Repository

{% hint style="info" %}
Moving data out of the cloud incurs additional costs associated with the network traffic.
{% endhint %}

### 26.11.1  Limitations

* Life-cycle policy applies only to Managed Disk snapshots, whether they are backed up as independent disks, or as part of a virtual machine backup. If a policy contains resources other than virtual machine or Disks, these resources will not be affected by the lifecycle policy.
* Backups copied to Storage Repository *cannot* be moved to the Freezer.
* Users *cannot* delete specific snapshots from a Storage Repository. Snapshots stored in a repository are deleted according to the retention policy. In addition, users can delete all snapshots of a specific policy, account, or an entire repository. See sections ‎[21.2.2](https://docs.n2ws.com/user-guide/21-managing-snapshots-with-lifecycle-policies#id-21-2-1-configuring-an-s3-repository) and ‎[21.5.4](https://docs.n2ws.com/user-guide/21-managing-snapshots-with-lifecycle-policies#id-21-4-4-recovering-snapshots-from-archive).
* To use the Lifecycle Policy functionality, the `cpmdata` policy must be enabled.  See section ‎[4.2.1](https://docs.n2ws.com/user-guide/4-defining-backup-policies#id-4-2-1-creating-a-new-policy) for details on enabling the `cpmdata` policy.
* Due to the incremental nature of the snapshots, only one backup of a policy can be copied to Storage Repository at any given time. A backup will not be copied to the repository if the previous backup in the same policy is still being copied. Recovery from the repository is always possible unless the backup itself is being cleaned up.
  * Lifecycle operations, such as Snapshot Copy and Cleanup, are performed by Workers. For Copy operations, the worker is always launched in the account, subscription, and location of the disk whose snapshot is being copied. A Worker configuration must be created for every such combination. To speed up the operations, N2W will attempt to launch 2 workers per policy. Your Virtual machine quotas must be large enough to allow launching the required number of workers. For more information about workers, see section [26.12](#id-26.12-configuring-azure-workers)*.*
* Copy and Restore of data to/from a repository outside of the Azure cloud, such as AWS Storage (S3) Repository, or Wasabi Repository, may incur additional network charges.

### 26.11.2   Enabling and configuring Lifecycle rules for an Azure Policy

1. In the N2W left panel, select the **Policie**s tab.
2. Select a Policy, and then select<img src="https://content.gitbook.com/content/5oB64hgFIX2jdQ2O72cF/blobs/F4OH5PKR8Fc767OVynHO/image.png" alt="" data-size="line"> **Edit**.
3. Select the **Lifecycle Management** tab.
4. Turn on the **Use Storage Repository** toggle switch.
5. Choose the interval between backups that are to be moved to the Storage Repository. For example, to move a weekly backup of a policy that runs daily backups, choose 7.
6. Choose whether to delete the original Disk Snapshots after they are copied to the Storage Repository.

{% hint style="warning" %}
When enabled, snapshots are deleted regardless of whether the copy to Storage Repository operation succeeded or failed.
{% endhint %}

<figure><img src="https://content.gitbook.com/content/5oB64hgFIX2jdQ2O72cF/blobs/CRxIyIseN5rFRhAesFfG/AWS%20policy.png" alt=""><figcaption></figcaption></figure>

&#x20; 7\.   Select the retention settings for the snapshots in the repository. Retention can be specified in terms of the number of backups (generations), backup age, or a combination of the two. If generations and age are enabled, a backup will be deleted only if both criteria have been met.

&#x20; 8\.   Select the **Target repository**, or select<img src="https://content.gitbook.com/content/5oB64hgFIX2jdQ2O72cF/blobs/4JUBIdwrSIQvu9YBYQqI/image.png" alt="" data-size="line"> **New** to define a new repository. If you define a new repository, select ![](https://content.gitbook.com/content/5oB64hgFIX2jdQ2O72cF/blobs/PdprqgXF1dtD4lOAgxew/image.png) **Refresh** before selecting.

### 26.11.3  Recovering from Storage Repository

You can recover a backup from Storage Repository to the original location or to a different one.

{% hint style="info" %}
‘Marked for deletion’ snapshots can no longer be recovered.
{% endhint %}

**To recover a backup from Storage Repository**:

1. Make sure a Worker Configuration exists for the location where the resource is to be recovered. See section [26.12](#id-26.12-configuring-azure-workers) for more information.
2. In the **Backup Monitor** tab, select a relevant backup that has a **Lifecycle Status** of ‘**Stored in Storage Repository**’, and then select ![](https://content.gitbook.com/content/5oB64hgFIX2jdQ2O72cF/blobs/gXSZsrEs7JhlSdZIr4Cj/image.png) **Recover**.
3. In the **Restore from** drop-down list of the **Recover** screen, select the name of the Storage Repository to recover from.
4. In the **Restore to Location** drop-down list, select the **Location** to restore to.
5. Select the resource to recover (either a Virtual Machine or a Disk) from the list and select **Recover**. If you wish to recover only selected disks from a Virtual machine backup, select the Virtual machine, select **Recover Disks Only**, and then select the desired disks.
6. In the dialog, complete the relevant recovery parameters. See section [26.9.1](#id-26.9.1-recovering-a-vm-and-disks) for more details.
7. In the **Recovery From Repository Options** tab, choose a **Storage Account** that will be used to store temporary data during the recovery process.
8. Select **Recover Virtual Machine / Recover Disks** to start the recovery process.
9. You can follow the process in the **Recovery Monitor**.

To abort a recovery in progress, in the **Recovery Monitor**, select the recovery item, and then select ![](https://content.gitbook.com/content/5oB64hgFIX2jdQ2O72cF/blobs/1koeOcN4LGnHLp4Maj9a/image.png)**Abort Recover from Repository**.

## 26.12  Configuring Azure Workers

Workers are used by N2W for Lifecycle operations, such as copying Azure Disk Snapshots to a Repository, as well as for Cleanup and Recovery of these snapshots. A Worker Configuration specifies the parameters required for launching a worker instance for a specific combination of account/subscription/location. Whenever a worker is required, N2W will look for a Worker Configuration according to the operation’s account, subscription, and location.

### 26.12.1   Worker Parameters

**To configure Azure worker parameters**:

1. Select the **Worker Configuration** tab.
2. On the <img src="https://content.gitbook.com/content/5oB64hgFIX2jdQ2O72cF/blobs/OUbiE81n0wTyuBulT8TE/image.png" alt="" data-size="line"> **New** menu, select **Azure Worker**.
3. In the **User**, **Account**, **Subscription**, and **Location** lists, choose the values you are creating the configuration for. The configuration will be applied to all workers launched in the selected location, account, and subscription.
4. Select a **Resource Group** where the worker will be created.
5. Choose an **SSH Key** to be associated with the worker. If you leave the default, don’t use key pair as you will not be able to use key-based authentication for SSH connections to this worker.
6. Select a **Virtual Network** from the list. The selected network must allow workers to access the subnet where N2W is running as well as the Azure Blob services and the repository.
7. Select a **Subnet** from the list.
8. Select a **Security Group** to be applied to the workers. &#x20;
9. In the **Network Access** list, select a network access method. <mark style="color:orange;">Direct network access or indirect access via an HTTP proxy is</mark> <mark style="color:orange;"></mark>*<mark style="color:orange;">required</mark>*<mark style="color:orange;">:</mark>
   1. **Direct** - Select a Direct connection if no HTTP proxy is required.
   2. **via HTTP proxy** -~~–~~ If an HTTP proxy is required, select, and fill in the proxy values.
10. Select **Save**.
11. Test the new worker. See section ‎[22.3](https://docs.n2ws.com/user-guide/22-configuring-workers#id-22-3-testing-the-configuration-for-a-worker).

**To edit or delete a worker configuration:**

1. In the **Worker Configuration** tab, select a worker.
2. Select ![](https://content.gitbook.com/content/5oB64hgFIX2jdQ2O72cF/blobs/BMFxYkXt6MvtbWlKvRlp/image.png) **Delete** or <img src="https://content.gitbook.com/content/5oB64hgFIX2jdQ2O72cF/blobs/y4Zk6WiJ9VMLon9mTHg3/image.png" alt="" data-size="line"> **Edit**.