26 Using N2WS with Azure
​
​
​
Following are the steps for setup, backup, and recovery of Azure VMs and Disks:
  1. 1.
    Before starting, configure N2WS Backup & Recovery according to Configuring N2WS.
  2. 2.
    After the final configuration screen, prepare your Azure Subscription by adding the required permissions and custom IAM role in Azure. See section 26.1.
  3. 3.
    Register the CPM app in Azure. See section 26.2.
  4. 4.
    Create an N2WS account user as usual and configure resource limitations for Azure as described in section 18.3.
  5. 5.
    Assign a custom role to your app. See section 26.3.
  6. 6.
    In N2WS, add an Azure account with the custom N2WS role. See section 26.4.
  7. 7.
    Create an Azure policy in N2WS with Azure backup targets. See section 26.5.
  8. 8.
    Back up the policy. See section 26.6.
  9. 9.
    Recover from a backup. See section 26.7.

26.1 Setting Up Your Azure Subscription

N2WS Backup & Recovery needs the following permissions to perform backup and recovery actions.
  1. 2.
    Add your subscription ID value to the subscriptions attribute in the minimal permissions JSON.
1
{
2
"properties": {
3
"roleName": "CPM",
4
"description": "",
5
"assignableScopes": [
6
"/subscriptions/<subscriptionID>"
7
],
8
"permissions": [
9
{
10
"actions": [
11
"Microsoft.Compute/virtualMachines/read",
12
"Microsoft.Compute/disks/read",
13
"Microsoft.Compute/snapshots/write",
14
"Microsoft.Network/networkInterfaces/read",
15
"Microsoft.Compute/snapshots/read",
16
"Microsoft.Resources/subscriptions/resourceGroups/read",
17
"Microsoft.Compute/disks/write",
18
"Microsoft.Compute/snapshots/delete",
19
"Microsoft.Resources/subscriptions/resourceGroups/delete",
20
"Microsoft.Network/virtualNetworks/read",
21
"Microsoft.Network/virtualNetworks/subnets/read",
22
"Microsoft.Network/networkInterfaces/write",
23
"Microsoft.Network/virtualNetworks/subnets/join/action",
24
"Microsoft.Network/networkInterfaces/join/action",
25
"Microsoft.Compute/virtualMachines/write",
26
"Microsoft.Compute/diskEncryptionSets/read",
27
"Microsoft.Compute/virtualMachines/powerOff/action",
28
"Microsoft.Compute/virtualMachines/start/action",
29
"Microsoft.Compute/availabilitySets/read",
30
"Microsoft.Compute/availabilitySets/vmSizes/read"
31
],
32
"notActions": [],
33
"dataActions": [],
34
"notDataActions": []
35
}
36
]
37
}
38
}
39
​
Copied!
2. Log on to the Azure Portal, https://portal.azure.com, and go to your subscription. Select a subscription that you want to use with N2WS Backup & Recovery.
3. Select Access control (IAM), select +Add, and then select Add custom role.
4. Complete the form as follows using N2WSBackupRecoveryRole as the Custom role name, and then select the JSON file saved in step 1. 5. Create the role with the new JSON file.

26.2 Registering Your Azure App

  1. 1.
    In the Azure portal Dashboard section, go to the App registrations service.
  2. 2.
    In the Name box, type CPM-on-Azure and select Register.
3. Select the app. 4. Save the Application (client) ID and Directory (tenant) ID for use when adding the Azure account to N2WS.
5. Select Add a certificate or secret. 6. Select
New client secret. 7. Complete the secret values, and save.

26.3 Assigning the Custom Role to your App

  1. 1.
    In Azure, go to the Subscription service and select your subscription.
  2. 2.
    Select Access control (IAM).
  3. 3.
    Select Add and then select Add role assignment.
  4. 4.
    In the Role list, select your custom role.
  5. 5.
    In the Select list, select the app that you created.
  6. 6.
    Select Save.
  7. 7.
    In the Role assignments tab, verify that the custom role is assigned.
It might take time for Azure to propagate the changes in IAM.

26.4 Adding an Azure Account to N2WS

  1. 1.
    Log on to N2WS using the root username and password used during the N2WS configuration.
  2. 2.
    Select the Accounts tab.
  3. 3.
    If you have a license for Azure cloud, select Azure account in the + New menu.
  4. 4.
    Complete the New Azure Account screen using the App registration view information in the Azure portal as needed.
  • Name - Copy from your App registration name.
  • In the User list, select your username. Or, select + New to add a new user. See section 18.
  • Directory (tenant) ID – Copy from your App registration.
  • Application (client) ID – Copy from your App registration.
  • Client Secret – Copy from your App registration Certificates & secrets in the App registration view, or set a new secret.
5. Select Scan Resources to include the current account in tag scans performed by the system. The scan will cover all VMs and disks in all locations. 6. Select Save. The new account appears in the Accounts list as an Azure Cloud account.

26.5 The Storage Account Repository

A single Azure Storage Account container can have multiple repositories.

26.5.1 Configuring a Storage Account Repository

  1. 1.
    In N2WS, select the Storage Repositories tab.
  2. 2.
    In the
    New menu, select Storage Account Repository.
  3. 3.
    In the New Storage Account Repository screen, complete the following fields, and select Save when complete.
  • Name - Type a unique name for the new repository, which will also be used as a folder name in the Azure Storage Account container. Only alphanumeric characters and the underscore are allowed.
  • Description - Optional brief description of the contents of the repository.
  • User – Select the user in the list.
  • Account - Select the account that has access to the Storage Account.
  • Subscriptions – Select the subscription that owns the Storage Account.
  • Resource Group – Select the Storage Account’s resource group.
  • Location – Select the Storage Account’s location.
  • Storage Account Name – Select the name of the Storage Account from the list.

26.5.2 Deleting a Storage Account Repository

You can delete all snapshots copied to a specific Storage Account repository.
Deleting a repository is not possible when the repository is used by a policy. You must change the policy's repository to a different one before you can delete the target repository.
  1. 1.
    Select the Storage Repositories tab.
  2. 2.
    Use the Cloud buttons to display the Azure
    repositories.
  3. 3.
    Select the repository to delete.
  4. 4.
    Select Delete.

26.6 Creating an Azure Policy

To backup resources in Azure, create an N2WS policy. To create a policy with a Storage Account Repository for backing up Disk DR and SQL servers, see β€Ž26.6.1.
  1. 1.
    In N2WS, select the Policies tab.
  2. 2.
    In the
    New list, select Azure policy.
  3. 3.
    In the New Azure Policy screen, complete the fields:
  • Name – Enter a name for the policy.
  • User – Select from the list.
  • Account – Select from the list. Or, select
    New to add an account. See section 26.2.
  • Enabled – Clear to disable the policy.
  • Subscription – Select from the list.
  • Schedules – Optionally, select one or more schedules from the list, or select
    New to add a schedule. See section 4.1.1.
  • Auto Target Removal – Select Yes to automatically remove a non-existing target from the policy.
4. Select the Backup Targets tab. 5. In the Add Backup Targets menu, select the targets to backup, Disks and/or Virtual Machines. The Add Virtual Machines / Disks screen opens. 6. When selecting Virtual Machines, it is required to filter by the Location of the target resources using the list in the upper left corner before selecting the individual targets. Filtering by Resource Group is optional.
7. When finished selecting targets, select Add selected. The Backup Targets tab lists the selected targets.
8. To determine which disks for each Virtual Machines target to backup, select
Configure. In the Which Disks list of the Policy Virtual Machine and Disk Configuration screen, select the disks to include or exclude in the backup. 9. When finished, in the Backup Targets tab, select Save.

26.6.1 Configuring a Policy with a Storage Account Repository

To add an SQL Server or Disk DR target to a policy, the policy must have a Storage Account Repository.
To add a Storage Account Repository to a policy:
  1. 1.
    Before saving an Azure policy, select the Storage Repository tab in the New Azure Policy screen.
  2. 2.
    In the Target repository list, select a storage repository and then select Save.

26.6.2 Adding an SQL Server Target

Following are possible backup configurations for an SQL Server target:
  • Back up All databases
  • Include or Exclude only pre-selected databases in the backup process
To add an SQL Server target:
  1. 1.
    In the Add Backup Targets menu, select SQL Servers.
2. Select a server and then select
Configure.
3. In the Which Databases list, choose whether to back up All Databases on this server, or select databases and then choose Include Selected or Exclude Selected.
4. Select Apply.

26.7 Configuring Azure DR

The DR operation copies managed disk snapshots to a repository under a storage account. The DR target storage account should be in a location different than the one for backup targets.
  1. 1.
    In the Storage Repository tab, select a storage account repository in the Target repository list.
  2. 2.
    In the DR tab, select Enable DR.

26.8 Backing Up an Azure Policy

If the policy has a schedule, the policy will backup automatically according to the schedule. To run a policy as soon as possible, select the policy and select
Run ASAP in the Policies view.
To view the policy progress and backups, select Backup Monitor.
  • The backup progress is shown in the Status column.
  • Use the Cloud buttons to display the Azure policies.

26.9 Recovering from an Azure Backup

Only one VM is recoverable during a recovery operation.
After creating a backup, you can recover it from the Backup Monitor.
In the VM recovery Basic Options, there are Azure options for replicating data to additional locations in order to protect against potential data loss and data unavailability:
  • Availability Zone – A redundant data center (different building, different servers, different power, etc.), within a geographical area that is managed by Azure.
  • Availability Set – A redundant data center (different building, different servers, different power, etc.) that can be launched and fully configured by the customer and managed by the customer.
  • No Redundancy Infrastructure Required – By selecting this option, the customer can choose not to replicate its data to an additional (redundant) location in another zone or set. By choosing this option, the customer would save some money, but in rare cases (usually 11 9s of durability and 99.9% of availability), the customer can experience some degree of data loss and availability.
In the Disk Recovery screen, you may be presented with an option to change the encryption when recovering certain disks.

26.9.1 Recovering a VM and Disks

To recover a VM and/or attached disks:
  1. 1.
    In the Backup Monitor, select the backup and then select
    Recover.
2. To recover a VM, with or without its attached disks, select the VM snapshot that you want to recover from and then select
Recover.
a. In the Virtual Machines tab of the Recover screen, select 1 VM and then select
Recover. The Basic Options tab opens.
b. In the Availability Type list, select one of the following:
  • No Infrastructure Redundancy Required – Select to not replicate data at a redundant location in another zone or set.
  • Availability Zone – Select a zone in the Availability Zone list.
  • Availability Set – Select a set in the Availability Set list.
c. In the Private IP Address box, assign an available IP address or switch the Custom toggle key to Auto assigned. d. In the Disks tab, enter a new Name for each disk. Similar names will cause the recovery to fail. e. Select Recover Virtual Machine.
3. To recover only Disks attached to the VM, select Recover Disks Only. a. In the Disks tab, enter a new Name for each disk. Similar names will cause the recovery to fail. b. See Note in section 26.5 about changing the Encryption Set for certain disks. c. Change other settings as needed. d. Select Recover Disk.
4. To view the recovery progress, select Recovery Monitor. Use the Cloud buttons to display the Azure (
) recoveries.

26.9.2 Recovering Independent Disks

To recover from backups with independent disks:
  1. 1.
    Select the backup and then select
    Recover as in step 1 of the VM recovery.
2. In the Independent Disks tab:
a. Enter a new Name for each disk to recover as similar names will cause failure. b. See Note in section 26.5 about changing the Encryption Set for certain disks. c. Change other settings as needed.
d. Select Recover Disk.
3. To view the recovery progress, select Recovery Monitor. Use the Cloud buttons to display the Azure (
) recoveries.

26.9.3 DR Recovery

When recovering from a backup that includes DR (DR is in Completed state), the same Recover screen opens but with the addition of the Restore to Location drop-down list.
  • Default location is Origin, which will recover all the objects from the original backup. It will perform the same recovery as a policy with no DR.
  • When choosing one of the other regions, the objects are listed and are recovered in the selected location.

26.9.4 Recovering an SQL Server and Databases

  • For successful recoveries, enable Enable Public Network Access.
  • For Recover SQL Databases Only, enable Allow Azure services and resources to access this server.
In the Backup Monitor, select the backup and then select
Recover.
To recover an SQL Server with its attached databases:
  1. 1.
    Select the SQL Server snapshot that you want to recover from and then select
    Recover.
2. In the SQL Servers tab of the Recover screen, select 1 SQL Server and then select
Recover. The Basic Options tab opens.
3. In the Server Admin Login and Password boxes, provide credentials to use in the recovered SQL Server.
4. In the Minimum TLS Version list, select the minimal TLS version from the list.
5. In order for the recovery to succeed, Enable Public Network Access should be enabled.
6. In the SQL Databases tab, select the databases to recover.
7. Select Recover SQL Server.
To recover an SQL Database to an existing SQL Server:
  1. 1.
    Select the SQL Server snapshot that you want to recover from and then select Recover SQL Databases Only.
  2. 2.
    In the SQL Servers tab of the Recover screen, select 1 SQL Server and then select Recover SQL Databases Only.
3. In the SQL Database Recovery screen, provide the credentials to log on to the destination SQL Server.
4. Select the databases to recover and then select Recover SQL Database.
​