26 Using N2WS with Azure

Following are the steps for setup, backup, and recovery of Azure VMs and Disks:

  1. Before starting, configure N2WS Backup and Recovery according to Configuring N2WS.

  2. After the final configuration screen, prepare your Azure Subscription by adding the required permissions and custom IAM role in Azure. See section 26.1.

  3. Register the CPM app in Azure. See section 26.2.

  4. Create an N2WS account user as usual and configure resource limitations for Azure as described in section 18.3.

  5. Assign a custom role to your app. See section 26.3.

  6. In N2WS, add an Azure account with the custom N2WS role. See section 26.4.

  7. Create an Azure policy in N2WS with Azure backup targets. See section 26.5.

  8. Back up the policy. See section 26.6.

  9. Recover from a backup. See section 26.7.

26.1 Setting Up Your Azure Subscription

N2WS Backup and Recovery needs the following permissions to perform backup and recovery actions.

  1. Add your subscription ID value to the subscriptions attribute in the minimal permissions JSON.

{
"properties": {
"roleName": "CPM",
"description": "",
"assignableScopes": [
"/subscriptions/<subscriptionID>"
],
"permissions": [
{
"actions": [
"Microsoft.Compute/virtualMachines/read",
"Microsoft.Compute/disks/read",
"Microsoft.Compute/snapshots/write",
"Microsoft.Network/networkInterfaces/read",
"Microsoft.Compute/snapshots/read",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Compute/disks/write",
"Microsoft.Compute/snapshots/delete",
"Microsoft.Resources/subscriptions/resourceGroups/delete",
"Microsoft.Network/virtualNetworks/read",
"Microsoft.Network/virtualNetworks/subnets/read",
"Microsoft.Network/networkInterfaces/write",
"Microsoft.Network/virtualNetworks/subnets/join/action",
"Microsoft.Network/networkInterfaces/join/action",
"Microsoft.Compute/virtualMachines/write",
"Microsoft.Compute/diskEncryptionSets/read",
"Microsoft.Compute/virtualMachines/powerOff/action",
"Microsoft.Compute/virtualMachines/start/action",
"Microsoft.Compute/availabilitySets/read",
"Microsoft.Compute/availabilitySets/vmSizes/read"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
]
}
}

2. Log on to the Azure Portal, https://portal.azure.com, and go to your subscription. Select a subscription that you want to use with N2WS Backup & Recovery. 3. Select Access control (IAM), select +Add, and then select Add custom role.

4. Complete the form as follows using N2WSBackupRecoveryRole as the Custom role name, and then select the JSON file saved in step 1. 5. Create the role with the new JSON file.

26.2 Registering Your Azure App

  1. In the Azure portal Dashboard section, go to the App registrations service.

  2. In the Name box, type CPM-on-Azure and select Register.

3. Select the app. 4. Save the Application (client) ID and Directory (tenant) ID for use when adding the Azure account to N2WS.

5. Select Add a certificate or secret. 6. SelectNew client secret. 7. Complete the secret values, and save.

26.3 Assigning the Custom Role to your App

  1. In Azure, go to the Subscription service and select your subscription.

  2. Select Access control (IAM).

  3. Select Add and then select Add role assignment.

  4. In the Role list, select your custom role.

  5. In the Select list, select the app that you created.

  6. Select Save.

  7. In the Role assignments tab, verify that the custom role is assigned.

It might take time for Azure to propagate the changes in IAM.

26.4 Adding an Azure Account to N2WS

  1. Log on to N2WS using the root username and password used during the N2WS configuration.

  2. Select the Accounts tab.

  3. If you have a license for Azure cloud, select Azure account in the + New menu. .

  4. Complete the New Azure Account screen using the App registration view information in the Azure portal as needed.

  • Name - Copy from your App registration name.

  • In the User list, select your username. Or, select + New to add a new user. See section 18.

  • Directory (tenant) ID – Copy from your App registration.

  • Application (client) ID – Copy from your App registration.

  • Client Secret – Copy from your App registration Certificates & secrets in the App registration view, or set a new secret.

5. Select Scan Resources to include the current account in tag scans performed by the system. The scan will cover all VMs and disks in all locations. 6. Select Save. The new account appears in the Accounts list as an Azure Cloud account.

26.5 Creating an Azure Policy

To backup resources in Azure, create an N2WS policy.

  1. In N2WS, select the Policies tab.

  2. In the + New list, select Azure policy.

  3. In the New Azure Policy screen, complete the fields:

  • Name – Enter a name for the policy.

  • User – Select from the list.

  • Account – Select from the list. Or, select + New to add an account. See section 26.2.

  • Enabled – Clear to disable the policy.

  • Subscription – Select from the list.

  • Schedules – Optionally, select one or more schedules from the list, or select + New to add a schedule. See section 4.1.1.

  • Auto Target Removal – Select Yes to automatically remove a non-existing target from the policy.

4. Select the Backup Targets tab. 5. In the Add Backup Targets menu, select the targets to backup, Disks and/or Virtual Machines. The Add Virtual Machines / Disks screen opens. 6. When selecting Virtual Machines, it is required to filter by the Location of the target resources using the list in the upper left corner before selecting the individual targets. Filtering by Resource Group is optional.

7. When finished selecting targets, select Add selected. The Backup Targets tab lists the selected targets.

8. To determine which disks for each Virtual Machines target to backup, selectConfigure. In the Which Disks list of the Policy Virtual Machine and Disk Configuration screen, select the disks to include or exclude in the backup. 9. When finished, in the Backup Targets tab, select Save.

26.6 Backing Up an Azure Policy

If the policy has a schedule, the policy will backup automatically according to the schedule. To run a policy as soon as possible, select the policy and selectRun ASAP in the Policies view.

To view the policy progress and backups, select Backup Monitor.

  • The backup progress is shown in the Status column.

  • Use the Cloud buttons to display the Azure policies.

26.7 Recovering from an Azure Backup

Only one VM is recoverable during a recovery operation.

After creating a backup, you can recover it from the Backup Monitor.

In the VM recovery Basic Options, there are Azure options for replicating data to additional locations in order to protect against potential data loss and data unavailability:

  • Availability Zone – A redundant data center (different building, different servers, different power, etc.), within a geographical area that is managed by Azure.

  • Availability Set – A redundant data center (different building, different servers, different power, etc.) that can be launched and fully configured by the customer and managed by the customer.

  • No Redundancy Infrastructure Required – By selecting this option, the customer can choose not to replicate its data to an additional (redundant) location in another zone or set. By choosing this option, the customer would save some money, but in rare cases (usually 11 9s of durability and 99.9% of availability), the customer can experience some degree of data loss and availability.

In the Disk Recovery screen, you may be presented with an option to change the encryption when recovering certain disks.

26.5.1 Recovering a VM and Disks

To recover a VM and/or attached disks:

  1. In the Backup Monitor, select the backup and then selectRecover.

2. To recover a VM, with or without its attached disks, select the VM snapshot that you want to recover from and then selectRecover.

a. In the Virtual Machines tab of the Recover screen, select 1 VM and then selectRecover. The Basic Options tab opens.

b. In the Availability Type list, select one of the following:

  • No Infrastructure Redundancy Required – Select to not replicate data at a redundant location in another zone or set.

  • Availability Zone – Select a zone in the Availability Zone list.

  • Availability Set – Select a set in the Availability Set list.

c. In the Private IP Address box, assign an available IP address or switch the Custom toggle key to Auto assigned. d. In the Disks tab, enter a new Name for each disk. Similar names will cause the recovery to fail. e. Select Recover Virtual Machine.

3. To recover only Disks attached to the VM, select Recover Disks Only. a. In the Disks tab, enter a new Name for each disk. Similar names will cause the recovery to fail. b. See Note in section 26.5 about changing the Encryption Set for certain disks. c. Change other settings as needed. d. Select Recover Disk.

4. To view the recovery progress, select Recovery Monitor. Use the Cloud buttons to display the Azure () recoveries.

26.5.2 Recovering Independent Disks

To recover from backups with independent disks:

  1. Select the backup and then selectRecover as in step 1 of the VM recovery.

2. In the Independent Disks tab:

a. Enter a new Name for each disk to recover as similar names will cause failure. b. See Note in section 26.5 about changing the Encryption Set for certain disks. c. Change other settings as needed.

d. Select Recover Disk.

3. To view the recovery progress, select Recovery Monitor. Use the Cloud buttons to display the Azure () recoveries.