Welcome to my third post about Setting up backups in Azure. This post will be about Windows Server Backup and Azure backup.
Windows Server Backup
The Windows Server 2008 and 2012 doesn’t have Windows Server Backup pre-installed but they have the package included so you have to start with installing the package.
Open the Server Manager and choose Add roles and features, click next until you arrive at the features, then tick Windows Server backup and finish the installation.
When it is installed, start it from the server manager.
I won’t describe how to set up backups because you can find very good films and tutorials about that. Instead I will write about the settings that I have done.
But, if you want more information I recommend this YouTube clip, Disaster Recovery in Windows Server 2012.
Here are some more other links:
Windows Server Backup Step-by-Step on msdn.
So which settings am I using? I got two servers, one SQL server and one NAV server. I choose to back up the bare metal recovery, system state and the OS disk. After that I choose to back up to a shared network folder. The reason for that is that I only want one backup at a time. Why you might wonder. I think it is always good to have several old backups but instead of having several backups locally I will later set up an Azure backup that will send my daily server backups to the cloud. So in the end I will have several day-backups that I can restore from.
What you can’t see from these pictures is that I have excluded the SQL backup files and other files such as vendor pdf invoices. Instead I will backup these with Azure backup to the cloud.
Azure backup is a complement to Windows Server Backup. The way it works is that you install a local backup client that will upload files into a backup vault in our Azure account. An excellent tool to help you store backups offsite in a secure manner. Since I have set up to store all my SQL backups and two System Server backups on the same disk I only need to install one Azure client on one server because the server that has the backup disk can upload all those files to the cloud. But to be able to send the backups in a secure manner between the server and the cloud you need to either buy or create your own certificates.
Microsoft has written a guide to Configure Azure Backup to quickly and easily back-up Windows Server. And there is also an Azure backup overview but the hard part with setting up Azure backup is the certificates.
If you want to create you own certificate you can download the Makecert tool. I would like to say some word about how you download and install the Makecert tool which hopefully is going to make this process more simple for you.
Once installed, find the folder where it was installed. It could be one of these folders depending on which version you installed:
C:\Program Files\Microsoft SDKs\Windows\v6.0A\Bin
C:\Program Files\Microsoft SDKs\Windows\v7.1\Bin
C:\Program Files (x86)\Windows Kits\8.0\bin\x86
C:\Program Files (x86)\Windows Kits\8.0\bin\x64
Open a command prompt in administrator mode and if you haven’t figured out which folder makecert is located in or you are just lazy you could add all of them in the PATH environment variable and hope it is located in one of them 😉 Copy paste the following line in the command prompt and run it:
SET PATH=%PATH%;C:\Program Files (x86)\Windows Kits\8.0\bin\x86;C:\Program Files\Microsoft SDKs\Windows\v6.0A\Bin;C:\Program Files\Microsoft SDKs\Windows\v7.1\Bin
After that, type makecert and hope that you will see the different options 🙂
Go to the folder that you want to create the certificate in and type the following line but replace the bold text:
makecert.exe -r -pe -n CN=CertificateName -ss my -sr localmachine -eku 184.108.40.206.220.127.116.11.2 -len 2048 -e 01/01/2016 CertificateName.cer
Beware! The date is how long the certificate will be valid and it has to be less than three years otherwise you will get the following error message when you import the certificate in the backup vault in Azure:
Invalid certificate uploaded. Please Verify that the certificate is not expired, has at least 2048 bit key, enhanced key usage is Client Authentication and expiration date is not more than 3 years from current date.
The next steps are to export the certificate as a pfx file, import in on the target server, import it to and create the Azure backup vault, download and install the Azure client, configure the backups.
The export/import the pfx file is described here.
To create the backup vault, upload the certificate, download the client read this.
The rest of the steps you will find on the Azure Overview page under Tasks.
When all these steps was done I simply choose to upload the entire backup disk to the cloud. The reason why the SQL backup is not included in the System Server backup is because now i can restore them file by file instead of having to restore the system backup from vault and then restore the file from the system backup.
Hmm… I think this was everything for now…
Next time I will write on how to keep track when our backups fail with notifications. Stay tuned!