Bare Metal Backup to Azure

1- Create Azure account and Recovery Services Vault

First thing we need to do is login to Azure or register for a new account at https://azure.microsoft.com/en-us/pricing/purchase-options/azure-account (sign up under free account)
Azure portal after login
Here's what you'll see after logging in for the first time.

Next, let’s navigate to Recovery Services Vault and create one. This will provide a location to store and manage our backups.

Search for Recovery Services Vaults and open it
Search for Recovery Services Vaults and open it
Choose to create recovery services vault from option on screen
Choose option to create recovery services vault

Next, we have some fields to fill out before we can create the vault. Since this is a new account I only have one Subscription so leave that as the default. The next field asks for Resource Group. That grouping makes it easier to find resources we’ve setup at a later time. Let’s hit Create new and name it AzureBackup. We need to name the vault so I’ll name mine AzureVault. For region, try to choose a region closest to you. I’m in Austin, Tx so I chose Central US. Here is a list of regions: (https://datacenters.microsoft.com/globe/explore/)

When you’re done hit Next:Redundancy

Fill out the required fields to create your vault

For redundancy settings I’m going to choose Locally-redundant since this is a demo, but if this was a production environment I would suggest choosing Geo-redundant. Hit Next:Encryption button when done.

Choose between locally or geo redundancy
Choose Locally-redundant unless this is a production environment

For encryption at rest you can choose either Microsoft managed or customer-managed keys. I will choose the default, Microsoft managed and then hit Next: Vault properties.

Choose encryption method for your vault
Choose Microsoft managed key unless you manage your own keys

The next screen asks if you want to enable immutability. These feature provides an extra level of protection to keep someone from deleting your snapshots. You’ll notice this feature is not available in the region I’ve chosen so make sure you check the regions link I provided above to make sure it provides all of the services you need. Since I can’t choose to enable immutability I’ll choose Next: Networking button.

Option to enable immutability for recovery services vault
For extra level of security you can block anyone from deleting your snapshots be enabling immutability.

The next option is to allow or deny public access to our vault. Since we don’t have a VPN or another way to access our vault we’ll leave it as Allow public access. I’m going to skip tags, so at this point hit Review + Create.

We'll leave the default for allow public access and hit Review + Create

At this point we can review our settings and hit Create.

review and create vault
After you hit create it takes a few minutes to create the vault.

After a few minutes you should see that the vault creation is complete. Go ahead and hit Go to Resource.

Vault Creation complete
At this point you can hit Go to resource

2- Download software for MABS server

Now that we have the recovery vault created we need to open the Backup option to choose the type of backup we want which will provide the links for us to download the MABS (Microsoft Azure Backup Server) server. You can find Backup at the top or under Getting Started.

Choose backup to present option for software download
Choose Backup so we can download the backup software

From the Backup options you have a choice of what infrastructure you want to backup and what type of device.  

We’re going to choose On-Premises for workload and System State and Bare Metal Recovery for what to backup. 

On-Premises and Bare Metal backup
Hyper-V VM is an option, but Bare Metal Recovery will also work for VMs

Now that we have our backup goal set we can hit Prepare Infrastructure.

Choose Prepare Infrastructure
Hit Prepare Infrastructure to create the Backup Goal

After hitting the Prepare Infrastructure button you get links to download the MABS server and credentials to register your server. Go ahead RIGHT mouse click the download link for MABS and choose to open in new tab

Choose to download the MABS server from the provided link
Leave the existing page open. We'll need to come back to it later.

From the new tab choose to download button. 

Next, we get a popup with files listed for backup. Choose all of them then choose Download.

After the files are done downloading, copy all of the files to the server that’s going to act as your MABS server. Now go back to the original tab and choose to download the vault credentials.

Download credentials from original tab
I know the wording is confusing for #2, but just check the box, otherwise the download button won't work.

3 - Install MABS and SQL Server

Copy the credentials file over to the same location where you copied the setup files for the MABS server. The creds file will have an extension of .VautlCredentials. After copying that file over, switch to the server that is to be the MABS server and run the .EXE. For me that’s MABS_V4.EXE. 

Run the executable
NOTE: Make sure you run this exe as an administrator.

You’ll notice below that I’m installing on the C: drive. This is only to expand the files so choose a disk with enough space. 

Now, find the files that were expanded. The default location is “c:\Microsoft Azure Backup Server V4” and run the Setup.exe file (again as Administrator.)

You’ll get a popup with options for install. Choose Microsoft Azure Backup Server and accept the license agreement when that comes up.

Choose Next to start the installation process.

After you choose to check prerequisites it allows you to continue if everything is good. Hit Next.

Hit next after prereq check
If the prerequisite check fails you'll need to fix that before proceeding.

On this next screen we’ll choose to install a new instance of SQL and hit Check and Install. This is another good reason to have an additional disk to install SQL and/or MABS on.

I got an error with the SQL check. At this point I need to reboot to apply the missing prerequisites. 

SQL pre failed
I had to cancel and reboot at this point.

After rebooting, I reran the setup.exe and went through same steps until I got to the check for SQL, which passed this time. Now you can hit Next.

Here is where you can change the install location for most of the MABS features. I’m going to leave these, but would suggest if this is production at a minimum changing the database file location to a dedicated drive. 

At this screen enter a secure password for your the local accounts generated by MABS. Then hit Next

The next screen asks if you want to use Microsoft Updates. After you choose hit Next then Install.

After you hit Install it will take a few minutes to install all of the files and settings. The Proxy config is next. Unless you use a Proxy server just hit Next.

If any additional Windows features are needed it will install them here. Choose Install and Next after the install completes.

Now that MABS is installed we need that credentials file we downloaded earlier. After you load it hit Next.

After you hit Next you’ll be asked to create a passphrase to encrypt your backups. Make sure you don’t forget it. If you do you can’t access your backups! Enter a secure passphrase then save it somewhere secure (not on this server), hit Next after you’re done.

After you hit Next SQL Server and the MABS agent are installed. 

We’ve finally finshed the install. Now hit Close and reboot the server..

4 - Setup MABS Server

Now that we have MABS and SQL installed we can start setting up MABS, but before we do that we need to add two registry keys. I found that I was getting timeouts and these registry keys fixed the issue. You can bypass this step and add it later if you need to. 

HKLM\SYSTEM\CurrentControlSet\Services\LanmanWorkstation\Parameters\
Value type: Dword
Value name: SessTimeout
Value decimal: 2400

HKLM\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters\
Value type: Dword
Value name: SessTimeout
Value decimal: 2400

After making the change reboot the server.

Now we can get started setting up the MABS server. First, launch the shortcut from the desktop called Microsoft Azure Backup Server. Then choose Management from the bottom left, click Disk Storage then hit the Add button.

When we hit add to add a disk you might not see any disks. I added a disk to this machine, but didn’t prepare it.

Let’s go into Computer Management and choose Disk Management to setup our disk. You’ll noticed we have two disks. My C: drive is Disk 0 and Disk 1 is the extra disk we need for backups. For Disk 1 you need to make it online and then choose to Initialize it.

When you choose to Initialize the disk you get a choice of MBR or GPT. Leave it GPT and hit OK.

Now we need to format the disk. Right mouse click it and choose New Simple Volume…

I’m not going to show all of the default screens, but when you get to the drive letter assignment, assign the drive letter you want to use and hit Next.

On this screen name your volume and hit Next until you finish.

Now when we go back to the MABS dashboard and hit Disk Storage and Add we can see the disk. Go ahead and select the disk, hit Add and choose OK.

Now that we have the disk setup you might be asking how large does that backup disk need to be? That’s a good question. It depends on the backup frequency, retention and size of the disks you’re backing up. I would suggest using a VM for this server so you can expand the backup disk as needed. 

5 - Install agent on Protected server

After creating the backup disk we need to add protected servers. The first thing we need to do is add the Windows Server Backup feature on the server we want to backup. So let’s navigate over to a server we want to protect and add the feature.

Add Windows Backup Server feature
I'm not going to show all of the screens on adding a feature. I think you got this.

We’ll add the same registry keys to the server we want to protect.

HKLM\SYSTEM\CurrentControlSet\Services\LanmanWorkstation\Parameters\
Value type: Dword
Value name: SessTimeout
Value decimal: 2400

HKLM\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters\
Value type: Dword
Value name: SessTimeout
Value decimal: 2400

After making the change reboot the server.

One more thing before we leave our protected server, if you have the firewall enabled you’ll need to add this exception rule for the backup agent install. (Replace <IPAddress> with the IP address of your MABS server)

netsh advfirewall firewall add rule name=”Allow DPM Remote Agent Push” dir=in action=allow service=any enable=yes profile=any remoteip=<IPAddress>

Now we need to go back to the MABS dashboard and choose Management, then Production Servers, Add and Next.

This screen allows you to choose Install or Attach agent. We’ll choose Install agents and Next. If your MABS and Protected servers are not in a domain then choose Attach Agents.

Choose the server you want to add. Im my case it’s SQLSRV1, hit the Add button then Next.

Now enter the username and password and Domain if it’s not correct. You’ll need a username that has admin permissions. After you enter your credentials, hit Next.

The protected server will need to be rebooted after the agent install. Choose Yes, then hit Next and finally choose Install on next screen.

Success! Our agent is installed. Choose Close to complete the install.

6 - Setup Protection Group with Backup Schedule

Okay, we’ve installed the agent on the protected server, but now we need to create a Protection Group that holds all of our backup options. From the MABS dashboard choose Protection , New and Next.

The next screen allows you to choose Servers or Clients. We’re backing up Servers so choose that and Next.

After you hit next you might not see any servers listed except for our MABS server. That’s because we need to open a port on the firewall. 

I know I mentioned this above, but just in case you forgot. Here is the command you need to run to enable access for the agent.(IPAddress is the local IP address of the MABS server)

netsh advfirewall firewall add rule name=”Allow DPM Remote Agent Push” dir=in action=allow service=any enable=yes profile=any remoteip=<IPAddress>

Okay, much better. I can see SQLSRV1 and all of the backup options below it. Our backups are for bare metal recovery so we’re only choosing that option (System State is auto checked if you are doing BMR.) After you make your choices choose Next.

Now, name your Protection group and leave both short-term protection and online protection checked. (you can’t uncheck short-term if you want to use online protection.)

This next screen allows you to setup on-prem disk based backups. I’m going to set the retention to 7 days and do a full backup nightly. (This isn’t as important to me since my goal is to keep bare metal backups online in the event of a disaster.)

This screen is a review of your available backup disk space. You can hit Next.

For the initial backup you can schedule it to backup over the network or copy from removable media. I’m going to choose over the network and Now, but if this was production I would schedule for after hours. After your choice hit Next.

The next option is to run a consistency check. I’m going to leave the default and hit Next.

Choose the servers you want to protect then hit Next.

Now we have the option of choosing our online backup schedule. Unfortunately, there is a limit of only 2 times a day. After you set your schedule hit Next.

Setup your online retention policy. Since this is a demo I set mine to retain for only 7 days, but you can set this up for weekly, monthly and yearly. After you’re done hit Next.

For the initial online backup we’ll choose Online and hit Next.

Okay, we got the Protection Group created. All we need to do is hit Create Group.

You can create additional Protection Groups for different backup senarios.

Everything is now setup. We can close this window and monitor our backups.

Checking the monitor tab I can see that my initial replica and online recovery point worked, but my initial disk based recovery point failed. 

I’m not sure why my initial disk based recovery point backup failed, but after I initiated a manual recovery point it worked. 

Conclusion

In this post we created a recovery services vault in Azure. We installed and setup the MABS server. We then setup a protected server on a backup schedule for on-prem to disk and to Azure. I hope this post was helpful. If you have any questions or comments please leave them below.