Are you looking for a disaster recovery solution for your on-prem servers? In this post we’ll walk through the steps to setup a MABS (Microsoft Azure Backup Server), and configure it to backup to Azure Recovery Services and locally.
Next, let’s navigate to Recovery Services Vault and create one. This will provide a location to store and manage our backups.
Next, we have some fields to fill out before we can create the vault. Since this is a new account I only have one Subscription so leave that as the default. The next field asks for Resource Group. That grouping makes it easier to find resources we’ve setup at a later time. Let’s hit Create new and name it AzureBackup. We need to name the vault so I’ll name mine AzureVault. For region, try to choose a region closest to you. I’m in Austin, Tx so I chose Central US. Here is a list of regions: (https://datacenters.microsoft.com/globe/explore/)
When you’re done hit Next:Redundancy
For redundancy settings I’m going to choose Locally-redundant since this is a demo, but if this was a production environment I would suggest choosing Geo-redundant. Hit Next:Encryption button when done.
For encryption at rest you can choose either Microsoft managed or customer-managed keys. I will choose the default, Microsoft managed and then hit Next: Vault properties.
The next screen asks if you want to enable immutability. These feature provides an extra level of protection to keep someone from deleting your snapshots. You’ll notice this feature is not available in the region I’ve chosen so make sure you check the regions link I provided above to make sure it provides all of the services you need. Since I can’t choose to enable immutability I’ll choose Next: Networking button.
The next option is to allow or deny public access to our vault. Since we don’t have a VPN or another way to access our vault we’ll leave it as Allow public access. I’m going to skip tags, so at this point hit Review + Create.
At this point we can review our settings and hit Create.
After a few minutes you should see that the vault creation is complete. Go ahead and hit Go to Resource.
2- Download software for MABS server
Now that we have the recovery vault created we need to open the Backup option to choose the type of backup we want which will provide the links for us to download the MABS (Microsoft Azure Backup Server) server. You can find Backup at the top or under Getting Started.
From the Backup options you have a choice of what infrastructure you want to backup and what type of device.
We’re going to choose On-Premises for workload and System State and Bare Metal Recovery for what to backup.
Now that we have our backup goal set we can hit Prepare Infrastructure.
After hitting the Prepare Infrastructure button you get links to download the MABS server and credentials to register your server. Go ahead RIGHT mouse click the download link for MABS and choose to open in new tab.
From the new tab choose to download button.
Next, we get a popup with files listed for backup. Choose all of them then choose Download.
After the files are done downloading, copy all of the files to the server that’s going to act as your MABS server. Now go back to the original tab and choose to download the vault credentials.
3 - Install MABS and SQL Server
Copy the credentials file over to the same location where you copied the setup files for the MABS server. The creds file will have an extension of .VautlCredentials. After copying that file over, switch to the server that is to be the MABS server and run the .EXE. For me that’s MABS_V4.EXE.
You’ll notice below that I’m installing on the C: drive. This is only to expand the files so choose a disk with enough space.
Now, find the files that were expanded. The default location is “c:\Microsoft Azure Backup Server V4” and run the Setup.exe file (again as Administrator.)
You’ll get a popup with options for install. Choose Microsoft Azure Backup Server and accept the license agreement when that comes up.
Choose Next to start the installation process.
After you choose to check prerequisites it allows you to continue if everything is good. Hit Next.
On this next screen we’ll choose to install a new instance of SQL and hit Check and Install. This is another good reason to have an additional disk to install SQL and/or MABS on.
I got an error with the SQL check. At this point I need to reboot to apply the missing prerequisites.
After rebooting, I reran the setup.exe and went through same steps until I got to the check for SQL, which passed this time. Now you can hit Next.
Here is where you can change the install location for most of the MABS features. I’m going to leave these, but would suggest if this is production at a minimum changing the database file location to a dedicated drive.
At this screen enter a secure password for your the local accounts generated by MABS. Then hit Next.
The next screen asks if you want to use Microsoft Updates. After you choose hit Next then Install.
After you hit Install it will take a few minutes to install all of the files and settings. The Proxy config is next. Unless you use a Proxy server just hit Next.
If any additional Windows features are needed it will install them here. Choose Install and Next after the install completes.
Now that MABS is installed we need that credentials file we downloaded earlier. After you load it hit Next.
After you hit Next you’ll be asked to create a passphrase to encrypt your backups. Make sure you don’t forget it. If you do you can’t access your backups! Enter a secure passphrase then save it somewhere secure (not on this server), hit Next after you’re done.
After you hit Next SQL Server and the MABS agent are installed.
We’ve finally finshed the install. Now hit Close and reboot the server..
4 - Setup MABS Server
Now that we have MABS and SQL installed we can start setting up MABS, but before we do that we need to add two registry keys. I found that I was getting timeouts and these registry keys fixed the issue. You can bypass this step and add it later if you need to.
HKLM\SYSTEM\CurrentControlSet\Services\LanmanWorkstation\Parameters\ Value type: Dword Value name: SessTimeout Value decimal: 2400
HKLM\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters\ Value type: Dword Value name: SessTimeout Value decimal: 2400
After making the change reboot the server.
Now we can get started setting up the MABS server. First, launch the shortcut from the desktop called Microsoft Azure Backup Server. Then choose Management from the bottom left, click Disk Storage then hit the Add button.
When we hit add to add a disk you might not see any disks. I added a disk to this machine, but didn’t prepare it.
Let’s go into Computer Management and choose Disk Management to setup our disk. You’ll noticed we have two disks. My C: drive is Disk 0 and Disk 1 is the extra disk we need for backups. For Disk 1 you need to make it online and then choose to Initialize it.
When you choose to Initialize the disk you get a choice of MBR or GPT. Leave it GPT and hit OK.
Now we need to format the disk. Right mouse click it and choose New Simple Volume…
I’m not going to show all of the default screens, but when you get to the drive letter assignment, assign the drive letter you want to use and hit Next.
On this screen name your volume and hit Next until you finish.
Now when we go back to the MABS dashboard and hit Disk Storage and Add we can see the disk. Go ahead and select the disk, hit Add and choose OK.
Now that we have the disk setup you might be asking how large does that backup disk need to be? That’s a good question. It depends on the backup frequency, retention and size of the disks you’re backing up. I would suggest using a VM for this server so you can expand the backup disk as needed.
5 - Install agent on Protected server
After creating the backup disk we need to add protected servers. The first thing we need to do is add the Windows Server Backup feature on the server we want to backup. So let’s navigate over to a server we want to protect and add the feature.
We’ll add the same registry keys to the server we want to protect.
HKLM\SYSTEM\CurrentControlSet\Services\LanmanWorkstation\Parameters\ Value type: Dword Value name: SessTimeout Value decimal: 2400
HKLM\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters\ Value type: Dword Value name: SessTimeout Value decimal: 2400
After making the change reboot the server.
One more thing before we leave our protected server, if you have the firewall enabled you’ll need to add this exception rule for the backup agent install. (Replace <IPAddress> with the IP address of your MABS server)
Now we need to go back to the MABS dashboard and choose Management, then Production Servers, Add and Next.
This screen allows you to choose Install or Attach agent. We’ll choose Install agents and Next. If your MABS and Protected servers are not in a domain then choose Attach Agents.
Choose the server you want to add. Im my case it’s SQLSRV1, hit the Add button then Next.
Now enter the username and password and Domain if it’s not correct. You’ll need a username that has admin permissions. After you enter your credentials, hit Next.
The protected server will need to be rebooted after the agent install. Choose Yes, then hit Next and finally choose Install on next screen.
Success! Our agent is installed. Choose Close to complete the install.
6 - Setup Protection Group with Backup Schedule
Okay, we’ve installed the agent on the protected server, but now we need to create a Protection Group that holds all of our backup options. From the MABS dashboard choose Protection , New and Next.
The next screen allows you to choose Servers or Clients. We’re backing up Servers so choose that and Next.
After you hit next you might not see any servers listed except for our MABS server. That’s because we need to open a port on the firewall.
I know I mentioned this above, but just in case you forgot. Here is the command you need to run to enable access for the agent.(IPAddress is the local IP address of the MABS server)
Okay, much better. I can see SQLSRV1 and all of the backup options below it. Our backups are for bare metal recovery so we’re only choosing that option (System State is auto checked if you are doing BMR.) After you make your choices choose Next.
Now, name your Protection group and leave both short-term protection and online protection checked. (you can’t uncheck short-term if you want to use online protection.)
This next screen allows you to setup on-prem disk based backups. I’m going to set the retention to 7 days and do a full backup nightly. (This isn’t as important to me since my goal is to keep bare metal backups online in the event of a disaster.)
This screen is a review of your available backup disk space. You can hit Next.
For the initial backup you can schedule it to backup over the network or copy from removable media. I’m going to choose over the network and Now, but if this was production I would schedule for after hours. After your choice hit Next.
The next option is to run a consistency check. I’m going to leave the default and hit Next.
Choose the servers you want to protect then hit Next.
Now we have the option of choosing our online backup schedule. Unfortunately, there is a limit of only 2 times a day. After you set your schedule hit Next.
Setup your online retention policy. Since this is a demo I set mine to retain for only 7 days, but you can set this up for weekly, monthly and yearly. After you’re done hit Next.
For the initial online backup we’ll choose Online and hit Next.
Okay, we got the Protection Group created. All we need to do is hit Create Group.
Everything is now setup. We can close this window and monitor our backups.
Checking the monitor tab I can see that my initial replica and online recovery point worked, but my initial disk based recovery point failed.
I’m not sure why my initial disk based recovery point backup failed, but after I initiated a manual recovery point it worked.
Conclusion
In this post we created a recovery services vault in Azure. We installed and setup the MABS server. We then setup a protected server on a backup schedule for on-prem to disk and to Azure. I hope this post was helpful. If you have any questions or comments please leave them below.