Get best of the week

Getting started with Veeam Backup for Microsoft Azure

In modern times, both stability and novelty are pleasing. Here Veeam is true to itself: products will be released according to plan, and engineers are developing new solutions, including Veeam Backup for Microsoft Azure , which was released several weeks ago. In the last post, my colleagueLoxmatiymamontalready talked about its advantages and principles of work, and today we will consider the deployment and configuration of a new solution.



As you recall, this product is designed to back up virtual machines deployed in the Microsoft Azure cloud. It helps to safely and efficiently backup cloud infrastructures, and if necessary, quickly restore them. Integration with Veeam Backup & Replication is supported - so in organizations working with a hybrid infrastructure, you can deploy almost a whole platform for working with virtual and physical machines both in the cloud and at your own capacities.

For details, welcome to cat.

So, Veeam Backup for Microsoft Azure can:

  • configure policies for backup Azure VM
  • work with native snapshots of Azure VM
  • backup to Azure blob storage
  • create backups in standard Veeam format
  • calculate cloud storage cost
  • restore whole VMs or only single files

Deploy it quickly and easily directly from the Azure Marketplace .



To ensure backup security, Microsoft Azure service accounts and Active Directory integration are used.

The free version right out of the box allows you to backup up to 10 virtual machines. (Read more about licensing in a previous article .)

What is inside?


The main component is the controller server , a Linux-based virtual machine deployed in the Microsoft Azure cloud; Veeam Backup for Microsoft Azure is preinstalled on it.

The controller server performs all the important functions:

  • Backup Infrastructure Management
  • Control over the creation of snapshots, backup and recovery of Microsoft Azure VMs.
  • Scheduled backup policy support
  • Management of the configuration database, which stores information about policies protected by VMs, accounts, etc.

To protect certain cloud infrastructure objects, backup policies are created . When creating them, you can focus on the regional affiliation of protected objects, on service level agreements (SLAs), etc., etc. We will consider policy settings a bit later.

To process each individual VM, Veeam Backup for Microsoft Azure uses auxiliary components - workers . I’ll also tell you about their settings a little lower.

Veeam Backup for Microsoft Azure supports the creation of both snapshots and backups for managed and unmanaged disks of Azure virtual machines (including VM configuration).

Schematically, the operation of the solution during backup can be represented as follows:



When a backup policy is applied, Veeam Backup for Microsoft Azure does this:

  1. Retrieves configuration and VHDs for each VM from Microsoft Azure.
  2. Creates and saves snapshots and backup copies of these disks, while:
    • Snapshots of managed disks are saved in the same resource group where the original VM is located - through the Azure Compute API.
    • Snapshots of unmanaged disks are stored in the Microsoft Azure Store, where the original VHD is located. Blob uses the Blob Service REST API to add data to blob.
    • All VHD backups are saved to the repository as blob also through the Blob Service REST API. When backup to the repository, data encryption and compression are performed.
    • VM configuration data is saved in the Veeam Backup for Microsoft Azure configuration database.

Deploy Veeam Backup for Microsoft Azure


Before starting the setup, pay attention to the list of necessary ports and the necessary accounts and rights .

Also keep in mind that deploying Veeam Backup for Microsoft Azure to a dedicated resource group is recommended to isolate compliance from the production infrastructure - for added security.

The setup itself is pretty straightforward - go to the Azure Marketplace , go through the steps of the wizard and expand the virtual machine with Veeam Backup for Microsoft Azure installed (application).

In the Basic section of the VM creation wizard, do the following:

  1. From the Subscription list, select the subscription for which the application will be deployed.
  2. Resource group Veeam Backup for Microsoft Azure — .
    ! , , , .
  3. Virtual machine name.
  4. Region Microsoft Azure, .
    : , .
  5. [] Availability options (, availability set availability zone).
  6. Select a Veeam Backup for Microsoft Azure image in the Image list .




Further in the section Instance details you need:

  1. Specify the required size of the new virtual machine. By default, the setup sets the default optimal size based on the performance and cost of servicing the Azure VM. Learn more about Microsoft recommendations here .

    The minimum requirements for Veeam Backup for Microsoft Azure are 2 vCPUs and 4GB RAM .
  2. Check that NO is selected in the Azure Spot Instance options .

Then you need to go to the Administrator account section , in the authentication type settings, select the Password option and enter the username and password to access the Veeam Backup for Microsoft Azure web console.

Note: If you choose SSH public key instead of Password , you will not have access to the Veeam Backup for Microsoft Azure web console. Then we go to the Disks step and specify the disk settings for our machine. For best performance, we recommend the choice of OS disk type specify the Premium the SSD . Note:



Some values ​​will already be set by default, you can not change them.

Next, in the Networking step, we set the network settings.



Note: In the Load balancing section, verify that for Place this virtual machine behind an existing load balancing solution? No was indicated .

Then click Review + create , and our application is ready to go. This is what the web console looks like:



Account Settings


To work with resource groups, subscriptions and other Microsoft Azure objects, our solution will need a service account - it will be used by the specially designed Azure AD Application . This application can be prepared in advance or indicated that it should be created automatically and authenticated in the Azure cloud. Both options are described in the user manual (in English).

You can also configure additional accounting:

  • for working with backup repositories
  • to send notifications via the mail server
  • for users who need administrative rights to work with Veeam Backup for Microsoft Azure

To do this, go to the Accounts section in the console and follow the steps described here .



Configure backup infrastructure


Our server is configured, now we configure the repository and auxiliary components - workers .

  • If you plan to protect machines in Microsoft Azure only with the help of native snapshots, you can go directly to the second part of the Marlezon Ballet to configure workers.
  • If you want to use Microsoft Azure blob storages as a backup storage, you will need to create a backup repository entity in the Veeam Backup for Microsoft Azure console and specify the container and folder for it in the corresponding archive - these simple steps are described here .

As for workers , these are auxiliary Linux machines that help to scale the process and distribute the load during data transfer. The configuration of these components is created either by the controller server (it does this automatically during backup or recovery), or by the user.

The configuration defines:

  • how many workers can work in parallel
  • which virtual network and security group will these VMs belong to
  • what size will they be

An automatically created worker configuration is considered defaulted. It belongs to one Azure region and may contain 1 to 5 workers .
The user can create the configuration manually, as described here .



The following should be remembered about the work of workers :

  • One worker can process data from only one VM. That is, if you have 30 machines in the backup policy, then Veeam Backup for Microsoft Azure can deploy 30 such workers (when using a non-default configuration).
  • If the default configuration is involved (as they say, this is up to 5 workers ), then 5 machines will be processed at the same time, and the rest will wait in line.
  • On each VM with worker , the controller server installs these services:

    • Worker service - this service takes data from the Azure cloud.
    • File-level recovery service - during file-level recovery, this service is responsible for mounting (mounting) data from a backup to a worker VM

  • After a period of inactivity (idle time = 10 min ), the worker VM automatically shuts down .

The politicians here act as an analogue of the backup job; they are configured using the wizard, at the steps of which you must specify:

  • Azure Active Directory
  • Regions where protected resources are located
  • Type of objects (resources) to which the policy will be applied:
    • Subscription
    • Resource group —
    • Tags —
    • Individual VMs —

  • — blob storage, ,
  • Cost Estmation —

All this is described in detail here .



As for estimating the cost of Azure VMs backups, it is automatically performed by a calculator built into the policy creation and editing wizard. It is based on calculations of the monthly cost of traffic, transactions, backups and snapshots. A calculator is a useful thing to justify and plan your cloud infrastructure costs.
Thanks to it, you can immediately see how much the backup will cost you if it is performed according to a policy with such and such settings.

Recovery


Here are the recovery options offered to Veeam Backup for Microsoft Azure users:

  • Restoring the entire VM to its original location (with overwriting the original machine)
  • Restore an entire VM to a new location
  • File Level Recovery

Useful: Restoring at the file level is good in that it allows you to get the necessary data from the backup without having to lift the whole machine (saving money is obvious).



Integration with Veeam Backup & Replication


Recovery is supported in Microsoft Azure directly from backups created by Veeam Backup & Replication - and there Veeam Backup for Microsoft Azure will deal with VM protection.

Or vice versa: due to the fact that Veeam Backup & Replication can work with repositories based on Azure blob storage (where Veeam Backup for Microsoft Azure backups ), you can restore a Microsoft Azure VM from your backup to your “terrestrial” infrastructure, where it will already be protected by Veeam Backup & Replication. In general, everything to please the owners of hybrid infrastructures.

useful links


Well, in conclusion, as usual, a few useful links:

More articles:


All Articles