Azure Backup - Part Three

#azure edit this page

In my previous posts I gave you an overview of Azure Backup und explained the “Direct Backup Azure VM to Backup Vault” solution a bit in detail. Lets now focus on the Azure Backup Server option which we can backup Files and Applications like ActiveDirectory, SQL, Sharepoint, Exchange and Hyper-V.


First of all you have to access the Backup vault and download the Microsoft Azure Backup Agent.


Select a server in your organization that is domain joined where you want to install the Backup software. Before the server uploads the data to the backup vault it saves at least one copy to a local drive. Give the server an empty volume with some space.


At the end you pair the server with our backup vault with a vault credential file. The file can be downloaded from the backup vault. Specify a Passphrase to encrypt your backups.


The server is now registered in visible in the backup vault.

Prerequisites and a more detailed description can be found here:

Backup plan

The next step is to define a Backup plan for the servers we want to protect. This task is pretty straight forward, I explain only the most important parts:

We specify Disk and online protection. Disk protection represents the short term and online the long term protection.


We specify how much restore points we keep on local disk for short term protection


Next step is to define the online Backup schedule and retention policy. In this example we configure the schedule to upload restore points daily at 09:00 PM.



Simple restore

The Backup runs now everyday and uploads the restore point to the backup vault. If we want to restore data we can see where the server recovers them from:



Full restore

Lets assume we backup our whole infrastructure with the Backup Server and upload the restore points to Azure. The local infrastructure isn’t available due to fire / server damage and we cannot access the backup server (and short term backups) anymore.
All of our backups are in the cloud and we want to restore the whole infrastructure.

It's a bit more complicated: To get access to the Azure Backups we have to install a Backup Server. To install the Backup Server we need a machine that's domain joined. Because of this prerequisites we have to follow some additional steps to recover the whole environment.

Here are the steps we have to do to get the full restore done:

  • Install a new server
  • Create a temporary domain and make the server its domain controller
  • Install a second new server
  • Join the server to the temporary domain
  • Install Azure Backup Server on the second server
  • Join the Backup Server to the Azure Backup vault. We have now access to the restore points
  • Restore the system state backup from a domain controller to a network location
  • Throw away everything except the restored backup
  • Install a new server, this will be the domain controller
  • Restore the system state backup on the new domain controller
  • Verify that the restored AD is working properly
  • Install a new server as the Azure Backup Server
  • Join the new Azure Backup Server to the restored domain
  • Install Azure Backup Server and connect it to the Azure Backup vault
  • Restore the DPM database
  • Start restoring everything else according to your DR plan
  • </ul>