Shulou(Shulou.com)06/02 Report--

This article describes how to set up a vault and select a VM to back up. This is useful if you want to back up multiple VM. If you want to back up a single Azure VM, please refer to the previous blog post.

Prepare Azure VM

In some cases (such as creating a VM using a locally uploaded VHD), you may need to set up an Azure VM proxy on the Azure VM or allow outbound access on the VM.

1) install VM Agent

Azure backup backs up Azure VM by installing extensions for Azure VM agents running on your computer. If your VM is created from the Azure Marketplace image, the agent is installed and running. If you create a custom VM, or migrate the local computer, you may need to install the agent manually, as described in the table.

VM

detailed information

Windows VM

1. Download and install the agent MSI file.

two。 Install on your computer with administrator privileges.

3. Verify the installation. On VM, in C:\ WindowsAzure\ Packages, right-click WaAppAgent.exe > Properties, > details tab. The product version should be 2.6.1198.718 or later.

If you want to update the agent, make sure there are no running backup operations, and then reinstall the agent.

Linux VM

Install using the RPM or DEB package in the distribution package. This is the preferred method for installing and upgrading the Azure Linux agent. All approved distribution providers integrate Azure Linux agent packages into their images and repositories. Agents are available on GitHub, but Microsoft does not recommend installing them from there.

If you want to update the agent, make sure that there are no running backup operations and update the binaries.

2) establish a network connection

Backup extensions running on VM require outbound access to the Azure public IP address.

In general, you do not need to explicitly allow outbound network access for Azure VM in order to communicate with Azure backups.

"if you have difficulty connecting to a virtual machine and you find an error ExtensionSnapshotFailedNoNetwork when trying to connect, you should explicitly allow access so that the backup extension can communicate with the Azure public IP address to obtain backup traffic."

Allow outbound acc

If your VM cannot connect to the backup service, explicitly allow outbound access using one of the methods summarized in the table.

Option

Action

Details

Set NSG rules

Allow Azure data center IP scope.

Instead of allowing and managing each address range, you can add rules that allow access to the Azure backup service using the service tag.

There is no extra charge.

Easy to manage with service tags.

Deployment Agent

Deploy a HTTP proxy server to route traffic.

Provides access to the entire Azure, not just storage.

Allows fine-grained control of the storage URL.

Single point of Internet access for VM.

The extra charge for the agent.

Set up Azure Firewall

Use the FQDN tag of the Azure backup service to allow communication through the Azure firewall on the VM.

It is easy to use if you set up Azure firewall in the VNet subnet

You cannot create your own FQDN tag, nor can you modify the FQDN in the tag.

If you are using an Azure managed disk, you may need to open another port (port 8443) on the firewall.

Set NSG rules to allow outbound access to Azure

If VM access is managed by NSG, outbound access to the backup storage is allowed to the desired range and port.

1) in Virtual Machine Properties > Network, click add outbound Port Rule.

2) in add outbound Security Rule, click Advanced.

3) in Source, select VirtualNetwork.

4) in the source port range, type an asterisk (*) to allow outbound access from any port.

5) in the target, select the service tag. Select Storage.region from the list. This area is the area where the vault and VM to be backed up are located.

6) in the destination port range, select the port.

Unmanaged VM:80 with unencrypted storage account

Unmanaged VM:443 with encrypted storage account (default)

Managed VM:8443.

7) in Protocol, select TCP.

8) in priority, specify a priority value that is less than any higher reject rule.

If you have a rule that denies access, the new allow rule must be higher.

For example, if the Deny_All rule is set to priority 1000, the new rule must be set to less than 1000.

9) provide a name and description of the rule, and then click OK.

Modify storage replication settin

By default, the vault uses offsite redundant storage (GRS).

Microsoft recommends that you mainly back up GRS.

The lower cost option of local redundant storage (LRS) can be used.

Modify the storage replication type as follows:

In the portal, click the new vault. In the settings section below, click Properties.

"back up the configuration under Properties in, and click Update."

"Select the storage replication type, and click Save."

Configure backup policy

1. Select Overview in the repository, and then click + backup

two。 In backup Target > where does the workload run? Select Azure. In "what do you want to back up?" Select Virtual Machine > OK. This registers the VM extension in the repository.

3. "in backup Policy, select the policy that you want to associate with the vault." .

The details of the default policy are listed under the drop-down menu.

Click New to create the policy.

4. In the Select Virtual Machine pane, select the VM for which you want to use the specified backup policy, and then click OK.

The selected VM is then validated.

Only VM located in the same area as the vault can be selected. VM can only be backed up in a single vault.

5. "in backup, select enable backup."

This deploys the policy to the vault and VM and installs the backup extension in the VM agent running on Azure VM.

This step does not create an initial recovery point for VM.

After enabling backup:

The initial backup will run according to the backup schedule.

The backup service installs backup extensions regardless of whether VM is running or not.

When VM runs, it is likely that you will get consistent recovery points for your application.

However, VM is backed up even if VM is turned off and the extension cannot be installed. It is called offline VM. In this case, the recovery point is consistent with the crash. Note that Azure backup does not support automatic clock adjustment based on the daylight saving time difference of Azure VM backups. Manually modify the backup policy as needed.

Run the initial backup

The initial backup will run as scheduled unless you run it manually immediately. You can manually run the initial backup as follows:

1) in the safekeeping library menu, click backup items.

2) in backup items, click Azure Virtual Machine.

3) in the backup items list, click the ellipsis.

4) Click backup now.

5) in backup now, use the calendar control to select the last day on which the recovery point should be retained, and then click OK.

6) Monitor portal notifications. You can monitor the progress of the job in vault dashboard > backup Job > ongoing.

Depending on the size of the VM, it may take some time to create the initial backup.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.