Data Protection Manager is able to use Windows Azure as storage support. The feature is called Backup Vault in Windows Azure. This last can be used also with Windows Server Backup feature. To be able to use Windows Azure with Data Protection Manager, you need a computer certificate on the DPM server (self-signed or signed by a certificate authority, and you need the Windows Azure Backup agent. Of course a Windows Azure subscription is needed. For this topic, I use a free trial registration.
Online backup with Windows Azure has some limitation:
- A disk pool is necessary
- Only primary server can use Windows Azure
- Only two recovery points per day can be created
- The retention range maximum is 120 days (448 days for disk)
- Only Hyper-V SQL and files can be protected in Azure
Before that you install Windows Azure Backup Agent, DPM shows below information:
So first, we have to configure Windows Azure. The first step is to upload the computer certificate, and next to download Windows Azure Backup Agent.
Windows Azure side configuration
First I have created recovery services (create a new vault). I have called this server AzureBackup.
When you click on your service, you have information about the steps to follow to configure your recovery service. First it is necessary to upload the computer certificate. Mine is called DPM1.fabrikam.com.cer.
I have an AD CS on my lab infrastructure so I have enroll my DPM server. I have uploaded the above certificate. Once you have upload your certificate, click on Download Agent (Agent for Windows Server and System Center – Data Protection Manager).
That’s all about Windows Azure configuration. Pretty easy no?
Data Protection Manager server configuration
Now it’s time to configure DPM server. First it is necessary to install the Windows Azure Backup Agent. The file is called WABInstaller.
After that the agent is installed, open your DPM administrator console and open Management tab. Now the Azure Backup Agent version is filled. So click on Register to connect your DPM server to Windows Azure.
Select your certificate locally. DPM requests Azure to find the same certificate. Previously we have uploaded the same in Azure so DPM finds a match with AzureBackup recovery service.
Next configure your proxy configuration.
Then configure Throttling settings. This is a feature that limits the bandwidth consumption. You can declare work hours and days and limit bandwidth for work hours and non-work hours.
Next specify a recovery folder that will be used as a temporary location for recovery. When you recover a data sources from Windows Azure, files will be copied on this temporary folder first. When data sources will be recovered, the temporary data will be cleaned up.
Next specify a passphrase to encrypt your data in Windows Azure.
Now you have a new storage support for your protection groups.
Now that DPM is registered for online storage, you can find a reference to your server in Windows Azure. Click on your Recovery Service Dashboard:
Use Windows Azure with Data Protection Manager
To test the Windows Azure and DPM configuration, I create a protection group to use my online storage. If you don’t know how to create protection group, please view this topic. On Select Group Members screen, I select the temp folder of hyperV01 server. I use a small folder because the goal is to test the solution.
Next I choose to protect my data with online protection.
If you have many data sources in your protection group, it is possible to select only the most critical of them.
Configure the Online protection Goals as short-term goals.
Once you have created your protection group, it appears in Protection tab and the online Protection should be enabled.