This topic has been blogged about a few times already. Some of the posts I have seen just contain information about the service and not the setup, are no longer current, or are missing information on generating a certificate.
I have decided to go ahead and blog about this to detail my experience in the setup. In this post I am going to walk through deploying Azure backup for DPM 2012 SP1.
Here is what will be covered: setup of Azure cloud backup, adding Azure cloud backup to a protection group, and recovering data from Azure cloud backup in DPM.
Setup of Azure cloud backup:
This is what the Azure management portal looks like and the first screen you will see when you go create a backup vault. To create the backup vault click on Recovery Services and add cloud backup.
Use the Makecert tool to create a local cert or use an existing local CA to generate the certificate for your DPM server.
Makecert can be found here: http://msdn.microsoft.com/en-us/windowsserver/bb980924.aspx as a part of the Windows SDK.
To install makecert.exe only select the option Tools under .Net Development in the SDK install wizard.
Here is the process to create a certificate for your local DPM server.
Open an elevated command prompt (with Admin privileges) and CD to the location where makecert.exe is stored.
On my server it was here:
C:\Program Files\Microsoft SDKs\Windows\v7.1\Bin Once are there type the following syntax:
makecert.exe -r -pe -n CN=YOURDPMSERVERNAMEHERE -ss my -sr localmachine -eku 188.8.131.52.184.108.40.206.2 -len 2048 -e 01/01/2016 YOURDPMSERVERNAMEHERE
After you create the certificate properly it will be created and stored in the same location here:
C:\Program Files\Microsoft SDKs\Windows\v7.1\Bin.
NOTE: The expiration date of your certificate has to be no more than 3 years from today’s date or
Azure will not like the cert and you will receive this error:
Now back on Azure in the vault, click Manage Certificate to upload the .cer file that you just generated.
Now we need the Windows Azure Backup Agent. This agent is what facilitates the transfer of data between DPM and Azure.
Download the agent for DPM. Be sure to download the right agent. It will be a WABInstaller.exe executable.
Make sure you have your DPM server patched to the latest update or the agent will not install.
Go ahead and install the Windows Azure Backup Agent.
Now when you go back into DPM under Management you will notice a new option to Register for online protection.
Click on Register.
Click browse. Your local certificate you created will appear. Select it and click Ok.
Now select your backup vault from Azure.
Configure proxy if you need to.
Configure throttle settings if you need them.
Set your local DPM staging folder for your recoveries. This is where data that is restored from Azure will be placed.
Not that you need to have enough local space on your DPM server in the staging folder to contain the data that is recovered from Azure.
So if you are recovering a 50GB file when uncompressed from Azure you need 50GB free space in your staging folder.
Next is your passphrase for encryption. Make sure you document this. Use the copy to clipboard and save this somewhere safe.
You will need this if you need to recover data from Azure to another server.
NOTE: Your data is encrypted at all times on Azure starting from the time it is sent over the wire.
Now click on register to complete.
Now you will notice more changes when in Management of DPM. There is a Configure button. This allows you to change your registration with Azure.
Also note data is being tracked about your Azure backup such as space used and the registration status is live and your Azure backup agent version is shown.
You can also log into your Azure management portal and see your DPM servers listed.
Adding Azure cloud backup to a protection group:
Now let’s go out and send some data out to the cloud for protection. Remember we can only protect these types of data up to Azure right now:
File based workloads
Go ahead and modify or create a new protection group.
When you get to the Select Data Protection Method screen you can now select “I want online protection”.
You have two new options now with in the protection group wizard for online protection. These are:
The first option allows you to choose what data to send up to Azure.
The second option allows to choose how many days’ worth of data you want to store and what time to sync.
Note: You can only synchronize to Azure twice per day.
Now when you go to Protection in DPM and highlight a protection group you can see if it is setup for Azure cloud backup.
That’s all around setting up of Azure cloud backup for DPM and adding Azure cloud backup to a protection group.
Recovering data from Azure cloud backup in DPM:
In regards to the steps for recovering data within DPM from Azure cloud backup.
they are very similar to recovering data from local disk in DPM.
The only difference is that when you select your recovery point make sure you are recovering from Online.
Here are some more resources around DPM 2 Azure cloud backup:
Online Backup to Windows Azure Using System Center 2012 SP1 – Data Protection Manager
Get easy cloud backup option with System Center 2012 SP1
DPM 2012 SP1 and Azure Backup and Recovery – Steps from start to finish