• Why back up Azure VMs? The reasons for backing up VMs on-premises and in Azure are similar. Different customer segments derive different value from the solution, but here is a list of commonly encountered reasons for backup of VMs:

     Reduced restore time during disasters The VM contains all the information needed to get the application up and running. This includes the operating system, the application software, the configuration settings, and the data. It would typically take more time to piece together all of these at the time of restore, so restoring the complete VM is much faster.

     Greater suitability for long-term retention The VM includes the user data and the associated application software to work with it. Thus, the restores done from very old backup points are more likely to achieve any data retrieval goals.

     Easier management The VM acts as an encapsulating entity for the data. Rather than manage tens to hundreds of smaller data entities, the VM makes it simpler for the backup administrator. This makes patch rollback scenarios easy to address.

    Source of Information : Microsoft System Center

  • Backup scenarios This section examines some of the different backup scenarios that can be implemented using Azure Backup.

    Tape replacement
    Many organizations store their backup data on-premises on disk media and store their long-term retention data on tapes. They invest in significant tape infrastructure to meet their compliance requirement. Besides the cost of tape infrastructure, tapes require manual intervention to replace the older ones. Tapes must be labelled correctly and risk potential errors and data loss if they are mishandled. To store tape data offsite, organizations must arrange tape pick-up on a daily or weekly basis. In addition, to recover offsite data, organizations must request all the relevant tapes and restore the data.

    Cloud-based backup inherently addresses all of the preceding issues. As long as organizations have network connectivity to the cloud provider, backup to the cloud saves money. Organizations can leverage the pay-as-you-go model with the cloud rather than investing in upfront costs for tape storage.

    Beyond the cost savings, there are other inherent advantages to storing backup data in the cloud:
     Data can be retrieved even if there is a disaster on-premises.
     Restore times are cut down and there is no need to wait for the tape delivery from offsite.
     There is no need to restore all data to retrieve a single item.

    Azure Backup is clearly a good solution to address the tape replacement scenario because it provides a competitive tape replacement strategy for businesses.

    Branch office backup
    Branch offices typically have fewer machines and smaller infrastructure than a large datacenter. However, the data generated in branch offices is often critical for the business. Some organizations back up this data locally in the branch office, which means they need to purchase additional storage for each branch in addition to managing the complexity of the storage and backup infrastructure in each branch.

    More than a handful of branch offices increases the management complexity multi-fold. In this case, some organizations back up their branch office data to the main office. But this again means that the main office must purchase the storage necessary to support all the workloads that are backed up from each of the branches.

    With cloud-based backup, however, organizations can eliminate their local storage and back up data directly to the cloud. Azure Backup enables businesses to back up their Windows-based servers directly to the cloud, thereby eliminating local storage at each of the branch offices.

    Windows client backup
    With Azure Backup, organizations can back up files and folders on their Windows-based desktops and laptop computers directly to the cloud with an entirely self-service model where the IT administrator needs to take minimal or no action on behalf of the user. Since the data is encrypted when it leaves the computer, data is always secure. Individuals in a small organization can either share the same vault or each user can have a dedicated vault or subscription, depending on the sharing needs among the individuals in the organization.

    Protection of Microsoft Azure assets
    With an ever-increasing number of enterprises and small businesses moving their workloads to the cloud, organizations need a simple mechanism to ensure that data created in the cloud is also backed up, just as is done on-premises. Microsoft Azure inherently provides high availability and redundancy of storage with the guarantee that if there is a storage or computer outage, the application can continue to run using redundant storage or computers. With the support for backup of Azure IaaS virtual machines (VMs), however, (which is currently in preview at the time of this writing) organizations can get the benefit of additional protection since they can protect their workload data from software corruption or data loss scenarios as well. In addition, organizations can always test their backups by performing a restore of data periodically.

    Source of Information : Microsoft System Center

  • Advantages of Azure Backup Azure Backup makes a great case for moving on-premises tape and disk infrastructure to the cloud. As with all cloud solutions, it is cost effective, with a pay-as-you-go model and no upfront costs. But unlike other cloud-connect strategies, Azure Backup is built as a cloud-first software as a service.

    This model has several advantages. The service comes with 99.9 percent availability time. As users create a backup vault to store data, the data is stored in geo-replicated storage, protecting it from disasters. Even if there is an outage of one of the Azure datacenters, the data is accessible.

    But it is not sufficient for the data to be geo-redundant; the service that enables access to data should also be geo-redundant. Azure Backup is available in two or more regions per geography and has a built-in business continuity plan so that even when the primary Azure datacenter experiences an outage, the service fails over to a new datacenter. Therefore, regardless of whether the organization loses on-premises data or whether the Azure datacenter has an outage, both the data and the backup service are available for customers to retrieve their data. If Azure fails over to a secondary data center, customers are able to browse all the recovery points associated with backup, pick any recovery point, and perform a restore, as well as continue backing up data to the service post failover.

    With Azure Backup, backed up data is always encrypted on both the wire and at rest on Azure such that it is always secure before it leaves the on-premises datacenter. The Azure Backup service also maintains backup metadata that enables customers to restore data anywhere from Azure to an alternate Windows-based or DPM server.

    Source of Information : Microsoft System Center

  • Recovering tenant VMs All tenant VMs are deployed with a single parent VHD. DPM’s original location recovery workflow will not work for tenant VMs. Complete the following steps to recover tenant VMs:

    1. In the VMM console, determine the name of the host on which the VM that you want to recover is located by doing the following:

    a. In the VMs And Services workspace, expand All Hosts, and then click Compute Clusters.

    b. In the VMs pane, type the name of the VM.

    c. Note the value in the Host column that is associated with the VM.

    d. Note which compute cluster the host is a member of. (Under Compute Clusters, click each cluster to view the members.)

    e. Right-click the VM, and then click Properties. Click the Hardware Configuration tab. Under Bus Configuration, the VHDs that are attached to the VM are listed. Click the operating system VHD (typically the first one under IDE Devices) to see if there is a VHD chain. Note the value in the Fully Qualified Path To Parent Virtual Hard Disk box (for example, copy and save it to Notepad). If the VM properties are corrupted and you cannot access them, you can skip this step.

    2. In the VMM console, find a tenant share that has enough available capacity to store the recovered VM by doing the following:

    a. In the Fabric workspace, expand Storage, and then click File Servers.

    b. In the File Servers, File Shares pane, expand the file server that is in the same rack as the compute cluster where the Hyper-V host that you identified in step 1c resides.

    c. Use the Available Capacity column to find a TenantShare with enough free space. (This procedure uses the example share \\-FS-02.contoso.com\TenantShare14.)

    3. On the Console VM, open Failover Cluster Manager, and connect to the compute cluster on which the host that you identified in step 1c is a member of.

    4. Under the cluster name, click Roles.

    5. In the Roles pane, find the cluster resource name of the VM that you want to recover. The name will be in the format SCVMM VMName Resources.

    6. On the Console VM, open Windows PowerShell, and run the following commands to delete the VM. Press Enter after each command. Note that the Hyper-V host is the host on which the VM that you want to recover is located.
    Stop-VM -ComputerName HyperVHostName -Name VMName Remove-VM -ComputerName HyperVHostName -Name VMName

    7. Create a symbolic link to the tenant share that you identified in step 2 by first running the following command:
    Enter-PSSession -ComputerName HyperVHostName
    In the remote session, run the following commands:
    cd c:\ cmd /c "mklink /d DirectoryName \\SharePath" exit

    8. On the Console VM, find the DPM server that backs up the VM that you want to recover. To do this, complete the following steps:

    a. Open the Operations console.

    b. In the Monitoring workspace, expand System Center 2012 R2 Data Protection Manager, select State Views, and then click Protected Servers.

    c. In the Look For box, enter the cluster resource name of the VM.

    d. In the DPM server column, note the name of the DPM server that backs up the VM.
    You can also do this by running the following Windows PowerShell command from the Operations Manager Shell:
    Get-SCOMClassInstance | where {$_.DisplayName -like '*clusterresourcename*'} | foreach { $_.'[Microsoft.SystemCenter.DataProtectionManager.

    9. Open the DPM administrator console, and connect to the DPM server that you identified in step 8. Find and note the name of the protection group that the VM that you want to recover was added to.

    10. On the Console VM, recover the VM by running the following Windows PowerShell commands as an elevated user. Press Enter after each command. Note that DPM-TenantVM-0# is the name of the DPM server that you identified in step 8, ProtectionGroupName is the protection group that the VM is a member of, VMName is the NetBIOS name of the VM that you want to recover, and SymbolicLinkOnHyperVHost is the symbolic link that you created earlier, for example c:\test1.
    $pg = Get-DPMPRotectionGroup -DPMServerName DPM-TenantVM-0# | where {$_.Name -eq "ProtectionGroupName"} $ds = Get-DPMDatasource -ProtectionGroup $pg | where {$_.Computer -eq "VMName"} Get-DPMRecoveryPoint -Datasource $ds | select Name, BackupTime ## this is used for display only $rps = Get-DPMRecoveryPoint -Datasource $ds $rpo = New-DPMRecoveryOption -HyperVDatasource -TargetServer HyperVHostName -RecoveryLocation AlternateHyperVServer -RecoveryType Recover -TargetLocation $rp = $rps[$rps.Length - 1] ## Value of - 1 indicates the latest recover point. A value of - 2 would be the recovery point before that. $ri = Get-DPMRecoverableItem $rp -BrowseType Child Recover-RecoverableItem -RecoverableItem $rp -RecoveryOption $rpo

    11. On the Hyper-V host on which the VM is located, open Windows PowerShell as an elevated user.

    12. Perform a storage migration by running the following command where SOFSShare is the share that you identified in step 2.
    Move-VMStorage -ComputerName HyperVHostName -VMName VMName -DestinationStoragePath SOFSShare

    13. Re-parent the VM to its original parent that you identified in step 1e by running the following command. (You can skip this step and continue to step 15 if the original VM configuration was corrupted and you could not get this property value in step 1e.)
    Get-VMHardDiskDrive VMName | Get-VHD | where {$_.parentPath -ne $null} | Set-VHD -ParentPath "\\SharePathofParentVHD"

    14. Delete the "local" parent VHD (that was just recovered).

    15. Delete the symbolic link. To do this, open a Windows PowerShell session as an elevated user, and then run the following commands. (Press Enter after each command.)
    Enter-PSSession -ComputerName HyperVHostName
    del DirectoryName

    16. From a Console VM, run the following Windows PowerShell commands to configure the VM as highly available. Press Enter after each command. (You must connect the VM to its original cluster resource role.) Note that in the following commands, VMClusterResourceName is the cluster resource name for the VM (for example "SCVMM VMName Resources"), ComputeClusterName is the compute cluster name on which the Hyper-V host resides, and VMConfigLocation is the location that is identified in the Get-VM command that you run in this procedure.
    Get-VM –Name VMName | Select VMId, ConfigurationLocation $res = Get-ClusterResource -Name "VMClusterResourceName" -Cluster ComputeClusterName Set-ClusterParameter -InputObject $res -Name VMId -Value -Cluster ComputeClusterName Set-ClusterParameter -InputObject $res -Name VmStoreRootPath -Value "VMConfigLocation" -Cluster ComputeClusterName

    Source of Information : Microsoft System Center

  • Adding tenant VMs to backup As the new VMs are deployed on the CPS stamp, customers can run a runbook (called Protect-TenantVMs) to protect new tenant VMs that were just created. All VMs are configured to protect once daily with a retention period of one week. Test VMs that do not need DPM protection can be excluded by specifying an exclusion VM list using a runbook (called Add-DPMExclusionItems).

    You must run the Protect-TenantVMs runbook to manage tenant VM protection. This runbook adds up to 75 newly created VMs to a protection group in DPM. You should run this runbook manually or through a scheduled task once each day. After a tenant VM is added to a protection group, by default, the tenant VM is configured for daily backup, with a retention period of seven days. This runbook is designed to protect 75 new VMs per run per day to ensure enough time to complete tenant VM backups in the backup window and enough time for the deduplication process to complete. If more than 75 new VMs were created (on one rack) and you need to add them to a protection group on the same day, you can run this runbook more than once to protect the additional VMs.

    The data deduplication process reduces backup storage usage. There is a default schedule for data deduplication and for tenant backups.

    You should plan to run the Protect-TenantVMs runbook so that it does not interfere with the backup window. Therefore, run it any time between 6:00 AM and 6:00 PM local time (at least three to four hours before the backup window starts).

    If you need to prevent protection of some VMs, you can run the Add-DPMExclusionItems runbook and specify VM names (wildcard characters are supported) that should be excluded during VM protection.

    Source of Information : Microsoft System Center

  • Using DPM servers for tenant backup By default, the CPS installation process provisions eight tenant DPM servers per rack that can be used for tenant backup. These servers are deployed to the compute clusters and use the naming convention DPM-TenantVM-0# (-01 through -08 on the first rack, -09 through 16 on the second rack, and so on). All of these DPM servers are pre-configured and ready to protect.

    To provide spindle isolation and to keep backups on a separate pool, one storage pool on each rack is assigned for backup. This backup pool is configured as dual parity to maintain N+2 redundancy and has total usable capacity of 115.2 TB. Each tenant backup DPM server is provisioned with 20 TB of allocated disk space (20 VHDs of 1 TB each) that is provisioned on 15.4 TB of physical space. This difference between allocated and physical disk space is addressed by data deduplication that runs on the backup pool.

    Source of Information : Microsoft System Center

  • Recovering infrastructure VMs There are three infrastructure VMs (for Active Directory, DNS, and DHCP) in the management cluster. All of them are backed up locally by using Windows Server Backup.

    If one or more of the Active Directory/DNS/DHCP instances fails because of corruption or deletion of critical directories, you can use bare metal recovery to recover the instance. The procedure for using bare metal recovery to recover a single instance is described in this section. If there are multiple instance failures, you must repeat this procedure sequentially for all failed instances.

    1. From the VMM console, connect to the failed domain controller VM. Boot the Active Directory/DNS/DHCP server into Windows Recovery Environment (WinRE). The server automatically boots into WinRE if it fails to boot into normal mode twice. If the server boots normally, run the following commands at a command prompt to restart in WinRE mode:
    reagent /boottore shutdown /r /t 0

    2. In WinRE mode, click Troubleshoot.

    3. On the Advanced Options screen, click System Image Recovery.

    4. Select the Administrator account on the System Image Recovery screen.

    5. Type the password on the next screen.

    6. In the Re-image Your Computer Wizard, you can see the latest available system image for recovery. If you want to recover to an older point in time, click Select A System Image, and choose the desired point in time. Click Next.

    7. Click Next on the Choose Additional Restore Options page.

    8. Click Finish to complete the Re-image Your Computer Wizard. The following screens display the progress of the recovery as all volumes are restored.

    9. In the dialog box that is displayed, click Restart to restart the computer.

    10. After recovery completes, schedule full server backups by using the Windows Server Backup
    tool, as described in Configure Automatic Backups to a Volume at http://technet.microsoft.com//library/dd851674.aspx. You can do this as follows:
    a. On the Select Backup Configuration page, click Full Server (recommended).
    b. On the Specify Backup Time page, click Once A Day, and then select 12:00 AM as the backup time.
    c. On the Specify Destination Type page, click Back Up To A Volume.
    d. On the Select Destination Volume page, select Local Disk (F:) as the destination volume.

    Source of Information : Microsoft System Center

  • Recovering Virtual Machine Manager VMM plays a key role in managing the hosts and VMs in the CPS environment. If you have exhausted all options to try to recover from application failure, you can use DPM to recover the VMM database to an older point in time.

    To recover the VMM database, complete the following steps:
    1. From the console VM, open Failover Cluster Manager.

    2. Connect to the management cluster.

    3. Shut down the two VMM VMs (-VMM-01, -VMM-02) that are located on the management cluster.

    4. Use the steps in the section "Recovering a database to its original location" to recover the VMM database (called VirtualManagerDB in SCSHAREDDB SQL Server instance). To minimize data loss, be sure to select the latest recovery point.

    5. Open Failover Cluster Manager, and connect to the management cluster.

    6. Start the VMM VMs.

    7. In the VMM console, verify that the content in the Fabric workspace is updated.

    8. Detect and repair any data consistency issues by following the required steps in the “How to use data consistency runbooks” section in the CPS Admin Guide.

    To recover the VMM VMs, complete the following steps:
    1. From the console VM, open Failover Cluster Manager.

    2. Connect to the management cluster.

    3. Shut down the two VMM VMs (-VMM-01, -VMM-02) that are located on the management cluster.

    4. Use the steps in the "Recovering VMs to their original location" section to recover the VMM VMs. To minimize data loss, be sure to select the latest recovery point.

    5. In Failover Cluster Manager, connect to the management cluster, and then click Roles. In the Roles pane, right-click each VMM VM, and then click Start.

    6. In Failover Cluster Manager, connect to the VMM guest cluster -HA-VMM, and then click Roles. If the -HA-VMM clustered role is not running, right-click the role, and then click Start Role.

    7. Detect and repair any data consistency issues by following the required steps in the “How to use data consistency runbooks” section in the CPS Admin Guide.

    Source of Information : Microsoft System Center