Configuring Azure Storage for Backups
Security Training Architect II in Content
In this hands-on lab, we configure Azure storage for backups. We also walkthrough configuring a VM backup policy. Then we go ahead and break a Windows VM (everyone's favorite activity!) and show how to restore from a backup. It's strongly recommended to have at least an hour to dedicate to this lab, as several of the tasks take quite some time to perform.
Configuring Azure Storage for Backups
In this hands-on lab, we will configure Azure storage for backups. We'll also walk through configuring a VM backup policy. Then we'll go ahead and break a Windows VM (everyone's favorite activity!) and show how to restore from a backup.
It is strongly recommended that you have at least an hour to dedicate to this lab, as several of the tasks take quite some time to perform.
We are system administrators responsible for the disaster recovery solution in place for our organization. We are going to stand up our Azure storage space, create a backup policy for the VMs, and then test those procedures to ensure that they work to the organization's specifications.
Before beginning the Solution video, we need to ensure that we have logged into the Azure portal.
Use the log credentials on the hands-on lab overview page, and get logged into the Azure portal.
Configure a Recovery Service Vault and a VM Backup Policy
Our Recovery Service Vault is our means by which we store data within the Azure Cloud. The VM Policy that we create applies to all of the VMs that we make this configuration applicable to. A Recovery Service Vault is already provisioned for this lab, but if you would like to walkthrough creating your own, please feel free to do so. Just make sure to use the one that is already provisioned for all tasks, due to the subscription settings assigned.
Configuring the Vault
To configure the one that we need to use for the lab, click on it in the dashboard. Click on the Properties link. Down under Backup Configuration, click Update. In the upper right of the screen, there's a Storage replication type slider that we need to set to Locally-redundant. Click the Save button above that.
Creating the Backup Policy
Now in the left-ish (not the far left) menu, click on Backup. We'll set the workload running to Azure, and the backup to Virtual machine. Then click the blue Backup button.
In the Choose backup policy dropdown, choose Create New. Give it a name (something like LABVMTestPol1. In the scheduling section, we're going to set the Frequency to Daily, the Time at 12:00 AM, and Timezone for wherever you're at (UTC-6:00 in the case of US Central Time).
Down in the Retention range section, we've got to make some more changes. We'll set the daily (12:00 AM) backup retention for 30 days, the weekly backup for 4 weeks, the monthly for 12 months, and we'll keep the yearly backups for just 1 year.
We can click the blue OK button when we're done, then on the next screen select the VM that this policy will apply to. Click the blue OK button, and then when it's done configuring we can click the blue Enable backup button in the lower left.
Log into Lab-VM and Create Files on Desktop for Backup
Get back into the main dashboard, and find
Lab-VM in the All resources list. Once we click on that, we'll see the public IP in the overview page. Copy that, then launch the Microsoft Remote Desktop app. We'll use the public IP we just copied, set our display resolution to something smaller than full screen (something that will fit on our screen), and use these credentials once we're prompted for them:
Once we're in, and the remote session is all up and running, right click on the desktop to create a few new text files. We don't have to name them anything special. Naming them
test3 would be fine.
Back up the Lab-VM
Back over in the Azure dashboard, we need to first register the VM that will be backed up, and assign it the correct policy. Navigate to the
Lab-VM properties page. Under Operations, select Backup. Once we're in, click on the Backup now button, near the top of the screen. There's a Retain Backup Till dropdown, and the default date in there (a month from now) is fine.
Once we've got that started, we can click on the View all jobs link, and we should see it in progress. This is going to take a while to finish though, maybe more than an hour. Now is a good time to grab a coffee, or write a book.
After the Backup Job is Complete, Delete Some Registry Keys to Break the Windows Machine. Once the Machine Is Down, Restore It Using the Backup We Created in the Previous Task
We've arrived at everyone's favorite activity: turning Windows machines into paperweights!
In the Remote Desktop window, let's open Regedit (by searching for it down near the Start menu), then expand HKEY_LOCAL_MACHINE in the tree. Expand SOFTWARE too, then right click on Microsoft, and pick Delete from the pop-out menu. This will delete the Microsoft key. There will be an error that not all of the key could be deleted. Have no fear though. We have successfully bricked this machine. Click OK in that dialog, and then head back to the Azure portal.
Navigate back into the dashboard, and into
Lab-VM. Click Stop at the top of the screen, and then Start. While it's trying to boot, navigate (in the left-hand menu) down to Support + troubleshooting section, and click on Boot diagnostics. We should get a snapshot of the BSOD (Blue Screen of Death) after a few minutes. This may require refreshing within the console.
Now, we can fix it with a backup. Get back into the
Lab-VM properties page, and click on Overview. Hit the Stop button again. Then let's get down into Backup again. In here, click Restore VM up at the top of the screen, then select our Application Consistent line, then click OK down at the bottom of the screen.
On the next screen, move the top slider from Create new to Replace existing, and choose our Staging Location from that dropdown. The Restore Type should already be set to Replace Disk(s). Then we need to his the OK button athte bottom of the page, but we need to make sure we've waited for the VM to finish shutting down. If we don't wait, we'll get an error, and have to do this part of the process all over again.
Once we get the message that the VM is off, we can hit OK. Then once the Restore button is blue, we can click on that too.
Once we do that, we're taken back out to the main Backup page, where we can click on View all jobs again to see what's happening. This might be another good time for a coffee. The restoration process could take 20-30 minutes.
Once the restore is complete, we can get back into our VM's overview page, and hit the Start button. Grab the new IP address, and after a few minutes we can use it to log in with Remote Desktop.
Now Instead of Restoring the Entire VM Using a Snapshot, Recover Just Using Some Files from the Snapshot
Navigate to the location where we created those text files earlier, and delete a couple of them.
Now we've got to open the Azure portal from within the VM, which will require us to go in and turn off IE Enhanced Security protection in Server Manager. To get there, click on the Start menu, then Server Manager. In that dashboard, click on the Local Server box, then click on the word On next to IE Enhanced Security Configuration. In the dialog that pops up, set options for both Administrators and Users to Off.
Now we can fire up IE and navigate to the Azure portal (https://portal.azure.com), click Continue to Azure Portal website, and log in like we did from our own PC. Once we're there, let's get into the Dashboard, then click on our Lab-VM. In there, we can navigate to the Operations section and select Backup. Up at the top of the screen, click on the File Recovery button.
Select our latest snapshot (the latest that says (AppConsistent) in the name) and then click on Download Executable, and then click the Copy button next to the password box. This executable is a Powershell script that creates a separate volume on the VM. Down at the bottom of the screen, click Run, to run the script. Paste the password we just copied when we're prompted. Press q to quit when we're prompted.
Now, in an Explorer window, if we look at This PC, we'll see a Windows (G:) link down the file system tree. If we click on that, drill down to Users > azureuser > Desktop. Mind you, this is only going to be the right place to go if we saved the files on our Desktop directory initially. Once we click in, we should see all three text files.
Now we can highlight and copy the files we're missing, then paste them wherever we want back in the C: drive (like, back on the Desktop).
After recovering the files, flip back over to the Azure console and make sure to hit the blue Unmount Disks button.
We made it. This was a pretty complex endeavor. We configured a backup schema, then we tested it twice. Once, we completely hosed a Windows VM, and brought it back with a full restore. Then we simulated just losing a few files, and were able to retrieve those as well, from the same backup. Congratulations!