Back up a Windows server or client to Azure
This article covers the procedures that you need to follow to prepare your environment and back up a Windows server (or client) to Azure. It also covers considerations for deploying your backup solution. If you're interested in trying Azure Backup for the first time, this article quickly walks you through the process.
To back up a server or client to Azure, you need an Azure account. If you don't have one, you can create a free account in just a couple of minutes.
To back up files and folders from a server or client, you need to create a backup vault in the geographic region where you want to store the data.
Sign in to the Azure portal.
Click New > Data Services > Recovery Services > Backup Vault, and then choose Quick Create.
For the Name parameter, enter a friendly name for the backup vault. Type a name that contains between 2 and 50 characters. It must start with a letter, and can contain only letters, numbers, and hyphens. This name needs to be unique for each subscription.
For the Region parameter, select the geographic region for the backup vault. This choice determines the geographic region where your backup data is sent. By choosing a geographic region that's close to your location, you can reduce network latency when backing up to Azure.
Click Create Vault.
It can take a while for the backup vault to be created. To check the status, monitor the notifications at the bottom of the portal.
After the backup vault has been created, you'll see a message saying that the vault has been successfully created. It also appears as Active in the Recovery Services resource list.
Select the storage redundancy option by following the steps described here.
The best time to identify your storage redundancy option is right after vault creation and before any machines are registered to the vault. After an item has been registered to the vault, the storage redundancy option is locked and cannot be modified.
If you are using Azure as a primary backup storage endpoint (for example, you are backing up to Azure from a Windows server), consider picking (the default) geo-redundant storage option.
If you are using Azure as a tertiary backup storage endpoint (for example, you are using System Center Data Protection Manager to store a local backup copy on-premises and using Azure for long-term retention needs), consider choosing locally redundant storage. This brings down the cost of storing data in Azure, while providing a lower level of durability for your data that might be acceptable for tertiary copies.
To select the storage redundancy option:
a. Click the vault you just created.
b. On the Quick Start page, select Configure.
c. Choose the appropriate storage redundancy option.
If you select Locally Redundant, you need to click Save (because Geo-Redundant is the default option).
d. In the left navigation pane, click Recovery Services to return to the list of resources for Recovery Services.
The on-premises machine needs to be authenticated with a backup vault before it can back up data to Azure. The authentication is achieved through vault credentials. The vault credential file is downloaded through a secure channel from the Azure portal. The certificate private key does not persist in the portal or the service.
Learn more about using vault credentials to authenticate with the Backup service.
In the left navigation pane, click Recovery Services, and then select the backup vault that you created.
On the Quick Start page, click Download vault credentials.
The portal generates a vault credential by using a combination of the vault name and the current date. The vault credentials file is used only during the registration workflow and expires after 48 hours.
The vault credential file can be downloaded from the portal.
Click Save to download the vault credential file to the Downloads folder of the local account. You can also select Save As from the Save menu to specify a location for the vault credential file.
After you create the backup vault and download the vault credential file, an agent must be installed on each of your Windows machines.
Click Recovery Services, and then select the backup vault that you want to register with a server.
On the Quick Start page, click the agent Agent for Windows Server or System Center Data Protection Manager or Windows client. Then click Save.
After the MARSagentinstaller.exe file has downloaded, click Run (or double-click MARSAgentInstaller.exe from the saved location).
Choose the installation folder and cache folder that are required for the agent, and then click Next. The cache location you specify must have free space equal to at least 5 percent of the backup data.
You can continue to connect to the Internet through the default proxy settings. If you use a proxy server to connect to the Internet, on the Proxy Configuration page, select the Use custom proxy settings check box, and then enter the proxy server details. If you use an authenticated proxy, enter the user name and password details, and then click Next.
Click Install to begin the agent installation. The Backup agent installs .NET Framework 4.5 and Windows PowerShell (if it’s not already installed) to complete the installation.
After the agent is installed, click Proceed to Registration to continue with the workflow.
On the Vault Identification page, browse to and select the vault credential file that you previously downloaded.
The vault credential file is valid for only 48 hours after it’s downloaded from the portal. If you encounter an error on this page (such as “Vault credentials file provided has expired”), sign in to the portal and download the vault credential file again.
Ensure that the vault credential file is available in a location that can be accessed by the setup application. If you encounter access-related errors, copy the vault credential file to a temporary location on the same machine and retry the operation.
If you encounter a vault credential error such as “Invalid vault credentials provided," the file is damaged or does not have the latest credentials associated with the recovery service. Retry the operation after downloading a new vault credential file from the portal. This error can also occur if a user clicks the Download vault credential option several times in quick succession. In this case, only the last vault credential file is valid.
On the Encryption Setting page, you can either generate a passphrase or provide a passphrase (with a minimum of 16 characters). Remember to save the passphrase in a secure location.
Click Finish. The Register Server Wizard registers the server with Backup.
After the encryption key is set, leave the Launch Microsoft Azure Recovery Services Agent check box selected, and then click Close.
The initial backup includes two key tasks:
- Creating the backup schedule
- Backing up files and folders for the first time
After the backup policy completes the initial backup, it creates backup points that you can use if you need to recover the data. The backup policy does this based on the schedule that you define.
Open the Microsoft Azure Backup agent. (It will open automatically if you left the Launch Microsoft Azure Recovery Services Agent check box selected when you closed the Register Server Wizard.) You can find it by searching your machine for Microsoft Azure Backup.
In the Backup agent, click Schedule Backup.
On the Getting started page of the Schedule Backup Wizard, click Next.
On the Select Items to Backup page, click Add Items.
Select the files and folders that you want to back up, and then click Okay.
On the Specify Backup Schedule page, specify the backup schedule and click Next.
You can schedule daily (at a maximum rate of three times per day) or weekly backups.
For more information about how to specify the backup schedule, see the article Use Azure Backup to replace your tape infrastructure.
On the Select Retention Policy page, select the Retention Policy for the backup copy.
The retention policy specifies the duration for which the backup will be stored. Rather than just specifying a “flat policy” for all backup points, you can specify different retention policies based on when the backup occurs. You can modify the daily, weekly, monthly, and yearly retention policies to meet your needs.
On the Choose Initial Backup Type page, choose the initial backup type. Leave the option Automatically over the network selected, and then click Next.
You can back up automatically over the network, or you can back up offline. The remainder of this article describes the process for backing up automatically. If you prefer to do an offline backup, review the article Offline backup workflow in Azure Backup for additional information.
On the Confirmation page, review the information, and then click Finish.
After the wizard finishes creating the backup schedule, click Close.
The Backup agent provides network throttling. Throttling controls how network bandwidth is used during data transfer. This control can be helpful if you need to back up data during work hours but do not want the backup process to interfere with other Internet traffic. Throttling applies to back up and restore activities.
To enable network throttling
In the Backup agent, click Change Properties.
On the Throttling tab, select the Enable internet bandwidth usage throttling for backup operations check box.
After you have enabled throttling, specify the allowed bandwidth for backup data transfer during Work hours and Non-work hours.
The bandwidth values begin at 512 kilobytes per second (KBps) and can go up to 1,023 megabytes per second (MBps). You can also designate the start and finish for Work hours, and which days of the week are considered work days. Hours outside of designated work hours are considered non-work hours.
In the Backup agent, click Back Up Now to complete the initial seeding over the network.
On the Confirmation page, review the settings that the Back Up Now Wizard will use to back up the machine. Then click Back Up.
Click Close to close the wizard. If you do this before the backup process finishes, the wizard continues to run in the background.
After the initial backup is completed, the Job completed status appears in the Backup console.
- Sign up for a free Azure account.
For additional information about backing up VMs or other workloads, see: