Export (0) Print
Expand All
1 out of 2 rated this helpful - Rate this topic

Configuring backup vaults for Windows Azure Backup

Updated: November 1, 2013

Applies To: System Center 2012 R2 Data Protection Manager, System Center 2012 SP1 - Data Protection Manager

Windows Azure Backup is supported for Data Protection Manager (DPM) in System Center 2012 SP1 and System Center 2012 R2. Configuring Windows Azure Backup consists of the following steps:

  1. Step 1 – Obtain a certificate—You can use either a valid existing management certificate for upload to the Backup vault, or obtain a certificate using makecert.exe.

  2. Step 2 – Create a backup vault—In Windows Azure Backup, create a new Backup vault.

  3. Step 3 – Upload a certificate—In Windows Azure Backup, upload the management certificate you created to the vault.

  4. Step 4 – Download and install the Windows Azure Backup agent —From Windows Azure Backup, install the agent on each DPM server you want to backup online.

Step 1 – Obtain a certificate

You can use an existing management certificate, or obtain a self-signed certificate with the Makecert tool. If you run makecert.exe on the DPM server you register with the Backup vault, you can browse for the certificate using the Register Server Wizard (which runs as part of the agent installation), and the Windows Azure Backup agent is installed on the DPM server. If you want to register a server that was not used to run makecert.exe, you must export the .pfx file (containing the private key) from that server, copy it to the server you want to register, and import it to the Personal certificate store on that computer. Then after the import you can browse for the certificate using the Register Server Wizard. Use the following procedures to export and import the .pfx certificate.

To obtain a self-signed certificate using Makecert

  1. Obtain the Makecert tool as described in MakeCert. Note that when installing the Windows SDK, you can install makecert.exe only by selecting the optionTools under.Net Development and leave everything else unchecked.

  2. Open Command Prompt (cmd.exe) with Administrator privileges and run the following command, replacing CertificateNamewith the name of your certificate and specifying the actual expiration date of your certificate after -e: makecert.exe -r -pe -n CN=CertificateName -ss my -sr localmachine -eku 1.3.6.1.5.5.7.3.2 -len 2048 -e 01/01/2016 CertificateName.cer

Note that if you run makecert.exe on the DPM server you register with the Backup vault, you can browse for the certificate using the Register Server Wizard (which runs as part of the agent installation), and the Windows Azure Backup agent is installed on the DPM server. If you want to register a server that was not used to run makecert.exe, you must export the .pfx file (containing the private key) from that server, copy it to the server you want to register, and import it to the Personal certificate store on that computer. Then after the import you can browse for the certificate using the Register Server Wizard. Use the following procedures to export and import the .pfx certificate.

To import the certificate (.PFX) to a different server

  1. Copy the certificate .pfx file to a location on the local server.

  2. In the Certificates MMC snap-in select Computer account and click Next.

  3. Select Local Computer and click Finish. You are returned to the Add/Remove Snap-in dialog box. Click OK.

  4. In the MMC, expand Certificates, right-click Personal, point to All Tasks, and then click Import to start the Certificate Import Wizard.

  5. On the Certificate Import Wizard Welcome page, click Next.

  6. On the File to Import page, click Browse and locate the folder that contains the .pfx certificate file that contains the certificate that you want to import. Select the appropriate file, and then click Open.

  7. On the Password page, in Password, type the password for the private-key file that you specified in the previous procedure and then click Next.

  8. On the Certificate Store page, select Place all certificates in the following store, click Browse, select the Personal store, click OK, and then click Next.

  9. On the Completing the Certificate Import Wizard page, click Finish.

To export a certificate (.pfx) using the Certificates snap-in

  1. From the Start screen type mmc.exe to start the Microsoft Management Console (MMC).

  2. On the File menu, click Add/Remove Snap-in. The Add or Remove Snap-ins dialog box appears.

  3. In Available snap-ins, click Certificates, and then click Add.

  4. Select Computer account, and then click Next.

  5. Select Local computer, and then click Finish.

  6. In the MMC, in the console tree, expand Certificates, and then expand Personal.

  7. In the details pane, click the certificate you want to manage.

  8. On the Action menu, point to All Tasks, and then click Export. The Certificate Export Wizard appears.

  9. Click Next.

  10. On the Export Private Key page, click Yes, export the private key. Click Next. Note that this is only required if you want to export the private key to other servers after the installation.

  11. On the Export File Format page, select Personal Information Exchange – PKCS #12 (.PFX). Click Next.

  12. On the Password page, type and confirm the password that is used to encrypt the private key. Click Next.

  13. Follow the pages of the wizard to export the certificate in PFX format.

Step 2 – Create a backup vault

To create a backup vault

  1. Sign in to the Management Portal.

    To use this feature and other new Windows Azure capabilities, sign up for the free preview.

  2. Click Recovery Services, then click Create New, point to Backup Vault, and then click Quick Create.

  3. In Name, enter a friendly name to identify the backup vault.

  4. In Region, select the geographic region for the backup vault.

  5. In Subscription, enter the Windows Azure subscription that you want to use the backup vault with.

  6. Click Create Backup vault.

    It can take a while for the backup vault to be created. To check the status, you can monitor the notifications at the bottom of the portal. After the backup vault has been created, a message will tell you that the vault has been successfully created and it will be listed in the resources for Recovery Services as Online.

Step 3 – Upload a certificate

To upload a certificate

  1. Click Recovery Services, then click the name of backup vault to which you want to upload a certificate. On the backup vault page, click the Quick Start icon to open the Quick Start page.

  2. On the Quick Start page, click Manage Certificate.

  3. In the Manage Certificate dialog click Browse Your Computer to locate the .cer file to use with this backup vault.

You can also upload and manage certificates from the Dashboard tab for the vault. To do this, click Recovery Services, and click the vault name. On the Dashboard tab, click Manage Certificate.

Step 4 – Download and install the Windows Azure Backup agent

Prerequisites

If you will be using Windows Azure Backup with your DPM server, install the Update Roll up 2 for System Center Data Protection Manager SP1 before installing the Windows Azure Backup Agent..

Installation

Install the Windows Azure Backup provider agent on each DPM server you want to back up. Agents are accessed on the Windows Azure Download Center, and have their own setup process. When setup runs the agent is installed, and the DPM server is registered with the vault. Do the following from each DPM server you want to back up:

To install the backup agent

  1. Open the Windows Azure Management portal, and log in.

  2. On the Quick Start Page, click Download Agent.

    You will be presented with a dialog where you can choose which agent to download. Select Agent for Windows Server 2012 and System Center 2012 SP1 - Data Protection Manager. The application is downloaded from the Microsoft Download Center. Note the following:

    • Administrative permissions on the DPM server are required to install the agent

    • If you are installing the agent on multiple DPM servers you can place the installer file on a shared network resource, or use Group Policy or management products such as System Center Configuration Manager to install the agent.

    • A restart is not required in order to complete installation of the agent.

  3. Run Setup to start the installation wizard.

  4. On the Supplement Notice for the Service page, click Accept the service agreement terms and conditions, and then click OK to continue the installation.

  5. The Prerequisites Check page is displayed and any missing prerequisite software is selected for installation. Click Next to approve the installation of the prerequisite software and continue the installation.

  6. The Installation Settings page is displayed. On this page, you choose the Installation Folder and Cache Location for Windows Azure Backup.

    By default the installation folder will be <system drive>:\Program Files\Windows Azure Backup Agent. If you click Browse you can navigate and choose a new location in which to create the Windows Azure Backup folder.

    By default the cache location folder will be <system drive>:\Program Files\Windows Azure Backup Agent. In the cache location, the installation process will create a folder named Scratch within the Windows Azure Backup Agent folder. The cache location must have at least 2.5 GB of free space. Only local system administrators and members of the Administrators group have access to the cache directory to prevent denial-of-service attacks.

    Click Install when you have identified the folders that you want the Windows Azure Backup Agent to use. Note that if you are reinstalling Windows Azure Backup Agent, using the same cache location as the previous installation is recommended.

  7. If you have not enabled automatic updates on your server, the Microsoft Update Opt-In page is displayed to give you the opportunity to enable Microsoft Update for Windows Server 2012. The Microsoft Update settings are for all Microsoft product updates, and they are not exclusive to the Windows Azure Backup Agent. Click Next to continue.

  8. The Installation  page is displayed. A progress indicator displays when the installation begins and shows the progress of the installation. When the installation is complete, you will receive a message that the Windows Azure Backup Agent was installed successfully. At this point, you can choose to check for updates. It is recommended that you allow the updates check to occur.

  9. Click Finish. If you selected to check for updates, Internet Explorer will automatically start and the updates check will be performed. After any updates have been installed, you are ready to start configuring Windows Azure Backup Agent.

After the agent installation is complete, you can register the DPM server with the vault.

-----
For additional resources, see Information and Support for System Center 2012.

Tip: Use this query to find online documentation in the TechNet Library for System Center 2012. For instructions and examples, see Search the System Center 2012 Documentation Library.
-----
Did you find this helpful?
(1500 characters remaining)
Thank you for your feedback
Show:
© 2014 Microsoft. All rights reserved.