July 17, 2013 at 12:51Windows Azure Recovery Services. Part 2: Preparation
- Tutorial
Good day to all! The last time we looked at the cost of storing data backups using the Windows Azure Recovery Services, and tried to compare it to the cost of using Windows Azure Storage Services.
Let's now take a look at the specific process of setting up Windows Azure Recovery Services to store backups.
Since at the time of writing, this service was in the “Preview” state, before you start working with it, it must be activated for your Windows Azure subscription. To do this in the Windows Azure Management Portal, click the “New” button, then go to the “Data Services”, “Recovery Services” section and, hovering the mouse over the “Backup Vault” item, we will see a message saying that before using this feature - it must be activated. To do this, click on the link “preview program”.
In the list of services that are currently in the “Preview” state, we are interested in the “Backup” item. In order to activate it, click the “Try it now” button and in the window that appears, select the subscription for which you want to activate a new service.
We will return to the Windows Azure Management Portal and again go to the “Backup vault” creation section: click the “New” button, then go to the “Data Services”, “Recovery Services” section and select the “Backup Vault”, “Quick Create” item.
All that we will be asked to indicate at this stage is the data center, in which the capacities for storing backups will be allocated, as well as the name of the new storage.
Finish creating the vault by clicking the “Create vault” button.
After creating a new vault, select it from the list and go to the Dashboard tab. Let's take a closer look at it.
The first thing you should pay attention to is the warning that before registering a Windows Server machine, the backups of which will be stored in this repository, we need to upload a certificate.
Let's create the certificate we need. The certificate has the following requirements: it must be of type X.509 v3, the key length must be 2048 bits, on Windows Server machines, the certificate must be stored in the personal (Personal) certificate store of the local computer (Local Computer).
To create such a certificate, we need the makecert utility included with Visual Studio or the Windows SDK. It is located at the following address: “C: \ Program Files (x86) \ Microsoft SDKs \ Windows \ v7.1A \ Bin”, where 7.1 is the version of the SDK installed on your computer. You can get the SDK from here .
So, go to the directory where the makecert utility is located and run the following command:
Here you need to set the CN parameters - the name of the certificate. -len - the length of the key generated by the certificate. -e - certificate expiration date. The last parameter sets the file name of the generated certificate.
You should now upload this certificate to the Windows Azure Management Portal. In order to do this, click the “Manage Certificate” button and in the window that appears specify the file of the generated certificate for upload.
Now you need to download this certificate to all Windows Server machines that will use this storage to store backups. On the machine that we used to generate the certificate, it will be imported automatically by the makecert utility, the localmachine parameter. For the rest of the machines, you must create the corresponding pfx file containing the Private Key of this certificate.
So, let's export the created certificate with the content of Private Key (pfx). In order to export this certificate to the “Local Computer \ Personal” certificate store, we need the Microsoft Management Console utilities (mmc.exe). Run it with administrator privileges.
Select the menu item “File”, “Add / Remove Snap-in ...”. In the window that appears, select the Certificates snap-in and click the “Add” button.
Next, select “Computer account” and select the certificate store of the local computer (Local Computer).
In the window that appears, we go to the “Personal \ Certificates” section and see all the certificates installed on this machine. We select the one we need and in the context menu select the item “All Tasks”, “Export ...”.
In the Certificate Export Wizard, we need to specify that we want to export Private Key with the certificate. To do this, check “Yes, export the private key”.
We pass to the step of setting the password for this certificate.
At the last step, specify in which directory on the disk to export this certificate. Export completed.
Now copy the resulting .pfx file to Windows Server machines that will work with this backup storage. Then we again go to the Microsoft Management Console on the other machines and add the certificate management snap-in, as described above.
To import a .pfx file, select the menu item “Action”, “All Tasks”, “Import ...”.
Specify the file containing the certificate and Private Key in the certificate import wizard.
And the password that we set when exporting this certificate.
The last step is to specify the storage into which we import this certificate (Personal).
Certificate import completed.
Next time we will consider working with the Windows Azure Backup Agent on machines running Windows Server. Thank you all for your attention and a good working day!
Let's now take a look at the specific process of setting up Windows Azure Recovery Services to store backups.
Activate Windows Azure Recovery Services
Since at the time of writing, this service was in the “Preview” state, before you start working with it, it must be activated for your Windows Azure subscription. To do this in the Windows Azure Management Portal, click the “New” button, then go to the “Data Services”, “Recovery Services” section and, hovering the mouse over the “Backup Vault” item, we will see a message saying that before using this feature - it must be activated. To do this, click on the link “preview program”.
In the list of services that are currently in the “Preview” state, we are interested in the “Backup” item. In order to activate it, click the “Try it now” button and in the window that appears, select the subscription for which you want to activate a new service.
Creating backup storage
We will return to the Windows Azure Management Portal and again go to the “Backup vault” creation section: click the “New” button, then go to the “Data Services”, “Recovery Services” section and select the “Backup Vault”, “Quick Create” item.
All that we will be asked to indicate at this stage is the data center, in which the capacities for storing backups will be allocated, as well as the name of the new storage.
Finish creating the vault by clicking the “Create vault” button.
Certificate Creation
After creating a new vault, select it from the list and go to the Dashboard tab. Let's take a closer look at it.
The first thing you should pay attention to is the warning that before registering a Windows Server machine, the backups of which will be stored in this repository, we need to upload a certificate.
Let's create the certificate we need. The certificate has the following requirements: it must be of type X.509 v3, the key length must be 2048 bits, on Windows Server machines, the certificate must be stored in the personal (Personal) certificate store of the local computer (Local Computer).
To create such a certificate, we need the makecert utility included with Visual Studio or the Windows SDK. It is located at the following address: “C: \ Program Files (x86) \ Microsoft SDKs \ Windows \ v7.1A \ Bin”, where 7.1 is the version of the SDK installed on your computer. You can get the SDK from here .
So, go to the directory where the makecert utility is located and run the following command:
makecert.exe -r -pe -n CN=CertificateName -ss my -sr localmachine -eku 1.3.6.1.5.5.7.3.2 -len 2048 -e 01/01/2016 CertificateName.cerHere you need to set the CN parameters - the name of the certificate. -len - the length of the key generated by the certificate. -e - certificate expiration date. The last parameter sets the file name of the generated certificate.
You should now upload this certificate to the Windows Azure Management Portal. In order to do this, click the “Manage Certificate” button and in the window that appears specify the file of the generated certificate for upload.
Import a certificate on a Windows Server machine
Now you need to download this certificate to all Windows Server machines that will use this storage to store backups. On the machine that we used to generate the certificate, it will be imported automatically by the makecert utility, the localmachine parameter. For the rest of the machines, you must create the corresponding pfx file containing the Private Key of this certificate.
So, let's export the created certificate with the content of Private Key (pfx). In order to export this certificate to the “Local Computer \ Personal” certificate store, we need the Microsoft Management Console utilities (mmc.exe). Run it with administrator privileges.
Select the menu item “File”, “Add / Remove Snap-in ...”. In the window that appears, select the Certificates snap-in and click the “Add” button.
Next, select “Computer account” and select the certificate store of the local computer (Local Computer).
In the window that appears, we go to the “Personal \ Certificates” section and see all the certificates installed on this machine. We select the one we need and in the context menu select the item “All Tasks”, “Export ...”.
In the Certificate Export Wizard, we need to specify that we want to export Private Key with the certificate. To do this, check “Yes, export the private key”.
We pass to the step of setting the password for this certificate.
At the last step, specify in which directory on the disk to export this certificate. Export completed.
Now copy the resulting .pfx file to Windows Server machines that will work with this backup storage. Then we again go to the Microsoft Management Console on the other machines and add the certificate management snap-in, as described above.
To import a .pfx file, select the menu item “Action”, “All Tasks”, “Import ...”.
Specify the file containing the certificate and Private Key in the certificate import wizard.
And the password that we set when exporting this certificate.
The last step is to specify the storage into which we import this certificate (Personal).
Certificate import completed.
Next time we will consider working with the Windows Azure Backup Agent on machines running Windows Server. Thank you all for your attention and a good working day!