We have already taken a look at provisioning Microsoft Azure Backup Server as well as connecting MABS to VMware vCenter Server to begin protecting our VMware virtual machines. However, we have another step we need to accomplish before we can begin protecting our VMware virtual machines – creating a protection group. By creating the protection group, we tell Microsoft Azure Backup Server which resources we want to have protected and in which ways we would like to protect them. Let’s take a closer look at the topic – Create VMware Data Protection Group Microsoft Azure Backup Server – looking at data protection groups and how we actually go about setting this up to backup VMware virtual machines with Microsoft Azure Backup Server.
What are Microsoft Azure Backup Server Data Protection Groups?
To begin with, let’s talk about what a Data Protection Group is, in the context of Microsoft Azure Backup Server. The Protection Group methodology comes from the System Center Data Protection Manager (DPM) ecosystem which Microsoft Azure Backup Server borrows from. By Microsoft’s definition, “protection groups are a collection of data sources that share the same protection configuration. Protection works by:
- DPM creating a replica of the selected data sources on the DPM server
- DPM synchronizes the replica with the data sources and creates recovery points on a recurring schedule
- Backups are performed as:
- DPM storing the replica copy of the data on disks and periodic full backups are created on disk
- DPM periodically synchronizes the backup data to the Azure Backup cloud
For the VMware Data Protection Group, this will be the resource in vCenter that we want to protect. The cool thing about Microsoft Azure Backup Server is that it allows us to pick either single VMs, multiple VMs, or VM folders that can easily allow grouping VMs based on the folder structure that you may already have configured in vCenter.
Proper planning needs to go into the Protection group. A few things that Microsoft recommends regarding Protection Groups:
- Decide how you want to group resources
- Where will the data be stored?
- How much storage is required?
- How is data to be recovered from the protection group
Now that we have a general understanding of what a Protection Group is, let’s see how we can create a protection group that will protect our VMware vSphere resources.
Create VMware Data Protection Group Microsoft Azure Backup Server
After launching the Microsoft Azure Backup Server console, in the lower left-hand corner, click the Protection menu.
Once in the Protection view, click the New icon to create a new data protection group.
The New Protection Group Wizard launches.
Choose the Data Protection Group type. For protecting VMware vCenter, we choose the Servers option.
The Select Group Members screen allows selecting objects in vCenter Server from the Datacenter object, folders, and even individual virtual machines. So, you can get very granular in the data protection group.
When we get to the Select Data Protection Method screen, here we name the data protection group and select both on-premise (disk) backups as well as Online protection options if we want, which copies data to Microsoft Azure.
Short-term goals screen allows defining the on-premise retention policy with regards to restore points. You can also click the Modify button to configure the Express Full Backup options.
When you click to modify the express full backup options, you can select the schedule that you prefer for the express full backup process. This is a resource intensive process that you will most likely want to schedule during off peak hours.
An important consideration for the data protection group, is the backup storage. Below, you see we have the target storage selected in the drop down box.
How do you want to seed the data into storage? We can select either over the network or via removable media that serves as a seed drive.
The consistency check options screen allows defining what triggers a consistency check. Default is to Run a consistency check if a replica becomes inconsistent. You can also schedule these to run during scheduled intervals.
One of the important screens to pay attention to – the Specify Online Backup Schedule. With Microsoft Azure Backup Server, we can select (2) different backup copy schedules to copy data to Azure. These can be specified as every Day, Week, Month, or Year. The first dropdown box is the first slot and the second is the next slot.
The online retention policy defines the various online retention policy restore points we want to hold in the Azure backup cloud. Below are the default settings that are configured during setup.
Especially important is considering how to copy backups to the Azure cloud. Most may want to do this over the network. However, these can also be seeded with an offline backup.
Finally, we see a summary of the chosen configuration options to review. Click the Create Group button to create the data protection group.
We should see the status is successful for the tasks to create the data protection group.
After the backups have synchronized, the Protection Status will show as a “green checkmark” and an OK status in the main protection screen view.
I found the Data Protection Group creation process to be very intuitive and easy to accomplish both from an on-premise backup and Azure backup perspective alike. There are plenty of options to tweak during the creation process for the backups to disk and to the cloud. Keep in mind you only get two configurable options for Azure copies so it isn’t an “all the time” sync to the Azure cloud which some may want/need. However, it certainly helps to cover the bases when thinking about an offsite backup copy provision that allows helping to satisfy the 3-2-1 backup rule.