Today, I am going to show you how to configure Veeam Backup for Microsoft Azure 1.0 with auto create service account.
1.Open web browser, type the Veeam Backup for Microsoft Azure URL, the URL consists of a public IPv4 address or DNS hostname of the Microsoft Azure VM where Veeam Backup for Microsoft Azure is installed, if you still not installed it, you can reference my previously post.
https://carysun.com/how-to-install-veeam-backup-for-microsoft-azure-1-0/
2.On the Veeam Backup for Microsoft Azure sign in page, type username and password, click Login.
3.On the License Agreement page, select I accept the terms of the Veeam License Agreement and I accept the terms of the 3rd party components license agreement, click Accept.
4.On the Welcome page, select Accounts.
5.On the Azure Account page, click Add.
6.On the Account Info page, type the service account name in Name field, in my case is VBA service account, click Next.
Veeam Backup for Microsoft Azure uses a Microsoft Azure service account to get access to Microsoft Azure resources such as subscriptions, resource groups, storage accounts, and so on configured in your Azure environment.
- You can add only one Microsoft Azure service account to the Veeam Backup for Microsoft Azure backup infrastructure.
- Due to technical limitations, a service account grants access to subscriptions from the default tenant only (that is, a tenant where the controller server is deployed). Subscriptions that are owned by other tenants will not be available. To use such subscriptions, you can use Azure LightHouse.
7.On the Service Account Type page, select Create service account automatically, click Next.
If you would like to use Specify existing service account, please verify the required permissions as below link.
https://helpcenter.veeam.com/docs/vbazure/guide/required_permissions.html?ver=10
8.On the Logon to Microsoft Azure page, click Copy code to clipboard.
9.On the Logon to Microsoft Azure page, click https://microsoft.com/devicelogin
10.On the Microsoft Enter code page, paste the code, click Next.
11.On the Pick an account page, select the Azure user account, the user account that you use to log in to the Azure portal has either the User Access Administrator or Owner role.
12.On the Enter password page, type the Azure user password, click Sign in.
13.Verify you have signed in to the Microsoft Azure Cross-platform Command Line Interface application, close the window.
14.On the Logon to Microsoft Azure page, verify you are authenticated to Microsoft Azure as the Azure user, click Next.
15.On the Service Provider page, if you are a service provider, you can add your Azure AD application to the selected Microsoft Azure Active Directory group. You may want to add an AD application to a group, in my case, I am not a service provider, keep the settings as default, click Next.
16.On the Summary page, verify the settings, click Finish.
17.On the Veeam Backup for Microsoft Azure page, select Repositories.
18.I created a storage account and container when I installed Veeam Backup for Microsoft Azure, if you didn’t create it, you can follow my previously post to create it. https://carysun.com/how-to-install-veeam-backup-for-microsoft-azure-1-0/
19.On the Repositories page, click Add.
20.On the Repository Name page, type the repository name in Name field, in my case is Veeam Backup Azure Blob, click Next.
21.On the Cloud Account page, select the VBA service account as Azure account, click Next.
22.On the Storage Account page, select the storage account which I created for Veeam Backup for Microsoft Azure, click Next.
23.On the Container page, select the container which I created for Veeam Backup for Microsoft Azure, click Next.
24.On the Folder page, select Create new folder, type the folder name in the field, in my case is VBA, click Next.
25.On the Settings page, select Enable encryption, type the password in Password field and Repeat password field, click Next.
26.On the Summary page, verify settings, click Next.
27.On the Confirmation page, click Go to Sessions.
28.On the Session Log page, click Create Repository, verify the session status are success, click Close.
29.On the Veeam Backup for Microsoft Azure page, click Configuration.
30.On the Configuration page, select Workers. Workers are auxiliary Linux-based machines deployed by Veeam Backup for Microsoft Azure for the scaling purposes and transfer fee reduction.
- Each worker can process data of only one VM at a time. That said, if your backup policy contains 10 VMs, Veeam Backup for Microsoft Azure can deploy up to 10 additional workers; each worker will be responsible for processing data of a single VM.When using a default worker configuration which, by default, can have only up to 5 workers that can run concurrently, processing of only 5 VMs at a time is possible; other VMs (if any) will be queued.
-
Each worker has idle time (10 minutes) and after this time expires, Veeam Backup for Microsoft Azure automatically removes such a worker from the resource group.
31.On the Workers Configuration page, click Add.
32.On the VM Configuration page, configure settings for the Region and size, Number of workers instance, click Next.
Region and size
- Region: Select the Region which to deploy new workers, in my case is West US 2. Veeam Backup for Microsoft Azure can deploy workers to the region of the target Azure storage account only
- VM Size: By default, Veeam Backup for Microsoft Azure selects the optimal VM size for workers.
Number of workers instances
- Min: Specify the number of workers that Veeam Backup for Microsoft Azure must deploy in advance so backup and restore operations to/from backup repositories can be executed immediately, without waiting for a worker to be created, I will use the default value.
- MAX: Specify the maximum allowed number of workers that Veeam Backup for Microsoft Azure can deploy and use concurrently during backup/restore to/from backup repositories. I will use the default value.
33.On the Network Settings page, configure settings as below, click Next.
- Virtual Network: Select a network to which to deploy new workers. You can also create a new network, the virtual network must have peering relationships with the network in which Veeam Backup for Microsoft Azure is deployed. It is also recommended to configure a service endpoint (routing) to the Azure storage service. In my case is GDMCAVnet2.
- Subnet: Select a subnet of the select network. In my case is FrontEnd.
- Network Security Group: select a network security group. In my case is LABVBAURE01-NSG
If you don’t know how to create new Virtual Network at Azure, please follow my previously post to create it. https://carysun.com/configuring-cisco-meraki-to-azure-site-to-site-vpn-tunnels-ikev2-azure-cisco-meraki/
34.On the Summary page, verify settings, click Finish.
35.On the Workers Configuration page, verify status of the new Worker.
If it happened error, click the error and verify the status, click Check again after fix issues.
In my case, it happened the service Endpoint error because I didn’t add any Endpoint services when create the Virtual Network subnet at Azure, it fixed after I add Microsoft.Storage as service endpoint.
36.On the Workers page, click Exist Configuration.
37.On the Veeam Backup for Microsoft Azure page, select Policies.
38.On the Policies page, click Add.
39.On the Policy Name, type Backup VMs in the Name field, click Next.
40.On the Directory page, select Azure Active Directory that contains resources that you can back up, click Next.
41.On the Regions page, click Add.
42.On the Regions page, select the Region(s), click Add.
43.On the Regions page, click Next.
44.On the Specify Resources page, select Protect the following resources, click Add, select Virtual Machines.
45.On the Virtual Machines page, select the virtual machine (s), click Add.
46.On the Specify Resources page, click Next.
47.On the Exclude Resources page, click Next.
48.On the Snapshot Settings page, select Create snapshots, select your number of restore point and schedule, click Next. If you only want the policy to create image-level backups, leave this check box cleared and proceed to the next step of the wizard.
49.On the Backup Settings page, Select Enable Backups, click Select at Backup Repository.
50.On the Choose Repository page, select the repository, click Apply.
51.On the Backup Settings page, configure Retention duration and schedule, click Next.
- Retention duration: Specify the number of days to store restore points in a backup chain. If a restore point is older than the specified limit, Veeam Backup for Microsoft Azure removes it from the backup chain.
- Schedule: Configure a schedule to create backups automatically at the specified time.
52.On the Cost Estimation page, verify the cost estimation per month, click Next.
53.On the Policy Settings page, configure Schedule and Notifications settings, click Next.
Schedule
- Select Automatic retry.
- Retry failed job: Specify the maximum number of retry attempts.
54.On the Summary page, verify settings, click Finish.
55.On the Policy page, verify the new Backup VMs policy created, it will run backup schedule as your settings.
56.On the Session Log page, you can check the Policy Backup session status and log when it’s running.
57.On the Protected Data page, verify the restore points after backup completed.
Hope you enjoy this post.
Cary Sun
Twitter: @SifuSun
Web Site: carysun.com
Blog Site: checkyourlogs.net
Blog Site: gooddealmart.com
Author: Cary Sun
Cary Sun has a wealth of knowledge and expertise in data center and deployment solutions. As a Principal Consultant, he likely works closely with clients to help them design, implement, and manage their data center infrastructure and deployment strategies.
With his background in data center solutions, Cary Sun may have experience in server and storage virtualization, network design and optimization, backup and disaster recovery planning, and security and compliance management. He holds CISCO CERTIFIED INTERNETWORK EXPERT (CCIE No.4531) from 1999. Cary is also a Microsoft Most Valuable Professional (MVP), Microsoft Azure MVP, Veeam Vanguard and Cisco Champion. He is a published author with several titles, including blogs on Checkyourlogs.net, and the author of many books.
Cary is a very active blogger at checkyourlogs.net and is permanently available online for questions from the community. His passion for technology is contagious, improving everyone around him at what they do.
Blog site: https://www.checkyourlogs.net
Web site: https://carysun.com
Blog site: https://gooddealmart.com
Twitter: @SifuSun
in: https://www.linkedin.com/in/sifusun/
Amazon Author: https://Amazon.com/author/carysun