How to Backup a Windows 11 PC with Azure Backup

Over the past few months, I have built a new PC, a home lab, and an Azure environment. Over the next few weeks, I will work to better integrate all three. One of the first steps in this process is setting up Azure Backup for my Windows 11 PC.

Prerequisites

  • An existing Azure subscription
  • A Windows PC

Step 1: Create a Recovery Services Vault in the Azure Portal

Login to your azure portal and search for the “Recovery Services Vault”. If you do not have a recovery services vault, you will create one here.

From there you are taken through a wizard to create the Recovery Services Vault. Here you will need to either choose an existing resource group or create a new one. I decided to create a new one because all my resource groups contain related items that can be deleted together. Additionally, you are asked to choose a unique name for the Recovery Services Vault. Once these two things are done, you can click “Review + Create”, and in a few moments, the Recovery Services Vault will be created.

Once your Recovery Services Vault has been created, you can click on the resource and see a menu on the left side. From that menu, you will click Backup. Then you have two choices to make: “Where is the workload running?” and “What do you want to backup?” In my setup, I chose “On-Premises” and “Files and Folders”. Note that it is currently not possible to back up the system state for Windows 11 machines.

Once you click the “Prepare Infrastructure” button, you’ll be brought to the above screen. At this point, is important that you both download the Azure Recovery Services Agent and MOST IMPORTANTLY, the vault credentials. In this example, I am saving the vault credentials to my desktop, but they can and should be saved to Azure Key Vault.

Step 2: Install the Azure Recovery Services Agent

You’ll first need to download the Azure recovery services agent from the previous screen.

The install screen for the Azure recovery services agent should look like the one above.

The Installation will need .Net Framework 4.5 and Windows Powershell. You will need to install these items to proceed with the installation.

As shown in the above screen, this is where you will use the saved vault credentials from the earlier step.

Next, you will be asked to enter a passphrase and a location to save it. You can use your own passphrase generator, but I found it easier to use the passphrase generator provided here. You may also save the passphrase on your local machine as I did here. Once done, click Finish to complete the installation.

Step 3: Configure Your Backup Settings

Now that the installation has finished, you will be able to schedule your first backup.

Open the Azure Backup client on your PC and click “Schedule Backup” on the right side of the screen.

From the screen, as shown above, you will choose which drives you will backup.

You also have the option to exclude some folders and files.

You can specify the times of the backup up to three times a day.

Here you can choose the retention schedule. Initially, I was given what I believed was too many restore points, I adjusted mine accordingly as you can see above.

This is one of the final screens. You are given the choice to send the data online or offline by sending the disks directly to Azure. I chose to send my data online. After this screen, you will click next a few more times and then you are ready to start your first backup at the scheduled time.

Once my download has started, I can verify it is working from the Azure Backup App.

I can also go to my Recovery Services Vault, click the Backup Dashboard, and verify that the job is running.

Conclusion

While there are other ways to backup a PC, this is one of the better ways to get started working with Azure backups and Site Recovery.

Data Protection: The Fancy New Name for Backups?

This is a article that I originally wrote for my job. I am reposting it here with a few changes.

When I Image result for data protectionfirst saw the words Data Protection, I thought, “ugh, here is another new way to do backups that I have to keep up with.” The more I read about it, the more I understood that data protection and backups are like squares and rectangles. All data protection includes backups, but not all backups are data protection.

The Problem with Backups

Ransomware, data corruption, and data loss all strike fear into the hearts of the modern IT professional. All three of these things have come to be known colloquially as RGEs or Resume Generating Events and have kept many an IT professional from sleeping well at night. As the modern datacenter has evolved from rows of tower servers running bare metal workloads to racks full of blades running hyperconverged platforms, how an administrator backs up and recovers data has struggled to keep up. The traditional solution has always been to use the 3-2-1 rule of backups coined by Peter Krogh. The rule states:

  • Keep three copies of your data
  • Use two different types of storage medium
  • Keep one copy of the data offsite

These were great rules in the past, but with the added complexity and amounts of data to be protected in the modern datacenter, these rules do not effectively mitigate RGEs.

What is Data Protection?

Traditional backup and restore consists of grouping workloads together in a backup schedule, backing them up, occasionally checking backup integrity, and restoring when necessary. This was fine when the datacenter was nothing more than a server room and the business could afford downtime, but in the modern datacenter this is woefully insufficient. The pain points of this strategy are all challenges that modern data protection have sought to mitigate using the following five strategies:

Centralized management – this allows the administrator to manage data protection across on-premises and public clouds.

Cross Cloud and Hypervisor Support – giving the administrator the ability to archive and/or setup disaster recovery in the public cloud or across hypervisors.

Data Lifecycle Management – automates moving backups and snapshots between hot, cold, and archival tiers.

Application Aware – uses VSS or CBT to capture database tables and logs.

Mitigates Malware and Other Threats – immutable data to resist ransomware and use of artificial intelligence to detect anomalies.

Avoiding Resume Generating Events

The solution seems simple: use a modern data protection solution. The reality is that many organizations have different reporting requirements, software and hardware stacks, budgetary constraints and level of operational intelligence to consider when making a purchasing decision. Considering these challenges, there are two main architectures to consider when looking at a modern data protection solution:

Hardware Appliance

These solutions are characteristically the easiest to install and maintain, and typically at a higher cost. The advantage is an integrated hardware and software stack, and the ability to almost instantly live mount restores. Examples of solutions in this category are Rubrik, Cohesity, and Commvault.

Software Solution

Traditionally these solutions are lower in cost and will have all the features of modern data protection, but the administrator will typically lose the ease of use and elegance of the hardware appliance. The leader in this category is Veeam, with HYCU and Nakivo being great alternatives.

The modern datacenter continues to present numerous challenges to organizations, and data protection is no different. As always, any organization should look to its trusted advisor (VAR or MSP) to guide them in making an informed decision.