Azure Backup: the System State protection in the Cloud

The ability to protect the System State of Windows Server machines directly in Azure using the Azure Backup Agent was recently included. This feature was in preview for a few months and now it is available to be used in production environments. In this article I'll show you how you can protect with Azure Backup the System State of the machines, analyzing the characteristics and the benefits brought by this new feature.

The Azure Backup Agent allows you to save files, folders and thanks to the incorporation of the System State are covered by the protection of Windows Server machines the following components:

• Boot files, including system files, and all files protected by Windows File Protection (WFP).
• Active Directory and Sysvol (on domain controllers).
• The registry.
• IIS metabase (on Web Server IIS machines): includes IIS configurations and web sites hosted by the web server.
• Database cluster (on cluster nodes).
• Certificate Services (on the certification authority).
• Information about the Performance counters.
• Component Services Class registration database.

Thanks to the incorporation of the System State, Azure Backup becomes ideal for protection strategies of Active Directory, File Server and IIS Web Server.

This solution is supported starting with Windows Server 2008 R2 to Windows Server 2016.

To enable this type of protection is necessary to create within the subscription Azure a Recovery Service Vault, install the Azure Backup Agent on Windows Server machine and complete its registration by following the steps shown in the following diagram:

By accessing the Azure portal and selecting the Recovery Service Vault, within which you want to include the protection, in the Backup section appears the possibility of protecting the System State for workloads running On-Premises:

By selecting the button "Prepare Infrastructure" it lists the necessary steps to protect the System State of the machines:

From the panel above you need to download the Recovery Service Agent installation setup and the Vault credentials.

The installation of the agent (MARSAgentInstaller.exe) is very fast and consists of the following steps:

In the cache location it is advisable to have as free space at least 5% of protected data.

The Passphrase is used to encrypt and decrypt the backups, it is never sent to Azure, it is not recoverable in any way by Microsoft support personnel and it is essential to be able to perform restore operations, so you must keep it very carefully.

From Microsoft Azure Backup console, you can schedule a backup and for servers, in the selection of items to protect, there is the System State:

System State protection can also be automated with PowerShell. You also have the possibility to consult easily the backup jobs directly from the Azure portal, and you can configure notifications to be notified in case of failure of protection jobs.

The offsite backups is ensured with this solution without investing in infrastructure costs and saving time in operational activities. It is also good to keep in mind that the cost of this solution are really beneficial, in fact, typically the size of the System State for a single machine is significantly less than 50 GB then the System State protection pricing level falls within the lower cost band specified for the instances protected with Azure Backup. For more details on the cost of the solution you can consult the Azure Backup pricing page. No cost for any restore operations is also required.

Conclusions

The System State for Windows Server machines is a critical component that should be saved for a proper and effective strategy to protect its infrastructure. Azure Backup due to its defined approach cloud-first extend their potential enabling you to protect the System State of the machines easily, securely and with low costs. To try Azure Backup and other Azure services you can create a Azure free Account.