Microsoft Azure Backup Server a.k.a. MABS is a cloud-first backup solution of Azure Backup designed to offer data protection across wide-ranging and diverse IT environments of enterprises to help maximize their backup efficiency. However, the principles used in a traditional environment to back up a virtual environment is quite different to the one employed in Azure Backup Server. As such, it is necessary to get firsthand information regarding the creation of backup for VMware Virtual Machines with Azure Backup Server. The post guides you through this process.
Configure Azure Backup Server for VMware server workloads
Azure Backup Server can protect and is sufficiently capable of backing up VMware vCenter Server versions.
The first step in the process is to establish a secure connection to the vCenter Server. For this, it is essential to have VMware Certificate Authority (CA) certificate installed on Azure Backup Server. Then, you can use a browser on the Azure Backup Server machine to connect to the vCenter Server via the vSphere Web Client.
But this connection will not be secure. To change this scenario, do the following,
In the browser on Azure Backup Server, enter the URL to the vSphere Web Client. Instantly, the vSphere Web Client login page should appear before you. At the bottom of the description provided on the right-hand side, you can find the link to download trusted root CA certificates.
Hit the link to force vCenter Server to downloads a file to your local computer. For user’s convenience, the file is named as ‘Download’.
After that, depending on the kind of browser you are running, you will receive a message prompting you to either open or save the file. It is advisable to save the file to a location on Azure Backup Server and when you do so, make sure to add the .zip file name extension. With the .zip extension, it becomes easier to extract all the tools.
When done, right-click download.zip, and select ‘Extract All’ option to extract the contents. Once the action is complete, all the contents will be added to a folder named certs. Two types of files will be visible under the certs folder. (Note: The root certificate file has an extension that begins with a numbered sequence like .0 and .1. The CRL file has an extension that begins with a sequence like .r0 or .r1. The CRL file is associated with a certificate.)
In the certs folder, right-click the root certificate file, and then click Rename. Change the root certificate’s extension to .crt. When you do so, the icon for the file will change to an icon that represents a root certificate.
Right-click the root certificate and from the pop-up menu, select Install Certificate. The Certificate Import Wizard dialog box will be displayed. When it is seen, select Local Machine as the destination for the certificate, and hit the Next button to continue.
Next, on the Certificate Store page, select ‘Place all certificates in the following store’ option, and then click Browse to choose the certificate store.
Choose ‘Trusted Root Certification Authorities’ as the destination folder for the certificates, and then click OK as seen in the picture below.
Before exiting the ‘Completing the Certificate Import Wizard page’, make sure that the certificate is in the desired folder. When verified and all appears fine, click Finish.
A dialog box should appear on your computer screen confirming the successful completion of certificate import. Sign in to the vCenter Server to confirm that your connection is secure.
The second step in the process involves, create a role and user account on the vCenter Server. So, create a role with specific privileges, and associate the user account with the role, after that.
Azure Backup Server uses a username and password for all backup operations. For adding a vCenter Server role and its privileges for a backup administrator, do the following,
Sign in to the vCenter Server, and under the vCenter Server Navigator panel navigates to Administration option and select it.
Under ‘Administration’ heading, select Roles, and from its panel choose the add role icon (the + symbol).
Upon confirming this, a ‘Create Role’ dialog box will pop up on your computer screen.
There, in the empty field provided against ‘Role name’ box, enter a text. It should be specific to the purpose.
Next, select the privileges and check the icon adjacent to the parent label to expand the parent and view.
When done, click ‘Ok’. The new role will become visible in the list on the Roles panel.
The above step marks the end of the second step. The third step is to create a vCenter Server user account and permissions. For this, access vCenter Server Navigator panel and find ‘Users and Groups’ section under it. Select it, to display ‘vCenter Users and Groups’ panel.
From it, choose the first tab ‘Users’, and then click the add users icon (the + symbol).
The action when confirmed will display ‘New User’ dialog box. Under it, add the user’s information and then click OK. The new user account will appear in the list.
Next, associate the user account with the role and proceed to complete the last step of the process which includes adding the vCenter Server to Azure Backup Server. To complete this, use Production Server Addition Wizard. It helps in adding the vCenter Server to Azure Backup Server.
Use the Azure Backup Server console to access Production Server Addition Wizard.
Under it, select the ‘Production server type’ as shown in the image and choose the ‘Add’ tab to add the VMware server to the list of Added VMware Servers.
Finally, move to the ‘Summary page’ and add a specified VMware server to Azure Backup Server. The new server gets added immediately. Click Next to move to the next page in the wizard. This marks the end step of the process with the Finish page showing you the results.
This was just the gist of the process. To read the complete step-by-step setup, you can refer to this Microsoft document.