On-Premise Veeam Backup to Azure
The task is typical for many modern companies: there are legacy applications that cannot be re-engineered into the cloud and for which local servers are used in data centers. Additionally, backups of these servers and applications are not always created, posing a risk of their failure. The idea emerged to back up these servers in Azure Cloud and restore them in the cloud in case of failure. If successful, we can continue to operate on-premises applications, and in case of a disaster, restore them in Azure Cloud. The task is quite interesting and has several pitfalls that are poorly described in the documentation. Certainly, complex applications will still require re-engineering because there is network connectivity, and the applications themselves may have been deployed in specific networks and with specific licenses, and more. But in any case, preserving applications in the Cloud and having the ability to restore them is a good step towards solving the problem. Veeam and Microsoft Azure were chosen to address the task due to partnership considerations and existing licenses.
Source data:
- On-Premise Legacy Applications on Bare Metal and On-Premise Hypervisors;
- Target servers deployed On-Premise and in Azure Cloud;
- Veeam BR 12;
- Deployed VMware vCenter;
- Azure Subscription with Azure Blob Storage Account;
Main Goal:
Obtain Backup of Legacy Applications in the cloud, with the ability to restore these applications in Azure Cloud.
Additional tasks:
Ability to perform regular testing of backups in an isolated environment.
Solution:
Deployment of Veeam DR infrastructure:
Create an Account on the Veeam website;
Download the Veeam DR distribution;
Format the disk with ReFS 64 KB on the server for Local Repository;
Create a Local Repository (do not use Default Local Repository);
Create an Azure Account and Compute Account on the server;
Create Azure Blob Repository and Azure Archive Repository;
Create SOBR Repository.
Backup can be performed in two ways:
- If the application is installed on a VM, backup can be done through the Hypervisor (VMware ESXi, Hyper-V);
- If the application is installed on a Bare Metal server or if we do not have root access to the Hypervisor, backup can be done through the installed Veeam agent. This is the most risky and labor-intensive backup method.
Performing Backup via Veeam Agent
Requirements:
Veeam Linux Agent must be installed on the Target VM. And the requirements for installing this agent must be met.;
Microsoft Azure Linux Agent must be installed on the Target VM. And the requirements for installing this agent must be met.;
After installing the agents, you can connect to VBR and perform Backup:
- Do not read articles on the Veeam website.
- On the VBR side, create a Protection Group for pre-installed Veeam Agents, after which Veeam will generate configuration files (XML and TLS certificate) that can then be used to configure agent connection to the VBR protection group.;
- # mkdir /var/tmp/veeam && cd $_
- Copy files (.xml and two distribution files) to the target Ubuntu to /var/tmp/veeam On Target Ubuntu:
- On Target Ubuntu:
- # sudo dpkg -i ./distr1804/veeamsnap_6.0.3.1221_all.deb
- # touch ~/.rnd (to avoid the error (Can’t load /home/adminuser/.rnd into RNG)
- # sudo apt-get -f install
- If Secure Boot is enabled on Ubuntu, remember the path where the following will be saved:
writing new private key to ‘/var/lib/shim-signed/mok/MOK.priv’;
veeamsnap.ko: Installing to /lib/modules/5.15.0–1045-azure/updates/dkms/). - If you received an error related to OpenSSL:
# sudo touch /var/lib/shim-signed/mok/.rnd
# sudo chown root:root /var/lib/shim-signed/mok/.rnd
# sudo chmod 600 /var/lib/shim-signed/mok/.rnd
# sudo apt-get -f install
Then import them and reboot: - # sudo dpkg -i distr1804/veeam_6.0.3.1221_amd64.deb
- # veeamconfig mode setVBRsettings — cfg <protection_group_name>.xml
- Then perform synchronization:
# veeamconfig mode syncnow
