4 min. Read

Last month, Microsoft announced the Azure Stack 1807 update. This update includes huge improvements, new features and fixes. You can check the new features of the Azure Stack 1807 update here.

One of the new features is automatic infrastructure backup. This is one of the great features that was introduced in 1807, because in the previous update, backing up your infrastructure was a manual task (backing up if necessary).

In this instant message, I’ll show you how to take advantage of the new Azure Stack PowerShell module to back up your infrastructure to enable automatic backups.

In the Azure Stack 1807 update, Microsoft added two new fields for infrastructure backup, the first is called Backups frequency, and this indicates how often backups should occur per day, this is measured in hours (valid range: 4-12), and the second field is Preservation during, this determines the number of days that the backup should be retained in the backup section (valid range: 2-14), all items older than the retention period are automatically cleaned through the infrastructure backup service.

Before you start enabling automatic backup, make sure you upgrade to Azure Stack Administrator PowerShell cmdlets version 1.4, this is a requirement now that you are in the 1807 update. To install Azure Stack PowerShell module version 1.4.0, run the following PowerShell command.

Install-Module -Name AzureStack -RequiredVersion 1.4.0

I recently worked on a PowerShell tool to help me automate and deploy Azure Stack Infrastructure Backup. So instead of going to the Azure Stack Admin portal every time and configuring a backup, I developed that tool to automate the whole process. The script connects to the Azure Stack administrator endpoint, verifies that the backup share is available, creates a backup encryption key, and then configures the backup. Finally, it stores the encryption key in the Azure Key Vault for added security. Configuring a backup of your Azure Stack infrastructure is very important, but your encryption key should be stored in a safe place. Otherwise, Azure Stack recovery is kind of impossible later.

To run the script in two different situations, follow these steps:

EXAMPLE 1-

.Enable-AzureStackBackup.ps1 -SharePath [ServerIPShare] -ShareCred [[email protected]] -AzureCred [[email protected]] -BackupKeyVault [Azure-Vault-Name] -Verbose

This example takes the backup of the Azure stack to the specified distribution path with a default backup frequency of 12 hours and storage for 7 days, and finally enables automatic backup. As part of enabling Azure Stack backup, the encryption key is stored in Azure Key Vault for added protection.

EXAMPLE -2-

.Enable-AzureStackBackup.ps1 -SharePath [ServerIPShare] -ShareCred [[email protected]] -AzureCred [[email protected]] -BackupKeyVault [Azure-Vault-Name] -Frequency [4-12] -Retention [2-14] -Verbose

This example deploys an Azure stack backup to a specified distribution path, including the backup frequency and retention dates that you specify, and finally enables automatic backups. As part of enabling Azure Stack backup, the encryption key is stored in Azure Key Vault for added protection.

Here is a screenshot showing how to use this tool.

Set up automatic Azure Stack infrastructure backup with PowerShell #AzureStack #AzureStackDevKit #ASDK 2

The entire script is detailed below to automate the entire process:

<#
.SYNOPSIS
Enable Azure Stack Backup.

.DESCRIPTION
Configure Azure Stack Infrastructure Backup with PowerShell.

.NOTES
File Name : Enable-AzureStackBackup.ps1
Author    : Charbel Nemnom
Version   : 1.3
Date      : 17-August-2018
Update    : 10-September-2018
Requires  : PowerShell Version 5.1 or above
Module    : Azure Stack Version 1.4.0 

.LINK
To provide feedback or for further assistance please visit:
Cover Page
.EXAMPLE .Enable-AzureStackBackup.ps1 -SharePath [ServerIPShare] -ShareCred [[email protected]] -AzureCred [[email protected]] -BackupKeyVault [Azure-Vault-Name] -Verbose This example will enable Azure Stack Backup to the specified Share Path with the default backup frequency 12 hours and retention 7 days, and finally enable Automatic Backups. As part of enabling Azure Stack backup, the Encryption Key will be saved in an Azure Key Vault for additional security. .EXAMPLE .Enable-AzureStackBackup.ps1 -SharePath [ServerIPShare] -ShareCred [[email protected]] -AzureCred [[email protected]] -BackupKeyVault [Azure-Vault-Name] -Frequency [4-12] -Retention [2-14] -Verbose This example will enable Azure Stack Backup to the specified Share Path including backup frequency and retention days that you specify, and finally enable Automatic Backups. As part of enabling Azure Stack backup, the Encryption Key will be saved in an Azure Key Vault for additional security. #> [CmdletBinding()] Param ( [Parameter(Position=0, Mandatory=$true, HelpMessage = 'Please Provide an UNC path to a file Share')] [Alias('Path')] [String]$SharePath, [Parameter(Position=1, Mandatory=$true, HelpMessage='Specify Backup Share Credentials')] [Alias('BackupCred')] [PSCredential]$ShareCred = (Get-Credential), [Parameter(Position=2, Mandatory=$True, HelpMessage='Specify Azure Cloud Credentials')] [Alias('Cred')] [PSCredential]$AzureCred, [Parameter(Position=3, Mandatory=$true, HelpMessage='Specify Azure Key Vault DNS Name')] [Alias('KeyVault')] [String]$BackupKeyVault, [Parameter(HelpMessage='Specify Backup Frequency in Hours, valid range: 4-12 hours, default 12')] [Alias('Hours')] [ValidateRange(4,12)] [Int]$Frequency = 12, [Parameter(HelpMessage='Specify Backup Retention Period in Days, valid range: 2-14 days, default 7')] [Alias('Days')] [ValidateRange(2,14)] [Int]$Retention = 7 ) #! Check Azure Stack Connection Try { Write-Verbose "Connecting to Azure Stack..." Add-AzureRmEnvironment –Name ‘AzureStackAdmin’ -ArmEndpoint ‘https://adminmanagement.local.azurestack.external’ | Out-Null Login-AzureRmAccount –EnvironmentName ‘AzureStackAdmin’ -Credential $AzureCred -ErrorAction Stop | Out-Null } Catch { Write-Warning "Cannot connect to Azure Stack environment. Please check your credentials. Exiting!" Break } if(!(Test-Path -Path $SharePath)){ Write-Verbose "Share path is not reachable, Please Provide a correct UNC to a file Share." Break } Write-Verbose "Generating Azure Stack Backup Encryption Key" $Encryptionkey = New-AzsEncryptionKeyBase64 $Key = ConvertTo-SecureString -String ($Encryptionkey) -AsPlainText -Force Try { Write-Verbose "Enable Azure Stack Backup..." Set-AzsBackupShare -BackupShare $sharepath -Username $ShareCred.UserName -Password $ShareCred.Password ` -BackupFrequencyInHours $Frequency -BackupRetentionPeriodInDays $Retention -EncryptionKey $Key -IsBackupSchedulerEnabled $true } Catch { Write-Warning "$_ Exiting!" Break } #! Check Azure Cloud Connection Try { Write-Verbose "Connecting to Azure Cloud..." Login-AzureRmAccount -Environment AzureCloud -Credential $AzureCred -ErrorAction Stop | Out-Null } Catch { Write-Warning "Cannot connect to Azure environment. Please check your credentials. Exiting!" Break } #! Upload Azure Stack Backup Encryption Key to Azure Key Vault Try { Write-Verbose "Adding Azure Stack Backup Encryption Key to Azure Key Vault" Set-AzureKeyVaultSecret -VaultName $BackupKeyVault -Name 'AzureStack-Backup-EncryptionKey' -SecretValue $Key -ErrorAction Stop | Out-Null } Catch { Write-Warning "$_ Exiting!" Break }

Azure Stack Infrastructure Backup is designed to internalize the complexity of backing up and restoring infrastructure services data by ensuring that Azure Stack operators can focus on managing the solution and maintaining the SLA for end users. This tool makes it even faster to set up a backup and save an encryption key to Azure Key Vault.

Saving backup data to an external share is required to avoid storing backups on the same system. External sharing gives you the flexibility to determine where data is stored, based on your company’s current BC / DR policy. And the most important thing is to keep the encryption key in a safe place. Otherwise, Azure Stack recovery is kind of impossible later.

I will improve this tool in the future. This is still version 1.3. If you have any feedback or changes that everyone should get, leave a comment below.

Until then … Stay protected with Azure Stack Infrastructure backup.

__
Thanks for locking my blog.

If you have any questions or feedback, please leave a comment.

-Charbel Nemnom-

LEAVE A REPLY

Please enter your comment!
Please enter your name here