After deployment, you must consider the available options when choosing an enterprise backup and recovery solution.
Day Two Operations Guide—Dell Integrated System for Microsoft Azure Stack Hub
Backing up Azure Stack Hub
Backing up Azure Stack Hub
-
Backup objectives
The following list details the backup objectives for Azure Stack Hub:
- Disaster recovery protects against data loss and unplanned downtime. Implement a backup and recovery or disaster-recovery plan for user apps and their data. This plan might be unique for each app but follows a framework that your organization's comprehensive business continuity and disaster recovery strategy establishes. For more information, download Azure Stack: Considerations for business continuity and disaster recovery.
- Recovery-point objective (RPO) defines the point in time that is used to restore data. The frequency of backups determines the RPO. If a primary system fails, a lower RPO means less data loss. For mission-critical applications, RPOs must be measured in minutes, as opposed to hours or days.
- Recovery-time objective (RTO) defines how long it takes to recover an object such as a file, server, or data center. A lower RTO means less downtime. When you are moving data, the faster your disk drives and network speeds are, the faster your RTO is.
- Mean-Time-to-Recover (MTTR) is the average time that it takes to restore any app after a declared failure. If the MTTR exceeds the RTO, then that outage causes a business disruption that exceeds the pain threshold of that defined RTO.
- Service Level Agreement (SLA) is the amount of time your OEM has to replace defective or broken components during an outage.
Backing up Azure Stack Hub components
Different components of the Azure Stack Hub environment have different requirements for backup and recovery. Components to consider include:
- HLH, hosted VMs, network switches
- Infrastructure
- IaaS and PaaS
Backing up HLH, hosted VMs, and network switches
Back up the HLH, hosted VM (DellEMC-MGMTVM), and network switches. Because the HLH is reimaged if there is a catastrophic or component failure, you must manually export the hosted VMs so that they can be copied to a Dell Data Domain or Server Message Block (SMB) file share. This task can be scripted and scheduled with PowerShell. After backup, you must share these files on the same backup share where the infrastructure backup controller stores control-plane backup data. We recommend that you organize your backups with a descriptive naming convention such as: Rack1/Region1, Rack2/Region1, Rack1/Region2, and so on.
Backing up infrastructure
Azure Stack Hub has an integrated Infrastructure Backup Service that is fully automated and backs up the Azure Stack Hub configuration. It must be validated regularly.
Infrastructure backups only cover the Azure Stack Hub configuration and its meta data. You can also use infrastructure backups that this service creates for the redeployment of the Azure Stack Hub cloud to restore identity, security, and Azure Resource Manager data. The Infrastructure Backup Service does not include user data and apps.
For more information, see Recover data in Azure Stack Hub with the Infrastructure Backup Service.
Backing up IaaS and PaaS
Dell Data Protection for tenant VMs is used to back up IaaS and PaaS VMs and workloads, as shown in the following figure. Data Protection can also be used to store Microsoft infrastructure backups on the same Data Domain or SMB file share.
Figure 8. IaaS and PaaS backup summary
The following sections provide more details for each component.
Backing up HLH guest VMs
To protect the VMs running on the HLH, we recommend that you take a regular backup of the VMs using the Export-VM command function of Windows Server Hyper-V.
Note: The following procedure describes how to do the backup manually. However, backing up the VMs is in the Dell Patch and Update Automation Tool, which creates a scheduled task that runs these steps automatically.
Protect your Azure Stack Hub Infrastructure by protecting the VMs that are running on the HLH. You can do the backup in several ways, but we recommend that you use the tools that Microsoft provides.
To back up the VMs:
- To export the DellEMC-MGMTVM to the SMB file share, run the following command:
Get-VM | Export-VM -Path "\\<SMB_TARGET>\<SMB_PATH>"The copied files on the SMB file share are now ready to be backed up.
Note: As part of this step, consider creating a password-protected ZIP file to protect against unauthorized access to the data.
Scheduling a backup for network switches
To back up a network switch, use the scheduled backup workflow available in Dell Patch and Update Tool. For more information, refer to the Patch and Update Guide. Configuring an infrastructure backup
One of the first tasks as an Azure Stack Hub Operator is to log in to the Administrator portal and check for active alerts. Usually, you see a Backup is not enabled for a location alert, as shown in the following figure. This alert is associated with the Infrastructure Backup Service. If this alert appears, configure an infrastructure backup.Figure 9. Infrastructure backup alert
Enable the Infrastructure Backup Service from the Administration Portal so that Azure Stack Hub can generate infrastructure backups. If there is a catastrophic failure, the hardware partner can use cloud recovery to restore your environment from these backups. The cloud recovery ensures that operators and users can log in to the portal after recovery is complete. Users have their subscriptions restored, including:
- Role-based access permissions and roles
- Original plans and offers
- Previously defined compute, storage, and network quotas
- Key vault secrets
To enable the Infrastructure Backup Service from the Administration portal and configure and run and infrastructure backup:
- In the Azure Stack Hub Administration Portal, select All Services, and then under Administration, select Infrastructure backup.
- Click OK.
- In PowerShell, to create a self-signed certificate, use the following command, and provide the DNS name and location of the certificate:
$cert = New-SelfSignedCertficate
- To start the backup process, from the Infrastructure backup dashboard, click Backup Now.
- When the backup finishes, the Notifications window displays either a green or red status indicator to report the success or failure of the backup job.
- From the Infrastructure Backups dashboard, click Activity log to view the backup activities.
- Go to the SMB file share (\\<external file server>\Backups) to verify what is being backed up.
Using Microsoft Azure Backup Server
Microsoft Azure Backup Server (MABS) is another backup option for Dell Integrated System. You can use MABS to manage the backup and recovery of on-premises physical servers, VMs, apps, and production data.
MABS is based on Data Protection Manager (DPM), which is used with System Center. One advantage of using MABS is that it does not require additional licenses, while DPM does. You can run MABS from both an on-premises physical server or from an Azure Stack Hub VM.
MABS supports the following backup scenarios:
- Machine-level with system-state backup
- Machine-level with bare-metal backup
- Backup for specific network shares, folders, or files
- Crash-consistent backup (point-in-time, no application logic)
- Application-consistent backup (point-in-time, with application logic)
For more information about MABS, see What is the Azure Backup service?.
You can download MABS from Microsoft Azure Backup Server v3.
The supported best practices for hosting MABS include:
- MABS on-premises server must be a 64-bit operating system with MABS v3 on Windows Server 2019 (Standard, Essentials, or Datacenter). You can also deploy MABS on an Azure VM with a minimum of A2 Standard, two cores, and 3.5 GB RAM.
- MABS cannot be installed on domain controller or Application Server Roles.
- MABS cannot be installed with System Center, SQL Server, or Exchange Server.
- MABS cannot be installed on any clustered nodes.