Windows Azure Recovery Services. Part 2: Preparation

by Pavlo Revenkov

Greetings, readers! Last time, we looked at the costs of storing backups with the help of Windows Azure Recovery Services and compared them to the costs of using Windows Azure Storage Services.

Now, let's look at one specific process of configuring Windows Azure Recovery Services for storing backups.

Activating Windows Azure Recovery Services

At the time this article was written, the status of this service was still "Preview", so before we start working with it, we have to activate it for our Windows Azure subscription. To do this, go to the Windows Azure Management Portal and click New, then go to the Data Services > Recovery Services section and hover your mouse pointer over the Backup Vault option to see a message saying that we must activate this option before we use it. To do this, follow the preview program link.

In the list of services that are currently in the Preview state, the one we are interested in is Backup. To activate it, click the 'Try it now' button, and in the window that appears, select the subscription for which the new service should be activated.

Creating backup storage

Return to the Windows Azure Management Portal and go back to the section for creating a Backup vault: click the New button and go to Data Services > Recovery Services and select Backup Vault > Quick Create.

All we have to do at this stage is specify the datacenter that will provide the capacity for storing backups, and the name of the new storage.

Complete the storage creation process by clicking the 'Create vault' button.

Creating a certificate

After creating a new storage, select it from the list and go to the Dashboard tab. Let's have a closer look at it.

The first thing we should pay attention to is the warning that before we register our machine running a Windows Server whose backups will be saved in this storage, we must upload a certificate.

Let's create that certificate. The requirements are as follows: it must be of the X.509 v3 type, the key length must be 2048 bit, and on Windows Server machines, the certificate must be located in the Personal Certificate storage of the Local Computer.

To create a certificate, we will need the makecert utility included in Visual Studio or Windows SDK. It is located here: "C:\Program Files (x86)\Microsoft SDKs\Windows\v7.1A\Bin," where 7.1 is the version of the SDK installed on your computer. You can download the SDK here.

Go to the catalog that contains the makecert utility and run the following command:

makecert.exe -r -pe -n CN=CertificateName -ss my -sr localmachine -eku 1.3.6.1.5.5.7.3.2 -len 2048 -e 01/01/2016 CertificateName.cer

Here you should define the following properties: CN - the name of the certificate; -len - the length of the key; -e - the expiration date of the certificate. The last property is the name of the created certificate file.

Now we should upload this certificate to Windows Azure Management Portal. To do so, click 'Manage Certificate', and in the window that appears select the certificate file we created for upload.

Importing the certificate to machines running Windows Servers

Now we must load this certificate to all the Windows Server machines that will be using the current backup storage for storing backups. The makecert utility will load it automatically to the machine it was generated on, using the localmachine property. For other machines, you must create a corresponding pfx file that will contain the certificate's Private Key.

So, let's export the created certificate with the Private Key content (pfx). To export this certificate into the Local Computer\Personal certificate storage, we are going to need the Microsoft Management Console (mmc.exe) utility. Run it with Admin rights.

Select File -> Add/Remove Snap-in. In the window that appears, select the Certificates snap-in for managing certificates and click Add.

Next, select 'Computer account' and select the Local Computer certificate storage.

In the window that appears, go to the 'Personal\Certificates' section to see all certificates installed on this machine. Select the necessary one, right-click it and select All Tasks -> Export.

In the certificate export wizard, we must define that we want to export the private key with the certificate by selecting 'Yes, export the private key'.

When prompted, create a password for this certificate.

For the final step, define the catalog on the disk to export the certificate to. The export is complete.

Now, copy the generated .pfx file to the Windows Server machines that will be using this backup storage. Afterwards, go to Microsoft Management Console on all of those machines and add the Certificates snap-in as described above.

To import the.pfx file, select Action -> All Tasks -> Import.

Define the file containing the certificate and the private key in the certificate import wizard...

...as well as the password that we defined while exporting the certificate.

And finally, define the storage (Personal) the certificate will be imported into.

The certificate import is complete.

Next time, we will look at working with Windows Azure Backup Agent on machines running Windows Servers. Thank you for reading, and have a good one!