One of the things that you need to remember to have when moving to the public cloud is to do backup of your stateful virtual machines since this is not something that is included as part of the basic service that cloud platforms provide (Azure, Google and Amazon) for instance.
NB: Azure has an Backup service part of Recovery vault which enables backup of VM in Azure, but does not deliver the in-depth recovery options that Veeam delivers.
One of the cool things that Veeam provides is the Veeam Agent for Windows which now supports backup directly to Cloud Connect at a Service Provider for instance, and has quite good ways of doing silent installs with automatic configuration of the agent itself. Which makes it easy for us to do automatic deployment of VMs with backup configured.
Veeam Agent for Windows comes in different editions –> https://www.veeam.com/veeam_agent_windows_2_0_editions_comparison_ds.pdf
where Cloud Connect is supported on Workstation and Server editions.
Now when setting up new virtual machines in Azure you should automate the deployment in some way, either that you are using some form of script which does unattended deployment of the agent and the backup configuration jobs. Or that you have a sysprepped Azure Image which already contains the Veeam Agent which makes it easier for mass deployment.
Doing Unattended deployment
To do unattended install of the Veeam Agent you just run the executeable with the following parameters.
/silent /accepteula
This should also import the license file and define which type of edition the agent is running. The default path of the agent is %Program Files%\Veeam\Endpoint Backup
From here we can for instance have a script which configured the correct license on the host.
Veeam.Agent.Configurator.exe -license /f: [/w] [/s]
/f: Path to license file
/w: Sets the agent edition to Workstation. If this parameter is not specified, Workstation edition is set automatically for the client OS versions.
/s: Sets the agent edition to Server. If this parameter is not specified, Server edition is set automatically for the server OS versions.
So a quick install script can look like this.
cd c:\
# Installs agent silent
#
.\VeeamAgentWindows_2.0.0.700.exe /silent /accepteula
# Add sleep before changing directory
#
Start-Sleep -Seconds 50
$path = ‘.\Program Files\Veeam\Endpoint Backup’
cd $path
#
# Adds license and changes the Server edition
.\Veeam.Agent.Configurator.exe -license /f:c:\veeam_agent_windows_trial_0_0.lic /s
Sysprepped Image
If you plan on creating a sysprepped image predefined with configuration and job you need to create a registry value under HKEY_LOCAL_MACHINE\SOFTWARE\Veeam\Veeam Endpoint Backup\SysprepMode (DWORD)=1. This registry key value is used to regenerate the job ID when Veeam Agent for Microsoft Windows starts for the first time on the new computer.
Setting it up in Sysprep mode will retain the license and the current job configuration of the agent itself.
Creating custom Configuration files
It is also possible to create a custom configuration file using XML which can contain all the settings and backup jobs of the agent itself. This configuration file can also be imported to other agents. It is important to note that the configuration files does not contain any license files so that has to be impoted seperatly.
After you have configured the agent with the required configuration from a base VM you can export the configuration file using
.\Veeam.Agent.Configurator.exe –export
And just using the –import parameter will import the configuration. Now the issue is when we want to generalize this into an Azure VM. The simplest way is to export the agent install setup to an Azure Storage Blob or have it part of a sysprepped image and then also have the license with the configuration file as part of the setup placed in a Azure Storage Account and if you also create a SAS token with access to each seperat blob as well you have granular access to each blob in Azure. When you have each SAS blob token which can be created using
Get-AzureRmStorageAccount –Name –ResourceGroup | New-AzureStorageBlobSASToken -Container “script” –Blob “blobname” -Permission rwd
When this is done we can download each file using an web request from PowerShell so we can reference is using a script.
Example script where I have each file with its unique SAS token, without any specific configuration.
# Store variables
$folderName = “veeam”
$dest = “C:\WindowsAzure\$folderName”
$veeamagent = ‘VeeamAgentWindows_2.0.0.700.exe’
$veeamlic = ‘veeam_agent_windows_trial_0_0.lic’
mkdir $dest
cd $dest
# Downloads Veeam agent and license file and Configuration file
#
Invoke-WebRequest https://example.blob.core.windows.net/script/blob?sv=2015-04-05&sr=b&sig=XM7TvRPZmUplPl%2BL%2FIH8rgt5q93HDHwD1uSY0Ir%2ByVc%3D&st=2017-07-30T20%3A02%3A15Z&se=2017-07-30T22%3A02%3A15Z&sp=rwd -outfile $dest\$veeamagent
Invoke-WebRequest https://example.blob.core.windows.net/script/example?sv=2015-04-05&sr=b&sig=qgyoaLfdYBzf06iEDGWEJclYuaPIy9VtW4JFOB550Ac%3D&st=2017-07-30T20%3A02%3A15Z&se=2017-07-30T22%3A02%3A15Z&sp=rwd -OutFile $dest\$veeamlic
# Installs agent silent
#
.\VeeamAgentWindows_2.0.0.700.exe /silent /accepteula
# Add sleep before changing directory
#
Start-Sleep -Seconds 60
$path = ‘c:\Program Files\Veeam\Endpoint Backup’
cd $path
#
# Adds license and changes the Server edition
.\Veeam.Agent.Configurator.exe -license /f:$dest\$veeamlic /s
Adding it to a Azure ARM template with Script extension
Now the final piece is to add this script to an ARM template to do automatic deployment of virtual machines in Azure with Veeam agent installed with a license and prepared configuration job.
The easiest way to do this is using the vm script extension in Azure to run the script directly either as part of the deployment or adding the extension to a preexisting VM that is running in Azure. Create the script above as PowerShell script which then will be run as part of the ARM template deployment.
Important here that the Veeam agent is placed in the storage name that is part of the ARM template variable.
“name”: “MyCustomScriptExtension”,
“type”: “extensions”,
“apiVersion”: “2016-03-30”,
“location”: “[resourceGroup().location]”,
“dependsOn”: [
“[concat(‘Microsoft.Compute/virtualMachines/myVM’, copyindex())]”
],
“properties”: {
“publisher”: “Microsoft.Compute”,
“type”: “CustomScriptExtension”,
“typeHandlerVersion”: “1.7”,
“autoUpgradeMinorVersion”: true,
“settings”: {
“fileUris”: [
“[concat(‘https://’, variables(‘storageName’),
‘.blob.core.windows.net/customscripts/veeam.ps1’)]”
],
“commandToExecute”: “powershell.exe -ExecutionPolicy Unrestricted -File start.ps1”
Or we can use Powershell to run the script against a currently running VM
Set-AzureRmVMCustomScriptExtension -ResourceGroupName “example” -Location “example” -VMName “example” -Name “Veeam” -TypeHandlerVersion “1.1” -StorageAccountName “Contoso” -StorageAccountKey <StorageKeyforStorageAccount> -FileName “veeam.ps1” -ContainerName “Scripts”