Configure backup for Azure Stack with PowerShell - Azure Stack Hub Ruggedized

Applies to: Modular Data Center, Azure Stack Hub ruggedized

You can configure the Infrastructure Backup Service to export infrastructure backups to an external storage location, using PowerShell. Infrastructure backups can be used by support to fix degraded services.

Prepare PowerShell environment

For instructions on configuring the PowerShell environment, see Install PowerShell for Azure Stack. To sign in to Azure Stack, see Configure the operator environment and sign in to Azure Stack.

Provide the backup share, credentials, and encryption key to enable backup

In the same PowerShell session, edit the following PowerShell script by adding the variables for your environment. Run the updated script to provide the backup share, credentials, and encryption key to the Infrastructure Backup Service.

Variable Description
$username Type the Username using the domain and username for the shared drive location with sufficient access to read and write files. For example, Contoso\backupshareuser.
$password Type the Password for the user.
$path Type the path to the Backup storage location. You must use a Universal Naming Convention (UNC) string for the path to a file share hosted on a separate device. A UNC string specifies the location of resources such as shared files or devices. To ensure availability of the backup data, the device should be in a separate location.
$backupfrequencyinhours The frequency in hours determines how often backups are created. The default value is 12. Scheduler supports a minimum of 4 and a maximum of 12.
$backupretentionperiodindays The retention period in days determines how many days of backups are preserved on the external location. The default value is 7. Scheduler supports a minimum of 2 and a maximum of 14. Backups older than the retention period get automatically deleted from the external location.
$encryptioncertpath Certificate provided during deployment. No need to provide a new one when configuring the external storage location. The encryption certificate path specifies the file path to the .CER file with public key used for data encryption.
$isbackupschedulerenabled Enables/disables automatic backups. Automatic backups are enabled by default after providing share and credentials.

Configure backup

# Example username
$username = "domain\backupadmin"

# Example share path
$sharepath = "\\serverIP\AzSBackupStore\\seattle"

$password = Read-Host -Prompt ("Password for: " + $username) -AsSecureString

# Set the backup settings with the name, password, share, and CER certificate file.
Set-AzsBackupConfiguration -BackupShare path -Username $username -Password $password

Confirm backup settings

In the same PowerShell session, run the following commands:

Get-AzsBackupConfiguration | Select-Object -Property Path, UserName

The result should look like the following example output:

Path : \\serverIP\AzsBackupStore\\seattle
UserName : domain\backupadmin

Update backup settings

In the same PowerShell session, you can update the default values for the retention period and frequency for backups:

# Set the backup frequency and retention period values.
$frequencyInHours = 10
$retentionPeriodInDays = 5

Set-AzsBackupConfiguration -BackupFrequencyInHours $backupfrequencyInHours -BackupRetentionPeriodInDays $backupretentionPeriodInDays

Get-AzsBackupConfiguration | Select-Object -Property Path, UserName, AvailableCapacity, BackupFrequencyInHours, BackupRetentionPeriodInDays

Update encryption certificate

In the same PowerShell session, you can update the encryption certificate used to encrypt backup data. Only new backups will use the new encryption certificate. All existing backups will remain encrypted with the previous certificate. Make sure to keep a copy of the previous certificate for at least a month to ensure previous backups encrypted with the old certificate have been purged:

#Set the new encryption certificate by providing local path to CER file.
Set-AzsBackupConfiguration -EncryptionCertPath "c:\temp\cert.cer"

Enable or disable automatic backups

In the same PowerShell session, you can enable or disable automatic backups. Automatic backups are enabled by default.

#Disable automatic backups.
Set-AzsBackupConfiguration - Isbackupschedulerenabled $false

#Enable automatic backups.
Set-AzsBackupConfiguration - Isbackupschedulerenabled $true

Next steps

To learn how to verify that your backup ran, see Confirm backup completed in administration portal.