Azure Backup service- FAQ

This article is a list of commonly asked questions (and the respective answers) about the Azure Backup service. Our community replies quickly, and if a question is asked often, we add it to this article. The answers to questions typically provide reference or support information. You can ask questions about Azure Backup by clicking Comments (to the right). Comments appear at the bottom of this article. A Livefyre account is required to comment. You can also post questions about the Azure Backup service in the discussion forum.

What is the list of supported operating systems from which I can back up to Azure using Azure Backup?

Azure Backup supports the following list of operating systems for backing up: files and folders, and workload applications protected using Azure Backup Server and SCDPM.

Operating System Platform SKU
Windows 8 and latest SPs 64 bit Enterprise, Pro
Windows 7 and latest SPs 64 bit Ultimate, Enterprise, Professional, Home Premium, Home Basic, Starter
Windows 8.1 and latest SPs 64 bit Enterprise, Pro
Windows 10 64 bit Enterprise, Pro, Home
Windows Server 2016 64 bit Standard, Datacenter, Essentials
Windows Server 2012 R2 and latest SPs 64 bit Standard, Datacenter, Foundation
Windows Server 2012 and latest SPs 64 bit Datacenter, Foundation, Standard
Windows Storage Server 2012 R2 and latest SPs 64 bit Standard, Workgroup
Windows Storage Server 2012 and latest SPs 64 bit Standard, Workgroup
Windows Server 2012 R2 and latest SPs 64 bit Essential
Windows Server 2008 R2 SP1 64 bit Standard, Enterprise, Datacenter, Foundation
Windows Server 2008 SP2 64 bit Standard, Enterprise, Datacenter, Foundation

For Azure VM backup,

  • Linux: Azure Backup supports a list of distributions that are endorsed by Azure except Core OS Linux. Other Bring-Your-Own-Linux distributions also might work as long as the VM agent is available on the virtual machine and support for Python exists.
  • Windows Server: Versions older than Windows Server 2008 R2 are not supported.

Where can I download the latest Azure Backup agent?

You can download the latest agent for backing up Windows Server, System Center DPM, or Windows client, from here. If you want to back up a virtual machine, use the VM Agent (which automatically installs the proper extension). The VM Agent is already present on virtual machines created from the Azure gallery.

Which version of SCDPM server is supported?

We recommend that you install the latest Azure Backup agent on the latest update rollup of SCDPM (UR11 as of August 2016)

When configuring the Azure Backup agent, I am prompted to enter the vault credentials. Do vault credentials expire?

Yes, the vault credentials expire after 48 hours. If the file expires, log in to the Azure portal and download the vault credentials files from your vault.

Is there any limit on the number of vaults that can be created in each Azure subscription?

Yes. As of September 2016, you can create 25 backup vaults per subscription. You can create up to 25 Recovery Services vaults per supported region of Azure Backup per subscription. If you need additional vaults, create an additional subscription.

Are there any limits on the number of servers/machines that can be registered against each vault?

Yes, you can register up to 50 machines per vault. For Azure IaaS virtual machines, the limit is 200 VMs per vault. If you need to register more machines, create another vault.

How do I register my server to another datacenter?

Backup data is sent to the datacenter of the vault to which it is registered. The easiest way to change the datacenter is to uninstall the agent and reinstall the agent and register to a new vault that belongs to desired datacenter.

What happens if I rename a Windows server that is backing up data to Azure?

When you rename a server, all currently configured backups are stopped. Register the new name of the server with the Backup vault. When you register the new name with the vault, the first backup operation is a full backup. If you need to recover data backed up to the vault with the old server name, use the Another server option in the Recover Data wizard.

What types of drives can I back up files and folders from?

You can't back up the following drives/volumes:

  • Removable Media: All backup item sources must report as fixed.
  • Read-only Volumes: The volume must be writable for the volume shadow copy service (VSS) to function.
  • Offline Volumes: The volume must be online for VSS to function.
  • Network share: The volume must be local to the server to be backed up using online backup.
  • Bitlocker-protected volumes: The volume must be unlocked before the backup can occur.
  • File System Identification: NTFS is the only file system supported.

What file and folder types can I back up from my server?

The following types are supported:

  • Encrypted
  • Compressed
  • Sparse
  • Compressed + Sparse
  • Hard Links: Not supported, skipped
  • Reparse Point: Not supported, skipped
  • Encrypted + Sparse: Not supported, skipped
  • Compressed Stream: Not supported, skipped
  • Sparse Stream: Not supported, skipped

What's the minimum size requirement for the cache folder?

The size of the cache folder determines the amount of data that you are backing up. Your cache folder should be 5% of the space required for data storage.

If my organization has one vault, how can I isolate one server's data from another server when restoring data?

All servers that are registered to the same vault can recover the data backed up by other servers that use the same passphrase. If you have servers whose backup data you want to isolate from other servers in your organization, use a designated passphrase for those servers. For example, human resources servers could use one encryption passphrase, accounting servers another, and storage servers a third.

Can I “migrate” my backup data or vault between subscriptions?

No. The vault is created at a subscription level and cannot be reassigned to another subscription once it’s created.

Does the Azure Backup Agent work on a server that uses Windows Server 2012 deduplication?

Yes. The agent service converts the deduplicated data to normal data when it prepares the backup operation. It then optimizes the data for backup, encrypts the data, and then sends the encrypted data to the online backup service.

If I cancel a backup job once it has started, is the transferred backup data deleted?

No. All data transferred into the vault, before the backup job was cancelled, stays in the vault. Azure Backup uses a checkpoint mechanism to occasionally add checkpoints to the backup data during the backup. Because there are checkpoints in the backup data, the next backup process can validate the integrity of the files. The next backup job will be incremental to the data previously backed up. Incremental backups only transfer new or changed data, which equates to better utilization of bandwidth.

If you cancel a backup job for an Azure VM, any transferred data is ignored. The next backup job transfers incremental data from the last successful backup job.

Why am I seeing the warning "Azure Backups have not been configured for this server" even though I had scheduled regular backups previously?

This warning occurs when the backup schedule settings stored on the local server are not the same as the settings stored in the backup vault. When either the server or the settings have been recovered to a known good state, the backup schedules can lose synchronization. If you receive this warning, reconfigure the backup policy and then Run Back Up Now to resynchronize the local server with Azure.

What firewall rules should be configured for Azure Backup?

For seamless protection of on-premises-to-Azure and workload-to-Azure data, it is recommended that you allow your firewall to communicate with the following URLs:

  • www.msftncsi.com
  • *.Microsoft.com
  • *.WindowsAzure.com
  • *.microsoftonline.com
  • *.windows.net

Can I install the Azure Backup agent on an Azure VM already backed by the Azure Backup service using the VM extension?

Absolutely. Azure Backup provides VM-level backup for Azure VMs using the VM extension. To protect files and folders on the guest Windows OS, install the Azure Backup agent on the guest Windows OS.

Can I install the Azure Backup agent on an Azure VM to back up files and folders present on temporary storage provided by the Azure VM?

Yes. Install the Azure Backup agent on the guest Windows OS, and back up files and folders to temporary storage. Note that backups fail once temporary storage data is wiped out. Also, if the temporary storage data has been deleted, you can only restore to non-volatile storage.

I have installed Azure Backup agent to protect my files and folders. Can I now install SCDPM to work with Azure Backup agent to protect on-premises application/VM workloads to Azure?

To use Azure Backup with System Center Data Protection Manager (DPM), install DPM first and then install Azure Backup agent. Installing the Azure Backup components in this order ensures the Azure Backup agent works with DPM. Installing the Azure Backup agent before installing DPM is not advised or supported.

What is the length of file path that can be specified as part of Azure Backup policy using Azure Backup agent?

Azure Backup agent relies on NTFS. The filepath length specification is limited by the Windows API. If the files you want to protect have a file-path length longer than what is allowed by the Windows API, back up the parent folder or the disk drive.

What characters are allowed in file path of Azure Backup policy using Azure Backup agent?

Azure Backup agent relies on NTFS. It enables NTFS supported characters as part of file specification.

Can I use Azure Backup Server to create a Bare Metal Recovery (BMR) backup for a physical server?

Yes.

Can I configure the Backup service to send mail if a backup job fails?

Yes, the Backup service has several event-based alerts that can be used with a PowerShell script. For a full description, see Configure notifications

Is there a limit on the size of each data source being backed up?

There is no limit on the amount of data you can back up to a vault. Azure Backup restricts the maximum size for the data source, however, these limits are large. As of August 2015, the maximum size for a data source for the supported operating systems is:

S.No Operating system Maximum size of data source
1 Windows Server 2012 or later 54,400 GB
2 Windows 8 or later 54,400 GB
3 Windows Server 2008, Windows Server 2008 R2 1700 GB
4 Windows 7 1700 GB

The following table explains how each data source size is determined.

Datasource Details
Volume The amount of data being backed up from single volume of a server or client machine
Hyper-V virtual machine Sum of data of all the VHDs of the virtual machine being backed up
Microsoft SQL Server database Size of single SQL database size being backed up
Microsoft SharePoint Sum of the content and configuration databases within a SharePoint farm being backed up
Microsoft Exchange Sum of all Exchange databases in an Exchange server being backed up
BMR/System State Each individual copy of BMR or system state of the machine being backed up

Are there limits on the number of times a backup job can be scheduled per day?

Yes, you can run backup jobs on Windows Server or Windows client up to three times/day. You can run backup jobs on System Center DPM up to twice a day. You can run a backup job for IaaS VMs once a day.

Is there a difference between the scheduling policy for DPM and Windows Server (i.e. on Windows Server without DPM)?

Yes. Using DPM, you can specify daily, weekly, monthly, and yearly schedules. Windows Server (without DPM) allows you to specify only daily and weekly schedules.

Is there a difference between the retention policy for DPM and Windows Server/client (i.e. on Windows Server without DPM)?

No, both DPM and Windows Server/client have daily, weekly, monthly, and yearly retention policies.

Can I configure my retention policies selectively – i.e. configure weekly and daily but not yearly and monthly?

Yes, the Azure Backup retention structure allows you to have full flexibility in defining the retention policy as per your requirements.

Can I “schedule a backup” at 6pm and specify “retention policies” at a different time?

No. Retention policies can only be applied on backup points. In the following image, the retention policy is specified for backups taken at 12am and 6pm.

Schedule Backup and Retention

Is an incremental copy transferred for the retention policies scheduled?

No, the incremental copy is sent based on the time mentioned in the backup schedule page. The points that can be retained are determined based on the retention policy.

If a backup is retained for a long duration, does it take more time to recover an older data point?

No – the time to recover the oldest or the newest point is the same. Each recovery point behaves like a full point.

If each recovery point is like a full point, does it impact the total billable backup storage?

Typical long-term retention point products store backup data as full points. The full points are storage inefficient but are easier and faster to restore. Incremental copies are storage efficient but require you to restore a chain of data, which impacts your recovery time. Azure Backup storage architecture gives you the best of both worlds by optimally storing data for fast restores and incurring low storage costs. This data storage approach ensures that your ingress and egress bandwidth is used efficiently. Both the amount of data storage and the time needed to recover the data, is kept to a minimum. Learn more on how incremental backups save are efficient.

Is there a limit on the number of recovery points that can be created?

You can create up to 9999 recovery points per protected instance. A protected instance is a computer, server (physical or virtual), or workload configured to back up data to Azure. There is no limit on the number of protected instances per backup vault. For more information, see the explanations of Backup and retention, and What is a protected instance?

Why is the amount of data transferred in backup not equal to the amount of data I backed up?

All the data that is backed up from Azure Backup Agent or SCDPM or Azure Backup Server, is compressed and encrypted before being transferred. Once the compression and encryption is applied, the data in the backup vault is 30-40% smaller.

Is there a way to adjust the amount of bandwidth used by the Backup service?

Yes, use the Change Properties option in the Backup Agent to adjust bandwidth. You can adjust the amount of bandwidth and the times when you use that bandwidth. For step-by-step instructions, see Enable network throttling in the article, [Back up a Windows Server or client to Azure using the Resource Manager deployment model.

My internet bandwidth is limited for the amount of data I need to back up. Is there a way I can move data to a certain location with a large network pipe and push that data into Azure?

You can back up data into Azure via the standard online backup process, or you can use the Azure Import/Export service to transfer data to blob storage in Azure. There are no additional ways of getting backup date into Azure storage. For information on how to use the Azure Import/Export service with Azure Backup, see the Offline Backup workflow article.

How many recoveries can I perform on the data that is backed up to Azure?

There is no limit on the number of recoveries from Azure Backup.

Do I have to pay for the egress traffic from Azure data center during recoveries?

No. Your recoveries are free and you are not charged for the egress traffic.

Is the data sent to Azure encrypted?

Yes. Data is encrypted on the on-premises server/client/SCDPM machine using AES256 and the data is sent over a secure HTTPS link.

Is the backup data on Azure encrypted as well?

Yes. The data sent to Azure remains encrypted (at rest). Microsoft does not decrypt the backup data at any point. When backing up an Azure VM, Azure Backup relies on encryption of the virtual machine. For example, if your VM is encrypted using Azure Disk Encryption, or some other encryption technology, Azure Backup uses that encryption to secure your data.

What is the minimum length of encryption key used to encrypt backup data?

The encryption key should be at least 16 characters.

What happens if I misplace the encryption key? Can I recover the data (or) can Microsoft recover the data?

The key used to encrypt the backup data is present only on the customer premises. Microsoft does not maintain a copy in Azure and does not have any access to the key. If the customer misplaces the key, Microsoft cannot recover the backup data.

How do I change the cache location specified for the Azure Backup agent?

Go sequentially through the following bullet list to change the cache location.

  • Stop the Backup engine by executing the following command in an elevated command prompt:

    PS C:\> Net stop obengine

  • Do not move the files. Instead, copy the cache space folder to a different drive with sufficient space. The original cache space can be removed after confirming the backups are working with the new cache space.
  • Update the following registry entries with the path to the new cache space folder.
Registry path Registry Key Value
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Azure Backup\Config ScratchLocation New cache folder location
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Azure Backup\Config\CloudBackupProvider ScratchLocation New cache folder location
  • Restart the Backup engine by executing the following command in an elevated command prompt:

    PS C:\> Net start obengine

    Once the backup creation is successfully completed in the new cache location, you can remove the original cache folder.

Where can I put the cache-folder for the Azure Backup Agent to work as expected?

The following locations for the cache-folder are not recommended:

  • Network share or Removable Media: The cache-folder must be local to the server that needs backing up using online backup. Network locations or removable media like USB drives are not supported.
  • Offline Volumes: The cache-folder must be online for expected backup using Azure Backup Agent.

Are there any attributes of the cache-folder that are not supported?

The following attributes or their combinations are not supported for the cache-folder:

  • Encrypted
  • De-duplicated
  • Compressed
  • Sparse
  • Reparse-Point

Neither the cache-folder nor the metadata VHD has the necessary attributes for the Azure Backup agent.

Recovery Services vaults are Resource Manager based. Are Backup vaults (classic mode) still supported?

Yes, Backup vaults are still supported. Create Backup vaults in the Classic portal. Create Recovery Services vaults in the Azure portal. We strongly recommend you create Recovery Services vaults because future enhancements will be for Recovery Services vaults, only.

Can I migrate a Backup vault to a Recovery Services vault?

Unfortunately no, you can't migrate the contents of a Backup vault to a Recovery Services vault. We are working on adding this functionality, but it is not currently available.

Do Recovery Services vaults support classic VMs or Resource Manager based VMs?

Recovery Services vaults support both models. You can back up a classic VM (created in the Classic portal), or a Resource Manager VM (created in the Azure portal) to a Recovery Services vault.

I have backed up my classic VMs in a backup vault. Can I migrate my VMs from classic mode to Resource Manager mode and protect them in a Recovery Services vault?

Classic VM recovery points in a backup vault don't automatically migrate to a Recovery Services vault when you move the VM from classic to Resource Manager mode. Follow these steps to transfer your VM backups:

  1. In the backup vault, go to the Protected Items tab and select the VM. Click Stop Protection. Leave Delete associated backup data option unchecked.
  2. Migrate the virtual machine from classic mode to Resource Manager mode. Make sure that storage and network corresponding to virtual machine are also migrated to Resource Manager mode.
  3. Create a Recovery Services vault and configure backup on the migrated virtual machine using Backup action on top of vault dashboard. For detailed information on backing up a VM to a Recovery Services vault, see the article, Protect Azure VMs with a Recovery Services vault.