Deploy and manage a StorSimple Cloud Appliance in Azure (Update 3 and later)
StorSimple 8000 series will reach its end-of-life in December 2022. If you are considering new deployments of StorSimple 8000 series, we recommend that you explore other alternatives such as Azure File Sync or Azure Data Box Online devices for your workloads.
The StorSimple 8000 Series Cloud Appliance is an additional capability that comes with your Microsoft Azure StorSimple solution. The StorSimple Cloud Appliance runs on a virtual machine in a Microsoft Azure virtual network, and you can use it to back up and clone data from your hosts.
This article describes the step-by-step process to deploy and manage a StorSimple Cloud Appliance in Azure. After reading this article, you will:
- Understand how the cloud appliance differs from the physical device.
- Be able to create and configure the cloud appliance.
- Connect to the cloud appliance.
- Learn how to work with the cloud appliance.
This tutorial applies to all the StorSimple Cloud Appliances running Update 3 and later.
Cloud appliance model comparison
The StorSimple Cloud Appliance is available in two models, a standard 8010 (formerly known as the 1100) and a premium 8020 (introduced in Update 2). The following table presents a comparison of the two models.
|Maximum capacity||30 TB||64 TB|
|Azure VM||Standard_A3 (4 cores, 7 GB memory)||Standard_DS3 (4 cores, 14 GB memory)|
|Region availability||All Azure regions||Azure regions that support Premium Storage and DS3 Azure VMs
Use this list to see if both Virtual Machines > DS-series and Storage > Disk storage are available in your region.
|Storage type||Uses Azure Standard Storage for local disks
Learn how to create a Standard Storage account
|Uses Azure Premium Storage for local disks2
|Workload guidance||Item level retrieval of files from backups||Cloud dev and test scenarios
Low latency and higher performance workloads
Secondary device for disaster recovery
1 Formerly known as the 1100.
2 Both the 8010 and 8020 use Azure Standard Storage for the cloud tier. The difference only exists in the local tier within the device.
How the cloud appliance differs from the physical device
The StorSimple Cloud Appliance is a software-only version of StorSimple that runs on a single node in a Microsoft Azure Virtual Machine. The cloud appliance supports disaster recovery scenarios in which your physical device is not available. The cloud appliance is appropriate for use in item-level retrieval from backups, on-premises disaster recovery, and cloud dev and test scenarios.
Differences from the physical device
The following table shows some key differences between the StorSimple Cloud Appliance and the StorSimple physical device.
|Physical device||Cloud appliance|
|Location||Resides in the datacenter.||Runs in Azure.|
|Network interfaces||Has six network interfaces: DATA 0 through DATA 5.||Has only one network interface: DATA 0.|
|Registration||Registered during the initial configuration step.||Registration is a separate task.|
|Service data encryption key||Regenerate on the physical device and then update the cloud appliance with the new key.||Cannot regenerate from the cloud appliance.|
|Supported volume types||Supports both locally pinned and tiered volumes.||Supports only tiered volumes.|
Prerequisites for the cloud appliance
The following sections explain the configuration prerequisites for your StorSimple Cloud Appliance. Before you deploy a cloud appliance, review the security considerations for using a cloud appliance.
Keep the following security considerations in mind when you use the StorSimple Cloud Appliance:
- The cloud appliance is secured through your Microsoft Azure subscription. This means that if you are using the cloud appliance and your Azure subscription is compromised, the data stored on your cloud appliance is also susceptible.
- The public key of the certificate used to encrypt data stored in StorSimple is securely made available to the Azure portal, and the private key is retained with the StorSimple Cloud Appliance. On the StorSimple Cloud Appliance, both the public and private keys are stored in Azure.
- The cloud appliance is hosted in the Microsoft Azure datacenter.
Before you provision the cloud appliance, you need to make the following preparations in your Azure environment:
Ensure that you have a StorSimple 8000 series physical device (model 8100 or 8600) deployed and running in your datacenter. Register this device with the same StorSimple Device Manager service that you intend to create a StorSimple Cloud Appliance for.
For the cloud appliance, configure a virtual network on Azure. If using Premium Storage, you must create a virtual network in an Azure region that supports Premium Storage. The Premium Storage regions are regions that correspond to the row for Disk storage in the list of Azure Services by Region.
We recommend that you use the default DNS server provided by Azure instead of specifying your own DNS server name. If your DNS server name is not valid or if the DNS server is not able to resolve IP addresses correctly, the creation of the cloud appliance fails.
Point-to-site and site-to-site are optional, but not required. If you wish, you can configure these options for more advanced scenarios.
You can create Azure Virtual Machines (host servers) in the virtual network that can use the volumes exposed by the cloud appliance. These servers must meet the following requirements:
- Be Windows or Linux VMs with iSCSI Initiator software installed.
- Be running in the same virtual network as the cloud appliance.
- Be able to connect to the iSCSI target of the cloud appliance through the internal IP address of the cloud appliance.
- Make sure you have configured support for iSCSI and cloud traffic on the same virtual network.
Make the following updates to your StorSimple Device Manager service before you create a cloud appliance:
- Add access control records for the VMs that are going to be the host servers for your cloud appliance.
- Use a storage account in the same region as the cloud appliance. Storage accounts in different regions may result in poor performance. You can use a Standard or Premium Storage account with the cloud appliance. More information on how to create a Standard Storage account.
- Use a different storage account for cloud appliance creation from the one used for your data. Using the same storage account may result in poor performance.
Make sure that you have the following information before you begin:
- Your Azure portal account with access credentials.
- A copy of the service data encryption key from your physical device registered to the StorSimple Device Manager service.
Create and configure the cloud appliance
Before performing these procedures, make sure that you have met the Prerequisites for the cloud appliance.
Perform the following steps to create a StorSimple Cloud Appliance.
Step 1: Create a cloud appliance
Perform the following steps to create the StorSimple Cloud Appliance.
To create a cloud appliance
In the Azure portal, go to the StorSimple Device Manager service.
Go to the Devices blade. From the command bar in the service summary blade, click Create cloud appliance.
In the Create cloud appliance blade, specify the following details.
Name – A unique name for your cloud appliance.
Model - Choose the model of the cloud appliance. An 8010 device offers 30 TB of Standard Storage whereas 8020 has 64 TB of Premium Storage. Specify 8010 to deploy item level retrieval scenarios from backups. Select 8020 to deploy high performance, low latency workloads, or use as a secondary device for disaster recovery.
Version - Choose the version of the cloud appliance. The version corresponds to the version of the virtual disk image that is used to create the cloud appliance. Given the version of the cloud appliance determines which physical device you fail over or clone from, it is important that you create an appropriate version of the cloud appliance.
Virtual network – Specify a virtual network that you want to use with this cloud appliance. If using Premium Storage, you must select a virtual network that is supported with the Premium Storage account. The unsupported virtual networks are grayed out in the dropdown list. You are warned if you select an unsupported virtual network.
Subnet - Based on the virtual network selected, the dropdown list displays the associated subnets. Assign a subnet to your cloud appliance.
Storage account – Select a storage account to hold the image of the cloud appliance during provisioning. This storage account should be in the same region as the cloud appliance and virtual network. It should not be used for data storage by either the physical or the cloud appliance. By default, a new storage account is created for this purpose. However, if you know that you already have a storage account that is suitable for this use, you can select it from the list. If creating a premium cloud appliance, the dropdown list only displays Premium Storage accounts.
The cloud appliance can only work with the Azure storage accounts.
Select the checkbox to indicate that you understand that the data stored on the cloud appliance is hosted in a Microsoft datacenter.
When you use only a physical device, your encryption key is kept with your device; therefore, Microsoft cannot decrypt it.
When you use a cloud appliance, both the encryption key and the decryption key are stored in Microsoft Azure. For more information, see security considerations for using a cloud appliance.
Click Create to provision the cloud appliance. The device may take around 30 minutes to be provisioned. You are notified when the cloud appliance is successfully created. Go to Devices blade, and the list of devices refreshes to display the cloud appliance. The status of the appliance is Ready to set up.
If the creation of the cloud appliance fails in this step, you may not have connectivity to the Internet. For more information, go to troubleshoot Internet connectivity failures when creating a cloud appliance.
Step 2: Configure and register the cloud appliance
Before you start this procedure, make sure that you have a copy of the service data encryption key. The service data encryption key is created when you registered your first StorSimple physical device with the StorSimple Device Manager service. You were instructed to save it in a secure location. If you do not have a copy of the service data encryption key, you must contact Microsoft Support for assistance.
Perform the following steps to configure and register your StorSimple Cloud Appliance.
To configure and register the cloud appliance
Select and click the StorSimple Cloud Appliance you created in the Devices blade.
In the Configure device blade, do the following steps:
Enter the Service Data Encryption Key in the space provided. This key is generated when you registered the first physical device with your StorSimple Device Manager service.
Enter the Device admin password and Snapshot Manager password of the specified length and settings.
Click OK to finish the initial configuration and registration of the cloud appliance.
After the configuration and registration is complete, the device will come online. (It may take several minutes for the device to come online.)
Step 3: (Optional) Modify the device configuration settings
The following section describes the device configuration settings needed for the StorSimple Cloud Appliance if you want to use CHAP, StorSimple Snapshot Manager or change the device administrator password.
Configure the CHAP initiator
This parameter contains the credentials that your cloud appliance (target) expects from the initiators (servers) that are attempting to access the volumes. The initiators provide a CHAP user name and a CHAP password to identify themselves to your device during this authentication. For detailed steps, go to Configure CHAP for your device.
Configure the CHAP target
This parameter contains the credentials that your cloud appliance uses when a CHAP-enabled initiator requests mutual or bi-directional authentication. Your cloud appliance uses a Reverse CHAP user name and Reverse CHAP password to identify itself to the initiator during this authentication process.
CHAP target settings are global settings. When these settings are applied, all the volumes connected to the cloud appliance use CHAP authentication.
For detailed steps, go to Configure CHAP for your device.
Configure the StorSimple Snapshot Manager password
StorSimple Snapshot Manager software resides on your Windows host and allows administrators to manage backups of your StorSimple device in the form of local and cloud snapshots.
For the cloud appliance, your Windows host is an Azure virtual machine.
When configuring a device in the StorSimple Snapshot Manager, you are prompted to provide the StorSimple device IP address and password to authenticate your storage device. For detailed steps, go to Configure StorSimple Snapshot Manager password.
Change the device administrator password
When you use the Windows PowerShell interface to access the cloud appliance, you are required to enter a device administrator password. For the security of your data, you must change this password before the cloud appliance can be used. For detailed steps, go to Configure device administrator password.
Connect remotely to the cloud appliance
Remote access to your cloud appliance via the Windows PowerShell interface is not enabled by default. You must enable remote management on the cloud appliance first, and then on the client used to access the cloud appliance.
The following two-step procedure describes how to connect remotely to your cloud appliance.
Step 1: Configure remote management
Perform the following steps to configure remote management for your StorSimple Cloud Appliance.
To configure remote management on cloud appliance
In your StorSimple Device Manager service, click Devices. Select and click your cloud appliance from the list of devices connected to the service.
Go to Settings > Security to open the Security settings blade.
Go to the Remote Management section. Click Remote management box.
In the Remote management blade:
Ensure Enable remote administration is enabled.
The default is to connect over HTTPS. You can choose to connect using HTTP. Connecting over HTTP is acceptable only on trusted networks. Ensure that HTTP is enabled.
From the command bar at the top of blade, click ... More and then click Download certificate to download a remote management certificate. You can specify a location in which to save this file. This certificate should be installed on the client or host machine that you use to connect to the cloud appliance.
Click Save and when prompted, confirm the changes.
Step 2: Remotely access the cloud appliance
After you enable remote management on the cloud appliance, use Windows PowerShell remoting to connect to the appliance from another virtual machine inside the same virtual network. For example, you can connect from the host VM that you configured and used to connect iSCSI. In most deployments, you will open a public endpoint to access your host VM that you can use for accessing the cloud appliance.
For enhanced security, we strongly recommend that you use HTTPS when connecting to the endpoints and then delete the endpoints after you have completed your PowerShell remote session.
You must follow the procedures in Connecting remotely to your StorSimple device to set up remoting for your cloud appliance.
Connect directly to the cloud appliance
You can also connect directly to the cloud appliance. To connect directly to the cloud appliance from another computer outside the virtual network or outside the Microsoft Azure environment, you must create additional endpoints.
Perform the following steps to create a public endpoint on the cloud appliance.
To create public endpoints on the cloud appliance
Sign in to the Azure portal.
Go to Virtual Machines, and then select and click the virtual machine that is being used as your cloud appliance.
You need to create a network security group (NSG) rule to control the flow of traffic in and out of your virtual machine. Perform the following steps to create an NSG rule.
Select Network security group.
Click the default network security group that is presented.
Select Inbound security rules.
Click + Add to create an inbound security rule.
In the Add inbound security rule blade:
For the Name, type the following name for the endpoint: WinRMHttps.
For the Priority, select a number lesser than 1000 (which is the priority for the default rule). Higher the value, lower the priority.
Set the Source to Any.
For the Service, select WinRM. The Protocol is automatically set to TCP and the Port range is set to 5986.
Click OK to create the rule.
Your final step is to associate your network security group with a subnet or a specific network interface. Perform the following steps to associate your network security group with a subnet.
Go to Subnets.
Click + Associate.
Select your virtual network, and then select the appropriate subnet.
Click OK to create the rule.
After the rule is created, you can view its details to determine the Public Virtual IP (VIP) address. Record this address.
We recommend that you connect from another virtual machine inside the same virtual network because this practice minimizes the number of public endpoints on your virtual network. In this case, connect to the virtual machine through a Remote Desktop session and then configure that virtual machine for use as you would any other Windows client on a local network. You do not need to append the public port number because the port is already known.
Get private IP for the cloud appliance
For the cloud appliance to connect to the host server in the same virtual network, you need the internal or the private IP address of the cloud appliance. Perform the following steps to get the private IP address of the cloud appliance
Go to the underlying virtual machine for your cloud appliance. The virtual machine has the same name as your cloud appliance. Go to All resources, provide the name of cloud appliance and subscription, and select type as virtual machines. In the list of virtual machines presented, select and click the virtual machine corresponding to the cloud appliance.
Go to Settings > Networking. In the right pane, you see the private IP address of the cloud appliance. Make a note of it.
Work with the StorSimple Cloud Appliance
Now that you have created and configured the StorSimple Cloud Appliance, you are ready to start working with it. You can work with volume containers, volumes, and backup policies on a cloud appliance just as you would on a physical StorSimple device. The only difference is that you need to make sure that you select the cloud appliance from your device list. Refer to use the StorSimple Device Manager service to manage a cloud appliance for step-by-step procedures of the various management tasks for the cloud appliance.
The following sections discuss some of the differences you encounter when working with the cloud appliance.
Maintain a StorSimple Cloud Appliance
Because it is a software-only device, maintenance for the cloud appliance is minimal when compared to maintenance for the physical device.
You cannot update a cloud appliance. Use the latest version of software to create a new cloud appliance.
Storage accounts for a cloud appliance
Storage accounts are created for use by the StorSimple Device Manager service, by the cloud appliance, and by the physical device. When you create your storage accounts, we recommend that you use a region identifier in the friendly name. This helps ensure that the region is consistent throughout all of the system components. For a cloud appliance, it is important that all the components are in the same region to prevent performance issues.
For a step-by-step procedure, go to add a storage account.
Deactivate a StorSimple Cloud Appliance
When you deactivate a cloud appliance, the action deletes the VM and the resources created when it was provisioned. After the cloud appliance is deactivated, it cannot be restored to its previous state. Before you deactivate the cloud appliance, make sure to stop or delete clients and hosts that depend on it.
Deactivating a cloud appliance results in the following actions:
- The cloud appliance is removed.
- The OS disk and data disks created for the cloud appliance are removed.
- The hosted service and virtual network created during provisioning are retained. If you are not using them, you should delete them manually.
- Cloud snapshots created for the cloud appliance are retained.
For a step-by-step procedure, go to Deactivate and delete your StorSimple device.
As soon as the cloud appliance is shown as deactivated on the StorSimple Device Manager service blade, you can delete the cloud appliance from device list on the Devices blade.
Start, stop, and restart a cloud appliance
Unlike the StorSimple physical device, there is no power on or power off button to push on a StorSimple Cloud Appliance. However, there may be occasions where you need to stop and restart the cloud appliance.
The easiest way for you to start, stop, and restart a cloud appliance is via the Virtual Machines service blade. Go the Virtual machine service. From the list of VMs, identify the VM corresponding to your cloud appliance (same name), and click the VM name. When you look at your virtual machine blade, the cloud appliance status is Running because it is started by default after it is created. You can start, stop, and restart a virtual machine at any time.
To stop and start a cloud appliance
To stop a cloud appliance, go to the VM for your cloud appliance.
From the command bar, click Stop.
When prompted for confirmation, click Yes.
When you stop a VM, it gets deallocated. While the cloud appliance is stopping, its status is Deallocating. After the cloud appliance is stopped, its status is Stopped (deallocated).
Once a VM is stopped, click Start (button becomes available) to start the VM. After the cloud appliance has started up, its status is Started.
Use the following cmdlets to stop and start a cloud appliance.
Stop-AzureVM -ServiceName "MyStorSimpleservice1" -Name "MyStorSimpleDevice"
Start-AzureVM -ServiceName "MyStorSimpleservice1" -Name "MyStorSimpleDevice"
To restart a cloud appliance
To restart a cloud appliance, go to the VM for your cloud appliance. From the command bar, click Restart. When prompted, confirm the restart. When the cloud appliance is ready for you to use, its status is Running.
Use the following cmdlet to restart a cloud appliance.
Restart-AzureVM -ServiceName "MyStorSimpleservice1" -Name "MyStorSimpleDevice"
Reset to factory defaults
If you decide that you want to start over with your cloud appliance, deactivate and delete it and then create a new one.
Fail over to the cloud appliance
Disaster recovery (DR) is one of the key scenarios that the StorSimple Cloud Appliance was designed for. In this scenario, the physical StorSimple device or entire datacenter may not be available. Fortunately, you can use a cloud appliance to restore operations in an alternate location. During DR, the volume containers from the source device change ownership and are transferred to the cloud appliance.
The prerequisites for DR are:
- The cloud appliance is created and configured.
- All the volumes within the volume container are offline.
- The volume container that you fail over, has an associated cloud snapshot.
- When using a cloud appliance as the secondary device for DR, keep in mind that the 8010 has 30 TB of Standard Storage and 8020 has 64 TB of Premium Storage. The higher capacity 8020 cloud appliance may be more suited for a DR scenario.
For a step-by-step procedure, go to fail over to a cloud appliance.
Delete the cloud appliance
If you previously configured and used a StorSimple Cloud Appliance but now want to stop accruing compute charges for its use, you must stop the cloud appliance. Stopping the cloud appliance deallocates the VM. This action will stop from charges accruing on your subscription. The storage charges for the OS and data disks will however continue.
To stop all the charges, you must delete the cloud appliance. To delete the backups created by the cloud appliance, you can deactivate or delete the device. For more information, see Deactivate and delete a StorSimple device.
To delete a cloud appliance
Sign in to the Azure portal.
You can only delete a deactivated device that does not contain data. Delete the data on the device first or you can fail over the data in volume containers to another device. Once the data is deleted, you are ready to deactivate the device.
In your StorSimple Device Manager service page, click Devices and then select the device. Right-click and select Deactivate.
Once the device is deactivated, right-click the device and select Delete.
Type the device name to confirm the deletion. After the device is deleted, the device list updates.
You are notified after the device is deleted.
The list of devices updates to indicate the deleted device.
Troubleshoot Internet connectivity errors
During the creation of a cloud appliance, if there is no connectivity to the Internet, the creation step fails. To troubleshoot Internet connectivity failures, perform the following steps in the Azure portal:
Create a Windows virtual machine in the Azure portal. This virtual machine should use the same storage account, VNet, and subnet as used by your cloud appliance. If there is an existing Windows Server host in Azure using the same storage account, VNet, and subnet, you can also use it to troubleshoot the Internet connectivity.
Remote log into the virtual machine created in the preceding step.
Open a command window inside the virtual machine (Win + R and then type
Run the following cmd at the prompt.
nslookupfails, then Internet connectivity failure is preventing the cloud appliance from registering to the StorSimple Device Manager service.
Make the required changes to your virtual network to ensure that the cloud appliance is able to access Azure sites such as windows.net.
- Learn how to use the StorSimple Device Manager service to manage a cloud appliance.
- Understand how to restore a StorSimple volume from a backup set.