Configuring Backups for Azure Blob Storage

You can configure backups for Azure Blob Storage. The configuration wizard guides you through the configuration process, which includes creating any new entities that are needed, such as a plan, an object storage client, and a content group.

Start the Configuration Wizard

From the Command Center navigation pane, go to Protect > Object storage.
The Object storage page appears.
In the upper-right area of the page, click Add object storage.
The Configure Object Storage page appears.
Select Azure Blob.
Click Next.
The Azure Blob storage service backup model overview page of the configuration wizard appears.
Click Next.
The Region page of the configuration wizard appears.

Region

Select the region that the object storage resides in.
Click Next.
The Cloud Storage page of the configuration wizard appears.

Cloud Storage

To review the supported combinations of primary and secondary storage, see Metallic Storage Options.

Primary Copy

For the primary copy of the backup data, select existing cloud storage or create new cloud storage.
Steps to create cloud storage for the primary copy
1. Click the add button .
  The Add cloud storage dialog box appears.
2. From the Type list, select Metallic Recovery Reserve or Microsoft Azure Storage.
3. If you selected Microsoft Azure Storage, do the following:
  1. In Name, enter a descriptive name for the cloud storage.
  1. For Credentials, select existing credentials or create new credentials.
  To create credentials, do the following:
  1. Click the add button .
  The Add credential dialog box appears.
  1. In Credential name, enter a descriptive name for the credentials.
  1. In Account name, enter the name of the storage account to use.
  2. In Access key ID, enter the access key of the storage account.
  3. In Description, enter a description of the credentials.
  4. Click Save.
  1. In Container, enter the name of the container.
4. Click Save.
Click Next.

Secondary Copy

Decide whether to store a secondary copy of the backup data for long-term retention.

Steps to create cloud storage for a secondary copy

Move the Secondary copy toggle key to the right.

For Storage location, select an existing storage location or create a new storage location.

To create a storage location, do the following:

Click the add button .
The Add cloud storage dialog box appears.

From Type, select the storage provider, and then enter the necessary values.

Storage provider	Values
Metallic Recovery Reserve	Storage class: Select the storage class for the type of access that you want to have for the data. Region: Select the region for the cloud storage.
Microsoft Azure Storage	Name: Enter a descriptive name for the cloud storage. Credentials: Select existing credentials or create new credentials. Region: Select the region for the cloud storage. Container: Enter the name of the container. For example, enter bucket_name.

Storage provider

Values

Metallic Recovery Reserve

Storage class: Select the storage class for the type of access that you want to have for the data.

Region: Select the region for the cloud storage.

Microsoft Azure Storage

Name: Enter a descriptive name for the cloud storage.

Credentials: Select existing credentials or create new credentials.

Region: Select the region for the cloud storage.

Container: Enter the name of the container. For example, enter bucket_name.

Click Save.

Click Next.
The Plan page of the configuration wizard appears.

Plan

A plan specifies the storage to back up the data to and other settings such as recovery point objective (RPO) settings.

Select an existing plan or create a new plan.
Steps to create a plan
1. Click the add button .
  The Add plan dialog box appears.
2. In the Plan name box, enter a descriptive name for the plan.
3. For the plan settings, select pre-defined settings or create custom settings:
  - To select pre-defined settings, under Retention rules, select one if the following:
    Select Standard retention to retain the incremental backups for 1 month.
    Select Extended retention for optimized storage where the incremental backups of primary and secondary copies are retained for 1 month, and extended retention for monthly and yearly full backups.
    Note: The Extended retention option is available only when the secondary copy backup is selected.
  - To create custom settings, select Custom plan, and then specify the following:
    For Retention, specify the amount of time to retain the primary copy.
    For Retention (secondary copy), specify the amount of time to retain the secondary copy.
    For Backups run every, specify how often to run backups.
4. Click Done.
Click Next.
The Add Object Storage page of the configuration wizard appears.

Add Object Storage

If you do not already have a registered Azure app that you can use for the hypervisor, register a new Azure app.

Steps to register an Azure app on the public Azure portal

Log on to the public Azure portal with service administrator credentials.
From the All services menu, select the App registrations tab, and then click New registration.
In Name, enter a name for the application in Azure Active Directory.
From Account type, select the accounts to include.
To specify a redirect URI, in Redirect URI, enter https://app_name.
For example, if you named the app "MyWebApp", enter https://MyWebApp.
Click Register.
The application is listed on the App Registration tab.
Record the application ID.
Go to the API permissions blade.
Add the required API permissions:
1. Click Add a permission.
2. Select the Microsoft API: Azure Service Management.
3. Select the option to provide delegated permissions to Access Azure Service Management as organization users.
4. Click Add permissions.
  Note: Admin consent is not required.
Go to the Certificates & secrets blade.
Click on New client secret, and then enter the key description and expiration date.
Click Save.
A unique secret key is generated for the application.
Record the key value.
Important: The key value will be your application password. After you leave the Certificate & secrets tab/blade, you can't retrieve the key value.
From the All services menu, click the Subscriptions tab, and then select the subscription ID that the virtualization client needs to be created for.
To define a custom role instead of using the predefined Contributor role, do the following:
Define a custom role to specify more limited permissions that can be used for backup and restore operations, either for a specific resource group or for the entire subscription. For more information about custom roles, see Azure custom roles in the Microsoft documentation.
1. Download the CVBackupRole.json file, which contains the minimum permissions needed for Azure virtual machine backup and restore operations.
2. In the JSON file, modify the following entry and change #SubscriptionID# to your subscription ID:
  "AssignableScopes" : ["/subscriptions/#SubscriptionID#"]
On the Access Control (IAM) tab, click Add, and then select Add role assignment.
The Add role assignment pane appears.
From the Role list, select either the Contributor role or the custom role that you created.
From the Assign access to list, select User, group, or service principal.
In the Select box, enter the application name, and then select the application that you created in the preceding step.
Click Save.
If you plan to use a Linux backup gateway, add another role assignment, and select Storage Blob Data Contributor as the role.
To obtain the tenant ID from the public Azure cloud, select Azure Active Directory > Properties > Directory ID.
The directory ID is also the tenant ID.

In Name, enter a a descriptive name for the object storage client.
In Endpoint URL, enter the service account URL.
For Authentication, select the authentication type that you want to use.
Note: For IAM AD application authentication type, ensure that the IAM AD application is configured with the Storage Blob Data Owner and Reader roles. To configure restricted access, use the custom role defined in MetallicAzureBlobBackupRole.json.

For Credentials, select existing credentials or create new credentials.

Steps to create credentials

Click the add button .
The Add credential dialog box appears.
In Credential name, enter a descriptive name for the credentials.

Enter values for the authentication method that you are using:

Authentication method	Values to enter
IAM AD application	In Tenant ID, enter the tenant ID for the account. In Application ID, enter the application ID for the tenant. In Application secret, enter the secret key value that is generated for the application.
Access key and account name	In Account name, enter an account name. In Access key ID, enter the access key ID.

Authentication method

Values to enter

IAM AD application

In Tenant ID, enter the tenant ID for the account.

In Application ID, enter the application ID for the tenant.

In Application secret, enter the secret key value that is generated for the application.

Access key and account name

In Account name, enter an account name.

In Access key ID, enter the access key ID.

In Description, enter a description of the credentials.
Click Save.

Click Next.
The Backup Content page of the configuration wizard appears.

Backup Content

You can add content by browsing, by selecting all the content, and by entering a custom path.

To select all content, click Add, and then select Select All.
To browse for content, do the following:
1. Click Add, and then select Browse.
  The Add content dialog box appears.
2. Select the content.
3. Click Save.
To enter a custom path, do the following:
1. Click Add, and then select Custom Path.
2. In Enter custom path, enter the custom path for the content.
  For example, you can enter /bucket_name.
To exclude some of the content you selected, move the Specify exclusion toggle key to the right, and then add the exclusion.
To include some of the content that you excluded, move the Specify inclusion toggle key to the right, and then add the inclusion.
Click Next.
The Summary page of the configuration wizard appears.

Summary

Review the summary.
Click Finish.