About a month ago, Microsoft announced the release of the latest version of Windows Server 2019. However, after GA (general availability), serious flaws were discovered, as in Windows October 10, 2018 Update (1809) - installing an update resulted in data loss (files from My Documents were brutally removed, so that they could not be restored from Windows.old). The manufacturer was forced to cancel the release before fixing the problem. And finally, on November 13, the repaired version saw the light .

Along with this, you should remember that Microsoft will soon complete support for SQL Server 2008 R2 and Windows Server 2008 R2.

Naturally, users have many questions about the transition to new systems:
Does Microsoft Azure move to the cloud? How to safely raise the functional level of the domain? Should I switch to Azure SQL? Maybe you need to virtualize Windows Server 2008 R2 or transfer to Azure? Do I need to migrate to the newest Hyper-V?
')
Migrating to a new platform is needed to ensure the availability of a system supported by a vendor for mission-critical applications running in the data center. Therefore, it is important that the migration take place without surprises. Veeam users are lucky - they have good ways to minimize the risks of such operations, so that, as they say, “measure 7 times, cut them off once”.

For details, welcome under cat.

Testing in the “network sandbox”

Best backup practices recommend checking backups for the possibility of recovery, in particular, with the help of the sandbox Veeam DataLab . She first saw the light in the release of Veeam Backup & Replication in 2010 (then it was called Virtual Lab) and has since been constantly updated and developed. Today, it becomes an excellent helper for testing new software before deployment - an autonomous sandbox allows you to test planned updates and changes to systems and applications without risking production, whether it is an upgrade to Windows Server 2019, a transition to a new version of SQL or other operations.

The device of such a “sandbox” is shown in the picture below:



For the work of the "sandbox" are involved:

• Application group (“group for application”) is one or more virtual machines that provide the work of the application you are interested in. For example, it could be a web server and a database server for SharePoint, or a domain controller and an Exchange server, etc.
• A proxy appliance is an auxiliary proxy machine that serves to isolate the DataLab sandbox from the production infrastructure. It allows you to create an IP address space in an isolated network without intersecting the production network using masquerade IP addresses.

Setting up such a “sandbox” is described in detail in the user documentation . Also in the near future a separate document is planned with an example of using DataLab just for testing upgrades on Windows Server 2019, on a new SQL Server, and also for migrating to Azure.

Recreation from backups to cloud

Another useful technology implemented in the Veeam solution is the ability to restore from backup to Microsoft Azure. Now it is built into Veeam Backup & Replication, which is very convenient. In addition, you can use this feature to test new systems and applications, the migration process, network connections, etc. - because you can raise the test infrastructure in the cloud Azure. If everything goes well, then repeat the same steps during the planned migration of production to Azure. Let us dwell on this feature in more detail.

Why about Azure?

Microsoft has announced that Extended Security Updates will be available for free in Azure for Windows server 2008 R2 for another 3 years after the end of support. Users can move their machines to Azure without changing the application code, and the sooner they do this, the more time they have to plan for future updates. You can read more here .
Note that using recovery from backup to the Azure cloud can transfer almost everything that Veeam can backup: Windows Servers, Linux machines, virtual machines on vSphere and Hyper-V platforms, and so on and so forth.

How it works?

For Windows machines, the process will go like this:

1. If you are using an Azure proxy, then Veeam Backup & Replication will enable it. Read more about this proxy here .
2. Veeam Backup & Replication converts drives from a backup machine into VHD format and uploads it to a blob storage in Microsoft Azure cloud.
3. These disks are then mounted to the Veeam backup server server.
4. The disks are being prepared for VM recovery: the rules for the Remote Desktop are activated, the rules for working through the firewall are configured, the ground is set for the installation of the Microsoft Azure agent, etc.
5. Veeam Backup & Replication unmounts the drives.
6. If an Azure proxy was used, it will automatically shut down.
7. Veeam Backup & Replication registers a Microsoft Azure VM with prepared disks. After that, the machine turns on, and a Microsoft Azure agent is placed on it.

Restoration of Linux-machines is similar - only disks are mounted on a helical appliance. See here for more details.

To restore there are a number of restrictions, namely:

• The following guest OS are supported:
  
  • Microsoft Windows Server 2008 / Windows Vista and above
  • Linux - according to https://docs.microsoft.com/en-us/azure/virtual-machines/virtual-machines-linux-endorsed-distros ).
• The size of one disk of the restored VM should not exceed 4095 GB.
• If the system disk of the source machine has a GPT partition structure, then the number of partitions can be no more than 4. During recovery, such a disk will be converted to a disk with an MBR partition structure.
• Azure Hybrid Use Benefit is not supported.

Important! Check that the time on the Veeam backup server is set correctly, otherwise there may be errors when trying to add Microsoft Azure accounting to the Veeam Backup & Replication infrastructure or when performing recovery.

Add a Microsoft Azure account to Veeam Backup & Replication

In order to perform recovery, it is necessary, in particular, to add a Microsoft Azure account to the Veeam Backup & Replication infrastructure. In this case, Veeam Backup & Replication saves in its database the subscriptions and resources associated with the account, and during recovery to the cloud it uses them to register a new VM in Microsoft Azure. There are 2 options for importing this data:

• work model using Resource Manager
• classic work model

The provider itself (Microsoft Azure) recommends deploying new machines in the cloud using the Resource Manager, so we will use it.

Before you add a Microsoft Azure account in the Veeam Backup console, you need to perform several preparatory steps:

1. Make sure you already have a Microsoft Azure account. The setup wizard can only add accounts, but not create.
2. [For those who have a Windows server OS] In Internet Explorer settings, you need to turn off Protected Mode, otherwise during the work with the Setup Wizard you will not be logged in to the cloud.
3. If it is not possible to disable Protected Mode, add the following to the list of allowed sites:
   
   • login.live.com
   • login.microsoftonline.com
   • secure.aadcdn.microsoftonline-p.com
   • auth.gfx.ms
   • about: security_veeam.backup.shell.exe
   
   You may also need to disable Internet Explorer Enhanced Security Configuration in Server Manager.
   
4. Check that the Veeam backup server is set to the correct time corresponding to the time zone in which the server is located.
5. On the machine where the Veeam Backup console is running, it is strongly recommended to install Microsoft Azure PowerShell 4.0.2. If you have a different version, there may be difficulties. If you don’t have any version of Microsoft Azure PowerShell at all, then Veeam Backup will offer to install it (see below).
6. You need to configure HTTP / HTTPS proxy for the Local System account or for the account under which the Veeam Backup Service is running. See more here .

Now we are going to add an Azure account. As agreed, we will use the model with the Resource Manager:

1. In the main menu of Veeam Backup & Replication, select Manage Azure Accounts .
2. In the Manage Microsoft Azure Account window, click Add to launch the wizard.
   
   
   
3. In the Deployment Model step, select the Azure Resource Manager option.
4. From the Region list, select the desired Microsoft Azure region: Global , Germany or China .
5. After clicking on Next Veeam Backup & Replication will check if there is Microsoft Azure PowerShell on this machine. If not, a warning will be issued with a link to the installation instructions. After installation, you will need to restart the Setup Wizard.
   
   
   
6. At the Subscription step, click the Configure account . You will need to login to the Microsoft Azure portal by entering an existing account. Veeam Backup & Replication will receive information about subscriptions and resources provided to the owner of this account.
   
   If you plan to restore Linux machines, then you need to check the Enable restore of Linux-based computers checkbox. In this case, Veeam Backup & Replication will deploy a helper appliance in the cloud, which is necessary for recovery.
   
   
   
7. Go through the steps of the Setup Wizard to the end and click Finish .

We prepare backups

The following types of backups are supported:

• Virtual machine backups (Microsoft Windows and Linux) created with Veeam Backup & Replication
• Backups of physical Windows machines created with Veeam Agent for Windows.
• Backups of physical Linux machines created with Veeam Agent for Linux.

Note: To restore a physical machine to Azure, you need to back up the whole of it or back up the volumes.

Note that you can restore the machine to the state as in the last restore point or as in any previous point in the backup chain. In this case, the chain should be stored in the repository included in the Veeam Backup infrastructure. You can also import existing backup.

Perform recovery

To do this, run the Restore to Azure Restore Wizard:

1. In the Home view, expand the Backups node in the tree on the left. Then in the right panel we expand the node of the backup we need, select the necessary machine there.
2. Clicking on it with the right button, select the Restore to Microsoft Azure command and go to the step of the Deployment Model wizard.
   
   
   
3. Specify which deployment model in Microsoft Azure we will use when restoring to the cloud. In our case, this will be the Azure Resource Manager.
   
   
   
4. In the Subscription step, we specify the following settings:
   
   • In the Subscription list, all the subscriptions available for the account that we added to Veeam Backup in the first stage will be shown. Choose a subscription, the resources of which we want to use.
   • From the list of Locations, select the region in which we want to place the restored machine. Make sure you have at least one storage system for this region.
   • If you want to speed up the recovery process to a remote region, we recommend using the Use Azure proxy VM by selecting Microsoft Azure proxy from the list. It is reasonable that the proxy is in the same region where you will be restoring the car.
     
   
   
   
5. In the VM size step, we specify the size of the machine and the account for the storage system where the disks of the restored machine will be placed.
   
   1. Select a machine from the Azure VM Configuration list and click Edit .
   2. From the Size list, select the size of the restored VM. (By default, the minimum sufficient will be selected for the number of disks in the VM).
      Note: Here you need to keep in mind that the size of the VM will depend on the number of CPU cores, memory resources and disk space that will be allocated to this VM. Read more document from Microsoft .
   3. From the list of Storage account, select the so-called. “Storage account” for the storage on which we want to store the disks of the restored VM. (Remember the selected VM size.) If you indicated that when you deploy a VM in the cloud, you will use Azure proxy, then only general-purpose accounts will appear in this list (accounts for Blob will not be shown). About different types of accounting is written here .
   
   
   
6. At the Resource Group step, you can specify a new name for the VM being restored (by default it will be the same as the name of the source machine). We click Name and specify a new name explicitly, or set a rule according to which it will be formed - by adding a prefix and / or postfix to the original one.
   
   By default, a new resource group will be created for the VM. If you want to add a VM to an existing group, you can also do this at this step. Select the VM from the list and click on the Group , specify the desired option:
   
   
   • Place VM into the existing resource group (place in existing group)
   • or Create a new resource group (create a new group)
   
   
   
7. In the Network step , we specify the network and subnet for connecting the restored VM.
   
   

In the final steps, we indicate the purpose for which we restore the VM, check the settings once again, click Finish and watch the progress of the recovery session to the cloud.

A detailed description of the recovery wizard for both deployment modes (including Classic mode) can be found here (in English).

Finally

If you are ready to share your practical experience of using the sandbox or restoring to Azure from Veeam backups, welcome to comments.

If you want to know more about this functionality, then you can help:

• Article on Habré about the sandbox as an autonomous test environment
• Basic scenarios for using Veeam Backup & Replication for VMware vSphere (in Russian)
• Basic scenarios for using Veeam Backup & Replication for Microsoft Hyper-V (in Russian)
• Webinar “Veeam DataLabs: from beginners to advanced users” (in Russian)
• Webinar “Restore in Microsoft Azure” (in Russian)