5 0 0:Backup to Azure Storage
Overview
SEP sesam v. 5.0.0 Jaglion has introduced a new generation Si3 data store. It enables you to back up your data directly to Azure Blob storage and restore the items you want directly from there. After an initial full backup of your virtual and physical environment, you can use any backup level (including differential and incremental backups) to back up only new data to Blob storage.
Powerful restore
The new Si3 can detect duplicate data fragments to streamline the restore process. Use the Web Restore Assistant or GUI Restore Wizard to instantly restore your data from backups. Restoring a single file is easy as you can use the search function to find the desired backup and start the restore process to the original or another location.
Si3 uses Azure Blob storage in the same way as local storage, allowing you to use your Azure Blob storage to securely store and retrieve your business data anytime, anywhere.
Multiple media pools
Si3 lets you create multiple media pools to provide scalability and granularity of backup jobs. You can create separate media pools, e.g., for daily differential and incremental and weekly full backup jobs, or for migration and replication, and you can set a different retention time for each media pool.
Warning | |
In Azure, read access carries higher costs. Tasks such as housekeeping, consistency checks, and restores will incur higher expenses. Consider this when planning your operations. |
Configuration of Si3 Azure Blob store
SEP sesam enables you to back up your data directly to Azure using Si3 deduplication store. This procedure contains only the basic steps. For details on Azure Blob storage, the account and configuration, see the Microsoft article Storage account overview.
- Create a Microsoft Azure storage account
- Create a container
- View and copy Azure storage account access keys
- Create a new backup user on the SEP sesam Server
- Configure Si3 deduplication store
- Configure media pools
- Configure backups
Create a Microsoft Azure storage account
You will need an active Microsoft Azure account for the following procedure. Log in to your account in the Azure portal.
- Search for and click the Storage accounts option.
- Select Create to add an account.
- Select the subscription for this account.
- Create or select an existing Resource Group where you want to create this storage account. The resource group is used to organize and manage all your resources.
- Enter a unique name for your new storage account.
- Select a location for the storage account. This is the location for your server based on your geographical location.
- Leave the Performance type default option Standard selected.
- For Account kind select StorageV2 (general-purpose v2) or BlobStorage, depending on your needs.
- Select the replication level. The default Locally Redundant Storage (LRS) is more affordable than Geo-redundant storage (GRS), which is appropriate for storing business-critical data that has to be accessible at all times. This choice can significantly increase the overall cost of your account.
- Select the Access tier for SEP sesam backup. It is recommended to leave the default setting Hot.
- Use the Advanced tab to configure or modify additional options for your account, the Networking tab to configure network connectivity and routing settings, and the Data protection tab to configure data protection options for blob data in your storage account. Also available are the Encryption and Tags tab. Most of these options can be configured later once the storage account has been created.
- Now navigate to the Review + Create tab to review the settings. When satisfied, click Create.
For a more detailed overview of each step, see the Microsoft article Create a storage account.
Create a container
In the Azure portal, create or associate a container with your storage account. For details, see the Microsoft article Create a container.
- Follow the naming convention and choose a meaningful name for the container.
- Choose the level of public access to the container. It is recommended to leave the default level Private (no anonymous access).
- Create containers to be used exclusively with SEP sesam. It is not recommended to use one container for multiple cloud storage devices.
View and copy Azure storage account access keys
Azure automatically generates two storage account access keys (primary and secondary) for the account you create. These keys are used to authorize access to data. These login account details are required for creating an Si3 data store for Azure.
- In the Azure portal, navigate to the Access keys item under Settings.
- Copy the Storage account name and one of the two access keys. You will need these along with the container name in the next step.
Create a new backup user on the SEP sesam Server
- Create the user with the Azure storage account name and credentials on the backup server.
- Log in as an Administrator with the user type superuser and add the newly created user to the Administrators group. For details, see Configuring Database-Based Authentication.
Note | |
The Azure credentials are stored encrypted in the ini file. |
Configure the Si3 deduplication store
- In the Main selection -> Components, click Data Stores to display the data store contents frame.
- From the Data Stores menu, select New Data Store. A New Data Store dialog appears.
- Under Data store properties, enter a meaningful name for the Si3 deduplication store in the Name field, e.g., Si3-Azure. Entering the name also creates the name of the drive group for your Si3 deduplication store in the Create new drive group field.
- From the Store type drop-down list, select SEP Si3 NG Deduplication Store.
- Under Drive parameter, leave the options Create drive and Create second drive checked. The predefined value for the drive is automatically entered in the Drive number field. By using the additional dedicated drive for restore, you can perform a backup on the first drive and restore your data from the second drive simultaneously. You can also add a third drive for migration.
- The name in Create new drive group is already created. You can change it by simply entering a new name.
- The predefined number of channels is already available in the Max. channels drop-down list. The number of available channels depends on your SEP sesam Server package. For details on licensing, see Licensing.
- From the Device server drop-down list, select the device server for your data store.
- In the Path field, enter the location or use the Browse button to select a directory on the local disk (as for local storage). This directory is only used to store metadata and temporary files for intermediate storage until the data is uploaded to Azure Blob storage. Ensure that there is sufficient disk-space available for this local storage, e.g., for 50 TiB in Azure or more, make sure it has 20 GiB free space.
Click OK.
If you use the Browse button, the New Data Store information window appears with predefined recommended values for the size of your Si3 NG deduplication store, based on the size of the previously selected local disk (Path).
Important: Change these values manually under the Size properties, depending on how much storage space you want to use on Azure.- Capacity: Set the size (in GiB) of storage for backups. The minimum accepted capacity is 5 GiB.
- High watermark: The HWM defines the upper value for the used storage space. When this value is reached, the status of a datastore changes from OK to Warning, but backups are still performed. Make sure that you provide enough storage space for your backed up data.
Click OK. You can also change the size of your Si3 deduplication store later under Size properties (see Size properties).
Warning Since Azure Blob storage offers unlimited scalability and there is no official limit on the amount of data and number of objects you can store, you should set the capacity of Si3 on Azure according to your needs. Knowing how much capacity you need will help you optimize the cost of your cloud services. - Switch to the Storage Backend tab and select Storage type: Microsoft Azure Storage or compatible. Then click New to create a new credential set for Azure. You will need to enter your previously configured credentials, see section View and copy Azure storage account access keys above.
- Storage domain: enter the name of your Blob storage for your storage account; the default endpoint is https://<mystorageaccount>.blob.core.windows.net. If you have mapped a custom domain to the blob endpoint, enter your custom domain.
- If you check the Use HTTP checkbox, HTTP will be allowed to be used. This can be useful if there are problems with the SSL/TLS certificate and HTTPS does not work. However, it is not recommended to use this option if you are working with confidential data.
- Credential set: give your credential set a name.
- In the Account name field, type the Microsoft Azure storage account name.
- In the Access key field, type the Microsoft Azure storage account access key. You can enter either the primary or secondary access key.
- In the Verify access key field, type the Microsoft Azure storage account access key again.
- In the Blob container field, enter the name of your blob container.
- If you want to create a media pool for your Si3 deduplication store immediately, click Create Media Pool. Otherwise, click OK to configure your Si3 deduplication store.
Configuring media pools for Si3
- From Main Selection -> Media Pools, click New Media Pool. The New Media Pool window is displayed.
- In the Media Pool window, specify the required fields:
- Name: Enter a name for a media pool.
- Description: Optionally, add a description of the pool.
- Drive group: From the drop-down list of all available drive groups, select the relevant drive group to which a media pool will be attached. For details on drive groups, see Drives.
- Retention time [days]: Specify the retention time for the media pool. The retention period begins with the date a saveset is written to the media (at the end time of the first backup) and thus defines the expiry date of the saveset - EOL. When the protection (EOL) expires, SEP sesam can use the media for backups again. For details, see Automatic Retention (EOL) Management.
You can repeat the procedure and create more media pools for Si3 according to your needs.
Configure backup
After configuring an Si3 Azure deduplication store and one or more media pools, proceed as follows:
- Create a backup task to back up to Azure.
- Configure a schedule as described in Creating a Schedule.
Once you have configured a task and schedule, create a backup event as follows.
Create a backup event
By creating a backup event, you select the backup level, set the event priority, and specify where to back up your data. You can create an event for a specific task or for a task group. The latter enables you to trigger all tasks in the task group with a single event.
- From Main Selection -> Scheduling -> Schedules, right-click the schedule you created earlier and click New Backup Event.
- Under the Sequence control, set the Priority of your backup event. SEPuler always executes the schedules with the highest priority first. The default priority level is 1, which is the lowest priority (the highest priority is 99). The only exception are schedules with priority 0, which override all other priorities and are always executed. For details, see Event priority. You can also enable the Blocking date. This option should be used together with high priority for special events. When this option is enabled, events of the same type but with a lower priority are blocked. For details, see Blocking Events.
- Under Object, select the task (or task group) you configured earlier and with which you want to link this event.
- Under Parameter, specify the Backup level.
- From the Media pool drop-down list, select the media pool you created for the Si3 deduplication store. The data is backed up to this pool. You can also activate the option SEP Si3 source-side deduplication, as described in Si3 source deduplication.
- Optionally, specify the drive number of the drive to be used to write the data. Typically, you use this option if you have configured additional drives and want to assign a specific drive exclusively for backup.
- In the Follow up field, you can configure events (e.g., migration) that are triggered on the SEP sesam Server as soon as the first event (e.g., backup) is completed. For details, see Follow-up events.
Tip | |
You can set a follow-up migration task by selecting the previously configured migration task from the Migration task drop-down list. |
Monitoring backups
You can view the status of your backup jobs in the GUI (Monitoring -> Last Backup State or Job State -> Backups) or SEP sesam Web UI. The backup status overview provides detailed information about the last run of backup jobs, including the task name, start and stop time of the last backup, backup level, data size, throughput, assigned media pool, etc.
Purging data on Azure storage
Data purging is the process of permanently deleting obsolete (EOL-free) savesets from data stores. It works in the same way in the Azure cloud. Purge is automatically triggered and performed until all EOL-free savesets are deleted.
Automatically purging data
Strategies for data purging are based on the nature of your business, as well as regulatory, legal and other requirements, and implemented with a defined data retention period. This is the period of time for which backup data is protected after it is written to the media, so that savesets are preserved and available for restore. It is based on the media pool retention time you set when you created a media pool. SEP sesam provides automatic EOL (retention) management to ensure recoverability of the entire backup chain and protect against data loss, based on backup chain dependencies. For more details, see What are backup chain dependencies.
When protection (EOL) expires, purging is done automatically and SEP sesam can use the media for backups again. For more details, see What happens when retention expires.
Events that trigger the data store purge are:
- NEWDAY
- Manual start of the purge in the GUI
Manually purging data
- You can manually adjust the EOL of your data or delete a saveset or backup. For details, see Changing Retention (EOL).
- You can start the data store purge process in the GUI: Main Selection window -> Components -> Data Stores content pane -> option Purge. Running the purge manually deletes the obsolete (EOL-free) savesets.
- Another way to free up storage space is to remove orphaned savesets from the data stores by using the Clean up option: Main Selection window -> Components -> Data Stores content pane -> option Clean up. This is useful if a data store appears to be inaccessible, its space is occupied, or SEP sesam space check shows non-sesam data.
See also
Configuring Si3 NG Deduplication Store – Encrypting Si3 NG Deduplication Store – Standard Backup Procedure – Restore Assistant – Standard Restore Procedure – Licensing