5 2 0:Azure VM Configuration

From SEPsesam
Other languages:


Welcome to the latest SEP sesam documentation version 5.2.0 Artemis. For previous documentation version(s), check documentation archive.


Virtualization Are you looking for an alternative for your VMware environment?

SEP supports a range of hypervisors, offering snapshot-based online backup of VMs.

Click HERE to get an overview of the available SEP modules and explore supported features like CBT, Single File Restore, and more.

Overview

Additional resources
Video Tutorials & Screencasts Visit SEP sesam YouTube Channel for latest videos and webinars.
FAQ Check FAQ to find the answers to most common questions.
Troubleshooting Guide Problems? See the Troubleshooting Guide.
Documentation archive If you are using an older SEP sesam version, refer to Documentation archive.


Using SEP sesam for Azure VM backups helps reduce operational complexity and cloud costs while ensuring robust data protection. It provides a consistent backup strategy for complex environments that involve diverse platforms and solutions.

SEP sesam provides reliable backup and restore capabilities for Azure Virtual Machines (VMs), flexible storage options using local or cloud-based storage, and offers advanced threat protection through Si3 deduplication store. By utilizing Azure snapshot technology to capture application-consistent snapshots of VM disks, SEP sesam creates point-in-time backups of VMs, including the operating system, system state, and all attached disks, without requiring downtime.

Additionally, SEP sesam’s monitoring and reporting capabilities provide valuable insights into backup status and overall system performance, enabling efficient backup management and troubleshooting.

Prerequisites

Configuring Azure VM environment for backup with SEP sesam

In Azure VM environments, Virtual Machines (VMs) are organized in a Resource Group under a Subscription. When the Azure VM environment is configured for backup with SEP sesam, the SEP sesam integration with Azure VM automatically creates a storage account and a blob container. When the backup is started, SEP sesam accesses the VMs to initiate the creation of snapshots that are temporarily stored in the Azure blob storage container. The snapshots are then backed up to the selected SEP sesam storage, either local or cloud-based. Once the backup is successfully completed, SEP sesam deletes the temporary snapshots from the blob storage to optimize storage efficiency and reduce costs.

To prepare and configure your Azure VM environment for backup with SEP sesam, you need to perform the following steps:

  1. Create Azure identity for SEP sesam.
  2. Register Azure subscription to use the Azure namespace.
  3. Enable access to Azure blob storage for SEP sesam.

Create Azure application identity for SEP sesam

To enable SEP sesam to access the Azure VM resources, you need to create the Service Principal identity. This is an application identity that allows automated task execution in Azure without the need to use a user's personal credentials.

  1. Start the Azure command-line (AZ CLI) and log in with the Administrator account. If you are not using the Global Administrator, make sure the user is at least a Privileged Role Administrator on subscription level. Note that if the user's permissions have been modified after login, you must log out and log in again in the Azure CLI.
  2. Create a new service principal and a role-based access control (RBAC) identity in Azure AD for SEP sesam with the following command: 
     az ad sp create-for-rbac --name <identity> --role Contributor  --scopes <resource scope>
    • The "Contributor" role allows managing resources in the specified scope, and does not allow managing access to the resources.
    • The <resource scope> defines your Azure subscription and the specific resource group in the format /subscriptions/<subscription ID>/resourceGroups/<resource group name>

    For example: 

     az ad sp create-for-rbac --name SEPsesamBackupServicePrincipal --role Contributor  --scopes /subscriptions/w31c0m3-70-7h3-r341-w0r1d/resourceGroups/SEPsesamAzureVM
  3. The output of this command includes credentials that must be saved securely for use in SEP sesam when adding the Azure VM as a client to the SEP sesam environment. Example output: 
     {
 "appId": "4m3r160-1497-73rr4n0v4-M4g3l14n",
 "displayName": "SEPsesamBackupServicePrincipal",
 "password": "M9-n4m3~15_n30",
 "tenant": "54n7aM4r14-12oct-1492-242-20m1506a54"
 }

Register Azure subscription to use the Azure namespace

By default, your Azure subscription is not registered to use the Azure namespaces and must be registered manually:

  1. Select the subscription you want to register with the following command: 
     az account set --subscription "<subscription ID>"

    For example: 

     az account set --subscription "w31c0m3-70-7h3-r341-w0r1d"
  2. Register your subscription to use the Microsoft.Compute namespace with the following command: 
    az provider register --namespace Microsoft.Compute --subscription "<subscription ID>"

    For example: 

    az provider register --namespace Microsoft.Compute --subscription "w31c0m3-70-7h3-r341-w0r1d"
  3. Register your subscription to use the Microsoft.Network namespace with the following command: 
    az provider register --namespace Microsoft.Network --subscription "<subscription ID>"

    For example: 

    az provider register --namespace Microsoft.Network --subscription "w31c0m3-70-7h3-r341-w0r1d"

You can check the status of the registration for a namespace with the following command: 

az provider show --namespace Microsoft.Compute --query "registrationState"
az provider show --namespace Microsoft.Network --query "registrationState"

If the subscription is successfully registered, the output for each command is "Registered".

Enable access to Azure blob storage for SEP sesam

To enable SEP sesam access to the Azure blob containers in a storage account, you need to assign the Storage Blob Data Contributor role to the SEP sesam service principal identity. For this, you must first obtain the service principal object ID.

  1. Use the following command to get the service principal object ID: 
    az ad sp list --display-name <identity>

    For example: 

    az ad sp list --display-name SEPsesamBackupServicePrincipal
    The object ID is listed in the output as "id", for example: "id": "h0w-y0u347-s0u9-1nm47r1x"
  2. Assign the role Storage Blob Data Contributor to the SEP sesam service principal identity with the following command: 
    az role assignment create --assignee-object-id <object ID> --role "Storage Blob Data Contributor" --scope <resource scope>

    For example: 

    az role assignment create --assignee-object-id h0w-y0u347-s0u9-1nm47r1x --role "Storage Blob Data Contributor" --scope /subscriptions/w31c0m3-70-7h3-r341-w0r1d/resourceGroups/SEPsesamAzureVM

What's next?

Azure VM Backup

External resources

Azure Command-Line Interface (CLI) documentation


See also

Azure VM BackupAzure VM RestoreVirtualization

Copyright © SEP GmbH (formerly SEP AG) 1999-2025. All rights reserved.
Any form of reproduction of the contents or parts of this manual is allowed only with the express written permission from SEP GmbH. When compiling and designing user documentation SEP GmbH uses great diligence and attempts to deliver accurate and correct information. However, SEP GmbH cannot issue a guarantee for the contents of this manual.
Retrieved from "https://wiki.sep.de/wiki/index.php?title=5_2_0:Azure_VM_Configuration&oldid=379813"