Home / Nerdio Academy / Nerdio / Nerdio Fundamentals: Backup, Restoration and Data Protection

Nerdio Fundamentals: Backup, Restoration and Data Protection

0 commentsJune 24, 2019Videos

Joseph Landes:
In this session we are going to talk about how backup, restoration, and data protection work in Nerdio for Azure. We’ll cover topics such as shadow copy and how to restore, recovery services, file recovery from Azure backup, how to revert a desktop and a profile, and we’ll touch on Azure site recovery. Enjoy the session.

Vadim Vladimirskiy
Today’s topic is going to be back up, restoration, and data protection inside of Azure and the Nerdio admin portal. The first thing is I wanted to do an overview of what kinds of things you can do in Nerdio to back up and recover data. Let’s log into 5009, the one we’ve been using for all of our demos here. If we go under backup and DR and we’d go on there in region backup, we’ll see that this backup is already going to be enabled. If you’ll recall, in the previous session, we looked in the back end to see what happens when you turn to button to enable the backup. It creates a backup vault in the Azure portal, calls it … Lets actually look for it. if we go to services, vaults, here’s a recovery services vault. There is our Nerdio backup vault. That’s what gets created.

Vadim Vladimirskiy
Back up gets placed on standard storage. The way it’s paid for is on the per gigabyte of consumption and the operations. You also pay for operations with standard storage. Then Nerdio goes ahead and creates retention policies and schedules inside of this backup vault. If we go here and we look at our backup policies, we’ll see that there’s a backup policy for 5009 and that policy by default is going to run once a day, and is going to retain the data for 30 days, and the schedule is by default going to be a 1:00 AM daily. Okay? This is a new field, you see it’s not set right now. It actually used to be something that wasn’t there, which caused us to create a feature in NAP that I’ll show you just now, but the time zone obviously makes a difference as to when this backup actually runs.

Vadim Vladimirskiy
Once the backup folders created, the retention policy is created, the schedule is created, the system goes through and adds all of the VMs that are in the environment into the backup by default. The default behavior is every VM is going to be backed up on that default schedule at that particular retention, which is 30 days. If somebody wants to make changes, they can easily go into Azure, click on that policy, add additional retentions yearly, monthly, weekly, number of days or number of snapshots, and also change the frequency at which it runs, so really easy to make changes right now. Not in the NAP, but it is something that’s coming in the future version of backups.

Vadim Vladimirskiy
Once the backup is configured, again, all the VMs are added. The green indicates backup is enabled. At the time when you first enable it the last backup status is going to be empty here and the last restore point is going to be empty as well. Then the next time the backup runs, you’re going to see this change to the complete or error if it didn’t work and then the restore point will show you what relay this backup is.

Vadim Vladimirskiy
The actions that you can take with particular VMs. Obviously, there is a restore button that allows you to select from 30 days or up to 30 days worth of backups. You select your snapshot. You can see it’s taking about five minutes or so to do that backup. Then you check this box. What this will do is it will recover the disc out of the backup vault into a storage account. It will then delete the current VM, so it will shut it down, delete it, and then it’s going to recreate that VM with all the same parameters using the newly recovered disc. This is a destructive operation in the sense that it will override the existing VM with a new VM off of that backup snapshots. Okay? That’s what the restore button does for you.

Vadim Vladimirskiy
The other thing you can do is trigger a backup to run right now, so if I wanted to back up VC01, I can go ahead and do that. If I wanted to remove a certain VM from backup, like here we went had and we removed these VMs from backup manually. When you click on remove from backup, you have an option to either delete all previous backups that are associated with this VM or keep them in the vault. So if you leave this box checked, it’s going to remove it from future backups and it will also delete all the previous versions, even the ones from yesterday and the day before. If you leave this unchecked and you click confirm, it will remove the VM from future backups, so it will have the red backup not enabled icon to the left of it, but the backup snapshots are going to stay and then eventually they’re going to roll off based on the retention. Again, the default retention is 30 days, so after 30 days those will be gone as well.

Vadim Vladimirskiy
Okay, so really clean and simple. Restore, backup now, remove from backup. Once a VM is removed from backup, you can go ahead and reenable it to be backed up. Let’s go ahead and do that. Then while we’re making these changes, if we go to the back end and look at, so here we have our backup jobs. The backup jobs will show you what actually happened in the past. You can see we just triggered the backup of VCO1. It’s currently running. It’s going to take about five or six minutes and then it’s going to go into completed status.

Vadim Vladimirskiy
If a backup fails, you’re going to see an error in the last backup state. You also have a notification that can be configured under settings notifications where you can alert for backup operations. So when I made this change, then the admin users on this account will get notification for every action I just took. If I enabled disabled backup or launched a new backup, it’s going to notify people. But also if a backup fails, there will be an email notification that will go to the partner admins, account admins, and also to any additional email addresses that are specified in this field. Okay?

Vadim Vladimirskiy
A common question is can I restore a specific file from the backup without restoring the entire server? The answer is yes, you can. However, using the backup and restore module in Nerdio is not the way to do it and also going to Azure backup is also not the most common way of doing it. What do I mean by that? Every VM, every desktop and server that Nerdio configures, has VSS, volume shadow copies enabled on it.

Vadim Vladimirskiy
I’m going to go ahead and log in as Andy. Okay. For restoration of individual files, the first place to go is to use the previous versions and the shadow copies that are running by default on all of the VM. If somebody says, “Hey, I just need to recover a file, I don’t want to recover the whole server,” then that’s the place to send them. Now sometimes those are not available either because the disc ran out of space and they got deleted or maybe the machine is corrupted in some way and you can’t really log into it completely, but still you don’t want to uninstall, you don’t want to recover the whole thing. That is something that comes up occasionally. The answer to restoring individual files from Azure backup is that it is possible, again, very uncommon that you do it that way, but if you wanted to restore something, let me show you how that looks.

Vadim Vladimirskiy
You would go into a protected item. Here’s backup items. We click on virtual machines. We find our, let’s say FSO1. Okay? Then we find our backup, so let’s say last night’s back up. Click on that. Then there are two options. There is a restore VM, which is the equivalent of what we would do in the NAP when you click the restore button and there is also file recovery options.

Vadim Vladimirskiy
If we go to file recovery. Then we have to go through this three step process. The first thing is selecting the recovery point. We already did that. Second one is downloading a script that is going to actually connect us to those files. Let’s click on download executable. It’s going to generate a random password and then place a little executable in my downloads. It’s still doing it, so give it a minute. Okay.

Vadim Vladimirskiy
While that’s going, let’s go back into the login that we just went through and when we right click on the folder and go to properties, we should have a previous versions tab. Now, we noticed that on some deployments of session hosts and VDI desktop, that option is disabled, so we have a registry change that actually has already been applied to the default registry or to the template, but it is something that I want to show you. Let’s see, I think it’s software, Microsoft Windows, current version, explorer, and then there is this thing. See, there’s a DWord here that says no previous version page and it’s set to one. We’re going to send that to zero and now we right click. We now have restore previous versions and there’s that new tab that was added. It’s really easy fix for anyone who’s missing that tab is going to be default now on every new desktop deployment.

Vadim Vladimirskiy
But there it is. You all know how to use this, you select your version, you never want to click the restore button. I think that’s dangerous. What you want to do is click the open button that will open the file from that version. You can see the date stamp at the top and then you can copy things in and out as needed. That’s the first go-to place for any file level restores.

Vadim Vladimirskiy
The second go-to place is what we just did, right? Here’s my executable that’s been downloaded. Here’s my password. Click that to copy to clipboard. I’m going to run this executable, it’s going to run some powershell, and it’s going to use the I-scuzzy connector to actually mount a volume on my laptop here that I’m connecting from, to Azure, to a particular VHD. Well, and sometimes it doesn’t work, which is one of the reasons we don’t always use it. Let’s see. I’m not sure why then for it, so I’m not going to troubleshoot it now. But the concept is you click down on the executable, you click on that, it runs powershell, it asks you for the password. You type in the password. You then go into your computer and you will have a new drive that’s going to be mapped under this PC. Okay? You’ll have a new drive right here. You double click on the drive, it’s going to connect you to those files, and then you can copy them out. It’s read only, so you can’t copy anything in, but you can take copies of those files.

Vadim Vladimirskiy
Then when you’re done, you’re actually going to click unmount discs, so that’s something you should do, otherwise I think it automatically amounts them in in 12 hours. Once you unmount it, it will disappear from your computer because remember your mounting an I-scuzzy target across the Internet to Azure using this three step process.

Vadim Vladimirskiy
All right, let’s talk about a couple of other things. We looked at file backup and recovery from Azure and volume shadow copies. The next thing to talk about is the revert desktop and revert profile. Reverting profile is basically a function of the NAP that currently is going ahead and enumerating all of the available shadow copies on the VM that stores the profile. That depends, right? For example if we have a user that’s assigned to a specific RDS session host, then that user is using native profiles, which means that all of their data is stored on the C drive under C:users of that particular VM. This is now showing me all the different versions of that volume that’s available on that server. You can see it’s 7:00 AM and 12:00 PM.

Vadim Vladimirskiy
I can select the version that I want. I can check the box and click confirm. This is going to back up the current version of the profile. First, it’s going to knock the user off the system. It’s going to save the current version of the profile as a dot archive with a date. It will then mount the volume shadow copy snapshot from the date I’ve selected. It’s going to copy those folders out of that snapshot into the C:users folder. It’s going to resettled unnecessary permissions and ownership and it will then complete, which means the user can now log in, and they will be using a profile from a previous version. Something that requires quite a few steps with lots of places to mess up when you’re doing it manually is something that we’ve automated to make it really easy.

Vadim Vladimirskiy
Now if you don’t have shadow copies then there’s going to be nothing in this list. If you have very few shadow copies, you have very few things in this list. It’s not shadow copies on the profiles themselves, it’s shadow copies on the volume that stores the profiles, which in the case of an RDSH01 type of a user means that it’s on the C drive of this VM.

Vadim Vladimirskiy
When we’re using collections, you will recall that the way profiles are managed are through user profile discs, UPDs, which are stored as VHD virtual disks, and those are stored on FSO1, not on the C drive of each individual session host. When I go ahead and I click revert profile for a user that’s assigned to a collection, it’s going to go on FSO1 and give you a list of all of the snapshots available on the volume where those UPDs are. Then when you recover it, what it’s actually doing instead of writing into C:users, it’s obviously just restoring the VHD file from that version, replacing the current one that’s there, and when the user logs in, the new one gets mounted and that becomes their profile. Again, really convenient for recovering profile specifically, that’s still leverage VSS. If VSS is not working, not running, has been tampered with and it’s not available, then this function does not work. It’s dependent on VSS. Okay?

Vadim Vladimirskiy
For VDI users, which doesn’t look like I have any in this case, but for VDI users there is an additional option here called the revert desktop and the revert desktop option is going to delete the current desktop that’s assigned to that user and is going to create a brand new one for them that’s based on the golden image WS00. WS00 as you recall is under the servers module. You come in here can power it on and make changes. This is the golden image that all VDI users are created from, so when you do revert desktop, it deletes that VM that’s currently assigned and recreates it from this template. The implications are that anything outside of the documents, desktop, and favorites folders, which are the ones that are redirected by default to FSL1 for every user, everything else gets erased.

Vadim Vladimirskiy
Any software that was installed that’s not an on the golden, any customizations that were done as part of the profile that are outside of desktop and documents, all of that is going to be gone, which sometimes that’s what you want, you want to start fresh, but everything in documents and desktop is going to be retained. Okay? Revert profile recovers a profile from a VSS snapshot. Revert desktop recreates the desktop fresh from the golden image.

Vadim Vladimirskiy
Okay. Then the final topic that I want to talk about is DR. Let’s just remind yourself of a few concepts around DR. Again, DR means ASR and DR is a use case that leverage is the ASR tool to do something very specific. Whereas back up, you’ll recall when you enable backup, we get to specify what type of storage you’re using for the backup. It could either be LRS, local redundant storage, which means it’s in the same region as the source VMs, or it could be GRS, geo redundant storage, which means it’s going to be both local and in a paired region, which you don’t really get to select. It’s whatever Microsoft has determined is the pair for that particular particular environment. Excuse me.

Vadim Vladimirskiy
The backup thing runs on a schedule, it’s not continuous, and it’s backing up within the same region as the VM. If you look at the backup recovery vault, you will see that the backup recovery vault is in the same region as the VMs. If it’s not in the same region as the VMs, you will actually not be able to select it as a destination for your backup. So if you had some requirement of having VMs in a particular location, even if there is an Azure region there, you couldn’t use the backup functionality to put a backup of that VM in that other region. Okay?

Vadim Vladimirskiy
This is where DR comes in or this is where ASR, Azure site recovery, comes in. Azure site recovery uses replication rather than scheduled backups. It is designed to be used as either a migration tool to kind of move the bits for a particular VM from one location to another, it could be from on-prem into Azure, so it’s often used for migration purposes. It could also be used for DR from an Azure deployment, let’s say in the south central region, to another region, let’s say in the east or west of the US or maybe another continent. Okay?

Vadim Vladimirskiy
The way that that works, let me just pull up Azure site recovery pricing. With backup, you recall there is a licensed feed, something like five or $10 for every 50 gigabytes and then there is a storage fee. For Azure site recovery, so there are two types of licenses. There could be Azure site recovery to a customer on-site, meaning I have an Azure deployment and I want to replicate my data to a data center that I own. Then for the first 31 days it’s free and then after that it’s $16 per instance, meaning per VM that you’re projecting, regardless of how much storage is on it, because storage is charged separately. Okay? But the more common scenario is Azure to Azure or on-prem to Azure. The destination that we typically deal with is when people are going to Azure, whether they’re coming from another Azure region because they want to have the environment redundant in a hot site and another location, or because they’re migrating from on-prem into Azure.

Vadim Vladimirskiy
The reason it’s free for the first 31 days is because if you’re leveraging ASR for migration, if you pulling in VMs from on-prem into Azure, they don’t want to charge you for it because once you’re an Azure, you’re going to stay in Azure. But then once you go after 31 days, that means you are using it for DR purposes, in which case you’re charged $25 per month per instance, plus any associated storage that you’re consuming in the destination region. There’s a license fee per instance and then there is a storage fee that basically is the same as the storage fee for your source environment.

Vadim Vladimirskiy
Let’s say you have a VM that’s a file server, it has an OS disc of P10 and a data disc of P20. P10 is $19 a month and P20 is let’s say whatever, $80 a month. When you’re using ASR, you’re going to pay $25 for the VM itself or the license and then you’re going to pay the same amount if you’re using the same kinds of this x in the DR location as you do in the source location. Storage you always pay for and the licensee always pay for. Now, if you power on that VM, right? Normally those VMs in the destination region are turned off, so you’re not paying for compute consumption, but if you turn it on for something like a DR test to fail over, then you’re also paying to compute. So always for storage and compute as needed.

Videos in the series