Merge pull request #102417 from dcurwin/offline-backup-jan-2020

Offline Backup documentation

Author: GitHubber17

articles/backup/backup-azure-about-mars.md

@@ -53,8 +53,7 @@ The MARS agent supports the following restore scenarios:
 ### Additional scenarios
 -	**Back up specific files and folders within Azure virtual machines**: The primary method for backing up Azure virtual machines (VMs) is to use an Azure Backup extension on the VM. The extension backs up the entire VM. If you want to back up specific files and folders within a VM, you can install the MARS agent in the Azure VMs. For more information, see [Architecture: Built-in Azure VM Backup](https://docs.microsoft.com/azure/backup/backup-architecture#architecture-built-in-azure-vm-backup).
 
--	**Offline seeding**: Initial full backups of data to Azure typically transfer large amounts of data and require more network bandwidth. Subsequent backups transfer only the delta, or incremental, amount of data. Azure Backup compresses the initial backups. Through the process of *offline seeding*, Azure Backup can use disks to upload the compressed initial backup data offline to Azure. For more information, see [Offline-backup workflow for DPM and Azure Backup Server](https://docs.microsoft.com/azure/backup/backup-azure-backup-server-import-export-).
-
+-	**Offline seeding**: Initial full backups of data to Azure typically transfer large amounts of data and require more network bandwidth. Subsequent backups transfer only the delta, or incremental, amount of data. Azure Backup compresses the initial backups. Through the process of *offline seeding*, Azure Backup can use disks to upload the compressed initial backup data offline to Azure. For more information, see [Azure Backup offline-backup using Azure Data Box](offline-backup-azure-data-box.md).
 
 ## Next steps
 [MARS agent support matrix](https://docs.microsoft.com/azure/backup/backup-support-matrix-mars-agent)

articles/backup/backup-azure-backup-import-export.md

@@ -69,6 +69,15 @@ This section describes the offline-backup workflow so that your data can be deli
 
     ![Import screen](./media/backup-azure-backup-import-export/offlinebackup_inputs.png)
 
+2. Select the option **Transfer using my own disks**.
+
+    >[!NOTE]
+    >We recommend using the Azure Data Box option to transfer initial backup data offline. This option saves the effort required to procure your own Azure-compatible disks by delivering Microsoft-proprietary, secure and tamper-proof Azure Data box devices to which backup data can be directly written to by the MARS Agent.
+
+3. Click **Next** and fill in the inputs carefully:
+
+    ![Enter your disk details](./media/backup-azure-backup-import-export/your-disk-details.png)
+
    The description of the inputs is as follows:
 
     * **Staging Location**: The temporary storage location to which the initial backup copy is written. Staging location might be on a network share or a local computer. If the copy computer and source computer are different, we recommended that you specify the full network path of the staging location.
@@ -79,15 +88,15 @@ This section describes the offline-backup workflow so that your data can be deli
 
    Provide the inputs on the screen and click **Next**. Save the provided *Staging location* and the *Azure Import Job Name*, as this information is required to prepare the disks.
 
-2. When prompted, sign into your Azure subscription. You must sign in so that Azure Backup can create the Azure Active Directory application, and provide the required permissions to access the Azure Import Service.
+4. When prompted, sign into your Azure subscription. You must sign in so that Azure Backup can create the Azure Active Directory application, and provide the required permissions to access the Azure Import Service.
 
-    ![Backup now](./media/backup-azure-backup-import-export/azurelogin.png)
+    ![Backup now](./media/backup-azure-backup-import-export/azure-login.png)
 
-3. Complete the workflow, and in the Azure Backup agent console click **Back Up Now**.
+5. Complete the workflow, and in the Azure Backup agent console click **Back Up Now**.
 
     ![Backup now](./media/backup-azure-backup-import-export/backupnow.png)
 
-4. In the Confirmation page of the wizard, click **Back Up**. The initial backup is written to the staging area as part of the setup.
+6. In the Confirmation page of the wizard, click **Back Up**. The initial backup is written to the staging area as part of the setup.
 
    ![Confirm that you're ready to Back up now](./media/backup-azure-backup-import-export/backupnow-confirmation.png)
 
@@ -200,4 +209,3 @@ Once the initial backup is complete, you can safely delete the data imported to
 ## Next steps
 
 * For any questions on the Azure Import/Export workflow, refer to [Use the Microsoft Azure Import/Export service to transfer data to Blob storage](../storage/common/storage-import-export-service.md).
-

articles/backup/backup-azure-backup-server-import-export-.md

@@ -3,7 +3,7 @@ title: Offline backup for DPM and Azure Backup Server
 description: Azure Backup enables you to send data off the network using the Azure Import/Export service. This article explains the offline backup workflow for DPM and Azure Backup Server (MABS).
 ms.reviewer: saurse
 ms.topic: conceptual
-ms.date: 05/08/2018
+ms.date: 1/28/2020
 ---
 # Offline-backup workflow for DPM and Azure Backup Server
 
@@ -50,14 +50,75 @@ Ensure that the following prerequisites are met before initiating the Offline Ba
     | United States | [Link](https://portal.azure.us#blade/Microsoft_Azure_ClassicResources/PublishingProfileBlade) |
     | China | [Link](https://portal.azure.cn/#blade/Microsoft_Azure_ClassicResources/PublishingProfileBlade) |
 
-* An Azure Storage account with *classic* deployment model has been created in the subscription from which you downloaded the publish settings file as shown below:
+* An Azure Storage account with *Resource Manager* deployment model has been created in the subscription from which you downloaded the publish settings file as shown below:
 
-  ![Creating a classic storage account](./media/backup-azure-backup-import-export/storageaccountclassiccreate.png)
+  ![Creating a storage account with Resource Manager development](./media/backup-azure-backup-import-export/storage-account-resource-manager.png)
 
 * A staging location, which might be a network share or any additional drive on the computer, internal or external, with enough disk space to hold your initial copy, is created. For example, if you are trying to back up a 500-GB file server, ensure that the staging area is at least 500 GB. (A smaller amount is used due to compression.)
 * With regards to disks that will be sent to Azure, ensure that only 2.5 inch SSD, or 2.5-inch or 3.5-inch SATA II/III internal hard drives are used. You can use hard drives up to 10 TB. Check the [Azure Import/Export service documentation](../storage/common/storage-import-export-requirements.md#supported-hardware) for the latest set of drives that the service supports.
 * The SATA drives have to be connected to a computer (referred to as a *copy computer*) from where the copy of backup data from the *staging location* to the SATA drives is done. Ensure that BitLocker is enabled on the *copy computer*
 
+## Prepare the Server for the Offline Backup process
+
+>[!NOTE]
+> If you cannot find the listed utilities such as *AzureOfflineBackupCertGen.exe* in your installation of the MARS agent, write to [email protected] to get access to them.
+
+* Open an elevated command prompt on the server and run the following command:
+
+    ```cmd
+    AzureOfflineBackupCertGen.exe CreateNewApplication SubscriptionId:<Subs ID>
+    ```
+
+    The tool will create an Azure Offline Backup AD Application if one does not exist.
+
+    If an Application already exists, this executable will ask you to manually upload the certificate to the application in the tenant. Follow the steps below in [this section](#manually-upload-offline-backup-certificate) to upload the certificate manually to the application.
+
+* The AzureOfflineBackup.exe tool will generate an OfflineApplicationParams.xml file.  Copy this file to the server with MABS or DPM.
+* Install the [latest MARS agent](https://aka.ms/azurebackup_agent) on the DPM/Azure Backup (MABS) server.
+* Register the server to Azure.
+* Run the following command:
+
+    ```cmd
+    AzureOfflineBackupCertGen.exe AddRegistryEntries SubscriptionId:<subscriptionid> xmlfilepath:<path of the OfflineApplicationParams.xml file>  storageaccountname:<storageaccountname configured with Azure Data Box>
+    ```
+
+* The command above will create the file `C:\Program Files\Microsoft Azure Recovery Services Agent\Scratch\MicrosoftBackupProvider\OfflineApplicationParams_<Storageaccountname>.xml`
+
+## Manually upload Offline Backup Certificate
+
+Follow the steps below to manually upload the Offline Backup certificate to a previously created Azure Active Directory application meant for Offline Backup.
+
+1. Sign in to the Azure portal.
+2. Go to **Azure Active Directory** > **App registrations**
+3. Navigate to the **Owned Applications** tab and locate an application with the display name format `AzureOfflineBackup _<Azure User Id` as shown below:
+
+    ![Locate application on Owned Applications tab](./media/backup-azure-backup-import-export/owned-applications.png)
+
+4. Click on the application. Under the **Manage** tab on the left pane, go to **Certificates & secrets**.
+5. Check for pre-existing certificates or public keys. If there are none, you can safely delete the application by clicking on the **Delete** button on the application's **Overview** page. Following this, you can retry the steps to [Prepare the Server for the Offline Backup](#prepare-the-server-for-the-offline-backup-process) process and skip the steps below. Otherwise, execute the following steps from the DPM / Azure Backup Server (MABS) server where you wish to configure Offline Backup.
+6. Open the **Manage computer certificate application** > **Personal** tab and look for the certificate with the name `CB_AzureADCertforOfflineSeeding_<ResourceId>`
+7. Select the certificate above, right-click on **All Tasks** and then **Export**, without private key, in the .cer format.
+8. Go to the Azure Offline Backup application in the Azure portal.
+9. Click on **Manage** > **Certificates & secrets** > **Upload certificate**, and upload the certificate exported in the previous step.
+
+    ![Upload the certificate](./media/backup-azure-backup-import-export/upload-certificate.png)
+10. On the server, open the registry by typing **regedit** in the run window.
+11. Go to the registry entry *Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Azure Backup\Config\CloudBackupProvider*.
+12. Right-click on **CloudBackupProvider** and add a new string value with the name `AzureADAppCertThumbprint_<Azure User Id>`
+
+    >[!NOTE]
+    > Note: To find the Azure User Id, perform one of the following steps:
+    >
+    >1. From the Azure connected PowerShell run the `Get-AzureRmADUser -UserPrincipalName “Account Holder’s email as appears in the portal”` command.
+    >2. Navigate to the registry path: `Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Azure Backup\DbgSettings\OnlineBackup; Name: CurrentUserId;`
+
+13. Right-click on the string added in the previous step and select **Modify**. In the value, provide the thumbprint of the certificate you exported in step 7 and click **OK**.
+14. To get the value of the thumbprint, double-click on the certificate, then select the **Details** tab and scroll down until you see the thumbprint field. Click on **Thumbprint** and copy the value.
+
+    ![Copy value from the thumbprint field](./media/backup-azure-backup-import-export/thumbprint-field.png)
+
+15. Continue to the [Workflow](#workflow) section to proceed with the Offline Backup process.
+
 ## Workflow
 
 The information in this section helps you complete the offline-backup workflow so that your data can be delivered to an Azure datacenter and uploaded to Azure Storage. If you have questions about the Import service or any aspect of the process, see the [Import service overview](../storage/common/storage-import-export-service.md) documentation referenced earlier.
@@ -98,7 +159,7 @@ The information in this section helps you complete the offline-backup workflow s
 
 The *AzureOfflineBackupDiskPrep* utility is used to prepare the SATA drives that are sent to the nearest Azure Datacenter. This utility is available in installation directory of the Recovery Services agent in the following path:
 
-    *\\Microsoft Azure Recovery Services Agent\\Utils\\*
+`*\\Microsoft Azure Recovery Services Agent\Utils\*`
 
 1. Go to the directory, and copy the **AzureOfflineBackupDiskPrep** directory to a copy computer on which the SATA drives to be prepared are connected. Ensure the following with regards to the copy computer:
 
@@ -212,4 +273,3 @@ At the time of the next scheduled backup, Azure Backup performs incremental back
 ## Next steps
 
 * For any questions on the Azure Import/Export workflow, refer to [Use the Microsoft Azure Import/Export service to transfer data to Blob storage](../storage/common/storage-import-export-service.md).
-

articles/backup/backup-azure-backup-sql.md

@@ -97,7 +97,7 @@ Before you begin, ensure that all the [prerequisites](backup-azure-dpm-introduct
 14. Click **Next** and select the appropriate option for transferring the initial backup copy to Azure. You can choose **Automatically over the network** or **Offline Backup**.
 
     * **Automatically over the network** transfers the backup data to Azure as per the schedule chosen for backup.
-    * How **Offline Backup** works is explained at [Offline Backup workflow in Azure Backup](backup-azure-backup-import-export.md).
+    * How **Offline Backup** works is explained at [Overview of Offline Backup](offline-backup-overview.md).
 
     Choose the relevant transfer mechanism to send the initial backup copy to Azure and click **Next**.
 15. Once you review the policy details in the **Summary** screen, click on the **Create group** button to complete the workflow. You can click the **Close** button and monitor the job progress in Monitoring workspace.

articles/backup/backup-azure-sql-mabs.md

@@ -95,7 +95,7 @@ Before you begin, ensure that you have [installed and prepared the Azure Backup
 14. Click **Next** and select the appropriate option for transferring the initial backup copy to Azure. You can choose **Automatically over the network** or **Offline Backup**.
 
     * **Automatically over the network** transfers the backup data to Azure as per the schedule chosen for backup.
-    * How **Offline Backup** works is explained at [Offline Backup workflow in Azure Backup](backup-azure-backup-import-export.md).
+    * How **Offline Backup** works is explained at [Overview of Offline Backup](offline-backup-overview.md).
 
     Choose the relevant transfer mechanism to send the initial backup copy to Azure and click **Next**.
 15. Once you review the policy details in the **Summary** screen, click on the **Create group** button to complete the workflow. You can click the **Close** button and monitor the job progress in Monitoring workspace.

articles/backup/backup-configure-vault.md

@@ -211,10 +211,10 @@ Create a policy as follows:
         -   Backups taken on Saturday on the last week of the month at midnight and 6:00 PM are kept for 12 months.
         -   Backups taken on a Saturday in the last week of March are kept for 10 years.
 
-    ![Retention example](./media/backup-configure-vault/retention-example.png)
+        ![Retention example](./media/backup-configure-vault/retention-example.png)
 
 
-11. In **Choose Initial Backup Type** decide if you want to take the initial backup over the network or use offline backup (for more information on offline backup refer, see this [article](backup-azure-backup-import-export.md)). To take the initial backup over the network, select **Automatically over the network** and click **Next**.
+11. In **Choose Initial Backup Type** decide if you want to take the initial backup over the network or use offline backup (for more information on offline backup refer, see this [article](offline-backup-azure-data-box.md)). To take the initial backup over the network, select **Automatically over the network** and click **Next**.
 
     ![initial Backup Type](./media/backup-azure-manage-mars/choose-initial-backup-type.png)
 
@@ -241,7 +241,7 @@ You can run an initial backup automatically over the network, or offline. Offlin
 5. At the datacenter, the disk data is copied to an Azure storage account.
 6. Azure Backup copies the data from the storage account to the vault, and incremental backups are scheduled.
 
-[Learn more](backup-azure-backup-import-export.md) about offline seeding.
+[Learn more](offline-backup-azure-data-box.md) about offline seeding.
 
 ### Enable network throttling
 

articles/backup/backup-mabs-system-state-and-bmr.md

@@ -135,7 +135,7 @@ Set up a protection group as described in [Deploy protection groups](https://doc
 
 12. On the **Specify Online Retention Policy** page, select how the recovery points that are created from the daily, weekly, monthly, and yearly backups are retained in Azure.
 
-13. On the **Choose Online Replication** page, select how the initial full replication of data occurs. You can replicate over the network or do an offline backup (offline seeding). Offline backup uses the Azure Import feature. For more information, see [Offline backup workflow in Azure Backup](backup-azure-backup-import-export.md).
+13. On the **Choose Online Replication** page, select how the initial full replication of data occurs. You can replicate over the network or do an offline backup (offline seeding). Offline backup uses the Azure Import feature. For more information, see [Offline backup workflow in Azure Backup](offline-backup-azure-data-box.md).
 
 14. On the  **Summary** page, review your settings. After you select **Create Group**, initial replication of the data occurs. When data replication finishes, on the **Status** page, the protection group status is **OK**. Backup then takes place per the protection group settings.