How to setup CPM on AWS to backup Azure virtual machines and disks.

How to setup CPM on AWS to backup Azure virtual machines and disks.

This article will show the configuration steps required to have CPM running on AWS backup and restore Azure virtual machines and disks.

Part I Add an App registration in Azure.

1. Open the Azure portal and go to Azure Active Directory, then click on App registrations.


2. Click New Registration.
3. In the Register an application screen enter a Name for the registration in this example CPM training.
Add the option for Supported account types and select Accounts in this Organizational directory only (default directory only -single tennant.
Click on Register.


4. The following items will need to be added to CM when you add the Azure account there so copy the following information to a text document for later use
Application (client) ID 
Directory (tennant) ID 


5. Open the CPM console and go to the Accounts page and select +New and select Azure Account.
Open the text file you copied the Directory (tenant) ID and Application (client) ID into copy the values into the CPM New Azure Account screen. 


6. In the Azure Portal screen go to Certificates and Secrets screen.


7. Click on + New Client secret
8. Add a meaningful description in the description field and set an expiration in the expires filed and click the Add button. 


9. Copy the value of the newly created secret by using the clipboard option (see screenshot below).


10. In the CPM Console, copy and paste the Client secret value into the Client Secret field and then the click Save button.  


11. CPM Accounts screen will now show the newly create Azure account and will indicate that under the column Cloud.


Part 2 Create a Custom Role and Add Permissions

12. In the Azure Portal go to Subscriptions, then go to Access Control (IAM)


13.  Click the +Add button , Add custom Role.


14. Please download the CPM Azure JSON permissions file from this link 

15. Add a meaningful name to the Custom role Name field. and select the option start from JSON. Then click the open file icon (folder icon) and select the file you downloaded in the previous step. In this example we named it CPM. 
NOTE: You should see an indication that the file was uploaded in the upper right comer of the Azure Portal.


16 . Click on the Assignable Scopes tab.


17. Delete the Assignable scope listed /subscriptions<SUBSCRIPTION_ID> by hitting the trash can symbol.


18. Please click on the Add assignable scopes button.


19. Select your subscription and click the Add button. Then click the review and create button.


20. Click Create.


21. Go to Subscription service → Your subscription → Access Control (IAM)


22. Click on Add → Add role assignment


23. Select your custom role, the app you created and Click Save


24. Check that you see the new assignment under Role assignment tab
** it might take time for azure to propagate changes in IAM

Part 4 Configure Azure backup policy in CPM

25. Go to the CPM Console and go to Policies


26. Click on New, Then Azure Policy


27. Give the policy a name in this example Azure and make sure the Account field is your Azure Account you created earlier in this process. 
Make sure that the Enabled checkbox is selected. The subscription field should be populated automatically if all the previous steps were configured correctly.  
Select you schedule, Set the configuration options Auto Target Removal and Keep # of backup Snapshot Generations. Click the Next button. 


28. On the Backup Targets tab click on the Add backup Targets button. Select to add Virtual machines or Disks from the drop down list.


29. Choose the correct Location and Resource Group and a list of virtual machines should appear. Choose which virtual machines to include in the policy. Then click Add Selected Button at the bottom of the screen.  Click close to exit the Add Virtual machines screen. 


30. On the More options page add you desired configuration options for the settings Backup Successful when, Number of retries , Wait between retries, and failures to trigger alert. For more details on these settings see the CPM User Guide. Then click save to save the configuration settings for the policy. Then click the Save button at the bottom of the screen.

 

    • Related Articles

    • minimal Azure permissions/roles for n2WS operations

      In version 4.0 we added support for the Azure cloud, you can find the required IAM permissions json attached to this KB article. The steps for adding permissions are: 1. Create custom role based on the attached permissions 2. Create app ...
    • AWS to Azure - Subscription dropdown is empty

      Issue: When creating an azure policy in CPM(AWS Based), the dropdown to select the subscription might show nothing  Solution: The issue is related to permissions, either the role doesnt have the correct permissions or it was not linked to the app ...
    • What are the required minimal AWS permissions/roles for CPM operation?

      You can apply all the required roles by using the JSON files inside the archive attached to this article (including the new permissions required for v4.0 and up). To apply these permissions in AWS, follow these instructions: 1. Go to the IAM Console ...
    • How to setup cross account/cross region recovery in CPM

      Background This document assumes that the main server running Cloud Protection Manager (CPM) is setup according to the minimum-Security requirements document at this link. ...
    • How-To integrate N2WS Backup & Recovery 3.0 with Azure Active Directory

      Background: This How-To guide provide details about the configuration required in order to integrate N2WS Backup & Recovery 3.0.x/3.1.x with Azure Active Directory SSO, It shows an example on how to create and configure Enterprise application in ...