How to setup CPM on AWS to backup Azure virtual machines and disks.

How to setup CPM on AWS to backup Azure virtual machines and disks.

This article will show the configuration steps required to have CPM running on AWS backup and restore Azure virtual machines and disks.

Part I Add an App registration in Azure.

1. Open the Azure portal and go to Azure Active Directory, then click on App registrations.

2. Click New Registration.
3. In the Register an application screen enter a Name for the registration in this example CPM training.
Add the option for Supported account types and select Accounts in this Organizational directory only (default directory only -single tennant.
Click on Register.

4. The following items will need to be added to CM when you add the Azure account there so copy the following information to a text document for later use
Application (client) ID 
Directory (tennant) ID 

5. Open the CPM console and go to the Accounts page and select +New and select Azure Account.
Open the text file you copied the Directory (tenant) ID and Application (client) ID into copy the values into the CPM New Azure Account screen. 

6. In the Azure Portal screen go to Certificates and Secrets screen.

7. Click on + New Client secret
8. Add a meaningful description in the description field and set an expiration in the expires filed and click the Add button. 

9. Copy the value of the newly created secret by using the clipboard option (see screenshot below).

10. In the CPM Console, copy and paste the Client secret value into the Client Secret field and then the click Save button.  

11. CPM Accounts screen will now show the newly create Azure account and will indicate that under the column Cloud.

Part 2 Create a Custom Role and Add Permissions

12. In the Azure Portal go to Subscriptions, then go to Access Control (IAM)

13.  Click the +Add button , Add custom Role.

14. Please download the CPM Azure JSON permissions file from this link 

15. Add a meaningful name to the Custom role Name field. and select the option start from JSON. Then click the open file icon (folder icon) and select the file you downloaded in the previous step. In this example we named it CPM. 
NOTE: You should see an indication that the file was uploaded in the upper right comer of the Azure Portal.

16 . Click on the Assignable Scopes tab.

17. Delete the Assignable scope listed /subscriptions<SUBSCRIPTION_ID> by hitting the trash can symbol.

18. Please click on the Add assignable scopes button.

19. Select your subscription and click the Add button. Then click the review and create button.

20. Click Create.

Part 3 Configure Azure backup policy in CPM

21. Go to the CPM Console and go to Policies

22. Click on New, Then Azure Policy

23. Give the policy a name in this example Azure and make sure the Account field is your Azure Account you created earlier in this process. 
Make sure that the Enabled checkbox is selected. The subscription field should be populated automatically if all the previous steps were configured correctly.  
Select you schedule, Set the configuration options Auto Target Removal and Keep # of backup Snapshot Generations. Click the Next button. 

24. On the Backup Targets tab click on the Add backup Targets button. Select to add Virtual machines or Disks from the drop down list.

25. Choose the correct Location and Resource Group and a list of virtual machines should appear. Choose which virtual machines to include in the policy. Then click Add Selected Button at the bottom of the screen.  Click close to exit the Add Virtual machines screen. 

26. On the More options page add you desired configuration options for the settings Backup Successful when, Number of retries , Wait between retries, and failures to trigger alert. For more details on these settings see the CPM User Guide. Then click save to save the configuration settings for the policy. Then click the Save button at the bottom of the screen.


    • Related Articles

    • Minimal Azure permissions/roles for N2WS operations

      The required minimal IAM permissions json is attached to this KB article. You can find detailed steps in our User guide, Chapter 26: Or in the following KB Article: How to setup CPM on AWS to backup Azure ...
    • AWS to Azure - Subscription dropdown is empty

      Issue: When creating an azure policy in CPM(AWS Based), the dropdown to select the subscription might show nothing Solution: The issue is related to permissions, either the role doesnt have the correct permissions or it was not linked to the app ...
    • What are the required minimal AWS permissions/roles for CPM operation?

      You can apply all the required roles by using the JSON files inside the archive attached to this article (including the new permissions required for v4.0 and up). Note that for some editions there is more then 1 json file. If you are using FLR or ...
    • How to setup cross account/cross region recovery in CPM 2.x

      Background This document assumes that the main server running Cloud Protection Manager (CPM) is setup according to the minimum-Security requirements document at this link. ...
    • Does CPM backup ephemeral storage?

      The answer is no, CPM does not backup the ephemeral storage. CPM utilizes native AWS snapshots, and they do not support ephemeral storage. Ephemeral storage is not meant for persistent data. That said, in some setups, to leverage the speed of that ...