Justin Manning MSFT PFE

The life of a SQL PFE

Azure Backups and Site Recovery – Encrypted SQL Backups





This document is intended to assist the user in configuring Azure Recovery Services for on premise backups of encrypted SQL Server Backups.

The goal of this document is to demonstrate the capability of backing up encrypted Database backups, where the encryption key stays in possession with the customer (onsite) and is not managed by any external service.



Configure Azure Recovery Services


Navigate to https://ms.portal.azure.com, sign in with your subscription details. This will be the account that will contain your Recovery Service.


Create a Resource Groups to manage your Azure Recovery Services Vault


This step will create a resource group, which we will contain the Azure Recovery Services vault at the end of this demo.


Click on Resource Groups



Add a resource group



Give your resource group a name and select the region you would like the resource group to belong

To, in this example, we called the resource group “azure-backup”


Click Create once configured


Once the resource group is created, select the resource group


Select Add in your resource group, to begin adding the Azure Recovery Service



Search for “Azure Recovery Service” and select the “Backup and Site Recovery (OMS)” option.


Click Create to create the Vault

Give your recovery services vault a name and select the resource group previously created. Once filled in, click create.

Once your Vault has been created, you will be presented with the overview blade of the Recovery Services Vault.


Configuring Azure Recovery Services Backups


This step will allow you to configure what you want to backup to the vault.


You will be presented with a blade to select the types of backups you want to do. For purposes of this documents, configure your backups as follows, and select “Prepare Infrastructure”:

This will prompt you to download the recovery services agent, as well as the credentials to authenticate your on-premises infrastructure, with your vault


Follow Steps 1, but installing the Recovery Services Agent, and configure the agent to suit your environment. i.e. proxy setting if applicable.



Return to the azure portal, to download your credentials   


Once the agent is installed, proceed to step 2


Save your credential file

Import this file via the Recovery Services Agent


Configure your Passphrase, this is your password to the vault, and needs to be kept safe and click Finish when done.


Registration successful


Configuring Backup Schedule


Once the Azure Recovery Services Agent has been installed and configured, the next step would be to configure and schedule your backups.



Add items you wish to backup.

In this example, we are going to add a folder location for the Encrypted SQL Server Backups we wish to back up.


Navigate to the folder location you wish to back up




Configure your schedule as necessary




Configure retention period




Configure initial backup options




Confirm and Finish


Confirm Success and Close


Backing up a SQL Server Database


This demo will illustrate the steps in backing up a database and having the Azure Recovery Service back the SQL Server backup file to Azure


Perform an encrypted backup to a disk location


Take note of the warning, to back up your certificate.

You can manually execute a backup from the Microsoft Azure Recovery Services agent, by selecting to “back up now”. This will have the recovery services agent send the backup file to your azure vault for safe keeping.



Verify your machine is now listed in the vault as a backup item:



Performing a recovery


To restore your database backup, you will need to perform a recovery of the vault, which will allow you to select at which point in time, or schedule, you would like to recovery from. This will recover the entire directory structure of your recovery site, and you will be able to restore the database. This will be demonstrated in the next following steps.


Select Recover from the Microsoft Azure recovery Services agent


Select the point in time which you would like to recover.


You will notice that a volume is mounted as a disk you can browse though. This will allow you to click through the directory structure, to retrieve any files you wish to retrieve. These may be copied off the mounted volume and placed on a separate disk for future use.

An example of the mounted volume for recovery.


Once file retrieval is complete, unmount the disk