Backing up Cloud Volumes ONTAP data to Azure Blob storage

Contributors netapp-tonacki

Complete a few steps to get started backing up data from Cloud Volumes ONTAP to Azure Blob storage.

Quick start

Get started quickly by following these steps or scroll down to the remaining sections for full details.

One Verify support for your configuration
  • You’re running Cloud Volumes ONTAP 9.7P5 or later in Azure.

  • You have a valid cloud provider subscription for the storage space where your backups will be located.

  • You have subscribed to the BlueXP Marketplace Backup offering, or you have purchased and activated a Cloud Backup BYOL license from NetApp.

Two Enable Cloud Backup on your new or existing system
  • New systems: Cloud Backup is enabled by default in the working environment wizard. Be sure to keep the option enabled.

  • Existing systems: Select the working environment and click Enable next to the Backup and recovery service in the right-panel, and then follow the setup wizard.

    A screenshot that shows the Cloud Backup Enable button which is available after you select a working environment.

Three Enter the provider details

Select the provider subscription and region, and choose whether you want to create a new resource group or use an already existing resource group. You can also choose your own customer-managed keys for data encryption instead of using the default Microsoft-managed encryption key.

A screenshot that shows the cloud provider details when backing up volumes from a Cloud Volumes ONTAP system to an Azure Blob tier.

Four Define the default backup policy

The default policy backs up volumes every day and retains the most recent 30 backup copies of each volume. Change to hourly, daily, weekly, monthly, or yearly backups, or select one of the system-defined policies that provide more options. You can also change the number of backup copies you want to retain.

Backups are stored in the Cool access tier by default. If your cluster is using ONTAP 9.10.1 or greater, you can choose to tier backups to Azure Archive storage after a certain number of days for further cost optimization. Learn more about the available Cloud Backup policy configuration settings.

A screenshot that shows the Cloud Backup settings where you can select the backup policy and choose your backup retention.

Five Select the volumes that you want to back up

Identify which volumes you want to back up using the default backup policy in the Select Volumes page. If you want to assign different backup policies to certain volumes, you can create additional policies and apply them to volumes later.

Requirements

Read the following requirements to make sure that you have a supported configuration before you start backing up volumes to Azure Blob storage.

The following image shows each component and the connections that you need to prepare between them:

A diagram showing how Cloud Backup communicates with the volumes on the source systems and the destination storage where the backup files are located.

Supported ONTAP versions

Minimum of ONTAP 9.7P5; ONTAP 9.8P13 and later is recommended.

License requirements

For Cloud Backup PAYGO licensing, a subscription through the Azure Marketplace is required before you enable Cloud Backup. Billing for Cloud Backup is done through this subscription. You can subscribe from the Details & Credentials page of the working environment wizard.

For Cloud Backup BYOL licensing, you need the serial number from NetApp that enables you to use the service for the duration and capacity of the license. Learn how to manage your BYOL licenses.

And you need to have a Microsoft Azure subscription for the storage space where your backups will be located.

Verify or add permissions to the Connector

To use the Cloud Backup Search & Restore functionality, you need to have specific permissions in the role for the Connector so that it can access the Azure Synapse Workspace and Data Lake Storage Account. See the permissions below, and follow the steps if you need to modify the policy.

Before you start

You must register the Azure Synapse Analytics Resource Provider with your Subscription. See how to register this resource provider for your subscription. You must be the Subscription Owner or Contributor to register the resource provider.

Steps
  1. Identify the role assigned to the Connector virtual machine:

    1. In the Azure portal, open the Virtual machines service.

    2. Select the Connector virtual machine.

    3. Under Settings, select Identity.

    4. Click Azure role assignments.

    5. Make note of the custom role assigned to the Connector virtual machine.

  2. Update the custom role:

    1. In the Azure portal, open your Azure subscription.

    2. Click Access control (IAM) > Roles.

    3. Click the ellipsis (…​) for the custom role and then click Edit.

    4. Click JSON and add the following permissions:

      "Microsoft.Storage/checknameavailability/read",
      "Microsoft.Storage/operations/read",
      "Microsoft.Storage/storageAccounts/listkeys/action",
      "Microsoft.Storage/storageAccounts/read",
      "Microsoft.Storage/storageAccounts/write",
      "Microsoft.Storage/storageAccounts/blobServices/containers/read",
      "Microsoft.Storage/storageAccounts/listAccountSas/action",
      "Microsoft.Synapse/workspaces/write",
      "Microsoft.Synapse/workspaces/read",
      "Microsoft.Synapse/workspaces/delete",
      "Microsoft.Synapse/register/action",
      "Microsoft.Synapse/checkNameAvailability/action",
      "Microsoft.Synapse/workspaces/operationStatuses/read",
      "Microsoft.Synapse/workspaces/firewallRules/read",
      "Microsoft.Synapse/workspaces/replaceAllIpFirewallRules/action",
      "Microsoft.Synapse/workspaces/operationResults/read"
    5. Click Review + update and then click Update.

Supported Azure regions

Cloud Backup is supported in all Azure regions where Cloud Volumes ONTAP is supported; including Azure Government regions.

Required setup for creating backups in a different Azure subscription

By default, backups are created using the same subscription as the one used for your Cloud Volumes ONTAP system. If you want to use a different Azure subscription for your backups, you must log in to the Azure portal and link the two subscriptions.

Required information for using customer-managed keys for data encryption

You can use your own customer-managed keys for data encryption in the activation wizard instead of using the default Microsoft-managed encryption keys. In this case you will need to have the Azure Subscription, Key Vault name, and the Key. See how to use your own keys.

Enabling Cloud Backup on a new system

Cloud Backup is enabled by default in the working environment wizard. Be sure to keep the option enabled.

See Launching Cloud Volumes ONTAP in Azure for requirements and details for creating your Cloud Volumes ONTAP system.

Note If you want to pick the name of the resource group, disable Cloud Backup when deploying Cloud Volumes ONTAP. Follow the steps for enabling Cloud Backup on an existing system to enable Cloud Backup and choose the resource group.
Steps
  1. Click Create Cloud Volumes ONTAP.

  2. Select Microsoft Azure as the cloud provider and then choose a single node or HA system.

  3. In the Define Azure Credentials page, enter the credentials name, client ID, client secret, and directory ID, and click Continue.

  4. Fill out the Details & Credentials page and be sure that an Azure Marketplace subscription is in place, and click Continue.

  5. On the Services page, leave the service enabled and click Continue.

    Shows the Cloud Backup option in the working environment wizard.

  6. Complete the pages in the wizard to deploy the system.

Result

Cloud Backup is enabled on the system and backs up volumes every day and retains the most recent 30 backup copies.

Enabling Cloud Backup on an existing system

Enable Cloud Backup at any time directly from the working environment.

Steps
  1. Select the working environment and click Enable next to the Backup and recovery service in the right-panel.

    If the Azure Blob destination for your backups exists as a working environment on the Canvas, you can drag the cluster onto the Azure Blob working environment to initiate the setup wizard.

    A screenshot that shows the Cloud Backup Enable button which is available after you select a working environment.

  2. Select the provider details and click Next.

    1. The Azure subscription used to store the backups. This can be a different subscription than where the Cloud Volumes ONTAP system resides.

      If you want to use a different Azure subscription for your backups, you must log in to the Azure portal and link the two subscriptions.

    2. The region where the backups will be stored. This can be a different region than where the Cloud Volumes ONTAP system resides.

    3. The resource group that manages the Blob container - you can create a new resource group or select an existing resource group.

    4. Whether you’ll use the default Microsoft-managed encryption key or choose your own customer-managed keys to manage encryption of your data. (See how to use your own keys).

      A screenshot that shows the cloud provider details when backing up volumes from a Cloud Volumes ONTAP system to an Azure Blob tier.

  3. Enter the backup policy details that will be used for your default policy and click Next. You can select an existing policy, or you can create a new policy by entering your selections in each section:

    1. Enter the name for the default policy. You don’t need to change the name.

    2. Define the backup schedule and choose the number of backups to retain. See the list of existing policies you can choose.

    3. When using ONTAP 9.10.1 and greater, you can choose to tier backups to Azure Archive storage after a certain number of days for further cost optimization. Learn more about using archival tiers.

      A screenshot that shows the Cloud Backup settings where you can choose your schedule and backup retention.

  4. Select the volumes that you want to back up using the defined backup policy in the Select Volumes page. If you want to assign different backup policies to certain volumes, you can create additional policies and apply them to those volumes later.

    • To back up all existing volumes and any volumes added in the future, check the box "Back up all existing and future volumes…​". We recommend this option so that all your volumes will be backed up and you’ll never have to remember to enable backups for new volumes.

    • To back up only existing volumes, check the box in the title row (button backup all volumes).

    • To back up individual volumes, check the box for each volume (button backup 1 volume).

      A screenshot of selecting the volumes that will be backed up.

    • If there are any local Snapshot copies for read/write volumes in this working environment that match the backup schedule label you just selected for this working environment (for example, daily, weekly, etc.), an additional prompt is displayed "Export existing Snapshot copies to object storage as backup copies". Check this box if you want all historic Snapshots to be copied to object storage as backup files to ensure the most complete protection for your volumes.

  5. Click Activate Backup and Cloud Backup starts taking the initial backups of each selected volume.

Result

A Blob storage container is created automatically in the resource group you entered, and the backup files are stored there. The Volume Backup Dashboard is displayed so you can monitor the state of the backups. You can also monitor the status of backup and restore jobs using the Job Monitoring panel.

What’s next?