In my LAB I use two computers

- DC2012: Domain Controller (domain mcthub.local) running Windows Server 2012.

- DPMSERVER: Domain Member running Windows Server 2012, this computer has been installed DPM 2012 SP1
You can see part 1


Steps to Implementing DPM and Windows Azure:

- Sign up to use Backup Service and create Backup Vault

- Install SDK via create Self-signed certificate

- Upload certificate

- Update Data Protection Manager

- Download and install Windows Azure Agent

- Register DPM server to Windows Azure

- Update Protection Agent

- Add Protection Group to Windows Azure

- Backup data

- Recover data


Sign up to use Backup Service and create Backup Vault

To benefit from Windows Azure, you must first register for the trial

Next, use must register to use Backup Services of Windows Azure by visting the link



Find Backup feature ang click try it now

Click Complete. Windows Azure will send you an E-mail to announce the successful registration 

Open the mail account, you will receive a new E-Mail with the following content


Switch back to your Portal browser tab

To backup your files and data to Windows Azure, you must create a backup vault in the geographic region where you want to store the data.  Click New in the bottom left corner


Select BACKUP VAULT – QUICK CREATE – Enter the name that you want and select your region

Wait until STATUS displayed Active

Refresh and you should now see the Recovery Services icon in the left navigation sidebar


To successfully complete this tutorial you must have an X.509 v3 certificate to register your servers with backup vaults. The certificate must have a key length of at least 2048 bits and should reside in the Personal certificate store of your Local Computer. When the certificate is installed on your server, it should contain the private key of the certificate. To upload to the certificate to the Windows Azure Management Portal, you must export the public key as a .cer format file. You also can create a self-signed certificate to upload to Windows Azure.


To create self-signed certificate, you must use makercert.exe utility, makecert.exe is not part of the installation of Windows Server 2012 and R2. You will need to download the Windows 8 Software Development Kit (SDK) to obtain the makecert.exe utility  at the link


Install SDK and create sefl-signed certificate

Run the file sdksetup to start SDK installatiom


Select only Windows Software Development Kit, unless you wish to install the entire SDK. Click Next.


After the installation process is complete, you can see makecert.exe in C:\Program Files (X86)\Windows Kits\8.0\bin\x64 folder. You must copy or cut  this file to another folder for more easily accessible (I copied this file to root folder C:\)


Open Command Propmt, change current folder for makecert.exe (C:\) and type following command:

makecert.exe -r -pe -n CN=CertificateName -ss my -sr localmachine -eku -len 2048 -e 01/01/2016 CertificateName.cer


Verify a .CER file created in the same folder


Upload Certificate

You now have successfully created a self-signed certificate, meeting the requirements defined by Windows Azure. Next you must upload your certificate to backup vault. Open Portal browser – SelectRECOVERY SERVCIES – Select backup vault – Click MANAGE CERTIFICATE


Select.CER file that you created earlier– Click Open

Click OK


To verify, and click the circled checkmark 

You will get this type of notification for a successful upload


Update Data Protection Manager

For compatibility with Windows Azure, you must update DPM. Open Control Panel, Select Windows Update. Select Update Rollup 3 for DPM

Wait for Update process


After updating, verify by click the “About DPM” button

Verify DPM's verion: Service Pack 1 – Version 4.1.3417.0 – Click OK


Download and install Windows Azure Agent

Next, to DPM can back up your files and data to Windows Azure,  you must download and install Windows Azure Agent for DPM

Switch back to Portal – Select RECOVERY SERVICES – Select backup vault – Select Download  Agent

Select Download Agent  (version for System Center – Data Protection Manager)


After successful download, run the WABInstaller.exe file



Choose the Installation Folder and Cache Location for Windows Azure Backup. Click Install

Click Finish


Register DPM server with Windows Azure

To register a DPM server with Windows Azure Backup, open the DPM Management Console, in the Management pane, click Register Server to open the Register Server Wizard.

Click Browse to select certificate


Select the Certificate that you are going to use



If you want, select Enable internet bandwidth usage throttling for backup operations to configure how the Windows Azure Backup Agent uses the network bandwidth when backing up or restoring information. Click Next


Select Backup Vault  previously created- Click Next


If you want Windows Azure Backup Agent to use a proxy server to connect to the Internet, click Use a proxy server for Windows Azure Backup,  and then configure the necessary options. Click Next

Select a folder location for temporary staging location of the information being recovered - click Next.

Type a 16 characters or greater passphrase to encrypt the backups from the server. To have a random passphrase created, click Generate passphrase. Click Register

After registration process completed successfully – Click Close

Verify by open DPM Administrator Console, you will see Online subsciptions Windows Azure Backup

Switch back to portal browser: Select RECOVERY SERVICES – Select backup Vault – Select SERVERS, verify DPMSERVER.mcthub.local server has been registered


Update Protection Agent

To back up data from DC2012, you must have previously installed protection agent (See part 2). Open DPM Administrator Console. Select Management -Agent, Select DC2012, Click Update

Click Yes to confirm

Wait for the  update process


Add online Protect Group

To back up C:\Data folder to Windows Azure, you can modify the protection groups to include online backup. Right click a protection group that includes file protection and select Add online protection

Select the files and folders to protect and click Next

Configure the Retention range in days and the Synchronization Schedule. Click Next.

Click Close when completed successfully


Backup data

To immediately start online protection, right click a protected folder and select Create recovery point 

Select Create recovery point for Online protection and click OK 

Wait for back up process, this process can take a long time depending on your data size and  speed of your Internet connection

When the process is successfully - Click Close



Switch to DC2012, to simulate the complete loss of the data on DC2012,  I deleted all files in C:\Data folder

You now can recover from Windows Azure, Select Recovery - Select C: in All Protection Volumes - Select a time when you have backed up (Notice Recover from is Online) - Double click on Datafolder

Select files to recover and click Recover

Click Next

Select Recover to the original location để recover  - Click Next

Accept default values and click Next

Click nút Recover

This action will take a few moments to complete.  Please wait

Click Close when finished

Switch back to DC2012, verify that the files has been restored


Thank you for reading my article

To view my article in Vietnamese, click the link below

See Also




By Đồng Phương Nam