IMPLEMENTATION GUIDE

HYCU Protégé for Azure

Document publication: September 2021

Legal notices
Copyright notice
© 2020 HYCU. All rights reserved.
This document contains proprietary information, which is protected by copyright. No
part of this document may be photocopied, reproduced, distributed, transmitted,
stored in a retrieval system, modified or translated to another language in any form
by any means, without the prior written consent of HYCU.

Trademarks
HYCU logos, names, trademarks and/or service marks and combinations thereof are
the property of HYCU or its affiliates. Other product names are the property of their
respective trademark or service mark holders and are hereby acknowledged.
Nutanix® is a registered trademark of Nutanix, Inc. in the United States and/or other
jurisdictions.
Google Cloud Platform™ and Google Compute Engine™ are trademarks of Google
LLC.
Linux® is the registered trademark of Linus Torvalds in the U.S. and other countries.
VMware ESXi™ and VMware vSphere® are registered trademarks or trademarks of
VMware, Inc. in the United States and other jurisdictions.
Windows is a trademark of Microsoft Corporation in the United States and/or other
countries.

Disclaimer
The details and descriptions contained in this document are believed to have been
accurate and up to date at the time the document was written. The information
contained in this document is subject to change without notice.
HYCU provides this material "as is" and makes no warranty of any kind, expressed or
implied, including, but not limited to, the implied warranties of merchantability and
fitness for a particular purpose. HYCU shall not be liable for errors and omissions
contained herein. In no event shall HYCU be liable for any direct, indirect,
consequential, punitive, special or incidental damages, including, without limitation,
damages for loss and profits, loss of anticipated savings, business interruption, or
loss of information arising out of the use or inability to use this document, or any
action taken based on the information contained herein, even if it has been advised
of the possibility of such damages, whether based on warranty, contract, or any other
legal theory.
The only warranties for HYCU products and services are set forth in the express
warranty statements accompanying such products and services. Nothing herein
should be construed as constituting an additional warranty.

Notice
This document is provided in connection with HYCU products. HYCU may have
copyright, patents, patent applications, trademark, or other intellectual property
rights covering the subject matter of this document.
Except as expressly provided in any written license agreement from HYCU, the
furnishing of this document does not give you any license to these patents,
trademarks, copyrights, or other intellectual property on HYCU products. Use of
underlying HYCU product(s) is governed by their respective Software License and
Support Terms.
Important: Please read Software License and Support Terms before using the
accompanying software product(s).

HYCU
www.hycu.com
Contents
1 Introduction .................................................................................................... 5
Prerequisites for setting up Protégé ...................................................................... 5

2 Setting up Protégé .......................................................................................... 6

HYCU for Enterprise clouds ............................................................................................ 6
Prerequisites for setting up Azure target in HYCU for Enterprise clouds ......... 6
Adding Azure backup target .................................................................................... 6
HYCU Data Protection as a Service for Microsoft Azure ............................................. 8
HYCU Protégé for Azure .................................................................................................. 8
Create the Service Principal for Protégé using Azure portal ............................... 8

3 HYCU Protégé use cases .............................................................................. 11

Migration of a virtual machine to Azure ...................................................................... 11
Prerequisites: .......................................................................................................... 11
SpinUp ...................................................................................................................... 13
Disaster recovery with failover to Azure ..................................................................... 15
Failback from Azure to the on-prem data center ...................................................... 16

4 HYCU Customer Support and information ................................................ 18

Customer Support .......................................................................................................... 18
Company resources on web ......................................................................................... 18
General information ...................................................................................................... 18
Feedback.......................................................................................................................... 19
Introduction
HYCU Protégé is a multi-cloud data protection solution providing simple, secure and
efficient backup and recovery as service for enterprise, hybrid, public cloud platforms.
Protege enables use cases such as data mobility/migration and disaster recovery (DR)
for your workloads.

HYCU Protégé Solution

HYCU
Protege

HYCU HYCU HYCU

BC for GCP for Azure

Nutanix AHV or ESXi PROD Cluster Cloud DR to GCP and Azure

HYCU
Lift and Shift to cloud BC
VM1 VM2 VM3
Migration to cloud
VM1'
APP1 APP2 APP3

APP1'
GCP Azure

On-prem targets AWS*

* Availability of HYCU Protégé for this cloud platform is in progress

This document helps customers and partners as a reference for setting up their HYCU
Protégé environment.

Prerequisites for setting up Protégé

– HYCU for Enterprise clouds protecting on premise workloads
– Azure backup target created in Azure and added to HYCU for EC
– Subscription and configuration of HYCU Data Protection as a Service
for Microsoft Azure
– Creating Service Principal to connect both products
Setting up Protégé
HYCU for Enterprise clouds
As this document covers only the Protégé part the only additional step is configuring
backup target on Azure meeting offsite and immutable backup requirements to
protect the data against ransomware and preparation for Disaster Recovery scenario.

Prerequisites for setting up Azure target in HYCU for

Enterprise clouds
• Active MS Azure Subscription
• MS Azure Resource group
• MS Azure Storage account (Storage Blob)

Note If policies are already configured to use Azure target for backups
or backup copies this section can be skipped.

Adding Azure backup target

When all prerequisites are met just Add Azure target in Hycu for Enterprise Clouds:

- Name and Description should adhere to your

companies naming conventions so you can easily
identify target later when adding it in HYCU backup
policies.
- limit target size for cost control as storage blobs are
unlimited in size.
- Concurrency is based on your upload speed (more
bandwidth is available, higher the concurrency can be)
- Enable Compression to save space

- select Azure in TYPE

- enter all required details
o Storage account name
o secret access key
o Storage container name.
- Target encryption (if you enable this option, export the
keys.json file from Settings → Encryption and keep it
available, otherwise in case of disaster target import will
fail)

After you click save, target is added and preliminary speed tests will be performed
automatically by HYCU.
Modifying policy to store backup copies to Azure Target prepared in previous step.
Go to Policies → Select desired Policy and click Edit

Select the Copy checkmark, enter desired values for Retention length and select
Azure target prepared in the previous step, save and wait for all copies to be copied
to Azure.

Note When policy is changed, full backup will be triggered to ensure creation
of new backup chain. Completion of the copy task will depend on size of the VMs
and bandwidth available. If bandwidth utilization needs to be limited, configure
appropriate Throttling settings in HYCU Network Section.
HYCU Data Protection as a Service for
Microsoft Azure
First step is subscription for HYCU Data Protection as a Service for Microsoft Azure in
Azure Marketplace.
After the completed and activated subscription configure HYCU for Azure service
account with following user rights (In Azure Management Console go to
Subscriptions, select Access control (IAM), and then Add role assignment):
- Contributor
- Storage Blob Data Contributor

After this step is done Azure cloud workloads protection is prepared. Simply assign a
corresponding policy to your VM running in Azure and backup will start.

HYCU Protégé for Azure

Create the Service Principal for Protégé using Azure
portal
Procedure
1. Login as a Global admin or admin user with The User Access Administrator role
assigned to it and click on Azure Active Directory.
2. Register an application and create a service principal:

a. Go to Azure Active Directory.

b. Select the App registration button, and then New Registration.

c. Configure all fields and select Register.

3. Assign a role to the application:

 a. Go to Subscriptions, select Access control (IAM), and then Add role
assignment. Select HYCU for Protégé

b. Assign the Contributor role to HYCU for Protégé.

c. Click Save.

d. Repeat Procedure to add Storage Blob Data Contributor role to

HYCU for Protégé

4. Get tenant and client IDs:

Go to the Azure Active Directory, select the previously created application, and
mark the tenant and client IDs.

5. Create a secret for signing in:

a. Go to the Azure Active Directory, select Certificates & secrets, and

Client secrets.

b. Click New client secret, enter the desired description and duration and
click Add. Copy the secret value to a safe place, after creation it will never
be seen again. If lost, a new one must be created.

See the figure below:

6. Enter the values in both HYCU products:
a. Login to HYCU for Enterprise Clouds and go to Settings → Cloud
Accounts → Enter Details

Enter the previously marked Tenant ID, Application(client) ID and secret access
key.
b. Login to HYCU Data Protection as a Service for Microsoft Azure and go to Settings
→ Service Principals → Enter Details

Enter the same details and save.

After performing all steps your HYCU Protégé environment is ready for use.
HYCU Protégé use cases
HYCU Protégé can be used in the following use cases:
• Migration of a virtual machine from on-premise to the cloud
• Disaster recovery with failover to the cloud
• Failback from cloud to the on-premises data center

Note The use cases and instructions for virtual machines apply also to
physical machines except where specifically stated otherwise.

Migration of a virtual machine to Azure

HYCU Protégé helps you migrate your application/virtual machines from your
on-premises data center to the Azure Cloud Platform. The HYCU SpinUp functionality
is used for this purpose. When moving, HYCU ensures application consistency and
retains all aspects of the virtual machine configuration—such as CPUs, memory, and
network adapters (NICs)—in the cloud.

Prerequisites:
• For the virtual machine that you plan to migrate, before its latest backup:
o For virtual machines running Windows
▪ Access to the virtual machine is enabled through Remote Desktop
Protocol (RDP).
▪ A windows firewall is configured to allow RDP connections (RDP firewall
rule is automatically enabled in Azure)
o For virtual machines running Linux:
▪ Access to the virtual machine is enabled through Secure Shell (SSH).
▪ Local firewall is configured to allow public and private SSH connections.
▪ To ensure
▪ Access to serial console is configured

systemctl enable serial-getty@ttyS0.service

systemctl start serial-getty@ttyS0

▪ To migrate/spin up VM to Azure the Hyper-V drivers are enabled

(hv_vmbus, hv_storvsc, and hv_netvs).

dracut -f --add-drivers "hv_vmbus hv_storvsc

hv_netvsc"

• The virtual machine is configured to use legacy BIOS firmware on system

startup.
• Access to data within your virtual machine is enabled in HYCU.
• Your virtual machine is protected in HYCU. A virtual machine is protected
when it has a policy assigned and at least one backup of the virtual machine
exists.
• VM credentials are assigned in HYCU to discover OS type, and application
specifications.
• There is a policy configured in HYCU that uses a local target for storing
protected data and restore point is available
• a Backup copy on Azure storage blob exists
• Azure firewall rules configured to allow required traffic in the selected Azure
network resource
• If VMs will be migrated in different resource groups, storage account for each
resource group need to be created

Note When VMs are deployed in Azure network reconfiguration is needed.

DNS system on-prem will need to be adjusted to reflect new addresses so clients
would be able to access restored infrastructure and services.
SpinUp
Procedure
1. In the HYCU web user interface, in the Virtual Machines panel, select a virtual
machine, and then choose a desired restore point.
2. Click SpinUp VM to Cloud.

The SpinUp VM to Cloud dialog box appears, chose SpinUp VM to Azure.

3. From the Cloud Account drop-down menu, select the Azure service principal,
subscription, resource group, region and storage account.

4. In the New VM Name text box, enter a name for the migrated virtual machine,
enter a desired value for vCPU and memory, and from the Virtual machine type
select the offered machine type or the custom one (HYCU will offer the
appropriate Virtual Machine Types based on the HW values you enter).
5. If you are using various networks and subnets delete the default network
adapter. While adding the new one, the Network drop-down menu will contain
the list of your networks and subnets.

6. Click SpinUp to start the migration to cloud process.

HYCU carries out the process of recovering the virtual machine to the cloud. This
includes recreating the original virtual machine configuration.
7. Wait until the migration job completes, and then check the accessibility and
functionality of the virtual machine.
Disaster recovery with failover to Azure
Prerequisites
• HYCU virtual appliance for the Azure Platform is deployed.
Steps:
a. Login to HYCU for Azure → Settings → HYCU Controller Deployment.

b. After deployment and login → Settings → Power options.

c. Put HYCU in Suspend mode.

• HYCU Virtual Appliance is deployed without public IP. Ensure you have at least
1 VM residing in the same subnet so HYCU GUI can be accessed for further
configuration (a temporary Windows VM can be deployed from Azure
marketplace).
• All backups in the backup chain of the virtual machine are stored on the Azure
target for failover to Azure.
• Firewall rules in Azure must be configured to allow all on prem client
connections to your servers and services running in Azure (if access to
services from outside of your environment is needed additional configuration
for company VPN or DirectAccess is required)

Procedure
1. Use default username and password to sign in to the HYCU web user interface on
the HYCU backup controller deployed in Azure in the previous step.
2. In the HYCU web user interface, import the Azure target that stores backup data
of your protected virtual machines.
3. In the Virtual Machines panel, select a virtual machine, select its restore point,
and then click SpinUp VM to Cloud. The SpinUp VM to Cloud dialog box
appears.
4. Select the desired project, target region, and target zone. Then click SpinUp.
5. Wait until the migration job completes, and then check the accessibility and
functionality of the virtual machine.
6. Log on to the guest operating system of the migrated virtual machines and check
if the services and applications are working as expected.
7. All restored VMs/Apps will be auto-discovered by HYCU Data Protection as a
Service for Microsoft Azure
8. Apply corresponding backup policy to each VM/Application to establish
backup protection in Azure

Important Step 8 is mandatory for Failback. If no backups are

performed in Azure, there will be no Retention points visible and available for
specific VM while trying to use SpinDown VM from Cloud functionality.

Failback from Azure to the on-prem data

center
Once your data center is recovered after the disaster and is ready for use, Azure
VMs/Applications can be migrated back to on-premises data center.

Prerequisites
• Your VM instances are protected in HYCU for Azure. A VM instance is
protected when it has a policy assigned and at least one backup image of the
VM instance exists.
• Your HYCU is restored and Service account is present in Cloud accounts.

Procedure
1. Sign in to the HYCU web user interface.
2. In the Virtual Machines panel, click SpinUp VM from Cloud. The SpinUp VM
from Azure dialog box appears.
3. Select the appropriate Azure service principal.
4. Select the desired VM instance, select a restore point, and then click Next. The
VM Settings dialog box appears.
5. Select the storage container to migrate the VM instance to, and specify the virtual
machine name.
6. Select the Power Virtual Machine On option, and then click SpinUp.
7. Wait until the migration job completes, and then check the accessibility and
functionality of the virtual machine.
8. Log on to the guest operating system of the migrated virtual machine, and check
the services and applications.
HYCU Customer Support and
information
Use the communication channels listed in this section if you need:
• Help with the product licensing or service subscription process
• Assistance while using HYCU Protégé
• Additional information about HYCU Protégé
• Information about other HYCU products and services

Customer Support
Should you require additional information or assistance while using the product or
service, contact the vendor that shipped it or arranged its subscription for you.
If you have purchased the product directly from HYCU or subscribed to a HYCU
service yourself, and are experiencing a problem, search for a solution on the HYCU
Customer Support webpage. In the absence of an article addressing your problem,
ask HYCU Customer Support for assistance: on the webpage, sign in with a valid user
account, click Submit a request, and then fill in the request form. Apply for an
account at support@hycu.com. If you are using a HYCU service, you should have
received user account information after subscribing to the service.
Important: Before submitting a request to HYCU Customer Support, collect
troubleshooting information. For a list of the relevant pieces of information, check
troubleshooting sections in the product or service documentation.

Company resources on web

For more information about our company and other products and services in our
offering, visit the HYCU | Simplifying Multi-cloud Data Protection website. For
additional product- or service-related information, watch videos on the HYCU, Inc. -
YouTube channel. HYCU is also present on social networks. Follow us on Twitter
and LinkedIn .

General information
For questions related to product or service business, purchase of this or other HYCU
products, or subscription to HYCU services, send an email to info@hycu.com.
Feedback
For comments or suggestions about this product, including its documentation, send
an email to info@hycu.com. We will be glad to hear from you!