During my prior blog post, I had the requirement to spin up a lot of Azure Object Storage Repositories. As is usually the case, this quickly led me to Veeam Azure Object Storage Automation. I am pretty new to Azure automation, so this was an exciting topic. Please feel free to reach out if you are more experienced in Azure automation and see some enhancement opportunities.
Before starting my Veeam Azure Object Storage Automation journey, I first had to understand the process.
Very quickly I realized, the end-to-end process of creating a new Azure Blob Storage from scratch is pretty time-consuming and has some pitfalls that can also be a security problem. But the overall goal was not only creating the S3 Bucket, I also needed to add the newly created Azure Blob Storage to my Veeam Backup & Replication V12 inventory.
# Veeam Azure Object Storage with PowerShell
My first try was automating the process with the Cmlets of the Az PowerShell Module. Theoretically, this works, but it requires a lot of additional steps to achieve a proper configuration.
|
|
# Annotations
Line 1-7: Load Modules and Connect (Veeam & Azure)
Line 14: Create Azure Resource Group
Line 15-20: Create Azure Storage Account
Line 21: Disable Blob Public Access for Azure Storage Account
Line 22: Get Azure Storage Account Key
Line 24: Create Azure Storage Container
Line 26-34: Disable Azure Storage Soft-Delete
Line 36-38: Disable Blob Versioning
Line 40-42: Set Storage Account to TLS Version 1.2
Line 51: Add Veeam Credentials for the Azure Storage Account
Line 53-55: Create a new Folder in the S3 Bucket Root
Line 57: Add a new Veeam Azure Object Storage Repository
# Veeam Azure Object Storage with ARM template
After some research regarding the current state of Azure Automation, I moved over to an ARM template. Using the ARM templates has a lot of benefits over only PowerShell scrips or the Azure CLI.
Declarative syntax: ARM templates allow you to create and deploy an entire Azure infrastructure declaratively.
Orchestration: You don’t have to worry about the complexities of ordering operations.
Built-in validation: Your template is deployed only after passing validation.
Tracked deployments: In the Azure portal, you can review the deployment history and get information about the template deployment.
Freedom of choice regarding deployment
For more details, have look at “Why choose ARM templates?”.
PowerShell Script:
|
|
ARM Template:
|
|
Parameters File:
|
|
# Annotations
# PowerShell Script
Line 1-7: Load Modules and Connect (Veeam & Azure)
Line 14: Create Azure Resource Group
Line 15-20: Create Azure Storage Account
Line 16-48: Deploy ARM Template with properties file
Line 20: Get Azure Storage Account Key
Line 21: Get Azure Storage Account Name
Line 27: Add Veeam Credentials for the Azure Storage Account
Line 29-31: Create a new Folder in the S3 Bucket Root
Line 33: Add a new Veeam Azure Object Storage Repository
# ARM Template
Line 1-25: Define Parameters
Line 27-45: Define Azure Storage Account
Line 47-71: Define Azure Blob Service
Line 72-85: Define Azure File Service