During my prior blog post, I had the requirement to spin up a lot of Azure Object Storage Repositories. As is usually the case, this quickly led me to Veeam Azure Object Storage Automation. I am pretty new to Azure automation, so this was an exciting topic. Please feel free to reach out if you are more experienced in Azure automation and see some enhancement opportunities.
Before starting my Veeam Azure Object Storage Automation journey, I first had to understand the process.
Very quickly I realized, the end-to-end process of creating a new Azure Blob Storage from scratch is pretty time-consuming and has some pitfalls that can also be a security problem. But the overall goal was not only creating the S3 Bucket, I also needed to add the newly created Azure Blob Storage to my Veeam Backup & Replication V12 inventory.
Veeam Azure Object Storage with PowerShell
My first try was automating the process with the Cmlets of the Az PowerShell Module. Theoretically, this works, but it requires a lot of additional steps to achieve a proper configuration.
|
|
Annotations
-
Line 1-7: Load Modules and Connect (Veeam & Azure)
-
Line 14: Create Azure Resource Group
-
Line 15-20: Create Azure Storage Account
-
Line 21: Disable Blob Public Access for Azure Storage Account
-
Line 22: Get Azure Storage Account Key
-
Line 24: Create Azure Storage Container
-
Line 26-34: Disable Azure Storage Soft-Delete
-
Line 36-38: Disable Blob Versioning
-
Line 40-42: Set Storage Account to TLS Version 1.2
-
Line 51: Add Veeam Credentials for the Azure Storage Account
-
Line 53-55: Create a new Folder in the S3 Bucket Root
-
Line 57: Add a new Veeam Azure Object Storage Repository
Veeam Azure Object Storage with ARM template
After some research regarding the current state of Azure Automation, I moved over to an ARM template. Using the ARM templates has a lot of benefits over only PowerShell scrips or the Azure CLI.
-
Declarative syntax: ARM templates allow you to create and deploy an entire Azure infrastructure declaratively.
-
Orchestration: You don’t have to worry about the complexities of ordering operations.
-
Built-in validation: Your template is deployed only after passing validation.
-
Tracked deployments: In the Azure portal, you can review the deployment history and get information about the template deployment.
-
Freedom of choice regarding deployment
For more details, have look at “Why choose ARM templates?”.
PowerShell Script:
|
|
ARM Template:
|
|
Parameters File:
|
|
Annotations
PowerShell Script
-
Line 1-7: Load Modules and Connect (Veeam & Azure)
-
Line 14: Create Azure Resource Group
-
Line 15-20: Create Azure Storage Account
-
Line 16-48: Deploy ARM Template with properties file
-
Line 20: Get Azure Storage Account Key
-
Line 21: Get Azure Storage Account Name
-
Line 27: Add Veeam Credentials for the Azure Storage Account
-
Line 29-31: Create a new Folder in the S3 Bucket Root
-
Line 33: Add a new Veeam Azure Object Storage Repository
ARM Template
-
Line 1-25: Define Parameters
-
Line 27-45: Define Azure Storage Account
-
Line 47-71: Define Azure Blob Service
-
Line 72-85: Define Azure File Service