Backup

Integrating Rubrik Andes 5.1 with Workspace ONE Access

/ seanpmassey

Early in December, Rubrik released the latest version of their core data protection platform – Andes 5.1. One of the new features in this release is support for SAML identity providers.  SAML integration provides new capabilities to service providers and large enterprises by enabling integration into enterprise networks without having to directly integrate into Active Directory.

Rubrik also supports multi-factor authentication, but the only method supported out of the box is RSA SecurID.  SAML integration enables enterprises to utilize other forms of multi-factor authentication, including RADIUS-based services and Azure MFA.  It also allows for other security policies to be implemented including device-based compliance checks.

Prerequisites

Before we can begin configuring SAML integration, there are a few things we need to do.  These prerequisites are similar to the Avi Networks SAML setup, but we won’t need to open the Workspace ONE Access metadata file in a text editor.

First, we need to make sure a DNS record is in place for our Rubrik environment.  This will be used for the fully-qualified domain name that is used when signing into our system.

Second, we need to get the Workspace One Access IDP metadata.  Rubrik does not import this automatically by providing a link the idp.xml file, so we need to download this file.  The steps for retrieving the metadata are:

  1. Log into your Workspace One Access administrator console.
  2. Go to App Catalog
  3. Click Settings
    7a. idp metadata WS1 Catalog Settings
  4. Under SaaS Apps, click SAML Metadata7b. idp metadata WS1 Catalog Settings idp
  5. Right click on Identity Provider Metadata and select Save Link As.  Save the file as idp.xml7c. idp metadata WS1 Catalog Settings idp

Rubrik SAML Configuration

Once the prerequisites are taken care of, we can start the SAML configuration on the Rubrik side.  This consists of generating the Rubrik SAML metadata and uploading the Workspace ONE metadata file.

  1. Log into your Rubrik Appliance.
  2. Go to the Gear icon in the upper right corner and select Users1. Users Menu
  3. Select Identity Providers2. Identity Providers
  4. Click Add Identity Provider3. Add Identity Providers
  5. Provide a name in the Identity Provider Name field.
  6. Click the folder icon next to the Identity Provider Metadata field.
  7. Upload the idp.xml file we saved in the last step.
  8. Select the Service Provider Host Address Option.  This can be a DNS Name or the cluster floating IP depending on your environment configuration.  For this setup, we will be doing a DNS Name.
  9. Enter the DNS name in the field.
  10. Click Download Rubrik Metadata.4. Rubrik Identity Provider Config
  11. Click Add.
  12. Open the Rubrik Metadata file in a text editor.  We will need this in the next step.

Workspace ONE Configuration

Now that the Rubrik side is configured, we need to create our Workspace ONE catalog entry.  The steps for this are:

  1. Log into your Workspace One Access administrator panel.
  2. Go to the Catalog tab.
  3. Click New to create a new App Catalog entry.
  4. Provide a name for the new Rubrik entry in the App Catalog.
  5. If you have an icon to use, click Select File and upload the icon for the application.
    5. New SaaS Application
  6. Click Next.
  7. In the Authentication Type field, select SAML 2.0
  8. In Configuration, select URL/XML
    6. SaaS Configuration 1
  9. Copy the contents of the Rubrik Metadata XML file.
  10. Paste them into the URL/XML textbox.
  11. Scroll down to the Advanced Properties section.
  12. Expand Advanced Properties.
  13. Click the toggle switch under Sign Assertion
    7. Sign Assertion
  14. Click Next.
  15. Select an Access Policy to use for this application. This will determine the rules used for authentication and access to the application.
    16. Assign Access Policy
  16. Click Next.
  17. Review the Summary of the Configuration
  18. Click Save and Assign
  19. Select the users or groups that will have access to this application
  20. Click Save.

Authorizing SAML Users in Rubrik

The final configuration step is to authorize Workspace ONE users within Rubrik and assign them to a role.  This step only works with individual users.  While testing, I couldn’t find a way to have it accept users based on a group or SAML attribute.

The steps for authorizing Workspace ONE users is:

  1. Log into your Rubrik Appliance.
  2. Go to the Gear icon in the upper right corner and select Users1. Users Menu
  3. Select Users and Groups8. Users and Groups
  4. Click Grant Authorization9. Grant Authorization
  5. Select the directory.
    10. Select Directory
  6. Select User and enter the username that the user will use when signing into Workspace ONE.11. Enter Username
  7. Click Continue.
  8. Select the role to assign to the user and click Assign.12. Assign Rights
  9. The SAML user has been authorized to access the Rubrik appliance through SSO.

Testing SAML Authentication and Troubleshooting

So now that we have our authentication profiles configured in both Rubrik and Workspace One Access, we need to test it to ensure our admin users can sign in.  In order to test access, you need to sign out of your Rubrik appliance.  When you return to the login screen, you’ll see that it has changed slightly, and there will be a large “Sign in with SSO” button above the username field.  When pressed, users will be directed to Workspace ONE and authenticated.

While Rubrik may be listed in the Workspace ONE Access App Catalog, launching from the app catalog will just bring you to the login page.  I could not figure out how to get IdP-initiated logins to work, and some of my testing resulted in error pages that showed metadata errors.

Rubrik 5.0 “Andes” – A Refreshing Expansion

/ seanpmassey

Since they came out of stealth in 2015, Rubrik has significantly expanded the features and capabilities of their core product.  They have had 13 major releases and added features for cloud providers, multi-tenant environments, Polaris, a software-as-a-service platform that provides enhanced cloud features and global management, and Radar, a service that detects and protects against ransomware attacks.

Today, Rubrik is announcing their 14th major release – Andes 5.0.  The Andes release builds on top of Rubrik’s feature rich platform to further expand the capabilities of the product.  It expands support for both on-premises mission critical applications as well as cloud native applications, and it extends or enhances existing product features.

Key features of this release are:

Enhanced Oracle Protection

Oracle database backup support was introduced in the Rubrik 4.0 Alta release, and it was basically a scripted RMAN backup to a Rubrik managed volume.  The Rubrik team has been hard at work enhnacing this feature.

Rubrik is introducing a connector agent that can be installed on Oracle hosts or RAC nodes.  This connector will be able to discover instances and databases automatically, allowing SLAs to be applied directly to the hosts or the databases directly.

Simplified administration of Oracle backups isn’t the only Oracle enhancement in the Andes release.  The popular Live Mount feature has now been extended to Oracle environments.  If you’re not familiar with Live Mount, it is the ability to run a virtual machine or database directly from the backup.  This is useful for test and development environments or retrieving a single table or row that was accidentally dropped from a database.

Point-in-time recovery of Oracle environments is another new Oracle enhancement.  This feature allows Oracle administrators to restore their database to a specific point in time.  Rubrik will orchestrate the recovery of the database and replay log files to reach the specified point in time.

SAP HANA Protection

SAP HANA is the in-memory database that drives many SAP implementations.  In Andes 5.0, Rubrik offers an SAP-certified HANA backup solution that utilizes SAP’s BackInt APIs for HANA data protection.  This solution integrates with HANA Studio and SAP Cockpit.  The SAP HANA protection feature also supports point-in-time recovery and log management features.

HANA protection relies on another new feature of Andes called Elastic App Service.  Elastic App Service is a managed volume mounted on the Rubrik CDM and provide the same SLA driven policies that other Rubrik objects get.

Microsoft SQL Server Enhancements

Rubrik has supported Microsoft SQL Server backups since the 3.0 release, and there has been a steady stream of enhancements to this feature.  The Andes release is no different, and it adds two major SQL Server backup features.

The first is the introduction of Changed Block Tracking for SQL Server databases. This feature will act similarly to the CBT function provided in VMware vSphere.  The benefit of this feature is that the Rubrik backup service can now look at the database change file to determine what blocks need to be backed up rather than scanning the database for changes, allowing for a shorter backup window and reduced overhead on the SQL Server host.

Another SQL Server enhancement is group Volume Shadow Copy Service (VSS) snapshots.  Rubrik utilizes Microsoft’s VSS SQL Writer Service to provide a point-in-time copy of the database.  The SQL Writer Service does this by freezing all operations on, or quiescing, the database to take a VSS snapshot.  Once the snapshot is completed, the database resumes operations while Rubrik performs any backup operations against the snapshot.  This process needs to be repeated on each individual database that Rubrik backs up, and this can lead to lengthy backup windows when there are multiple databases on each SQL Server.

Group VSS snapshots allow Rubrik to protect multiple databases on the same server in with one VSS snapshot action.  Databases that are part of the same SLA group will have their VSS snapshots taken and processed at the same time.  This essentially parallelizes backup operations for that SLA group.  The benefits of this are a reduction in SQL Server backup times and the ability to perform backups more frequently.

Windows Bare-Metal Recovery

Rubrik started off as a virtualization backup product.  However, there are still large workloads that haven’t been virtualized.  While Rubrik supported some phyiscal backups, such as SQL Server database backups, it never supported full backup and recovery of physical Windows Servers.  This meant that it couldn’t fully support all workloads in the database.

The Andes 5.0 release introduces the ability to protect workloads and data that reside on physical Windows Servers.  This is done with the same level of simplicity as all other virtualized and physical database workloads.

Physical Windows backup is done through the existing Rubrik Backup Service that is used for database workloads.  The initial backup is a full system backup that is saved to a VHDX file, and all subsequent backups utilize changed block tracking to only backup the changes to the volumes.

Restoring to bare metal isn’t fully automated, but it seems fairly straightforward.  The host server boots to a WinPE environment, mounts a Live Mount of the Windows Volume snapshots, and then runs a PowerShell script to restore the volumes. Once the restore is complete, the server can be rebooted to the normal boot drive.

This option is not only good for backing up and protecting physical workloads, but it can also be used for P2V and P2C (or physical-to-cloud) migrations.

The Windows BMR feature only supports Windows Server 2008 R2, Server 2012 R2, and Server 2016.  It does not support Windows 7 or Windows 10.

SLA Policy Enhancements

Setting up backup policies inside of Rubrik is fairly simple.  You create an SLA domain, you set the frequency and retention period of backup points, and you apply that policy to virtual machines, databases, or other objects.

But what if you need more control over when certain backups are taken?  There may be policies in place that determine when certain kinds of backups need to occur.

Andes 5.0 introduces Advanced SLA Policy Configuration. This is an optional feature that enables administrators to not only specify the frequency and retention period of a backup point, but is also allows that administrator to specify when those backups take place.

For example, my policy may dictate that I need to take my monthly backup on the last day of each month.  Under Rubrik’s normal scheduling engine, I can only specify a monthly backup.  I can’t create a schedule that is only applied on the last day of the month.

Office365 Backup

Office365 is quickly replacing on-premises Exchange and Sharepoint servers as organizations move to the Software-as-a-Service model. While Micorsoft provides tools to help retain data, it is possible to permanently delete data. There are also scenarios where it is not easy to move data – such as migrating to a new Office365 tenant.

Starting with the Andes 5.0 release, Rubrik will support backup and recovery of Office365 email and calendar objects through the Polaris platform. Polaris will act as the control plane for Office365 backup operations, and it will utilize the customer’s own Azure cloud storage to host the backup data and the search index.

SLAs can be applied to individual users or to all users in a tenant.  When it is applied to all users, new users and mailboxes will automatically inherit the SLA so they are protected as soon as they are created.

The Office365 protection feature allows for individual items, folders, or entire mailboxes to be recovered.  These items can be restored to the original mailbox location or exported to another user’s mailbox.

Other Enhancements

The Andes 5.0 release is a very large release, and I’m scratching the surface of what’s being included.  Some other key highlights of this release are:

  • NAS Direct Archive – Direct backup of NAS filesets into the Cloud
  • Live Mount VMDKs from Snapshots
  • Improved vCenter Recovery – Can recover directly to ESXi host
  • EPIC EHR Database Backup on Pure Storage
  • Snapshot Retention Enhancements
  • Support for RSA Multi-factor Authentication
  • API Tokens for Authentication
  • Cloud Archive Consolidation

Thoughts

This is another impressive release from Rubrik.  There are a number of long-awaited feature enhancements in this release, and they continue to add new features at a rapid pace.

Announcing Rubrik 4.1 – The Microsoft Release

/ seanpmassey

Rubrik has made significant enhancements to their platform since they came out of stealth just over two years ago, and their platform has grown from an innovative way to bring together software and hardware to solve virtualization backup challenges to a robust data protection platform due to their extremely aggressive release schedule.

Yesterday, Rubrik is announcing version 4.1.  The latest version builds on the already strong offerings in the Alta release that came out just a few months ago.  This release, in particular, is heavily focused on the Microsoft stacks, and there is also a heavy focus on cloud.

So what’s new in Rubrik 4.1?

Multi-Tenancy

The major enhancement is multi-tenancy support.  Rubrik 4.1 will now support dividing up a single physical Rubrik cluster into multiple Organizations.  Organizations are logical management units inside a physical Rubrik cluster, and each organization can manage their own logical objects such as users, protected objects, SLA domains, and replication targets.  This new multi-tenancy model is designed to meet the needs of service provider organizations, where multiple customers may use Rubrik as a backup target, as well as large enterprises that have multiple IT organizations.

In order to support the new multi-tenancy feature, Rubrik is adding role-based access control with multiple levels of access.  This will allow application owners and administrators to get limited access to Rubrik to manage their particular resources.

Azure, Azure Stack, and Hyper-V

One of the big foci of the Rubrik 4.1 release is Microsoft, and Rubrik has enhanced their Microsoft platform support.

The first major enhancement to Rubrik’s Microsoft platform offering is Azure Stack support.  Rubrik will be able to integrate with Azure Stack and provide protection to customer workloads running on this platform.

The second major enhancement is to the CloudOn App Instantiation feature.  CloudOn was released in Alta, and it enables customers to power-on VM snapshots in the public cloud.  The initial release supported AWS, and Rubrik is now adding support for Azure.

SQL Server Always-On Support

Rubrik is expanding it’s agent-based SQL Server backup support to Always-On Availability Groups.  In the current release, Rubrik will detect if a SQL Server is part of an availability group, but it requires an administrator to manually apply an SLA policy to databases.  If there is a failover in the availability group, a manual intervention would be required to change the replica that was being protected.  This could be an issue with 2-node availability groups as a node failure, or server reboot, would cause a failover that could impact SLAs on the protected databases.

Rubrik 4.1 will now detect the configuration of a SQL Server, including availability groups.  Based on the configuration, Rubrik will dynamically select the replica to back up.  If a failover occurs, Rubrik will select a different replica in the availability group to use as a backup source.  This feature is only supported on synchronous commit availability groups.

Google Cloud Storage Support

Google Cloud is now supported as a cloud archive target, and all Google Cloud storage tiers are supported.

AWS Glacier and GovCloud Support

One feature that has been requested multiple times since Rubrik was released was support for AWS Glacier for long-term storage retention.  Rubrik 4.1 now adds support for Glacier as an archive location.

Also in the 4.1 release is support for AWS GovCloud.  This will allow government entities with Rubrik to utilize AWS as a cloud archive.

Thoughts

Rubrik has had an aggressive release schedule since Day 1.  And they don’t seem to be letting up on quickly adding features.  The 4.1 release does not disappoint in this category.

The feature I’m most excited about is the enhanced support for SQL Always-On Availability Groups.  While Rubrik can detect if a database is part of an AG today, the ability to dynamically select the instance to back up is key for organizations that have smaller AGs or utilize the basic 2-node AG feature in SQL Server 2016.

 

The Approaching Backup (Hyper)Convergence #VFD5

/ seanpmassey / 1 Comment

When we talk about convergence in IT, it usually means bringing things together to make them easier to manage and use.  Network convergence, in the data center, is bringing together your storage and IP stacks, while hyperconverged is about bringing together compute and storage together in a platform that can easily scale as new capacity is needed.

One area where we haven’t seen a lot of convergence is the backup industry.  One new startup, fresh out of stealth mode, aims to change that by bringing together backup storage, compute, and virtualization backup software in a scalable and easy to use package.

I had the opportunity to hear from Rubrik, a new player in the backup space, at Virtualization Field Day 5.   My coworker, and fellow VFD5 delegate, Eric Shanks, has also written his thoughts on Rubrik.

Note: All travel and incidental expenses for attending Virtualization Field Day 5 were paid for by Gestalt IT.  This was the only compensation provided, and it did not influence the content of this post.

One of the challenges of architecting backup solutions for IT environments is that you need to bring together a number of disparate pieces, often from different vendors, and try to make them function as one.  Even if multiple components are from the same vendor, they’re often not integrated in a way to make them easy to deploy.

Rubrik’s goal is to be a “Time Machine for private cloud” and to make backup so simple that you can have the appliance racked and starting backups within 15 minutes.  Their product, which hit general availability in May, combines backup software, storage, and hardware in a package that is easy to deploy, use, and scale.

They front this with an HTML5 interface and advanced search capabilities for virtual machines and files within the virtual machine file system.  This works across both locally stored data and data that has been aged out to the cloud due to a local metadata cache.

Because they control the hardware and software for the entire platform, Rubrik is able to engineer everything for the best performance.  They utilize flash in each node to store backup metadata as well as ingest the inbound data streams to deduplicate and compress data.

Rubrik uses SLAs to determine how often virtual machines are protected and how long that data is saved.  Over time, that data can be aged out to Amazon S3.  They do not currently support replication to another Rubrik appliance in another location, but that is on the roadmap.

Although there are a lot of cool features in Rubrik, it is a version 1.0 product.  It is missing some things that more mature products have such as application-level item recovery and role-based access control.  They only support vSphere in this reslease.  However, the vendor has committed to adding many more features, and support for additional hypervisors, in future releases.

You can watch the introduction and technical deep dive for the Rubrik presentation on Youtube.  The links are below.

If you want to see a hands-on review of Rubrik, you can read Brian Suhr’s unboxing post here.

Rubrik has brought an innovative and exciting product to market, and I look forward to seeing more from them in the future.

First Thoughts on @Veeam #V7

/ seanpmassey

Veeam released the latest version of their backup software a week ago on August 15th.  I’ve been looking forward to this release as they’ve included some features that many customers have wanted for some time such as:

  • Grandfather-Father-Son backup rotation as part of a Backup Copy Job to secondary storage
  • Export Backups to Tape
  • vSphere Web Client Plugin
  • Built-In WAN Acceleration

The full list of enhancements and features can be found here.

$Work uses Veeam as the primary backup solution, so I set up a test environment to try out some of these new features before upgrading.  $Work is only licensed for the Standard Edition, and while the evaluation license is for the Enterprise Plus feature set, I will only be testing what I can use in my production environment.  So unfortunately, I won’t be trying out the WAN Acceleration feature or U-AIR.

First Thoughts

Installation of V7 and setting up jobs was a breeze.  There were a few small changes to the process compared to previous versions, like having to set up credentials to access VCenter and Windows servers in a credential vault, but those changes were relatively minor and saved time later.  In previous versions, I would have to go into my password vault each time I wanted to create a backup job that included windows servers.  This takes care of that.

Not much has changed with setting up new backup jobs.  They have added a screen for setting up a secondary storage site and backup rotation, which makes it easy to add backup jobs to a backup copy job if you already have one set up.  One of the best changes on various jobs screens, in my opinion, is that the backup job statistics screen is now accessible on the main screen just by selecting a backup job.  It is no longer buried in a context meu.

Previous versions of Veeam backed up servers sequentially if there was more than one server per backup job.  That’s changed in this edition.  Veeam will now backup multiple servers per job in parallel.  This will cut down backup times significantly.  This option isn’t enabled if you are upgrading from a previous version, but it can easily be enabled by going into the options menu.

I really like the Backup Copy job option.  There is a lot to this feature, and I want to dedicate more time to it in a separate post.

The timing of this release is very good.  We are a Veeam customer at $work, and we’ve just started to reevaluate our disaster recovery plan and capabilities.  Some of these features, especially the exporting backups to tape and GFS rotation, are capabilities that we wanted to get.  We currently back up directly to an offsite repository, so the backup copy job feature may be one of the best additions to this product.

Exchange Restores and PowerShell Scripting Games

/ seanpmassey

In my last post, I posted a script that I use to back up my Exchange 2010 test environment using PowerShell and Windows Server Backup.  But what if I need to do a restore?

Well, the good people over at ExchangeServerPro.com have a good step-by-step walkthrough of how to restore an individual mailbox that covers restoring from WSB, rolling the mailbox forward, and recovering data.

If you’re interested in how a restore would work, check out the article.

PowerShell Scripting Games

Microsoft’s annual scripting games started on Monday.  Unlike previous years, scripting is limited to the Powershell scripting language this year.  A beginner and an advanced scripting challenge is posted each day, and you have seven days to submit a solution to the problem.

You can find the challenges and scripting tips on the Hey! Scripting Guy blog.  The official rules also include a link to the registration page.

If you’re looking to learn about PowerShell or just challenge yourself with a scripting problem, you might want to check this out.

Scripting Exchange 2010 Backups on Windows Server 2008R2 using PowerShell and Windows Backup Service

/ seanpmassey / 8 Comments

I’ve struggled with backing up my Exchange 2010 SP1 environment in my home lab since I upgraded over a month ago.  Before I had upgraded, I was using a script that did Volume Shadow Services (VSS) backups.

After upgrading, I wanted to cut my teeth with Windows Server Backup (WBS).  Windows Server Backup is the replacement for the NTBackup program that was included with Windows until Vista, and it uses VSS to take snapshot backups of entire volumes or file systems.

Unlike NTBackup, WBS will not run backup jobs to tape.  You will need to dedicate an entire volume or use a network folder to store your backups.  If you use the GUI, you can only retain one backup set, and a new backup will overwrite the old.

This was an issue for me.  Even though I have Exchange configured to retain deleted items for 14 days and deleted mailboxes for 30 days, I like to keep multiple backups.  It allows me to play with multiple recovery scenarios that I might face in the real world.

And that is where PowerShell comes in.  Server 2008R2 allows users to create a temporary backup policy and pass that policy to the Windows Backup Service.  This will also allow you to change the folder where the backup is saved each time, and you can easily add or remove volumes, LUNs, and databases without having to reconfigure your backup job each time.

I started by working from the script that Michael Smith that I linked to above.  To modify this script to work with WBS, I first had to modify it to work with Exchange 2010.  One of the major differences between Exchange 2007 and Exchange 2010 is that storage groups have been removed in the latter.  Logging and other storage group functions have been rolled into the database, making them self-contained.

The original script used the Get-StorageGroup PowerShell command to get the location of each storage group’s log files.  Since this command is no longer present, I had to add sections of this function to the function that retrieved the location of the database files.

After adding some error handling by using Try/Catch, the section that locates mailbox databases looks like:

Try
{
foreach ($mdb in $colMB)
{
if ($mdb.Recovery)
{
write-host ("Skipping RECOVERY MDB " + $mdb.Name)
continue
}
write-host ($mdb.Name + "`t " + $mdb.Guid)
write-host ("`t" + $mdb.EdbFilePath)
write-host " "

$pathPattern.($mdb.EdbFilePath) = $i

$vol = $mdb.EdbFilePath.ToString().SubString(0, 2)
$volumes.set_item($vol,$i)

#This Section gets the log file information for the backup
$prefix  = $mdb.LogFilePrefix
$logpath = $mdb.LogFolderPath.ToString()

## E00*.log
$pathpattern.(join-path $logpath ($prefix + "*.log")) = $i

$vol = $logpath.SubString(0, 2)
$volumes.set_item($vol,$i)

$i += 1
}
}
Catch
{
Write-Host "There are no Mailbox Databases on this server."
}


I also removed all of the functions related to building and calling the Disk Shadow and RoboCopy commands.  Since we will be using WBS, there is no need to manually trigger a VSS backup.


Once we know where our mailbox and public folder databases and their log files are located, we can start to build our temporary backup job.  The first thing we need to do is create a new backup job called $bpol by using the New-WBPolicy cmdlet.


##Create New Backup Policy for Windows Server Backup
$BPol = New-WBPolicy




Once we have created our backup policy, we add the drives that we want to backup.  We can tell Windows Server Backup which drives we want to back up by using the drives and folder paths that we retrieved from Exchange using the code above.  We use the Get-WBVolume cmdlet to get the disk or volume information and the Add-WBVolume command to add it to the backup job.


##Define volumes to be backed up based on Exchange filepath information
##Retrieved in function GetStores

ForEach($bvol in $volumes.keys)
{
$WBVol = Get-WBVolume –volumepath $bvol
Add-WBVolume –policy $BPol –volume $WBVol
}




The Add-WBVolume doesn’t overwrite previous values, so I can easily add multiple drives to my backup job.


Now that my backup locations have been added, I need to tell WBS that this will be a VSS Full Backup instead of a VSS Copy Backup.  I want to run a full backup because this will commit information in the log files to the database and truncate old logs.  The command to set the backup job to a full backup is:


Set-WBVssBackupOptions -policy $BPol –VssFullBackup




Finally, I need to set my backup target.  This script is designed to back up to a network share.  Since I want to retain multiple backups, it will also create a new folder to store the backup at runtime.  I created a function called AddWBTarget to handle this part of the job.


Function AddWBTarget
{
##Create New Folder for back in $backuplocation using date format
$folder = get-date -uFormat "%Y-%m-%d-%H-%M"
md "$backupLocation\$folder"
$netFolder = "$backupLocation\$folder"

$netTarget = New-WBBackupTarget -NetworkPath "$netfolder"
Add-WBBackupTarget -policy $BPol -Target $netTarget
}




The backup location needs to be a UNC path to a network folder, and you set this when you run the script with the –backuplocation parameter.  The function will also create a new folder and then add this location to the backup job using the Add-WBBackupTarget.


The documentation for the Add-WBBackupTarget states that you need to provide user credentials to backup to a network location.  This does not appear to be the case, and WBS appears to use the credentials of the user running the script to access the backup location.


WBS now has all of the information that it needs to perform a backup, so I will pass the temporary backup job to WBS using the Start-WBBackup with the –policy parameter.


You can run the script manually by running EX2k10WBS.ps1 from your Exchange 2010 server.  You will need to declare your backup location by using the –backuplocation parameter.  Since this script will be performing a backup, you will need to run PowerShell with elevated permissions.


You can also set this script to run as a scheduled task.


You can download the entire script here.