Summary
Description
1 Intended Purpose
The intended purpose of this document is to clarify, simplify and facilitate the process involved in upgrading or downgrading N2W Backup and Recovery (CPM) to a different edition and/or version. It will provide a checklist of necessary permissions and access to the Azure infrastructure to be concluded before the upgrade or downgrade process can begin.
2 Time Needed
The entire installation and upgrade process generally takes 60 minutes. Additional time may be needed for extensive configuration following the installation process. During the upgrade/downgrade, you will incur downtime in the backup process.
3 Release Notes & User Guide Documentation
Up-to-date release notes for V4.x.x and the most recent service release can be found at: Release notes for N2W v4.5.1 [February 2026]
Up-to-date product documentation (User Guide) can be found at:
https://N2W.com/support/documentation (HTML)
4 Checklist for Upgrades & Downgrades
This is a checklist to prepare for the upgrade/downgrade:
- Absolutely no backups can be scheduled to run during the upgrade – the upgrade window is 1 hour
-
The person performing the upgrade will need to have sufficient Azure account administrative permissions to
- Spin up instances and take out subscriptions from the Azure Marketplace
- Create and modify Azure Policies and Azure IAM roles/users
- The person performing the upgrade will need to have access to the N2W root admin account, username and password
- If you are using Linux backup scripts to perform application-consistent backups on Linux-based instances, you will need to back up those scripts separately before the upgrade. The Linux backup scripts can be found on the N2W instance root volume in the folder /cpmdata/scripts
- If you are not utilising the N2W self-signed SSL certificate, you will need to have your wildcard .crt and .key files available during the upgrade.
- If you are utilising the IdP functionality, you will need to have the IdP’s X. 509 certificate available during the upgrade
- If you are utilising a web proxy, you will need to have the web proxy configuration available during the upgrade
- If you are utilising a custom URL to access the N2W web portal, you will need to have access to the DNS record process. This will allow an in-place upgrade without terminating the N2W instance beforehand.
- If you are performing Azure cross-account backups, the person performing the upgrade will need to have sufficient Azure account administrative permissions to upgrade the Azure policies and Azure roles/IAM users in the target account (See 6.1)
- If you are utilising the N2W thin backup agent for application-consistent backups on Windows-based virtual machines, please review Chapter 5 of this guide
- If the planned upgrade is a white-glove install with the help of an N2W Engineer, please provide which version of N2W you are currently on and if you are using the S3 archive feature
5 Application Consistent Backups & Thin Backup Agents
Application Consistent Backups on Windows-based virtual machines generally utilise the N2W Thin Backup Agent. If you’re upgrading from a version prior to 3.1, you will need to upgrade the Thin Backup Agent on all required servers due to a major update to the agent's software and capabilities.
6 Azure Permissions needed for installation
The person or team responsible for deploying N2W Backup and Recovery must have administrative permissions.
- Being able to create instances from the Azure Marketplace
- Being able to take out subscriptions from the Azure Marketplace
- Create roles in IAM
- Create, modify and assign policies in IAM
6.1 Particular Azure permissions needed for N2W to function correctly
With the N2W Backup and Recovery upgrade, we introduce new features to the product. You will also need to modify the permissions assigned to the IAM role used with N2W Backup and Recovery. The minimum IAM policy files needed for N2W configuration can be obtained at:
[4.5.0] Required Minimum Azure permissions for N2W operations
The file contains multiple JSON files. Please use the version appropriate for your N2W Backup and Recovery edition.
These JSON files can be customised for specific requirements. The default gives N2W access to all its backup, recovery and management capabilities.
7 Immutable Backups
Enabling Immutable Backups will prevent the unauthorised deletion of Azure VM and disk snapshots. When a policy is enabled for Immutable Backups, a ‘Delete’ lock type is assigned to a disk snapshot until the lock is removed. The lock is removed by N2W before Cleanup or by user-initiated deletion.
To enable immutable backups:
- Select the relevant policy.
- In the More Options tab, select Enable Immutable Backups.
To view the Lock Type in Azure:
On the Azure console, go to the Snapshot page and select Locks.
The following permissions are required:
o Microsoft.Authorisation/locks/read
o Microsoft.Authorisation/locks/write
o Microsoft.Authorisation/locks/delete
8 Compliance
N2W Backup and Recovery is an IaaS (infrastructure-as-a-service) solution. N2W resides in your account and interacts with your data and the Azure infrastructure using Azure API calls.
- The data never flows through N2W, which means we inherit the compliance ratings of the Azure cloud
- N2W belongs to you and you are not sharing a service with other customers
- N2W is completely under your control, and you’re not entrusting your Azure account credentials to a service hosted somewhere else
N2W inherits the compliance of the Azure cloud:
ISO: https://learn.microsoft.com/en-us/azure/compliance/offerings/offering-iso-27001
SOC: https://learn.microsoft.com/en-us/azure/compliance/offerings/offering-soc-1
HIPAA:https://learn.microsoft.com/enus/azure/compliance/offerings/offering-hipaa-us
FEDRAMP: http://learn.microsoft.com/en-us/azure/compliance/offerings/offering-fedramp
Other Compliance Programs: https://learn.microsoft.com/en-us/azure/compliance/
The following KB article discusses hardening of the CPM instance for the purpose of vulnerability scans:
N2W instance hardening for vulnerability scans
The underlying OS of the N2W virtual appliance is Ubuntu 18.04, and a Security Technical Implementation Guide (STIG) can be found here:
https://www.stigviewer.com/stig/canonical_ubuntu_18.04_lts/
Confirmation Steps
1 Support
N2W Backup and Recovery comes with full software support. You may log tickets with our 24/7 support, free of charge, via:
https://N2W.zendesk.com/hc/en-us/requests/new
or
email to support@N2W.com
The full documentation can be found at: https://N2W.com/support/documentation
We also encourage you to reach out to your sales representative for workshops, escalations and questions.
2 Video Tutorials
0. Install of N2W V4.x.x (and configuration of appliance backup – cpmdata) https://youtu.be/B-Daepgs_Zk
1. Configuration of an Azure VM backup https://youtu.be/ndn3hwCbMNI
2. Configuration of Azure Storage Repository https://youtu.be/H9xjOQ3rc5c
3. Recovering an Azure VM https://youtu.be/tRXCMzyS9-I
4. Configuration of Resource Control https://youtu.be/k_DbaZlFt0Q
5. Configuration of Notifications https://youtu.be/pbBD0cdyQt0
6. Configuration of Reports and scheduled Reports https://youtu.be/47ptw7MRouo
7. Configuration Recovery Scenarios for Azure cloud https://youtu.be/NS94mHYM5WM
8. Configuration of Automated Backups of Azure Resources with Tags https://youtu.be/zSQEslOEDtU
9. How to Add Azure Subscriptions to N2W https://youtu.be/7p8Ovggz7EQ
10. How to perform SQL Server backups from Azure https://youtu.be/r2eu8e_5QZw
11. Multi-Generational Folder and File-Level Recovery in Azure: https://youtu.be/eSHRSFvRMNA
Comments
0 comments
Please sign in to leave a comment.