# Quick Start Guide - BC Backup System ## 5-Minute Setup ### 1. Install Dependencies ```bash ./setup.sh ``` ### 2. Create Azure AD App 1. Go to [Azure Portal](https://portal.azure.com) → Azure AD → App registrations → New 2. Name: `BC-Backup-Service` 3. Note: **Application ID** and **Tenant ID** 4. Create **Client Secret** (save immediately!) 5. Add API Permission: **Dynamics 365 Business Central** → **Automation.ReadWrite.All** 6. Click **Grant admin consent** ### 3. Create S3 Bucket with Object Lock **AWS:** ```bash aws s3api create-bucket \ --bucket my-bc-backups \ --region us-east-1 \ --object-lock-enabled-for-bucket aws s3api put-object-lock-configuration \ --bucket my-bc-backups \ --object-lock-configuration '{ "ObjectLockEnabled": "Enabled", "Rule": {"DefaultRetention": {"Mode": "COMPLIANCE", "Days": 30}} }' ``` **MinIO:** ```bash mc mb myminio/my-bc-backups --with-lock mc retention set --default COMPLIANCE "30d" myminio/my-bc-backups ``` ### 4. Configure ```bash nano bc-backup.conf ``` Minimum required: ```bash AZURE_TENANT_ID="xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx" AZURE_CLIENT_ID="xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx" AZURE_CLIENT_SECRET="your-secret-here" BC_ENVIRONMENT_NAME="Production" ENCRYPTION_PASSPHRASE="$(openssl rand -base64 32)" # Generate strong key S3_BUCKET="my-bc-backups" S3_ENDPOINT="https://s3.amazonaws.com" AWS_ACCESS_KEY_ID="AKIAXXXXXXXXXXXXXXXX" AWS_SECRET_ACCESS_KEY="your-secret-key" AWS_DEFAULT_REGION="us-east-1" ``` **IMPORTANT**: Save your `ENCRYPTION_PASSPHRASE` in a password manager! ### 5. Test Configuration ```bash ./test-config.sh ``` ### 6. Test Backup ```bash ./bc-backup.sh ``` Watch logs: ```bash tail -f logs/backup.log ``` ### 7. Schedule Hourly Backups ```bash crontab -e ``` Add: ``` 0 * * * * /home/malin/c0ding/bcbak/bc-backup.sh >> /home/malin/c0ding/bcbak/logs/cron.log 2>&1 ``` ## Done! Your backups will now run every hour automatically. --- ## Common Commands ```bash # View latest backup log tail -100 logs/backup.log # List backups in S3 aws s3 ls s3://my-bc-backups/backups/ --endpoint-url https://s3.amazonaws.com # Test configuration ./test-config.sh # Decrypt a backup ./decrypt-backup.sh backup.bacpac.gpg # Check cron jobs crontab -l # View cron logs tail -f logs/cron.log ``` ## Restore Process 1. Download encrypted backup from S3 2. Decrypt: `./decrypt-backup.sh backup.bacpac.gpg` 3. Import to Azure SQL with SqlPackage 4. Contact Microsoft to connect BC See [README.md](README.md) for detailed instructions. ## Troubleshooting | Issue | Solution | |-------|----------| | Authentication failed | Check Azure AD credentials, verify API permissions granted | | Export not authorized | Only Production environments with paid subscriptions can export | | Object Lock error | Bucket must be created with Object Lock enabled | | Upload failed | Verify S3 credentials and bucket name | Full troubleshooting guide in [README.md](README.md). ## Important Notes - **Encryption passphrase**: Store securely! Can't decrypt without it - **API limit**: BC allows max 10 exports per month (script reuses recent exports) - **Export time**: Database exports take 15-60 minutes - **Immutability**: Files can't be deleted for 30 days (by design) - **Cost**: Monitor S3 storage costs (hourly backups = ~720 files/month) ## File Structure ``` bcbak/ ├── bc-backup.sh # Main script (run this) ├── bc-export.ps1 # BC export logic ├── bc-backup.conf # Your config (secret!) ├── decrypt-backup.sh # Decrypt backups ├── test-config.sh # Validate setup ├── setup.sh # Install dependencies ├── README.md # Full documentation └── logs/ # Backup logs ``` ## Need Help? 1. Check `logs/backup.log` for errors 2. Run `./test-config.sh` to validate setup 3. Review [README.md](README.md) troubleshooting section