Start preparing for your Next Exam | Use coupon – TOGETHER | Avail 30% discount

Create and configure a Recovery Services vault

  1. Home
  3. Create and configure a Recovery Services vault

Go back to Tutorial

In this we will learn about how to create a Recovery Services vault. However, a Recovery Services vault is a management entity that stores recovery points created over time and provides an interface to perform backup related operations. These include taking on-demand backups, performing restores, and creating backup policies.

To create a Recovery Services vault, follow these steps.

  • Firstly, sign in to your subscription in the Azure portal.
  • Then, on the left menu, select All services.
  • Thirdly, in the All services dialog box, enter Recovery Services. The list of resources filters according to your input. In the list of resources, select Recovery Services vaults.
Fourthly, on the Recovery Services vaults dashboard.
  • And , select Add
    • Name: Enter a friendly name to identify the vault. The name must be unique to the Azure subscription. Specify a name that has at least 2 but not more than 50 characters. The name must start with a letter and consist only of letters, numbers, and hyphens.
    • Subscription: Choose the subscription to use. If you’re a member of only one subscription, you’ll see that name. If you’re not sure which subscription to use, use the default (suggested) subscription
    • Resource group: Use an existing resource group or create a new one. To see the list of available resource groups in your subscription, select Use existing, and then select a resource from the drop-down list.

Location: Select the geographic region for the vault. To create a vault to protect any data source, the vault must be in the same region as the data source.

  • Fifthly, after providing the values, select Review + create.
  • And, when you’re ready to create the Recovery Services vault, select Create.
  • However, it can take a while to create the Recovery Services vault. Monitor the status notifications in the Notifications area at the upper-right corner of the portal. Lastly,, after your vault is created, it’s visible in the list of Recovery Services vaults. If you don’t see your vault, select Refresh.

Set storage redundancy

Azure Backup automatically handles storage for the vault. You need to specify how that storage is replicated.

  • Firstly, from the Recovery Services vaults pane, select the new vault. Under the Settings section, select Properties.
  • Secondly, in Properties, under Backup Configuration, select Update.
  • Thirdly, select the storage replication type, and select Save.
AZ-104 practice tests

Set Cross Region Restore

The restore option Cross Region Restore (CRR) allows you to restore data in a secondary, Azure paired region.

It supports the following datasources:

  • Azure VMs
  • SQL databases hosted on Azure VMs
  • SAP HANA databases hosted on Azure VMs

Using Cross Region Restore allows you to:

  • Firstly, conduct drills when there’s an audit or compliance requirement
  • Secondly, restore the data if there’s a disaster in the primary region

Configure Cross Region Restore

A vault created with GRS redundancy includes the option to configure the Cross Region Restore feature. Every GRS vault will have a banner, which will link to the documentation. To configure CRR for the vault, go to the Backup Configuration pane, which contains the option to enable this feature.

  • Firstly, from the portal, go to your Recovery Services vault > Properties (under Settings).
  • Secondly, under Backup Configuration, select Update.
  • Thirdly, select Enable Cross Region Restore in this vault to enable the functionality.

Set encryption settings

By default, the data in the Recovery Services vault is encrypted using platform-managed keys. No explicit actions are required from your end to enable this encryption, and it applies to all workloads being backed up to your Recovery Services vault. However, you may choose to bring your own key to encrypt the backup data in this vault. This is referred to as customer-managed keys.

Configuring a vault to encrypt using customer-managed keys

To configure your vault to encrypt with customer-managed keys, these steps must be followed in this order:

  • Firstly, enable managed identity for your Recovery Services vault
  • Secondly, assign permissions to the vault to access the encryption key in the Azure Key Vault
  • Thirdly, enable soft-delete and purge protection on the Azure Key Vault
  • Lastly, assign the encryption key to the Recovery Services vault

Modifying default settings

We highly recommend you review the default settings for Storage Replication type and Security settings before configuring backups in the vault.

  • Firstly, Storage Replication type by default is set to Geo-redundant (GRS). Once you configure the backup, the option to modify is disabled.
    • if you haven’t yet configured the backup, then follow these steps to review and modify the settings.
    • If you’ve already configured the backup and must move from GRS to LRS, then review these workarounds.
  • Secondly, soft delete by default is Enabled on newly created vaults to protect backup data from accidental or malicious deletes.
Create and configure a Recovery Services vault AZ-104 online course

Reference: Microsoft Documentation

Go back to Tutorial

Menu