Start preparing for your Next Exam | Use coupon – TOGETHER | Avail 30% discount

Manage VM Backups

  1. Home
  3. Exam AZ-103: Microsoft Azure Administrator
  5. Manage VM Backups

Configure VM backup

As we all know that, Azure backups can be created through the Azure portal. This process of configuring VM backups provides a browser-based user interface for creating and configuring Azure backups and all related resources. We can also protect the data by taking backups at regular intervals. Azure Backup creates recovery points that can be stored in geo-redundant recovery vaults.

How to select a VM to back up?

We shall now discuss a create a simple scheduled daily backup to a Recovery Services Vault.

  • In the menu on the left, select Virtual machines.
  • From the list, choose a VM to back up. In case we used the sample VM quickstart commands, the VM is named myVM in the myResourceGroup resource group.
  • In the Operations section, choose Backup such that the Enable backup window opens

How to enable backup on a VM?

We can define a Recovery Services vault as a logical container which stores the backup data for each protected resource, such as Azure VMs. Such that when the backup job for a protected resource is run, it thereafter it creates a recovery point inside the Recovery Services vault. We can use one of these recovery points to restore data to a given point in time. We shall now understand the steps to enable backup on a VM –

  • Select Create new and provide a name for the new vault, like myRecoveryServicesVault.
  • If not already selected, choose Use existing, then select the resource group of the VM from the drop-down menu. Such that by default, the vault is set for Geo-Redundant storage. In order to further protect the data, this storage redundancy level ensures that the backup data is replicated to a secondary Azure region that is hundreds of miles away from the primary region.
  • Select Enable Backup , to accept the default backup policy values.

How to start a backup job?

  • On the Backup window for the VM, select Backup now.
  • For accepting the backup retention policy of 30 days, leave the default Retain Backup Till date.
  • For starting the job, select Backup.

How to clean up deployment?

  • Select the Backup option for the VM.
  • Select More to show additional options, then choose Stop backup.
  • Select Delete Backup Data from the drop-down menu.
  • In the Type the name of the Backup item dialog, enter the VM name, such as yourVM. Select Stop Backup.
  • Once the VM backup has been stopped and recovery points removed, we can delete the resource group. In case we used an existing VM, we may wish to leave the resource group and VM in place.
  • In the menu on the left, select Resource groups.
  • From the list, choose the resource group. In case we used the sample VM quickstart commands, the resource group is named yourResourceGroup.
  • Select Delete resource group.
  • For confirming, enter the resource group name, then select Delete.

Define Backup Policies

Azure Backup supports backup of Azure VMs which have their OS/data disks encrypted with Azure Disk Encryption (ADE). Azure Disk Encryption (ADE) that uses BitLocker for encryption of Windows VMs, and the dm-crypt feature for Linux VMs. ADE integrates with Azure Key Vault to manage disk-encryption keys and secrets. Key Vault Key Encryption Keys (KEKs) can be used to add an additional layer of security, encrypting encryption secrets before writing them to Key Vault.

How to configure a backup policy?

In case we have not yet created a Recovery Services backup vault, follow the given instructions –

  • Open the vault in the portal, and select Backup in the Getting Started section.
  • In Backup goal > Where is the workload running ? select Azure.
  • In What do we want to back up? select Virtual machine > OK.
  • In Backup policy > Choose backup policy, select the policy that we want to associate with the vault. Then click OK.
  • A backup policy specifies when backups are taken, and how long they are stored – The details of the default policy are listed under the drop-down menu and in case we don’t want to use the default policy, select Create New, and create a custom policy.
  • Choose the encrypted VMs you want to back up using the select policy, and select OK.
  • In case we are using Azure Key Vault, on the vault page, we see a message that Azure Backup needs read-only access to the keys and secrets in the Key Vault.
  • In case we are using Azure Key Vault, on the vault page, we see a message that Azure Backup needs read-only access to the keys and secrets in the Key Vault.
  • Click Enable Backup to deploy the backup policy in the vault, and enable backup for the selected VMs.

How to provide permissions?

  • First, in the Azure portal, select All services, and search for Key vaults.
  • Second, select the key vault associated with the encrypted VM we are backing up.
  • Select Access policies > Add new.
  • Select Select principal, and then type Backup Management.
  • Select Backup Management Service > Select.
  • In Add access policy > Configure from template (optional), select Azure Backup.
  • Click OK. Backup Management Service is added to Access policies.
  • Click Save to provide Azure Backup with the permissions

Implement Backup Policies

How to create a vault?

We can define a vault stores backups and recovery points created over time, and stores backup policies associated with backed up machines. We shall now describe to create a vault as follows –

  • Sign in to the Azure portal.
  • In search, type Recovery Services. Under Services, click Recovery Services vaults.
  • In Recovery Services vaults menu, click +Add.
  • In Recovery Services vault, type in a friendly name to identify the vault – The name needs to be unique for the Azure subscription, and it can contain 2 to 50 characters and it must start with a letter, and it can contain only letters, numbers, and hyphens.
  • Select the Azure subscription, resource group, and geographic region in which the vault should be created. Then click Create – It can take a while for the vault to be created and Monitor the status notifications in the upper-right area of the portal.

After the vault is created, it appears in the Recovery Services vaults list. In case we don’t see vault, select Refresh.

How to modify storage application?

  • In the new vault, click Properties in the Settings section.
  • In Properties, under Backup Configuration, click Update.
  • Select the storage replication type, and click Save.

How to apply a backup policy?

  • In the vault, click +Backup in the Overview section.
  • In Backup Goal > Where is your workload running? select Azure. In What do you want to back up? select Virtual machine > OK. This registers the VM extension in the vault.
  • In Backup policy, select the policy that we want to associate with the vault – The default policy backs up the VM once a day. The daily backups are retained for 30 days. Instant recovery snapshots are retained for two days and in case we don’t want to use the default policy, select Create New, and create a custom policy as described in the next procedure.
  • In Select virtual machines, select the VMs we want to back up using the policy. Then click OK – The selected VMs are validated and we can only select VMs in the same region as the vault and VMs can only be backed up in a single vault.
  • In Backup, click Enable backup. This deploys the policy to the vault and to the VMs, and installs the backup extension on the VM agent running on the Azure VM.

How to create a custom policy?

Following are the steps to create a new backup policy –

  • In the Policy name, specify a meaningful name.
  • In Backup schedule, specify when backups should be taken. We can take daily or weekly backups for Azure VMs.
  • In Instant Restore, specify how long we want to retain snapshots locally for instant restore.
  • Now when we restore, backed up VM disks are copied from storage, across the network to the recovery storage location.
  • We can retain snapshots for instant restore for between one to five days, such that two days is the default setting.
  • In Retention range, specify how long we want to keep the daily or weekly backup points.
  • In Retention of monthly backup point, specify whether we want to keep a monthly backup of daily or weekly backups.
  • Click OK to save the policy.

Perform VM Restore

Restore Options

Restore optionDetails
Create a new VMQuickly creates and gets a basic VM up and running from a restore point.

We can specify a name for the VM, select the resource group and virtual network (VNet) in which it will be placed, and specify a storage account for the restored VM.
Restore diskRestores a VM disk, which can then be used to create a new VM.

Azure Backup provides a template to helps customize and create a VM.

The restore job generates a template that we can download and use to specify custom VM settings, and create a VM.

The disks are copied to the storage account you specify.

Alternatively, we can attach the disk to an existing VM, or create a new VM using PowerShell.

This option is useful in case we want to customize the VM, add configuration settings that were not there at the time of backup, or add settings that must be configured using the template or PowerShell.
Replace existingWe can restore a disk, and use it to replace a disk on the existing VM.

The current VM must exist. If it’s been deleted, this option can’t be used.

Azure Backup takes a snapshot of the existing VM before replacing the disk, and stores it in the staging location you specify. Existing disks connected to the VM are replaced with the selected restore point.

The snapshot is copied to the vault, and retained in accordance with the retention policy.

Replace existing is supported for unencrypted managed VMs. It’s not supported for unmanaged disks, generalized VMs, or for VMs created using custom images.

If the restore point has more or less disks than the current VM, then the number of disks in the restore point will only reflect the VM configuration.

How to select a restore point?

  • Click Backup items > Azure Virtual Machine in the vault associated with the VM we want to restore
  • Click a VM. By default on the VM dashboard, recovery points from the last 30 days are displayed. We can display recovery points older than 30 days, or filter to find recovery points based on dates, time ranges, and different types of snapshot consistency.
  • In order to restore the VM, click Restore VM.
  • Select a restore point to use for the recovery.

How to choose a VM restore configuration?

  • Step 1 – Restore configuration, select a restore option – First, Create new this can be done so use this option if we want to create a new VM. We can create a VM with simple settings, or restore a disk and create a customized VM. Secondly, replace existing for this use this option if you want to replace disks on an existing VM.
  • Specify settings for the selected restore option.

How to create a VM?

As a part of one of the restore options, we can create a VM quickly with basic settings from a restore point.

  • In Restore configuration > Create new > Restore Type, select Create a virtual machine.
  • In Virtual machine name, specify a VM that doesn’t exist in the subscription.
  • In Resource group, select an existing resource group for the new VM, or create a new one with a globally unique name. In case we assign a name that already exists, Azure assigns the group the same name as the VM.
  • In Virtual network, select the VNet in which the VM will be placed. All VNets associated with the subscription are displayed. Select the subnet. The first subnet is selected by default.
  • In Storage Location, specify the storage account for the VM.
  • In Restore configuration, select OK. In Restore, click Restore to trigger the restore operation.

How to create a restore disks?

  • Under Restore configuration > Create new > Restore Type, select Restore disks.
  • Under Resource group, select an existing resource group for the restored disks, or create a new one with a globally unique name.
  • Under Storage account, specify the account to which to copy the VHDs.
  • Under Restore configuration, select OK. In Restore, click Restore to trigger the restore operation.

Azure Site Recovery

Azure Site Recovery service contributes to the business continuity and disaster recovery (BCDR) strategy by keeping business apps up and running, during planned and unplanned outages.

How to enable replication for the Azure VM?

  • In the Azure portal, click Virtual machines, and select the VM you want to replicate.
  • In Operations, click Disaster recovery.
  • In Configure disaster recovery > Target region select the target region to which to replicate.
  • For this Quickstart, accept the other default settings.
  • Click Enable replication. This starts a job to enable replication for the VM.

How to verify settings?

Post the replication job has finished, we can check the replication status, modify replication settings, and test the deployment.

  1. In Operations, click Disaster recovery.
  2. We can verify replication health, the recovery points that has been created, and source, target regions on the map.
Menu