Chapter 21: Implementing Backup and Recovery Solutions

This chapter focuses on how to implement and configure backup and recovery solutions. This will involve learning how to deploy a Recovery Services vault, how to configure backup policies, how restore operations work, and how to perform site-to-site recovery via Azure Site Recovery. The last portion of this chapter will focus on how to configure backup reports. These skills are very important as they fall into business as usual (BAU) tasks for almost every organization and are a key skill to have going forward.

In this chapter, we will cover the following topics:

• Creating a Recovery Services vault
• Creating and configuring backup policies
• Performing backup and restore operations via Azure Backup
• Performing site-to-site recovery via Azure Site Recovery
• Configuring and reviewing backup reports

Technical requirements

To follow along with the hands-on sections of this chapter, you will need access to an Azure AD as a global administrator and have administrative privileges at the Subscription level – the Owner Role permission is preferred. If you do not have access to an Azure tenant, students can enroll for a free account at https://azure.microsoft.com/en-in/free/.

An Azure subscription is also required. You can either register with your credit card or enroll for the free $200 once-off credit by going to https://azure.microsoft.com/en-us/free/.

PowerShell will be used for some of the lab sections. For more details on how to configure PowerShell, go to https://docs.microsoft.com/en-us/powershell/azure/install-az-ps?view=azps-1.8.0.

Creating a Recovery Services vault

An Azure Recovery Services vault is a native service within Azure that stores data such as copies of data (backups), as well as configures VMs, servers, files, and more. An Recovery Services vault enables you to use the following:

• Azure Backup: Azure Backup is used to back up VMs, Azure File Shares, SQL servers, files and folders on-premises, Microsoft SharePoint, Microsoft Exchange, SAP HANA databases in Azure VMs, Azure Database for PostgreSQL servers, Azure Blobs, and Azure Managed Disks.
• Site Recovery: Site recovery is used for disaster recovery if resources become unavailable. This can be in a specific region within Azure or another data center located elsewhere, such as an on-premises environment.

Here are some of the benefits of using Recovery Services vaults:

• Security: Security is provided as part of the service to help protect cloud backups to ensure they can be safely recovered.
• Hybrid: Recovery Services vault enables Azure Backup to support cloud and on-premises workloads.
• Permissions: Role-Based Access Control (RBAC) permissions are supported to delegate the correct permissions to administrators or backup owners.
• Soft Delete: This is a feature that protects backups or backup data from being deleted by accident or maliciously. The data will be retained for 14 days after deletion to ensure there's no data loss.

Let's learn how to create a Recovery Services vault in our existing resource group (Az-104) via PowerShell:

1. First, we need to connect to our Azure tenant by using the Connect-AzAccount PowerShell command:

Figure 21.1 – Connecting to our Azure tenant via PowerShell

2. If you have multiple subscriptions, you can use the Select-AzSubscription -SubscriptionId "your-subscription-id" PowerShell command to select a specific subscription.
3. Now that we have selected our Azure tenant and subscription, let's go ahead and create a new Recovery Services Vault by using New-AzRecoveryServicesVault -Name Az104RecoveryServicesVault -ResourceGroupName Az-104 -Location EastUS:
   

Figure 21.2 – Recovery Service vault created via PowerShell

4. Next, we are going to set the redundancy level to georedundant storage:

   $vault1 = Get-AzRecoveryServicesVault `

   -Name Az104RecoveryServicesVault

   Set-AzRecoveryServicesBackupProperty -Vault $vault1 `

   -BackupStorageRedundancy GeoRedundant
5. The next step is to confirm that the new vault has been created in the specified resource group within Azure:

Figure 21.3 – Newly created Recovery Services vault

With that, we have successfully created a new Recovery Services vault within Azure via PowerShell. In the next section, we are going to take this a step further and discuss Azure Backup and how to configure a backup policy.

Creating and configuring backup policies

The Azure Backup service is used to back up resources and data in Azure. This can be used for cloud-only or hybrid scenarios, where you want to back up your on-premises VMs to Azure. Your on-premises backup solution can also be extended to the cloud in conjunction with Azure Backup. Azure Backup is capable of creating backups for VMs, files, folders, applications, workloads, system states, and volumes. Azure Backup consists of the following features and capabilities:

• Back up on-premises resources to Azure: Azure Backup offers short and long-term backup solutions. This can be a replacement for tape and off-site backups.
• Back up Azure VMs: Azure Backup offers independent and isolated backups. These backups are stored in a Recovery Services vault. This vault has built-in management for recovery points.
• Automatic scaling: You can get unlimited scale without maintenance overheads. Alerts can be set for delivering information about events.
• Unlimited data transfer: There is no limit to the amount of inbound and outbound traffic that can be transferred during the backup process. However, if you use the Azure import/export service to import large amounts of data, then a cost will be associated with inbound data.
• Data encryption: Data can be encrypted using an encryption passphrase. This is stored locally and is then needed to restore the data.
• Short and long-term retention: Recovery Services is where the backups are stored and provides short and long-term backups. Azure doesn't limit the time or length that data can be stored in a Recovery Services vault.
• Multiple storage options: Azure Backup offers two types of replication – locally redundant storage (LRS), where your data is replicated three times by creating three copies of the data within the same region, and geo-redundant storage (GRS), which is the default option, where the data is replicated to a secondary region.

You need to answer two questions when configuring a backup:

• Where is the workload running?
  • Is the workload running in Azure or somewhere else?
• What do you want to back up?
  • VMs, files and folders, SharePoint, Exchange, Hyper-V VMs, and so on.

Microsoft has added a new experience for administrators to create and manage backups called Backup center. With Backup center, you can view Recovery Service vaults, backup instances, and backup policies.

Now that we understand how Azure Backup works fundamentally, it is time to enroll a VM into Azure Backup and create a backup policy. Let's configure a backup policy for an Azure virtual machine that has been deployed to the same resource group (Az-104):

1. Navigate to the Azure portal by opening a web browser and going to https://portal.azure.com.
2. Browse to the relevant resource group (in the preceding section, I used Az-104) and select the Recovery Services vault (Az104RecoveryServicesVault):

Figure 21.4 – Selecting the Recovery Services vault within the Azure portal

3. Next, select the Backup option:

Figure 21.5 – Configuring Azure Backup

4. Next, select Azure as the workload type and choose Virtual Machine. Then, select Backup:

Figure 21.6 – Selecting Azure Backup workloads

5. Instead of using the default backup policy, choose to create a new policy and provide the following details:
   • Policy name: AzureVMBackup
   • Backup schedule: Daily
   • Time: 8:00 A.M.
   • Timezone: (UTC) Coordinated Universal Time
   • Instant Restore: 2 days
   • Retention range: 30 days
   • Leave the rest of the settings as Not Configured:

Figure 21.7 – Backup policy configuration

6. Under Virtual Machines, click on Add and select a virtual machine:

Figure 21.8 – Selecting the VM related to the backup policy

7. Click on Enable Backup.
8. Once you're done, you will see that the VM has been enrolled in Azure Backup. After a while, the backup policy will trigger:

Figure 21.9 – Virtual machine successfully enrolled in Azure Backup

With that, we have successfully created an Azure Backup policy for virtual machines that will run daily and create a backup of the VM.

Performing backup and restore operations via Azure Backup

One of the most important parts of backup operations is to ensure that the resource gets backed up and can be restored. To test whether the resource was backed up correctly, you should test the backup by doing a restore.

Let's go ahead and use the Azure portal to trigger an on-demand backup:

1. Navigate to the Azure portal by opening a web browser and going to https://portal.azure.com.
2. In the top search bar, search for and select Backup center:

Figure 21.10 – Selecting Backup center

3. Under Manage, select Backup instances and choose your vault. In my case, this will be Az104RecoveryServicesVault:

Figure 21.11 – Selecting your Recovery Services vault

4. Select Backup Now. This will kick off a backup immediately, regardless of any backup policy. It will ask you for how long you want to retain the backup and kick off the backup:

Figure 21.12 – Enabling Azure Backup

Now that we have created a backup of the VM, let's learn how to restore the backup via the Azure portal.

If you want to restore a backup via Backup center in the Azure portal, follow these steps:

1. Navigate to the Azure portal by opening a web browser and going to https://portal.azure.com.
2. In the top search bar, search for and select Backup center:

Figure 21.13 – Selecting Backup center via the Azure portal

3. Under Manage, select Backup instances and choose your vault. In my case, this will be Az104RecoveryServicesVault:

Figure 21.14 – Selecting the configured backup instance

4. Select Restore VM:

Figure 21.15 – Restoring a VM from a backup

5. You will be prompted to select a valid restore point:

Figure 21.16 – Selecting a valid restore point

6. Next, under Restore Configuration, you need to choose if you want to replace the existing VM or create a new VM. In our case, we are going to select Replace existing and select a storage account for the staging location – we are going to use one of our existing storage accounts and click on Restore:

Figure 21.17 – Choosing to replace the existing VM

With that, we have successfully restored a VM via Backup center in the Azure portal.

I We encourage you to learn more by going to the following links regarding Azure Backup:

• https://docs.microsoft.com/en-us/azure/backup/backup-azure-vms-automation
• https://docs.microsoft.com/en-us/azure/backup/backup-center-overview

In this section, we learned how to perform backup and restore operations via Backup center in the Azure portal.

Performing site-to-site recovery via Azure Site Recovery

Azure Site Recovery is intended to be used as part of an organization's disaster recovery or business continuity plans, which it does by ensuring applications and workloads are accessible during outages. A simple example of Site Recovery would be to replicate a VM from the primary region to the secondary region. If the primary region goes offline, you can failover to the secondary region without issue.

Note

Azure Site Recovery can also be used to migrate on-premises VMs to Azure.

Let's go ahead and perform a site recovery:

1. Navigate to the Azure portal by opening a web browser and going to https://portal.azure.com. Select the Recovery Services vault we created in the Creating a Recovery Services vault section:
2. Click on Enable Site Recovery:

Figure 21.18 – Enable Site Recovery

3. Next, select Enable replication under Azure virtual machines. Here, set Source location to East US, Azure virtual machine deployment model to Resource Manager, Source subscription to Demo (select your subscription here), Source resource group to Az-104, and Disaster recovery between availability zones to No. Click Next:

Figure 21.19 – Site recovery replication settings

4. Select your VM and make sure it has been started. In my case, this will be prod-vm1. Click Next:

Figure 21.20 – Selecting the VM resource

5. Next, set Target location to West US and click Enable replication:

Figure 21.21 – Enabling site-to-site replication

6. Once you've done this, you will notice that a new resource group has been created with the suffix -asr. In my case, it is Az-104-asr, which has a virtual network and the OS disk of the VM we configured as part of the site recovery options.
7. To confirm that site recovery has been completed successfully, browse to Az104RecoveryServicesVault and select Site Recovery Dashboard. Here, you should see charts for Replication health and Failover health:

Figure 21.22 – Site-to-site recovery health status

8. Once the resources have been replicated, you can click on the Failover or Test Failover button to simulate or initiate an actual failover, respectively:

Figure 21.23 – Failover options

With that, we have configured Azure site recovery and know how to initiate a failover.

We encourage you to read up on Azure site recovery by going to the following links:

• https://azure.microsoft.com/en-us/services/site-recovery/#overview
• https://docs.microsoft.com/en-us/azure/site-recovery/site-recovery-overview

In this section, we learned how to perform failover operations via the Azure portal.

Configuring and reviewing backup reports

In the Creating and configuring backup policies section, we learned how to configure backups using Azure Backup. Now, we are going to learn how to configure backup reports to forecast cloud storage and auditing for backup and restore operations.

Let's go ahead and configure backup reports via Backup center in the Azure portal:

1. Navigate to the Azure portal by opening a web browser and going to https://portal.azure.com. Choose to Create a new resource.
2. Search for and select Log Analytics Workspace (LAW):

Figure 21.24 – Creating a Log Analytics Workspace (LAW)

3. After clicking on Create, configure the following settings and click Review and create:
   • Subscription: Demo (Select your subscription)
   • Resource group: Az-104
   • Name: BackupLAW
   • Region: East US:

Figure 21.25 – Log Analytics Workspace configuration settings

4. Once your Log Analytics Workspace has been created successfully, search for and select Backup center within the Azure portal:

Figure 21.26 – Selecting Backup center

5. Next, select Vaults and select your vault that is used for backups. In my case, this is Az104RecoveryServicesVault.
6. Under Monitoring, select Diagnostic settings and select Add diagnostic setting:

Figure 21.27 – Recovery Services vault – Diagnostic settings

7. Give the diagnostic setting a name, such as VaultDiagnostics, and select the following options:
   • CoreAzureBackup
   • AddonAzureBackupJobs
   • AddonAzureBackupAlerts
   • AddonAzureABackupStorage
   • AddonAzureBackupProtectedInstance
   • Send to Log Analytics Workspace and select the BackupLAW workspace we created earlier
8. Click on Save:

Figure 21.28 – Recovery Services vault – Diagnostic setting configuration

9. Under Manage, select Backup reports.
10. On the Overview page, select the subscription and newly created LAW (BackupLAW). It will pull all the backup data into the report.

With that, we have learned how to configure Azure Backup reports.

In this section, we learned how to create and configure backup reports via the Azure portal. We encourage you to read up on Azure Backup reports by going to the following links:

• https://docs.microsoft.com/en-us/azure/backup/configure-reports
• https://docs.microsoft.com/en-us/azure/backup/backup-reports-email

Summary

In this chapter, we discussed what Recovery Services vaults are and how to configure them, as well as what Azure Backup is and how it works, including how to configure a backup policy. We addressed how to perform backup and restore operations by using Azure Backup. We also addressed how to perform site-to-site recovery via the Azure portal and how to configure backup reports.

Now that you have read this chapter and followed along with the hands-on demos, you should be able to implement backups and recover them, as well as deploy Azure infrastructure.

In the next chapter, we'll learn how to configure a lab environment with Azure Backup and Azure site recovery while completing some hands-on examples.