Azure-Admin

Lab 10 - Implement Data Protection

Lab introduction

In this lab, you learn about backup and recovery of Azure virtual machines. You learn to create a Recovery Service vault and a backup policy for Azure virtual machines. You learn about disaster recovery with Azure Site Recovery.

This lab requires an Azure subscription. Your subscription type may affect the availability of features in this lab. You may change the regions, but the steps are written using East US and West US.

Estimated timing: 40 minutes

Lab scenario

Your organization is evaluating how to backup and restore Azure virtual machines from accidental or malicious data loss. Additionally, the organization wants to explore using Azure Site Recovery for disaster recovery scenarios.

Interactive lab simulation

There is an interactive lab simulation that you might find useful for this topic. The simulation lets you to click through a similar scenario at your own pace. There are differences between the interactive simulation and this lab, but many of the core concepts are the same. An Azure subscription is not required.

Job skills

Architecture diagram

Diagram of the architecture tasks.

Task 1: Use a template to provision an infrastructure

In this task, you will use a template to deploy a virtual machine. The virtual machine will be used to test different backup scenarios.

  1. Download the \Allfiles\Lab10\ lab files.

  2. Sign in to the Azure portal - https://portal.azure.com.

  3. Search for and select Deploy a custom template.

  4. On the custom deployment page, select Build you own template in the editor.

  5. On the edit template page, select Load file.

  6. Locate and select the \Allfiles\Lab10\az104-10-vms-edge-template.json file and select Open.

    Note: Take a moment to review the template. We are deploying a virtual network and virtual machine so we can demonstrate backup and recovery.

  7. Save your changes.

  8. Select Edit parameters and then Load file.

  9. Load and select the \Allfiles\Lab10\az104-10-vms-edge-parameters.json file.

  10. Save your changes.

  11. Use the following information to complete the custom deployment fields, leaving all other fields with their default values:

    Setting Value
    Subscription Your Azure subscription
    Resource group az104-rg-region1 (If necessary, select Create new)
    Region East US
    Username localadmin
    Password Provide a complex password
  12. Select Review + Create, then select Create.

    Note: Wait for the template to deploy, then select Go to resource. You should have one virtual machine in one virtual network.

Task 2: Create and configure a Recovery Services vault

In this task, you will create a Recovery Services vault. A Recovery Services vault provides storage for the virtual machine data.

  1. In the Azure portal, search for and select Recovery Services vaults and, on the Recovery Services vaults blade, click + Create.

  2. On the Create Recovery Services vault blade, specify the following settings:

    Settings Value
    Subscription the name of your Azure subscription
    Resource group az104-rg-region1
    Vault Name az104-rsv-region1
    Region East US

    Note: Make sure that you specify the same region into which you deployed virtual machines in the previous task.

    Screenshot of the recovery services vault.

  3. Click Review + Create, ensure that the validation passes and then click Create.

    Note: Wait for the deployment to complete. The deployment should take a couple of minutes.

  4. When the deployment is completed, click Go to Resource.

  5. On the Recovery Services vault blade, in the Settings section, click Properties.

  6. Select the Update link under Backup Configuration label.

  7. On the Backup Configuration blade, review the choices for Storage replication type. Leave the default setting of Geo-redundant in place and close the blade.

    Note: This setting can be configured only if there are no existing backup items.

    Did you know? The Cross Region Restore option allows you to restore data in a secondary, Azure paired region.

  8. Return to the Recovery Services vault blade, click the Update link under Soft Delete and Security Settings label.

  9. On the Security and soft delete settings blade, note that Soft Delete (For workload running in Azure) is Enabled. Notice the soft delete retention period is 14 days.

  10. Return to the Recovery Services vault blade, select the Overview blade.

Did you know? Azure has two types of vaults: Recovery Services vaults and Backup vaults. The main difference is the datasources that can be backed up. Learn more about the differences.

Task 3: Configure Azure virtual machine-level backup

In this task, you will implement Azure virtual-machine level backup. As part of a VM backup, you will need to define the backup and retention policy that applies to the backup. Different VMs can have different backup and retention policies assigned to them.

Note: Before you start this task, make sure that the deployment you initiated in the first task of this lab has successfully completed.

  1. On the Recovery Services vault blade, click Overview, then click + Backup.

  2. On the Backup Goal blade, specify the following settings:

    Settings Value
    Where is your workload running? Azure (notice your other options)
    What do you want to backup? Virtual machine (notice your other options
  3. Select Backup.

  4. Notice there a two Policy sub types: Enhanced and Standard. Review the choices and select Standard.

  5. In Backup policy, select Create a new policy.

  6. Define a new backup policy with the following settings (leave others with their default values):

    Setting Value
    Policy name az104-backup
    Frequency Daily
    Time 12:00 AM
    Timezone the name of your local time zone
    Retain instant recovery snapshot(s) for 2 Days(s)

    Screenshot of the backup policy page.

  7. Click OK to create the policy and then, in the Virtual Machines section, select Add.

  8. On the Select virtual machines blade, select az-104-10-vm0, click OK, and then back on the Backup blade, click Enable backup.

    Note: Wait for the backup to be enabled. This should take approximately 2 minutes.

  9. In the Protected items section, click Backup items, and then click the Azure virtual machine entry.

  10. Select the View details link for az104-10-vm0, and review the values of the Backup Pre-Check and Last Backup Status entries.

    Note: Notice the backup is pending.

  11. Select Backup now, accept the default value in the Retain Backup Till drop-down list, and click OK.

    Note: Do not wait for the backup to complete but instead proceed to the next task.

Task 4: Monitor Azure Backup

In this task, you will deploy an Azure storage account. Then you will configure the vault to send the logs and metrics to the storage account. This repository can then be used with Log Analytics or other third-party monitoring solution.

  1. From the Azure portal, search for and select Storage accounts.

  2. On the Storage accounts page, select Create.

  3. Use the following information to define the storage account, then and select Review.

    Settings Value
    Subscription Your subscription
    Resource group az104-rg-region1
    Storage account name Provide a globally unique name
    Region East US
  4. On the Review tab, select Create.

    Note: Wait for the deployment to complete. It should take about a minute.

  5. In the portal search box, search and select your Recovery Services vault.

  6. Select Diagnostic Settings and then select Add diagnostic setting.

  7. Name the setting Logs and Metrics to storage.

  8. Place a checkmark next to the following log and metric catagories:

    • Azure Backup Reporting Data
    • Addon Azure Backup Job Data
    • Addon Azure Backup Alert Data
    • Azure Site Recovery Jobs
    • Azure Site Recovery Events
    • Health
  9. In the Destination details, place a checkmark next to Archive to a storage account.

  10. In the Storage account drop-down field, select the storage account that you deployed earlier in this task.

  11. Select Save.

  12. Return to your Recovery Services vault, in the Monitoring blade select Backup jobs.

  13. Locate the backup operation for the az104-10-vm0 virtual machine.

  14. Review the details of the backup job.

Cleanup your resources

If you are working with your own subscription take a minute to delete the lab resources. This will ensure resources are freed up and cost is minimized. The easiest way to delete the lab resources is to delete the lab resource group.

Key takeaways

Congratulations on completing the lab. Here are the main takeaways for this lab.

Learn more with self-paced training