AZ-104 Objective 5.2: Implement Backup and Recovery

55 min readMicrosoft Azure Administrator

AZ-104 Exam Focus: This objective covers Azure backup and disaster recovery services, including Recovery Services vaults, Azure Backup, backup policies, restore operations, and Azure Site Recovery. Understanding backup strategies, disaster recovery planning, and recovery procedures is crucial for Azure administrators to ensure business continuity. Master these concepts for both exam success and real-world data protection and disaster recovery management.

Understanding Azure Backup and Recovery

Azure provides comprehensive backup and disaster recovery services to protect your data and ensure business continuity. These services include Azure Backup for data protection and Azure Site Recovery for disaster recovery and business continuity. Backup and recovery operations work with Azure Storage accounts for data storage and integrate with Azure Monitor for tracking backup operations.

Backup and Recovery Components

  • Recovery Services Vault: Centralized backup management for traditional workloads
  • Azure Backup Vault: Modern backup management for newer workloads
  • Backup Policies: Automated backup schedules and retention rules
  • Azure Site Recovery: Disaster recovery and business continuity service
  • Cross-Region Backup: Geographic redundancy for data protection
  • Monitoring and Alerts: Backup status monitoring and notifications

1. Create a Recovery Services Vault

Recovery Services vaults are the traditional backup management solution in Azure, providing centralized backup management for VMs, files, folders, and applications.

Recovery Services Vault Features

Core Capabilities:

  • VM Backup: Full VM backup and restore capabilities
  • File and Folder Backup: Granular file-level backup
  • Application Backup: SQL Server, Exchange, SharePoint backup
  • Cross-Region Restore: Restore to different regions
  • Long-term Retention: Extended backup retention policies
  • Backup Encryption: Built-in encryption for backup data

Creating a Recovery Services Vault

# Create Recovery Services vault
az backup vault create \
  --name myRecoveryServicesVault \
  --resource-group myResourceGroup \
  --location eastus

# Create vault with specific redundancy
az backup vault create \
  --name myRecoveryServicesVault \
  --resource-group myResourceGroup \
  --location eastus \
  --storage-redundancy GeoRedundant

# List Recovery Services vaults
az backup vault list \
  --resource-group myResourceGroup

# Get vault details
az backup vault show \
  --name myRecoveryServicesVault \
  --resource-group myResourceGroup

Vault Configuration Options

SettingOptionsDescription
Storage RedundancyLRS, GRS, ZRSBackup storage replication
Cross-Region RestoreEnabled, DisabledRestore to different regions
Soft DeleteEnabled, DisabledProtect against accidental deletion
Security SettingsEnhanced, StandardSecurity features level

2. Create an Azure Backup Vault

Azure Backup vaults are the modern backup management solution, providing enhanced security, monitoring, and management capabilities for newer Azure workloads.

Azure Backup Vault Features

Enhanced Capabilities:

  • Enhanced Security: Immutable vaults and customer-managed keys
  • Centralized Monitoring: Unified backup monitoring dashboard
  • Cross-Region Backup: Built-in cross-region backup support
  • Backup Policies: Modern policy management interface
  • Restore Points: Multiple restore point options
  • Compliance: Enhanced compliance and audit capabilities

Creating an Azure Backup Vault

# Create Azure Backup vault
az dataprotection backup-vault create \
  --name myBackupVault \
  --resource-group myResourceGroup \
  --location eastus \
  --storage-setting '[{"type":"LocallyRedundant","datastoreType":"VaultStore"}]'

# Create vault with cross-region backup
az dataprotection backup-vault create \
  --name myBackupVault \
  --resource-group myResourceGroup \
  --location eastus \
  --storage-setting '[{"type":"GeoRedundant","datastoreType":"VaultStore"}]' \
  --cross-region-restore-state Enabled

# List backup vaults
az dataprotection backup-vault list \
  --resource-group myResourceGroup

# Get vault details
az dataprotection backup-vault show \
  --name myBackupVault \
  --resource-group myResourceGroup

3. Create and Configure a Backup Policy

Backup policies define when backups are taken, how long they are retained, and other backup-related settings. Policies can be customized based on your specific requirements.

Backup Policy Components

Policy Elements:

  • Backup Schedule: When backups are performed
  • Retention Rules: How long backups are kept
  • Backup Type: Full, incremental, or differential
  • Compression: Backup compression settings
  • Encryption: Backup encryption configuration
  • Instant Restore: Fast restore capabilities

Creating Backup Policies

# Create backup policy for VMs
az backup policy create \
  --name myVMPolicy \
  --resource-group myResourceGroup \
  --vault-name myRecoveryServicesVault \
  --policy-type AzureIaasVM \
  --backup-management-type AzureIaasVM \
  --workload-type VM \
  --schedule-policy '{"scheduleRunFrequency":"Daily","scheduleRunTimes":["2023-01-01T02:00:00Z"],"scheduleRunDays":null}' \
  --retention-policy '{"retentionPolicyType":"LongTermRetentionPolicy","dailySchedule":{"retentionTimes":["2023-01-01T02:00:00Z"],"retentionDuration":{"count":30,"durationType":"Days"}}}'

# Create backup policy for Azure Files
az backup policy create \
  --name myFilesPolicy \
  --resource-group myResourceGroup \
  --vault-name myRecoveryServicesVault \
  --policy-type AzureStorage \
  --backup-management-type AzureStorage \
  --workload-type AzureFileShare \
  --schedule-policy '{"scheduleRunFrequency":"Daily","scheduleRunTimes":["2023-01-01T02:00:00Z"]}' \
  --retention-policy '{"retentionPolicyType":"LongTermRetentionPolicy","dailySchedule":{"retentionTimes":["2023-01-01T02:00:00Z"],"retentionDuration":{"count":30,"durationType":"Days"}}}'

# List backup policies
az backup policy list \
  --resource-group myResourceGroup \
  --vault-name myRecoveryServicesVault

Backup Policy Configuration

SettingOptionsDescription
Backup FrequencyDaily, Weekly, MonthlyHow often backups run
Retention PeriodDays, Weeks, Months, YearsHow long backups are kept
Backup TypeFull, IncrementalType of backup performed
CompressionEnabled, DisabledBackup compression

4. Perform Backup and Restore Operations by Using Azure Backup

Azure Backup provides comprehensive backup and restore capabilities for various Azure resources. Understanding the backup and restore process is essential for data protection.

Enabling Backup for VMs

# Enable backup for VM
az backup protection enable-for-vm \
  --vm myVM \
  --resource-group myResourceGroup \
  --vault-name myRecoveryServicesVault \
  --policy-name myVMPolicy

# Enable backup for multiple VMs
az backup protection enable-for-vm \
  --vm myVM1 myVM2 myVM3 \
  --resource-group myResourceGroup \
  --vault-name myRecoveryServicesVault \
  --policy-name myVMPolicy

# Check backup status
az backup job list \
  --resource-group myResourceGroup \
  --vault-name myRecoveryServicesVault \
  --output table

Backup Operations

# Trigger on-demand backup
az backup protection backup-now \
  --item-name myVM \
  --resource-group myResourceGroup \
  --vault-name myRecoveryServicesVault \
  --container-name myVMContainer \
  --backup-type Full

# List backup items
az backup item list \
  --resource-group myResourceGroup \
  --vault-name myRecoveryServicesVault \
  --container-name myVMContainer

# Get backup job details
az backup job show \
  --name myBackupJob \
  --resource-group myResourceGroup \
  --vault-name myRecoveryServicesVault

Restore Operations

# List recovery points
az backup recoverypoint list \
  --item-name myVM \
  --resource-group myResourceGroup \
  --vault-name myRecoveryServicesVault \
  --container-name myVMContainer

# Restore VM from backup
az backup restore restore-disks \
  --item-name myVM \
  --resource-group myResourceGroup \
  --vault-name myRecoveryServicesVault \
  --container-name myVMContainer \
  --rp-name myRecoveryPoint \
  --storage-account myStorageAccount \
  --restore-to-staging-storage-account

# Restore files from VM backup
az backup restore files mount-rp \
  --item-name myVM \
  --resource-group myResourceGroup \
  --vault-name myRecoveryServicesVault \
  --container-name myVMContainer \
  --rp-name myRecoveryPoint

Restore Options

Restore Types:

  • Full VM Restore: Restore entire VM from backup
  • Disk Restore: Restore VM disks only
  • File Restore: Restore individual files and folders
  • Cross-Region Restore: Restore to different region
  • Alternate Location Restore: Restore to different resource group

5. Configure Azure Site Recovery for Azure Resources

Azure Site Recovery provides disaster recovery and business continuity by replicating workloads to a secondary region and enabling failover when needed.

Site Recovery Features

Core Capabilities:

  • Azure-to-Azure Replication: Replicate VMs between Azure regions
  • On-Premises to Azure: Replicate on-premises VMs to Azure
  • Automated Failover: Automatic failover capabilities
  • Test Failover: Non-disruptive testing of failover procedures
  • Planned Failover: Controlled failover for maintenance
  • Failback: Return to primary region after failover

Setting Up Site Recovery

# Create Site Recovery vault
az backup vault create \
  --name mySiteRecoveryVault \
  --resource-group myResourceGroup \
  --location eastus

# Enable replication for VM
az site-recovery protected-item create \
  --fabric-name myFabric \
  --protection-container-name myContainer \
  --name myVM \
  --resource-group myResourceGroup \
  --vault-name mySiteRecoveryVault \
  --policy-name myReplicationPolicy \
  --provider-specific-details '{"instanceType":"A2A","fabricObjectId":"/subscriptions/{subscription-id}/resourceGroups/myResourceGroup/providers/Microsoft.Compute/virtualMachines/myVM","fabricLocation":"eastus","recoveryResourceGroupId":"/subscriptions/{subscription-id}/resourceGroups/myRecoveryResourceGroup","recoveryCloudServiceId":"/subscriptions/{subscription-id}/resourceGroups/myRecoveryResourceGroup/providers/Microsoft.ClassicCompute/domainNames/myRecoveryCloudService","recoveryAvailabilitySetId":"/subscriptions/{subscription-id}/resourceGroups/myRecoveryResourceGroup/providers/Microsoft.Compute/availabilitySets/myRecoveryAvailabilitySet"}'

# Check replication status
az site-recovery protected-item show \
  --fabric-name myFabric \
  --protection-container-name myContainer \
  --name myVM \
  --resource-group myResourceGroup \
  --vault-name mySiteRecoveryVault

6. Perform a Failover to a Secondary Region by Using Site Recovery

Failover operations allow you to switch from the primary region to the secondary region during planned maintenance or disaster scenarios.

Failover Types

Failover Options:

  • Test Failover: Non-disruptive testing of failover procedures
  • Planned Failover: Controlled failover for maintenance
  • Unplanned Failover: Emergency failover during disasters
  • Failback: Return to primary region after failover

Performing Failover Operations

# Test failover
az site-recovery protected-item failover \
  --fabric-name myFabric \
  --protection-container-name myContainer \
  --name myVM \
  --resource-group myResourceGroup \
  --vault-name mySiteRecoveryVault \
  --failover-type TestFailover \
  --provider-specific-details '{"instanceType":"A2A","recoveryPointId":"/subscriptions/{subscription-id}/resourceGroups/myResourceGroup/providers/Microsoft.RecoveryServices/vaults/mySiteRecoveryVault/replicationFabrics/myFabric/replicationProtectionContainers/myContainer/replicationProtectedItems/myVM/recoveryPoints/myRecoveryPoint"}'

# Planned failover
az site-recovery protected-item failover \
  --fabric-name myFabric \
  --protection-container-name myContainer \
  --name myVM \
  --resource-group myResourceGroup \
  --vault-name mySiteRecoveryVault \
  --failover-type PlannedFailover

# Unplanned failover
az site-recovery protected-item failover \
  --fabric-name myFabric \
  --protection-container-name myContainer \
  --name myVM \
  --resource-group myResourceGroup \
  --vault-name mySiteRecoveryVault \
  --failover-type UnplannedFailover

# Commit failover
az site-recovery protected-item commit \
  --fabric-name myFabric \
  --protection-container-name myContainer \
  --name myVM \
  --resource-group myResourceGroup \
  --vault-name mySiteRecoveryVault

Failover Best Practices

Failover Guidelines:

  • Test failover procedures regularly
  • Document failover procedures and contacts
  • Monitor replication health continuously
  • Plan for network connectivity in secondary region
  • Test application functionality after failover
  • Plan for failback procedures

7. Configure and Interpret Reports and Alerts for Backups

Monitoring and alerting are essential for maintaining backup health and ensuring successful backup operations. Azure provides comprehensive reporting and alerting capabilities.

Backup Monitoring

Monitoring Features:

  • Backup Jobs: Monitor backup job status and progress
  • Backup Health: Overall backup service health
  • Storage Usage: Backup storage consumption
  • Recovery Points: Available recovery points
  • Alerts: Automated notifications for issues
  • Reports: Detailed backup reports and analytics

Configuring Backup Alerts

# Create backup alert rule
az monitor scheduled-query create \
  --name "Backup Failure Alert" \
  --resource-group myResourceGroup \
  --scopes /subscriptions/{subscription-id}/resourceGroups/myResourceGroup/providers/Microsoft.RecoveryServices/vaults/myRecoveryServicesVault \
  --condition "count 'AzureDiagnostics | where ResourceType == "BACKUPVAULTS" and status_s == "Failed"' > 0" \
  --description "Alert when backup jobs fail" \
  --evaluation-frequency 5m \
  --window-size 15m \
  --severity 1 \
  --action myActionGroup

# Create backup storage alert
az monitor metrics alert create \
  --name "Backup Storage Alert" \
  --resource-group myResourceGroup \
  --scopes /subscriptions/{subscription-id}/resourceGroups/myResourceGroup/providers/Microsoft.RecoveryServices/vaults/myRecoveryServicesVault \
  --condition "avg BackupStorageUsed > 1000" \
  --description "Alert when backup storage exceeds 1TB" \
  --evaluation-frequency 1h \
  --window-size 1h \
  --severity 2 \
  --action myActionGroup

Backup Reports

# Get backup job summary
az backup job list \
  --resource-group myResourceGroup \
  --vault-name myRecoveryServicesVault \
  --status Completed \
  --start-date 2023-01-01 \
  --end-date 2023-01-31

# Get backup storage usage
az backup vault backup-properties show \
  --name myRecoveryServicesVault \
  --resource-group myResourceGroup

# Get backup item summary
az backup item list \
  --resource-group myResourceGroup \
  --vault-name myRecoveryServicesVault \
  --backup-management-type AzureIaasVM \
  --workload-type VM

Common Backup Alerts

Alert TypeTrigger ConditionAction
Backup FailureBackup job failsInvestigate and retry backup
Storage QuotaStorage usage exceeds thresholdReview retention policies
Long-term RetentionBackup retention period exceededReview compliance requirements
Replication HealthSite Recovery replication failsCheck network connectivity

Backup and Recovery Best Practices

Implementation Guidelines:

  • Follow the 3-2-1 backup rule (3 copies, 2 different media, 1 offsite)
  • Test backup and restore procedures regularly
  • Implement appropriate retention policies
  • Use cross-region backup for geographic redundancy
  • Monitor backup health and set up alerts
  • Document recovery procedures and contacts
  • Implement proper access controls for backup resources
  • Regularly review and update backup policies

Exam Tips and Key Points

Critical Exam Knowledge:

  • Vault Types: Understand differences between Recovery Services and Backup vaults
  • Backup Policies: Know policy components and configuration options
  • Restore Options: Understand different restore types and scenarios
  • Site Recovery: Know replication types and failover procedures
  • Monitoring: Understand backup monitoring and alerting
  • Best Practices: Know backup and recovery best practices
  • Troubleshooting: Understand common backup issues and solutions

Common Scenarios and Solutions

Real-World Scenarios:

  1. VM Backup: Configure daily backups with 30-day retention
  2. File Recovery: Restore individual files from VM backup
  3. Disaster Recovery: Set up cross-region replication with Site Recovery
  4. Compliance: Implement long-term retention for regulatory requirements
  5. Cost Optimization: Use appropriate storage redundancy and retention
  6. Monitoring: Set up alerts for backup failures and storage usage

Summary

Backup and recovery are essential for data protection and business continuity. This objective covers the comprehensive backup and disaster recovery capabilities in Azure:

  • Recovery Services vaults and Azure Backup vaults for backup management
  • Backup policy creation and configuration for automated backups
  • Backup and restore operations for various Azure resources
  • Azure Site Recovery for disaster recovery and business continuity
  • Failover procedures for planned and unplanned scenarios
  • Backup monitoring, reporting, and alerting capabilities
  • Best practices for comprehensive backup and recovery strategy

Understanding these backup and recovery concepts is essential for Azure administrators to ensure data protection, business continuity, and compliance in Azure environments.

Next Steps: Practice setting up backup policies, performing backup and restore operations, and configuring Site Recovery in the Azure portal. Test failover procedures and set up monitoring alerts to understand the complete backup and recovery ecosystem in Azure.

Related Topics

Continue your Azure administration learning journey with these related topics:

Previous: Objective 5.1 Monitor Resources Azure