Azure Backup 01, Overview and Implementation

Video Statistics and Information

Video
Captions Word Cloud
Reddit Comments
Captions
in this video I show you how to backup Azure VMs with Azure backup Hello everyone I'm Travis and this is Ciraltos an understanding of Azure backup is a requirement for the az-103 exam and also important for anyone who manages Azure virtual machines this is the first a series of videos on implementing and managing Azure backup in this video we go over the following topics we start with an overview of azure backup we talk about RPO RTO and the importance of data retention we go over the differences between Azure backup and Azure site recovery and review what VSS is and how it solves common backup problems the demo includes setting up a recovery services vault craving a backup policy backing up an azure server recovering the server and because it's inconvenient to recover a full server in the event you just need a couple files we go over how to do a single file recovery before I go any further please take a second to subscribe in return you'll have the warm fuzzies knowing that you did something good for the day let's jump into it with some concepts and terms I know not the most exciting but these are terms and concepts that you'll need to understand before digging in this could be a little dry but trust me they're important let's start with what Azure backup is Azure backup is a cloud-based backup solution Azure backup offers several advantages including native backup to the cloud it can backup Azure servers on-premises servers or servers in other cloud providers it works with a backup client or with Azure backup server or System Center Data Protection Manager it's scalable you only pay for what you use a hybrid option stores data on premises and in the cloud. unlimited retention and app consistent backups all in all Azure backup is a full-featured backup solution with the ability to backup in Azure on-premises or other cloud providers let's talk about the difference between Azure backup and Azure site recovery before that there are three terms that are important when talking backup and site recovery they are RTO or recovery time objective a file recovery may take a few minutes an entire server or a larger database could take hours to recovery RTO is the acceptable amount of time allowed for that recovery RPO or recovery point objective this is the acceptable age of data to be recovered for example if you only backup once a day the RPO would be 24 hours the data could be up to a day old when it's recovered to get an RPO of six hours that would require backing up four times a day retention this is how long the backup data is kept I have personally seen retention policies of strict 30 days as well as regulatory requirements of several years there could also be a requirement to store copies of backup data off-site to say a cloud provider for example data retention RTO and RPO are based on business policies these are what management expects or deems necessary based on cost regulatory and business requirements they are the basis of any backup strategy and backup systems are designed to meet these requirements let's get back on track with how Azure backup differs from as your site recovery backups are kept for recovering data if something gets deleted or corrupt maybe a system update is applied and needs to be rollback backups have a short to medium RTO subjective, I know but for most places it would be acceptable for a one to two hour turnaround on file recovery backups have a longer RPO against objective but if backups happen four times a day the RPO could be up to six hours backups have longer retentions months to even years depending on the requirements Azure site recovery on the other hand is intended to get entire environments up and running on another site in the event of a disaster they have a minimal RTO the objective is to get the site up and running in minutes there's a minimal RPO again the objective is in minutes bring in an environment online from a six hour old backup would not be ideal and could introduce significant data loss ASR continuously replicates changes to keep the dr copy and sync site recovery also has minimal retention old data is not helpful for bringing a dr site online well it could be possible to recover a server at a different site with Azure backup it could take minutes to hours depending on the size and circumstances for environments that have more than a handful of servers it could take days to stand up servers in a recovery environment not ideal in a disaster event ASR is intended to bring up entire environments online in the event of a disaster ASR is not intended for data recovery that's what is your backup is for both Azure backup and Azure site recovery use the recovery services vault in Azure but offer different services before we begin to have one last topic to cover the topic is Azure backup policies a backup policy is a schedule for how frequently backups or recovery points will occur this Maps directly to the RPO requirement if the RPO is 24 hours a daily backup will meet that requirement if the RPO is one hour hourly backups would be required however Azure IaaS servers and Azure files share backup policy only provides daily backups the azure backup agent allows for up to three backups a day SQL database backups on IaaS servers provide hourly log backups with daily full a backup policy also sets the retention for different types of backups this maps directly to the business retention requirement different retention policies can be set for daily weekly monthly or yearly backups also not all servers have similar retention or RPO requirements multiple Azure backup policies can be created to fit different requirements we'll set up a backup policy in the demo now that we know about RPO, RTO retention policies and the difference between Azure backup and Azure site recovery let's move on to an overview of the demo you will need an Azure subscription and a Windows Server in Azure if you want to follow along if you're working on a certification I recommend to getting hands-on experience with this first we're going to set up a recovery services vault in Azure this is the location for managing Azure backups next we're going to backup and recover and Azure VM Azure VMs use the azure VM agent backup extension to back up the entire VM if you only need to backup a select file on an azure VM that can be done with the backup client more on that in an upcoming video once that's done we'll do a single file recovery from an Azure backup buckle up everyone it's demo time so in this demo the first thing I'm going to do is set up a recovery services vault Here I am in the portal and the first thing I'm going to do is well add the recovery services vault there it is here I'm gonna click Add to add my first recovery services vault and I'm gonna create a new resource group we'll call this I'll call it circentralvaultRG that looks good I'm gonna give it a name so the vault name will be let's just call it centralvault and I'm gonna select the region keep in mind that vaults are regionally specific meaning if you have multiple VMs in multiple regions you'll need to create multiple vaults to back those up it won't backup cross regions so I'll select central we'll go to review and crate and I'll looks good and create I'll just give it a second to finish ok it's done so I'm gonna go to the resource and notice a few things here we've got the the typical Azure options up top under settings for example and then under getting started there's backup this is to get started with backup as well as site recovery as I mentioned before a recovery services vault is used for both backups and as your site recovery so there's options for both I'm gonna stick to the backup option in this video here under protected items again our backup items and replicated items the first thing I'm gonna do is go to properties and under backup configuration click update by default the recovery vault is set to geo redundant and if you're not familiar with the different storage types I'll include a link up above that goes over the basics of Azure storage accounts but basically geo redundant has multiple copies at different regions where locally redundant has multiple copies in one region now if I was doing this in production I would want geo redundant but I'm not and I want to save a little bit of money so I'm gonna switch this to local redundant once I onboard a virtual machine I cannot come back and change this so it's important that whatever you said here you're committed for the life of this vault so I'll click Save and close out the next thing I'm going to do is come down to manage and backup policies there are a couple policies set already one's an hourly log backup force SQL servers and the other ones a default policy I'm just gonna add a policy and I want to call this daily because this is gonna be for daily backups the backup type is Azure virtual machines I'll call this daily backup and then the frequency I'll leave it at daily time I want to set that to 1 a.m. and I'm gonna change the timezone from UTC - let's see here central us anytime a backups made there's an instant recovery you can select how many instant recovery snapshots you want to keep I'll leave that at 2 and then if we go down here into the retention range this is where we can set different retention policies for different backup types and this ties to the retention we were talking about before this is really determined by whatever your policy states but first for the retention of daily backup points I can not change this it has to retain something so for daily backups I'm just gonna go 30 I don't need 128 days now if all I wanted to do is keep 30 days of backup that's all I would need to do but I do want to keep weekly backup points I want to keep them for let's say 8 weeks I can select which backup I want to keep for 8 weeks by default at Sunday I'll leave that there and then monthly backups we do either the week based or the day based I'm gonna do a week so we can save the first Sunday actually I want to do the last Sunday though so I'll uncheck first and select last I do not need to keep it for 60 months so let's just go 12 so these monthly backups which is the last Sunday of the month will be kept for 12 months and then I can also select yearly backups I've had to retain yearly backups before typically it's after like a year and the closing or something so I'm gonna change this from January to December and I'm going to say on the last not the first Sunday and it's gonna keep for let's just say three years there we go actually I'm not even going to do that I'm not going to keep these around anywhere near that now that I have the retention item set and the backup time and frequency I'm gonna click create I'll go back to policies and you can see there's my daily backup policy next I'm going to add a server and there's a couple ways to do this if I go to virtual machines I'm gonna select one of my virtual machines and under operations there's backup here I can either create a new recovery services vault or I can select an existing one here's the one we just set up and I can also select a policy so I can select daily backup and if I enable backup they'll be added to the backup policy and the recovery vault but I don't want to do that I'm gonna go back here to recovery services vault I'm gonna go to backup items under protected items and here you can see I don't have anything I'm gonna select virtual machine and add the workload is running in Azure and the backup type is a virtual machine so if I click backup first it's gonna ask for a policy I'm going to select that daily backup that I just created click OK and here we get a list of all the virtual machines so this is a list of all the virtual machines in the region and from here I can select multiple this is handy if you have more than one server you want to on board I'm just gonna select this one though and click OK now I'll enable backup and it'll give it a second to run what this is going to do is add that Azure backup extension to the VM that allows us to back this up here I'm back at backup items you can see Azure virtual machines now has one item so they go in there we can get an overview the machine name the resource group it's in the back up pre-check is past but I get a warning on last backup status and that's because it hasn't been 1 a.m. yet so the policy hasn't kicked in to back this up now I can do an initial backup on my own by clicking over here under the context menu and selecting backup now because I'm backing up outside of the policy it's gonna ask me how long I want to retain this backup so I'm just gonna leave it at 30 days and click OK that backup is gonna take an hour or two so I'm gonna let's see let's first refresh so I'm gonna go over to my recovery vault go into overview and here is an overview tab and a backup insight recovery again we're just sticking with backups if I click on backups we can see a job status which is one that shows something's in progress if I click on that there it is so there's my server in progress I'm gonna go back you can also see the backup items are here as well this will take a while to finish while we're waiting let's go over VSS what it is and how it solves common backup problems here's why VSS snapshots are important imagine you have a server with a critical application data is written to multiple directories on the server every time a transactions processed a backup client is on the server and backups take about 30 minutes to finish it's possible that these directories on the backup are 10 to 20 minutes apart one day there's a problem and you have to recover the files but the time difference between when the directories were backed up are too far apart to be useful another potential issue is if the file is open by another process say the user didn't close a document at the end of the day the backup solution can't get read access to the file and if the file won't get backed up at all these are both issues backup admins faced in the early days of backing up servers windows servers use volume shadow services or VSS to solve problems like this VSS locks the data on the volume at a point in time this is referred to as a shadow copy or snapshot a copy-on-write process allows for changes to the volume without modifying that Shadow Copy so the server keeps running as normal the Shadow Copy is then backed up not the live data keeping all backup data consistent many applications such as exchange and Microsoft sql have hooks into the VSS framework that provide application consistent backups this means that application transactions are quiesced and the application will recover correctly Microsoft has multiple levels of consistency I'll include a link to this document below there's application consistency meaning applications will recover correctly there's file level consistency meaning files will recover correctly but there's no guarantee that the applications will recover and then there's crash consistent this is just like if somebody pulled power on a server and then started it up again that's what the recovery would be like Linux does not support a framework like VSS however Microsoft has a pre and post script that can be configured to support an application consistent backup on Linux ok here I am back the backup is finished and one thing I'll point out is we now have a sized amount of 11.35 gigs in LRS storage you can see there's no jobs in progress or failed I still have the one backup item let's go into that and I'm gonna click on Azure virtual machines there it is it looks like the last backup was a success and if I click on here we can start to see the recovery points and you'll notice one thing right away this one is crash consistent so the one we did is actually crash consistent so why is that that's because this virtual machine was powered off when I ran in the backup if you remember back I'm the discussion with VSS the VSS writer has to interact with the operating system to create that snapshot and that snapshot gets backed up well if the virtual machine is powered off there can be no snapshot so therefore it's a crash consistent backup now it's kind of misleading because this is a crash consistent backup of a VM that's powered off so it's kind of like just a copy of a powered off VM but nonetheless it's reporting this crash consistent so let's fix that by going back to virtual machines and I'm going to power this on I'll just give it a couple seconds to power on the server is now reporting as status running if you want to see what it's doing you can always come down into boot Diagnostics and you can see the screenshot of the desktop so that indicates that it's fully booted it's not just starting but it's actually starting and waiting at the login screen so in order to do a backup I'm gonna go into backups and here is the same information we're just looking at but I'm gonna click backup down I'll leave the retention time to where it is and click OK now that that's running I'll give it a few minutes to finish and I'll come back here we are back at the server test01 and you can see the second backup finished and this time it is application consistent so that's good that's what we were looking for so that means that the VSS writer worked and it was able to quiesce all of the i/o and pause that and create a snapshot and that snapshot is what was used for the backup I just want to go over one thing because I kind of skipped over it before but under the backup policy there's the instant restore so what the instant restore is is that's the snapshot that's created when I create this recovery point they'll keep the snapshots for two days now the benefit to doing that is when I do a recovery it's gonna pull the recovery from the snapshot if it doesn't have the snapshot then it's gonna pull it from Azure storage which is gonna take a little bit longer so that's the advantage to keeping these instant restore points around so with that let's restore a VM I'm gonna go in to restore I'm gonna go to let's select the most recent one and here I've got a couple options I can create a new or I can replace an existing I don't want to replace an existing so I'm gonna create a new I can also restore the disks if I wanted to that way you could mount the disks up to another virtual machine and read off from them but that's similar to a file restore which I'm gonna go over next let's create a new virtual machine I'm gonna call this testO3 and I'll leave it to the same resource group that's where it came from I'll leave the virtual network in the subnet that's all pulling from the existing server next I need to select a storage account and I'm actually going to hop over and create a new storage account in that same resource group let's go to my resource groups perf tests so this is the resource group of the original VM that I'm restoring I'm going to add a new storage account and I'll call it perf recovery I'll select the same region standard I'll do a version 2 and I'm going to change this to LRS and create it okay so we'll give that a second finish and while that's finishing I'll explain why I just did that I want this server to recover to its own storage account for a couple reasons first so I can delete it later because I don't need this and second because I don't want to restore it to the same storage account that the original server was on now if I come over here I can select my storage option and there that's perfect so I have the option here to use the storage account of the original VM and that will recover faster if the original storage account is missing however it's going to add those discs into this as a staging account so I don't want to do that I don't want them to recover to that original storage account so I'll uncheck that and click OK and I'll click restore that's going to take a few minutes to run as well so I'm going to pause and I'll come back I'm back at the overview tab looking at backups and the restore did finish although we don't get much indication of that looking at this portal but what I'm going to look at is I'm going to come down here into backup jobs and here we can see everything that I backed up all the tasks that I've done so far and if we look at this one we can see a restore operation is completed and it completed successfully now if I go into my virtual machines we can see tests03 Here I am at the overview tab of the virtual machine and you can see it is running so I've restored a VM this is a copy of test01 to test03 so that was successful next I'm going to do a file recovery because sometimes you don't need to restore the entire virtual machine just to get a file back so in order to do that I'm going to go back to let's go back into the virtual machine this is the source I'll go into backups and I'm going to do a file recovery this time this is an interesting way of doing a file recovery that Microsoft came up with I'm going to download an execute it does require password and it will generate a password once I download it while we're waiting for that to run let's look at some of these notes down here so you want to run the script on the machine that you want to recover the files to there is a limit of ten gigs if the file you want to get back is larger than ten gigs you will have to restore the entire VM or restore the entire disk and then connect that to another VM so I'm gonna click download now that this is finished and it's gonna ask me for the password I'll copy that I'll enter the password and hit enter and we can see now PowerShell is running and it is using an iSCSI service to connect the local machine to that drive and just so you know I downloaded the file I did have to run the executable as a administrator it won't work under the normal user account here's the disk it's attached as the e Drive and we can see users we can see my admin user Program Files so it's just like any other drive attached to my local machine only it's connected back to the restore point using the iSCSI protocol so let's see what happens when I click unmount disk here we'll give it a couple seconds to unmount now Windows Explorer has closed I can't access that drive anymore and it's telling me to unmount the disk that's step three which I already did and press Q to quit there we go so that's really it that's how you do a single file restore basically it generates an executable for you to download you run that as administrator it uses the iSCSI service to connect back to the recovery point and mount that as a local drive where you can copy files off from the last thing I'm gonna do in this demo is go over removing a recovery vault I'm going to go to my recovery services vault open it up and there's actually a couple steps the first thing you have to do is remove the backup item I'm going to go into Azure virtual machines select my server and you would have to do this for every server in the vault I'm gonna stop the backup and it gives me two options retain the backup data or delete the backup data if I want to delete the recovery vault I have to delete all the backup data you can't delete a recovery vault until you've removed all of the backup data I'll type in the name of the backup item and stop backup once that's done I could simply go into recovery services vault and delete or at this point I could delete the entire resource group once that backup item and all recovery points are gone I'm not going to do that because I'm not done with this yet but if you did want to clean this up so you don't incur any additional charges that is how you do it remove the servers delete the recovery points and then delete the vault that's the last item for this demo just to recap in this video we went over what as your backup is we went over what RPO and RTO is and how those and data retention requirements make up a backup strategy we talked about the difference between us your backups and Azure site recovery and reviewed VSS and how it helps solve common issues with backups we reviewed and created a backup policy the demo included setting up a recovery services vault backing up and recovering servers with the Azure backup extension as well as a single file recovery don't forget to shut down VMs or remove all we just set up to avoid extra cost if it's no longer in use stay tuned for my next video on Azure backup where I go over using the is your backup agent subscribe and click the bell icon for notifications of new videos I hope you found this useful thanks for watching
Info
Channel: Travis Roberts
Views: 27,742
Rating: undefined out of 5
Keywords: Azure, Azure Backup, Azure Site Recovery, backup, Site Recovery, Recovery Services vault, AZ-103, AZ-300, AZ-301, AZ-900, Certification, Microsoft Certification, RPO, RTO, data retention, vss, restore, data recovery, snapsho, shadow copy, file recovery
Id: j_1zBGk3LWY
Channel Id: undefined
Length: 26min 44sec (1604 seconds)
Published: Sun Sep 08 2019
Related Videos
Note
Please note that this website is currently a work in progress! Lots of interesting data and statistics to come.