Credits: Special thanks to Kartik Pullabhota (Sr. PM for Automation, HANA and Database backup using Azure Backup) for SME input and Swathi Dhanwada (Customer Engineer, Tech community) for testing.
Prerequisites
If you don't already have an Azure subscription, create a free account before you begin.
Azure CLI:
Select a subscription to create a storage account and Microsoft Azure Files share.
Select Create storage.
After creation, check that the environment drop-down from the left-hand side of shell window says Bash.
Note: Support for Azure Blobs backup and restore via CLI is in preview and available as an extension in Az 2.15.0 version and later. The extension is automatically installed when you run the az dataprotection commands. Learn more about extensions.
Create resource group:
RGNAME= ‘your resource group name’
LOCATION= ‘your location’
az group create --name $RGNAME --location $LOCATION
az group show --name $RGNAME
Create disk
DISKNAME='disk name'
az disk create --resource-group $RGNAME --name $DISKNAME --sku 'Standard_LRS' --size-gb 32
az disk show --resource-group $RGNAME --name $DISKNAME
Create backup vault
az dataprotection backup-vault create -g $RGNAME --vault-name <backup-vault-name> -l westus --type SystemAssigned --storage-settings datastore-type="VaultStore" type="LocallyRedundant"
Create backup policy
Create a protection policy to define when a backup job runs, and how long the recovery points are stored.
az dataprotection backup-policy get-default-policy-template --datasource-type AzureDisk > diskpolicy.json
az dataprotection backup-policy create -g $RGNAME--vault-name <backup-vault-name> -n <backup-policy-name>--policy diskpolicy.json
Grant required permissions to the Backup Vault
az ad sp list --display-name <backup-vault-name> --query [].objectId -o json
az role assignment create --role "Disk Backup Reader" --assignee ”<object-id of backup-vault identity>” --scope "/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx/resourcegroups/<diskrg>/providers/Microsoft.Compute/disks/<disk-name>"
az role assignment create --role "Disk Snapshot Contributor" --assignee ”<object-id of backup-vault identity>” --scope "/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx/resourcegroups/<diskrg>"
The steps to add permissions are detailed in points - 1, 2, and 3 - in Configure backup.
Configure backup for azure disk
DiskId = "/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx/resourcegroups/<diskrg>/providers/Microsoft.Compute/disks/<disk-name>"
snapshotrg = "/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx/resourceGroups/snapshotrg"
az dataprotection backup-vault update -g $RGNAME --vault-name <backup-vault-name>--type SystemAssigned
az dataprotection backup-instance initialize --datasource-type AzureDisk -l southeastasia --policy-id "/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourceGroups/<backup-vault-rg>/providers/Microsoft.DataProtection/backupVaults/<backup-vault-name>/backupPolicies/mypolicy" --datasource-id $DiskId> backup_instance.json
az dataprotection backup-instance create -g <backup-vault-rg>--vault-name <backup-vault-name> --backup-instance backup_instance.json
Trigger an on-demand backup
You can proceed to trigger an on-demand backup if you don't want to wait for the policy scheduled.
az dataprotection backup-instance list-from-resourcegraph --datasource-type AzureDisk --datasource-id $DiskId
az dataprotection backup-instance show --resource-group $RGNAME --vault-name <backup-vault-name> --name <backup-instance-name obtained from previous step>
For the default policy, the rule name is “Default”
az dataprotection backup-instance adhoc-backup --name <backup-instance-name obtained from previous step> --rule-name "Default" --resource-group <backup-vault-rg> --vault-name <backup-vault-name>
Restore azure disk
az dataprotection backup-instance list-from-resourcegraph --datasource-type AzureDisk --datasource-id $DiskId
az dataprotection recovery-point list --backup-instance-name <backup-instance-name obtained previously> --resource-group <backup-vault-rg> --vault-name <backup-vault-name>
$targetDiskId = /subscriptions/xxxxxxxx-xxxx-xxxx-xxxx/resourceGroups/targetrg/providers/Microsoft.Compute/disks/<specify-new-restore-target-diskname>
az dataprotection backup-instance restore initialize-for-data-recovery --datasource-type AzureDisk --restore-location $LOCATION --source-datastore OperationalStore --recovery-point-id /subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourceGroups/<backup-vault-rg>/providers/Microsoft.DataProtection/backupVaults/<backup-vault-name>/backupInstances/clitest-clitest-xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/recoveryPoints/5081ad8f1e6c4548ae89536d0d45c493 --target-resource-id $targetDiskId> restore.json
az dataprotection backup-instance validate-for-restore --resource-group <backup-vault-rg> --vault-name <backup-vault-name> --backup-instance-name <backup-instance-name obtained previously> --restore-request-object restore.json
az dataprotection backup-instance restore trigger --resource-group <backup-vault-rg> --vault-name <backup-vault-name> --backup-instance-name <backup-instance-name obtained previously> --parameters restore.json
Track jobs
az dataprotection job list-from-resourcegraph --datasource-type AzureDisk --status Completed
Additional Resources:
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.