By now, you should be familiar with lots of basic concepts related to building and managing infrastructure with Azure. This time, we’re going to cover a more advanced topic that is very important in all production-ready systems – backup. Just to be clear – in this chapter, we won’t dive into backing up databases or applications’ data and instead focus on virtual machines (VMs), their disks, and additional components that can be used to provide disaster recovery (DR) and secure their data.

Throughout this chapter, we’ll be discussing how Azure can help you back up and restore the state of VMs. We’ll cover not only generic topics such as general infrastructure and authorization setup but also specific solutions leveraging native components such as Azure Backup Server and Azure Site Recovery.

In this chapter, we’re going to cover the following main topics:

• Protecting VM data
• Understanding backup...

For the exercises from this chapter, you’ll need:

• The Azure CLI (https://learn.microsoft.com/en-us/cli/azure/install-azure-cli)
• A command-line tool of any kind (either available in your operating system or your favorite one)

The Code in Action video for this book can be viewed at: https://packt.link/GTX9F

VMs provisioned to run workloads needed for your applications (or applications themselves) need to be protected against accidental deletion, misconfiguration, or loss of data. Azure, as a platform, offers multiple ways to do that, depending on your configuration, technical requirements, and available technologies. Some scenarios can be covered by third-party solutions as well – we won’t cover them in this chapter as it’d be difficult to select tools generic enough to serve everyone. Let’s get started with securing VMs by making sure that the infrastructure itself is secure.

Coping with accidental deletion

At any moment in time, a user, script, or application can accidentally delete some components of your infrastructure. This is, of course, true, assuming some basic prerequisites:

• Resources can be removed (are not locked)
• An actor (user/script/application) has enough permissions to perform a deletion

When talking...

In one of the previous chapters (Chapter 5, Provisioning Azure Virtual Machines), we had a chance to deploy Azure VMs in different scenarios, but we never mentioned how one can back up and restore a machine if something goes wrong or a machine is lost. Let’s see what the options in Azure are when it comes to backups.

Setting up backup for Azure VMs

To get started, we’ll need a machine – use the following script to create an empty resource with a known configuration:

az group create -l <location> -n <resource-group-name>
az vm create -g <resource-group-name> --image Ubuntu2204 --name <vm-name>

However, to enable backup for our machine, we’ll need one more resource – a Recovery Services vault. You can think about it as a place that holds the configuration of backups for a given VM and is responsible for performing them according to a configured backup policy. To create...

Until now, we discussed backup capabilities in Azure using managed resources. This path allows us to secure workloads that work natively in Azure (that is, Azure VMs; Azure SQL runs as SQL Server on Azure VM; Azure Files storage), but in scenarios where we have non-native resources, we need to seek another solution. This is where Microsoft Azure Backup Server (MABS) comes into play.

Using Azure Backup Server is a more advanced operation as it involves installing additional software and managing it by ourselves (as opposed to using Azure Recovery Services vaults integrated with managed workloads). In general, this approach can be used for the following services:

• VMs managed by Hyper-V
• VMs managed by VMware
• Azure Stack HCI
• Microsoft SQL Server
• SharePoint Server
• Microsoft Exchange

As you can see, those workloads are mostly connected to services running on-premises in many common setups available in lots of projects. For some...

The last topic of this chapter is a service called Azure Site Recovery. It’s part of Azure Recovery Services, which we already discussed when talking about Azure Backup for our workloads. While backups allow us to provide improved security for VMs and databases, Azure Site Recovery is meant to grant us the possibility to provide BC in case of unexpected failures. We’ll discuss various options when it comes to recovering from outages and prerequisites to achieve continuity.

Replication

When talking about BC, we need to consider how our workloads are replicated. Replication is a process that will be performed automatically for most scenarios (especially in active-active architectures) and should ensure that we have a working environment we can migrate to. There are three different possibilities when thinking about replication:

• Azure to Azure
• Azure to on-premises
• Azure to Hyper-V/VMware environments

Each of those...

In this chapter, we focused on improving the reliability of our services running on Azure VMs by discussing options for securing data via snapshots and backups. When implementing those features, make sure you plan for additional storage capacity needed (as backups will need additional disk space to be stored) and increased cost of your Azure infrastructure. Anytime BC and DR are considered, pay extra attention to cost calculation. It’s very easy to lose control over Azure spending when implementing those services, and you never want to spend more on them when compared to potential financial loss during outages.

In the next chapter, we’ll revisit managed disks in Azure by diving into more advanced topics such as attaching/detaching disks, resizing, and swapping OS disks on the fly.