In the context of the Azure Administrator Associate role, managing Azure Backup relies heavily on Recovery Services vaults and Backup Policies to ensure business continuity.
A **Backup Policy** is a rule set that governs the operational behavior of the backup service. It defines two critical para…In the context of the Azure Administrator Associate role, managing Azure Backup relies heavily on Recovery Services vaults and Backup Policies to ensure business continuity.
A **Backup Policy** is a rule set that governs the operational behavior of the backup service. It defines two critical parameters: the **Schedule** (frequency and specific time backups occur, such as Daily at 11:00 PM) and the **Retention Range** (how long recovery points are stored). Administrators often utilize a Grandfather-Father-Son (GFS) rotation scheme, retaining daily backups for short periods while keeping monthly or yearly backups for years to satisfy compliance and audit requirements. Policies are associated with specific items, such as Azure VMs, SQL databases within Azure, or Azure Files shares.
**Backup Operations** involve the ongoing management of these resources:
1. **Configuration:** This involves creating vaults, defining policies, and enabling protection for resources. For Azure VMs, this triggers the installation of the VM Extension.
2. **Restoration:** Administrators must be proficient in various restore methods, including creating a new VM from a restore point, performing 'File Recovery' to mount a snapshot and retrieve individual files, or restoring a disk.
3. **Monitoring and Reporting:** Using **Backup Center**, administrators track job success/failure, monitor storage consumption, and generate compliance reports across subscriptions.
4. **Security Operations:** Crucial for maintaining integrity, this includes managing **Soft Delete** (which retains deleted backup items for 14 days to protect against ransomware or accidental deletion) and configuring Multi-User Authorization (MUA) to prevent unauthorized critical actions.
Azure Backup: Concepts, Configuration, and Exam Strategy for AZ-104
What is Azure Backup? Azure Backup is a secure, one-click, scalable, platform-as-a-service (PaaS) solution used to back up data to the Microsoft Azure cloud and restore it. It replaces existing on-premises or off-site backup solutions with a cloud-based solution that is reliable, secure, and cost-competitive. It encompasses backing up Azure Virtual Machines, on-premises servers, Azure Files, and SQL workloads.
Why is it Important? For an Azure Administrator, Azure Backup is critical for Business Continuity and Disaster Recovery (BCDR). Its importance lies in three main areas: 1. Data Protection: It protects against data loss due to ransomware, accidental deletion (using Soft Delete), and corruption. 2. Zero Infrastructure Cost: As a PaaS service, you do not need to manage hardware, storage provisioning, or backup servers. 3. Compliance: It allows for long-term retention (up to 99 years) to meet regulatory requirements.
How it Works Azure Backup operates primarily through a resource called the Recovery Services Vault. This vault creates a storage entity in Azure that houses data. Key components include:
1. The Recovery Services Vault: The management entity that stores backup copies and recovery points. It also contains the backup usage policies. 2. Backup Agents and Extensions: a. MARS Agent (Microsoft Azure Recovery Services): Installed on-premise or on Azure VMs. It backs up Files, Folders, and System State only. It does not support Linux or application-aware backups (like SQL/Exchange). b. Azure VM Extension: Automatically added when you enable backup for an Azure VM. It creates snapshots of the VM (VSS snapshots on Windows, fsfreeze on Linux) without shutting down the VM. c. MABS (Microsoft Azure Backup Server): An on-premise server used to back up deeper workloads like SQL, SharePoint, and Exchange to Azure. 3. Backup Policies: These rules define when the backup happens (Schedule) and how long the data is stored (Retention).
Exam Tips: Answering Questions on Azure Backup policies and operations When facing AZ-104 questions regarding Azure Backup, use the following logic to select the correct answer:
1. Identify the Workload vs. The Tool If the question asks to back up only files and folders from a Windows Server, choose the MARS Agent. If the question asks to back up a full Linux VM or an application like SharePoint/SQL on-premise, the MARS agent is wrong; you need MABS or the Azure VM Backup extension.
2. Soft Delete is Key Remember that Soft Delete is enabled by default. If a user deletes a backup item, the data is retained for 14 days before permanent deletion. Questions often ask how to recover data deleted "yesterday"—the answer involves undeleting from the Soft Delete state.
3. Recovery Services Vault Restrictions You can simplify management by moving resources, but know the limits: You cannot move a Recovery Services Vault to a different region. You can move it to a different Resource Group or Subscription, but distinct region moves strictly require a registered redeployment.
4. Restoring Azure VMs Pay attention to restore options. You can restore a VM by creating a new VM from a restore point, or by restoring the disks and then attaching them. You generally cannot restore an Azure VM directly over the existing running VM without specific "Replace Existing" configurations which requires the VM to be shut down.
5. Backup Policy Modification If an exam scenario asks you to change how long data is kept, look for Retention Range in the policy. If it asks to change the time the backup runs, look for Schedule. Changes to a policy apply retrospectively to new recovery points, but generally do not alter the retention of data already backed up under previous rules.