AZ-104-MicrosoftAzureAdministrator/New Instructions/Lab/LAB_10-Implement_Data_Protection.md

lab

lab
title module Lab 10: Implement Data Protection Administer Data Protection

Lab 10 - Implement Data Protection

Lab introduction

In this lab, you learn about backup and recovery of Azure virtual machines. You learn to create a Recovery Service vault and a backup policy for Azure virtual machines. You learn about disaster recovery with Azure Site Recovery.

This lab requires an Azure subscription. Your subscription type may affect the availability of features in this lab. You may change the regions, but the steps are written using East US and West US.

Estimated timing: 40 minutes

Lab scenario

Your organization is evaluating Azure Recovery Services for backup and restore of Azure virtual machines. The organization wanst to identify methods of protecting data from accidental or malicious data loss.

Interactive lab simulation

There is an interactive lab simulation that you might find useful for this topic. The simulation lets you to click through a similar scenario at your own pace. There are differences between the interactive simulation and this lab, but many of the core concepts are the same. An Azure subscription is not required.

• Backup virtual machines and on-premises files.. Create a recovery services vault and implement an Azure virtual machine backup. Implement on-premises file and folder backup using the Microsoft Azure Recovery Services agent. On-premises backups is outside the scope of this lab, but might be helpful to view those steps.

Tasks

• Task 1: Provision the lab environment
• Task 2: Create a Recovery Services vault
• Task 3: Implement Azure virtual machine-level backup
• Task 4: Monitor Azure Backup
• Task 5: Implement Azure Site Recovery for virtual machines

Estimated timing: 40 minutes

Architecture diagram

Task 1: Provision the lab environment

In this task, you will use a template to deploy a virtual machine. The virtual machine will be used to test different backup scenarios.

1. If necessary, download the \Allfiles\Labs\10\az104-10-vms-edge-template.json lab file.

2. Sign in to the Azure portal - https://portal.azure.com.

3. Search for and select Deploy a custom template.

4. On the custom deployment page, select Build you own template in the editor.

5. On the edit template page, select Load file.

6. Locate and select the \Allfiles\Lab10\az104-10-vms-edge-template.json file and select Open.

7. Note: Take a moment to review the template. How many virtual machines and virtual networks are being deployed?

8. Select Save.

   Note: Notice this template has a lot ofparameters the administrator can change.

9. Use the following information to complete the custom deployment fields, leaving all other fields with their default values:

   Setting	Value
   Subscription	Your Azure subscription
   Resource group	az104-rg10 (If necessary, select Create new)
   Region	East US
   Username	Student
   Password	Provide a complex password

10. Select Review + Create, then select Create.

    Note: Wait for the template to deploy, then select Go to resource. You should have one virtual machine in one virtual network.

Task 2: Create a Recovery Services vault

In this task, you will create a Recovery Services vault. A Recovery Services vault provides the backup data for Azure virtual machines.

1. In the Azure portal, search for and select Recovery Services vaults and, on the Recovery Services vaults blade, click + Create.

2. On the Create Recovery Services vault blade, specify the following settings:

   Settings	Value
   Subscription	the name of your Azure subscription
   Resource group	az104-rg10vault (if necessary, select Create new)
   Vault Name	az104-vault1
   Region	West US (or a region that you did not use in the previous task to deploy the VMs)

   Note

   : Make sure that you specify a different region into which you deployed virtual machines in the previous task.

   

3. Click Review + Create, ensure that the validation passes and then click Create.

   Note

   : Wait for the deployment to complete. The deployment should take less than 1 minute.

4. When the deployment is completed, click Go to Resource.

5. On the az104-vault1 Recovery Services vault blade, in the Settings section, click Properties.

6. On the az104-vault1 - Properties blade, click the Update link under Backup Configuration label.

7. On the Backup Configuration blade, review the choices for Storage replication type. Leave the default setting of Geo-redundant in place and close the blade.

   Note

   : This setting can be configured only if there are no existing backup items.

8. Back on the az104-vault1 - Properties blade, click the Update link under Security Settings label.

9. On the Security Settings blade, note that Soft Delete (For workload running in Azure) is Enabled.

10. Close the Security Settings blade and, back on the az104-vault1 Recovery Services vault blade, click Overview.

Task 3: Implement Azure virtual machine-level backup

In this task, you will implement Azure virtual-machine level backup. As part of a VM backup, you will need to define the backup and retention policy that applies to the backup. Different VMs can have different backup and retention policies assigned to them.

Note

: Before you start this task, make sure that the deployment you initiated in the first task of this lab has successfully completed.

1. On the az104-vault1 Recovery Services vault blade, click Overview, then click + Backup.

2. On the Backup Goal blade, specify the following settings:

   Settings	Value
   Where is your workload running?	Azure (notice your other options)
   What do you want to backup?	Virtual machine (notice your other options

3. On the Backup Goal blade, click Backup.

4. On the Backup policy, review the DefaultPolicy settings and select Create a new policy.

5. Define a new backup policy with the following settings (leave others with their default values):

   Setting	Value
   Policy name	az104-policy
   Frequency	Daily
   Time	12:00 AM
   Timezone	the name of your local time zone
   Retain instant recovery snapshot(s) for	2 Days(s)

   

6. Click OK to create the policy and then, in the Virtual Machines section, select Add.

7. On the Select virtual machines blade, select az-104-10-vm0, click OK, and, back on the Backup blade, click Enable backup.

   Note

   : Wait for the backup to be enabled. This should take approximately 2 minutes.

8. Navigate back to the az104-vault1 Recovery Services vault blade, in the Protected items section, click Backup items, and then click the Azure virtual machine entry.

9. On the Backup Items (Azure Virtual Machine) blade select the View details link for az104-10-vm0, and review the values of the Backup Pre-Check and Last Backup Status entries.

10. On the az104-10-vm0 Backup Item blade, click Backup now, accept the default value in the Retain Backup Till drop-down list, and click OK.

    Note

    : Do not wait for the backup to complete but instead proceed to the next task.

Task 4: Monitor Azure Backup

In this task, you will deploy an Azure storage account. Then you will configure the vault to send the logs and metrics to the storage account. This repository can then be used with Log Analytics or other third-party monitoring solution.

1. From the Azure portal, search for and select Storage accounts.

2. On the Storage accounts page, select Create.

3. Use the following information to define the storage account, then and select Review.

   Settings	Value
   Subscription	Your subscription
   Resource group	az104-rg10
   Storage account name	Provide a globally unique name, for example backupdiag1042024123
   Region	East US (or a region near you)

4. On the Review tab, select Create.

   Note

   : Wait for the deployment to complete. It should take about a minute.

5. Navigate to the az104-vault1 Recovery Services vault.

6. On the az104-vault1 page, select Diagnostic Settings.

7. On the Diagnostic Settings page, select Add diagnostic setting.

8. On the Diagnotic settings page, name the setting Logs and Metrics to storage.

9. Place a checkmark next to the following log and metric catagories:

   • Azure Backup Reporting Data
   • Addon Azure Backup Job Data
   • Addon Azure Backup Alert Data
   • Azure Site Recovery Jobs
   • Azure Site Recovery Events
   • Health

10. In the Destination details, place a checkmark next to Archive to a storage account.

11. In the Storage account drop-down field, select the storage account that you deployed earlier in this task.

12. Select Save.

13. Return to the az104-vault1 resource page.

14. On az104-vault1, select Backup jobs.

15. Locate the backup operation for the az104-10-vm0 VM, and select Details

    Note

    : Depending on your screen resolution, you might need to scroll right in the backup job table.

16. Review the details of the backup job that you triggered on the VM. What are the two subtasks of the backup job?

Task 5: Implement Azure Site Recovery

In this task,

1. Search for and select your Recovery Services Vault, az104-vault1.

2. From the Overview blade, select + Enable Site Recovery.

3. Review your options then select in the Azure Virtual Machines section Enable replication.

4. On the Source tab, configure the settings.

   Setting	Value
   Region	East US (read the notification about replication in the same region)
   Resource group	az104-rg10
   Virtual machine deployment model	Resource Manager
   Disaster recovery between availability zones	No

5. Select Next and on the Virtual machines tab select az104-10-vm0.

6. Select Next and move to the Replication settings tab. Notice the target location and failover network information. These resources will be automatically created. Take the defaults and select Next.

7. On the Manage tab, review the parameters.

   Setting	Value
   Replication policy	24-hour-retention-policy (this can be changed from 0 to 15 days)
   Update settings	Allow ASR to manage

8. Select Next and then Enable replication.

   Note

   : Enabling replication will approximately 15 minutes. Watch the notification messages in the upper right of the portal.

9. Once the replication is complete, search for and locate your Recovery Services Vault, az104-vault1.

10. In the Protected items section, select Replicated items. Check that the virtual machine is showing as healthy for the replication health. Note that the status will show the synchronization (starting at 0%) status and ultimately show Protected after the initial synchronization completes.

    Did you know? It is a good practice to test the failover of a protected VM.

Key takeaways

Congratulations on completing the lab. Here are the main takeaways for this lab.

• Azure Backup service provides simple, secure, and cost-effective solutions to back up and recover your data.
• Azure Backup can protect on-premises and cloud resources including virtual machines and file shares.
• Azure Backup policies configure the frequency of backups and the retention period for recovery points.
• Azure Site Recovery is a disaster recovery solution that provides protection for your virtual machines and applications.
• Azure Site Recovery replicates your workloads to a secondary site, and in the event of an outage or disaster, you can failover to the secondary site and resume operations with minimal downtime.
• A Recovery Services vault stores your backup data and minimizes management overhead.

Cleanup your resources

If you are working with your own subscription take a minute to delete the lab resources. This will ensure resources are freed up and cost is minimized. The easiest way to delete the lab resources is to delete the lab resource group.

• In the Azure portal, select the resource group, select Delete the resource group, Enter resource group name, and then click Delete.

• Using Azure PowerShell, Remove-AzResourceGroup -Name resourceGroupName.

• Using the CLI, az group delete --name resourceGroupName.