AZ-104-MicrosoftAzureAdministrator/LAB_10-Implement_Data_Protection.md at master ยท MicrosoftLearning/AZ-104-MicrosoftAzureAdministrator (github.com)

Task 1: Provision the lab environment
Task 2: Create a Recovery Services vault
Task 3: Implement Azure virtual machine-level backup
Task 4: Implement File and Folder backup
Task 5: Perform file recovery by using Azure Recovery Services agent
Task 6: Perform file recovery by using Azure virtual machine snapshots (optional)
Task 7: Review the Azure Recovery Services soft delete functionality (optional)

Task 1: Provision the lab environment

From the Cloud Shell pane, run the following to create the first virtual network and deploy a virtual machine into it by using the template and parameter files you uploaded:

$location = "uk south"
$rgName = "az104-10-rg0"

New-AzResourceGroup -Name $rgName -Location $location -Force

New-AzResourceGroupDeployment `
   -ResourceGroupName $rgName `
   -TemplateFile az104-10-vms-edge-template.json `
   -TemplateParameterFile az104-10-vms-edge-parameters.json `
   -AsJob

Topology


Task 2: Create a Recovery Services vault

In this task, you will create a recovery services vault.

Create it

On the az104-10-rsv1 Recovery Services vault blade, in the Settings section, click Properties.

On the az104-10-rsv1 – Properties blade, click the Update link under Backup Configuration label.

On the Backup Configuration blade, note that you can set the Storage replication type to either Locally-redundant or Geo-redundant. Leave the default setting of Geo-redundant in place and close the blade.

Note: This setting can be configured only if there are no existing backup items.

Back on the az104-10-rsv1 – Properties blade, click the Update link under Security Settings label.

On the Security Settings blade, note that Soft Delete (For workload running in Azure) is Enabled.

Close the Security Settings blade and, back on the az104-10-rsv1 Recovery Services vault blade, click Overview.


Task 3: Implement Azure virtual machine-level backup

In this task, you will implement Azure virtual-machine level backup.

Note: Before you start this task, make sure that the deployment you initiated in the first task of this lab has successfully completed.

On the az104-10-rsv1 Recovery Services vault blade, click Overview, then click + Backup.

On the Backup Goal blade, specify the following settings:

On the Backup Goal blade, click Backup.

On the Backup policy, review the DefaultPolicy settings and select Create a new policy.

Define a new backup policy with the following settings (leave others with their default values):

SettingValue
Policy nameaz104-10-backup-policy
FrequencyDaily
Time12:00 AM
Timezonethe name of your local time zone
Retain instant recovery snapshot(s) for2 Days(s)


Click OK to create the policy and then, in the Virtual Machines section, select Add.

On the Select virtual machines blade, select az-104-10-vm0, click OK, and, back on the Backup blade, click Enable backup.

Note: Wait for the backup to be enabled. This should take about 2 minutes.

Navigate back to the az104-10-rsv1 Recovery Services vault blade, in the Protected items section, click Backup items, and then click the Azure virtual machine entry.

On the Backup Items (Azure Virtual Machine) blade select the View details link for az104-10-vm0, and review the values of the Backup Pre-Check and Last Backup Status entries.

On the az104-10-vm0 Backup Item blade, click Backup now, accept the default value in the Retain Backup Till drop-down list, and click OK.

Note: Do not wait for the backup to complete but instead proceed to the next task.

Task 4: Implement File and Folder backup

In this task, you will implement file and folder backup by using Azure Recovery Services.

RDP to az104-10-vm1

Within the Remote Desktop session to the az104-10-vm1 Azure virtual machine, start an Edge web browser, browse to the Azure portal, and sign in using your credentials.


On the Backup Goal blade, click Prepare infrastructure.

1 Install Recovery Service Agent (Download agent)

2 Download vault credentials to register server to the vault

3 Schedule backup

On the Prepare infrastructure blade, click the Download Agent for Windows Server or Windows Client link.

When prompted, click Run to start installation of MARSAgentInstaller.exe with the default settings.

Note: On the Microsoft Update Opt-In page of the Microsoft Azure Recovery Services Agent Setup Wizard, select the I do not want to use Microsoft Update installation option.

On the Installation page of the Microsoft Azure Recovery Services Agent Setup Wizard, click Proceed to Registration. This will start Register Server Wizard.

Switch to the web browser window displaying the Azure portal, on the Prepare infrastructure blade, select the checkbox Already downloaded or using the latest Recovery Server Agent, and click Download.

When prompted, whether to open or save the vault credentials file, click Save. This will save the vault credentials file to the local Downloads folder.

In the Select Vault Credentials dialog box, browse to the Downloads folder, click the vault credentials file you downloaded, and click Open.

Back on the Vault Identification page, click Next.

On the Encryption Setting page of the Register Server Wizard, click Generate Passphrase.

On the Encryption Setting page of the Register Server Wizard, click the Browse button next to the Enter a location to save the passphrase.

In the Browse For Folder dialog box, select the Documents folder and click OK.

Click finish and wait, accept the warning

Note: In a production environment, you should store the passphrase file in a secure location other than the server being backed up.

Check service agent and close

MS Azure Backup will open

Add files

Schedule

Accept

Accept

Confirm

In the Microsoft Azure Backup console, in the Actions pane, click Back Up Now.

Note: The option to run backup on demand becomes available once you create a scheduled backup.

In motion

Switch to the web browser window displaying the Azure portal, navigate back to the Recovery Services vault blade, in the Protected items section, and click Backup items.

On the az104-10-rsv1 – Backup items blade, click Azure Backup Agent.

On the Backup Items (Azure Backup Agent) blade, verify that there is an entry referencing the C:\ drive of az104-10-vm1..

Task 5: Perform file recovery by using Azure Recovery Services agent

In this task, you will perform file restore by using Azure Recovery Services agent.

robocopy F:\Windows\System32\drivers\etc c:\Windows\System32\drivers\etc hosts /r:1 /w:1

Hosts is back


Task 6: Perform file recovery by using Azure virtual machine snapshots (optional)

In this task, you will restore a file from the Azure virtual machine-level snapshot-based backup.

from az104-10-vm0

del C:\Windows\system32\drivers\etc\hosts

In vm, open portal, navigate to recovery service vault, select vm

On the vm back, view details


Select file

Select default restore point

On the az104-10-vm0 Backup Item blade, click File Recovery.

On the File Recovery blade, accept the default recovery point and click Download Executable.

Next

Click Download 

and, when prompted whether to run or save IaaSVMILRExeForWindows.exe, click Save.

Back in the File Explorer window, double-click the newly downloaded file.

add pass from portal

add it

Wait for the mount process to complete, review the informational messages in the Windows PowerShell window, note the drive letter assigned to the volume hosting Windows, and start File Explorer.

Navigate to the drive

Run robocopy

robocopy G:\Windows\System32\drivers\etc\ c:\Windows\System32\drivers\etc hosts /r:1 /w:1

File is back

Switch back to the File Recovery blade in the Azure portal and click Unmount Disks.

Task 7: Review the Azure Recovery Services soft delete functionality (optional)

On the az104-10-rsv1 Recovery Services vault blade, in the Protected items section, click Backup items.

Enable the checkbox next to the label There is backup data of 1 backup items associated with this server. I understand that clicking “Confirm” will permanently delete all the cloud backup data. This action cannot be undone. An alert may be sent to the administrators of this subscription notifying them of this deletion and click Delete.


Note: This will fail because the Soft delete feature must be disabled.

Navigate back to the az104-10-rsv1 – Backup items blade and click Azure Virtual Machines.

Choose delete and add vm name

Navigate back to the az104-10-rsv1 – Backup items blade and click Refresh.Note: The Azure Virtual Machine entry is still lists 1 backup item.

On the az104-10-vm0 Backup Item blade, note that you have the option to Undelete the deleted backup.

Note: This functionality is provided by the soft-delete feature, which is, by default, enabled for Azure virtual machine backups.

Navigate back to the az104-10-rsv1 Recovery Services vault blade, and in the Settings section, click Properties.

On the az104-10-rsv1 – Properties blade, click the Update link under Security Settings label.

On the Security Settings blade, Disable Soft Delete (For workloads running in Azure) and also disable Security Features (For workloads running on-premises) and click Save.

Navigate back to the az104-10-vm0 Backup Item blade and click Undelete.

On the Undelete az104-10-vm0 blade, click Undelete.

Wait for the undelete operation to complete,

refresh the web browser page, if needed, navigate back to the az104-10-vm0 Backup Item blade, and click Delete backup data.

On the Delete Backup Data blade, specify the following settings and click Delete:

SettingsValue
Type the name of Backup itemaz104-10-vm0
ReasonOthers
Commentsaz104 10 lab

Done

Repeat the steps at the beginning of this task to delete the backup items for az104-10-vm1.

Delete was success

Rg, one for resources an done for backup items

Note: Optionally, you might consider deleting the auto-generated resource group with the prefix AzureBackupRG_ (there is no additional charge associated with its existence).