← Back to Dashboard

Design 14: Backup & Recovery (VM Backup)

Summary

This design implements Azure Backup.

Topology: A centralized Recovery Services Vault in the Hub VNet (logically) protects resources in all Spokes.

1. Key Design Decisions (ADR)

ADR-01: Vault Strategy

  • Decision: Central Vault.
  • Rationale: Centralized management and reporting.

ADR-02: Redundancy

  • Decision: GRS (Geo-Redundant).
  • Rationale: Backups must survive a region failure.

2. High-Level Design (HLD)

+--------------+           +--------------------------+           +--------------+
|  Spoke VM    |           |        HUB VNet          |           |  Secondary   |
|  (Agent)     |           |      (Backup Mgmt)       |           |  Region      |
+------+-------+           +------------+-------------+           +------+-------+
       |                                |                                |
       v                                | (Mgmt Traffic)                 |
+------+-------+                        v                                v
|  VMSnapshot  |           +------------+-------------+           +------+-------+
|  Extension   |---------->| Recovery Services    |---------->|  Backup      |
+--------------+           | Vault                |           |  Replica     |
                           +--------------------------+           +--------------+

3. Low-Level Design (LLD)

                               PRIMARY REGION (East US)
+-----------------------------------------------------------------------+
| HUB VNet: vnet-hub (10.0.0.0/16)                                      |
|   +-----------------------+                                           |
|   | Recovery Services     |                                           |
|   | Vault                 |                                           |
|   | (GRS)                 |                                           |
|   +-----------|-----------+                                           |
|               |                                                       |
|               v (Backup Traffic)                                      |
+---------------|-------------------------------------------------------+
                |
+---------------|-------------------------------------------------------+
| SPOKE VNet: vnet-app-spoke (10.1.0.0/16)                              |
|   +-----------------------+                                           |
|   | VM                    |                                           |
|   | [Snapshot]            |                                           |
|   +-----------------------+                                           |
+-----------------------------------------------------------------------+

                               SECONDARY REGION (West US)
+-----------------------------------------------------------------------+
| DR STRATEGY                                                           |
|   +-----------------------+                                           |
|   | Cross-Region Restore  |                                           |
|   | (Enabled)             |                                           |
|   +-----------------------+                                           |
+-----------------------------------------------------------------------+

4. Component Rationale

  • Snapshot: Instant backup.
  • Vault: Long-term retention.

5. Strategy: High Availability (HA)

  • N/A: Backup is for recovery.

6. Strategy: Disaster Recovery (DR)

  • Implementation: Cross-Region Restore (CRR).
  • Process: If East US is down, you can restore the VM to West US directly from the Backup Vault.

7. Strategy: Backup

  • Policy: Daily at 11 PM. Retain 30 days. Monthly for 1 year.

8. Strategy: Security

  • Soft Delete: 14 days retention after deletion.
  • Encryption: CMK (Customer Managed Keys).

9. Well-Architected Framework Analysis

  • Reliability: High.
  • Security: High.
  • Cost Optimization: Medium. Storage costs.
  • Operational Excellence: High.
  • Performance Efficiency: N/A.

10. Detailed Traffic Flow

1. Trigger: 11 PM.

2. Snapshot: Azure takes disk snapshot (VSS).

3. Transfer: Data transferred to Vault.

4. Replicate: Data replicated to West US.

11. Runbook: Deployment Guide (Azure Portal)

11. Runbook: Deployment Guide (Azure Portal)

Phase 1: Create Resource Group

1. Create Resource Group: rg-design14-backup. Region: East US.

Phase 2: Create Recovery Services Vault

1. Search: "Recovery Services vaults" -> + Create.

2. Resource Group: rg-design14-backup.

3. Name: rsv-hub-prod.

4. Region: East US.

5. Create.

Phase 3: Configure Redundancy

1. Go to the new Vault rsv-hub-prod.

2. Properties (left menu).

3. Backup Configuration -> Update.

4. Storage replication type: Geo-redundant.

5. Cross Region Restore: Enable (This allows restoring to West US).

6. Save.

Phase 4: Enable Backup for a VM

1. Backup (left menu) -> + Backup.

2. Where is your workload running?: Azure.

3. What do you want to backup?: Virtual machine.

4. Backup:

* Policy: Select DefaultPolicy or create new (Daily, 11 PM).

* Virtual machines: Add.

* Select a VM (e.g., vm-hr-01 or any available VM).

* OK.

5. Enable backup.

Phase 5: Trigger Backup

1. Go to Backup items -> Azure Virtual Machine.

2. Click the VM name.

3. Backup now.

4. Retain backup till: Accept default.

5. OK.

Phase 6: Restore Test (Cross Region)

1. Wait for backup to complete (and replicate - can take time).

2. Go to Backup items -> Azure Virtual Machine -> Select VM.

3. Restore VM.

4. Restore Point: Select latest.

5. Restore Configuration:

* Restore Region: Secondary Region (West US).

* Storage Account: Select/Create one in West US.

* Resource Group: Select/Create one in West US.

6. Restore.