Back up a virtual machine in Azure with the CLI
The Azure CLI is used to create and manage Azure resources from the command line or in scripts. You can protect your data by taking backups at regular intervals. Azure Backup creates recovery points that can be stored in geo-redundant recovery vaults. This article details how to back up a virtual machine (VM) in Azure with the Azure CLI. You can also perform these steps with Azure PowerShell or in the Azure portal.
This quickstart enables backup on an existing Azure VM. If you need to create a VM, you can create a VM with the Azure CLI.
Use Azure Cloud Shell
Azure hosts Azure Cloud Shell, an interactive shell environment that you can use through your browser. Cloud Shell lets you use either
PowerShell to work with Azure services. You can use the Cloud Shell pre-installed commands to run the code in this article without having to install anything on your local environment.
To launch Azure Cloud Shell:
|Select Try It in the upper-right corner of a code block. Selecting Try It doesn't automatically copy the code to Cloud Shell.|
|Go to https://shell.azure.com or select the Launch Cloud Shell button to open Cloud Shell in your browser.|
|Select the Cloud Shell button on the top-right menu bar in the Azure portal.|
To run the code in this article in Azure Cloud Shell:
Launch Cloud Shell.
Select the Copy button on a code block to copy the code.
Paste the code into the Cloud Shell session with Ctrl+Shift+V on Windows and Linux, or Cmd+Shift+V on macOS.
Press Enter to run the code.
To install and use the CLI locally, you must run Azure CLI version 2.0.18 or later. To find the CLI version, run
az --version. If you need to install or upgrade, see Install the Azure CLI.
Create a recovery services vault
A Recovery Services vault is a logical container that stores the backup data for each protected resource, such as Azure VMs. When the backup job for a protected resource runs, it creates a recovery point inside the Recovery Services vault. You can then use one of these recovery points to restore data to a given point in time.
- a resource group named myResourceGroup,
- a VM named myVM,
- resources in the eastus location.
az backup vault create --resource-group myResourceGroup \ --name myRecoveryServicesVault \ --location eastus
By default, the Recovery Services vault is set for Geo-Redundant storage. Geo-Redundant storage ensures your backup data is replicated to a secondary Azure region that is hundreds of miles away from the primary region. If the storage redundancy setting needs to be modified, use az backup vault backup-properties set cmdlet.
az backup vault backup-properties set \ --name myRecoveryServicesVault \ --resource-group myResourceGroup \ --backup-storage-redundancy "LocallyRedundant/GeoRedundant"
Enable backup for an Azure VM
Create a protection policy to define: when a backup job runs, and how long the recovery points are stored. The default protection policy runs a backup job each day and retains recovery points for 30 days. You can use these default policy values to quickly protect your VM. To enable backup protection for a VM, use az backup protection enable-for-vm. Specify the resource group and VM to protect, then the policy to use:
az backup protection enable-for-vm \ --resource-group myResourceGroup \ --vault-name myRecoveryServicesVault \ --vm myVM \ --policy-name DefaultPolicy
If the VM is not in the same resource group as that of vault, then myResourceGroup refers to the resource group where vault was created. Instead of VM name, provide the VM ID as indicated below.
az backup protection enable-for-vm \ --resource-group myResourceGroup \ --vault-name myRecoveryServicesVault \ --vm $(az vm show -g VMResourceGroup -n MyVm --query id | tr -d '"') \ --policy-name DefaultPolicy
While using CLI to enable backup for multiple VMs at once, ensure that a single policy doesn't have more than 100 VMs associated with it. This is a recommended best practice. Currently, the PS client doesn't explicitly block if there are more than 100 VMs but the check is planned to be added in the future.
Start a backup job
To start a backup now rather than wait for the default policy to run the job at the scheduled time, use az backup protection backup-now. This first backup job creates a full recovery point. Each backup job after this initial backup creates incremental recovery points. Incremental recovery points are storage and time-efficient, as they only transfer changes made since the last backup.
The following parameters are used to back up the VM:
--container-nameis the name of your VM
--item-nameis the name of your VM
--retain-untilvalue should be set to the last available date, in UTC time format (dd-mm-yyyy), that you wish the recovery point to be available
The following example backs up the VM named myVM and sets the expiration of the recovery point to October 18, 2017:
az backup protection backup-now \ --resource-group myResourceGroup \ --vault-name myRecoveryServicesVault \ --container-name myVM \ --item-name myVM \ --retain-until 18-10-2017
Monitor the backup job
To monitor the status of backup jobs, use az backup job list:
az backup job list \ --resource-group myResourceGroup \ --vault-name myRecoveryServicesVault \ --output table
The output is similar to the following example, which shows the backup job is InProgress:
Name Operation Status Item Name Start Time UTC Duration -------- --------------- ---------- ----------- ------------------- -------------- a0a8e5e6 Backup InProgress myvm 2017-09-19T03:09:21 0:00:48.718366 fe5d0414 ConfigureBackup Completed myvm 2017-09-19T03:03:57 0:00:31.191807
When the Status of the backup job reports Completed, your VM is protected with Recovery Services and has a full recovery point stored.
Clean up deployment
When no longer needed, you can disable protection on the VM, remove the restore points and Recovery Services vault, then delete the resource group and associated VM resources. If you used an existing VM, you can skip the final az group delete command to leave the resource group and VM in place.
If you want to try a Backup tutorial that explains how to restore data for your VM, go to Next steps.
az backup protection disable \ --resource-group myResourceGroup \ --vault-name myRecoveryServicesVault \ --container-name myVM \ --item-name myVM \ --delete-backup-data true az backup vault delete \ --resource-group myResourceGroup \ --name myRecoveryServicesVault \ az group delete --name myResourceGroup
In this quickstart, you created a Recovery Services vault, enabled protection on a VM, and created the initial recovery point. To learn more about Azure Backup and Recovery Services, continue to the tutorials.