Back up a virtual machine in Azure with the Azure CLI
The Azure CLI is used to create and manage Azure resources from the command line or in scripts. You can protect your data by taking backups at regular intervals. Azure Backup creates recovery points that can be stored in geo-redundant recovery vaults. This article details how to back up a virtual machine (VM) in Azure with the Azure CLI. You can also perform these steps with Azure PowerShell or in the Azure portal.
This quickstart enables backup on an existing Azure VM. If you need to create a VM, you can create a VM with the Azure CLI.
Use the Bash environment in Azure Cloud Shell.
If you prefer, install the Azure CLI to run CLI reference commands.
If you're using a local installation, sign in to the Azure CLI by using the az login command. To finish the authentication process, follow the steps displayed in your terminal. For additional sign-in options, see Sign in with the Azure CLI.
When you're prompted, install Azure CLI extensions on first use. For more information about extensions, see Use extensions with the Azure CLI.
- This quickstart requires version 2.0.18 or later of the Azure CLI. If using Azure Cloud Shell, the latest version is already installed.
Create a Recovery Services vault
A Recovery Services vault is a logical container that stores the backup data for each protected resource, such as Azure VMs. When the backup job for a protected resource runs, it creates a recovery point inside the Recovery Services vault. You can then use one of these recovery points to restore data to a given point in time.
- a resource group named myResourceGroup,
- a VM named myVM,
- resources in the eastus location.
az backup vault create --resource-group myResourceGroup \ --name myRecoveryServicesVault \ --location eastus
By default, the Recovery Services vault is set for Geo-Redundant storage. Geo-Redundant storage ensures your backup data is replicated to a secondary Azure region that's hundreds of miles away from the primary region. If the storage redundancy setting needs to be modified, use az backup vault backup-properties set cmdlet.
az backup vault backup-properties set \ --name myRecoveryServicesVault \ --resource-group myResourceGroup \ --backup-storage-redundancy "LocallyRedundant/GeoRedundant"
Enable backup for an Azure VM
Create a protection policy to define: when a backup job runs, and how long the recovery points are stored. The default protection policy runs a backup job each day and retains recovery points for 30 days. You can use these default policy values to quickly protect your VM. To enable backup protection for a VM, use az backup protection enable-for-vm. Specify the resource group and VM to protect, then the policy to use:
az backup protection enable-for-vm \ --resource-group myResourceGroup \ --vault-name myRecoveryServicesVault \ --vm myVM \ --policy-name DefaultPolicy
If the VM isn't in the same resource group as that of the vault, then myResourceGroup refers to the resource group where vault was created. Instead of VM name, provide the VM ID as indicated below.
az backup protection enable-for-vm \ --resource-group myResourceGroup \ --vault-name myRecoveryServicesVault \ --vm $(az vm show -g VMResourceGroup -n MyVm --query id | tr -d '"') \ --policy-name DefaultPolicy
While using CLI to enable backup for multiple VMs at once, ensure that a single policy doesn't have more than 100 VMs associated with it. This is a recommended best practice. Currently, the PowerShell client doesn't explicitly block if there are more than 100 VMs, but the check is planned to be added in the future.
Start a backup job
To start a backup now rather than wait for the default policy to run the job at the scheduled time, use az backup protection backup-now. This first backup job creates a full recovery point. Each backup job after this initial backup creates incremental recovery points. Incremental recovery points are storage and time-efficient, as they only transfer changes made since the last backup.
The following parameters are used to back up the VM:
--container-nameis the name of your VM
--item-nameis the name of your VM
--retain-untilvalue should be set to the last available date, in UTC time format (dd-mm-yyyy), that you wish the recovery point to be available
The following example backs up the VM named myVM and sets the expiration of the recovery point to October 18, 2017:
az backup protection backup-now \ --resource-group myResourceGroup \ --vault-name myRecoveryServicesVault \ --container-name myVM \ --item-name myVM \ --backup-management-type AzureIaaSVM --retain-until 18-10-2017
Monitor the backup job
To monitor the status of backup jobs, use az backup job list:
az backup job list \ --resource-group myResourceGroup \ --vault-name myRecoveryServicesVault \ --output table
The output is similar to the following example, which shows the backup job is InProgress:
Name Operation Status Item Name Start Time UTC Duration -------- --------------- ---------- ----------- ------------------- -------------- a0a8e5e6 Backup InProgress myvm 2017-09-19T03:09:21 0:00:48.718366 fe5d0414 ConfigureBackup Completed myvm 2017-09-19T03:03:57 0:00:31.191807
When the Status of the backup job reports Completed, your VM is protected with Recovery Services and has a full recovery point stored.
Clean up deployment
When no longer needed, you can disable protection on the VM, remove the restore points and Recovery Services vault, then delete the resource group and associated VM resources. If you used an existing VM, you can skip the final az group delete command to leave the resource group and VM in place.
If you want to try a Backup tutorial that explains how to restore data for your VM, go to Next steps.
az backup protection disable \ --resource-group myResourceGroup \ --vault-name myRecoveryServicesVault \ --container-name myVM \ --item-name myVM \ --backup-management-type AzureIaaSVM --delete-backup-data true az backup vault delete \ --resource-group myResourceGroup \ --name myRecoveryServicesVault \ az group delete --name myResourceGroup
In this quickstart, you created a Recovery Services vault, enabled protection on a VM, and created the initial recovery point. To learn more about Azure Backup and Recovery Services, continue to the tutorials.