Selective disk backup and restore for Azure virtual machines

Azure Backup supports backing up all the disks (operating system and data) in a VM together using the virtual machine backup solution. Now, using the selective disks backup and restore functionality, you can back up a subset of the data disks in a VM. This provides an efficient and cost-effective solution for your backup and restore needs. Each recovery point contains only the disks that are included in the backup operation. This further allows you to have a subset of disks restored from the given recovery point during the restore operation. This applies to both restore from snapshots and the vault.

Note

Selective disk backup and restore for Azure virtual machines is in public preview in all regions.

Scenarios

This solution is useful particularly in the following scenarios:

  1. If you have critical data to be backed up in only one disk, or a subset of the disks and don’t want to back up the rest of the disks attached to a VM to minimize the backup storage costs.
  2. If you have other backup solutions for part of your VM or data. For example, if you back up your databases or data using a different workload backup solution and you want to use Azure VM level backup for the rest of the data or disks to build an efficient and robust system using the best capabilities available.

Using PowerShell or Azure CLI, you can configure selective disk backup of the Azure VM. Using a script, you can include or exclude data disks using their LUN numbers. Currently, the ability to configure selective disks backup through the Azure portal is limited to the Backup OS Disk only option. So you can configure backup of your Azure VM with OS disk, and exclude all the data disks attached to it.

Note

The OS disk is by default added to the VM backup and can't be excluded.

Using Azure CLI

Ensure you're using Az CLI version 2.0.80 or higher. You can get the CLI version with this command:

az --version

Sign in to the subscription ID where the Recovery Services vault and the VM exists:

az account set -s {subscriptionID}

Note

Only the resourcegroup name (not the object) corresponding to the vault is needed in each command below.

Configure backup with Azure CLI

During the configure protection operation, you need to specify the disk list setting with an inclusion / exclusion parameter, giving the LUN numbers of the disks to be included or excluded in the backup.

az backup protection enable-for-vm --resource-group {resourcegroup} --vault-name {vaultname} --vm {vmname} --policy-name {policyname} --disk-list-setting include --diskslist {LUN number(s) separated by space}
az backup protection enable-for-vm --resource-group {resourcegroup} --vault-name {vaultname} --vm {vmname} --policy-name {policyname} --disk-list-setting exclude --diskslist 0 1

If the VM isn't in the same resource group as the vault, then ResourceGroup refers to the resource group where the vault was created. Instead of the VM name, provide the VM ID as indicated below.

az backup protection enable-for-vm  --resource-group {ResourceGroup} --vault-name {vaultname} --vm $(az vm show -g VMResourceGroup -n MyVm --query id | tr -d '"') --policy-name {policyname} --disk-list-setting include --diskslist {LUN number(s) separated by space}

Modify protection for already backed up VMs with Azure CLI

az backup protection update-for-vm --resource-group {resourcegroup} --vault-name {vaultname} -c {vmname} -i {vmname} --backup-management-type AzureIaasVM --disk-list-setting exclude --diskslist {LUN number(s) separated by space}

Backup only OS disk during configure backup with Azure CLI

az backup protection enable-for-vm --resource-group {resourcegroup} --vault-name {vaultname} --vm {vmname} --policy-name {policyname} --exclude-all-data-disks

Backup only OS disk during modify protection with Azure CLI

az backup protection update-for-vm --resource-group {resourcegroup} --vault-name {vaultname} -c {vmname} -i {vmname} --backup-management-type AzureIaasVM --exclude-all-data-disks

Restore disks with Azure CLI

az backup restore restore-disks --resource-group {resourcegroup} --vault-name {vaultname} -c {vmname} -i {vmname} --backup-management-type AzureIaasVM -r {restorepoint} --target-resource-group {targetresourcegroup} --storage-account {storageaccountname} --diskslist {LUN number of the disk(s) to be restored}

Restore only OS disk with Azure CLI

az backup restore restore-disks --resource-group {resourcegroup} --vault-name {vaultname} -c {vmname} -i {vmname} -r {restorepoint} } --target-resource-group {targetresourcegroup} --storage-account {storageaccountname} --restore-only-osdisk

Get protected item to get disk exclusion details with Azure CLI

az backup item show -c {vmname} -n {vmname} --vault-name {vaultname} --resource-group {resourcegroup} --backup-management-type AzureIaasVM

There's an additional diskExclusionProperties parameter added to the protected item as shown below:

"extendedProperties": {
      "diskExclusionProperties": {
        "diskLunList": [
          0,
          1
        ],
        "isInclusionList": true
      }

Get backup job with Azure CLI

az backup job show --vault-name {vaultname} --resource-group {resourcegroup} -n {BackupJobID}

This command helps get the details of the backed-up disks and excluded disks as shown below:

   "Backed-up disk(s)": "diskextest_OsDisk_1_170808a95d214428bad92efeecae626b; diskextest_DataDisk_0; diskextest_DataDisk_1",  "Backup Size": "0 MB",
   "Excluded disk(s)": "diskextest_DataDisk_2",

List recovery points with Azure CLI

az backup recoverypoint list --vault-name {vaultname} --resource-group {resourcegroup} -c {vmname} -i {vmname} --backup-management-type AzureIaasVM

This gives the information of the number of disks attached and backed up in the VM.

      "recoveryPointDiskConfiguration": {
        "excludedDiskList": null,
        "includedDiskList": null,
        "numberOfDisksAttachedToVm": 4,
        "numberOfDisksIncludedInBackup": 3
};

Get recovery point with Azure CLI

az backup recoverypoint show --vault-name {vaultname} --resource-group {resourcegroup} -c {vmname} -i {vmname} --backup-management-type AzureIaasVM -n {recoverypointID}

Each recovery point has the information of the included and excluded disks:

  "recoveryPointDiskConfiguration": {
      "excludedDiskList": [
        {
          "lun": 2,
          "name": "diskextest_DataDisk_2"
        }
      ],
      "includedDiskList": [
        {
          "lun": -1,
          "name": "diskextest_OsDisk_1_170808a95d214428bad92efeecae626b"
        },
        {
          "lun": 0,
          "name": "diskextest_DataDisk_0"
        },
        {
          "lun": 1,
          "name": "diskextest_DataDisk_1"
        }
      ],
      "numberOfDisksAttachedToVm": 4,
      "numberOfDisksIncludedInBackup": 3

Remove disk exclusion settings and get protected item with Azure CLI

az backup protection update-for-vm --vault-name {vaultname} --resource-group {resourcegroup} -c {vmname} -i {vmname} --backup-management-type AzureIaasVM --disk-list-setting resetexclusionsettings

az backup item show -c {vmname} -n {vmname} --vault-name {vaultname} --resource-group {resourcegroup} --backup-management-type AzureIaasVM

When you execute these commands, you'll see "diskExclusionProperties": null.

Using PowerShell

Ensure you're using Azure PowerShell version 3.7.0 or higher.

Enable backup with PowerShell

Enable-AzRecoveryServicesBackupProtection -Policy $pol -Name "V2VM" -ResourceGroupName "RGName1"  -DiskListSetting "Include"/"Exclude" -DisksList[Strings] -VaultId $targetVault.ID

Backup only OS disk during configure backup with PowerShell

Enable-AzRecoveryServicesBackupProtection -Policy $pol -Name "V2VM" -ResourceGroupName "RGName1"  -ExcludeAllDataDisks -VaultId $targetVault.ID

Get backup item object to be passed in modify protection with PowerShell

$item= Get-AzRecoveryServicesBackupItem -BackupManagementType "AzureVM" -WorkloadType "AzureVM" -VaultId $Vault.ID -FriendlyName "V2VM"

You need to pass the above obtained $item object to the –Item parameter in the following cmdlets.

Modify protection for already backed up VMs with PowerShell

Enable-AzRecoveryServicesBackupProtection -Item $item -DiskListSetting "Include"/"Exclude" -DisksList[Strings]   -VaultId $targetVault.ID

Backup only OS disk during modify protection with PowerShell

Enable-AzRecoveryServicesBackupProtection -Item $item  -ExcludeAllDataDisks -VaultId $targetVault.ID

Reset disk exclusion setting with PowerShell

Enable-AzRecoveryServicesBackupProtection -Item $item -DiskListSetting "Reset" -VaultId $targetVault.ID

Restore selective disks with PowerShell

Restore-AzRecoveryServicesBackupItem -RecoveryPoint $rp[0] -StorageAccountName "DestAccount" -StorageAccountResourceGroupName "DestRG" -TargetResourceGroupName "DestRGforManagedDisks" -VaultId $targetVault.ID -RestoreDiskList [Strings]

Restore only OS disk with PowerShell

Restore-AzRecoveryServicesBackupItem -RecoveryPoint $rp[0] -StorageAccountName "DestAccount" -StorageAccountResourceGroupName "DestRG" -TargetResourceGroupName "DestRGforManagedDisks" -VaultId $targetVault.ID -RestoreOnlyOSDisk

Using the Azure portal

Using the Azure portal, you can view the included and excluded disks from the VM backup details pane and the backup job details pane. During restore, when you select the recovery point to restore from, you can view the backed-up disks in that recovery point.

Here you can view the included and excluded disks for a virtual machine in the portal from the VM backup details pane:

View included and excluded disks from backup details pane

Here you can view the included and excluded disks in a backup from job details pane:

View included and excluded disks from job details pane

Here you can view the backed-up disks during restore, when you select the recovery point to restore from:

View backed-up disks during restore

Configuring the selective disks backup experience for a VM through the Azure portal is limited to the Backup OS Disk only option. To use selective disks backup on already a backed-up VM or for advanced inclusion or exclusion of specific data disks of a VM, use PowerShell or Azure CLI.

Note

If data spans across disks, make sure all the dependent disks are included in the backup. If you don’t backup all the dependent disks in a volume, during restore the volume comprising of some non-backed up disks won't be created.

Backup OS disk only in the Azure portal

When you enable backup using Azure portal, you can choose the Backup OS Disk only option. So you can configure backup of your Azure VM with OS disk, and exclude all data disks attached to it.

Configure backup for the OS disk only

Using Azure REST API

You can configure Azure VM Backup with a few select disks or you can modify an existing VM's protection to include/exclude few disks as documented here.

Selective disk restore

Selective disk restore is an added functionality you get when you enable the selective disks backup feature. With this functionality, you can restore selective disks from all the disks backed up in a recovery point. It's more efficient, and helps save time in scenarios where you know which of the disks needs to be restored.

  • The OS disk is included by default in the VM backup and restore, and can't be excluded.
  • Selective disk restore is supported only for recovery points created after the disk exclusion capability is enabled.
  • Backups with the disk exclude setting ON only support the Disk restore option. VM restore or Replace Existing restore options aren't supported in this case.

The option to restore VM and replace existing aren't available during the restore operation

Limitations

Selective disks backup functionality isn't supported for classic virtual machines and encrypted virtual machines. So Azure VMs that are encrypted with Azure Disk Encryption (ADE) using BitLocker for encryption of Windows VM, and the dm-crypt feature for Linux VMs are unsupported.

The restore options to Create new VM and Replace existing aren't supported for the VM for which selective disks backup functionality is enabled.

Billing

Azure virtual machine backup follows the existing pricing model, explained in detail here.

Protected Instance (PI) cost is calculated for the OS disk only if you choose to back up using the OS Disk only option. If you configure backup and select at least one data disk, the PI cost will be calculated for all the disks attached to the VM. Backup storage cost is calculated based on only the included disks and so you get to save on the storage cost. Snapshot cost is always calculated for all the disks in the VM (both the included and excluded disks).

Next steps