Creating a New Backup Vault with Policies

Setup new backups with default policies via the MyCloudIT portal.

Azure Virtual Machine (VM) backups take a 'point in time copy' of the disks attached to a virtual machine as well as other Azure metadata. This is superior to traditional backups in that we have the whole system in a given state as opposed to only the 'data'.

The purpose of the backups is to create a copy of systems that can be recovered in an emergency or for other compliance reasons. The need to recover can be the result of:

  • Employee mistakes such as a user accidental deletion
  • Data corruption
  • Malicious data modification from ransomware/malware/hackers
  • Compliance to recover/review archived data
  • Operating system or application issues, such as failed Windows Updates

These backups should form a part of a company's overall disaster mitigation and recovery planning. Customers with critical applications should confirm that the recovery state is consistent for their environment. An overview that touches on the 'consistency' topic can be found here: https://docs.microsoft.com/en-us/azure/backup/backup-azure-vms-introduction

To make it quick and simple for you to start backing up VM's the MyCloudIT portal has a quick start process for getting your deployments and other VM's backed up.

Create a Vault

A vault is a management entity for storing backups.

  1. Log in to the MyCloudIT portal and if applicable to the correct customer.
  2. Navigate to Manage >  Backups and then click on the +ADD button.

  3. Choose options for the vault:
    1. Name: Choose a name for this vault.
    2. Subscription: Choose the Azure subscription that this vault will be contained in.
    3. Location: We suggest the location be the same location as the virtual machines you plan to backup in this vault.
    4. Resource Group: We suggest creating a new resource group specially for this Vault

    5. Storage Replication: Choose from Geo Redundant (GRS) or Locally redundant (LRS).

      1. Note: You can't change this option once selected, you would have to delete backups and start new ones.

      2. LRS is the lowest-cost redundancy option and stores multiple copies of your backups within one data center. It protects against server and drive failures. However, if a disaster such as fire or flood occurs within the data center, backups using LRS may be unrecoverable.

      3. GRS performs the same as functions as LRS with the addition of making a copy of your backups in a secondary data center physically separate (geographically) from the primary source. This option has a higher cost. For further information see: https://docs.microsoft.com/en-us/azure/storage/common/storage-redundancy

      4. If you would like assistance deciding on LRS or GRS feel free to contact My Cloud IT senior support.

      5. Note that if you manually create a vault in Azure it will show up in vaults but it will not display (cosmetic only) the Storage Replication type for that vault.
  4. Once you click create please wait 15 minutes for the system to create the azure resources and policies then move on to Part 2: Add Virtual Machines to own or two policies.

  5. The MyCloudIT platform recommends and will automatically create 3 default policies for your new vault:
    1. Default Low Policy
      1. Generally for AVD and RDS session hosts that are used as development, test, or lab VMs.
      2. Another use is for deployments that need to prioritize budget over disaster recovery.
      3. We strongly recommend that if budget is a primary concern, at a minimum, you backup your MCIT domain controller (AVD and RDS) and gateway (RDS only) with this policy.
    2. Default Policy
      1. This is a standard policy balancing retention costs and recovery options.
      2. We recommend you backup basic application servers as well as domain controllers here or with the "Default High Policy".
    3. Default High Policy
      1. Customers who want higher retention on certain servers particularly file servers and database servers will want to choose this policy.
      2. Often company record keeping compliance requires this longer retention for key servers.
    4. Note: If changes are needed for the policies, please visit the Azure portal to update the default settings.
    5. See Appendix A for the default policy settings.

    Add Virtual Machines to One or Two policies

    • Add your virtual machines (VM) to backup policies so they will then start to backup daily. Follow these instructions: Add VMs to Backup Policies.

    Appendix

    Appendix A: MCIT Default Policy Settings

    The MyCloudIT platform will automatically create 3 default policies for your new vault based on best business practices. Note: Times are converted to UTC in the Azure Portal.

     

    Default Low Policy:

    • Backup Frequency is Daily at 4am local time (web-browser time)
    • Retain instant recovery snapshots for 5 days
    • Retain Daily Backups for 15 days
    • Retain Weekly Backups (on Sundays) for 4 weeks
    • Retain Monthly backups (on the 1st) for 4 months
    • Do not Retain yearly backups

    Default Policy:

    • Backup Frequency is Daily at 4am local time (web-browser time)
    • Retain instant recovery snapshots for 5 days
    • Retain Daily Backups for 31 days
    • Retain Weekly Backups (on Sundays) for 8 weeks
    • Retain Monthly backups (on the 1st) for 12 months
    • Do not Retain yearly backups

    Default High Policy:

    • Backup Frequency is Daily at 4am local time (web-browser time)
    • Retain instant recovery snapshots for 5 days
    • Retain Daily Backups for 60 days
    • Retain Weekly Backups (on Sundays) for 16 weeks
    • Retain Monthly backups (on the 1st) for 16 months
    • Retain yearly backups (1 Jan) for 5 years