Automate Azure Backups for VM across multiple subscriptions

sri 45 Reputation points
2023-11-08T06:13:18.15+00:00

Hi Team,

I am working for big health care organization. We have Azure landing zone deployed which has around 20 subscriptions. We are trying to automate the Backups for all the VM types deployed New VM from market place, Migrated and Custom Images from azure gallery. We created a separate recovery services vault and a separate backup policy for each subscription since we cannot backup all into one recovery service vault as per design.

Now we are trying to automate the backups for all types of VM's through Azure policy by creating an Azure policy for each subscription since each of the subscription will have its own recovery services vault and backup policy.

I found out that Azure policy based backups would not work for Migrated or custom images and would only work for the new VM's from market place .

what is the best practice to automate these backups for all types of VMs across multiple subscriptions and vnets ?

Appreciate any help is this regards

Thanks

Sri

Azure Backup
Azure Backup
An Azure backup service that provides built-in management at scale.
1,336 questions
Azure Policy
Azure Policy
An Azure service that is used to implement corporate governance and standards at scale for Azure resources.
944 questions
Windows Server Backup
Windows Server Backup
Windows Server: A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.Backup: A duplicate copy of a program, a disk, or data, made either for archiving purposes or for safeguarding valuable files from loss should the active copy be damaged or destroyed.
481 questions
{count} votes

Accepted answer
  1. Ricardo Correia 165 Reputation points Microsoft Employee
    2023-11-13T14:55:36.2233333+00:00

    Hi Sri,

    Problem are indeed these fields that are constraints on the built in policies for backup and that only the machines from marketplace have filled in by default

    "field": "Microsoft.Compute/imagePublisher",
    "field": "Microsoft.Compute/imageOffer",
    "field": "Microsoft.Compute/imageSKU"

    Usually what customers do is to remove above constraints on a custom policy based on one of the built in policies

    I do not anticipate any big problems to have an attempt to install backup extension on an unsupported VM besides the failed attempt or the failed backups afterwards.

    You can always exclude the failing machines afterwards with a TAG (as an example)

    Hope this helps!

    RAC

    Please Accept the answer if the information helped you. This will help us and others in the community as well.

    0 comments No comments

1 additional answer

Sort by: Most helpful
  1. Manish Tiwari 180 Reputation points
    2023-11-13T09:56:26.9966667+00:00

    Automating Azure backups for VMs across multiple subscriptions, especially considering various VM types like those from the marketplace, migrated VMs, and custom images, requires a thoughtful approach. While Azure Policy-based backups may have limitations, you can achieve your goal using a combination of Azure Automation, Azure Policy, and possibly Azure Logic Apps. Here's a step-by-step guide:

    Azure Automation Account:

    • Create an Azure Automation account in a central management subscription. This will be your centralized automation hub.

    Runbooks:

    • Create Azure Automation Runbooks to handle the backup operations. Write scripts or use existing modules to trigger backups based on your specific requirements.

    Credentials:

    • Ensure your Automation Runbooks have the necessary credentials to access and authenticate with your VMs across subscriptions.

    Azure Policy:

    • While Azure Policy may not cover all your use cases, you can still use it for enforcing certain configurations. For example, you can create policies to ensure that VMs are tagged correctly or have specific configurations that are conducive to backup.

    Azure Logic Apps (Optional):

    • Consider using Azure Logic Apps for more complex workflow automation. Logic Apps can be triggered based on specific events or schedules and can orchestrate multi-step workflows.

    Resource Group Tagging:

    • Use Azure Resource Group tagging to logically group resources across subscriptions. This can help in dynamic discovery of resources for backup operations.

    Custom Scripts for Migrated or Custom Images:

    • For migrated or custom images, you might need custom scripts to identify and trigger backups. Azure CLI or PowerShell can be used within your Runbooks to address these scenarios.

    Monitoring and Logging:

    • Implement monitoring and logging within your Azure Automation environment to track the status of backup operations. Azure Monitor and Azure Log Analytics can be valuable tools for this purpose.

    Centralized Reporting:

    • Consider setting up a centralized reporting mechanism to get insights into backup status and compliance across all subscriptions.

    Documentation and Training:

    • Document the backup automation process and provide training to the relevant teams so they can troubleshoot and maintain the solution.

    Remember to test your automation scripts and workflows thoroughly in a non-production environment before deploying them to your production subscriptions. Additionally, stay informed about updates to Azure services and adjust your automation accordingly. If needed, you might also want to consult with Azure support for specific healthcare compliance considerations.

    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.