Azure Bicep: Implement Azure virtual machine-level backup
Leverage Infrastructure as Code for Azure using Bicep Language to provide independent and isolated backups to guard against unintended destruction of the data on your VMs.
This article shows you how to leverage Azure Bicep, a domain-specific language (DSL) that uses a declarative syntax to deploy Azure resources, to backup your virtual machines running in Azure.
Backups are stored in a Recovery Services vault with built-in management of recovery points. Configuration and scalability are simple, backups are optimized, and you can easily restore as needed.
Prerequisites.
- An Active Azure account: You can create an account for free.
- Azure Bicep is installed on your local machine.
- Azure PowerShell. See: Install Azure PowerShell.
- A resource group in your Azure subscription
Let’s get started!
1. Solution Overview
We will author and deploy a Bicep template that creates N virtual machines and a new recovery services vault and backup policy and enables backup of the virtual machines provisioned.
The following resources are deployed as part of the following example:
- 2 Virtual machines with their own disk, IP address, and network interfaces
- 1 virtual network
- 1 network security group
- 1 recovery services vault
- 1 backup policy
The solution will include the following files:
- 📄 main.bicep: This is the Bicep template that will contain the definition of all the resources that are to be created
- 📄 azuredeploy.parameters.json: This parameter file contains the values to use for deploying your Bicep template.
2. Azure Bicep Template — parameters
Create a new file in your working directory and name it ‘main.bicep’. We will define the following parameters:
param location string = resourceGroup().location@description('Resource group where the virtual machines are located. This can be different than resource group of the vault. ')
param existingVirtualMachinesResourceGroup string = 'azinsider_demo'@description('Admin username')
param adminUsername string@description('Admin password')
@secure()
param adminPassword string@description('VM name prefix')
param vmNamePrefix string = 'az104-10-vm'@description('Public IP address name prefix')
param pipNamePrefix string = 'az104-10-pip'@description('Nic name prefix')
param nicNamePrefix string = 'az104-10-nic'@description('Image Publisher')
param imagePublisher string = 'MicrosoftWindowsServer'@description('Image Offer')
param imageOffer string = 'WindowsServer'@description('Image SKU')
@allowed([
'2019-Datacenter'
'2019-Datacenter-Server-Core'
'2019-Datacenter-Server-Core-smalldisk'
])
param imageSKU string = '2019-Datacenter'@description('VM size')
param vmSize string = 'Standard_D2s_v3'@description('Array of Azure virtual machines.')
param existingVirtualMachines array = [
'az104-10-vm0'
'az104-10-vm1'
]@description('Virtual network name')
param virtualNetworkName string = 'az104-10-vnet'@description('Virtual network address prefix')
param addressPrefix string = '10.0.0.0/24'@description('Resource group of the VNet')
param virtualNetworkResourceGroup string = 'az104-10-rg0'@description('VNet first subnet name')
param subnet0Name string = 'subnet0'@description('VNet first subnet prefix')
param subnet0Prefix string = '10.0.0.0/26'@description('Network security group name')
param nsgName string = 'az104-10-nsg01'
3. Azure Bicep Template — variables
We will define the following variables:
var vnetID = resourceId(virtualNetworkResourceGroup, 'Microsoft.Network/virtualNetworks', virtualNetworkName)
var subnetRef = resourceId('Microsoft.Network/virtualNetworks/subnets', virtualNetworkName, subnet0Name)
var numberOfInstances = 2
var vaultName = 'az104-10-rsv1'
var backupFabric = 'Azure'var scheduleRunTimes = [
'2022-01-26T05:30:00Z'
]
var backupPolicyName = 'az104-DefaultPolicy'
@description('Conditional parameter for New or Existing Backup Policy')
param isNewPolicy bool = true
var v2VmContainer = 'iaasvmcontainer;iaasvmcontainerv2;'
var v2Vm = 'vm;iaasvmcontainerv2;
4. Azure Bicep Template — resources
We will define the following resources:
5. Parameters file
Create a new file named ‘azuredeploy.parameters.json’. The code below shows the definition of the parameters file:
{
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"adminUsername": {
"value": "Student"
},
"adminPassword": {
"value": "Pa55w.rd1234"
},
"vmNamePrefix": {
"value": "az104-10-vm"
},
"nicNamePrefix": {
"value": "az104-10-nic"
},
"imagePublisher": {
"value": "MicrosoftWindowsServer"
},
"imageOffer": {
"value": "WindowsServer"
},
"imageSKU": {
"value": "2019-Datacenter"
},
"vmSize": {
"value": "Standard_D2s_v3"
},
"virtualNetworkName": {
"value": "az104-10-vnet"
},
"addressPrefix": {
"value": "10.0.0.0/24"
},
"virtualNetworkResourceGroup": {
"value": "az104-10-rg0"
},
"subnet0Name": {
"value": "subnet0"
},
"subnet0Prefix": {
"value": "10.0.0.0/26"
}
}
}6. Azure Bicep Template — Deployment
We will use the command below to deploy our Bicep template:
$date = Get-Date -Format "MM-dd-yyyy"
$deploymentName = "AzInsiderDeployment"+"$date"New-AzResourceGroupDeployment -Name $deploymentName -ResourceGroupName azinsider_demo -TemplateFile .\main.bicep -TemplateParameterFile .\azuredeploy.parameters.json -c
The image below shows the preview of the deployment:
The image below shows the deployment output:
You can go to the Azure Portal and review all the resources created as shown in the image below:
Now, if you go to the Recovery Services Vault, then select the Backup Items, you will the see virtual machines already onboarded to the backup:
Source Code.
You can find the code of this solution in the following URL; feel free to contribute!
Conclusion.
Along with this article we reviewed how you can deploy resources in Azure using Azure Bicep Language, we leveraged Azure Bicep capabilities to deploy the infrastructure and enabled Azure Backup for the virtual machines provisioned in the Bicep template.
👉 Join the AzInsider email list here.
-Dave R.
