- Create and manage append blobs with PowerShell - Wed, Oct 12 2022
- Permanently delete a Key Vault in Azure using PowerShell - Fri, Feb 4 2022
- Restore Azure Files with PowerShell - Fri, Jan 28 2022
Recovery Service vault
The Recovery Service vault on Azure is responsible for securely storing various types of data, such as Azure VMs, SQL databases, and Azure file shares. So, it acts like a central data station where all your backed-up data and recovery points are stored. To protect backup data, Azure Recovery Services uses encryption with platform-managed keys by default, but it also allows you to go with your own RSA keys.
To start using Recovery Services, first we need to register the Microsoft.RecoveryServices resource provider using the following command:
Register-AzResourceProvider -ProviderNamespace "Microsoft.RecoveryServices"
Once the service provider has been registered, we can create a new Recovery Service vault with the following command:
New-AzRecoveryServicesVault -Name "testvault" -ResourceGroupName "restoreAzureFileShares" -Location "West US"
Now we can create a new backup protection policy with the "AzureFiles" workload type, which we will be using to enable backup on the Azure storage account file share. Retention and schedule policy objects are also needed to create a backup protection policy. With these policy objects, we define the backup schedules and how long the data will be retained in recovery service vaults. There are also workload types other than AzureFiles, such as SAPHanaDatabase, AzureVM, and MSSQL, that are supported by Recovery Services.
Get-AzRecoveryServicesVault -Name "testvault" | Set-AzRecoveryServicesVaultContext $vaultID = Get-AzRecoveryServicesVault -ResourceGroupName "restoreAzureFileShares" -Name "testvault" | select -ExpandProperty ID $retentionPolicy = Get-AzRecoveryServicesBackupRetentionPolicyObject -WorkloadType AzureFiles $schedulePolicy = Get-AzRecoveryServicesBackupSchedulePolicyObject -WorkloadType AzureFiles New-AzRecoveryServicesBackupProtectionPolicy -Name "NewAzureFileSharePolicy" -WorkloadType "AzureFiles" -RetentionPolicy $retentionPolicy -SchedulePolicy $schedulePolicy -VaultID $vaultID
Registering the resource provider and creating a recovery service vault
Enabling backup of Azure file shares
We can run the following commands to enable the backup feature on an Azure file share:
$azureFileSharePolicy = Get-AzRecoveryServicesBackupProtectionPolicy -Name NewAzureFileSharePolicy Enable-AzRecoveryServicesBackupProtection -StorageAccountName "restoretest0001" -Name "fileshare01" -Policy $azureFileSharePolicy
Enabling backup protection on an Azure file share
To manually create a backup on an Azure file share, we will use the following commands:
$azureFileShareContainer = Get-AzRecoveryServicesBackupContainer -ContainerType AzureStorage -Status Registered -FriendlyName "restoretest0001" -VaultId $vaultID $azureFileShareBackupItem = Get-AzRecoveryServicesBackupItem -Container $azureFileShareContainer -WorkloadType "AzureFiles" -VaultId $vaultID
First, check the backup state without initiating the manual backup job.
$azureFileShareBackupItem | fl *
Backup item status before creating a manual backup
Now, we can trigger the backup job and see the backup details, such as LastBackupStatus and LastBackupTime, once the backup process is done.
$backupJob = Backup-AzRecoveryServicesBackupItem -Item $azureFileShareBackupItem $azureFileShareBackupItem = Get-AzRecoveryServicesBackupItem -Container $azureFileShareContainer -WorkloadType "AzureFiles" -VaultId $vaultID $azureFileShareBackupItem | fl *
Backup status can be seen in the backup item details
After this action, we can also confirm the backup of the file share in Azure Portal.
The backup item can also be found on the file share in the Azure Portal
Restoring deleted files
We now have a backup that we can use to restore when needed. So let's delete a file from the file share and try to restore it using the newly created backup.
A sample file to be deleted and restored using a previously created backup for testing
With the following commands, we will:
- Delete the file "file01.txt"
- Set the recovery point to define from which backup the data will be restored
- Restore the file to the original location (alternative location is also supported)
$strAccount = New-AzStorageContext -StorageAccountName "restoretest0001" ` -StorageAccountKey "****STRACCKEY****” Remove-AzStorageFile -Path "file01.txt" ` -ShareName "fileshare01" ` -Context $strAccount $startDate = (Get-Date).AddDays(-1) $endDate = Get-Date $recoveryPoint = Get-AzRecoveryServicesBackupRecoveryPoint ` -Item $azureFileShareBackupItem ` -VaultId $vaultID ` -StartDate $startdate.ToUniversalTime() ` -EndDate $enddate.ToUniversalTime() $recoveryPoint[0] | fl # restore to the original location Restore-AzRecoveryServicesBackupItem -RecoveryPoint $recoveryPoint[0] ` -SourceFileType File -SourceFilePath ` "file01.txt" -ResolveConflict Overwrite Get-AzStorageFile -ShareName fileshare01 -Path file01.txt -Context $strAccount ### restore to an alternate location Restore-AzRecoveryServicesBackupItem -RecoveryPoint $recoveryPoint[0] -TargetStorageAccountName "TargetStrAcc01" -TargetFileShareName "fs01" -TargetFolder "folder1" -ResolveConflict Overwrite Restore-AzRecoveryServicesBackupItem -RecoveryPoint $recoveryPoint[0] -TargetStorageAccountName "TargetStrAcc01" -TargetFileShareName "fs02" -TargetFolder "folder1" -SourceFileType File -SourceFilePath "file01.txt" -ResolveConflict Overwrite
Restoring the file using the backup item in the Recovery Services vault
If you need to restore multiple files or folders rather than a single file, you can use the following options:
# multiple directories
$dirs = ("Dir1","Dir2")
Restore-AzRecoveryServicesBackupItem -RecoveryPoint $recoveryPoint[0] -MultipleSourceFilePath $dirs -SourceFileType Directory -ResolveConflict Overwrite -VaultId $vault.ID -VaultLocation $vault.Location
# multiple files
$recoveryPoint = Get-AzRecoveryServicesBackupRecoveryPoint -Item $BackupItem -VaultId $vault.ID
$files = ("file01.txt", "file02.jpg")
Restore-AzRecoveryServicesBackupItem -RecoveryPoint $recoveryPoint[0] -MultipleSourceFilePath $files -SourceFileType File -ResolveConflict Overwrite -VaultId $vault.ID -VaultLocation $vault.Location
Disabling the backup and deleting the Recovery Vault
If you try to delete the Recovery Service vault before unregistering containers or deleting the private endpoints, you'll get the following error message:
Vaults cannot be deleted while there are existing resources
To unregister the backup container, we first need to disable and delete the existing backup items from the vault. To do so, we'll run this script:
$vaultID = Get-AzRecoveryServicesVault -ResourceGroupName ` "restoreAzureFileShares" ` -Name "testvault" ` | select -ExpandProperty ID $azureFileShareContainer = Get-AzRecoveryServicesBackupContainer -ContainerType ` AzureStorage ` -Status Registered ` -FriendlyName "restoretest0001" ` -VaultId $vaultID $azureFileShareBackupItem = Get-AzRecoveryServicesBackupItem -Container $azureFileShareContainer ` -WorkloadType "AzureFiles" ` -VaultId $vaultID Disable-AzRecoveryServicesBackupProtection -item $azureFileShareBackupItem -VaultId $vaultID -RemoveRecoveryPoints -Force Unregister-AzRecoveryServicesBackupContainer -Container $azureFileShareContainer
Disabling and deleting backup objects from the vault
Finally, we can delete the vault using the following:
Subscribe to 4sysops newsletter!
$vault = Get-AzRecoveryServicesVault -ResourceGroupName "restoreAzureFileShares" -Name "testvault" Remove-AzRecoveryServicesVault -Vault $vault
Removing the Recovery Service vault
Conclusion
Files and folders in an Azure file share can easily be backed up and restored using a Recovery Service vault with flexible options. Backup and restore operations can be performed in Azure Portal or via PowerShell, the Azure CLI, or a REST API.
