I always like to create some automation tasks to replace the tedious manual click job. This can be very helpful for customers with large environment. In this blog, I want to share the Azure Runbook which I made to run at the Azure background and automatically back up the VMs with tag@{backup = ‘true’}. This can standardize the VM backup with certain backup policy and automatically audit the environment and make sure to back up the required computing VM resources.
In order to run the runbook, add below modules into your Azure automation account environment:

  • RecoveryServices Version 4.1.4
  • RecoveryServices.backup Version 4.3.0

Pic1
Below is the Runbook PS script file:
[code language=”powershell”]
#define login
 
function Login() {
$connectionName = “AzureRunAsConnection”
try
{
Write-Verbose “Acquiring service principal for connection ‘$connectionName'” -Verbose
 
$servicePrincipalConnection = Get-AutomationConnection -Name $connectionName
 
Write-Verbose “Logging in to Azure…” -Verbose
 
Add-AzureRmAccount `
-ServicePrincipal `
-TenantId $servicePrincipalConnection.TenantId `
-ApplicationId $servicePrincipalConnection.ApplicationId `
-CertificateThumbprint $servicePrincipalConnection.CertificateThumbprint | Out-Null
}
catch {
if (!$servicePrincipalConnection)
{
$ErrorMessage = “Connection $connectionName not found.”
throw $ErrorMessage
} else{
Write-Error -Message $_.Exception
throw $_.Exception
}
}
}
 
Login
 
#define global variables
 
$rsVaultName = “myRsVault”
$rgName = “edmond-guo-rg”
$location = “Australia Southeast”
$keyvault = “edkeyvault1”
$vmrg = “VMs”
$backupvms = (Get-AzureRmResource -Tag @{ backup=”true”} -ResourceGroupName edmond-guo-rg -ResourceType Microsoft.Compute/virtualMachines).Name
 
# Register the Recovery Services provider and create a resource group
 
Register-AzureRmResourceProvider -ProviderNamespace “Microsoft.RecoveryServices”
 
# Create a Recovery Services Vault and set its storage redundancy type
 
New-AzureRmRecoveryServicesVault `
-Name $rsVaultName `
-ResourceGroupName $rgName `
-Location $location
$vault1 = Get-AzureRmRecoveryServicesVault –Name $rsVaultName
Set-AzureRmRecoveryServicesBackupProperties -Vault $vault1 -BackupStorageRedundancy LocallyRedundant
 
# Set Recovery Services Vault context and create protection policy
 
Get-AzureRmRecoveryServicesVault -Name $rsVaultName | Set-AzureRmRecoveryServicesVaultContext
$schPol = Get-AzureRmRecoveryServicesBackupSchedulePolicyObject -WorkloadType “AzureVM”
$retPol = Get-AzureRmRecoveryServicesBackupRetentionPolicyObject -WorkloadType “AzureVM”
 
 
 
foreach($backupvm in $backupvms)
{
# Provide permissions to Azure Backup to access key vault and enable backup on the VM
 
Set-AzureRmKeyVaultAccessPolicy -VaultName $keyvault -ResourceGroupName $rgName -PermissionsToKeys backup,get,list -PermissionsToSecrets backup,get,list -ServicePrincipalName 17078714-cbca-45c7-b486-5d9035fae0b5
$pol = Get-AzureRmRecoveryServicesBackupProtectionPolicy -Name “NewPolicy”
Enable-AzureRmRecoveryServicesBackupProtection -Policy $pol -Name $backupvm -ResourceGroupName $vmrg
 
# Modify protection policy
 
$retPol = Get-AzureRmRecoveryServicesBackupRetentionPolicyObject -WorkloadType “AzureVM”
$retPol.DailySchedule.DurationCountInDays = 365
$pol = Get-AzureRmRecoveryServicesBackupProtectionPolicy -Name “NewPolicy”
Set-AzureRmRecoveryServicesBackupProtectionPolicy -Policy $pol -RetentionPolicy $RetPol
 
# Trigger a backup and monitor backup job
 
$namedContainer = Get-AzureRmRecoveryServicesBackupContainer -ContainerType “AzureVM” -Status “Registered” -FriendlyName $backupvm
$item = Get-AzureRmRecoveryServicesBackupItem -Container $namedContainer -WorkloadType “AzureVM”
$job = Backup-AzureRmRecoveryServicesBackupItem -Item $item
$joblist = Get-AzureRmRecoveryservicesBackupJob –Status “InProgress”
Wait-AzureRmRecoveryServicesBackupJob `
-Job $joblist[0] `
-Timeout 43200
}
[/code]
So this runbook job will run every day at 5AM and taking the VM snapshot and save the VM backup images in your Backup Vault which is defined in the script.
pic2
Hopefully this runbook script can help you with the day to day operations task. 😉

Category:
Uncategorized