Edit

Share via

Relocate Azure Backup to another region

This article covers relocation guidance for Azure Backup across regions.

Azure Backup doesn't support the relocation of backup data from one Recovery Services vault to another. To continue to protect your resources, you must register and back them up to a Recovery Services vault in the new region.

After you relocate your resources to the new region, you can choose to either keep or delete the backup data in the Recovery Services vaults in the old region.

Note

If you choose to keep the backup data in the old region, you incur backup charges.

Prerequisites

  • Copy internal resources or settings of Recovery Services vaults:

    • Network firewall reconfiguration.
    • Alert notification.
    • Workbook to move, if configured.
    • Diagnostic settings reconfiguration.

  • List all resources dependent on Recovery Services vaults. The most common dependencies are:

    • Azure virtual machines (VMs).
    • Public IP address.
    • Azure Virtual Network.
    • Recovery Services vault.

  • Restore the VM from the retained backup history in the vault, if necessary. You can always perform this task whether the VM is moved with the vault or not.

  • Copy the backup VM configuration metadata to validate after the relocation is finished.

  • Confirm that all services and features that are in use by the source vault are supported in the target region.

Prepare

Azure Backup currently doesn't support the movement of backup data from one Recovery Services vault to another across regions. Instead, you must redeploy the Recovery Services vault and reconfigure the backup for resources to a Recovery Services vault in the new region.

Prepare for redeployment and configuration

  1. Export an Azure Resource Manager template. This template contains settings that describe your Recovery Services vault.

    1. Sign in to the Azure portal.

    2. Select All resources, and then select your Recovery Services vault resource.

    3. Select Export template.

    4. On the Export template page, select Download.

    5. Locate the .zip file that you downloaded from the portal, and unzip that file to a folder of your choice.

      This .zip file contains the .json files that include the template and scripts to deploy the template.

  2. Validate all the associated resource details in the downloaded template, such as private endpoint, backup policy, and security settings.

  3. Update the parameter of the Recovery Services vault by changing the value properties under parameters, such as the Recovery Services vault name, replication type, version, and target location.

Redeploy

Create and reconfigure the Recovery Services vault in the target region.

Make sure to reconfigure all associated settings that were captured from the source Recovery Services vault:

  • (Optional) Private endpoint: Relocate a virtual network and create a private endpoint.
  • Network firewall reconfiguration.
  • Alert notification.
  • Workbook to move, if configured.
  • Diagnostic settings reconfiguration.

Back up resources

To continue to protect your resources, you must register and back them up to a Recovery Services vault in the new region. This section shows you how to back up the following resources:

Back up an Azure virtual machine

When an Azure VM protected by a Recovery Services vault is moved from one region to another, it can no longer be backed up to the older vault. The backups in the old vault might start failing with the errors BCMV2VMNotFound or ResourceNotFound.

You can also choose to write a customized script for bulk VM protection:

https://management.azure.com/Subscriptions/{subscriptionId}/resourceGroups/{vaultresourceGroupName}/providers/Microsoft.RecoveryServices/vaults/{vaultName}/backupFabrics/{fabricName}/protectionContainers/{containerName}/protectedItems/{protectedItemName}?api-version=2019-05-13

  1. Prepare Azure VMs for relocation:

    1. See the prerequisites associated with VM relocation and ensure that the VM is eligible for relocation.

    2. Select the VM on the Backup Items tab of the existing vault's dashboard. Select Stop protection followed by retain/delete data according to your requirements. When the backup data for a VM is stopped with retain data, the recovery points remain forever and don't adhere to any policy.

      Note

      Retaining data in the older vault incurs backup charges. If you no longer want to retain data to avoid billing, you need to delete the retained backup data by using the Delete data option.

    3. Ensure that the VMs are turned on. All VM disks that need to be available in the destination region are attached and initialized in the VMs.

    4. Ensure that the VMs have the latest trusted root certificates and an updated certificate revocation list (CRL). To do so:

      • On Windows VMs, install the latest Windows updates.
      • On Linux VMs, refer to distributor guidance to ensure that machines have the latest certificates and CRL.

    5. Allow outbound connectivity from VMs:

      • If you use a URL-based firewall proxy to control outbound connectivity, allow access to these URLs.
      • If you use network security group (NSG) rules to control outbound connectivity, create these service tag rules.

  2. Redeploy Azure VMs by using Azure Resource Mover to relocate your VM to the new region.

Back up Azure file shares

  1. Back up Azure file shares with the Azure CLI.

  2. Satisfy the prerequisites to relocate the storage account.

  3. Export and modify an Azure Resource Move template. For more information, see Prepare storage account for region relocation.

  4. Relocate the Azure Storage account to another region.

  5. When an Azure file share is copied across regions, its associated snapshots don't relocate along with it. To relocate the snapshot data to the new region, use AzCopy to relocate the individual files and directories of the snapshots to the storage account in the new region.

  6. Choose whether you want to retain or delete the snapshots (and the corresponding recovery points) of the original Azure file share. Select your file share on the Backup Items tab of the original vault's dashboard. When the backup data for the Azure file share is stopped with retain data, the recovery points remain forever and don't adhere to any policy.

Note

When you configure a file share, if the Recovery Services vault isn't available, check to see whether the vault is associated with another Recovery Services vault.

Back up SQL Server/SAP HANA in an Azure VM

When you relocate a VM that runs SQL Server or SAP HANA, you can no longer back up the SQL and SAP HANA databases in the vault of the earlier region.

Protect the SQL and SAP HANA servers that are running in the new region

  1. Before you relocate SQL and SAP HANA servers running in a VM to a new region, ensure that the following prerequisites are met:

    1. See the prerequisites associated with VM relocation. Ensure that the VM is eligible for relocation.
    2. Select the VM on the Backup Items tab of the existing vault's dashboard and select the databases for which backup needs to be stopped. Select Stop protection followed by retain/delete data according to your requirements. When the backup data is stopped with retain data, the recovery points remain forever and don't adhere to any policy.

      Note

      Retaining data in the older vault incurs backup charges. If you no longer want to retain data to avoid billing, you need to delete the retained backup data by using the Delete data option.

    3. Ensure that the VMs to be moved are turned on. All VM disks that need to be available in the destination region must be attached and initialized in the VMs.
    4. Ensure that the VMs have the latest trusted root certificates and an updated CRL. To do so:
      • On Windows VMs, install the latest Windows updates.
      • On Linux VMs, refer to the distributor guidance and ensure that machines have the latest certificates and CRL.
    5. Allow outbound connectivity from VMs:
      • If you're using a URL-based firewall proxy to control outbound connectivity, allow access to these URLs.
      • If you're using NSG rules to control outbound connectivity, create these service tag rules.

  2. Relocate your VM to the new region by using Azure Resource Mover.

  3. Create a Recovery Services vault in the new region where the VM is relocated.

  4. Reconfigure the backup.

Back up services for on-premises resources

  1. To back up files, folders, and system state for VMs (Hyper-V and VMware) and other on-premises workloads, see About the Microsoft Azure Recovery Services (MARS) agent for Azure Backup.

  2. Download vault credentials to register the server in the vault.

    Screenshot that shows how to download vault credentials to register the server in the vault.

  3. Reconfigure the backup agent on an on-premises VM.

    Screenshot that shows how to reconfigure an on-premises virtual machine.

  • Last updated on