Credits: Kartik Pullabhota (Sr. PM for Automation, HANA and Database backup using Azure Backup) for SME input and Swathi Dhanwada (Customer Engineer, Tech community) for testing.
If you don't already have an Azure subscription, create afree account before you begin.
Launch Cloud Shell from top-navigation of the Azure portal.
Select a subscription to create a storage account and Microsoft Azure Files share.
Select Create storage.
After creation, check that the environment drop-down from the left-hand side of shell window says Bash.
Note: Support for Azure Blobs backup and restore via CLI is in preview and available as an extension in Az 2.15.0 version and later. The extension is automatically installed when you run the azdataprotection commands. Learn more about extensions.
Create resource group:
To create a resource group from the Bash session within Cloud Shell, run the following:
RGNAME= ‘your resource group name’
LOCATION= ‘your location’
az group create --name $RGNAME --location $LOCATION
To retrieve properties of the newly created resource group, run the following:
az group show --name $RGNAME
Create storage account
Create a general-purpose storage account with theaz storage account createcommand. The general-purpose storage account can be used for all four services: blobs, files, tables, and queues.
Create a sample file (blob) and upload to container
To upload a blob to Storage Container, you need “Storage Blob Data Contributor” permissions. The following example uses your Azure AD account to authorize the operation to create the container. Before you create the container, assign theStorage Blob Data Contributorrole to yourself. Even if you are the account owner, you need explicit permissions to perform data operations against the storage account. For more information about assigning Azure roles, refer toAssign an Azure role for access to blob data.
Operational backup also protects the storage account (that contains the blobs to be protected) from any accidental deletions by applying a Backup-owned Delete Lock. This requires the Backup vault to have certain permissions on the storage accounts that need to be protected. For convenience of use, these minimum permissions have been consolidated under the Storage Account Backup Contributor role.
az dataprotection backup-instance show--resource-group <rgname> --vault-name <backupvaultname> --name <backup-instance-name obtained from previous step>
Initialize Restore operation
As the operational backup for blobs is continuous, there are no distinct points to restore from. Instead, youneed to fetch the valid time-range under which blobs can be restored to any point-in-time. To check for valid time-ranges to restore within the last 30 days, you can use theazdataprotection restorable-time-range findcommand as shown below with the instance ID which was identified in the earlier step.
az dataprotection restorable-time-range find --start-time 2021-05-30T00:00:00 --end-time 2021-05-31T00:00:00 --source-data-store-type OperationalStore -g<rgname>--vault-name<backupvaultname> --backup-instances<backup instance id retrieved from previous step>