This article covers relocation guidance for Azure Backup across regions.
Azure Backup doesn’t support the relocation of backup data from one Recovery Services vault to another. In order to continue to protect your resources, you must register and back them up to a Recovery Services vault in the new region.
After you relocate your resources to the new region, you can choose to either keep or delete the backup data in the Recovery Services vaults in the old region.
Note
If you do choose to keep the backup data in the old region, you do incur backup charges.
Prerequisites
Copy internal resources or settings of Azure Resource Vault.
Network firewall reconfiguration
Alert Notification.
Move workbook if configured
Diagnostic settings reconfiguration
List all Recovery Service Vault dependent resources. The most common dependencies are:
Azure Virtual Machine (VM)
Public IP address
Azure Virtual Network
Azure Recovery Service Vault
Whether the VM is moved with the vault or not, you can always restore the VM from the retained backup history in the vault.
Copy the backup VM configuration metadata to validate once the relocation is complete.
Confirm that all services and features that are in use by source resource vault are supported in the target region.
Prepare
Azure Backup currently doesn’t support the movement of backup data from one Recovery Services vault to another across regions.
Instead, you must redeploy the Recovery Service vault and reconfigure the backup for resources to a Recovery Service vault in the new region.
To prepare for redeployment and configuration:
Export a Resource Manager template. This template contains settings that describe your Recovery Vault.
Select All resources and then select your Recovery Vault resource.
Select Export template.
Choose Download in the Export template page.
Locate the .zip file that you downloaded from the portal, and unzip that file to a folder of your choice.
This zip file contains the .json files that include the template and scripts to deploy the template.
Validate all the associated resources detail in the downloaded template, such as private endpoint, backup policy, and security settings.
Update the parameter of the Recovery Vault by changing the value properties under parameters, such as Recovery Vault name, replication type, sku, target location etc.
Make sure to reconfigure all associated settings that were captured from the source Recovery service vault:
(Optional) Private Endpoint - Follow the procedure to relocate a [virtual network]](/technical-delivery-playbook/azure-services/networking/virtual-network/) as described and create the Private Endpoint.
Network firewall reconfiguration
Alert Notification.
Move workbook if configured
Diagnostic settings reconfiguration
Backup resources
In order to continue to protect your resources, you must register and back them up to a Recovery Services vault in the new region. This section shows you how to back up the following:
When an Azure Virtual Machine (VM) protected by a Recovery Services vault is moved from one region to another, it can no longer be backed up to the older vault. The backups in the old vault may start failing with the errors BCMV2VMNotFound or ResourceNotFound.
You can also choose to write a customized script for bulk VM protection:
Select the VM on the Backup Items tab of existing vault’s dashboard and select Stop protection followed by retain/delete data as per your requirement. When the backup data for a VM is stopped with retain data, the recovery points remain forever and don’t adhere to any policy.
Note
Retaining data in the older vault will incur backup charges. If you no longer wish to retain data to avoid billing, you need to delete the retained backup data using the Delete data option.
Ensure that the VMs are turned on. All VMs’ disks that need to be available in the destination region are attached and initialized in the VMs.
Ensure that VMs have the latest trusted root certificates, and an updated certificate revocation list (CRL). To do so:
On Windows VMs, install the latest Windows updates.
On Linux VMs, refer to distributor guidance to ensure that machines have the latest certificates and CRL.
Allow outbound connectivity from VMs:
If you're using a URL-based firewall proxy to control outbound connectivity, allow access to these URLs.
If you're using network security group (NSG) rules to control outbound connectivity, create these service tag rules.
Redeploy Azure VMs by using Azure Resource Mover to relocate your VM to the new region.
When Azure File Share is copied across regions, its associated snapshots don’t relocate along with it. To relocate the snapshots data to the new region, you need to relocate the individual files and directories of the snapshots to the Storage Account in the new region by using AzCopy.
Choose whether you want to retain or delete the snapshots (and the corresponding recovery points) of the original Azure File Share by selecting your file share on the Backup Items tab of the original vault’s dashboard. When the backup data for Azure File Share is stopped with retain data, the recovery points remain forever and don’t adhere to any policy.
Note
While configuring File Share, if the Recovery Service Vault isn't available, check to see whether it is associated with another Recovery Service vault.
Back up SQL Server/SAP HANA in Azure VM
When you relocate a VM that runs SQL or SAP HANA servers, you will no longer be able to back up the SQL and SAP HANA databases in the vault of the earlier region.
To protect the SQL and SAP HANA servers that are running in the new region:
Before you relocate SQL Server/SAP HANA running in a VM to a new region, ensure the following prerequisites are met:
Select the VM on the Backup Items tab of the existing vault’s dashboard and select the databases for which backup needs to be stopped. Select Stop protection followed by retain/delete data as per your requirement. When the backup data is stopped with retain data, the recovery points remain forever and don’t adhere to any policy.
Note
Retaining data in the older vault will incur backup charges. If you no longer wish to retain data to avoid billing, you need to delete the retained backup data using Delete data option.
Ensure that the VMs to be moved are turned on. All VMs disks that need to be available in the destination region are attached and initialized in the VMs.
Ensure that VMs have the latest trusted root certificates, and an updated certificate revocation list (CRL). To do so:
On Windows VMs, install the latest Windows updates.
On Linux VMs, refer to the distributor guidance and ensure that machines have the latest certificates and CRL.
Allow outbound connectivity from VMs:
If you're using a URL-based firewall proxy to control outbound connectivity, allow access to these URLs.
If you're using network security group (NSG) rules to control outbound connectivity, create these service tag rules.
Learn about Azure Backup before learning to implement Recovery Vaults and Azure Backup Policies. Learn to implement Windows IaaS VM recovery, perform backup and restore of on-premises workloads, and manage Azure VM backups.
Administer an SQL Server database infrastructure for cloud, on-premises and hybrid relational databases using the Microsoft PaaS relational database offerings.
