|
| 1 | +--- |
| 2 | +title: Back up SQL server databases in Azure VMs using Azure Backup via CLI |
| 3 | +description: Learn how to use CLI to back up SQL server databases in Azure VMs in the Recovery Services vault. |
| 4 | +ms.topic: how-to |
| 5 | +ms.date: 07/07/2022 |
| 6 | +author: v-amallick |
| 7 | +ms.service: backup |
| 8 | +ms.author: v-amallick |
| 9 | +--- |
| 10 | + |
| 11 | +# Back up SQL databases in Azure VM using Azure CLI |
| 12 | + |
| 13 | +Azure CLI is used to create and manage Azure resources from the Command Line or through scripts. This article describes how to back up an SQL database in Azure VM and trigger on-demand backups using Azure CLI. You can also perform these actions using the [Azure portal](backup-sql-server-database-azure-vms.md). |
| 14 | + |
| 15 | +This article assumes that you already have an SQL database installed on an Azure VM. (You can also [create a VM using Azure CLI](../virtual-machines/linux/quick-create-cli.md)). |
| 16 | + |
| 17 | +In this article, you'll learn how to: |
| 18 | +> [!div class="checklist"] |
| 19 | +> |
| 20 | +> * Create a Recovery Services vault |
| 21 | +> * Register SQL server and discover database(s) on it |
| 22 | +> * Enable backup on an SQL database |
| 23 | +> * Trigger an on-demand backup |
| 24 | +
|
| 25 | +See the [currently supported scenarios](sql-support-matrix.md) for SQL in Azure VM. |
| 26 | + |
| 27 | +[!INCLUDE [azure-cli-prepare-your-environment.md](../../includes/azure-cli-prepare-your-environment.md)] |
| 28 | + |
| 29 | +## Create a Recovery Services vault |
| 30 | + |
| 31 | +A Recovery Services vault is a logical container that stores the backup data for each protected resource, such as Azure VMs or workloads running on Azure VMs - for example, SQL or HANA databases. When the backup job for a protected resource runs, it creates a recovery point inside the Recovery Services vault. You can then use one of these recovery points to restore data to a given point in time. |
| 32 | + |
| 33 | +Create a Recovery Services vault with the [az backup vault create](/cli/azure/backup/vault#az-backup-vault-create) command. Use the resource group and location as that of the VM you want to protect. Learn how to create a VM using Azure CLI with [this VM quickstart](../virtual-machines/linux/quick-create-cli.md). |
| 34 | + |
| 35 | +For this article, we'll use: |
| 36 | + |
| 37 | +* A resource group named *SQLResourceGroup* |
| 38 | +* A VM named *testSQLVM* |
| 39 | +* Resources in the *westus2* location. |
| 40 | + |
| 41 | +Run the following command to create a vault named *SQLVault*. |
| 42 | + |
| 43 | +```azurecli-interactive |
| 44 | +az backup vault create --resource-group SQLResourceGroup \ |
| 45 | + --name SQLVault \ |
| 46 | + --location westus2 |
| 47 | +``` |
| 48 | + |
| 49 | +By default, the Recovery Services vault is set for Geo-Redundant storage. Geo-Redundant storage ensures your backup data is replicated to a secondary Azure region even if that's hundreds of miles away from the primary region. If the storage redundancy setting needs to be modified, use the [az backup vault backup-properties set](/cli/azure/backup/vault/backup-properties#az-backup-vault-backup-properties-set) command. |
| 50 | + |
| 51 | +```azurecli |
| 52 | +az backup vault backup-properties set \ |
| 53 | + --name SQLVault \ |
| 54 | + --resource-group SQLResourceGroup \ |
| 55 | + --backup-storage-redundancy "LocallyRedundant/GeoRedundant" |
| 56 | +``` |
| 57 | + |
| 58 | +To verify if the vault is successfully created, use the [az backup vault list](/cli/azure/backup/vault#az-backup-vault-list) command. The response appears as: |
| 59 | + |
| 60 | +```output |
| 61 | +Location Name ResourceGroup |
| 62 | +--------- --------------- ------------- |
| 63 | +westus2 SQLVault SQLResourceGroup |
| 64 | +``` |
| 65 | + |
| 66 | +## Register and protect the SQL Server |
| 67 | + |
| 68 | +To register the SQL Server with the Recovery Services vault, use the [az backup container register](/cli/azure/backup/container#az-backup-container-register) command. *VMResourceId* is the resource ID of the VM that you created to install SQL. |
| 69 | + |
| 70 | +```azurecli-interactive |
| 71 | +az backup container register --resource-group SQLResourceGroup \ |
| 72 | + --vault-name SQLVault \ |
| 73 | + --workload-type SQLDataBase \ |
| 74 | + --backup-management-type AzureWorkload \ |
| 75 | + --resource-id VMResourceId |
| 76 | +``` |
| 77 | + |
| 78 | +>[!NOTE] |
| 79 | +>If the VM isn't present in the same resource group as the vault, *SQLResourceGroup* uses the resource group where the vault was created. |
| 80 | +
|
| 81 | +Registering the SQL server automatically discovers all its current databases. However, to discover any new databases that may be added in the future, see the [Discovering new databases added to the registered SQL server](backup-azure-sql-manage-cli.md#protect-the-new-databases-added-to-a-sql-instance) section. |
| 82 | + |
| 83 | +Use the [az backup container list](/cli/azure/backup/container#az-backup-container-list) command to verify if the SQL instance is successfully registered with your vault. The response appears as: |
| 84 | + |
| 85 | +```output |
| 86 | +Name Friendly Name Resource Group Type Registration Status |
| 87 | +------------------------------------------------------ -------------- -------------------- --------- ---------------------- |
| 88 | +VMAppContainer;Compute;SQLResourceGroup;testSQLVM testSQLVM SQLResourceGroup AzureWorkload Registered |
| 89 | +``` |
| 90 | + |
| 91 | +>[!NOTE] |
| 92 | +>The column *name* in the above output refers to the container name. This container name is used in the next sections to enable backups and trigger them. For example, *VMAppContainer;Compute;SQLResourceGroup;testSQLVM*. |
| 93 | +
|
| 94 | +## Enable backup on the SQL database |
| 95 | + |
| 96 | +The [az backup protectable-item list](/cli/azure/backup/protectable-item#az-backup-protectable-item-list) command lists all the databases discovered on the SQL instance that you registered in the previous step. |
| 97 | + |
| 98 | +```azurecli-interactive |
| 99 | +az backup protectable-item list --resource-group SQLResourceGroup \ |
| 100 | + --vault-name SQLVault \ |
| 101 | + --workload-type SQLDataBase \ |
| 102 | + --backup-management-type AzureWorkload \ |
| 103 | + --protectable-item-type SQLDataBase |
| 104 | + --output table |
| 105 | +``` |
| 106 | + |
| 107 | +You should find the database in this list that you want to back up, which appears as: |
| 108 | + |
| 109 | +```output |
| 110 | +Name Protectable Item Type ParentName ServerName IsProtected |
| 111 | +----------------------------- ---------------------- ------------ ----------- ------------ |
| 112 | +sqldatabase;mssqlserver;master SQLDataBase MSSQLServer testSQLVM NotProtected |
| 113 | +sqldatabase;mssqlserver;model SQLDataBase MSSQLServer testSQLVM NotProtected |
| 114 | +sqldatabase;mssqlserver;msdb SQLDataBase MSSQLServer testSQLVM NotProtected |
| 115 | +``` |
| 116 | + |
| 117 | +Now, configure backup for the *sqldatabase;mssqlserver;master* database. |
| 118 | + |
| 119 | +To configure and protect backups on a database, one at a time, use the [az backup protection enable-for-azurewl](/cli/azure/backup/protection#az-backup-protection-enable-for-azurewl) command. Provide the name of the policy that you want to use. To create a policy using CLI, use the [az backup policy create](/cli/azure/backup/policy#az-backup-policy-create) command. For this article, we've used the *testSQLPolicy* policy. |
| 120 | + |
| 121 | +```azurecli-interactive |
| 122 | +az backup protection enable-for-azurewl --resource-group SQLResourceGroup \ |
| 123 | + --vault-name SQLVault \ |
| 124 | + --policy-name SQLPolicy \ |
| 125 | + --protectable-item-name "sqldatabase;mssqlserver;master" \ |
| 126 | + --protectable-item-type SQLDataBase \ |
| 127 | + --server-name testSQLVM \ |
| 128 | + --workload-type SQLDataBase \ |
| 129 | + --output table |
| 130 | +``` |
| 131 | + |
| 132 | +You can use the same command, if you have an *SQL Always On Availability Group* and want to identify the protectable datasource within the availability group. Here, the protectable item type is *SQLAG*. |
| 133 | + |
| 134 | +To verify if the above backup configuration is complete, use the [az backup job list](/cli/azure/backup/job#az-backup-job-list) command. The output appears as: |
| 135 | + |
| 136 | +```output |
| 137 | +Name Operation Status Item Name Start Time UTC |
| 138 | +------------------------------------ --------------- --------- ---------- ------------------- |
| 139 | +e0f15dae-7cac-4475-a833-f52c50e5b6c3 ConfigureBackup Completed master 2019-12-03T03:09:210831+00:00 |
| 140 | +``` |
| 141 | + |
| 142 | +The [az backup job list](/cli/azure/backup/job#az-backup-job-list) command lists all backup jobs (scheduled or on-demand) that have run or are currently running on the protected database, in addition to other operations, such as register, configure backup, and delete backup data. |
| 143 | + |
| 144 | +>[!NOTE] |
| 145 | +>Azure Backup doesn't automatically adjust for daylight saving time changes when backing up an SQL database running in an Azure VM. |
| 146 | +> |
| 147 | +>Modify the policy manually as needed. |
| 148 | +
|
| 149 | +## Enable auto-protection |
| 150 | + |
| 151 | +For seamless backup configuration, all databases added in the future can be automatically protected with a certain policy. To enable auto-protection, use the [az backup protection auto-enable-for-azurewl](/cli/azure/backup/protection#az-backup-protection-auto-enable-for-azurewl) command. |
| 152 | + |
| 153 | +As the instruction is to back up all future databases, the operation is done at a *SQLInstance* level. |
| 154 | + |
| 155 | +```azurecli-interactive |
| 156 | +az backup protection auto-enable-for-azurewl --resource-group SQLResourceGroup \ |
| 157 | + --vault-name SQLVault \ |
| 158 | + --policy-name SQLPolicy \ |
| 159 | + --protectable-item-name "sqlinstance;mssqlserver;" \ |
| 160 | + --protectable-item-type SQLInstance \ |
| 161 | + --server-name testSQLVM \ |
| 162 | + --workload-type MSSQL\ |
| 163 | + --output table |
| 164 | +``` |
| 165 | + |
| 166 | +## Trigger an on-demand backup |
| 167 | + |
| 168 | +To trigger an on-demand backup, use the [az backup protection backup-now](/cli/azure/backup/protection#az-backup-protection-backup-now) command. |
| 169 | + |
| 170 | +>[!NOTE] |
| 171 | +>The retention policy of an on-demand backup is determined by the underlying retention policy for the database. |
| 172 | +
|
| 173 | +```azurecli-interactive |
| 174 | +az backup protection backup-now --resource-group SQLResourceGroup \ |
| 175 | + --item-name sqldatabase;mssqlserver;master \ |
| 176 | + --vault-name SQLVault \ |
| 177 | + --container-name VMAppContainer;Compute;SQLResourceGroup;testSQLVM \ |
| 178 | + --backup-type Full |
| 179 | + --retain-until 01-01-2040 |
| 180 | + --output table |
| 181 | +``` |
| 182 | + |
| 183 | +The output appears as: |
| 184 | + |
| 185 | +```output |
| 186 | +Name ResourceGroup |
| 187 | +------------------------------------ ------------- |
| 188 | +e0f15dae-7cac-4475-a833-f52c50e5b6c3 sqlResourceGroup |
| 189 | +``` |
| 190 | + |
| 191 | +The response provides you the job name. You can use this job name to track the job status using the [az backup job show](/cli/azure/backup/job#az-backup-job-show) command. |
| 192 | + |
| 193 | +## Next steps |
| 194 | + |
| 195 | +* Learn how to [restore an SQL database in Azure VM using CLI](backup-azure-sql-restore-cli.md). |
| 196 | +* Learn how to [back up an SQL database running in Azure VM using Azure portal](backup-sql-server-database-azure-vms.md). |
0 commit comments