Azure Back To School 2023: Configure the backup of FSLogix profiles with Terraform

JohanAutomation / AVD / Azure / Backup / FSLogix / StorageLeave a comment
Tweet
Share
Share
Pin
0 Shares

Hi everybody,

Welcome to another blog post about Azure Virtual Desktop in combination with Terraform.

This blog post is written for the Azure Back to School community event. This is a annual community event during the month september. Each day community members share their knowlegde with blogposts, videos,…

You can check out all content here.

When you work with AVD you probably also work with FSLogix profile containers. Sometimes profiles can get corrupt and we need the ability to restore the vhdx file for the user.

In this blog post I’m showing how you can configure the backup of the FSLogix file share.

Before we can start configuring the backup we need the following items:

  • storage account and file share
  • Log Analytics workspace

I already wrote a blog about creating an Azure storage account for FSLogix. You can read it here.

My blog about creating a Log Analytics Workspace can be found here.

Before we can backup a file share we need to create the following resources:

  • Recovery Services Vault
  • Backup policy

Deploy Recovery services vault

resource "azurerm_recovery_services_vault" "rsv" {
  provider = azurerm.prod
  name                = "rsv-prd-${var.prefix}-${var.solution}-01"
  location            = data.azurerm_resource_group.rsv.location
  resource_group_name = data.azurerm_resource_group.rsv.name
  sku                 = "Standard"
  tags = {
    "Costcenter"  = "IT"
    "Environment" = "avd"
    "Critical"    = "Yes"
    "Solution"    = "Backup"
  }

  soft_delete_enabled = true
  depends_on = [
    data.azurerm_resource_group.rsv
  ]
}

Since we want to get alerts in case there is a failed backup, we can configure the diagnostic settings.

resource "azurerm_monitor_diagnostic_setting" "rsv-prod-diag" {
  provider = azurerm.prod
  name               = "diag-backup"
  target_resource_id = azurerm_recovery_services_vault.rsv.id
  log_analytics_workspace_id = data.azurerm_log_analytics_workspace.law.id
  
  log {
    category = "AzureBackupReport"
    enabled  = true

    retention_policy {
      enabled = true
    }
  }
  log {
    category = "CoreAzureBackup"
    enabled  = true

    retention_policy {
      enabled = true
    }
  }
  log {
    category = "AddonAzureBackupJobs"
    enabled  = true

    retention_policy {
      enabled = true
    }
  }
  log {
    category = "AddonAzureBackupAlerts"
    enabled  = true

    retention_policy {
      enabled = true
    }
  }
  log {
    category = "AddonAzureBackupPolicy"
    enabled  = true

    retention_policy {
      enabled = true
    }
  }
  log {
    category = "AddonAzureBackupStorage"
    enabled  = true

    retention_policy {
      enabled = true
    }
  }
  log {
    category = "AddonAzureBackupProtectedInstance"
    enabled  = true

    retention_policy {
      enabled = true
    }
  }

  metric {
    category = "AllMetrics"

    retention_policy {
      enabled = true
    }
  }
}

Since I’m not using the vault for ASR, I’m only selecting the backup settings

Now we need to link the storage account to the recovery services vault.

resource "azurerm_backup_container_storage_account" "storage-fslogix" {
  resource_group_name = data.azurerm_resource_group.rsv.name
  recovery_vault_name = azurerm_recovery_services_vault.rsv.name
  storage_account_id  = data.azurerm_storage_account.fslogix.id
}

The only thing left do to is to create the backup policy. In this example the backup time is 23pm and the retention is 27 days. This will be different according to the customer needs.

resource "azurerm_backup_policy_file_share" "bp-prd-fslogix" {
    provider = azurerm.hub
  name                = "policy-fslogix-prd-d-23-pm-r-27"
  resource_group_name = azurerm_recovery_services_vault.rsv.resource_group_name
  recovery_vault_name = azurerm_recovery_services_vault.rsv.name

  timezone = "UTC"

  backup {
    frequency = "Daily"
    time      = "23:00"
  }

  retention_daily {
    count = 27
  }
}

The only thing that we still need to do is protect the file share. We can do this we the following piece of code.

resource "azurerm_backup_protected_file_share" "share1" {
  resource_group_name       = azurerm_recovery_services_vault.rsv.resource_group_name
  recovery_vault_name       = azurerm_recovery_services_vault.rsv.name
  source_storage_account_id = azurerm_backup_container_storage_account.storage-fslogix.storage_account_id
  source_file_share_name    = data.azurerm_storage_share.profiles.name
  backup_policy_id          = azurerm_backup_policy_file_share.bp-prd-fslogix.id
}

When we look in the Azure portal to the storage account > file share > backup we can see the policy that is active and the initial backup is pending.

There you go, we have a backup configured for our FSLogix profiles. I hope this post was helpfull and enjoy the rest of the Azure Back To School event.

Post Views: 212
Tweet
Share
Share
Pin
0 Shares

Leave a Reply

Your email address will not be published. Required fields are marked *