Hi everybody,
Welcome to another blog post about Azure Virtual Desktop in combination with Terraform.
This blog post is written for the Azure Back to School community event. This is a annual community event during the month september. Each day community members share their knowlegde with blogposts, videos,…
You can check out all content here.
When you work with AVD you probably also work with FSLogix profile containers. Sometimes profiles can get corrupt and we need the ability to restore the vhdx file for the user.
In this blog post I’m showing how you can configure the backup of the FSLogix file share.
Before we can start configuring the backup we need the following items:
- storage account and file share
- Log Analytics workspace
I already wrote a blog about creating an Azure storage account for FSLogix. You can read it here.
My blog about creating a Log Analytics Workspace can be found here.
Before we can backup a file share we need to create the following resources:
- Recovery Services Vault
- Backup policy
Deploy Recovery services vault
resource "azurerm_recovery_services_vault" "rsv" {
provider = azurerm.prod
name = "rsv-prd-${var.prefix}-${var.solution}-01"
location = data.azurerm_resource_group.rsv.location
resource_group_name = data.azurerm_resource_group.rsv.name
sku = "Standard"
tags = {
"Costcenter" = "IT"
"Environment" = "avd"
"Critical" = "Yes"
"Solution" = "Backup"
}
soft_delete_enabled = true
depends_on = [
data.azurerm_resource_group.rsv
]
}
Since we want to get alerts in case there is a failed backup, we can configure the diagnostic settings.
resource "azurerm_monitor_diagnostic_setting" "rsv-prod-diag" {
provider = azurerm.prod
name = "diag-backup"
target_resource_id = azurerm_recovery_services_vault.rsv.id
log_analytics_workspace_id = data.azurerm_log_analytics_workspace.law.id
log {
category = "AzureBackupReport"
enabled = true
retention_policy {
enabled = true
}
}
log {
category = "CoreAzureBackup"
enabled = true
retention_policy {
enabled = true
}
}
log {
category = "AddonAzureBackupJobs"
enabled = true
retention_policy {
enabled = true
}
}
log {
category = "AddonAzureBackupAlerts"
enabled = true
retention_policy {
enabled = true
}
}
log {
category = "AddonAzureBackupPolicy"
enabled = true
retention_policy {
enabled = true
}
}
log {
category = "AddonAzureBackupStorage"
enabled = true
retention_policy {
enabled = true
}
}
log {
category = "AddonAzureBackupProtectedInstance"
enabled = true
retention_policy {
enabled = true
}
}
metric {
category = "AllMetrics"
retention_policy {
enabled = true
}
}
}Since I’m not using the vault for ASR, I’m only selecting the backup settings
Now we need to link the storage account to the recovery services vault.
resource "azurerm_backup_container_storage_account" "storage-fslogix" {
resource_group_name = data.azurerm_resource_group.rsv.name
recovery_vault_name = azurerm_recovery_services_vault.rsv.name
storage_account_id = data.azurerm_storage_account.fslogix.id
}The only thing left do to is to create the backup policy. In this example the backup time is 23pm and the retention is 27 days. This will be different according to the customer needs.
resource "azurerm_backup_policy_file_share" "bp-prd-fslogix" {
provider = azurerm.hub
name = "policy-fslogix-prd-d-23-pm-r-27"
resource_group_name = azurerm_recovery_services_vault.rsv.resource_group_name
recovery_vault_name = azurerm_recovery_services_vault.rsv.name
timezone = "UTC"
backup {
frequency = "Daily"
time = "23:00"
}
retention_daily {
count = 27
}
}The only thing that we still need to do is protect the file share. We can do this we the following piece of code.
resource "azurerm_backup_protected_file_share" "share1" {
resource_group_name = azurerm_recovery_services_vault.rsv.resource_group_name
recovery_vault_name = azurerm_recovery_services_vault.rsv.name
source_storage_account_id = azurerm_backup_container_storage_account.storage-fslogix.storage_account_id
source_file_share_name = data.azurerm_storage_share.profiles.name
backup_policy_id = azurerm_backup_policy_file_share.bp-prd-fslogix.id
}When we look in the Azure portal to the storage account > file share > backup we can see the policy that is active and the initial backup is pending.
There you go, we have a backup configured for our FSLogix profiles. I hope this post was helpfull and enjoy the rest of the Azure Back To School event.