1 00:00:01,140 --> 00:00:04,140 Azure Recovery Services Vault. 2 00:00:04,140 --> 00:00:08,120 Well, of course, question number one is, what is the Recovery Services vault? 3 00:00:08,120 --> 00:00:09,500 Well, it's a cloud‑hosted, 4 00:00:09,500 --> 00:00:13,590 hybrid and multi‑cloud‑aware backup and replication solution. 5 00:00:13,590 --> 00:00:17,200 There is a lot going on with the Recovery Services vault. 6 00:00:17,200 --> 00:00:20,740 It's a really big product. It does a lot of heavy lifting. 7 00:00:20,740 --> 00:00:24,000 One thing I like about it is that all the storage is managed for us, 8 00:00:24,000 --> 00:00:26,430 so we could look at Recovery Services vault as a 9 00:00:26,430 --> 00:00:29,690 Platform as a Service, PaaS, offering. 10 00:00:29,690 --> 00:00:32,960 In other words, we don't have to worry about individual storage accounts. 11 00:00:32,960 --> 00:00:36,340 All of that back‑end storage is abstracted away from us. 12 00:00:36,340 --> 00:00:40,020 We have soft delete capability with a 14‑day retention. 13 00:00:40,020 --> 00:00:42,950 So this means if one of your colleagues accidentally deletes 14 00:00:42,950 --> 00:00:46,340 a VM backup, as long as you can get to restoring it within 15 00:00:46,340 --> 00:00:49,540 that 14‑day retention window, you're good to go. 16 00:00:49,540 --> 00:00:51,800 We also have Cross Region Restore. 17 00:00:51,800 --> 00:00:55,860 The reason why this is important is if Microsoft were to have a failure in 18 00:00:55,860 --> 00:00:59,010 your primary region where your Recovery Services vault lives, 19 00:00:59,010 --> 00:01:03,290 you may have to do a restore to another region that is online. 20 00:01:03,290 --> 00:01:07,150 It's nice that we've got that ability built into Recovery 21 00:01:07,150 --> 00:01:11,340 Services vault, that is, zonal and regional backups. 22 00:01:11,340 --> 00:01:13,410 Lastly, for compliance reasons, 23 00:01:13,410 --> 00:01:17,710 you may need to demonstrate how your backup data in Azure is managed 24 00:01:17,710 --> 00:01:22,490 encryption‑wise. The backup data is protected either by platform‑managed 25 00:01:22,490 --> 00:01:24,760 keys, this is where Microsoft manages them, 26 00:01:24,760 --> 00:01:29,770 but you can always take over that duty from Microsoft and encrypt 27 00:01:29,770 --> 00:01:34,000 your data at rest in the Recovery Services vault in the Microsoft 28 00:01:34,000 --> 00:01:37,990 data centers using your own customer‑managed keys that you would 29 00:01:37,990 --> 00:01:42,240 store in, as I think you know, Azure Key Vault. 30 00:01:42,240 --> 00:01:49,080 Now some requirements/things to think about/exam alerts with the Recovery 31 00:01:49,080 --> 00:01:53,530 Services vault, chief among these tips is that your Recovery Services vault 32 00:01:53,530 --> 00:01:57,930 has to be in the same region as the Azure VMs you want to back up. You 33 00:01:57,930 --> 00:02:02,470 might think hold on a second. Tim. I thought that RS vaults were hybrid 34 00:02:02,470 --> 00:02:04,030 cloud and multi‑cloud aware. 35 00:02:04,030 --> 00:02:06,840 I thought you could do Cross Region Restore. 36 00:02:06,840 --> 00:02:07,060 Well, 37 00:02:07,060 --> 00:02:11,760 all of that is absolutely true, but what I'm saying is only when you're 38 00:02:11,760 --> 00:02:16,880 backing up and protecting Azure VMs using the Azure Backup capability, 39 00:02:16,880 --> 00:02:21,070 only in that case, to minimize latency, I think, that's why Microsoft 40 00:02:21,070 --> 00:02:25,410 has this limitation, that your VMs and the Recovery Services vault have 41 00:02:25,410 --> 00:02:26,760 to be in the same region. 42 00:02:26,760 --> 00:02:29,040 Please remember that for your exam. 43 00:02:29,040 --> 00:02:31,340 There's no problem if your Azure VMs, 44 00:02:31,340 --> 00:02:36,210 the disks, are encrypted with Azure Disk Encryption, or ADE. 45 00:02:36,210 --> 00:02:41,220 That's fine if you're using ADE for Windows, as well as Linux virtual machines 46 00:02:41,220 --> 00:02:44,940 in Azure, native integration with Recovery Services vault. 47 00:02:44,940 --> 00:02:48,770 And we also have native integration across all of Azure Resource Manager. 48 00:02:48,770 --> 00:02:52,960 We can set role‑based access control, or RBAC, assignments to control 49 00:02:52,960 --> 00:02:56,480 who can use the Recovery Services vault, and we can monitor our usage. 50 00:02:56,480 --> 00:03:06,000 We can create alerts using the traditional ARM monitoring tools like Azure Monitor and Azure Log Analytics.