[AVM Question/Feedback]: Recovery Services Vault

[vivsri]

Check for previous/existing GitHub issues

• I have checked for previous/existing GitHub issues

Description

Hi,
Thanks for the RSV module. I just wanted to highlight that we are missing the enhanced policy for backups, which is a requirement for TPM & Secure Boot Enabled VMs.
I got it work so wanted to share the param file with the updated settings for that policy, pls feel free to update your module.
It took me some time to make it work, so worth sharing :)

param parBackUpPolicy = [
  {
    name: 'EnhancedVMpolicy'
    properties: {
      policyType: 'V2'
      backupManagementType: 'AzureIaasVM'
      instantRpRetentionRangeInDays: 2
      protectedItemsCount:0
      timeZone: 'UTC'
      retentionPolicy:{
        retentionPolicyType:'LongTermRetentionPolicy'
        dailySchedule:{
          retentionDuration:{
            count: 180
            durationType: 'Days'
          }
          retentionTimes:[
            '2024-12-04T08:00:00Z'
          ]
        }
        weeklySchedule:{
          daysOfTheWeek:[
            'Sunday'
          ]
          retentionDuration:{
            count: 12
            durationType: 'Weeks'
          }
          retentionTimes: [
            '2024-12-04T08:00:00Z'
          ]
        }
        monthlySchedule:{
          retentionScheduleFormatType: 'Weekly'
          retentionScheduleWeekly:{
            daysOfTheWeek: [
              'Sunday'
            ]
            weeksOfTheMonth:[
              'First'
            ]
          }
          retentionTimes: [
            '2024-12-04T08:00:00Z'
          ]
          retentionDuration:{
            count: 60
            durationType: 'Months'
          }
        }
        yearlySchedule:{
          retentionScheduleFormatType: 'Weekly'
          retentionScheduleWeekly: {
            daysOfTheWeek: [
              'Sunday'
            ]
            weeksOfTheMonth:[
              'First'
            ]
          }
          monthsOfYear: [
            'January'
          ]
          retentionDuration:{
            count: 10
            durationType: 'Years'
          }
          retentionTimes:[
            '2024-12-04T08:00:00Z'
          ]
        }
      }
      schedulePolicy:{
        schedulePolicyType: 'SimpleSchedulePolicyV2'
        hourlySchedule: {
          interval: 4
          scheduleWindowDuration: 12
          scheduleWindowStartTime: '2024-12-04T08:00:00Z' 
          }
        scheduleRunFrequency:'Hourly'
      }
    }
  }
]

[microsoft-github-policy-service]

Important

The "Needs: Triage 🔍" label must be removed once the triage process is complete!

Tip

For additional guidance on how to triage this issue/PR, see the BRM Issue Triage documentation.

[microsoft-github-policy-service]

Warning

Tagging the AVM Core Team (@Azure/avm-core-team-technical-bicep) due to a module owner or contributor having not responded to this issue within 3 business days. The AVM Core Team will attempt to contact the module owners/contributors directly.

Tip

• To prevent further actions to take effect, the "Status: Response Overdue 🚩" label must be removed, once this issue has been responded to.
• To avoid this rule being (re)triggered, the ""Needs: Triage 🔍" label must be removed as part of the triage process (when the issue is first responded to)!

[AlexanderSehr]

Hey @vivsri,
Please excuse the late reply, but as the issue was not created as a module issue the automatic owner assignment did not kick in. Highly recommend for next time 😉

@alexanderojala, please triage the issue when you get the chance 🙂💪

[alexanderojala]

The module deploys default backup policies and also it includes a enhanced policy for Azure VMs. I dont think that the module should contain any custom/additional policies. Due to not everyone using the module, having the need for additional custom policies.

@AlexanderSehr Any inputs from your end?

[AlexanderSehr]

Now I am a bit confused 😄

If I can see it correctly, only the max test deploys a number of backupPolicies:

• VMpolicy
• sqlpolicy
• filesharepolicy

And the EnhancedVMpolicy would 'just' be another policy that could be added to that list. Maybe I'm overlooking it, but I don't see where it is currently implemented. If that's the case and it is somewhat hard to figure out as @vivsri pointed out, then I guess the only ask here is

• Should we also add it to the max test so that others can use it as a reference
• Not add it

If I'm not mistaken and it's just a reference for a somewhat tricky policy, then I'd lean towards the former. An easy addition. Thoughts @alexanderojala? Your screenshot tells me the policy is already deployed but I just can't see where 😄

[alexanderojala]

The module itself does not deploy any custom policies, just the build-in once's (as expected) , HourlyLogBackup(sqlpolicy), DefaultPolicy and EnhancedPolicy for AzureVMs.

My opinion is that we should not add any custom policies to be created when using the module, because the use case for the policy would not apply to every user.

We could argue for it to be added to the max testing, but again there is a built-in EnhancedPolicy deployed so i dont really see the need to test it with a custom policy.

@AlexanderSehr

[AlexanderSehr]

Fair point, thanks @alexanderojala. I agree that it should not be part of the module, but at most the test.

@vivsri I'm currently working on an update that will add UDTs for the backup policies (next to other things). Would that have helped to create the custom policy you listed above? Or would you argue that we should add the example you posted above regardless? As @alexanderojala mentioned, there is a default EnhancedPolicy afterall.

Just want to make sure we get to the best outcome :)

[vivsri]

Thank you Alex & Alex. I was just trying to say that as we have a sample policy for " SimpleSchedulePolicy" which is a custom one, we can put a similar example for an Enhanced one, the same way & call it *Enhanced VM policy*, so that other people are saved the hassle of the syntax, I had to go through. Rest I'm happy whatever decision you guys make :) [image: image.png] Here's the sample custom policy - https://github.com/Azure/bicep-registry-modules/tree/main/avm/res/recovery-services/vault When we can have one for simple schedule we can have one for Enhanced too as it is very much in use for TPM & secure boot VMs, for people who need a custom policy & do not wish to use the default Enhanced policy that comes with the RSV deployment. [image: image.png]

…

On Fri, Dec 20, 2024 at 11:27 AM Alexander Sehr ***@***.***> wrote: Fair point, thanks @alexanderojala <https://github.com/alexanderojala>. I agree that it should not be part of the module, but at most the test. @vivsri <https://github.com/vivsri> I'm currently working on an update that will add UDTs for the backup policies (next to other things). Would that have helped to create the custom policy you listed above? Or would you argue that we should add the example you posted above regardless? As @alexanderojala <https://github.com/alexanderojala> mentioned, there is a default EnhancedPolicy afterall. Just want to make sure we get to the best outcome :) — Reply to this email directly, view it on GitHub <#3889 (comment)>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/AM4PAYGI6Y2ZMUXGNYAGUCT2GPWHPAVCNFSM6AAAAABTCUCJPOVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDKNJWG4YTEMRYHA> . You are receiving this because you were mentioned.Message ID: ***@***.***>

-- Regards, Srivastava Vivert