Preparing Azure Environment for Virtual Machine Restore

Managed Backup offers restore features for image-based and virtual machine backups to Microsoft Azure virtual environment.

To do that, your Azure environment must be configured properly. If you do not have configured Resource Group, a Storage account, an Azure Virtual Network, a Storage Container, and a Network Security Group, follow the steps below before making restore jobs to Microsoft Azure VM.

Create a Resource Group

Resource groups enable you to manage all your resources in an application together.

  1. Open the Azure Portal. Click Create a resource".

  1. Find the required Resource Group and select it in the results.
  2. Click Create.
  3. Specify the Resource group name. Select subscription and Resource group location.

For faster upload and download connection, you should select the closest location. You can check the latency location on

Create a Storage Account and Container to Store Restored VM Disks

Azure Storage is a service that you can use to store unstructured and partially structured data. IT professionals who deploy Azure virtual machines rely on Azure Storage for storing virtual machine operating system and data disks.

Blobs typically represent unstructured files such as media content, virtual machine disks, backups, or logs. There are three types of blobs.

  • block blob is optimized for sequential access, which is ideal for media content
  • page blob offers superior random access capabilities, which is only suited for virtual machine disks
  • append blob applies to data append operations, without the need to modify existing content. This works best with logging and auditing activities.

Recommended storage configuration:

VM HDD container:

  • Deployment model: Resource manager or Classic
  • Account Kind: StorageV1 or StorageV2
  • Replication: LRS, GRS, RA-GRS
  • Performance: Standard or Premium
  • Access tear: Hot

Boot diagnostic storage (if required):

  • Deployment model: Resource manager or Classic
  • Account Kind: StorageV1 or StorageV2
  • Replication: LRS, GRS, ZRS, RA-GRS
  • Performance: Standard
  • Access tear: Hot

Create New Storage Account

To create a new Storage Account, proceed as follows:

  1. Open your Resource Group.

  1. Click +Add.
  2. Find Storage Account, then click Create button.
  3. Specify options according to your requirements and recommended storage configuration. Click Create.

  1. Next, you need to create a container to store your VM in blobs. A container organizes a set of blobs, similar to a folder in a file system. All blobs reside within this container. A storage account can contain an unlimited number of containers, and a container can store an unlimited number of blobs.

Note that the name of the container must be in lowercase

  1. Open your Resource GroupYour Storage accountBlob Service.
  2. To add a new container, click +Container .
  3. Specify the container name and click OK.

Create Virtual Network with Correct Subnet

If you use Static IP addresses in your backed-up Virtual Machine, you should use similar or the same subnet in the Azure Virtual Network. In this case, you will able to connect to your restored VM through the Internet.

Please note that Azure reserves the first three IP addresses in a subnet for internal usage.

  1. Open the required Resource Group.
  2. Click +Add button.
  3. Find Virtual Network, then click Create.

  1. Specify the virtual network name, select region, then click Next: IP addresses.
  2. Specify IP addresses for the new virtual network. Add subnet if needed.
  3. Once you are done with ID address and subnet settings, click Next: Security.
  4. Specify security options. To learn about security settings, use the tooltips in beside the settings.

  1. Once you are done, click Review&Create.

Create a Network Security Group

For security reasons, it is strongly recommended to create a Network Security Group and associate it with a Subnet. You can allow incoming connections for TCP ports like 22 or 3389 in the Inbound security rules tab

  1. Open the required Resource Group.
  2. Click +Add.
  3. Find Network Security Group, select it then Create.

  1. Specify the required Network Security Group settings, then click Create.
  2. Open the created Network Security Group, then navigate to Inbound Security Rules which is part of the Settings group.
  3. To add a new security rule, click +Add.
  4. Click Basic.
  5. In the Port ranges, specify 443 and name, for example as https.
  6. Click Add to add a new security rule.

Add as many inbound security rules as you need to allow access to services hosted on the VM.

Note that the following outgoing connections (IP addresses and ports) associated with the portal must be allowed:

Make sure you allow access to all required ports

Associate Network Security Group With a Subnet

Once all required rules are added, associate the Network Security Group with the previously created subnet.

  1. Click Subnets in the Settings group.
  2. Click Associate. Select the required virtual network and the required subnet, then click OK.

Enable Serial Console

For testing or troubleshooting purposes, it is recommended to enable Serial Console in your Linux or Windows Machine. Then you will be able to configure and troubleshoot your Azure VM in the Azure Portal command line.

To learn more, follow the links below:

Contact Us

Tech questions:

Sales questions: