Create a backup policy

This topic describes how to manage backup policies in the Cloud Backup console.

Background information

Cloud Backup automatically backs up data sources based on the backup policy that you configure. Backup policies help you flexibly manage data sources. A backup policy includes the following settings: the backup cycle, retention period, cross-region replication policy, and automatic archiving of backups.

You can configure backup policies for various data sources in different scenarios. This allows you to manage backup policies in a unified manner and flexibly perform backup operations.

Limits

Important

Before you create backup policies, take note of the following limits:

You can create backup policies only in some regions. To view the regions that support backup policies, click Policy Center in the left-side navigation pane of the Cloud Backup console.
Only Elastic Compute Service (ECS) instance backup, Object Storage Service (OSS) backup, Apsara File Storage NAS (NAS) backup, on-premises file backup, ECS file backup, and on-premises NAS backup support backup policies.
Only OSS backup, NAS backup, on-premises file backup, ECS file backup, and on-premises NAS backup support backup vault configurations and the automatic archiving feature.
Only ECS instance backup supports the cross-region replication feature.

Before you back up a data source, you must create a backup policy.

Log on to the Cloud Backup console.
In the left-side navigation pane, click Policy Center.
In the top navigation bar, select a region.
On the Policy Center page, click Create Backup Policy.

In the Create Policy panel, configure parameters such as Policy Name, Schedule, Lifecycle, and Replication Policy, and then click OK.

Parameter	Description
Policy Name	The name of the custom policy. The name must be 2 to 128 characters in length, and can contain only the following special characters: periods (.), underscores (_), hyphens (-), and colons (:). The name cannot start with auto, a special character, or a digit.
Backup Vault	The backup vault to which you want to store the backup data. If you do not need to configure a backup vault, select No. No: No backup vault is created. Create Vault: If you select this option, specify a name for the backup vault in the Vault Name field. By default, the vault name is assigned based on the date and time. Select Vault: If you select this option, select a backup vault from the Vault Name drop-down list. Important For ECS instance backup, the snapshot capacity is used. You do not need to configure a backup vault. To maximize the redundancy of your backup data, Cloud Backup uses ZRS-enabled backup vaults by default in regions that support ZRS-enabled backup vaults. If only LRS-enabled backup vaults are available in the region where the backup vaults are located, Cloud Backup uses LRS-enabled backup vaults. You do not need to manually select a backup vault type.
Vault Name	This parameter is required only if the Backup Vault parameter is set to Create Vault or Select Vault. Enter or select the name of a backup vault.
Vault Resource Group	This parameter is required only if the Backup Vault parameter is set to Create Vault. This parameter specifies the resource group to which the backup vault belongs. You can use resource groups to manage resources owned by your Alibaba Cloud account. Resource groups help you simplify the resource and permission management of your Alibaba Cloud account. For more information, see Create a resource group.
Backup Vault Encryption Method	This parameter is required only if the Backup Vault parameter is set to Create Vault. This parameter specifies the method that is used to encrypt the data in the backup vault. Cloud Backup-managed (default): You can use the default encryption method of Cloud Backup. KMS: You can use Key Management Service (KMS) to encrypt the data that is stored in the backup vault. If you select this option, configure the KMS KeyId parameter. Important If you enable KMS-based encryption, you cannot modify a KMS key. Before you can use the KMS key to encrypt the data in the backup vault, you must create a key ID in the KMS console. For more information, see Create a CMK.
Schedule
Backup Frequency	The data backup cycle. You must specify parameters such as First Execution Time and Time Interval. Hourly: Data is backed up at an interval of the specified hours. Daily: Data is backed up at an interval of the specified days. Weekly: Data is backed up on the specified days of the week. Monthly: Data is backed up on the specified days of the specified months.
Lifecycle
Retention Period	The retention period of the backup data. Important You cannot permanently store the backup data of ECS instances. Permanent: The backup data is permanently stored. Specify Time: You can specify a retention period. Valid values: 1 to 999. Unit: days. The default retention period is 7 days.
Special Retention Period	To meet data security requirements, Cloud Backup allows you to specify a retention period for general backups and specify longer retention periods for the first backups that are generated every week, every month, and every year. A special retention policy includes the settings of retention periods for the first backups that are generated every week, every month, and every year. For more information, see Special retention periods.
Keep At Least One Backup Version	We recommend that you turn on the switch. If you turn on the switch, the latest backup version generated by the backup plan is not deleted due to the expiration of the retention period or accidental operations. This prevents the risk that no backup version is available for restoration due to reasons such as improper backup plan settings. For more information, see Keep at least one backup version.
Automatic Archiving	You can enable the automatic archiving feature to automatically transfer backup data to the Archive tier. The feature is suitable for long-term and cost-efficient retention of backup data, such as in compliance scenarios. No (default): Backup data is stored at the Standard tier and not transferred to the Archive tier. Specify Time: Backup data is automatically transferred to the Archive tier after the specified retention period expires. You can configure this option only if you create a backup vault or select an existing backup vault. Data at the Archive tier is calculated based on the size of the raw data that is transferred from the Standard tier to the Archive tier. An object or file whose size is less than 1 MB is calculated as 1 MB. We recommend that you do not transfer data to the Archive tier if the proportion of small files is high. For more information, see Automatic archiving.
Replication Policy
Replication to Other Region	This parameter is required only if the Backup Vault parameter is set to No. If you turn on Replication to Other Region, the backups that are created by using the backup policy are automatically replicated to the specified destination region, implementing cross-region data protection. The replication policy is not supported when you use a backup vault. In this case, you can use the cross-region backup feature to implement cross-region replication. For more information, see Back up data across regions.
Destination Region	This parameter is required only if you turn on Replication to Other Region. This parameter specifies the destination region to which you want to replicate the backup data.
Retention Period	This parameter is required only if you turn on Replication to Other Region. This parameter specifies the period of time for which you want to retain the backup data that is replicated to the destination region. Permanent: The backup data is permanently stored. Specify Time: You can specify a retention period. Valid values: 1 to 999. Unit: days. The default retention period is 7 days.

After the backup policy is created, you can view the backup policy on the Policy Center page. 备份策略

What to do next

After a backup policy is created, you can perform the following operations in the Actions column.

Note

When you create a backup plan for a specific data source, you can associate the backup plan with a backup policy.

Operation	Description
Run Now	You can immediately execute a backup job on all associated data sources.
Edit	You can modify the settings of the backup policy. After the backup policy is modified, the modification takes effect in the next backup job. For example, if the backup policy that you created does not meet your business requirements, you can perform this operation to modify the backup policy.
More > Disassociate	You can disassociate the backup policy from the data sources. After the backup policy is disassociated from the data sources, Cloud Backup no longer performs the backup plan for the data sources. Warning After a backup policy is disassociated from a data source, Cloud Backup no longer runs the backup policy for the data source. The data source is no longer protected, and the backups that have been generated are not affected. Proceed with caution.
More > Delete	You can delete the backup policy. After you delete the backup policy, Cloud Backup no longer runs backup jobs for the associated data sources but the backup data is retained. Warning After a backup policy is deleted, Cloud Backup no longer runs backup jobs for the associated data sources. The data sources are no longer protected. Proceed with caution.