How do I clone an Azure Managed Disk into a different subscription?

Question

Using Azure VMs and managed disks (using the ARM deployment model), I have recently run into the following problem I would like to solve: In order to get production data out from a managed disk for testing purposes, I would like to clone a production data disk from the "Production Subscription" into a managed disk in the "Development Subscription", where I can play around with the data in a safe way.

We are talking quite a lot of data (200 GB+), so that an actual "copying" process would take far too much time. I want to be able to automate things and provision new environments in - let's say, under half an hour.

Cloning a managed disk within a subscription (given it's in the same region) is very simple and fast, I just have to specify a --source to the az disk create command. This does not work across subscriptions obviously, at least because the logged in user/service principal for the development subscription does not have access to the production subscription resources.

What I have tried so far:

• Using az disk grant-access to retrieve an SAS URI for the managed disk; this thing is not accepted as a --source for az disk create though (it says VHD SAS links would work though...)

Any ideas?

Answer 1

You can use the following commands in Azure CLI -

# Source storage account name
STORAGE1=sourcestorage

#Security key of the source storage account
STORAGEKEY1= SampleKey0qNzttE/EX3hHfcFIzkQQmqXklRU2Z2uANICw==

#Container containing the source VHD
CONTAINER1=sourcevhds

# Name of VHD to be copied (name only, not full url)
DISK=DiskToBeCopied.vhd

#Specify the above properties for target
STORAGE2=targetstorage
STORAGEKEY2= SampleKeyAb6FYP3EqFVEcN2cc5wO QHzXvdc7Gzh1qRt0FXKq6w==
CONTAINER2= targetvhds

After setting the above parameters, execute the following command in Azure CLI -

azure storage blob copy start --account-name $STORAGE1 --account-key $STORAGEKEY1 --source-container $CONTAINER1 --source-blob $Disk --dest-account-name $STORAGE2 --dest-account-key $STORAGEKEY2 --dest-container $CONTAINER2

Answer 2

Here's the script I wrote to migrate all managed disks for each VM from one subscription to another. I hope this helps you.

# This script will get ALL VMs in a subscription and then migrate the disks 
if the VM has managed disks
# Created by Joey Brakefield -- @kfprugger & https://www.linkedin.com/in/joeybrakefield/

#set global variables
$sourceSubscriptionId='6a1b5e5e-df06-4608-a7a2-6984f7abacd8'
select-azurermsubscription -subscriptionid $sourceSubscriptionId
$vms = get-azurermvm
$targetSubscriptionId='929e0340-bf36-45a2-8347-47f86b4715de'


#looping logic for each of the VMs that have managed disks
foreach ($vm in $vms) {
select-azurermsubscription -subscriptionid $sourceSubscriptionId

$vmrg = get-azurermresourcegroup -name $vm.ResourceGroupName
$vmname = $vm.name

Write-Host = "Working with: " $vmname " in " $vmrg -foregroundcolor Green 
Write-Host ""

#This command will only target managed disks because unmanaged use the storage account locations rather than the /disks provider URIs

if (Get-AzureRmDisk | ? {$_.OwnerId -like "/subscriptions/"+$sourceSubscriptionId +"/resourceGroups/"+$vmrg.resourcegroupname+"/providers/Microsoft.Compute/virtualMachines/"+$vm.name})
{
#Sanity Check
#Read-host "Look correct? If not, CTRL-C to Break"
$manageddisk =  Get-AzureRmDisk | ? {$_.OwnerId -like "/subscriptions/"+$sourceSubscriptionId +"/resourceGroups/"+$vmrg.resourcegroupname+"/providers/Microsoft.Compute/virtualMachines/"+$vm.name}
Select-AzureRmSubscription -SubscriptionId $targetSubscriptionId
#check to see if RG exists in the new CSP/Subscription 

Get-AzureRmResourceGroup -Name $vmrg.resourcegroupname -ev notPresent -ea 0
write-host "Checking to see if"$vmrg.resourcegroupname"exists in subscriptionid"$targetSubscriptionId -foregroundcolor Cyan
Write-Host ""
if ($notPresent)
{
    new-azurermresourcegroup -name $vmrg.resourcegroupname -location $vmrg.location
    "Resource Group " + $vmrg.resourcegroupname + " has been created"
    } else {"Resource Group " + $vmrg.resourcegroupname +  " already exists"}
    # Move the disks after all checks are done
    foreach ($disk in $managedDisk){
        $managedDiskName = $disk.Name
        $targetResourceGroupName = $vmrg.resourcegroupname

        $diskConfig = New-AzureRmDiskConfig -SourceResourceId $disk.Id -Location $disk.Location -CreateOption Copy 

        New-AzureRmDisk -Disk $diskConfig -DiskName $Disk.Name -ResourceGroupName $targetResourceGroupName}
}
}

Answer 3

I did this:

$RG = "youresourcegroup"
$Location = "West US 2"
$StorageAccName = "yourstorage"
$SkuName = "Standard_LRS"
$Containername = "images"
$Destdiskname = “yorblob.vhd”
$SourceSASurl = "https://yoursaasurl"

Login-AzureRmAccount

New-AzureRmResourceGroup -Name $RG -Location $Location
New-AzureRmStorageAccount -ResourceGroupName $RG -Name $StorageAccName -SkuName $SkuName -kind Storage -Location $Location 

$Storageacccountkey = Get-AzureRmStorageAccountKey -ResourceGroupName $RG -Name $StorageAccName
$Storagectx = New-AzureStorageContext -StorageAccountName $StorageAccName -StorageAccountKey $Storageacccountkey[0].Value

$Targetcontainer = New-AzureStorageContainer -Name $Containername -Context $storagectx -Permission Blob


$sourceSASurl = $mdiskURL.AccessSAS
$ops = Start-AzureStorageBlobCopy -AbsoluteUri $SourceSASurl -DestBlob $Destdiskname -DestContainer $Containername -DestContext $Storagectx
Get-AzureStorageBlobCopyState -Container $Containername -Blob $Destdiskname -Context $Storagectx -WaitForComplete

After this you will have a copy of managed disk in your subscription stored as a regular blob.

Be careful, you should obtain SAS URL from Production subscription, but in the script you should login to a Development subscription.

Next you can go to the Azure Portal and convert the blob to managed disk.

1. Go to Azure portal --> More Services --> Disks or directly browse this URL https://portal.azure.com/#create/Microsoft.ManagedDisk-ARM

2. Click +Add

3. Select source as storage blob

4. Select your vhd using source blob field.