Friday, June 17, 2016

The cloud has got your back(up): A primer on Azure Backup

 Azure backup offers a comprehensive cloud based  hybrid backup solution that enables backup of not only your Azure VMs, but your files, folders, applications etc both on prem and in Azure. This solution can be used to replace your chunky on-prem backup solutions,  tape drives , backup tapes and the likes. In this blog, I will give a brief overview of the Azure backup service, its advantages and scenarios that it can cater to currently

Service highlights:

Azure backup is offered as a complete backup as a service offering. Lets take a look at few highlights of the service

Cost effective

You need not own any backup infrastructure, say services , tools and devices to use this service. You can directly subscribe to the service and pay based on your usage. There are no additional compute charges involved in the service. You pay a fixed charge for each protected instance, and also for the storage that you consume in the cloud for storing your backup data. The egress traffic for restore is also free, in addition to the free ingress backup traffic to cloud. Only the first backup is full backup  The data being backed up from on prem and transferred to Azure is compressed before the transfer . This will reduce the storage space used in azure for storing the backup, thereby reducing the storage cost


 It offers the flexibility of centralized backup operations management from the cloud. Since the backup is stored in the cloud, you can leverage its unlimited scale and high availability capabilities.The backed up data can be stored in either an locally redundant storage or a globally redundant storage. LRS will keep three copies of your data in a given location, and will be suitable for cost conscious customers. GRS , in addition to the 3 local copies will store 3 additional copies in a different geography. This provides additional resiliency incase of an Azure site level disaster


Ample emphasis is given on the security aspect as well while designing the service. The backup data is encrypted using a passphrase that will be available only locally. The data in transit and rest is encrypted. Only an administrator who possesses the passphrase can decrypt the data.


The backup data can be application consistent, file consistent or crash consistent depending on your backup scenario . Application consistent backups in windows ensure that you need not do additional fixes in your application when you restore it. This greatly reduces the recovery time in case of a disaster. This makes use of VSS technology in windows. Since VSS is not present in Linux, backup of Linux machines will be file consistent. Crash consistent backups are those backups taken when your machine is shutdown

Long term retention

You can store the backup data in cloud for as long as 99 years!!

 Backup scenarios

When you sign up for azure backup service, you will first create a backup vault in the cloud. It is nothing but a storage space for your backup. You can choose LRS or GRS storage depending on your resiliency preferences. Azure backup makes use of different components in different backup scenarios. For eg, file and folder level backup needs a different tool than a VM level backup. Let us take a look at the different components of Azure backup

Azure backup agent

This is a standalone agent that can be installed for taking file, folder and volume level backup on a Windows OS. The machine can be physical or virtual and can reside either on-prem or in Azure. You can download the agent from the management interface of you backup service in Azure and install in target location. The agent should be registered with the vault using a vault credentials. Also a passphrase is created during the installation that will encrypt data in transit and at rest. You can restore the data to either the same machine or to a different machine. You will have to provide the passphrase to initiate the restore process

System center Data protection manager + Azure backup agent

System center DPM can work in conjunction with the Azure backup agent to backup your workload to Azure. It supports all major MS workloads like SQL, SharePoint, AD, Exchange etc in addition to file/folder backup and VM backups.This option is more suited for customers who already have an investment on system center suite of tools. They can install the backup agent in the DPM server and take backup of files, folders, VMs and applications to Azure. The DPM can be hosted either in on-prem or in Azure. It also supports VM level backup of Linux machines hosted in Hyper-V. It makes use of app aware VSS snapshots to ensure consistency of backed up data.

Azure backup server

This can be considered as a stripped down version of the DPM option. It provides all the functionality of DPM+ Backup agent, except the following
- It doesn't not need a system center integration
- Tape drive is not supported
- An azure backup subscription is required

Azure backup server supports pretty much all workloads supported by DPM. If you don't want to backup to cloud, you can even use it for an on-prem disk to disk protection. You can consider it a subscription based backup service where you are charged based on the number of protected instances. If you are backing up to cloud you will be charged for the cloud storage as well

Azure IaaS VM backup

This is very straight forward VM level backup of VMs that you host in Azure using the backup service. You can backup both Linux and Windows VMs using this service with no additional agent installation

That is Azure backup in a nutshell. You can refer the official Azure documentation here to understand more about each scenarios and the service capabilities

Keep watching this space for more articles on Azure!!!

No comments:

Post a Comment