Expanding on our last blog post where we showed how you can use Azure to meet your DR needs, this post we’ll cover how to make use of Azure for your long term backups and data protection requirements.
Operations Management Suite (OMS) offers a solution not only around DR, but also around Backups. Azure Backup is an offering from Microsoft that can back up and restore your data in the cloud. It is designed to be a complete replacement to your existing on-premises or off-site backup solution, which is reliable, secure, and cost-competitive.
Azure also improves upon the traditional backup model. If you’ve used a tape backup solution, then some of these challenges will feel familiar:
- Your backup size has grown, and you need to get a new tape drive with increased capacity
- You need to rotate tapes offsite to mitigate any disasters in the local datacentre
- You need to restore files, but it will take a couple of days to find and return the correct tape from the offsite location
Addressing these challenges in a traditional fashion is usually costly, slow, or both. Azure Backup allows you to leverage Azure’s hyperscale storage capacity and hybrid integration capability to solve these issues.
Back to Basics
At its most basic level, Azure Backup is a complete Backup and Data Protection solution for all your data protection needs. It provides backups for volumes, system state, and specific files and folders. These backups are administered via policies which allow for scheduling, versioning and control over data retention periods.
Azure Backup also supports application level integration. Azure Backup can integrate directly into your SQL, Hyper-V, Exchange, Sharepoint environments to provide application aware backups to minimise the operational overhead of configuring and managing backups in complex (e.g. clustered) environments.
This data protection capability is then enhanced with native integration into Azure that allows you to gain the maximum possible benefit out of the Azure platform without needing to retrofit unwieldy block-to-blob storage translation appliances.
Forever is a long time…
Azure Backup allows you store your data in tiers to meet your recovery and protection needs. Data is stored on local disk for short term retention and extremely rapid restore capability, then using retention policy that you define, data is automatically archived out to cloud, and pruned to your specific data retention requirements.
When data is stored into Azure, the data is held against your retention policy which allows you to specify how many weekly, monthly and yearly recovery points you want to retain, and for how long you want to retain them. As of the writing of this document, Azure currently supports up to 99 years’ worth of recovery points. This retention policy can be defined at an application, or a server level, allowing you to protect data to the specific level that it requires rather than being forced to protect all data under a single inflexible policy.
Azure also allows you chose different availability levels for the storage you consume in Azure.
For your mission critical production data, you may choose to have Azure geo-replicate your backups to a separate physical region to ensure that a you have geo-redundant backup data in case of regional disaster. However, you may decide that this capability, and its associated cost, is not required for your non production backups so you may choose to only protect that data inside a single Azure region, at a lower per GB cost.
It’s using how much data?!
Azure Backup also focuses on storing data in an efficient manner. Data compression is available both data over the wire, and for data at rest. By using compression wherever possible, Azure Backup ensures that you are not overusing either your local disk, or over consuming your cloud based storage. Azure Backup also uses smart retention capabilities to minimise the amount of data that has to be transmitted to store a backup in the cloud, as well as the amount of data you have to copy back from the cloud in order to do a recovery.
When storing data into the cloud, after an initial full backup is synchronised to Azure, only incremental backups will be synchronised after. However, using the natively cloud aware architecture of Azure Backup, every incremental recovery point functions as a full recovery point. So there is no requirement to restore a full recovery point and then roll it forward to an incremental point. Simply pick the recovery point you require and Azure Backup will restore it as if you had taken a full backup at that point. Taking this approach minimises the data that needs to be copied up to Azure, as well as the amount of data that needs to be copied back in the event of a restore.
If you are concerned about the size of your initial full backups, even with compression, you can also seed an initial backup using the Azure Import Export workflow for Azure Backup. This allows you to send an offline full backup set via a physical, encrypted disk to Azure, and have it ingested into your backup vault without having to wait for the full backup to be completed over the wire. This is a great scenario for workloads that compress poorly, or for those of us that don’t have the advantage of high-speed low-cost internet access.
And it’s costing me?
Most cloud based backup solutions, whether than be pure cloud storage, or cloud integrated backup products, charge a fee to copy data back out of the storage system for recovery purposes. This generally makes these services cheap to store, but expensive to recover. Azure Backup doesn’t subscribe to this approach. Instead, Azure Backup charges no additional fees for recovery, regardless of the volume of data, or the frequency of the recovery of operations. All costs are covered by the protection fee (below).
This means that when you are doing your forward cost planning, all you need to consider is how much data you are protecting. You don’t need to worry about how frequently you need to recover data, or if conducting a 20TB restore of that mega file share from 3 years ago will break the monthly operational budget or not.
But who has the keys?
One of the most common blockers in adoption of cloud based technology is that of security. There is a common theme of concern that if the data isn’t in “my datacentre”, then it isn’t secure.
Azure Backup addresses that concern by natively encrypting all backup data both in flight and at rest. Backups are encrypted using the industry standard AES256 algorithm and the protection keys are held by the customer, that’s you, only. Microsoft does not keep a copy of the key; they only hold a copy of the encrypted data.
Additionally, the Azure platform has been certified and audited to numerous regional, national and industry specific compliance standards to ensure that the appropriate security controls are in place on the Azure platform itself. Below you can see some of the Azure platform compliance certifications obtained in Australia.
Azure also ensures that when data is replicated from one region to another, it does not cross a significant geography.
The geo replication technology built into Azure will never replicate data from Australia to China, or from the EU to the United States. Geo replication is designed to ensure that data is protected within the regional geography so that data sovereignty is honoured.
Anywhere and everywhere
While we’ve mostly been discussing the challenges of managing on premise backups with Azure Backups, it’s important not to forget that Azure Backup also natively supports backing up Virtual Machines in Azure. Azure Backups allow you to create point in time recovery points of your Azure VMs directly from the Azure portal.
This same console now also supports managing your Azure Site Recovery environment from the same location. So now you can manage all the VMs in your hybrid datacentre deployment using one product.
While we’ve only scratched the surface of what Azure Backup is capable of, I hope this has offered some meaningful insight into how Azure Backup can help simplify the operational experience of data protection for you. For more details about Azure Backup or to talk about your business’ data protection requirements, speak to us.