Azure Backup and Recovery

Hello, readers as we all know organizations believe in Azure for its Backup and Recovery solution. So, in today’s article, we will discuss both topics. So, in today’s article, we will discuss Backup and Recovery in Azure. Let us begin.

What is Azure Backup?

What is Azure backup and why should you use it? Think of it as Azure’s cloud failsafe. It’s a cloud-based backup solution that’s part of the Azure Recovery Services vault’s larger package.

Azure Backup can be used both on-premises and in the cloud, despite being cloud-native. Azure Backup is easy to set up and use, with reliable backups, security features, and administration controls all accessible through the Azure interface.

On-premises workloads can be secured via the Microsoft Azure Recovery Services (MARS) agent, Azure backup server (MABS), or integration with system center Data protection manager, while VMs and the workloads housed in those VMs are backed up using a backup extension (DPM).

Azure backup captures point-in-time copies of your data from a variety of sources, including Azure VMs, SQL machines in Azure, SAP HANA databases in Azure, Files, folders, system state, SQL databases on-premises, VMware VMs, Hyper-V VMs, and more.

Azure Backup Architecture

The Azure Backup architecture uses a variety of methods to backup VMs and data. These can be divided into two sorts of backup scenarios based on their architecture:

• Azure IaaS
• VMs on-premises Windows machines

1. Azure Backup on-premises Windows machines

An azure backup may be utilized in two ways to back up on-premises Windows machines. The following are some of them:

• Backing up directly to Azure using the Microsoft Azure Recovery Services (MARS) agent
• To back up in two phases, use an on-premises backup server like DPM or Microsoft Azure Backup Server (MABS). The backup server can then duplicate the backups and store them in an Azure Recovery Services vault.

2. Azure Backup with Azure IaaS VMs to Recovery Services vault

The Azure Backup service, as you might expect, can back up Azure resources operating in the Azure IaaS offering. This includes Azure virtual machines. Azure Backup allows you to back up Azure VMs in three different methods. These are the following:

• Azure Backup can back up Azure IaaS VMs using a customized backup agent extension. This allows you to back up your complete virtual machine.
• You may use the MARS agent to back up specific Azure VM files and folders.
• You can configure the Azure Backup Server as a VM in Azure IaaS in the same way that you would on-premises, and it will back up to the Azure Recovery Services vault.

Types of Azure Backup

1. Azure Incremental Backup

An incremental backup saves only the changes that have occurred since the previous backup. As a result, they are more efficient in terms of storage and time.

Incremental backup is supported by all Azure Backup components. Whether your target storage is on disc, tape, or in a Recovery Services vault, this applies.

Comparison of Full, Differential and Incremental Backup

The amount of storage space required, the recovery time objective (RTO), and network consumption vary by backup mechanism.

You must choose the most appropriate backup solution for your business needs in order to keep the backup total cost of ownership (TCO) low.

The three forms of backup are depicted in the diagram below. Data source A in the image is made up of ten storage blocks A1-A10, which are backed up monthly.

In the first month, blocks A2, A3, A4, and A9 change, while block A5 changes the next month.

a. Full Backup

The whole data source is included in each backup copy. As a result, it uses a lot of bandwidth and storage on the network.

b. Differential Backup

This just saves the data that has changed since the previous full backup. As a result, network and storage consumption is significantly reduced compared to a full backup. Differential backups, on the other hand, are inefficient since data blocks that are unaltered between backups are transported and stored.

c. Incremental Backup

This only saves the information that has changed since the last backup. As a result, in terms of storage and network efficiency, it is more efficient. Apart from the first full backup, incremental backup eliminates the need for regular full backups. Because incremental backup uses few storage and network resources, the total cost of ownership for backup is reduced (TCO).

Azure Security

1. Network Security

Advanced Encryption Standard 256 is used to encrypt all backup data sent from your servers to the Recovery Services vault.

The backup data is transmitted via a secure HTTPS connection. The data is encrypted and stored in the Recovery Services vault.

The data can only be decrypted if you have the passcode. Microsoft is unable to decrypt the data since it does not have access to the passphrase.

As a result, you must keep your password safe, as Microsoft will not be able to decrypt the backup data if you lose it.

2. Data Security

Setting up encryption within the virtual machine is required for backing up Azure VMs. Azure Backup includes Azure Disk Encryption, which employs BitLocker on Windows virtual machines and dm-crypt on Linux virtual machines to encrypt data.

Azure Backup employs Azure Storage Service encryption to safeguard data at rest on the back end.

3. Network Throttling

For network throttling, you can utilize the Azure Backup agent. This enables you to manage the amount of network bandwidth required during data transfer.

Throttling can be used for both backup and storage data transfers. If data needs to be backed up during business hours, but you don’t want the backup process to interfere with other internet traffic, throttling can help.

Are Azure Servers Backed Up?

So, Azure backup backs up your data, but what about your Azure servers? Yes, they can be, according to the answer to that question.

Azure backup can be used to safeguard servers that are hosted in Azure as IaaS. With no configuration complexity, this backup may be enabled simply from the Azure interface.

The service is available in Azure for both Windows and Linux virtual machines.

The service interfaces with VSS for app-consistent backup on Windows VMs, and file-consistent backup is taken on Linux VMs. The following diagram depicts the Azure VM backup architecture:

Where Are Azure Backups Stored?

So, now that you know Azure servers are secure, you might be wondering where Azure backups are stored.

Azure backups are saved in Azure storage, which is created by the backup service automatically. Because Azure storage is invoiced on a pay-as-you-go basis, it can be used as a low-cost backup option for your cloud data estate.

When employing locally-redundant storage (LRS) replication, Azure storage is designed to be resilient, and there will be at least three copies of your data available in the cloud. Geo-redundant storage (GRS) and zone-redundant storage (ZRS) replication solutions provide additional resiliency for storage.

Azure Backup Costing

The cost of an Azure backup is made up of two parts: the cost per backup instance (source) and the cost of the storage space needed to store the backup.

This is true for backups obtained from Azure as well as backups performed on-premises. This blog article will go through a cost calculation example later on.

Features of Azure Backup

1. Centralized management

Backup Centre allows you to manage, govern, and optimize data protection at scale in a single and consistent manner.

2. Application consistency

In Windows, use Volume Shadow Copy Service (VSS), and in Linux, use pre-and post-processing scripts to back up and restore data from virtual machines with application consistency.

3. Multiple-workload support

On Azure Virtual Machines, Azure Files, and Azure Database for PostgreSQL, back up Azure Virtual Machines, on-premises servers, SQL Server, and SAP HANA.

4. Durable storage options

Backups should be kept in LRS, GRS, and ZRS (locally redundant storage, geo-redundant storage, and zone-redundant storage) (ZRS).

Benefits of Azure Backup

Using the Azure Backup service has a number of advantages. These are some of them:

1. Simplifying your on-premises backup architecture — Azure Backup makes it simple to set up the architecture and environment you’ll need to back up your on-premises data to the Microsoft Azure cloud.

2. Consolidating Azure and on-premises backup systems — If you’re using Azure Backup in a hybrid environment, it simplifies the process of backing up resources in both locations. Backing up on-premises and Azure IaaS VMs as part of this. Using Azure to Scale — With on-premises infrastructure limits, scaling storage, computation, network, and other resources can be tough. When you use the Azure Backup service, you may benefit from Azure’s scalability.

3. There is no price for data transmission with Azure Backup, regardless of how much data is sent inward or outbound. In most cloud systems, you are charged when you remove your data from the system. However, there is no price for inbound or outward data using Azure Backup. Large volumes of data imported using the Azure Import/Export service are the only exception.

4. Data encryption — Data in Azure Backup is encrypted in transit and at rest.

5. Take application-consistent backups — When backing up database-driven programmes like SQL Server, Exchange Server, and SharePoint, this is critical.

6. You may also protect file servers and Windows clients, with the ability to granularly protect and recover client files and folders.

7. Azure Backup can cover workloads running in any cloud, including hosted, public, and private clouds, and it is not cloud-specific.

8. Restore points are virtually limitless – you may choose how many restore points you want to maintain. Azure allows you to maintain up to 9999 recovery points per protected instance, which is practically limitless.

9. Storage on a pay-as-you-go basis – You only pay for the storage you use, and you are not charged for any storage you keep on your premises.

10. Azure Backup takes advantage of Azure’s redundancy and high-availability features — Using Azure locally redundant storage (LRS), which stores three copies of your data in a storage scale unit in a data center, you can keep your storage highly available. You can also employ geo-redundant storage (GRS), which copies data to a second location hundreds of kilometers away. GRS is the preferred method.

Azure Backup Vault Overview

A Backup Vault is a storage object in Azure that stores backup data for some of Azure Backup’s more recent workloads. Backup vaults can store backup data for a number of Azure services, such as Azure Database for PostgreSQL servers and newer Azure Backup workloads.

Backup vaults simplify backup data organization while cutting administrative costs. Backup vaults are based on the Resource Manager architecture in Azure, which provides features such as:

Backup vaults give security capabilities to protect cloud backups, whereas Azure Backup delivers enhanced features to assist secure backup data.

Even if your production and backup servers are compromised, the security features ensure that you can secure your backups and reliably restore data.

Azure RBAC (role-based access control): Azure RBAC allows for fine-grained access management control.

Azure features a number of built-in roles, including three for managing recovery points in Azure Backup. Backup vaults work with Azure RBAC, which limits backup and restore access to a specific set of user roles.

Storage settings in the Backup Vault

A backup vault is a storage location for backups and recovery points that have been made over time. The backup policies associated with the protected virtual machines are likewise stored in the Backup vault.

• The vault’s storage is handled automatically by Azure Backup. When constructing the Backup vault, select the storage redundancy that best suits your business needs.
• See these articles on geo, zonal (preview), and local redundancy for additional information on storage redundancy.

Encryption settings in the Backup vault

This section goes over the encryption settings for backup data stored in the Backup vault. The Backup Management Service app is used by Azure Backup to access Azure Key Vault, but not the Backup vault’s managed identity.

Encryption of backup data using platform-managed keys

All of your data is secured by default using platform-managed keys. To enable this encryption, you do not need to take any specific action on your end. It applies to all backup workloads in your Backup vault.

Creating a Backup Vault in Azure

A backup vault is a management object that holds recovery points that have been established over time and provides an interface for performing backup operations. Take on-demand backups, restorations, and backup policies are just a few examples.

Follow the below steps to create a backup vault.

1: Go to Azure portal

2: In the search box, type backup vaults and select Backup vaults from the Services menu.

3: On the Backup vaults page, click on the Add button.

4: Make sure the relevant subscription is selected under Project information on the Basics page, then pick Create a new resource group. For the name, type your resource group name.

5: Type a name for the Backup vault name and choose your preferred location, in this case, East US, under Instance information.

6: Select your storage redundancy now. After securing objects in the vault, storage redundancy cannot be modified.

7: If you’re utilizing Azure as your primary backup storage endpoint, we recommend using the default Geo-redundant configuration.

8: If you’re not using Azure as your primary backup storage endpoint, select Locally redundant to save money on Azure storage. Get more information on geo and local redundancy.

9: Provide appropriate tags.

10: Now in the Review + Create page hit the create button.

Deleting the Azure Backup Vault

On the vault dashboard, select Delete when there are no more objects in the vault. A confirmation text will appear, asking if you want to delete the vault.

To confirm that you want to delete the vault, select Yes. The vault has been removed. The portal displays the New service menu once more.

What is Azure Site Recovery?

Site-level data protection is an important part of BCDR. What happens if a whole production facility is lost? This is a step beyond merely restoring a backup.

Site recovery entails organizing automated failover and fail backups from one site to another. Azure Site Recovery is a utility that helps you orchestrate and automate the replication of Azure VMs across regions, as well as on-premises virtual machines and physical servers to Azure. Your data can be replicated from one datacenter to another with Azure Site Recovery. The Azure IaaS cloud environment would be the other datacenter in this system.

Azure Site Recovery can replicate Azure virtual machines between Azure regions and on-premises virtual machines, Azure Stack virtual machines, and physical servers.

While Azure Backup is primarily concerned with backups, Azure Site Recovery is more concerned with replication.

Azure Site Recovery Architecture

Consider the architectural components for VMware vSphere VM replication using Azure Site Recovery as an example.

A VMware vSphere OVA appliance is used to configure Azure Site Recovery as an on-premises appliance. The mediator between the on-premises vSphere system and Azure is this “combined” process and config server. Both VMware vSphere and Azure are connected through the ASR config server.

Benefits of Azure Site Recovery

1. Site recovery has been simplified by providing replication, failover, and failback via the Azure UI.

2. Azure replication between regions

3. On-premises replication to Azure or a secondary on-premises datacenter

4. Azure VMs, Hyper-V, VMware, and physical workloads are all supported on several platforms.

5. Extremely aggressive replication – With ASR, you can replicate Hyper-V VMs as rapidly as every 30 seconds, and Azure and VMware VMs can be replicated continuously.

6. Consistent replication of applications

7. In a simulated environment, test your failovers and failbacks.

8. ASR’s recoverability is exceptionally easy and adaptable, thanks to planned failovers, configurable recovery plans, and network interaction with Azure.

Azure Backup vs Azure Site Recovery

Which would you choose if you had a look at both services? In all likelihood, Azure Backup and Azure Site Recovery should not be considered competitors.

Rather, they complement each other. Azure Backup enables granular backups and data restoration.

Azure Site Recovery protects a complete production site using automation and orchestration to make failover and failback operations as painless as possible.

Using Azure Backup

Assess the Requirements

The first step is to figure out what your firm needs in terms of backup. All of the procedures on this list after that will be dependent on what you need from your backups in the first place. However, it is easier said than done.

When it comes to recovery planning, the majority of businesses are perplexed. They may not have plans that are well-aligned with recovery objectives, or they may not be aware of what to expect in a recovery setting.

Some businesses are obligated to maintain high availability and disaster recovery as a result of legislation, regulations, or market trends.

If a significant outage occurs at a primary location, they must be prepared to recover data and applications in a coordinated manner.

Azure Site Recovery is an easy-to-use tool for replicating physical, VMWare, or Hyper-V environments to Azure Virtual Machines for enterprises who need an Azure disaster recovery solution.

In the event of a disaster, Azure Site Recovery offers orchestration and several failover alternatives. Azure Backup, on the other hand, should be considered if you need to store backups of your data or virtual machines on-premises or in Azure.

This data can be recovered from backup copies straight from the Azure portal or via the MARS /MABS /DPM interface to the original or alternate location.

Because the backup data is saved in Azure cloud storage, it is protected from any disasters that may affect your local data centres.

Backup on Azure can be your primary backup location or an add-on to another backup solution in which you’ve already invested.

What Kind of Backup Do You Need?

Depending on the workload you need to protect, your backup approach will differ, and Azure Backup can help you with a range of backup kinds.

You can easily backup and restore your files and folders, which is useful for archiving application configuration changes or other business documents.

If you want to backup sophisticated workloads, however, Azure provides support for a variety of scenarios.

Backup options in Azure range from “standard” Windows or Linux computers to fine-grained protection for Exchange, SQL, and SharePoint services. You can backup Hyper-V, VMWare, or even the system state and perform a bare-metal recovery if necessary.

Backups of your Azure VMs can now be created directly from the interface using Azure backup.

Azure backup can also detect SQL databases and SAP HANA databases in your Azure virtual machines and enable protection against them using the Azure portal.

It’s worth noting that PostgreSQL on Azure currently has the same feature in preview. This aids in the protection of your Azure mission-critical DB and SAP workloads.

Resources and Azure Backup Pricing

When it comes to disaster recovery, one of the most common concerns that businesses have is how Azure Backup would influence their environments during backup and recovery procedures. What Azure resources will be necessary to make this work, and, of course, how much will Azure backup and storage cost?

Microsoft’s cloud-based backup solution has a rather straightforward structure in terms of resources: you create a recovery services vault, define an Azure storage account redundancy for storing backup data, and set a schedule for objects to be backed up.

The next question is how much bandwidth is required to back up your company’s data to Azure. That is a question for which there is no simple answer.

Once Azure has copied your data, it will try to synchronise just delta changes, saving you time and money on your internet connection.

You may apply throttling or even move your data offline to the nearest Azure data centre if your connectivity are slow.

For the initial transfer of data to Azure data centres, you can utilise either the Azure import/export service or Azure Data Box.

The offline backup workflow is depicted here. You can learn more about this process by reading this article:

The next question you’ll probably have is how much storage space you’ll need for your backups. The answer is directly proportional to how frequently you replicate your workload to Azure and how many historical copies you want to maintain via retention policies.

This is a hot topic since Microsoft will charge users for storage space in addition to the fixed Azure Backup fee for data protection.

Azure Backup features two cost components: a flat backup fee based on the size of the covered instance and a storage fee.

Protected instances are virtual machines, application servers, SQL servers, and other servers that are part of a backup strategy.

The following is a summary of the backup charges for Azure VMs and on-premises servers:

Consider the case of an application server with 1.2 TB of data that needs to be backed up. We must also evaluate the percentage of data that changes each month.

In this example, we’ll assume that data grows at a rate of 10% each month. Azure Backup compresses data, resulting in a 30-40% reduction in backup size and a reduction in storage consumption.

The first backup will be a full backup, with incremental backups following. For this situation in the East US region, an estimate of monthly backup charges is presented below.

Backup Performance and Backup Time

The recovery plan for every clean backup set, the permitted timeline for backup-related operations, and performance requirements should all be included in the company’s recovery plan.

These parameters should be tailored to each and every workload.

Determine the greatest amount of time you can afford to correct or restore service, also known as your Recovery Time Objective (RTO), and the maximum amount of time you can endure losing data, also known as your Recovery Point Objective (RPO) (RTO).

While the frequency of backup creation can be adjusted as needed, the overall duration to backup to Azure is dependent on several factors:

The amount of time it takes to take a snapshot.

The amount of time spent in a backup queue with other Azure customers.

The length of time it takes for data to be transferred.

It’s worth noting that Azure backup reduces backup time by taking concurrent backups of the VM’s drives.

Snapshots for backups may not be transferred instantly, and this procedure may take longer during peak hours.

Restoring takes queue time and data transfer time, just like backup. You may probably guess that the total time these processes will take isn’t going to be very short.

Backup time should be carefully considered, since it may be the most dependable indicator of your recovery plan’s efficacy.

How it will Recover?

Once everything is in place and backups are being created correctly, the ideal case scenario is that you will never need them: no one likes to lose data and have to go through a recovery procedure.

However, you will almost certainly have to do it at some point due to human error or programme failure.

Being prepared is the finest thing you can do. You can quickly restore your Windows and Linux virtual machines, individual workloads, system state, and even files and folders from VM backups on Azure.

You can build an isolated environment and execute tests on your production data replica without interfering with your actual production environment by running a test on a different Azure Virtual Network or on-premises infrastructure.

You can use the Azure portal to monitor your backups and set up easy reporting, alerts, and diagnostic logs so you can react quickly if something goes wrong and, more importantly, guarantee that you always have consistent backups.

Azure backup monitoring is enabled by default using Azure monitor.

You can also use the log analytics work space to construct query-based backup job notifications.

The next step is to test your backup on a regular basis to ensure that it is working properly.

Another option is to use NetApp Cloud Volumes ONTAP to assist backup and update your Azure storage system.

Cloud Volumes ONTAP is a cloud-based version of NetApp’s trusted ONTAP data management software that provides all of the on-premises data centre storage solution’s features and resources to Azure storage.

Azure users that use Cloud Volumes ONTAP can save up to 70% on Azure storage costs by using strong storage efficiencies.

Have some fun with the Azure calculator to see how much you can save to see how some of these might work in your deployment.

Conclusion

Backup and replication of data between on-premises and Azure settings are made easy with Azure Backup and Azure Site Recovery.

It all boils down to selecting the appropriate tool for the job and application.

Both products offer the essential capability for protecting individual workloads as well as site-wide workloads.

They are data protection products that work together to fulfill the entire range of data protection requirements in the company.

Both simplify the infrastructure and architecture required to use hybrid environments to meet 3-2-1 backup goals and store data offsite in the Azure public cloud.