Azure Backup is the Azure-based service which you can use to back up and restore your data in the Microsoft cloud. Azure Backup is a reliable, safe and competitively priced cloud-based backup solution which can be used to replace on-premises or off-site backup solutions. There are multiple components in Azure Backup which can be downloaded and deployed depending on what you want to be backed up. All of these components can be used to back up data to a Recovery Services vault in Azure, regardless of whether you’re protecting data on your premises or in the cloud.
What is a Recovery Services vault?
It’s an online storage entity in Azure and is used to hold recovery points, backup copies, and backup policies. Recovery service vaults can be used to hold backup data for Azure services as well as on-site servers and workstations. With each Azure subscription, you can create up to 500 Recovery Service vaults.
When considering where to store your data, you can use geo-redundant storage (GRS) or locally redundant storage (LRS). LRS copies your data three times in a storage scale unit in a data center. All these copies exist in the same region. LRS will protect your data from local hardware failures. In contrast, GRS copies your data to a secondary region, which is hundreds of miles away from the source data. GRS is more expensive than LRS, but it means that your data is protected even in the event of an outage in your region.
The advantages of Azure Backup
Traditionally backups to the cloud have treated the cloud as a storage destination, similar to disks or tape. However, this approach doesn’t take full advantage of an underlying cloud platform. Other cloud storage solutions can mean that you end up paying for storage which you don’t need or the wrong type of storage for your business.
The benefits of Azure Backup include-
Depending on your business needs you may want storage on-site as well as in the cloud. Azure Backup doesn’t charge for on-site storage devices. It also allocates and manages backup storage and uses a pay-as-you-use model. See below for details of cost.
Unlimited scaling
Azure Backup has high-availability. You have no maintenance or monitoring overheads. You can get information about events by setting up alerts if you wish.
A number of storage options
There are two types of replication in Azure Backup- locally redundant storage (LRS) and geo-redundant storage (GRS). Which one you choose, or a combination, will depend on your storage and back up needs.
Unlimited data transfer
Azure Backup does not place limits on the amounts of inbound or outbound data that you transfer. Outbound data means data which is transferred from a Recovery Services vault while carrying out a restore operation. However, if you’re using the Azure Import/Export service to import large amounts of data, inbound data will accrue a cost.
Data encryption
Azure Backup includes data encryption to ensure that your data is transmitted and stored securely. The encryption passphrase is stored locally and is never transmitted or stored in Azure. If you need to restore any of the data, you’re the only one who has the encryption passphrase.
Application-consistent backup
This means that a recovery point has all the required data to restore the backup copy, so additional fixes are not required. The use of application-consistent data means that restoration time is reduced substantially.
Long-term retention
There is no limit to the length of time data can remain in a Recovery Services vault, so they can be used for both short, and long-term data retention. However, Azure Backup has a limit of 9999 recovery points per protected instance. The table below shows the maximum backup frequency for each component.
Which Azure Backup components should I use?
The following table shows what you can protect with each Azure Backup component.
Which applications and workloads can be backed up?
Linux support
The following table shows the Azure Backup components that have support for Linux.
What are the features of each backup component?
The table below summarizes the availability or support of the various features in each Azure Backup component.
Compression
In order to reduce the required storage space, backups are compressed. The VM extension is the only one that doesn’t use compression. Instead, it copies all backup data from your storage account to the Recovery Services vault in the same region, without compressing the data while transferring it. Transferring data without compressing it means you’ll need higher levels of storage. However, storing the data without compression means you can achieve a faster restoration.
Disk Deduplication
Deduplication is not available in Azure for any Backup component. However, deduplication is available when you deploy System Center DPM or Azure Backup Server on a Hyper-V virtual machine.
Types of backup
Incremental backup
An incremental backup is a backup of only those changes made since the last backup. Therefore, they are more storage and time efficient. Every Azure Backup component supports incremental backup. This is regardless of whether your target storage is on disk, tape or to Recovery Services vault.
Comparison of full, differential and incremental backup
Each type of backup method varies with regard to storage space required, recovery time objective (RTO) and network consumption. In order to keep the backup total cost of ownership (TCO) down, you need to choose the most appropriate backup solution for your business needs. The image below compares the three types of backup. In the image, data source A is composed of 10 storage blocks A1-A10, which are backed up monthly. Blocks A2, A3, A4, and A9 change in the first month, and block A5 changes in the next month.
Full backup
Each backup copy includes the entirety of the data source. As a result, it consumes a lot of network bandwidth and storage.
Differential backup
This only stores the parts of the data that have changed since the last full backup. As a result, network and storage consumption is much lower than it is for a full backup. However, because the data blocks that are unchanged between backups are transferred and stored, differential backups are relatively inefficient.
Incremental backup
This only stores the data which has changed since the previous backup. As a result, it’s more efficient in terms of storage and network efficiency. With incremental backup, there’s no longer any need to take regular full backups, apart from the first one. Incremental backup means less storage and network resources are used, resulting in a lower backup total cost of ownership (TCO).
Security
Network security
All the backup data from your servers to the Recovery Services vault is encrypted using Advanced Encryption Standard 256. The backup data is sent over a secure HTTPS link. In the Recovery Services vault, the data is stored in encrypted form. Only you have the passphrase to decrypt the data. Microsoft cannot decrypt the data as it doesn’t hold the passphrase. Therefore, you must keep your passphrase safe, because if you lose it Microsoft cannot decrypt the backup data.
Data security
Backing up Azure VMs requires setting up encryption within the virtual machine. Azure Backup supports Azure Disk Encryption, which uses BitLocker on Windows virtual machines and dm-crypt on Linux virtual machines. On the back end, Azure Backup uses Azure Storage Service encryption, which protects data at rest.
Network throttling
You can use Azure Backup agent for network throttling. This allows you to control how much network bandwidth is used during data transfer. Data transfer for both backup and storage can use throttling. Throttling is useful if data needs to be backed up during working hours, but you don’t want the backup process to interfere with other internet traffic.
How does Azure Backup differ from Azure Site Recovery?
Both Azure Backup and Azure Site Recovery back up data and can restore that data. However, they serve different purposes. If you need to backup and restore data at a granular level, then Azure Backup is a better choice. Azure Backup can backup data on-site and in the cloud. In contrast, Azure Site Recovery coordinates virtual-machine and physical-server replication, failover, and failback. Both Azure Backup and Azure Site Recovery are needed because you need to be able to keep your data safe and recoverable (Azure Backup) and keep your workloads available (Site Recovery) when outages occur.