Describe Azure Backup
Contoso relies on IT resources for its operations and must maintain business continuity. To develop a business continuity plan, the IT team must identify the steps necessary to recover from a disaster affecting the availability of IT resources. The two most common ways to ensure this continuity are implementing full backups and developing a disaster recovery strategy. Azure offers dedicated services that greatly simplify these tasks.
What is Azure Backup?
The Azure Backup service uses Azure resources for short- and long-term storage to minimize or even eliminate the need for physical backup media such as tapes, hard drives, and DVDs. Since its launch, Azure Backup has evolved from a downloadable backup agent via the Azure portal into a much more diversified offering.
The core functionality of Azure Backup protects folders and files on Windows Server and client operating systems, both on-premises and in Azure. This functionality relies on the Azure Recovery Services agent, available for download through the Recovery Services vault interface in the Azure portal. This agent must be installed on each system to be protected.
Azure Backup includes:
- File, folder, and system state backups for Windows Server and 64-bit clients via the Azure Recovery Services agent and the Online Backup integration module for Windows Server Essentials.
- Long-term backup storage with Microsoft System Center Data Protection Manager and the Recovery Services agent.
- Long-term backup storage with Azure Backup Server and the Recovery Services agent.
- VM-level backups for Azure VMs via Azure VM extensions for Linux and Windows systems.
Optional Azure Backup features for enhanced protection:
- Retention of backups for 14 days after deletion.
- Custom PIN required to modify an existing passphrase or stop protection and delete backup data.
- Administrative email alerts triggered by events such as disabling or deleting backups.
Why use Azure Backup?
Azure Backup offers several components that you can download and deploy on the appropriate computer, server, or cloud environment. The component (or agent) to deploy depends on what you want to protect. All Azure Backup components (whether protecting on-premises or cloud data) can be used to back up data to a Recovery Services vault in Azure.
Advantages of Azure Backup:
| Advantage | Description |
|---|---|
| Automatic storage management | Azure Backup automatically allocates and manages backup storage on a pay-as-you-go model. |
| Unlimited scalability | No need to worry about high availability of data in the cloud. |
| Two storage options | Azure Backup offers two replication types: locally redundant storage (LRS) and geo-redundant storage (GRS). |
| Unlimited data transfer | Azure Backup does not limit the amount of inbound or outbound data. |
| Data encryption | Encryption ensures more secure transmission and storage of data in the public cloud. |
| Application-consistent backup | An application-consistent backup contains all the data needed to restore the backup copy. |
| Long-term retention | Recovery Services vaults can be used for short- and long-term data retention. |
How to use Azure Backup?
You can use Azure Backup to perform the following types of backups:
- On-premises: Backup of files, folders, and system state via the Microsoft Azure Recovery Services (MARS) agent. You can also use Data Protection Manager (DPM) or Microsoft Azure Backup Server (MABS) to protect local VMs (Hyper-V and VMware) and other on-premises workloads.
- Azure VMs: Full backup of Windows or Linux VMs (via backup extensions), or backup of files, folders, and system state via the MARS agent.
- Azure file shares: Backup of Azure file shares to a storage account.
- Microsoft SQL Server in Azure VMs: Backup of SQL Server databases running on Azure VMs.
- SAP HANA databases in Azure VMs: Backup of SAP HANA databases running on Azure VMs.
- Microsoft Cloud: Azure Backup replaces your on-premises or offsite backup solution with a reliable, secure, and cost-effective cloud solution.
Security features for hybrid backups
Security concerns (malware, ransomware, intrusions) are increasing and costly. To protect against these attacks, Azure Backup offers security features for hybrid backups:
| Feature | Description |
|---|---|
| Prevention | An additional authentication layer is added during critical operations (e.g., passphrase modification). This ensures that only users with valid Azure credentials can perform these operations. |
| Alert | An email notification is sent to the subscription administrator during critical operations (e.g., backup data deletion). |
| Recovery | Deleted data is retained for an additional 14 days after deletion. This allows data recovery in case of an attack. A minimum number of recovery points is also maintained to prevent data corruption. |
Further reading
For more information, see the following documents:
- Overview of Azure VM backup
- About the Microsoft Azure Recovery Services (MARS) agent
- MABS (Azure Backup Server) V3 UR1 protection matrix
- Prepare workload backup to Azure with System Center DPM
- Security features to protect hybrid backups with Azure Backup
