Azure Backup. Effective cloud backup storage

Imagine you need to implement cloud backup for all virtual machines in your organisation. One way to go about this would be to purchase a separate server, get a backup management software licence and make sure you have enough data storage space. Of course, the server would also need to be secured. However, the process is prone to errors; you may wrongly estimate how many disks you will need or come up against security or availability issues. Fortunately, Microsoft Azure offers a couple of services that can guide you through the backup procedure: Azure Backup and Azure Disaster Recovery.

Azure Backup. Effective cloud backup storage

Read on if you want to know how to create backup copies in the cloud without worrying that:

  • You will wrongly estimate data size and purchase too few or too many disks;
  • You will not be able to ensure adequate server security and data protection;
  • You will face problems with the availability of critical applications in the event of failure;
  • Your backup costs will keep growing.

Microsoft Azure cloud backup

First, let’s pause to think about Azure Backup and how it works.

Azure Backup is a service that, following a simple setup process, automatically creates and saves backup copies to the Microsoft Azure cloud (and then recovers them, if necessary). You can use it to back up almost any Microsoft Azure resource, ranging from virtual machines to SQL or PostgreSQL databases.

Importantly, the service also allows you to create backups for on-premise machines, or physical servers. You can also store backup copies of specific files or folders on your machines or platforms such as Azure Blobs and Azure Files.

Azure Backup

To see how this works, let’s take the example of virtual machines: once you have selected the machines you want to back up and configured settings such as backup frequency and storage time, Azure Backup will be automatically installed on them. It will then take care of information flow between the machines and the Azure Backup Vault, a treasure vault where your encrypted data will be stored.

Importantly, Azure Backup performs differential backups: the first backup will take up a lot of time and space, but the ones that follow, as long as they are not stored for retention, will only include information on any changes introduced since the previous backup. This will help you save space in the Backup Vault (which will be important when we get to the issue of costs!).

Azure Backup Vault

And now a word or two about Azure Backup Vault. The ABV serves as a backup and backup recovery centre. With the right permissions from RBACK (Role-Based Access Control), you can use it to decide: what should be backed up and how often, or how long backup copies and snapshots* are to be stored. You can also monitor backup status and generate reports.

*Snapshots – a mechanism that allows you to use the Azure Backup Instant Restore service, which will restore the environment to the state in which it was when the snapshot was taken.

Data backup: replication in the cloud

You can also choose which data you want to be replicated. In general, Microsoft Azure offers three replication levels:

  • LRS (locally redundant storage) – replicates data to other matrices within one data centre. If the data centre experiences a failure, your data could be in danger.
  • ZRS (zone-redundant storage) – replicates data within three so-called Azure Availability Zones within one region. Your data is safe when a single data centre breaks down, but could be at risk in the event of a region-wide failure.
  • GRS (geo-redundant storage) – replicates data to another region. In the event of a region-wide failure, your data will still be safe.

Of course, not all replication levels are available for all services, and some have additional features (such as Read-Only retention, which permits practically uninterrupted access to data in the event of master copy failure).

Data protection. Which replication level should you choose?

The replication levels listed above are in order from the least safe to the safest. This does not mean that LRS replication is not safe: whichever level will be right for you depends on data type (e.g. whether you’re dealing with financial data for banks or app telemetry data in the developer environment) and the criticality of the app they serve. Even if you choose LRS, your data protection will still be higher than if you stay with a simple backup architecture with on-premise servers instead.

How to enable Azure cloud backup?

To see for yourself how easy it is to enable server backups (even without any technical knowledge!), just follow the instructions below.

  • Choose the Azure virtual machine you want to back up. Go to “Backup” in the left blade.
  • If the backups are already enabled, you will see a history of recent tasks and general backup status (fig. 1). If they are disabled you will see a menu, as in fig. 2 and fig. 3.
  • When enabling backup, you can choose from among several options when it comes to:
    • Recovery Services Vault (RSV) – a service that performs backup tasks and stores backup copies. When you enable backup for a machine, you can create a new or use an existing RSV. To create a new one, you must choose a RSV name and select where it will be stored.
    • Backup policies – a set of backup principles. The policy will determine how often backup copies will be made and how long they will be stored. You can also choose your preferred policy type (standard or enhanced). An enhanced policy allows you to create multiple backup copies within one day. You can use an existing policy or create a new one with your own settings.
    • Disks – you need to choose the disks to be included in the backup. It is a useful option if we want to generate savings, knowing that no one disk contains critical data.
  • Choose the configuration and select “Enable Backup” to enable new backup copies in the cloud.
Azure Backup. Recent backup task history
Figure 1. A screen showing recent backup task history and overall backup status
Azure Backup. Enabling backup copies on a virtual machine
Figure 2. Enabling backup copies on a virtual machine.
Azure Backup. Policy and disks screen. Enabling backup copies on a virtual machine
Figure 3. Enabling backup copies on a virtual machine. Policy and disks options.

Microsoft Azure Backup: cloud costs

Let’s get to the heart of the matter, that is, the costs. When estimating the costs of Azure Backup services, you need to consider aspects such as data size and the replication level. The more data you want to store, the more you will need to pay. And the more critical your data, the higher the fee (depending on the replication level).

Backup strategy and cloud costs

It is worth noting that choosing a longer backup period may dramatically swell the volume of your data in the cloud, and, which follows, increase storage costs. Defining the right backup strategy is thus essential if you want to optimise the costs of your Azure environment.

Backup data in the cloud: greatest advantages

Compared to traditional backup solutions, the greatest advantage of Microsoft Azure Backup is its cost, which is calculated as a function of the storage space you actually use (which makes it the most economical choice! :)). As a result, you don’t need to estimate how large your backup machines need to be or how many instances will be required to create backup copies for all remaining machines in a given amount of time.

This responsibility is taken by the cloud provider; all you need to do is clearly state your requirements. Also, you no longer need to stress about data security (built-in encryption mechanisms will take care of that) or having to purchase additional machines.

App security. Disaster Recovery

When designing or developing solutions, you might find that some applications are highly critical and must have high availability (be it on account of customer demands, app scale, company image and operations, or responsibility for users’ life and health). Such solutions need to be protected against unpredictable incidents. But how?

Planning and deploying adequate security measures for your app include Disaster Recovery, or a response plan in the event of a failure.

Disaster Recovery in the cloud

You have several Disaster Recovery options to choose from in the cloud. One is to deploy your own solution, using Load Balancers and several backup instances of your app. If a failure occurs, the Load Balancer should automatically redirect all user traffic to active app instances.

Disaster Recovery. Restoring the app

Another option is to use solutions offered by cloud providers. One such solution is Azure Site Recovery (ASR).

The solution works the same as in the example above, but allows you to cut infrastructure costs, as well as the costs of creating a Disaster Recovery system of your own. The solution is not limited to the cloud, you can also connect it to your on-premise environment.

Azure Site Recovery

How does Azure Site Recovery work?

  • Failure detection – ASR detects a failure based on preset metrics, which might include, e.g. lack of server response or a negative response to a health check.
  • Recovery plan launch – once a failure is detected, ASR automatically implements a predefined recovery plan, which specifies which Azure virtual machines are to be created and sets out the order in which they are launched.
  • Data replication – ASR can replicate data to the cloud on an ongoing basis. Once the recovery plan is started, the data can then be used by newly created machines.
  • Switch to the new environment – once the new virtual machine instances are created, users are switched to the new environment created by Azure Site Recovery.

Advantages of Azure Site Recovery

As mentioned above, the main advantage of ASR has to do with infrastructure costs. You only need to pay for virtual machines when they are working, and they are only launched in the event of failure and for as long as it takes to fix it. Of course, there are some permanent costs, too, such as data transfer and storage fees or, in some cases, licensing fees.

In addition, admins can get ongoing ASR status reports during a failure or monitor ASR status even if no failure occurs. DRP procedures can be implemented without any impact on the production environment.

Case study: migration and backup of 80 virtual machines in cloud

One of our clients had an extensive on-premise infrastructure consisting of c. 80 virtual machines. As part of our cloud migration plan, we prepared a number of artifacts, including backup specifications for various cloud platforms – you can learn more about this case study here: Comprehensive cloud migration preparedness audit for an insurance company.

In the end, after comparing available cloud providers, our client decided to opt for Microsoft Azure. The migration also involved moving backups to Azure Backup and Azure Disaster Recovery was used for more critical systems.

The backup configuration remained the same as it was on-premise. All machines were backed up every day at midnight.

Thanks to Azure Disaster Recovery, only minimal work would be required to quickly restore the machine in the event of a failure. All it takes is the right network configuration and an easy setup process in Azure.

Effects. Continuity in the cloud

Compared to the previous backup strategy, DRP testing times for the same servers dropped from an average of 121 minutes to just 33 minutes. This represented a significant improvement in virtual machine recovery times, which was one of our client’s objectives. If a failure should occur in one of the organisation’s critical applications, the app would be automatically restored within less than twenty minutes from the incident.

Azure Backups. Highlights

When exploring the cloud of your choice, you might want to get familiar with its native tools and services. Oftentimes, they are much faster to configure than a standard approach that involves manually enabling services on your on-premise infrastructure or cloud-based virtual machines. Native tools and services also come with a range of advantages: legal compliance, a delegation of responsibility to the provider and troubleshooting support.

Services such as Microsoft Azure Backup and Azure Disaster Recovery allow you to manage the cloud more effectively and recover data more quickly, but they are obviously not a fix-all solution. You need to examine and understand their limitations and use cases, and each use case should be looked at in isolation to account for its specificity.