The cloud adoption is inevitable, but there are some new considerations to make on this journey. We’ve been warning our customers to not just blindly copy their existing data protection strategies when switching platforms, and instead, use the opportunity to challenge the status quo and embrace new practices. Today, I wanted to bring my own perspective into Microsoft Azure data protection challenges and talk about Azure Backup, a native IaaS backup offering, as well as show when its capabilities might need to be extended using solutions like Veeam Backup for Azure.
Microsoft data protection flavors
First, allow me to dissolve any confusion about Microsoft data protection offerings. It’s quite easy to get confused as they have several integrated and standalone solutions with a long history. For example, the Windows Server Backup utility has been built-in to Windows Server OS versions for a long time. Now, there is Azure Backup. Despite its name, it can also protect on-premises workloads. In essence, this solution consists of three parts: Azure IaaS Backup, Microsoft Azure Recovery Service (MARS) and Microsoft Azure Backup Server (MABS). MABS is an evolution of Data Protection Manager (DPM), and in a nutshell, is a software appliance to be installed on-premises for VM and application backup. MARS is a combination of agents, so it is useful in on-premises/hybrid environments or in cases when it’s better to operate at the OS level. Below, I have a diagram showing these components and their relationship for your convenience. The rest of the article is going to focus on Azure Backup Service (inside the cloud).
Azure Backup Service
Now, we’re coming to the cloud-native backup offering, which is an integral piece of Azure functionality these days. The “Backup” option (disabled by default) is available on the “Management” step while you’re creating a VM, so it’s very easy to get started. This functionality was introduced around 2015 with the mission “to provide BCDR strategy by using the Azure cloud,” highlighting the importance of taking a few extra steps for data protection using the cloud despite the common misbelief. Besides support for VM backup, it also supports Azure File Shares, SAP HANA, and SQL running in Azure VMs.
The general concept of the solution is to use locally- or geo-redundant Recovery Services Vaults (RSV) to store the protected data. While an RSV is in fact yet another Azure Blob container, the backup data within it is hidden from the naked eye, thus providing more security. The tradeoff is less control, not to mention a different price tag.
Among other features of the service are three levels of data consistency. Thanks to the tight integration between Windows and Azure itself, all Windows VM backups are application consistent — users don’t have to configure anything. It’s fully transparent and works like magic! I’d also mention the cross-region recovery (CRR) feature that allows users to restore VMs in another (paired) regional data center.
However, there are several scenarios where you might want more options and control. Whenever you must maintain a tight RPO (less then 24h), Azure Backup won’t fit in here as it doesn’t have a more frequent schedule option. Another interesting observation is about its performance. My personal impression is that it’s quite random and frankly doesn’t depend on the processed data scope. For example, a tiny incremental of 200 MB for a VM can take up to 30 min. Although, like I said before, that would have been an issue with another RPO. On top of that, the solution overall is focused on bringing data into the Azure cloud, not the other way around. That might not be an option for some companies who are required to follow strict internal policies, regulatory procedures or compliance acts.
Now, let’s talk about pricing really quick. Azure Backup’s pricing consists of two pieces: the actual VM size and the amount of storage consumed. For the VM size, pricing starts at $5/month for a VM with less than 50GB, then goes to $10/month for VMs within the range of 50-500GB, then grows incrementally by another $10/month for each additional 500GB increment. For example, the price for protecting a 1.1TB VM would be $30/month: two increments of 500GB for $10/month + $10 for the remaining 100GB.
Veeam Backup for Azure comes to the rescue
As you can see above, there might be a need to fill in the gap and use an alternative solution. This is where my recommendation goes for Veeam Backup for Azure. While this product is the newest addition to the Veeam family, it has mature capabilities.
- It uses special temporary “worker” VMs to increase backup and restore performance.
- We use the concept of tiered protection, offering VM snapshots as the first level of defense, and VM backups that are completely separate and stored in an Azure Blob container as the second defense (hot and cool access tiers are supported).
- Protection is managed by the policy with independent settings for both snapshot and backup operations. It provides much more flexibility for backup schedules while also being mindful of storage costs. Run your backup policies every minute if you’d like!
- The built-in Cost Estimation tool gives you insight into the storage costs of your backup policy before you even begin creating the backups.
- The engine that recompiles the data into the backups typically provide 2-3x data reduction as well as being intelligent enough to not store the same data blocks twice, thus resulting in much lower costs for backup storage.
Veeam is also simpler in terms of licensing, offering Veeam Universal License (VUL) — a true universal way to protect your data no matter where the workload runs. Additionally, the price paid for protection doesn’t depend on VM size. A small 10GB Linux web server will consume the same as a 1TB Windows SQL server – 1 VUL unit.
Remember the compliance/regulation challenges? Being integrated with Veeam Backup & Replication, which is typically installed on-premises, it’s very convenient to manage your cloud backups right from your VBR console using its external repository functionality. This integration has another benefit: your data isn’t tied to a particular platform. Whenever you need to bring it down to a local datacenter, or restore your workload to a different public cloud, it’s just a matter of a few clicks in VBR.
Plus, it’s getting better as the next product version is just around the corner. If you know other Veeam cloud-native products (Veeam Backup for AWS), you can already guess what is in store for it. I can’t wait to share more details with you. And did I mention a fully functional free edition for up to 10 VMs?
Both solutions are great, with automation options that can be easily integrated with existing company services, offering PowerShell and REST API. Whatever solution you prefer at the end, I’m sure it’s going to be a well-thought decision. And hey, it’s cloud after all, switching between different models has never been easier. Stay tuned and be on the lookout for updates to Veeam Backup for Azure.