Aug 17 2017
Data Center

How Does Microsoft Azure Backup Actually Work?

Data security and encryption are key factors to consider when you are using the Azure Backup service.

Over the past few years, Microsoft has added a backup feature for virtual machines to its Azure Infrastructure as a Service offering, as well as expanded cloud-based backup and recovery services to cater to a wider range of infrastructure scenarios.

Azure Backup runs jobs based on either a built-in default policy or one that each user creates.

When a backup job starts, Azure instructs the VM extension to take a Volume Shadow Copy Service full snapshot of the virtual machine’s disks, guaranteeing an application-consistent snapshot without shutting down the VM. It gets a bit more complicated for Linux VMs, as custom scripts are required to ensure consistency.

The snapshot automatically uploads to Azure Backup for storage in a vault. (The snapshot is simultaneously removed from the VM.) After that initial backup, Azure will collect instances of only those data blocks that have changed and back up those to the vault.

SIGN UP: Get more news from the BizTech newsletter in your inbox every two weeks!

Data Security Is Critical 

Azure Backup doesn’t encrypt data during backup, so if you require data stored in the vault to be encrypted, you will want to encrypt the VM with Azure Disk Encryption using a BitLocker Encryption Key and Key Encryption Key.

Managed disks are not currently supported. Azure can back up encrypted Azure Resource Manager VMs only, and vaults must have replication enabled.

Remember, backups and restores need to complete in a timely manner. To reduce the impact on disk performance, it’s best to schedule backups during nonpeak hours. What’s more, only 20 disks in a single storage account should be on the same backup schedule. Finally, the specified Recovery Services vaults need to be in the same region as the instances backing up to those vaults.

A View from the Recovery Vaults

Recovery Services vaults support four primary backup technologies:

  • Microsoft Azure Recovery Services (MARS) agent: On-premises files and folders
  • Azure Backup (VM extension): Azure IaaS VMs
  • Microsoft Azure Backup Server (MABS): On-premises workloads, such as SQL and Hyper-V Server, VMware VMs, System State and bare-metal restores (NOTE: MABS includes the MARS agent.)
  • Azure Site Recovery (ASR): Backup, disaster recovery and orchestration for on-premises and hybrid Azure/on-premises infrastructures

For more on Azure Backup, visit, "3 Steps to Configure Azure to Back Up Your VMs."

Just_Super/Getty Images

Learn from Your Peers

What can you glean about security from other IT pros? Check out new CDW research and insight from our experts.