Three ways to protect your customer’s on-premises data with Azure

Back to Blog
08Oct2018

Three ways to protect your customer’s on-premises data with Azure

I am going to spend a lot of time on this topic in the few next posts, because I think it is very important for service providers and consultants (which is a lot of my reader base)–we should all keep abreast of our options. In this series, I want to key in on the three pillars of Azure Backup & Recovery for the Small and Mid-sized Business. I will have more detailed follow-up posts on each, with some analysis including pricing models, etc.

This topic will of course apply to customers with on-premises server infrastructure that they need to protect, with offsite backup and recovery. I’ve been spending more time recently on Microsoft 365 plans, which may indicate the server-less future we are all looking forward to in the SMB, but so many small businesses are still reliant on hardware-based infrastructure to support line of business applications, etc., that it just makes sense for us to keep sharp on these other solutions, which support hybrid environments.

Replacing your BDR offering with Azure Backup & Recovery Services

For years, service providers have been selling variations of backup & DR solutions from third-party vendors. One of the most common is an appliance-based solution, commonly referred to as “BDR’s” in the marketplace.

Now don’t get me wrong, this solution is great and has been rock-solid for many years. It consists of a hardware appliance (a server) that has a Windows Server Storage edition, as well as some software for deploying, capturing and even replicating backup images to other locations.

The best part? If your production host server(s) are down or having issues, you are able to virtualize the backup images onto the BDR appliance itself (usually in Virtual Box, although I’ve also seen this done with the Hyper-V role enabled on Standard edition also).

Like I said, it is a cool solution that solves a lot of problems in the SMB.  But the downside is, of course, it comes with a big cost:

  1. You have to buy or lease a server with CPU, networking, RAM and storage, so there is a fairly big capital expenditure required in terms of hardware
  2. There is an ongoing cost of licensing for the backup software
  3. To replicate to a cloud offsite, there is a cost there as well
  4. To be within the terms of Microsoft’s licensing agreement, you need purchase Windows Server licensing to basically duplicate your environment (virtualization rights) on this box, should that become necessary–otherwise you need to wait 90 days after recovery/restore before moving it back onto the production hardware
  5. As a service provider, you are also typically layering your own services on top of these costs for monitoring, updates, testing image restores, etc.

All of this adds up, and makes it a steep point of entry for smaller-sized businesses.

Enter Azure Backup and Recovery Services

Believe it or not, Azure can help you provide your customers with the same or better RTO’s, and if done right, at a lower price point. Let me share with you three Azure services available to you, which you might consider combining in different ways, or using paired with other products/offerings, to achieve this outcome. I will cover them briefly here, and in more detail in the upcoming posts.

Some of the Azure magic that allows you to start chopping out costs compared to the BDR solution:

  1. Hybrid use rights – Your Windows Server Standard or Datacenter w/ SA license will allow you to run VM’s at a discount in the cloud (and you only need to run them in a DR event–so most of this time the cost is null in this category)
  2. Zero software licensing for backup – Get enterprise grade backup software that is automated, offsite, sends alerts/notification and features great retention–basically everything the small business wants, with none of the third-party licensing cost
  3. Hardware – Backup appliance is completely optional, or is of very low cost: think virtual appliance plus cheap NAS or other storage, if local disk backups are a requirement

Therefore, the costs that are leftover are just your services, plus the storage fees in the cloud–which are on par with most other cloud providers, if not less in some cases.

Solution #1: Azure Backup

The first and most basic option is Azure Backup. Think of this as Windows Backup, for the cloud (rather than just dumping to an external USB drive or network share, it actually writes backup data into the cloud).

This solution solves a number of issues:

  1. It provides offsite backup (absolutely necessary in today’s landscape)
  2. It features encryption (great for compliance)
  3. Turning it off requires a separate set of credentials, making it almost as good as offline
  4. It is easy to configure, and affordable
  5. Up to 9,999 retention points at the time of this writing

Image credit: Alex Fields, ITProMentor.com

The downsides are:

  1. Limited to three backups / day (RPO won’t be as good as a BDR appliance)
  2. Does not do application data like Hyper-V, SQL, Exchange, etc. (file, folder & system state are supported however)
  3. Restore times will be longer on average

If your client is on a budget and they are okay with longer Recovery Time Objectives, then this may fit well on its own. Costs will be comprised of the cloud storage and your services to deploy, monitor, test, restores when needed, etc.

Solution #2: Azure Backup Server

This is Azure Backup on steroids. It is actually System Center Data Protection Manager, for free, with a built-in replication engine to Azure.

With this solution, you add the ability to do application-aware backup of Hyper-V and VMware virtual machines, SQL databases, Exchange, and so forth.

However, it also requires a separate storage location on the network. This could be setup on a virtual machine that just attaches to NAS storage (like a Synology or similar), or it could be a standalone server appliance with inexpensive SATA storage–the storage being equal to about 1.5-2x of the total environment data, minimum.

 

Image credit: Alex Fields, ITProMentor.com

Remember, here you have a local copy of the backup data; although it will only retain 5 days worth by default on-prem, you have longer retention periods possible in the cloud. Local copy means you can restore quickly if needed, bringing you into a similar RTO as your BDR appliances, potentially (depending on your deployment / design).

Did I mention that the software is free, and you pay the same for protection & storage as you would for normal Azure backup (per instance + storage consumed)?

Recap so far: I think the choice between the first two backup options covered comes down to two questions:

  1. Is application-aware backup (e.g. for SQL, SharePoint, Exchange, etc.) a necessity?
  2. Is the ability to restore quickly on-premises under certain circumstances a requirement? (e.g. do you need local disk backups?)

If yes to either of these, I’d be leading with Azure Backup Server in my proposal.

Solution #3: Azure Site Recovery 

This is where things get really interesting. You pay a little bit more per-instance for protection here ($25 at the time of this writing, plus you still pay for storage consumed in the cloud like always) but you gain the ability to replicate VM’s (from Hyper-V and VMware), and boot them in just a few minutes when needed, in the cloud. Beating in many cases the RTO that is possible with the old on-premises BDR’s of yore, with no on-premises hardware requirement.

Image credit: Alex Fields, ITProMentor.com

The Windows Server Essentials Experience role also has some pretty great tools built-in to help get this up quickly from an on-premises GUI. Making it ideal for service providers and small business admins who don’t have a lot of specialty or skill working in Azure.

Pairing this last piece with one of the above backup options, a service provider could create a pretty compelling DRaaS solution, layering their own services on top of these packages.

Conclusion

Consider cutting that backup expense down and ditching on-premises backup hardware–it is completely possible in Azure. (But note: There are still advantages to a separate physical appliance, so you have some place on-premises to work from when production is down–keep that in mind when vetting the downtime tolerance and building your proposals).

Suddenly, small businesses who may have been priced out of that other appliance-based option start to raise an eyebrow at the prospects of better up-time and recovery objective, with minimal up-front costs. And the ones who have been paying to refresh this type of solution every 3-5 years can look forward to reducing capital expenditures in future iterations of your DR offering. Hm… maybe Azure isn’t so bad after all.

Okay, and the balanced side to all of this is: Azure does not yet offer an “MSP portal” — you know, a place where you can manage all of your clients in one pane of glass. A downside if ever there was one for service providers. But, notification/alerting is totally possible, and assuming you have a ticketing system that can automatically generate tickets from emails, as well as a system to track client login information to different portals, this might not be that big of a deal. You just need to get your practice and internal workflows setup and tested. This does not have to become a big investment of time, as I hope my article series will show.

Business, Opinion , , , , 0 Comments
Share:

Leave a Reply

Back to Blog

Related Posts

02Mar

It’s all about your downtime tolerance

Before you go picking the cheapest possible IT solution that meets your business requirements, or on the other side of the equation, adding unnecessary complexity to your network, you first need to consider: What is your downtime tolerance? If you don't answer this critical question,... read more
16Nov

Three Azure solutions to SMB problems: The first rule of Azure is you don’t sell Azure

Different MSP's out there embrace the cloud to more or less extent. Most providers are doing Office 365 nowadays, but Azure (or IaaS solutions like it) is still nebulous or even a little scary: Some providers feel threatened by services like Azure, because deploying and... read more
10Apr

What is the biggest opportunity for IT Service Providers and Consultants today, in light of COVID-19?

I got this question from a reader named Rob the other day. The full question is actually a bit more detailed and revealed a lot more about the author of the question--so I've only included an abridged version that pulls out the heart of the... read more
Hybrid Azure AD Join or not?
08Jul

Should I use Hybrid Azure AD Join or not?

I consulted with an MSP recently about one of their larger customers, and whether or not to implement Hybrid Azure AD Join for existing Windows workstations (joined to traditional Active Directory). The classic consultant answer of course is, "It depends." In certain cases, perhaps. But... read more
12Jun

Managed Services Opportunities within Microsoft 365

I still regularly receive questions from independent IT consultants as well as Managed Services Providers about Microsoft 365 in relation to "regular maintenance" tasks and the like, which can be translated into Managed Services opportunity. Everyone intuitively understands that something like this is possible, but... read more
01Dec

Without a backup, your pants are on fire

I shouldn't even need to write this article. It's silly, but I have to do it anyway.  So here it goes... Not having a backup of mission critical applications and data is an emergency equivalent to having your pants on fire. Most business owners and stakeholders already assume... read more
12Mar

New OME Encryption Template, Criticism Revisited…

Spooky. Lately it's like Microsoft is following this blog or something. I have been working on a number of posts that I'm rather excited about. First, I had one of my biggest wishes come true, with the release of Files On-Demand for OneDrive (included in Fall... read more
08Sep

A Tale of Two Incidents

I have two stories to share today. Both are from individuals who contacted me about recent Cybersecurity incidents that their MSP had suffered. Both incidents were very different, and yet they share some common threads and lessons that I think we would be wise to... read more
14Oct

Why you shouldn’t disable external sharing (really)

Okay, so anyone who has ever done consulting with Microsoft / Office 365 before has probably heard this question: "Can we disable external sharing?"--Any customer at every Office 365 consulting engagement, ever. Bless their souls, these questions are usually coming from a good place, but to see... read more
26Jan

How to prepare for a HIPAA technical risk assessment or audit

I have had to help a number of smaller-sized health services clinics with this kind of thing recently, so I figured a place to collect notes on these experiences was in order. Hopefully others will find it valuable; just know that there is no such... read more

Helping IT Consultants Succeed in the Microsoft Cloud

Have a Question? Contact me today.

Contact Me