Three ways to protect your customer’s on-premises data with Azure: Part 1 – Azure Backup with MARSAlex Fields
In this series we will explore three different Azure solutions, all of which are aimed at one objective: Protecting your organization’s (or your customer’s organization’s) critical data. You might use just one of these, or any combination of them, in your own DR plan–but you will want to choose the right tool(s) for the job. So let’s take a look at the differences between:
- Azure Backup using the MARS agent (this post)
- Microsoft Azure Backup Server (MABS)
- Azure Site Recovery (replicating servers to the Azure cloud for DR)
Azure Backup (using the MARS agent)
Most consultants have other backup products and services that they resell or subscribe to, but Azure Backup is starting to gain a little more momentum now that they offer longer retention options, as well as System State backup. Another point worth mentioning: I find that many a consultant’s first exposure to Azure starts with Azure Backup–it seems to be how a lot of folks are dipping their toes into the Azure blue water, so to speak.
So let’s take a look at how Azure Backup works, conceptually:
Image credit: Alex Fields, ITProMentor.com
Until recently, we could only do file & folder backup, but now it is possible to include the System State as well. We should also note that the System State will need to be restored separately, using the Windows Backup utility, so it is a two-part restore.
Furthermore, the agent must be installed and configured individually on every server and workstation you intend to protect. There is no central console where you can for example: setup the infrastructure, deploy the agents and configure job settings. Nope, you have to go to each machine and run through the setup procedure.
One other important thing to note: this solution does not backup VMware or Hyper-V virtual machine data, so you would not configure it on a Hyper-V host server. You can set it up inside guest VM’s that have file & folder or system state data, of course. You can also configure it to backup Windows workstations (which is what I’m using on my own laptop these days). But if you have entire virtual machines you’d like to protect, then the next two options we are going to cover in this series might be of more interest to you.
Azure Backup is a good option for a small-sized business requiring an affordable offsite copy of on-premises data. No other hardware investment is required to get it up and running, and the costs overall are pretty low. Sufficed to say, many small businesses would be able to get by with about $100 USD per month or less. Some maybe more. You can check out Azure’s pricing details and calculator for more examples.
By the way, I have heard many rumors that Azure charges for egress data (downloading your data for the purposes of recovery)–these rumors are 100% false; there are no extra charges for performing recovery listed anywhere in Azure literature, and I have not seen any monthly increases when restoring files from my vault.
These days, most small businesses will not feel constrained by the retention that is possible using Azure Backup. The image below contains default values from the MARS agent setup, and as long as you can fit your selections within 9,999 retention points per instance (at the time of this writing), then you should be good. Therefore you might not need as much storage for local retention points on-premises–so keep that in mind when designing your end-to-end DR solution.*
Monitoring & notifications
Yes, Azure Backup has monitoring, and yes, it can be configured to throw off alerts via email notification. However, and this is a huge miss on Azure’s part, this is not yet setup well for service providers. For example, there is no central console or view that I can get of all my customer’s protected instances–I have to do this for each one individually.
Ideally, a NOC team would be able to run reports and view alerts all in one place, but that is impossible today, so you are required to have a login or be designated as an admin on every subscription that has an instance that you would like to watch. Being part of Microsoft’s Cloud Services Provider program (CSP) does nothing for us here, which is too bad.
Hopefully this is something that continues to improve in the offering.
Other considerations for MARS / Azure Backup
Since we aren’t able to do full server image backup like certain other solutions, just ensure the customer is okay with longer time-to-recover objectives (RTO in terms of days not hours for total loss/disaster recovery).
In most cases, I would consider Azure Backup as a “second option” and extra insurance against disaster events like tornados, floods, fires and the like, where a company could experience a total loss of their primary site. It would be much better to rely on a local backup first for most scenarios, and call on the cloud backup only as needed.
Key takeaway: I still recommend keeping a local backup, even with this offsite solution in place. To see some other considerations, check out this FAQ at Azure.
*Also note: some companies go the other way on this issue and keep very little retention in cloud storage, with many more retention points on-premises. It all depends on their business objectives and downtime tolerances.