Three ways to protect your customer’s on-premises data with Azure: Part 2 – Azure Backup Server
In the previous post, we looked at Azure Backup using the MARS agent, which can only do file, folder & system state data, and must be configured on the local machine. As you may already be aware, there are no local backup copies in that solution–you would need to provide for your own separately if that were a requirement (and it usually is). Furthermore, you cannot use it to backup application data such as SQL and Exchange databases, or virtual machine data from Hyper-V or VMware.
Today we will look at Microsoft Azure Backup Server (MABS), which will solve all of these pieces. This solution is a watered down (and free) version of Microsoft’s Data Protection Manager software–which is otherwise prohibitively expensive for many SMB’s (it is sold in the System Center suite of products). I have previously described how to set this product up on this blog.
Image credit: Alex Fields, ITProMentor.com
In this solution, you will need a small appliance or server with some cheap SATA storage: about 1.5-2x whatever is the aggregate of your production servers. You can download and install the Azure Backup Server software to this appliance, and configure it to backup your on-premises workloads. You can use it to backup entire virtual machines (Hyper-V AND VMware), as well as SQL and Exchange data. So in case you were wondering, the answer is yes: you can do bare metal restores with this solution, folks.
How does it work?
The way it works is simple: MABS will use Data Protection Manager (DPM) agents on the local servers that you are backing up, and it will itself contain a MARS agent for pairing up to an Azure Recovery Vault. Similar to the MARS setup, you need to provide vault credentials to get this relationship all setup, and then you can easily choose your own retention settings and so forth.
The Azure Backup Server follows the same pricing model as Azure Backup, where you pay per instance (instance=something you are backing up, like an individual server or workstation) and based on how much storage you consume. It is actually quite affordable. See Azure’s pricing details and calculator.
It is also worth noting that running Azure Backup Server will require a Windows Server License, not unlike running a “BDR” appliance, if you are familiar with those solutions (usually sold bundled with some third-party software & licensing).
You could even have two tiers of storage attached to this server, if you wanted to enable the Hyper-V role and use some faster disks for restoring & running VM’s for example. Yes: this would cost a little extra, but probably still be competitive with your BDR appliance–most likely cheaper.
Again, as with the MARS solution we looked at before, retention is phenomenal for cloud storage (9,999 retention points at the time of this writing). The only downside/catch here is that they limit you to two backups per day with Azure Backup Server (it is three per day with Azure Backup/MARS agent).
However, by default, the MABS server will only want to hold on to a very small amount of data on-premises: 5 days out of the box. The point of having the most recent images on-premises is in case you’d need to restore something more quickly / in a short time frame (don’t have to wait for a download from Azure before starting restore).
Therefore, the RTO is excellent in certain scenarios–hours not days, provided you have hardware to restore to. The RPO, of course, is limited by those two backups per day–so in a typical 8 hour workday, maybe 4 (business) hours.
This solution solves a lot of problems, and I’m honestly surprised by its low adoption rate so far. I think this is mostly owed to the fact that nobody seems to know it exists. The other factor at play, is that service providers aren’t really incentivized to sell it; it can be argued that it would make our jobs more difficult since it is impossible to get a view or reports across all of our customers in the present iteration. But if service providers could solve this, even with their own tools and practices, it would be a huge win for them, in my opinion.
You can quickly restore entire workloads or individual files/folders on-premises from the MABS server, or, you can (if needed) refer to the cloud vault and restore your data from there. This is all seamless from the Azure Backup Server console.
Key takeaway: I would still recommend a monitoring/reporting solution be paired up with this; something that would allow you to manage multiple customers’ instances, and scale more easily. What logic could you build into your existing monitoring agents to take this to the next level for you?