Support matrix for Azure Backup
You can use Azure Backup to back up data to the Microsoft Azure cloud platform. This article summarizes the general support settings and limitations for Azure Backup scenarios and deployments.
Other support matrices are available:
- Support matrix for Azure virtual machine (VM) backup
- Support matrix for backup by using System Center Data Protection Manager (DPM)/Microsoft Azure Backup Server (MABS)
- Support matrix for backup by using the Microsoft Azure Recovery Services (MARS) agent
Note
This service supports Azure Lighthouse, which lets service providers sign in to their own tenant to manage subscriptions and resource groups that customers have delegated.
Vault support
Azure Backup supports both Recovery Services vault and Backup vault, and enables you to back up and restore different datasources. You need to create the appropriate vault based on the datasource type that you want to protect. Learn more about the supported vaults.
Azure Backup uses Recovery Services vaults to orchestrate and manage backups for the following workload types - Azure VMs, SQL in Azure VMs, SAP HANA in Azure VMs, Azure File shares and on-premises workloads using Azure Backup Agent, Azure Backup Server and System Center DPM. It also uses Recovery Services vaults to store backed-up data for these workloads.
The following table describes the features of Recovery Services vaults:
Feature | Details |
---|---|
Vaults in subscription | Up to 500 Recovery Services vaults or Backup vaults in a single subscription. |
Machines in a vault | Up to 2000 datasources across all workloads (like Azure VMs, SQL Server VM, MABS Servers, and so on) can be protected in a single vault. Up to 1,000 Azure VMs in a single vault. Up to 50 MABS servers can be registered in a single vault. |
Data sources | Maximum size of an individual data source is 54,400 GB. This limit doesn't apply to Azure VM backups. No limits apply to the total amount of data you can back up to the vault. |
Backups to vault | Azure VMs: Once a day. Machines protected by DPM/MABS: Twice a day. Machines backed up directly by using the MARS agent: Three times a day. |
Backups between vaults | Backup is within a region. You need a vault in every Azure region that contains VMs you want to back up. You can't back up to a different region. |
Move vaults | You can move vaults across subscriptions or between resource groups in the same subscription. However, moving vaults across regions isn't supported. |
Move data between vaults | Moving backed-up data between vaults isn't supported. |
Modify vault storage type | You can modify the storage replication type (either geo-redundant storage or locally redundant storage) for a vault before backups are stored. After backups begin in the vault, the replication type can't be modified. |
Private Endpoints | See this section for requirements to create private endpoints for a recovery service vault. |
On-premises backup support
Here's what's supported if you want to back up on-premises machines:
Machine | What's backed up | Location | Features |
---|---|---|---|
Direct backup of Windows machine with MARS agent | - Files, folders - System state |
Back up to Recovery Services vault. | - Back up three times a day - Back up once a day. No app-aware backup Restore file, folder, volume |
Direct backup of Linux machine with MARS agent | Backup not supported | ||
Back up to DPM | Files, folders, volumes, system state, app data | Back up to local DPM storage. DPM then backs up to vault. | App-aware snapshots Full granularity for backup and recovery Linux supported for VMs (Hyper-V/VMware) Oracle not supported |
Back up to MABS | Files, folders, volumes, system state, app data | Back up to MABS local storage. MABS then backs up to the vault. | App-aware snapshots Full granularity for backup and recovery Linux supported for VMs (Hyper-V/VMware) Oracle not supported |
Azure VM backup support
Azure VM limits
Limit | Details |
---|---|
Azure VM data disks | See the support matrix for Azure VM backup. |
Azure VM data disk size | Individual disk size can be up to 32 TB and a maximum of 256 TB combined for all disks in a VM. |
Azure VM backup options
The following table lists the supported scenarios for backup of Azure VMs:
Machine | What's backed up | Location | Features |
---|---|---|---|
Azure VM backup by using VM extension or by using agentless crash-consistent backup |
Entire VM | Back up to vault. | Supports both agent-based and agentless backups. Back up multiple times a day. App-aware backup for Windows VMs; file-consistent backup for Linux VMs. You can configure app-consistency for Linux machines by using custom scripts. You can also opt for agentless crash-consistent backups for Windows or Linux. Learn more. Restore VM or disk. Backup and restore of Active Directory domain controllers is supported. Can't back up an Azure VM to an on-premises location. |
Azure VM backup by using MARS agent | - Files, folders - System state |
Back up to vault. | - Back up three times a day. - Back up once a day. If you want to back up specific files or folders rather than the entire VM, the MARS agent can run alongside the VM extension. |
Azure VM with DPM | Files, folders, volumes, system state, app data | Back up to local storage of Azure VM that's running DPM. DPM then backs up to vault. | App-aware snapshots. Full granularity for backup and recovery. Linux supported for VMs (Hyper-V/VMware). Oracle not supported. |
Azure VM with MABS | Files, folders, volumes, system state, app data | Back up to local storage of Azure VM that's running MABS. MABS then backs up to the vault. | App-aware snapshots. Full granularity for backup and recovery. Linux supported for VMs (Hyper-V/VMware). Oracle not supported. |
Linux backup support
The following table lists the supported scenarios for backup of Linux machines:
Backup type | Linux (Azure endorsed) |
---|---|
Direct backup of on-premises machine that's running Linux | Not supported. The MARS agent can be installed only on Windows machines. |
Using agent extension to back up Azure VM that's running Linux or agentless crash-consistent backup | Supports file-system, app-consistent backup (using custom scripts) via an extension. Also supports crash-consistent agentless backups. File-level recovery. Restore by creating a VM from a recovery point or disk. |
Using DPM to back up on-premises machines running Linux | File-consistent backup of Linux Guest VMs on Hyper-V and VMware. VM restoration of Hyper-V and VMware Linux Guest VMs. |
Using MABS to back up on-premises machines running Linux | File-consistent backup of Linux Guest VMs on Hyper-V and VMware. VM restoration of Hyper-V and VMware Linux guest VMs. |
Using MABS or DPM to back up Linux Azure VMs | Not supported. |
Daylight saving time support
Azure Backup doesn't support automatic clock adjustment for daylight saving time for Azure VM backups. It doesn't shift the hour of the backup forward or backwards. To ensure the backup runs at the desired time, modify the backup policies manually as required.
Disk deduplication support
Disk deduplication support is as follows:
- Disk deduplication is supported on-premises when you use DPM or MABS to back up Hyper-V VMs that are running Windows. Windows Server performs data deduplication (at the host level) on virtual hard disks (VHDs) that are attached to the VM as backup storage.
- Deduplication isn't supported in Azure for any Backup component. When DPM and MABS are deployed in Azure, the storage disks attached to the VM can't be deduplicated.
Note
Azure VM backup does not support Azure VM with deduplication. This means Azure Backup does not deduplicate backup data, except in MABS/MARS.
Security and encryption support
Azure Backup supports encryption for in-transit and at-rest data.
Network traffic to Azure
- The backup traffic from servers to the Recovery Services vault is encrypted by using Advanced Encryption Standard 256.
- Backup data is sent over a secure HTTPS link.
Data security
- Backup data is stored in the Recovery Services vault in encrypted form.
- When data is backed-up from on-premises servers with the MARS agent, data is encrypted with a passphrase before upload to the Azure Backup service and decrypted only after it's downloaded from Azure Backup.
- When you're backing up Azure VMs, you need to set up encryption within the virtual machine.
- Azure Backup supports Azure Disk Encryption, which uses BitLocker on Windows virtual machines and dm-crypt on Linux virtual machines.
- On the back end, Azure Backup uses Azure Storage Service Encryption, which protects data at rest.
Machine | In transit | At rest |
---|---|---|
On-premises Windows machines without DPM/MABS | ||
Azure VMs | ||
On-premises Windows machines or Azure VMs with DPM | ||
On-premises Windows machines or Azure VMs with MABS |
Compression support
Backup supports the compression of backup traffic, as summarized in the following table.
- For Azure VMs, the VM extension reads the data directly from the Azure storage account over the storage network, so it isn't necessary to compress this traffic.
- If you're using DPM or MABS, you can save bandwidth by compressing the data before it's backed up.
Machine | Compress to MABS/DPM (TCP) | Compress to vault (HTTPS) |
---|---|---|
Direct backup of on-premises Windows machines | NA | |
Backup of Azure VMs by using VM extension | NA | NA |
Backup on on-premises/Azure machines by using MABS/DPM |
Retention limits
Setting | Limits |
---|---|
Maximum recovery points per protected instance (machine or workload) | 9,999 |
Maximum expiry time for a recovery point | No limit |
Maximum backup frequency to DPM/MABS | Every 15 minutes for SQL Server Once an hour for other workloads |
Maximum backup frequency to vault | On-premises Windows machines or Azure VMs running MARS: Three per day. A maximum of 22 TB of data change is supported between backups. DPM/MABS: Two per day Azure VM backup: One per day |
Recovery point retention | Daily, weekly, monthly, yearly |
Maximum retention period | Depends on backup frequency |
Recovery points on DPM/MABS disk | 64 for file servers; 448 for app servers Unlimited tape recovery points for on-premises DPM |
Cross Region Restore
Azure Backup has added the Cross Region Restore feature to strengthen data availability and resiliency capability, giving you full control to restore data to a secondary region. To configure this feature, see Set Cross Region Restore. This feature is supported for the following management types:
Backup Management type | Supported | Supported Regions |
---|---|---|
Azure VM | Supported for Azure VMs (including encrypted Azure VMs) with both managed and unmanaged disks. Not supported for classic VMs. | Available in all Azure public regions and sovereign regions, except for UG IOWA. |
SQL /SAP HANA | Available | Available in all Azure public regions and sovereign regions, except for France Central and UG IOWA. |
MARS Agent (Preview) | Available in preview. Not supported for vaults with Private Endpoint enabled. |
Available in all Azure public regions. |
DPM/MABS | No | N/A |
AFS (Azure file shares) | No | N/A |
Resource health
The resource health check functions in following conditions:
Resource health check | Details |
---|---|
Supported Resources | Recovery Services vault, Backup vault |
Supported Regions | - Recovery Services vault: Supported in all Azure public regions, US Sovereign cloud, and China Sovereign cloud. - Backup vault: Supported in all Azure public regions, except Sovereign clouds. |
For unsupported regions | The resource health status is shown as "Unknown". |
Zone-redundant storage support
Azure Backup now supports zone-redundant storage (ZRS).
Supported regions
Azure Backup currently supports ZRS for all workloads, except Azure Disk, in the following regions: UK South, South East Asia, Australia East, North Europe, Central US, East US 2, Brazil South, South Central US, Korea Central, Norway East, France Central, West Europe, East Asia, Sweden Central, Canada Central, India Central, South Africa North, West US 2, Japan East, East US, US Gov Virginia, Switzerland North, Qatar, UAE North, and West US 3.
ZRS support for Azure Disk is generally available in the following regions: South Africa North, East Asia, Southeast Asia, Australia East, US Gov Virginia, Brazil South, Canada Central, China North 3, North Europe, West Europe, France Central, Germany West Central, Central India, Israel Central, Italy North, Japan East, Korea Central,Norway East, Poland Central, Qatar Central, Sweden Central, Switzerland North, UAE North, UK South, East US, East US 2, South Central US, West US 2, West US 3.
Supported scenarios
Here's the list of scenarios supported even if zone gets unavailable in the supported regions:
- Create/List/Update Policy
- List backup jobs
- List of protected items
- Update vault config
- Create vault
- Get vault credential file
Supported operations
The following table lists the workload specific operations supported even if zone gets unavailable in the supported regions:
Protected workload | Supported Operations |
---|---|
IAAS VM | - Backups are successful, if the protected VM is in an active zone. - Original location recovery (OLR) is successful, if the protected VM is in an active zone. - Alternate location restores (ALR) to an active zone is successful. |
SQL/ SAP HANA database in Azure VM | - Backups are successful, if the protected workload is in an active zone. - Original location recovery (OLR) is successful, if the protected workload is in an active zone. - Alternate location restores (ALR) to an active zone is successful. |
Azure Files | Backups, OLR, and ALR are successful, if the protected file share is in a ZRS account. |
Blob | Recovery is successful, if the protected storage account is in ZRS. |
Disk | - Backups are successful, if the protected disk is in an active zone. - Restore to an active zone is successful. |
MARS | Backups and restores are successful. |
Next steps
- Review support matrix for Azure VM backup.