Reliability in Azure Backup
This article describes reliability support in Azure Backup, and covers availability zones and cross-region recovery and business continuity. For a more detailed overview of reliability in Azure, see Azure reliability.
Azure Backup is a secure and reliable built-in data protection mechanism in Azure, providing data protection for various on-premises and cloud workloads. Azure Backup can seamlessly scale its protection across multiple workloads and provides native integration with Azure workloads (VMs, SAP HANA, SQL in Azure VMs, Azure Files, AKS etc.) without requiring you to manage automation or infrastructure to deploy agents, write new scripts, or provision storage.
Azure Backup supports the following data redundant storage options:
Locally redundant storage (LRS): To protect your data against server rack and drive failures, you can use LRS. LRS replicates your backup data three times within a single data center in the primary region. For more information on locally redundant storage, see Azure Blob Storage - locally redundant storage.
Geo-redundant storage (GRS): To protect against region-wide outages, you can use GRS. GRS replicates your backup data to a secondary region. For more information, see Azure Blob Storage - geo-redundant storage.
Zone-redundant storage (ZRS): To replicate your backup data in availability zones, you can use ZRS. ZRS guarantees data residency and resiliency in the same region. Azure Blob Storage - zone-redundant storage.
Note
The redundancy options are applicable to how backup data is stored and not on the Azure Backup Service itself.
Vault storage
Azure Backup stores backed-up data in Recovery Services vaults and Backup vaults. A vault is an online-storage entity in Azure that's used to hold data, such as backup copies, recovery points, and backup policies.
The following table lists the various datasources that each vault supports:
Recovery Services vault | Backup vault |
---|---|
Azure Virtual Machine | Azure Disks |
SQL in Azure VM | Azure Blobs |
Azure Files | Azure Database for PostgreSQL server |
SAP HANA in Azure VM | Kubernetes services |
Azure Backup server | |
Azure Backup agent | |
Data Protection Manager (DPM) |
Availability zone support
Azure availability zones are at least three physically separate groups of datacenters within each Azure region. Datacenters within each zone are equipped with independent power, cooling, and networking infrastructure. In the case of a local zone failure, availability zones are designed so that if the one zone is affected, regional services, capacity, and high availability are supported by the remaining two zones.
Failures can range from software and hardware failures to events such as earthquakes, floods, and fires. Tolerance to failures is achieved with redundancy and logical isolation of Azure services. For more detailed information on availability zones in Azure, see Regions and availability zones.
Azure availability zones-enabled services are designed to provide the right level of reliability and flexibility. They can be configured in two ways. They can be either zone redundant, with automatic replication across zones, or zonal, with instances pinned to a specific zone. You can also combine these approaches. For more information on zonal vs. zone-redundant architecture, see Recommendations for using availability zones and regions.
Azure Backup service
Azure Backup is a zone-redundant service for both Recovery Service and Backup vaults. When you create your vault resources, you don't need to configure for zone-redundancy. In the case of a zonal outage, the vaults remain operational.
Azure Backup data
To ensure that your backup data is available during a zonal outage, choose Zone-redundant for Backup storage redundancy option during vault creation.
Migrate to availability zone support
To learn how to migrate a Recovery Services vault to availability zone support, see Migrate Azure Recovery Services vault to availability zone support.
Cross-region disaster recovery and business continuity
Disaster recovery (DR) is about recovering from high-impact events, such as natural disasters or failed deployments that result in downtime and data loss. Regardless of the cause, the best remedy for a disaster is a well-defined and tested DR plan and an application design that actively supports DR. Before you begin to think about creating your disaster recovery plan, see Recommendations for designing a disaster recovery strategy.
When it comes to DR, Microsoft uses the shared responsibility model. In a shared responsibility model, Microsoft ensures that the baseline infrastructure and platform services are available. At the same time, many Azure services don't automatically replicate data or fall back from a failed region to cross-replicate to another enabled region. For those services, you are responsible for setting up a disaster recovery plan that works for your workload. Most services that run on Azure platform as a service (PaaS) offerings provide features and guidance to support DR and you can use service-specific features to support fast recovery to help develop your DR plan.
When an entire Azure region or datacenter experiences downtime, your vaults continue to be accessible and you'll still be able to see your backup items. However, unless you deploy for regional redundancy, the underlying backup data isn't accessible to you for performing a restore operation.
To achieve regional redundancy for your backup data, Azure Backup allows you to replicate your backups to an additional Azure paired region by using geo-redundant storage (GRS) to protect your backups from regional outages. When you enable the backups with GRS, the backups in the secondary region become accessible only when Microsoft declares an outage in the primary region. However, by using Cross Region Restore you can access and perform restores from the secondary region recovery points even when no outage occurs in the primary region. With Cross Region Store you can perform drills to assess regional resiliency.