Protecting Azure Resources with Recovery Services Vault

Protecting Azure Resources with Recovery Services Vault

Your data is important. You need the best data recovery service on the market. At Oakwood Systems Group we know how to help you integrate the solutions that meet your needs.

With file and folder backup and recovery, virtual machine backup and recovery, and SQL running on IaaS VMs, Azure Recovery Services Vault gives users a strong feature set and an easy-to-use data protection service for businesses to protect their data.

Like many businesses, as their organization began rapidly migrating and deploying solutions to Azure, the demand for data protection in the cloud has also increased. That’s why Microsoft developed Azure Recovery Services Vault to help manage their backup and disaster recovery needs natively in the cloud.

Microsoft implemented Azure Recovery Services Vault to provide data protection services for their growing Azure virtual machine infrastructure. Recovery Services vault is a cloud-based PaaS solution⎯by using it, their employees can quickly obtain access to data protection for Azure resources. It’s flexible and adaptable enough to meet the needs of all their business groups, and it can evolve into an even more comprehensive data protection solution in the future.

Microsoft’s data protection services team manages data protection for all Core Services Engineering (CSE, formerly Microsoft IT). They oversee the backup and recovery of almost 9 petabytes (PB), or 9 million gigabytes (GB), of on-premises data for the organization. Primarily, they use Microsoft System Center Data Protection Manager for their on-premises workloads. They use it for the backup and recovery of:

  • Physical servers, files, and folders.
  • Virtual machines, files, and folders.
  • Application workloads, such as SQL Server and SharePoint.


Adapting for Microsoft Azure

In the past, Microsoft’s corporate infrastructure was hosted in on-premises datacenters. However, Azure has become the default environment for all of their CSE solutions. When they develop new solutions, they look at Azure first. By the end of fiscal year 2018, almost 90 percent of their CSE resources will be hosted in Azure. With their organization rapidly migrating and deploying CSE solutions to Azure, the demand for data protection in the cloud has also increased. Although their on-premises data protection methods using System Center Data Protection Manager can be extended into Azure, backing up cloud data to on-premises datacenters introduced several problems that they wanted to address.

Backup and recovery of Azure data depends on network bandwidth between the datacenter and Azure. Backup and recovery times can be significantly impacted by fluctuations in bandwidth, and they are non-functional if the connection to Azure is unavailable. CSE manages 12,000 Azure infrastructure as a service (IaaS) virtual machines in subscriptions. So they recognized the need to develop a solution for data protection. Microsoft wanted the solution to provide appropriate service for their Azure users. At the same time, they wanted a manageable and maintainable solution that they could provide for their business groups using Azure now and in the future.


Using Azure Recovery Services vault for data protection

Azure Recovery Services vault is an Azure Resource Manager resource to manage your backup and disaster recovery needs natively in the cloud. Recovery Services vault provides a consistent and unlimited backup for Azure virtual machines at the file, folder, and virtual machine levels. It also provides file and folder backup for on-premises devices.

Azure Recovery Services vault has some important features and functionality that fulfilled several of Microsoft’s goals for data protection. By using these features, they quickly positioned Recovery Services vault as a data protection solution for their business groups. They identified important functionality such as:

  • It stores data in Azure datacenters, so backup, recovery, and general data movement happens quickly between virtual machines and the Recovery Services vault.
  • It provides built-in functionality for both file and folder backup and the backup of entire virtual machines.
  • It fulfills many of our requirements in its default state. It required less customization, and it’s a solution that’s extensible and more flexible to grow with Azure functionality.
  • It uses familiar backup and recovery methods and user interfaces.
  • It meets GDPR requirements in that when data resides in the Recovery Service vault, that data is encrypted and protected against malware and ranswomware attacks.

Usage options for Recovery Services vault

Microsoft offers three primary methods for data protection using Recovery Services vault:

  1. File and folder backup and recovery. You can protect files and folders from within the operating system of your virtual machine using the Azure Backup agent. The agent is installed and managed for each virtual machine. Business groups can use the agent to back up individual files and folders or entire volumes, either as scheduled backups, or on demand.
  2. Azure IaaS virtual machine backup and recovery. With virtual machine recovery, you can back up the virtual machine state to a fully recoverable snapshot in Azure. It provides the most immediate and complete option for full virtual machine recovery. And it can be done using either Azure Portal or Azure PowerShell. With the latest release, you can even perform an item-level recovery of an Azure virtual machine deployed using the Azure Resource Manager model.
  3. SQL running on IaaS VMs. Recently, Microsoft introduced workload backup for SQL running on IaaS VMs. It uses the same native SQL APIs to do the backups and provides the added advantage of being able to manage all of it through the Azure portal. Seamless discovery and agentless protection has made it one of the best solutions available.

With Azure, your data is safe. Contact Oakwood Systems Group to find out more on how we can help you integrate the suite of tools you need to recover your data.