Nmedia - Fotolia
Microsoft Azure VM backup methods beyond Azure Backup vault
You can back up an Azure VM using several different methods. Microsoft's preferred technique is to use Azure Backup vault, but this may not be the best choice in every situation.
More organizations are running at least some of their virtual machines in the public cloud, but this does not negate the need for data protection. Although public cloud providers might offer financially backed service-level agreements, data loss can still occur. If that happens, you probably won't be able to call your provider and say you need the data from last Tuesday restored. It's generally up to users to protect their own data.
So how can you perform Azure VM backup? Azure virtual machines aren't that different from the VMs you might run in your own data center using VMware ESX or Microsoft Hyper-V. Like a local virtual machine, you have full control over the guest operating system and any other resources that exist within the VM.
Azure Backup vault
The primary protective mechanism within Microsoft Azure is the Azure Backup vault. It is part of Azure Recovery Services, along with the Azure Site Recovery Vault, which is used for disaster recovery as a service.
You can think of the Azure Backup vault as a backup server within Microsoft Azure. It is based on a cloud version of the System Center Data Protection Manager. Administrators can protect their Azure virtual machines by downloading the Azure Backup agent and installing it on their Azure VMs. When completed, it becomes possible to create policies that protect Azure virtual machines.
Azure Backup vault seems to work well for Azure VM backup, but administrators must consider the role regions play in the data protection process. When you create an Azure virtual machine, you must choose the region where that VM will reside. For example, an organization in New York City might opt to place its virtual machines in the East US region.
Just as virtual machines are region-specific, so are Azure Backup vaults. And they can be created in any region.
This concept may sound ideal for disaster recovery. An organization with Azure virtual machines in the eastern United States, for example, may wish to back up those VMs to a vault in the western United States as a way of insulating the backup against regional disasters. The problem is that Microsoft does not support such functionality. According to Microsoft, "Backing up virtual machines is a local process. You cannot back up virtual machines from one region to a backup vault in another region. So, for every Azure region that has VMs that need to be backed up, at least one backup vault must be created in that region."
Other ways to back up Azure VMs
Although the Azure Backup vault is Microsoft's preferred mechanism for Azure VM backup, it is not the ideal choice in every situation. An organization may wish to insulate its backups from regional disasters or back up Azure VMs like it would back up local virtual machines. Fortunately, there are options:
- Administrators have full, guest-level control over Azure virtual machines. So you could configure Azure VM backup without relying on the Azure Backup vault.
- Create a new VM in the region where you want the backup to reside, and configure that virtual machine to act as a backup server.
- Connect your Azure subscription to your local data center by way of a site-to-site virtual private network. After linking the two environments, you could install a backup agent onto each of your Azure virtual machines, allowing the Azure VMs to be backed up with your on-premises VMs. But you will need to consider the impact these types of backups will have on WAN bandwidth consumption.
- Use a backup server residing in a non-Azure public cloud for your Azure VM backup. The advantage to this approach is that the backups are insulated against any Azure-level failure. This approach has no impact on your WAN bandwidth consumption since the backups would not pass through your data center. In addition, using two separate clouds allows for regional backup isolation. The drawback is cost, since two separate public cloud subscriptions are required.
