Tuesday, January 19, 2021

Azure recovery Services Vault overview and how to create one

In this blog post I would talk about Azure Recovery Services vault; this is the central component for backup or DR planning in Azure or even for on-prem if you are planning to use Azure Site recovery (ASR) for DR or Azure Backup.

A Recovery Services vault is a storage entity in Azure that houses data it stores the backups and recovery points created over time. The Recovery Services vault also contains the backup policies that are associated with the protected virtual machines. You can use Recovery Services vaults to hold backup data for various Azure services such as IaaS VMs (Linux or Windows) and Azure SQL databases. Recovery Services vaults support System Center DPM, Windows Server, Azure Backup Server, and more. Recovery Services vaults make it easy to organize your backup data, while minimizing management overhead.

We can have up-to 500 vaults in a subscription and 1000 Azure VMs can be backed up in a single vault with the frequency of once a day. Here you need to keep one thing in mind that this Vault should be in the same region as your VMs (for backup only).

 Recovery Services vaults are based on the Azure Resource Manager model of Azure, which provides features such as:

  • Enhanced capabilities to help secure backup data: Enhanced security features for backup that allow for data recovery even if production and backup servers are compromised
  • Central monitoring for your hybrid IT environment: With Recovery Services vaults, you can monitor not only your Azure IaaS VMs but also your on-premises asset backups (if configured) from a central portal.
  • Azure role-based access control (Azure RBAC): Recovery Services vaults are compatible with Azure RBAC, which restricts backup and restore access to the defined set of user roles. 
  • Soft Delete: With soft delete, even if a malicious actor deletes a backup (or backup data is accidentally deleted), the backup data is retained for 14 additional days, allowing the recovery of that backup item with no data loss. The additional 14 days of retention for backup data in the "soft delete" state don't incur any cost to you.
  • Cross Region Restore: Cross Region Restore (CRR) allows you to restore Azure VMs in a secondary region, which is an Azure paired region. If Azure declares a disaster in the primary region, the data replicated in the secondary region is available to restore in the secondary region to mitigate real downtime disaster in the primary region for their environment.

Storage settings in the Recovery Services vault: Within Recovery Services Vault Azure Backup automatically handles storage for the vault how as per our availability requirement we can choose the storage redundancy as one of the following, local, geo or zonal redundancy. As of now zonal is not available in all regions.

  • Locally redundant storage (LRS) copies your data synchronously three times within a single physical location in the primary region. LRS is the least expensive replication option but is not recommended for applications requiring high availability.
  • Zone-redundant storage (ZRS) copies your data synchronously across three Azure availability zones in the primary region. For applications requiring high availability, Microsoft recommends using ZRS in the primary region, and also replicating to a secondary region.
  • Geo-redundant storage (GRS) copies your data synchronously three times within a single physical location in the primary region using LRS. It then copies your data asynchronously to a single physical location in the secondary region.

Encryption settings in the Recovery Services vault: By default, all your data is encrypted using platform-managed keys. You don't need to take any explicit action from your end to enable this encryption. It applies to all workloads being backed up to your Recovery Services vault.

You can choose to encrypt your data using encryption keys owned and managed by you.

Azure Site Recovery: Site Recovery contributes to your business continuity and disaster recovery (BCDR) strategy, by orchestrating and automating replication of Azure VMs between regions, on-premises virtual machines and physical servers to Azure, and on-premises machines to a secondary datacenter.

This Recovery service vault blade would become the central point to configure enable and initiate the VM failover and fail back.

Note: You can also use the VM blade to configure replication for an individual VM however here you can create recovery plan to orchestrate the failover of multiple VMs part of a single application environment.

When you enable replication for a VM to set up disaster recovery, the Site Recovery Mobility service extension installs on the VM and registers it with Azure Site Recovery. During replication, VM disk writes are sent to a cache storage account in the source region. Data is sent from there to the target region, and recovery points are generated from the data. When you failover a VM during disaster recovery, a recovery point is used to restore the VM in the target region.

Demo:  

Related Reads:

Azure Recovery Service Vault Overview

Backup Support Matrix

Azure Site recovery Documentation, Azure to Azure or On-prem to Azure Scenario (AWS or any other Cloud to Azure would also fall in this category).

Also read the Backup and Site recovery FAQs.

That's it for today....Thanks :)



Posted by

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)