Backup and DR in the cloud: Understanding Azure connectors
Azure allows organizations and independent software vendors (ISVs) to leverage the cloud as a cost-effective disaster recovery (DR) and backup target location. This is a conversation we started in my last post on Azure Backup, and now will continue in the second part of the series, Azure connectors: what they are, what to consider when looking for one, and some vendors actively developing in this space.
What are Azure connectors?
Let’s start with the question at the heart of this post: What is an Azure (third-party) cloud connector? In its simplest form, an Azure connector is code written into backup software that enables it to directly write to object storage like Azure Blob. This greatly reduces the need for any custom scripts, like AZCopy, storage gateways, virtual tape libraries (VTL), or hardware-based intermediary solutions.
Two forces are driving vendors to build in this functionality. First, there is an increased demand for native integration to cloud. Second, the cost of cloud storage continues to drop lower and lower.
From a security perspective, the connector will typically communicate with the Azure Storage REST API interface over a secure HTTPS over the internet or even Express Route/S2S VPN. Azure Storage is logically segmented to provide additional security. For additional layers of protection, we typically suggest our customers consider enabling encryption at the storage level within the cloud provider.
A closer look at vendors in this space
When evaluating vendors for backing up to Azure, you should look for those who can support for Blob Storage and now, the newer Archive Tier Storage, restore into Azure, back up Azure VMs, and take advantage of deduplication.
What vendors are building in native “to the cloud” capabilities? I’ll highlight (not endorse) vendors that are actively developing in this space. Note that this is by no means a dive into every possible vendor.
1. Commvault has built a name for itself after years of successfully backing up the traditional data center to tape and disk. Today, its support for Azure is impressive. Version 11 supports backing up to Blob storage as well as support for the archive tier in Azure. This is important is because customers now have options for long-term retention and archive to multiple cheaper tiers of storage. Recovery capabilities also extend into Azure, opening further possibilities and helping customers become less dependent on having available capacity locally to restore to.
From a DR perspective, Commvault provides operational recovery of a primary application to a secondary location, like Azure, with built-in orchestration features. Interestingly enough, we find that customers who design for DR into the cloud and successfully test failover and failback into the cloud become far more confident in actually running product in the cloud.
2. Veeam, which started in the highly virtual data center space, recently expanded its capabilities with the long awaited 9.5 Update 4. With it, Veeam introduced CloudTier, a function of its Scale-Out Backup Repository that offers a tiered approach to storage management. Users can set aging metrics and orchestrate the movement of “old” data to Microsoft Azure Blob. Update 4 also brings us Veeam Cloud Mobility – though it isn’t an Azure connector, it’s worth mentioning. It allows you to quickly restore Windows or Linux workloads into the cloud for production or testing and development scenarios. Customers have already been leveraging backup and replication technologies to restore or even migrate into the cloud. Veeam Cloud Mobility provides a new option that works across cloud platforms.
3. Rubrik is probably the newest to market. The vendor is well received for its fresh approach to storage consolidation of secondary data within the data center. Two features to note are CloudOut and CloudOn. The former facilitates moving data from Rubrik on prem to Azure Blob tier, often as a replacement for tape and for archival purposes. We are hearing that support for the Azure archive tier is coming soon. Meanwhile, CloudOn facilitates application instantiation to Azure for DR/migration or test/dev scenarios bundled with the necessary orchestration.
4. Azure Import Service isn’t a backup and archive software solution, but it is a way to migrate up to 35TB of data from on prem to the cloud using UPS. Typically, a customer would order an Azure Data Box (see picture below) to be delivered to their location, where they would connect it, via USB, as a means of uploading to SSD drives built into the unit. The unit is highly secure and tamper resistant. Secured with AES 128-bit encryption, the disks can only be unlocked using the key provided in the Azure portal.
Come back for my final post of the series, where I’ll take a deep dive into Azure Site Recovery.