Exploring Microsoft's Azure Backup Server v3
Azure’s backup service is called Azure Backup; this service is responsible or enabling customers to protect Azure resources such as Azure virtual machines, SQL Server in machines, Azure SQL long-term retention, Azure Files, and the list grows longer. Azure Backup also provides on-premises protection services that can send data to the cheap storage of The Cloud.
The original, and probably most widely used part of Azure Backup, in on-premises protection, is the MARS agent. MARS is a small agent that you can install onto a Windows Server to protect folders & files and system state. It’s great in small businesses, PCs, and in branch office scenarios, offering infrastructure-free backups that are securely sent straight to the cloud.
However, as good as MARS is, it did not protect VMware, Hyper-V, SQL Server and Office servers such as Exchange/SharePoint – though backup needs for the latter are changing as Office 365 takes their place … yes, you really do need backups – I’ve seen the customers that weren’t served by replication or recycle bins.
Passwords Haven’t Disappeared Yet
123456. Qwerty. Iloveyou. No, these are not exercises for people who are brand new to typing. Shockingly, they are among the most common passwords that end users choose in 2021. Research has found that the average business user must manually type out, or copy/paste, the credentials to 154 websites per month. We repeatedly got one question that surprised us: “Why would I ever trust a third party with control of my network?
So Microsoft introduced Microsoft Azure Backup Server (MABS) – a customized version of System Center Data Protection Manager.
You do not need to buy System Center. There is no software fee for MABS; you pay the “instance” fee for each protected item and a block blob storage fee for any storage you elect to use in Azure.
MABS will protect VMware, Hyper-V, SQL Server, Exchange, and SharePoint, in addition to system state and files & folders. Like a traditional backup server, which it will replace, MABS is installed on an on-premises Windows machine. It backs up your resources to a relatively small amount of on-premises storage (fast restore from short-term retention) and then forwards the data to Azure for short-term and long-term retention. You can send all, a subset or none of your data to Azure.
MABS appears to have an annual update schedule. The original was updated with MABS v1 Update 1. Then along came MABS v2. And now, Microsoft has released MABS v3.
Note that MABS v3 is still based on DPM 2016. DPM 2019 is not available yet and is planned for 2019.
A bunch of new features were added to MABS v3:
- Windows Server 2019 Support: You can install MABS v3 on WS2019. It does not have support to protect WS2019 yet, but I suspect an agent update will add this at a later time.
- SQL 2017: MABS can use SQL 2017 as its database server. Support to protect SQL Server 2017 was also added.
- Volume to Volume Migration: MABS v2 added workload-aware storage, enabling certain workloads to be stored on certain volumes in your on-premises short-term retention disk capacity. You might need to move some of this storage around, and MABS v3 allows you to migrate backup data to a different volume.
- Protected Storage: MABS should only use certain volumes (LUNS). If an unsupported volume is used then it can lead to data loss. You can lock those volumes out from selection using PowerShell cmdlets.
- Custom Size Allocation: MABS v2 switched to using a volume/folder/file-based storage solution called Modern Backup Storage (MBS) from an older partition-style method. MBS is normally thinly provisioned but MABS v3 allows you to reserve capacity and reduces the time it takes to complete a backup for a machine such as file servers that have many smaller files.
- Optimized Consistency Checks: MABS leverages resilient change tracking (RCT) that was added in Windows Server 2016 Hyper-V. MABS v3 optimizes the consumption of network and storage by only transmitting changed data during any consistency checks.
- TLS 1.2: Like other parts of Azure, MABS is staying up with the security curve by upgrading secure agent communications to TLS 1.2.
- VMware: Backup is supported for production environments, offering support for vCenter and ESXi 5.5, 6.0 and 6.5. Recovery to alternative locations was also made more efficient.
The data on backup servers is mission critical. If a backup vendor releases a new version then we need to be able to upgrade, to stay current on features, support, and bug fixes, but we need to be able to upgrade without losing data. Happily, MABS allows for this.
The upgrade path is as follows:
- MABS v1 -> MABS v1 Update 1
- MABS v1 Update 1 -> MABS v2
- MABS v2 -> MABS v3
The biggest changes happened in MABS v2, which can be installed on WS0212 R2 or WS2016. If WS2016 was chosen, then you could use MBS as the on-premises short-term retention backup storage. There was no ability to switch from the legacy storage, but you could retain the legacy storage.
If you have deployed MABS v2, then you can upgrade to MABS v3. You will need to be on WS2016 or WS2019 (check virtualization or hardware support for the latter first).
MABS v3 does require its database to be stored in SQL Server 2017. If you are using the default SQL Server installation of MABS, an upgrade will upgrade the SQL Server installation for you. If you are using a custom installation of SQL Server, then you will have to upgrade it first.
In terms of features, this is not a big bang release; it’s an evolution of what we had last year, but I think most businesses prefer gradual improvements (see Windows 10 1809). I think next year might bring bigger changes because “MABS v4” will probably be based on DPM 2019.
Even though only a small percentage of my Azure Backup customers are using MABS (instead of MARS) it has proven to be valuable and continued improvements and investment in the solution are always welcome.