A Guide to Different Microsoft Azure Backup Options
Azure is getting a lot of hype in the Microsoft world right now. For most companies, Microsoft Azure’s hybrid cloud solutions are the easiest to adopt, thanks to the fact that these solutions supplement, rather than replace existing on-prem investments. One such feature is Azure Backup, which offers online backup.
Online backup is nothing new; many have been customers or resellers of these solutions for over a decade. But Microsoft is still a relatively new player in this market, and most are unaware of what Azure Backup can offer. In this article, I’ll explain three different ways you can use Azure Backup to protect your on-premises workloads.
Three Different Ways to Use Azure Backup
One thing that people find confusing is that there’s different variations of Azure Backup. That can be confusing, so I like to identify the three hybrid offerings using the following names:
Passwords Haven’t Disappeared Yet
123456. Qwerty. Iloveyou. No, these are not exercises for people who are brand new to typing. Shockingly, they are among the most common passwords that end users choose in 2021. Research has found that the average business user must manually type out, or copy/paste, the credentials to 154 websites per month. We repeatedly got one question that surprised us: “Why would I ever trust a third party with control of my network?
- MARS: The Microsoft Azure Recovery Services agent that is deployed onto a machine that you want to backup directly to Azure.
- DPM: Microsoft System Center Data Protection Manager is an on-premises backup server that will perform disk-to-disk-to-cloud backup.
- MABS: The Microsoft Azure Backup Server is also an on-premises backup server that you can get from Microsoft to perform disk-to-disk-to-cloud backup.
The following table differentiates the three Azure Backup hybrid, online backup solutions.
Microsoft Azure Recovery Services (MARS)
The Microsoft Azure Recovery Services agent can be downloaded and installed onto a Windows PC (Windows 7 or later) or server (Windows Server 2008 or later) to backup that individual machine. A backup job is scheduled, managed, and monitored on that machine. There’s no centralized console at this time, but it’s in the works; see Project Venus. The agent will backup selected data on the machine and send it directly to a backup vault in Azure.
- All data is encrypted at source, and Microsoft does not have the secret to decrypt the data.
- Data is compressed and backup works on an efficient synthetic full basis, just taking changes.
- MARS can only backup files and folders at this time.
- There’s no centralized alerting at this time.
The scenarios where MARS suits include:
- Backing up laptops that are rarely in the office.
- A small business or branch office with a file server.
- Providing granular protection for files and folders in a cloud virtual machine.
Microsoft System Center Data Protection Manager (DPM)
A lot of organizations have purchased System Center licensing and can choose to deploy the included Data Protection Manager, Microsoft’s backup product, instead of the usual names like Veeam, ArcServe, Commvault, and so on. DPM can protect more types of sources than MARS, including:
- Exchange Server
- SharePoint Server
- SQL Server
- Files and folders
- And we know from Ignite 2015 that support will be added for vSphere at some point
DPM is installed on-premises on a physical or virtual machine that has access to a large and cheap disk array. DPM agents are deployed to each host/machine that must be protected and a protection group is created to backup selected items to the local disk array; this is disk-to-disk backup.
DPM supports extending disk-to-disk backup to disk-to-disk-to-cloud backup. The MARS agent is downloaded and installed on the DPM backup server. This extends DPM functionality and lets you modify the protection group to forward some or all protected items to Azure. In this scenario, the local backup offers short-term retention, and Azure offers automated off-site storage with long-term retention.
Once again, there’s compression to reduce storage and bandwidth consumption and TNO security to protect your secrets.
Microsoft Azure Backup Server (MABS)
What do you do if you want DPM with cloud backup support, but can’t afford the relatively expensive System Center licensing?
The Azure Backup and DPM team released a free version of DPM last year, called Microsoft Azure Backup Server (MABS), which is designed for disk-to-disk-to-Azure backup. MABS is a customized version of DPM that gives you everything you get in DPM, excluding tape drive support. This means that you can protect all the same data sources as DPM and get the same disk-to-disk-to-cloud backups with centralized management on the MABS server that you get with DPM … for free … no need to pay for a backup server product!
Choosing a Microsoft Azure Backup Solution
So which of the three options do you go with?
- Small business: If you have one file server or a few remote machines, then MARS will be the right option for you. MARS is lacking centralized online management, but that’s coming.
- System Center customer: You have the option to deploy DPM with the System Center licensing that you probably acquired to deploy System Center Operations Manager (SCOM) or System Center Virtual Machine Manager (SCVMM). DPM can backup your workloads to a local cheap disk array and then forward data to Azure.
- Non-System Center customer: You can deploy MABS as your on-premises server and PC backup solution and use it for disk-disk-cloud backup.
What if you have other backup needs that Microsoft cannot support? Many other vendors, such as Veeam, Commvault, ArcServe, and Altaro, have the ability to do disk-to-disk-to-cloud backup using Azure storage accounts; some use the same very affordable Block Blob service that Azure Backup uses, and others require you to deploy virtual machines in page blobs and disks storage. Consult the vendors of those other backup servers to see what they can do with Azure.