Preview of Centralized Reporting for Azure Backup
Microsoft has started to address one of the big feature requests for Azure Backup: centralized reporting. A preview has been launched to allow you to centrally visualize and report on your usage of Azure Backup.
Azure Backup has been with us for a few years now but it is still much younger than many other online backup solutions. There is still a feature gap. I have been promoting Azure Backup with my customers for 3 years. In all that time, the question that always presents, “Can I get a report on successful backups?” Excuse me? Do you mean failed backups? No, they do not mean that. They want to be able to show their internal and external customers that backups are working.
I can go on and on about that line of thinking but the question pointed out something that was missing in Azure Backup. We did not have a means for centrally monitoring and reporting on many sources of backup and cloud (recovery site vault) usage.
Microsoft launched a preview of Azure Backup Reports at the end of June. In this initial release, we can monitor and report on:
- MARS (referred to as MAB in the user interface) backup jobs
- Storage usage
We do not have support for but it is on the way:
- Microsoft Azure Backup Server (MABS) or System Center Data Protection Manager (DPM)
- Azure virtual machine backups
The consumption of data in this solution is enabled by Microsoft Power BI. You can consume up to 1GB of data per user by using the free version of Power BI. Each recovery services vault is configured to dump data into an Azure storage account. An Azure Backup “service” (think of it as a packaged template) is imported into your Power BI account. Power BI is configured to consume data from the storage account via an access key and visualize that data in tons of pretty diagrams and reports.
This is a Power BI solution, so it is very customizable:
- Create your own dashboards
- Edit your own reports
- Create email subscriptions
- Share visualization through websites or SharePoint
Note that you can also export the recovery services vault data to an Event Hub or Log Analytics.
There is a ton of data presented via Power BI. Storage is one of the two costs of Azure Backup, so you will want a good grip on how much you are using and how it is trending (growth and retention).
And to answer the age-old question about successful and failed backups, you can get pretty visualizations on that too:
I have gone one step further and created a very simple report on Azure Backup jobs. It shows the machine name, the end state of the backup job, the date, and the time. I have pinned this report to a summary dashboard and I have subscribed to this report via email. This means that I get a report every day to inform me about backup health and I can see this report very quickly in Power BI.
At first, this solution sounded perfect for Microsoft partners. They often deal with many customers in managed services contracts and are responsible for maintaining backups. Each customer has their own tenant (an Azure AD domain), one or more subscriptions in their own tenant, and one or more recovery services vaults in each subscription. This means that the partner must cross a security boundary (the tenant) to manage each customer. Delegated access to guest admin accounts does so much but the tenant boundary is still there.
The architecture that was used in the first preview release of Azure Backup Reporting is subject to the boundaries of the tenant:
- The recovery services vault can only export data to a storage account in the same tenant.
- The Azure Backup Power BI service can only consume data from a single storage account.
- To monitor 50 customers’ backups, you need to deploy 50 storage accounts. You need one in each customer’s tenant and then create 50 instances of Azure Backup in Power BI.
The result is that there is not a single view of all your customers. You can do some things, such as pinning reports to a single summary dashboard, but this does not scale out beyond 4 or so tenants or customers. The reporting solution as it is now, is not very usable for Microsoft partners, to be quite frank.
It would be better if the recovery services vault exported data to a single storage account via an access key. This would allow the data export to scale beyond the security boundary of a tenant and enable the Microsoft partner to have a single view of all backups.
If this cross-tenant solution is important to you, then you can vote on some feedback.
I do not want to end this post on a negative note! The preview release of this solution is great news because we have been waiting for years for centralized monitoring and reporting in Azure Backup. If you are like me, and you are new to Power BI, then this is a great chance to learn something useful. You will find that there are some other useful Azure services that you can use, such as auditing administrator activity in a subscription or auditing sign-in activity in a tenant/Azure AD domain. I think the Azure Backup Reporting solution must solve the multi-tenant problem and sooner rather than later. It needs added support for MABS and Azure virtual machine backups after the tenancy problem, in my opinion. Thankfully, Azure Backup Reporting is off to a good start.