Data protection

In recent years, there has been a rapid evolution of challenges related to data protection. The COVID-19 pandemic has resulted in an unparalleled surge in the adoption of cloud technology. With digital transformation initiatives, organizations rely more on cloud-based solutions to counter growing disruptions, cybersecurity threats, and compliance requirements. One of the primary reasons organizations opt for Azure Business Continuity and Disaster Recovery (BCDR) solutions is to ensure security and compliance. These solutions offer protection for backups and recovery of critical business applications and data from outages and ransomware attacks. The transition from a traditional CapEx model to an OpEx model allows businesses to achieve these objectives with the added advantage of management at scale capabilities without requiring a dedicated BCDR infrastructure to manage.

The combined value proposition of Azure and BCDR provides top-tier protection to both your applications and data. Let's delve into some common issues customers face, which can potentially cause downtime for their applications.

The above illustration illustrates the magnitude of impact a failure can potentially cause. It is important to note that all these failures can significantly impact your infrastructure, applications, and data. While power or network outages can potentially affect an entire data center or multiple data centers within a zone, more catastrophic events such as floods or earthquakes can affect the whole region.

Regardless of the nature of your deployment, data is likely to be stateful. Failures can have varying degrees of impact on the data. For instance, accidental deletion can result in the loss of files or folders, and a rogue administrator can wipe out both data and backups. Therefore, it is essential to establish resilience against all these failures.

On the left-hand side, premium storage enables a 99.5% availability rate for single VM deployment. To enhance resilience, you can opt for high availability structures and deploy architecture in availability sets to achieve service-level agreements (SLA) up to 99.99%. High availability should be prioritized for mission-critical apps with stringent RPO/RTO requirements. Azure Site Recovery can be utilized to establish a disaster recovery plan that protects apps from regional outages with minimal RPO/RTO and data residency.

Why organizations choose Azure BCDR?

IDC interviewed several organizations that utilize Microsoft Azure Site Recovery and Azure Backup services. The primary benefit reported by customers is the resilience offered by the Azure infrastructure. The Azure BCDR solutions are built on a highly resilient infrastructure, resulting in robust protection for your data from single VM failures to entire regional failures. Customers have reported a return on investment (ROI) of 337% over five years while experiencing significant improvements in recovery time and IT efficiency.

Protect in Azure and Protect to Azure

Protect in Azure is built-in Azure native data protection for diverse workloads through Azure Backup and Azure Site Recovery. In Protect to Azure, you can extend your on-premises strategy to Azure with help from trusted BCDR partners and Azure Site Recovery in cases where you need low RTO-based disaster recovery to the cloud. Azure BCDR and trusted BCDR partners such as Commvault, Rubrik, and many more together offer the most comprehensive workload support across the cloud and on-prem.

Protect in Azure: Workload protection

Enhanced policy and restore flexibility

Azure VM backup has introduced an enhanced policy that extends protection to a new class of VMs. This enhanced policy allows customers to achieve improved RPO in as low as four hours, providing greater security for their data. Customers can choose the backup frequency per day to optimize the RPO based on their requirements. Moreover, the standard policy has increased the snapshot retention period from five days to 30 days. This change ensures that customers can avail of high-performance backup and restore options for an extended period. Additionally, Cross-Subscription Restore offers more flexibility to restore Azure VMs to any subscription.

Protect in Azure: Cost optimization

Maintaining cost optimization is crucial for all organizations. Azure BCDR solutions offer a range of cost optimization techniques that can improve cost efficiency without compromising the quality and flexibility of data protection. There are numerous best practices available that allow organizations to optimize their BCDR costs.

Budget your cost using pricing calculator

The Azure pricing calculator allows the configuration of various cost components to estimate backup expenses accurately. If you want a customized cost estimate for your planning, you can download a detailed pricing calculator. This comprehensive tool assists in assessing long-term backup storage requirements by offering trends that illustrate how the backup storage footprint could expand based on the data volume in the environment. More than 15 variables can be customized, providing a personalized experience tailored to individual requirements.

Reduce cost with reserved capacity for Azure Backup

After gaining an in-depth understanding of your backup's storage footprint, it is possible to leverage the reserved capacity pricing option to decrease backup storage expenses by up to 24% based on size and time-frame commitments. This feature is built on Azure reservations that reduce costs by committing to one-year and three-year plans. After you purchase the reservation, a discount automatically applies to matching resources. The upfront and monthly reservation costs are the same, and customers don't charge extra fees when paying monthly. The reserved capacity pricing can be utilized across multiple subscriptions, allowing customers to optimize their savings.

Make the right cost vs. durability trade-off while configuring backup

When determining BCDR costs, vault redundancy is another crucial aspect to consider. When customers require the highest level of durability and resiliency for their backup data, there are use cases where the cost vs. durability trade-off reduces costs. By default, when you create a vault, it is set to Geo-redundant storage (GRS). However, for dev/test workloads, Locally-redundant storage (LRS) may be a more cost-effective option. LRS costs almost half of GRS, resulting in a 50% savings. Selecting the appropriate storage redundancy for different types of backup data allows for cost optimization. Azure BCDR is introducing Zone-redundant storage (ZRS), which falls between LRS and GRS and can help customers reduce costs when they require lower durability than GRS.

Reduce cost with selective disk backup

The feature of selective disk backup allows you to select and back up specific disks within your virtual machines. This feature helps in reducing the storage space required for your backups in two ways: firstly, you can choose to back up only the disks that contain critical data, and secondly, you can choose to back up only the disks that hold the operating system. By utilizing this feature, you can minimize your expenses in both situations.

Reduce cost by eliminating inactive data source backups

If you use Azure BCDR, backing up inactive data sources may result in unintended costs. The backup reports provide a list of deleted inactive data sources that allow you to recognize unused resources and take necessary steps, such as discontinuing protection and deleting or retaining data. You should periodically audit inactive data sources and backups and clean them up to reduce costs.

Reduce cost by optimizing policy configuration

Utilizing appropriate policy configurations can significantly reduce costs, and it is essential to consider the criticality of your business data when implementing them. For example, using weekly full and daily differential backups with log backups for your databases can reduce storage requirements. However, this will not affect the restore experience, as Azure Backup will automatically select the appropriate full, differential, and log backups. If your compliance and business policies allow for it, you can choose to have lower retention for your dev/test workloads.

Protect in Azure: Security and ransomware protection

The frequency, complexity, and sophistication of ransomware attacks are increasing worldwide. A recent survey revealed that in 2021, a company was targeted by ransomware every 11 seconds, resulting in an average recovery cost of 1.4 million dollars. However, despite the high cost, only 57% of affected companies were able to recover their data successfully from their backups. Therefore, it is crucial to ensure that your backups are well protected against any threats, including ransomware and other malicious factors, whether internal or external. Azure BCDR offers security capabilities to protect your BCDR data.

Control who accesses your BCDR data

You can regulate access to your BCDR data through Azure tools, such as Multi-factor authentication (MFA), Role-Based Access Control (RBAC), and specialized features available on Azure BCDR, such as Multi-user authorization (MUA).

Perform and store backups securely

With Azure BCDR, your backups are securely performed and stored using various encryption options. Your BCDR data is always encrypted, and you have the advanced option to encrypt your data at rest using your own keys. Additionally, you can back up encrypted workloads, including ADE-encrypted VMs and TDE-encrypted databases. Private endpoints allow you to perform backups from your virtual networks securely.

Keep BCDR data safe and recoverable

Backup data can be isolated from workloads in a separate tenant to avoid any impact from compromises. This, combined with secure access, facilitates the implementation of a modern Airgap for your backup data. Immutable vaults ensure that your backups in vaults cannot be deleted before the intended expiry, as per the backup policy. Moreover, the soft delete feature enables you to recover data after its deletion.

Protect to Azure: Workload protection

Microsoft recently announced the general availability of modernized experience for on-prem VMware Disaster Recovery to the cloud scenario using Azure Site Recovery. It provides a simple and reliable way to protect your VMware virtual machines. The updated ASR replication appliance requires 50% fewer configuration steps to set up compared to the previous classic version. Moreover, it improves the on-prem discovery experience across multiple vCenters. After the initial setup, users can conveniently increase their server capacity by adding new appliances without additional setup requirements. To further simplify management, users can enable the automatic upgrade feature of the ASR replication appliance. Additionally, existing users can use out-of-box migration tools to non-disruptively move their protected VMs to the modernized experience without losing their previous recovery points.

Customers can leverage Azure's trusted partner ecosystem to extend their on-prem BCDR strategy to the cloud. Whether backing up the data and apps to Azure as an off-site or using Azure as a cost-effective DR site, you can take advantage of your preferred BCDR solutions. At the same time, you can take advantage of all the cost savings. For example, store cost-effectively on the secure and durable Azure Storage platform while staying compliant.

Resources:

Business continuity and disaster recovery - Azure

What is the Azure Backup service?

Azure Site Recovery

Reference:

Microsoft Ignite Sessions