In the last couple of months, I worked head down to build an offer for an hybrid cloud solution based on Windows Azure. The solution is aimed at giving a quick answer to all the scenarios where a new project needs to be activated “for yesterday”. I know, you know.
Enabling an hybrid cloud using a IaaS infrastructure takes some planning and, basically, what counts for your on premises systems is still valid for the cloud based ones.
This article will focus on how to protect your data once it’s out in the cloud. It will soon be followed by a companion article on how to protect your workloads running on Windows Azure a sort of Bare Virtual Recovery.
To protect our data running on Azure IaaS VMs we have four choices:
– Implement a system or a set of systems in Azure dedicated to protecting data. For example, we can deploy a System Center DPM VM and use it to protect the Azure running workloads. This can become expensive and it is probably justified when we need application aware recovery and we have a significant number of VMs with data to protect. This solution is operated exactly as an on premises one, there’s nothing to add.
– Use Windows Azure Backup Agent and the Azure backup vault. This is often promoted as an offsite backup storage solution, but it can be used for cloud born workloads as well. (http://www.windowsazure.com/en-us/solutions/storage-backup-recovery/). My two fellow MVPs John and Robert just wrote a great step by step on how to configure WABA see Using and Monitoring Azure Backup for Windows Server
– Use a third party data protection service, there are offers on the marketplace. (See for example http://www.evault.com/uk/windows-azure/, I have not tested this service and I’m in no way pushing it, it’s just for completeness sake)
– Implement our own backup automation using additional VHDs
Note. All these solutions miss the tape based protection, so if you need, for legacy compliance or what else, a tape based backup a different strategy must be employed. Obviously it is possible to prepare some custom scripting and download the data to an on premises data center to protect it with tapes. This is feasible if WAN links and egress (download) traffic costs from Azure are worth the task. I’m not going to address tape based backup.
Of all these options, I chose the DPM based and Windows Azure backup Agent ones, obviously they have different targets. While the DPM solution is well known and nothing needs to be added in terms of reliability and monitoring, the story for the Windows Azure Backup Agent (WABA) is completely different.
As usual there are pro and cons in every choice and the WABA one makes no difference.
Service that’s supposed to improve and add features very quickly
Can store the data sets in an Azure backup vault that’s different to the Azure infrastructure that hosts the VMs
Can be automated via powershell
Can be monitored using Operations Manager
The agent is very basic and protects only file based data. It doesn’t use the VSS writers defined on the protected VMs. For example, to protect a SQL database you must first dump the database on a local folder and then use the WABA to move the dump to the backup vault.
The backup vault storage is more expensive than the locally redundant storage used for VM. (The local storage costs about 1.75$ / 1.21€ per 25GB, while 25 GB of backup vault are 10.00$ / 7.45€). It must be considered the backup vault is compressed and nothing is billed for IO transactions. So it really depends on the compression ratio of your data.
It supports Windows Server 2008 R2 and up
I just wrote WABA can be monitored via Operations Manager, well almost, actually this is one of the goal of this article.
To start you need to install WABA on every system you want to protect, this is not a very scalable solution and I anticipated for a significant number of VMs you shall consider a cloud based DPM server before taking your final choice. As you know I don’t like to rewrite what has already be written, so you can find a good tutorial on how to install WABA here.
If WABA is the choice there’s one final challenge: being able to monitor if it completes successfully. WABA schedules a pair of tasks, the first one is in charge of the actual backup and the second one tries to recover the failed jobs (a sort of self healing).
To monitor scheduled tasks you can used this free Management Pack “Progel Windows Scheduled Task management pack”, but this is only part of the problem. How can you be sure that even if the task is successful the backup vault is listing the saved datasets? The WABA comes with its own powershell module and this is pretty useful, with a couple of line of code we can always get the vault view of our backups
Obviously if we have powershell support we can write a Management Pack to check for it. I wrote a Management Pack you can find on Technet Gallery that implements the following:
Discovers if there’s a backup policy defined, without a policy we don’t have any backup so we have nothing to check
Checks if we have an up to date (configurable) backup on the vault
Optionally (disabled by default) checks the backup size and raises an alert if it surpasses a given threshold
The MP is fairly simple and if WABA will get more momentum it will need to be improved to cover more aspects, but together with the Scheduled Task Management Pack it is a good start for monitoring WABA.
This posting is provided “AS IS” with no warranties, and confers no rights.