Virtual Machine Data Protection Options

1. Azure Backup

• Purpose: Protect Azure VMs running production workloads.

• Features:

  • Supports application-consistent backups for Windows and Linux.

  • Creates recovery points stored in geo-redundant Recovery Services vaults.

  • Restore options:

    • Entire VM

    • Specific files/folders

• Backup Process:

  1. Create a Recovery Services vault.

  2. Define a backup policy (schedule & retention).

  3. Enable backup on the VM (requires Azure VM Agent).

2. Azure Site Recovery (ASR)

• Purpose: Disaster recovery for VMs during major outages.

• Features:

  • Replicate VMs across Azure regions or from on-premises/other clouds to Azure.

  • Continuous replication: as low as 30-second intervals for Hyper-V.

  • Supports planned failovers (zero data loss) and unplanned failovers (minimal data loss).

  • Integrates with Azure networking and Traffic Manager for smooth failover.

• Architecture Steps:

  1. Install Site Recovery Mobility service on the VM.

  2. Replication to cache storage then to target storage.

  3. Generates crash-consistent and app-consistent recovery points.

  4. Failover creates VMs in target resource group/network/availability set.

3. Managed Disk Snapshots

• Purpose: Quick backup for dev/test environments.

• Features:

  • Point-in-time read-only copy of a managed disk.

  • Independent of source disk.

  • Billing: only for actual data used.

  • Disk size limit: up to 32 TB.

  • Supports Standard SSD/HDD and Premium SSD.

• Limitations:

  • Snapshot is disk-specific, cannot coordinate across multiple disks.

4. Managed VM Images

• Purpose: Create reusable VM templates.

• Features:

  • Captures all disks (OS + data) of a VM.

  • Useful for creating multiple VMs from one image.

5. Azure Backup Server / DPM

• Purpose: Protect on-premises VMs and workloads, or complex application environments.

• Features:

  • Application-aware backups (SQL Server, Exchange, SharePoint).

  • Granular scheduling and recovery options.

  • Backup to local disk first, then to Azure for long-term storage.

• Steps:

  1. Install DPM/MABS agent on target machines.

  2. Configure protection groups.

  3. Backups run on schedule to local disk.

  4. Local data synced to Azure Recovery Services vault using MARS agent.

6. MARS Agent

• Purpose: Simple file/folder backup on Windows VMs.

• Limitations:

  • Not application aware.

  • Up to 3 backups/day.

  • File/folder/volume-level restore only.

  • No Linux support.

7. Soft Delete for Azure Storage

• Purpose: Protects against accidental deletion or overwrite.

• How it works:

  • Deleted blobs move to soft deleted state instead of permanent deletion.

  • Overwritten data generates a soft deleted snapshot.

  • Retention configurable: 1–365 days.

  • Soft delete is backward-compatible and doesn’t require app changes.

VM Backup Considerations

• Snapshots vs Images:

  • Snapshot: Disk-specific, point-in-time copy, used for instant restore.

  • Image: VM-level, includes all attached disks, useful for VM deployment.

• Recovery Points:

  • Snapshots first; then transferred to Recovery Services vault.

  • Default snapshot retention: 2 days (configurable 1–5 days).

• Instant Restore:

  • Allows recovery from snapshot before vault transfer completes.

  • One-way upgrade (cannot revert back).

Choosing the Right Solution