It is finally here! Veeam for Azure. Since it was announced at Ignite last year I have been waiting for this product to be released. Veeam for Azure provides a native backup solution for virtualized workloads on Azure.
A Couple of weeks ago I wrote a blogpost looking at Azure native backup vs Veeam Backup using agent based solutions ( https://msandbu.org/azure-backup-vs-veeam-backup/ ) now a big difference with this product is that is integrates and provide a native backup solution using the built-in API’s in Azure Resource Manager to do a full backup of virtual machines using the snapshot mechanism for managed disks. It even supports incremental backup using the newly introduced incremental snapshot feature on managed disks in Azure.
Now the way this works, is that Veeam for Azure product (Which is running as a product on virtual machines in Azure) has an API integration using a service principal in Azure. The integration also communicates with the virtual machines using the Azure Agent to initiate a guest VSS snapshot in combination with the snapshot mechanism on managed disks in Azure.
The Veeam for Azure solution supports
- Restore of entire Virtual machine instances
- Restore of virtual machine instance managed disks
- Restore of virtual machine guest data and folders
Data from the snapshot is then moved to a Storage Blob, this can either be on a storage account within the same subscription or another subscription. As mentioned in the other blog post, one of the advantages that Veeam has is that it supports Hot/Cold Storage tiers which allows you do save a lot of money for long-term backups.
Veeam Backup for Azure creates backup files in the native Veeam format. Therefore, you can use Veeam Backup & Replication to create a copy of VM instance backups in on-premises repositories and perform data migration between cloud, on-premises and virtual infrastructures.
Veeam can also provide direct restore of virtual machines in Azure using Instant restore.
When Veeam does a backup of a virtual machine in Azure, Veeam Backup copies the whole content of the virtual machine instance and creates a full backup file in an Azure Blob storage repository. The full backup file becomes a starting point of the backup chain. Veeam can also use incremental snapshot data, the important aspect here is that there are a few differences between an incremental snapshot and a regular snapshot. Incremental snapshots will always use standard HDDs storage, irrespective of the storage type of the disk, whereas regular snapshots can use premium SSDs.
Architecture
The Veeam for Azure Backup is pretty simple you have backup server which runs as a Linux VM and is managed trough a web UI. The backup server is configured with a service principal that authenticates to Azure where the resources resides which you take backup of. Then Veeam backup server will automatically setup workers to handle the backup of the virtual machines.
Then the repository is attacked directly to one of more storage accounts. It is important to remember the different limitations in terms of performance in regards to storage accounts in Azure. https://docs.microsoft.com/en-us/azure/azure-resource-manager/management/azure-subscription-service-limits#storage-limits
Getting started
The Veeam setup can be get setup directly from the Azure marketplace
NOTE: I setup this VM using the free solution, which provides free license to backup 10 virtual machines.
Once you setup the VM from the marketplace it will spin up an Linux VM instance which will be the main backup server. You then connect to using this VM using HTTPS, then login with the username and password that was defined as part of the deployment. Then you are greeted with this screen where you need to configure the Azure Connection, define workers and setup a repository connection and create you first Azure Backup Policy.
Now as a limitation when I defined the Azure connection was that I needed to use the same subscription that the Veeam VM was part of, guessing this is so that I do not try to use the free edition to build a multi-tenant service 🙂
Setting up the connections is pretty simple also adding a repository.
And you can defined encryption password for each storage repository that you add to the service
Once you have configured the storage repository you need to define the workers.
The workers need to be placed within an existing VNET and will be configured using a virtual machine scale set and will scale up and down depending on the need to handle backup. The service will automatically scale this up and down. It should be noted that the VNET that you add this as part of, needs to be configured with a service endpoint for Azure Storage. The service endpoint routes traffic from the VNet through an optimal path to the Azure Storage service. The identities of the subnet and the virtual network are also transmitted with each request. Administrators can then configure network rules for the storage account that allow requests to be received from specific subnets in a VNet. Clients granted access via these network rules must continue to meet the authorization requirements of the storage account to access the data.
Once the workers are configured you can configure an backup policy. The backup policies can be configured using either subscription level, resource groups, tags or specific machines.
Then you can also configure if you want to have snapshots in additon to backup restore points.
Restore provides either restore using full instances or file level restore.
File-level restore, is launched trough a worker which has a VNET peering setup between the backup server and the workers which resides close to the storage account.
So this is the first walktrough of Veeam Backup for Azure, really exited that this is here and can also provide a even cheaper option compared to Azure Backup and also provide a lower RPO/RTO as well.