Overview of Azure Blob backup
Azure Backup provides a simple, secure, cost-effective, and cloud-based backup solution to protect your business or application-critical data stored in Azure Blob.
This article gives you an understanding about configuring the following types of backups for your blobs:
Continuous backups: You can configure operational backup, a managed local data protection solution, to protect your block blobs from accidental deletion or corruption. The data is stored locally within the source storage account and not transferred to the backup vault. You don’t need to define any schedule for backups. All changes are retained, and you can restore them from the state at a selected point in time.
Periodic backups: You can configure vaulted backup, a managed offsite data protection solution, to get protection against any accidental or malicious deletion of blobs or storage account. The backup data using vaulted backups is copied and stored in the Backup vault as per the schedule and frequency you define via the backup policy and retained as per the retention configured in the policy.
You can choose to configure vaulted backups, operational backups, or both on your storage accounts using a single backup policy. The integration with Azure Business Continuity Center enables you to govern, monitor, operate, and analyze backups at scale.
How the Azure Blobs backup works?
Choose a backup tier:
Operational backup uses blob platform capabilities to protect your data and allow recovery when required:
Point-in-time restore: Blob point-in-time restore allows restoring blob data to an earlier state. This, in turn, uses soft delete, change feed and blob versioning to retain data for the specified duration. Operational backup takes care of enabling point-in-time restore as well as the underlying capabilities to ensure data is retained for the specified duration.
Delete lock: Delete lock prevents the storage account from being deleted accidentally or by unauthorized users. Operational backup when configured also automatically applies a delete lock to reduce the possibilities of data loss because of storage account deletion.
For information about the limitations of the current solution, see the support matrix.
Protection
Important
The new backup policy only supports Operational backup along with Vaulted backup. You can't create policy for Operational backup only. Vaulted backup is selected by default in the new policy and can't be turned off. Existing backups and backup policies remain unchanged.
Choose a backup tier for protection:
Operational backup is configured and managed at the storage account level, and applies to all block blobs within the storage account. Operational backup uses a backup policy to manage the duration for which the backup data (including older versions and deleted blobs) is to be retained, in that way defining the period up to which you can restore your data from. The backup policy can have a maximum retention of 360 days, or equivalent number of complete weeks (51) or months (11).
When you configure backup for a storage account and assign a backup policy with a retention of ‘n’ days, the underlying properties are set as described below. You can view these properties in the Data protection tab of the blob service in your storage account.
Point-in-time restore: Set to ‘n’ days, as defined in the backup policy. If the storage account already had point-in-time enabled with a retention of, say ‘x’ days, before configuring backup, the point-in-time restore duration will be set to the greater of the two values that are max(n,x). If you had already enabled point-in-time restore and specified the retention to be greater than that in the backup policy, it will remain unchanged.
Soft delete: Set to ‘n+5’ days, that is, five days in addition to the duration specified in the backup policy. If the storage account that is being configured for operational backup already had soft delete enabled with a retention of, say ‘y’ days, then the soft delete retention will be set to the maximum of the two values, that is, maximum (n+5, y). If you had already enabled soft delete and specified the retention to be greater than that according to the backup policy, it will remain unchanged.
Versioning for blobs and blob change feed: Versioning and change feed are enabled for storage accounts that have been configured for operational backup.
Delete Lock: Configuring operational backup on a storage account also applies a Delete Lock on the storage account. The Delete Lock applied by Backup can be viewed under the Locks tab of the storage account.
To allow Backup to enable these properties on the storage accounts to be protected, the Backup vault must be granted the Storage Account Backup Contributor role on the respective storage accounts.
Note
Operational backup supports operations on block blobs only and operations on containers can’t be restored. If you delete a container from the storage account by calling the Delete Container operation, that container can’t be restored with a restore operation. It’s suggested you enable soft delete to enhance data protection and recovery.
Restore
You can restore data from any point in time for which a recovery point exists. A recovery point is created when a storage account is in protected state, and can be used to restore data as long as it falls in the retention period defined by the backup policy (and so the point-in-time restore capability of the blob service in the storage account). Operational backup uses blob point-in-time restore to restore data from a recovery point.
Operational backup gives you the option to restore all block blobs in the storage account, browse and restore specific containers, or use prefix matches to restore a subset of blobs. All restores can be performed to the source storage account only.
Pricing
Choose a backup tier:
You won't incur any management charges or instance fee when using operational backup for blobs. However, you'll incur the following charges:
Restores are done using blob point-in-time restore and attract charges based on the amount of data processed. For more information, see point-in-time restore pricing.
Retention of data because of Soft delete for blobs, Change feed support in Azure Blob Storage, and Blob versioning.