So, how does Azure Backup work? Well, for starters, Azure Backup consists of a few different layers, or pieces. You have the Workload Integration Layer, the Data Plane, and the Management Plane. The Data Plane is actually broken out into two pieces: “Access Tiers” and “Availability and Security”.

The Workload Integration layer is where the integration of the backup extension and the workload being backed up happens. The Access Tiers within the Data Plane define where backups are stored. These access tiers include the Snapshot Tier, the Standard Tier, and then Archive Tier. The Availability and Security piece of the Data Plane defines where backup data is replicated. The redundancy options chosen by the user will determine if the backup data is replicated across zones, or regions, or both. And the Management Plane is where the Recovery Service vaults, Backup Vaults, and Backup Center sit. These tools allow you to interact with the backup service.

Whether it’s data, machine state, or workloads running on on-prem machines or on VMs, it’s all backed up to the cloud and stored in either a Recovery Services Vault or a Backup Vault. Backup Vaults support Azure Database for PostgreSQL server backups, Azure blob backups, and backups of Azure disks. Recovery Services Vaults support everything else, including VM backups, SQL in Azure VMs, Azure Files, SAP HANA in Azure VMs, Azure Backup Server backups, backups via Azure Backup Agents, and DPM.

Regardless of which type of vault you use; the vault is used to organize backup data and it allow you to monitor your backed up items. Access to Recovery Services Vaults and Backup Vaults is controlled by Azure RBAC.

When you backup to a vault, you need to specify how the data in the vault is replicated, because the replication you choose determines how redundant your backup data is. You have a few different choices. You have locally redundant storage, or LRS; you have GRS, or geo-redundant storage; and you have zone-redundant storage, or ZRS.

Locally redundant storage protects backup data from server rack failures and drive failures in Azure. LRS replicates the backed-up data three times with a single data center within the primary region.

Geo-redundant storage protect data against region-wide outages by replicating that data to a secondary region.

Zone-redundant storage replicates backup data in availability zones. This guarantees data residency and resiliency in the same region. I should mention that recovery services vaults use geo-redundant storage by default.

If you need to back up on-prem Windows machines, you can use the MARS agent to backup directly to Azure, right over the internet. The long name for the MARS agent is Azure Backup Microsoft Azure Recovery Services agent. You can also backup on-prem Windows machines to a backup server like System Center Data Protection Manager, or DPM, or a Microsoft Azure Backup Server, or MABS. In these cases, you would then backup the backup server to a Recovery Services Vault in Azure. I should point out that on-prem Linux machines are not supported by Azure Backup.

Azure VMs can be backed up directly to Azure via the backup extension that Azure Backup installs on Azure VMs. The backup extension allows you to perform a backup of the entire VM. However, if you only need to backup files and folders on a VM, you can use the MARS agent instead.

Azure Backup supports full backups and incremental backups. It also supports Full, Differential, and Transaction Log SQL Server backups. The table on your screen breaks down the differences between the types of backups supported by Azure Backup:

Notice that all backup types, including MARS agent backups, Azure VM backups and backups performed via DPM and MABS all go to a vault. What’s also important to note here is that all backup types also support incremental backups. 

In the next lesson, we’ll take a look at the Azure Backup Center.