One of the tried and tested rules that can effectively address any failure scenario is called the 3-2-1 backup rule. This backup rule is becoming more and more important as organisations continue to virtualise their mission critical data, making the protection of that data becomes more vital than ever.
The 3-2-1 rule became a popular concept thanks to Peter Krogh, a well-known photographer who wrote that there are two groups of people: those who have already had a storage failure and those who will have one in the future.
In other words, the 3-2-1 backup rule means you should have 3 copies of your production data, on 2 different types of media and 1 offsite.
The purpose of this post is focused on getting your backup data offsite, and how we can leverage Microsoft Azure and Veeam together to help meet the 3-2-1 backup rule.
How can I get my data offsite to Azure?
Well, there are currently three main ways to get your data offsite and into Azure Cloud.
Figure 1: Veeam to Azure
The first method is to utilise an on-premises storage appliance called a StorSimple. The StorSimple can be deployed either as a physical appliance or as a virtual software appliance which caters for the majority of organisations requirements. By utilising the StorSimple capability to automatically archive Veeam backup data out to blob based Azure storage, we can achieve offsite backups. The StorSimple is a great bolt-on solution for existing Veeam deployments with relatively quick deployments and easier to use interfaces.
The flexible architecture of StorSimple is ideal for customers who want to externalise more than just their backups and is ideal for large volumes with usage of Azure native storage.
Limitations that should be considered are the extra appliance that needs to be deployed and maintained. Also, consider that while there is a virtual software appliance available there is a cost for any physical appliances that are acquired. A faster internet connection is recommended to meet any established recovery point objectives (RPO).
Figure 2: Veeam to StorSimple to Azure
If Veeam requires access to the archived data within Azure, the StorSimple will automatically pull the data back. A fast internet connection is recommended to ensure your offsite backup requirements can be met. No additional Veeam licenses are required for this option.
Option two is to externalise with a dedicated link to an Azure site as Site to Site Link (Azure ExpressRoute), SSL Direct Link to Azure or using a private network (vNet) in Azure.
Offsite storage is made available by configuring a link between the on-premises Veeam server and the Azure storage which is used to store the offsite Veeam backup data. Optionally a virtual machine can be created in Azure to provide WAN Acceleration to improve performance.
The benefits of this method is available to all organisations, no appliance needs to be deployed taking up valuable rack space or consuming resources living on your hyper-visor hosts as a virtual appliance. This option also does not require any additional Veeam licenses.
Figure 3: Direct to Azure
Things to consider are the link that is necessary which may impact on performance and possibly workload that may share the link. Costs associated with the Azure ExpressRoute need to be considered as well. This option is not recommended for multi-location infrastructures as it can be complex.
The third option is to send backups offsite to Azure using Veeam Cloud Connect.
Veeam Cloud Connect is a technology that enables sending backup data to an offsite location managed by a Service Provider or the organisation themselves.
Figure 4: Veeam Cloud Connect for the Enterprise
There are two flavours of Veeam Cloud Connect:
a. Veeam Cloud Connect for the Enterprise
Veeam Cloud Connect for Enterprise allows enterprise organisations to operate their own Hybrid Cloud by acting as their own service provider, they configure the necessary infrastructure in Azure to receive and manage the off-site backup data.
There are several considerations for this option as it is geared towards enterprise customers. Veeam Cloud Connect for the Enterprise requires the organisation to own the Enterprise Plus edition of Veeam – also if the customer is not in an Enterprise Agreement (EA) with Microsoft, then there is a 100 socket minimum of Veeam Enterprise licenses. If the organisation owns an EA with Microsoft, then there is no socket minimum. In either case the customer must match licenses 1 to 1.
For example, if ACME company has an EA with Microsoft and owns 86 sockets of Veeam Enterprise Plus, they would purchase 86 sockets of Veeam Cloud Connect Enterprise. Without the EA they would be required to purchase 100 sockets.
b. Veeam Cloud Connect
A service provider will host the offsite backup storage in Azure which is presented to organisations with on-premises Veeam. The service provider’s backup data can be encrypted at the source (before it leaves your network perimeter), in flight and at rest. This method is the easiest way to externalise to Azure, its ideal for multi-site configurations and you keep the same interface and console.
Figure 5: Veeam Cloud Connect
Veeam Cloud Connect is included within the Veeam Availability Suite, Veeam Backup & Replication and Veeam Backup Essentials for all organisations at no additional charge and with no additional licensing required. However, organisations will need to acquire a subscription to the appropriate storage resources from a service provider of your choice in order to use it.