Updated – 28/05/2020 – Azure Backup now provides protection against accidental deletion of Azure file shares!
Updated – 16/05/2020 – Azure Backup for Azure file share supports maximum of 11 snapshots per day!
With Azure File Sync, you can centralize your files in Azure and then install a sync agent on Windows Server on-premises or in Azure (IaaS VM) to provide fast local access to your cloud files. Your local server and Azure are constantly syncing, so you have one centralized location for your files with multi-site access powered by fast local caches and cloud tiering. What cloud tiering does, it enables frequently accessed files to be cached locally such that the full file content is present on the server, whereas less frequently accessed files are tiered to the cloud. This is desirable for those files that you are not using very often but you still want them to be around.
If the file server becomes unavailable for any reason in your datacenter or branch office, you just need to install the Sync agent on another server or virtual machine, and your users and applications can access the file again within minutes.
One of the great features of Azure File Sync is the integration with the Azure Backup service. Azure Backup is an Azure-based service that you can use to back up (or protect) and restore your data in the Microsoft cloud. Azure Backup replaces your existing on-premises and off-site backup solution with a cloud-based solution that is reliable, secure, and cost-competitive. For nearly every Azure File Sync deployment that I work on, I’ve seen that Azure Backup is considered as a requirement to provide an additional layer of security and protection.
In the first blog of this 3 part series, I discussed how Azure Backup integrates with Azure File Sync. Please make sure to check it before you continue reading this article. In the second part, I will share with you the new features and improvements that were added for Azure Backup and Azure Files (Sync) as of May 2020.
Azure Backup for Azure Files (Sync)
The long waiting support for Azure Files backup is over, Microsoft just announced on April 29, 2020, that Azure Backup for Azure Files/File Share/File Sync is now generally available (GA). You can read about the announcement here. At the time of this writing, not all regions are GA yet, but the support is coming very soon for all Azure regions. The list of the currently supported regions is documented in the support matrix list here.
Let’s now look at the enhancement and new features introduced to Azure Backup and Azure Files (Sync) GA.
Long-Term Backup Retention
If you have been using Azure File shares backup, you know that Microsoft initially supported only a daily backup policy for a maximum of 180 days (6 months) in the Azure Portal.
After extensive testing on making sure the snapshots are durable for long-term retention, Microsoft enabled on-demand backup that can retain your snapshots for 10 years using PowerShell. I have developed a tool to automate the backup for Azure File Shares using PowerShell so you can schedule it to take snapshots at regular intervals every week, month, or year for long-term retention.
The good news is, you can now create a long-term backup policy (Daily/Weekly/Monthly/Yearly) for Azure Files directly in the Azure Portal without the need to use PowerShell.
Now as part of the daily (mandatory) backup policy, you can now configure 200 days of daily backup instead of 180 days previously. Why only 200 days? Read on…
Azure Backup supports only 200 snapshots per file share limit at any given point in time. This is the current restriction of the platform to make sure your snapshots are durable. You could, for example, schedule 190 days as a daily backup, and 10 years as a yearly backup (190+10=200 snapshots), and so on and so forth…
Additionally, Microsoft has added on-demand snapshots (backup) so you can take up to ten times backup per day (manually triggered), as well as one daily scheduled backup, so a total of 11 snapshots per day you can take ONLY.
The reason behind this restriction is to protect you from running out of snapshots support which is 200. And when you try to trigger more than 10 manual backups per day, you will receive the following error. The Error Message below will be updated to reflect the current limitation.
Alerts and reporting
By integrating Azure Backup with Azure File Sync, you also get a detailed report of Azure Files (Sync) backup by leveraging the power of Azure Backup reporting capability, for this to work, you need to make sure that your Recovery Services Vaults (Diagnostics settings) have been configured to send data to Log Analytics as shown below.
Then you can simply navigate to your vault and click on the Backup Reports menu item. As of today, under Summary you will see only how many Protected Instances you are using for Azure Files since the backup is NOT transferred to the Recovery Services Vaults. In other words, there is no Cloud Storage consume from the backup perspective for Azure Files (Sync).
There are few additional metrics you can see in the reporting blade related to Azure Files such as how many backup Jobs have succeeded and failed, how many backup items corresponding to the file share type.
For alerts, you will also get critical and warning alerts related to your Azure Files (Sync) backup and restore as follows:
- Critical: In principle, any backup or recovery failure (scheduled or user-triggered) would lead to the generation of an alert and would be shown as a Critical alert and also destructive operations such as delete backup.
- Warning: If the backup operation succeeds but with few warnings, they are listed as Warning alerts.
- Informational: As of today, no informational alert is generated by Azure Backup service for Azure Files.
Protection against accidental deletion
On May 27, 2020, the Azure Backup team in coordination with the Azure Files team announced the general availability of the long-awaited feature “Soft Delete” to protect your file share(s) from accidental deletion and malicious actor.
What is Soft Delete?
Soft Delete is a new feature that enables intermediate state “Soft deleted state” for file share(s) when they are deleted accidentally or maliciously. The soft delete feature is configurable at the Storage account level but works only at the File share level. In other words, when you enable soft delete at the storage account level, then all the existing file shares, as well as the newly created ones will be protected and adhere to this policy. When soft delete is enabled, you need to define the retention policy (period) in days, the retention policy determines the time window for which file share contents would be retained before permanent deletion.
Soft Delete for file share can be enabled at existing storage accounts OR you can enable it during the creation of storage account as shown in the image below.
Please do not confuse between Blob soft delete and File share soft delete, both features are enabled at the storage account level but they serve for different purposes.
How Azure Backup leverages Soft Delete?
The high-level overview of how Azure Backup leverages Azure File share with soft delete is illustrated in the following diagram:
When you configure Azure Backup for Azure File Share, what will happen is the following:
- You create or select an existing Recovery Services Vaults.
- You enable backup and select Azure File Share.
- Then you select the source Azure storage account where the Azure File share(s) reside. Then the storage account will be registered with the Recovery Services Vaults (at the time of this writing, no backup is transferred to the Recovery Services Vaults).
- The next step is to select one or more file share(s) which you want to protect.
- Azure Backup enables “Soft Delete” on the storage account with the default retention period of 14 days.
- Last but not least, you can choose or create a new backup policy (daily, weekly, monthly, or yearly backup up to 10 years only through the Azure Portal).
- Finally, when each backup job runs, the Azure Backup service will ensure that the soft delete is always turned on.
At the time of this writing (May 28th, 2020), Azure Backup supports for Soft Delete feature is active in West Central US and is being rolled out for other Azure regions as well. Soft delete is supported only for standard and premium storage accounts and is currently enable from the Azure Backup side, please check the current supported regions here.
Please note that you can also reset the retention period settings as per your requirement (1 day => to 365 days). However, Azure Backup will always set the retention (soft delete) policy to 14 days if you set it below 14. On the other hand, if the retention policy is greater than 14 days (i.e. 15…365), Azure Backup will adhere to this policy and keep it as is.
This retention policy determines the time window you’ll have to recover your file share contents and snapshots after any accidental delete operation. The recovery points are preserved during this duration and once you undelete the file share, backups start running successfully with no additional configuration needed from your side.
When you want to restore your data from a deleted file share, you want to undelete the file share first within the retention period. If no action has been taken within the retention period, then the snapshots and file share contents are permanently deleted.
What about billing during the retention period?
When a file share(s) is in the deleted state, you will be charged for the snapshots storage, as well as for the protected instance cost (more details on this in the next section). The price will be based on used capacity charged at the snapshots rate whether you are using standard or premium file shares.
Azure Backup Pricing for Azure Files
As for the pricing details, backup for Azure Files (Sync) is calculated as follows:
- Azure Backup uses Azure File Share snapshots for creating recovery points. Storage charges incurred for snapshots are billed along with your Azure Files usage as documented here.
- The combined size of all backed-up Azure File Shares in a Storage Account determines the instance size while using Backup for Azure Files. Below is the price for the protect instance size based on the West Central US region. The Azure Backup pricing calculator is being updated to reflect all Azure regions.
|SIZE OF EACH INSTANCE||AZURE BACKUP PRICE PER MONTH|
|Instance is > 50 GB but < or = 500 GB||$6|
|Instance > 500 GB||$6 for each 500 GB increment|
|Instance < or = 50 GB||60% of Azure Backup price per month|
Let’s take the following real-world example:
- The total size of all Azure File Shares that are going to be backed up in the same storage account is 2 TB (2,048 GB).
- The daily churn rate is moderate ~ 3%. The churn is the amount of new data every day (that is, written or appended to existing files).
- The redundancy of the original file share (where snapshots would be stored) in the storage account is Locally-Redundant Storage (LRS).
- The type of the Storage Account used in this example is Standard. At the time of this writing, we have two types of storage account for file shares (Standard/Premium). However, Microsoft announced at Ignite 2019 that a new type of storage Tier is coming very soon to reduce the storage cost of your Azure Files which is known as “Transaction Optimized“, “Hot“, and “Cool” tiers.
- The Azure Backup policy definition selected for this example as follows:
- Daily: 30 Days.
- Weekly: 4 Weeks.
- Monthly: 6 Months.
- Yearly: 5 Years.
The estimated monthly and yearly price will be calculated as follows:
As of this writing, the combined size (point 2) for the protected instance will not be chargeable until the first of August 2020. The pricing will also be dropped (reduced) as soon as Microsoft announces the new storage tiers. Stay Tuned!
Please note that Azure Files (Sync) pricing is separate from Azure Backup, you need to take into consideration the following 4 additional charges: Sync Server price (1st server is free), data storage price, operations and data transfer price, and outbound (network) data transfers price.
There are a lot of improvements coming to Azure Backup and Azure Files (Sync). Microsoft is currently working on a new set of features:
- Transferring (hardening) to Recovery Services Vault instead of relying on keeping the share snapshots within the same file share/storage account.
- Soft-Delete – Protecting against accidental deletion of your Azure file share.
- Protecting against accidental deletion of an individual (specific) snapshot. Please note that deleting a specific snapshot will NOT break the backup/restore process, you will lose only the recovery point for that specific point in time snapshot.
- Configure backup directly from the Azure File share blade (UI) instead of going to the Recovery Services Vault.
- Schedule multiple snapshots per day using Azure Backup Policy. (Today is 1 snapshot).
- Take weekly/monthly full copies of File Share to Recovery Services Vault.
- Use snapshots replicated to a paired region to restore File share in the paired region.
- Take daily/weekly/monthly incremental backups of File shares to Recovery Services Vault?
The Azure Backup team needs your help to prioritize those features, please take the quick survey here and help to prioritize those features.
Azure File Sync extends on-premises file servers into Azure providing cloud benefits while maintaining performance and compatibility. Azure File Sync provides:
- Multi-site access – provide write access to the same data across Windows servers and Azure Files.
- Cloud tiering – store only recently accessed data on local servers.
- Integrates with Azure backup – no need to back up your data on-premises.
- Fast disaster recovery – restore file metadata immediately and recall data as needed.
By integrating Azure Backup with Azure File Sync, you will save a lot of storage management and reduce operational and licensing costs.
This is the current enhancement of Azure Backup integration with Azure Files (Sync), please make sure to check Part III which is planned to be released by the end of summer 2020 where I will show you the great improvements that are coming to Azure Backup and Azure Files (Sync).
I hope you find this quick guide useful. To learn more about Azure File Sync, please check the following articles.
Thank you for reading my blog.
If you have any questions or feedback, please leave a comment.