When it comes to choosing a backup solution for your on-premises file servers which is one of the key workloads still for many organizations, you have many options to choose from, this could also differ base on different scenarios and requirements.
When designing either a backup or disaster recovery solution, you need to assess first the workloads to understand what is important to your organization, and to prioritize the importance of the workloads by performing a Business Impact Analysis (BIA) which is the first step in the business continuity planning process. Then, you start addressing what level of protection each of your workloads needs by estimating the maximum allowable downtime, as well as the acceptable level of losses (i.e. what is the impact if you lost an hours’ versus a week’s worth of data?) Then you start designing your recovery solutions based on the impact analysis which is a huge task that must be undertaken by coordinating with various business functions and processes.
If you are familiar with Microsoft Business Continuity and Disaster Recovery (BCDR) solutions, you may know the different solutions and products which are available to use based on your organization’s needs.
In this article, I will address all the different backup solutions that you have with Microsoft (BCDR) solutions as of today especially when considering moving your data to the cloud. And finally, I will cover how you can transform on-premises file servers’ backup to a more modern, cost-competitive, and secure design by integrating Azure Files (Sync) with Azure Backup.
Microsoft BCDR solutions overview
In the realm of Microsoft Business Continuity and Disaster Recovery (BCDR) portfolio, we have the following solutions and products:
Azure Site Recovery
Azure Site Recovery (ASR) provides a single disaster recovery (DR) solution that works across platforms be it running on Hyper-V environment on-premises, Azure Stack Hub, VMware virtualization platform, or even on your physical platform, so it works across platforms and clouds as well. So, it could be your public cloud, your private cloud, or service provider cloud, and across different workloads as well.
As shown in the below diagram, you can use Azure infrastructure as your secondary site, then with ASR, you can automate all VMs protection, replication, and recovery plans.
Please note that ASR is NOT a backup solution, you can use it for disaster recovery (DR) or migrate your servers to Microsoft Azure. And DR to cloud solution is especially useful when more and more people are working from home now and there are difficulties in managing on-premises servers on time.
MABS and SCDPM
Microsoft Azure Backup Server (MABS) inherits the same functionality of System Center Data Protection Manager (SC DPM) for workloads backup, if you are familiar with SC DPM, MABS looks very similar. However, MABS does not provide protection on tapes nor can integrate with any System Center component. The good news is, MABS comes with a free SQL server license that can only be used for the MABS database, and it is free to download. Did I say free? Yes, it is FREE!
With Microsoft Azure Backup Server (MABS), you can protect application workloads such as Hyper-V VMs, Microsoft SQL Server, SharePoint Server, Microsoft Exchange, VMware VMs, and Windows clients to:
- Disk (D2D), giving low and short Recovery Time Objectives (RTO) for tier 1 workloads (short-term protection on-premises).
- Azure (D2D2C) for long-term online and off-site protection to Azure. (Backup to Tape is NOT supported).
MABS and SC DPM are a complete backup solution that protects a wide range of workloads. You can choose this solution to protect your file server in the cloud for long-term and short-term retention. However, this solution requires a big infrastructure and storage footprint to maintain on-premises especially if you are only considering file server protection.
Azure Backup (MARS)
MARS is a standalone agent which is used by Azure Backup to back up your files, folders, and system state from on-premises individual machines and Azure IaaS VMs to Recovery Services Vaults in Azure.
You can deploy and run the MARS agent in three different scenarios as follows:
- Run the agent directly on-premises on Windows machines so that they can back up directly to Recovery Services Vaults in Azure.
- Run the agent on Azure IaaS VMs running Windows (side-by-side with the Azure VM backup extension) to back up specific files and folders on the VM.
- Run the agent on Microsoft Azure Backup Server (MABS) or on System Center Data Protection Manager (SCDPM) server. In this scenario, the workload will be backed up to MABS/SCDPM first, and then MABS/SCDPM will transfer your backup to Recovery Services Vaults in Azure using the MARS agent. So, what you can back up depends on where the agent is installed.
You can also choose the MARS agent as a backup solution to protect your file server in the cloud for long-term retention.
Azure Backup for Azure Files
Azure Files is the central hub of your files in Azure, while Azure File Sync (AFS) is a service that allows you to cache a number of Azure file share(s) on an on-premises Windows Server or IaaS VM in the cloud. Your file server and Azure are constantly syncing, so you have one centralized location for your files with multi-site access powered by fast local caches and cloud tiering.
For more information about Azure File Sync, please check the following articles.
One of the great features of Azure Files and Azure File Sync is the integration with the Azure Backup service. Azure Backup is an Azure-based service that you can use to back up, protect, and restore your data in the Microsoft cloud. The key aspect of this integration that Azure Backup can replace your existing on-premises and off-site backup solution with a cloud-based solution that is reliable, secure, and cost-competitive.
For the remainder of this article, I will focus on Azure Backup (MARS) agent, and Azure Backup for Azure Files (Sync) integration since both solutions are tailored for a file server and branch office scenarios.
Azure Backup (MARS) agent
Let us look at the Azure Backup (MARS) agent a bit closer which is a competent backup solution for file servers with minimal infrastructure to maintain on-premises.
Notice the acronym for the Agent is “MARS” where all the data funnel through. If you are not familiar with other Microsoft Business Continuity and Disaster Recovery (BCDR) solutions, you may not realize that MARS stands for “Microsoft Azure Recovery Services”.
Now when you download and install the MARS agent on your file server, you need to take into consideration the following requirements:
- Supported Operating System: Windows Server 2012 R2, Windows Server 2016, Windows Server 2019, as well as Windows 8, Windows 8.1, and Windows 10. The MARS agent does NOT support Windows Server Core SKUs.
- Cache Location: This is also referred to as the “Scratch Space”. Scratch Space is used during online backup and recovery for metadata only. The space required for this location is normally between 5-10% of the size of the backup. So, this means you should perform some pre-deployment planning, and estimate the expected size of your backup data on each server. If you are backing up 1 TB of data, then the Scratch Space should have approximately 51.2 – 102.4 GB of free space available. And that does not account for data growth!
- Recovery Services Vault: A Recovery Services vault is a storage entity that stores the recovery points created over time in Azure. Azure Backup (via the Recovery Services Vault) will create a hidden Azure Storage account. This storage account is where all your backup data will be maintained. But Azure Storage provides different redundancy and replication options. So, you have to carefully choose your redundancy option in the Recovery Services Vault (Locally-Redundant / Geo-Redundant) because once you set this configuration, and then start your backups, you cannot change it later! This also will affect your monthly bill; the price will be double with Geo-Redundant Storage (GRS) versus Locally Redundant Storage (LRS).
The workflow process of using Azure Backup (MARS) agent is illustrated in the following diagram:
The big advantage of using the MARS agent as a backup solution is, your data can be retained for long-term retention up to 99 years in the cloud if you wish. The data will be protected and stored in Recovery Services Vault. On the other hand, the operation side of the MARS solution is a bit challenging:
- Passphrase encryption key – You need to maintain and protect the key for each machine registered to the Recovery Services Vault. If you lost that key, Microsoft cannot help you to restore your data.
- Updates – As of today, you cannot automate the update process of the MARS agent.
- Policy management – Backup policy is not centralized with the MARS agent, so you need to configure and manage the backup policy individually on each server.
- Recovery Time Objective (RTO) – The restoring process of data with the MARS agent takes a bit of effort which will be slower especially with large file share that may impact your RTO.
Azure Backup for Azure Files (Sync)
Azure Backup and Azure File Sync are hybrid solutions that are built on top of the Azure Platform as a Service (PaaS) and Azure Files. Azure Backup integration with Azure File Sync is based on Azure Storage and File Share which is one of the fundamental components when deploying Azure File Sync.
The high-level deployment architecture of Azure Files (Sync) with multi-sites access with Azure Backup looks like in the following diagram:
Now when you download and install the file sync agent on your machine, you need to take into consideration the following requirements:
- Supported Operating System: Windows Server 2012 R2, Windows Server 206, Windows Server 2019. No Windows client support, however, the file sync agent does support Windows Server Core SKUs.
- Windows Management Framework 5.1: Windows Server 2012 R2 only.
- PowerShell Module: You need Az or AzureRM module (version 4.3.1 or later).
From the Azure Backup perspective, we have the Azure Backup Service running in the same Azure region as the Azure Storage Sync Service as well as the Azure File Share. Then we have the backup Policy Management which is responsible for orchestrating the snapshots and backup retention.
When you enable Azure Backup for Azure File Share, what will happen is the following:
- You create or select an existing Recovery Services Vaults.
- You enable backup and select Azure File Share.
- Then you select the source Azure storage account where the Azure File share(s) reside. Then the storage account will be registered with the Recovery Services Vaults (at the time of this writing, no backup is transferred to the Recovery Services Vaults).
- The next step is to select one or more file share(s) which you want to protect.
- Azure Backup enables “Soft Delete” on the storage account with the default retention period of 14 days.
- Last but not least, you can choose or create a new backup policy (daily, weekly, monthly, or yearly backup up to 10 years only through the Azure Portal).
- Finally, when each backup job runs, the Azure Backup service will ensure that the soft delete is always turned on.
The big advantage of Azure File Sync with Azure Backup integration is the operation side of this solution. You can restore your data super-fast to meet your RTO needs, and in case of disaster, you can spin up a new file server and get back your data including all the NTFS ACLs within minutes. The other advantage is when you enable cloud tiering, you can shrink and reduce your storage footprint on-premises.
At the time of this writing, Azure File Sync integration with Azure Backup relies on snapshots storage which remains in the same file share and storage account. In other words, the protected data will NOT be stored and transferred to Recovery Services Vault compare to what we have with the MARS agent solution. So, if you have a strict backup policy and you need to keep your data protected in Recovery Services Vault separately, then this solution is not ideal as of today.
On May 27, 2020, the Azure Backup team in coordination with the Azure Files team announced the general availability of the long-awaited feature “Soft Delete” to protect your file share(s) from accidental deletion and malicious actor. Learn more on how to protect your Azure File share today.
MARS and Azure File Sync agent
I have seen in the field that some customers have installed the MARS agent and the Azure File Sync agent side by side on the same server to protect their data. From a technical point of view, you can run both solutions at the same time and it is supported by Microsoft, however, you may experience certain issues and it is not optimal to use both agents for the following reasons:
- The MARS agent is not aware of Azure File Sync cloud tiering capabilities, so if you are using Azure File Sync with cloud tiering enabled, you may end up recalling your cold data back on-premises for the MARS agent to take backup and then send it to Azure Recovery Services Vault. The ingress (inbound) transfers are free, but the egress (outbound) transfers are not free for Azure File Sync, so in this scenario, you have consumed a lot of network bandwidth and you increased your Azure bill by paying the outbound (network) data transfers charges as well.
- As of today, the MARS agent requires additional maintenance compare to the Azure File Sync agent to keep it up to date. You need to plan your deployment for either solution, but Azure File Sync agent is easier to manage and maintain.
- Last is your network bandwidth when both agents are installed side by side, you will consume double bandwidth IN and OUT.
Azure Backup pricing comparison
Let us look at the price differences between Azure Backup (MARS) agent and the Azure Backup for Azure Files (Sync) enabled.
For MARS agent pricing, we have the following:
- Size of each protected instance: $5 for < or = 50GB, and $10 for > 50GB but less < 500GB, and then $10 increment for each additional >500 GB.
- Backup Storage: Azure Backup uses Block Blob storage for backing up your instances. So, you have the flexibility to choose between locally redundant storage (LRS) or geo-redundant storage (GRS). Both LRS and GRS are Block Blob Storage. The price for LRS is $0.0224 per GB, and the price for GRS is $0.0448 per GB.
For Azure File Sync with Azure Backup pricing, we have the following:
- Sync Server: One sync server free per storage sync service, then $5 for every additional sync server.
- Storage for file servers: $0.06 per used GB for Standard storage account. However, Microsoft announced at Ignite 2019 that a new type of storage Tier is coming very soon to reduce the storage cost of your Azure Files/Azure Backup. The new tiers will be named as “Transaction Optimized“, “Hot“, and “Cool“.
- Operations and data transfer: Put, Create Container Operations, list (per 10,000) is $0.015.
- Outbound data transfers: The first 5 GB per month is free. And between 5 GB – 10 TB per month is $0.087 per GB.
- Backup Snapshot Storage: $0.06 per used GB for Standard storage account. The price of the new tiers will also reduce the snapshot storage price.
- Size of each protected instance: $5 above > 50GB but less < or = 500GB, then $5 increment for each additional >500 GB. If you have less than 50 GB, you pay 60% of the Azure Backup price per month.
Let us take the following real-world example:
- We have a 500 GB file server that we want to backup to Azure.
- The daily churn rate is moderate ~ 3%. The churn is the amount of new data every day (that is, written or appended to existing files).
- The redundancy of the file share (where snapshots would be stored) in the storage account is Locally Redundant Storage (LRS).
- The type of the Storage Account used in this example is Standard. At the time of this writing, we have two types of storage account for file shares (Standard/Premium). However, Microsoft announced at Ignite 2019 that a new type of storage Tier is coming very soon to reduce the storage cost of your Azure Files (Sync) / Azure Backup. The new tiers will be named as “Transaction Optimized“, “Hot“, and “Cool“.
- The Azure Backup policy definition selected for this example is set to daily for 30 Days.
As of today, the estimated monthly price will be divided and calculated as follows.
The first table is the storage price calculation for files, and comparison between the on-premises file server and cloud storage only without backup. For the on-premises file server storage, the price is calculated based on your capital expenditure (CAPEX) and the total cost of ownership (TCO).
The second table is the price comparison between Azure Backup (MARS) solution, and Azure Backup for Azure Files (+ Azure File Sync):
If we consider the backup related costs only, we can see that Azure Backup integrated with Azure Files (Sync) is cheaper than the MARS agent ($19.00 versus $24.56). However, if we look at the overall solution which includes the cloud storage for file servers and the file sync agent for 2 servers, we are at ($30+$19)=$49.00 versus $24.56. Yes, the price is double (at the time of this writing), but you have the following additional benefits when considering Azure Backup with Azure Files (Sync):
- Centralize file services in Azure storage.
- Cache data in multiple locations for fast, local performance.
- Deduplication is supported on volumes with cloud tiering enabled on Windows Server 2016 and Windows Server 2019.
- Eliminate local backup and Disaster Recovery (DR).
Please note that the price for Azure Files and snapshot (backup) management will be dropped as soon as Microsoft announces the new storage tiers mentioned above. I expect the price will match the MARS agent today as an overall solution considering the “Hot” tier including the added benefits that you get with Azure File Sync. Stay Tuned!
This article described different Microsoft Business Continuity and Disaster Recovery (BCDR) solutions that are available to consider when choosing a cloud backup strategy, then I discussed Azure Backup (MARS) agent and Azure File Sync with Azure Backup integration as a cloud backup solution for your file servers. I highly recommend evaluating each solution individually and tailor it based on your organization’s needs taking into consideration the total cost of ownership (TCO) for each solution, as well as your Recovery Time Objective (RTO) and Recovery Point Objective (RPO).
This table will summarize and compare all the features between Azure Backup (MARS) solution and Azure Backup for Azure Files (+ Azure File Sync):
Based on my experience, by integrating Azure Backup with Azure Files (Sync), you will save a lot on storage footprint on-premises, reduce backup management, and operational costs compare to Azure Backup (MARS) agent solution alone.
Which BCDR solution are you consider using for your on-premises file servers? You are welcome to share your thoughts in the comment section below.
I hope you find this guide useful in choosing the best cloud backup solution to meet your requirements. To learn more about Azure File Sync and Azure Backup integration, please check the following articles:
- How Azure Backup Integrates with Azure File Sync – Part I
- How Azure Backup Integrates with Azure File Sync – Part II
Last but not least, I want to thank Vishnu Charan, Senior Program Manager at Microsoft Azure Backup team for his help and support in reviewing this article.
Thank you for reading my blog.