1.
23 NOIEMBRIE 2017 | BUCUREȘTI
Microsoft Azure as a solution for DR:
Backup or Disaster Recovery?
TUDOR DAMIAN
Executive Manager & CIO @ Avaelgo
Microsoft Cloud & Datacenter Management MVP
Certified Ethical Hacker

2.
23 NOIEMBRIE 2017 | BUCUREȘTI
Mulțumiri sponsorilor și partenerilor
SPONSORI
ORGANIZATOR
PARTENERI MEDIA
PARTENER DE IMAGINE

3.
23 NOIEMBRIE 2017 | BUCUREȘTI
• Business Continuity & Disaster Recovery primer
–Challenges, threats, RTO/RPO, Cloud concerns
• Azure Backup
• Azure Site Recovery
• Conclusions
Agenda

4.
23 NOIEMBRIE 2017 | BUCUREȘTI
BUSINESS CONTINUITY & DR

5.
23 NOIEMBRIE 2017 | BUCUREȘTI
• Every company relies on IT systems
to operate in this digital world
–Implementing disaster recovery across
your enterprise can be daunting and is
therefore usually avoided
• Yet, nearly every company is
susceptible to some kind of disaster
–Failure to provide service can lead to
not only a service outage but long
term brand damage
Why Disaster Recovery is needed

6.
23 NOIEMBRIE 2017 | BUCUREȘTI
• The DR plan…
– Does not exist at all
– Is incorrect or unreliable
– Includes unnecessary technology
– Hasn’t been effectively tested
– Doesn’t include sufficient information management regulations
• The cost is too high
– Datacenter, resources, hardware, management, staff, etc.
• The complexity is overwhelming
– Multiple data centers
– Replication technologies
– Potential need for dedicated restore hardware
– DR management software
Current Challenges (1)

7.
23 NOIEMBRIE 2017 | BUCUREȘTI
• Slow Cloud Adoption
– Companies are trapped in traditional backup infrastructures that were never
desired to embrace the Cloud
• Long Backup Windows
– The traditional model becomes unmanageable as data sizes grow and full
backup windows extend beyond SLAs
– Lengthy backup windows can impact application performance
• Slow Recoveries
– If you cannot recover your backups then why have them in the first place?
– Lengthy recovery windows can impact business operations, customer
experience and typically revenue
Current Challenges (2)

8.
23 NOIEMBRIE 2017 | BUCUREȘTI
• Disaster Recovery Challenges
– Businesses have to plan for both local backup and recovery and DR
– Traditional backup and recovery methodologies create significant DR challenges
due to restoration complexity
– As a result, many companies limit their focus on DR and if they do focus on it, tests
are run infrequently
• Multiple RPOs
– Different applications mandate different recovery point objectives
– This typically results in multiple different protection tools
• Very Large Database Protection
– All challenges of backup and recovery are amplified with very large databases
• Tape Trouble
– Low confidence in tape backup for long term data retention and data access
Current Challenges (3)

9.
23 NOIEMBRIE 2017 | BUCUREȘTI
Natural Threats
• Natural disasters
• Floods
• Earthquakes
• Hurricanes
Physical Security Threats
• Loss or damage of
system resources
• Physical intrusion
• Sabotage, espionage
and errors
Human threats
• Hackers
• Insiders
• Social engineering
• Lack of knowledge and
awareness
Information Security Threats - examples (1)

10.
23 NOIEMBRIE 2017 | BUCUREȘTI
Network Threats
• Information gathering
• Sniffing and eavesdropping
• Spoofing
• Session hijacking
• Man-in-the-middle attacks
• ARP Poisoning
• Password-based attacks
• Denial of service attack
• Compromised-key attack
Host Threats
• Malware attacks
• Target Footprinting
• Password attacks
• Denial of service attacks
• Arbitrary code execution
• Unauthorized access
• Privilege escalation
• Backdoor Attacks
• Physical security threats
Application Threats
• Data/input validation
• SQL injection
• Authentication and
Authorization attacks
• Configuration management
• Information disclosure
• Session management issues
• Buffer overflow issues
• Cryptography attacks
• Parameter manipulation
• Improper error handling
and exception management
• Auditing and logging issues
Information Security Threats - examples (2)

11.
23 NOIEMBRIE 2017 | BUCUREȘTI
• Recovery Time Objective (RTO):
– Acceptable amount of time to restore the function/service
– Requirement example:
• RTO = 0 in case of a site/datacenter being down
• RTO = 4 hour in case of 2 sites/datacenters being down
• Recovery Point Objective (RPO):
– Acceptable latency of data that will not be recovered
– Requirement example:
• RPO = 0 (no data is lost) in case of a site/datacenter being down
• RPO = 30 min in case of 2 sites/datacenters being down
Let’s start with the basics, RTO vs RPO

12.
23 NOIEMBRIE 2017 | BUCUREȘTI
• They should be set for each app/service, based on:
–The expected loss to the business within the objective
–The cost of achieving the objective
RTO & RPO objectives
Last backup Event Data restored
RPO RTO
Time

13.
23 NOIEMBRIE 2017 | BUCUREȘTI
• Moving DR data to the Cloud
–The cost of shifting massive amounts of data over the
Internet has declined dramatically
–Broadband speeds continue to increase
–The cost of storing vast quantities of data in the cloud
has declined dramatically (e.g. cold storage)
–The functionally limitless storage capacity of the cloud, as
long as organizations are willing to pay for it
–Hybrid cloud is building a lot of momentum
Cloud backup/DR concerns (1)

14.
23 NOIEMBRIE 2017 | BUCUREȘTI
• Cloud security worries are generally wrong
• Concerns about pricing blowouts
–Pricing has consistently decreased for Cloud storage
• Recovery speeds could be impacted
–Traditional tape storage allows for large amounts of data
to move around quickly (e.g. via courier)
• Long-term storage and its impact on cost
• Managing and monitoring backup & DR
Cloud backup/DR concerns (2)

15.
23 NOIEMBRIE 2017 | BUCUREȘTI
• Should the service just move to the cloud?
–Consider services like Exchange, SharePoint, Skype for
Business, CRM
–These would be critical during a DR failover to facilitate
communication between parties
• A better option may be to move to a SaaS based
solution in the cloud, e.g. Office 365 / Dynamics 365
–Could also use similar approach for other services that
are available as SaaS or even move to cloud PaaS for
regular production use
Service Migration to Azure

16.
23 NOIEMBRIE 2017 | BUCUREȘTI
AZURE BACKUP

17.
23 NOIEMBRIE 2017 | BUCUREȘTI
• Reliable Offsite Data Protection
– Easy replacement for tape backup
• Protect individual servers on-prem or in the Cloud
– Integrates with DPM and Windows Server Backup
• It can back up:
– Azure VMs
– System States
– Volumes, Files & Folders
– Applications/Workloads
• Out of the box, it offers:
– Automatic storage management with unlimited scaling
– Multiple storage options (locally-redundant or geo-redundant)
– Unlimited inbound data transfer
– Data encryption
– Application-consistent backups
– Long-term retention
Microsoft Azure Backup

18.
23 NOIEMBRIE 2017 | BUCUREȘTI
• Azure Backup (MARS) Agent
– File & Folder backup, on-prem or Cloud
– Backup 3 times per day, not application aware
– No Linux Support
• System Center DPM / Azure Backup Server
– App-aware backups (VSS) for SQL Server, SharePoint, Exchange, etc.
– Covers Disk-to-Disk-to-Cloud backups
– Full flexibility on backup times
– Recover granularity
– Linux Support on Hyper-V & VMWare VMs
– Azure Backup Server does not support tape backups
• Azure IaaS VM Backup
– Native backup for Linux & Windows, no agent required
Azure Backup Components

19.
23 NOIEMBRIE 2017 | BUCUREȘTI
AZURE SITE RECOVERY

20.
23 NOIEMBRIE 2017 | BUCUREȘTI
• Near-real-time transfer to alternative location/site
• Meet tight RPO and RTO objectives via failover
How is disaster recovery achieved on-premises?
Primary Secondary

21.
23 NOIEMBRIE 2017 | BUCUREȘTI
• The same process as on-premises, but with the
benefits of Azure
Disaster Recovery to Azure
Primary Cloud
StorSimple/Azure Files Sync
Azure Site Recovery
Azure Site Recovery
SQL AlwaysOn, etc.

22.
23 NOIEMBRIE 2017 | BUCUREȘTI
• Orchestrates and automates replication of:
–Azure VMs between regions
–On-premises VMs and physical servers to Azure
–On-premises machines to a secondary datacenter
• It covers:
–Azure VMs
–Hyper-V virtual machines
–Physical servers (Windows & Linux)
–VMware virtual machines
Azure Site Recovery

23.
23 NOIEMBRIE 2017 | BUCUREȘTI
• Running an instance in Azure requires:
– Network connectivity (S2S VPN/ExpressRoute)
– Compute charges
• To achieve HA, you can leverage other services such as:
– Azure Traffic Manager
– Azure IaaS Availability Sets
– Microsoft SQL Always-On
• Services requiring the highest RPO/RTO are good
candidates here
– Look at tier 1 SQL Servers or Domain Controllers
• You can also cut down on licensing/compute charges
– VM Scale Sets
– Azure Resource Manager Templates
• Other less critical applications may use ASR
Application-level replication
SQLAvailabilityGroup

24.
23 NOIEMBRIE 2017 | BUCUREȘTI
• Billing is done per OS instance protected
–It’s free for the first 31 days for any new OS instance
• These same technology can be used to migrate
existing workloads to Azure
• What is a migration?
–Perform replication
–Failover once
–Stop replication
ASR Side Notes

25.
23 NOIEMBRIE 2017 | BUCUREȘTI
CONCLUSIONS

26.
23 NOIEMBRIE 2017 | BUCUREȘTI
• Clearly define your existing RPO/RTO
–The expected loss to the business within the objective
–The cost of achieving the objective
• Evaluate both Azure Backup and ASR, as they achieve
different purposes
–Azure Backup: VM deletion/corruption, data loss inside
VM, create a copy of an older version
–ASR: low RTO/RPO objectives (as low as 30 seconds),
near-real-time failover, migration
First steps

27.
23 NOIEMBRIE 2017 | BUCUREȘTI
• Go with Azure Backup when:
– The business isn't accessing data on an urgent basis (cold data, any
workload with a long RTO window)
– Rebuilding instances/images in the public cloud isn't too complex
– You have in-house expertise in DR, and a willingness to test
readiness at least every six months
• Azure Site Recovery (DRaaS) is a better choice when:
– The sysadmin team consists of generalists with little expertise in DR
– The RTO is short (e.g. online marketing operations)
– The application and infrastructure setup is complex
• It’s generally better to do both
Azure Backup vs ASR

28.
23 NOIEMBRIE 2017 | BUCUREȘTI
Q & A