1 / 48

Implement Cloud Backup and Disaster Recovery at Scale in Azure

Implement Cloud Backup and Disaster Recovery at Scale in Azure. Rochak Mittal Senthuran Sivananthan Trinadh Kotturu Dean Cefola. BRK3064. Session Agenda. Site-Recovery @ Scale

kron
Download Presentation

Implement Cloud Backup and Disaster Recovery at Scale in Azure

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Implement Cloud Backup and Disaster Recovery at Scale in Azure Rochak Mittal Senthuran Sivananthan Trinadh Kotturu Dean Cefola BRK3064

  2. Session Agenda Site-Recovery @ Scale Showcase built-in capabilities for automated large-scale deployment, monitoring and optimization of Site-Recovery in Azure Backup @ Scale Showcase built-in capabilities for automated large-scale deployment, security and governance of backup in Azure

  3. Key Session Objectives & Takeaways Built-in support for scaling ‘Site-Recovery’ for applications in Azure I can Deploy, Monitor & Optimize my Disaster Recovery solution for large deployments in Azure Built-in support for scaling ‘Backup’ of resources in Azure I can Deploy, Secure & Govern my Backup solution for large deployments in Azure Azure is a smarter choice for protecting large in-cloud deployments With built-in solutions for Backup and DR, my enterprise can trust Azure for large scale deployments

  4. Site-Recovery @ Scale

  5. Site-Recovery @ Scale Deploy Govern Optimize • What region should we pick as our DR site? • How do we protect databases? • How do we automate 100s of VMs at the same time? • How do we ensure all VMs are protected? • How do we bill back to each business unit? • How do we secure access to the Recovery Services? • How do we get a holistic view of our DR posture? • How do we improve RTO? • How to improve the RPO of the replication? • How do we make the DR process repeatable?

  6. Real-solutions for real-problems Deploy Optimize Govern

  7. Define RPO and RTO • DocumentDR failover triggers and approvals • Periodically Test your DR process • ASR - No impact DR drill • Assign clear roles and ownership -Leverage ASR Built-in roles for RBAC • Different RS vault for different BU / tenants • ASR – Auto creates DR region resource based on source configuration including Vnet and IPs • Site Connectivity need to be planned • Monitor replication health • Track configuration changes in environment

  8. Journey to Scale How do we automate 100s of VMs at the same time? How do we ensure all VMs are protected? How do we get a holistic view of our DR posture? How do we further improve our RTO? AZURE POLICY REPORTING PRE & POST SCRIPTS AUTOMATION Monitor and automatically reach to new VMs added to the environment. Build cross subscription & cross resource group KPI reports Used pre & post-deployment scripts to automate manual tasks Automate the deployment and configuration.

  9. Deploy @ Scale

  10. Automate • Support for REST API, CLI and PowerShell • PowerShell Example • Protecting a virtual Machine New-ASRReplicationProtectedItem -AzureToAzure -AzureVmId $VM.Id -Name (New-Guid).Guid -ProtectionContainerMapping $EusToWusPCMapping -AzureToAzureDiskReplicationConfiguration $diskconfigs -RecoveryResourceGroupId $RecoveryRG.ResourceId • Failover a Virtual Machine $Job_Failover = Start-ASRUnplannedFailoverJob -ReplicationProtectedItem $ReplicationProtectedItem -DirectionPrimaryToRecovery -RecoveryPoint $RecoveryPoints[-1]

  11. PowerShell Demo

  12. Govern @ Scale

  13. Governance with Policy Resource Group Audit Policy Auto Enable Policy • Audit Policy – Tracks changes in given scope • Auto Enable Policy – Automatic configuration

  14. Azure Policy Demo

  15. Monitoring Monitor(Log Analytics) Recovery Services Vault Native Experience Email Alerts Extensible ITSM Integration

  16. Monitoring Demo

  17. Optimize for Scale

  18. Typical 3 Tier Application High availability mode AvailabilitySet AvailabilitySet AvailabilitySet • Multi-tiered with Availability Set • Load balancers • Public IP connectivity • SQL Always On Web1 App1 SQL1 Web2 App2 SQL2 AD1 AD2

  19. Application Recovery Enable Replication AvailabilitySet AvailabilitySet AvailabilitySet Failover App1 Web1 SQL1 AvailabilitySet Web2 SQL2 App2 Web1 Web2 AD1 AD2 AD-DR AvailabilitySet App1 App2 SQL-AG

  20. Application Recovery Demo

  21. Recovery Plan for Application Recovery • Orchestrated App recovery using Recovery Plan • Define one click recovery for application • Manage boot order of machines • Orchestrate recovery across multiple channels • Automate recovery configuration using Azure Automation • Sample scripts https://aka.ms/asr-automationrunbooks-deploy

  22. Networking guidance Retain IP or Change IP Client connectivity On-premises connectivity Azure Target Region Azure Source Region On-premises Datacenter Refer to https://aka.ms/a2a-express-route Refer to https://aka.ms/a2a-traffic-manager

  23. Backup @ Scale

  24. Backup @ Scale Deploy Secure Govern • Across subscriptions and locations • Production, Development, Testing • Multiple departments (IT, HR, Ops, etc.) • Secure data & backup data • Secure access to data • Secure data from attacks • Ensure correct policies are applied • Monitor for failures • Get insights on functioning

  25. Deploy @ Scale

  26. Enterprise Deployment Scale-Up and Scale-Out as per your deployment Scale-UpWithin the subscription Scale-OutAcross subscriptions

  27. Template Demo Automation is your friend ARM Templates Demo

  28. Resource Manager Policy "if": { "field": "type", "equals": "Microsoft.Compute/virtualMachines" }, "then": { "effect": "deployIfNotExists", "details": { "resourceGroupName": "[parameters('resourceGroup')]", "type": "Microsoft.RecoveryServices/backupprotecteditems", "existenceCondition": { "field": "name", "like": "*" }, "deployment": { … }

  29. Secure @ Scale

  30. Secure your Data Don’t compromise on network security for your backups! KEK Subnet NIC BEK AES 256 New Azure Firewall Azure Disk Encrypted VMs Secured Backup data Network lockdown VMs

  31. Compliance Certifications Complete list: https://www.microsoft.com/trustcenter/compliance/complianceofferings FERPA ISO 9001 ISO compliance for Quality standards PCI DSS FINRA 4511 SOX ISO 27018 HIPPA compliance for healthcare GDPR for privacy BIR 2012 MeitY FIPS CSA compliance Security & Trust DOD DISA FEDRAMP MPAA GxP

  32. Secure access to data Custom role Built-In roles { "Name": “Backup custom role", "Id": "88888888-8888-8888-8888-888888888888", "IsCustom": true, "Description": "Can trigger restore but not file restore.", "Actions": [ "Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/recoveryPoints/restore/action" ], "NotActions": [ “Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/recoveryPoints/provisionInstantItemRecovery/action” ], "AssignableScopes": [ "/subscriptions/{subscriptionId1}"] } Recovery Services Vault View All Backup Reader Enable Backup Restore Backup Operator Policy Management Delete-Stop Backup Backup Contributor

  33. Guard your data from malicious admin Privileged ID Management Just-In-Time access to resources Multi-factor authentication for role activation Multi-user approval for role request

  34. Protect from attacks Prevent Alert Recover Prevent destructive operations such as “Delete Backup data” by requiring a PIN Alert owners about occurrence of destructive operations Recover to alternate server or to same server

  35. Govern @ Scale

  36. Backup Center Demo

  37. Integration with Monitor Monitor(Log Analytics) Data Model Azure VM Backup Sql Server VM Backup No infrastructure Enterprise Wide Custom Alerts ITSM Integration

  38. Reporting using Power BI Power BI Power BI Azure VM Backup Azure Storage Sql Server VM Backup Organization Data No infrastructure Enterprise wide Open Data Model Cross-Tenant

  39. Session resources Follow us on Twitter @AzureBackupfor latest updates on Azure Backup! For preview sign-ups email us at AskAzureBackupTeam@microsoft.com

  40. Key Session Objectives & Takeaways Built-in support for scaling ‘Site-Recovery’ for applications in Azure I can Deploy, Monitor & Optimize my Disaster Recovery solution for large deployments in Azure Built-in support for scaling ‘Backup’ of resources in Azure I can Deploy, Secure & Govern my Backup solution for large deployments in Azure Azure is a smarter choice for protecting large in-cloud deployments With built-in solutions for Backup and DR, my enterprise can trust Azure for large scale deployments

  41. Please evaluate this sessionYour feedback is important to us! Please evaluate this session through MyEvaluations on the mobile appor website. Download the app:https://aka.ms/ignite.mobileApp Go to the website: https://myignite.techcommunity.microsoft.com/evaluations

  42. Networking guidance Retain IP or Change IP Client connectivity On-premises connectivity Azure Target Region Azure Source Region On-premises Datacenter Refer to https://aka.ms/a2a-traffic-manager Refer to https://aka.ms/a2a-express-route

  43. Early Challenges How do we improve RTO? How do we bill back to each business unit? What region should we pick as our DR site? How do we protect databases? SQL SQL BILLING TAGS SCAFFOLD DATABASE CONSISTENCY Deploy one Recovery Services Vault per business unit and use Billing tags Leverage native database replication tools for transactional consistency Pre-deploy resources that based on the required RTO Region 2 Region 1 DR Site Database Primary Database REGION PAIRS Protection from disaster withData Residency compliance

  44. Growing Challenges How to improve the RPO of the replication? How do we secure access to the Recovery Services? How do we lower risk in subscription design? How do we make the DR process repeatable? BCP PROCESS + DRILLS + GATES JUST IN TIME & JUST ENOUGH ACCESS CROSS-REGION SUBSCRIPTIONS SERVICEENDPOINTS Formalize disaster recovery as a prerequisite for production launches Use RBAC and Azure Active Directory PIM Setup a separate subscription for DR failovers Use service endpoints for security & optimal routing

  45. Governance with Policy Resource Group Auto Enable Policy Audit Policy • Audit Policy – Tracks changes in given scope • Auto Enable Policy – Automatic configuration

More Related