Skip to content

Overview

This article provides a detailed description of Afi data backup and recovery scenarios for Microsoft Azure virtual machines and databases.

The current guide assumes that you have already installed the Afi application for your Microsoft Azure tenant, added it to the Afi portal and protected the resources with Afi. If not, please follow this article to set up your Microsoft Azure tenant in Afi.

How Microsoft Azure backup and recovery work

Afi uses the publicly available Microsoft Azure APIs to discover resources, synchronize data, and perform recovery activities. During tenant onboarding, you should consent to the Afi application to allow it to access your Microsoft Azure tenant. To access Microsoft Azure data, Afi creates a service principal on the Azure tenant's side and provisions service principal role assignments for the tenant's subscriptions or for the root management group based on the level of access of the Azure administrator who performs the onboarding.

Afi relies on unique Microsoft Azure identifiers to recognize and access Microsoft Azure tenants and resources. This approach makes resource renames or transfers between resource groups and subscriptions transparent to Afi and ensures these changes do not affect its service activities. Such changes are automatically reflected on the Afi side within 24 hours, after a periodic resource synchronization with Microsoft Azure. During this time, all backup and recovery activities continue running without interruption.

Virtual machine backup

During a virtual machine backup, Afi create a restore point for the virtual machine and then synchronizes the corresponding snapshot data to the Afi cloud. Restore points are kept on the Azure side for 7 days to allow fast recovery from recent backup snapshots.

Using Azure restore point technology allows Afi to ensure crash consistency for multi-disk configurations as well as application consistency for certain Windows and Linux applications:

  • Application consistency is guaranteed for Windows applications implementing a VSS writer.
  • For Linux applications, application consistency can be achieved using pre-/post- scripts.

Database backup

During a database backup, Afi automatically provisions a staging SQL server, clones the database into the staging server, and then uploads the data to the Afi cloud. Microsoft Azure ensures that the database copy that is used to perform the backup is transactionally consistent.

How to view backup data and navigate across backup snapshots

To view backup data for a resource (virtual machine/database), go to the Service → Protection tab, locate the backup by searching for its name, and click Recover to open the backup browse view. Please note that clicking on Recover on the Protection tab doesn't trigger any actual data recovery activities.

When you open a backup, you will see a set of tabs for backup naviguration and a calendar control to switch between the backup snapshots. By default, the most recent backup snapshot is opened for browsing.

Backup snapshots

To switch to a different backup snapshot, click on the Backup version dropdown and select a backup date by clicking on the corresponding day. If several backups were performed on that day, the service will display their start times, and you will need to click on the backup time to proceed to the snapshot.

After a backup snapshot is opened, you will be able to view virtual machine/database state at the time of this backup snapshot and launch a data export or restore from this backup snapshot. The service will highlight a backup version from which an export or a restore is performed in the download or recovery settings dialogs.

By default, Afi preserves all backup snapshots indefinitely. If you want to limit how long the Afi service keeps backup snapshots or files/emails inside backups, you can configure custom retention settings for your backup SLA policies as described here.

Data access security

Afi provides fully explicit and fine-grained access model which allows to configure custom access groups that grant users limited access to certain resource groups or individual resources in an Azure tenant. Please see the following article for a detailed description of the Afi permissions model.

Afi audits all user activity related to data export, including data browse, search, export, or recovery events. Afi administrators can review these audit events on the Activity → Audit tab in the Afi portal.