I have an Azure App Service (Premium) that is backing up my apps on the standard schedule. All of that is working fine. My question is, where are those backups located? Are they just stored in the app's region or are they geo-replicated in the paired region as well?
where are those backups located? Are they just stored in the app's region or are they geo-replicated in the paired region as well?
Automatic backups are stored in the same region (datacenter) of App Service that is backed up as given in this MS Doc.
Custom backups stored in Storage Account.
We can store the custom backups in the storage account located in any region but recommended to store close to the App service located.
By default, the storage account is in LRS if created from the App Service Portal Menu and can be changed accordingly:
Automatic backups are not stored in Storage Accounts but stored in the same datacenter where the App Service is hosted, and replication is based on the Zone-redundant type (enabled) of the App Service Plan.
If Custom backups are configured, then they will be stored in the Storage Accounts and replication is based on the Storage Account Replication Type.
Related
Since our RA-GZRS enabled Azure storage can't write to the secondary region when primary is down, thought of having another standby Azure storage to do the writes continuously.
The question is once the main storage account comes back, how sync the updates back to the main from standby? Can we write runbook using AzCopy.exe? Any other better Azure service/solution to accomplish sync process using AzCopy.exe/other as a background service?
Assuming the outage isn't severe enough that Microsoft doesn't failover to the secondary region. You can initiate the failover yourself, and then you would be able to write to the secondary region. This is essentially a DNS change which makes the secondary endpoint become the primary endpoint. Once the primary region becomes available again, you can change the storage account to geo-redundant storage, and then if required, repeat the failover.
See Initiate storage account failover and Storage account failover for more details.
There are two back up configuration options for Azure Recovery Service Vault - LRS vs GRS
This is a question regarding Azure Recovery Service Vault.
How does geo-redundant enabled recovery service vault being handled when its residing region failed ?
If the cross region restore is not being enabled for a recovery service, which by default it isn't, what will happen to my recovery service vault ?
I am trying to find out the difference between enabling cross region restore and not to.
There is not much info that i can find through the internet and official documents.
Configure cross region restore for recovery service vault
There is one more helpful link GRS vs LRS. However, as of time writing, seems like cross region restore has not been enabled, and right now, it is on enabled in west central us. However, we can enable GRS for all(most) regions.
The Recovery Services vault is an entity that stores the backups and recovery points created over time. Azure Backup automatically handles storage for the vault. The LRS and GRS mean to the Storage Replication type. Read the storage replication strategy.
Locally redundant storage (LRS) replicates your data three times
within a single data center.
GRS replicates your data to another data
center in a secondary region, but that data is available to be read
only if Microsoft initiates a failover from the primary to secondary
region.
Storage Replication type by default is set to Geo-redundant. The CRR feature is based on A vault created with GRS redundancy. So you can enable GRS for all(most) regions but CRR is currently available in the WCUS region. Read here.
As the GRS storage replication, If the primary region that geo-redundant enabled recovery service vault residing on failed, Microsoft initiates a failover from the primary to a secondary region. The secondary region serves as a redundant source for your data.
With CRR enabled service, The restore operation on the secondary region can be performed by Backup Admins and App admins. Which gives you full control to restore data to a secondary region. The secondary region is an Azure paired region.
Without CRR enabled service, you probably could not restore all the Azure VMs for the selected recovery point if the backup is done in the secondary region. You can create a new VM from a restore point, restores a VM disk, replace a disk on the existing VM. See the restore options.
Hope this could help you.
THis is another answer from Cross Region Restore - check comments for reference purpose.
The storage redundancy configuration for the Recovery Services Vault (RSV), is specific to Azure Backup data, not Azure Site Recovery (ASR).
This means, in the event of an Azure region failure, if the RSV is configured with Geo-Redundant Storage (GRS), then (with the help of the Azure support team), the RSV can be made available in the paired Azure region, and the data would be accessible.
The cross-region restore (CRR) option, is something that’s specific to Azure Backup, not ASR. You can have an RSV configured with GRS storage, but not have CRR enabled. The CRR feature allows you to take a backup of a VM in Region1, and perform a VM restore in Region2. The storage redundancy is for geo-failover of the RSV itself in the event of a full Azure region failure.
I'm a lone dev that inherited a giant undocumented mess of an azure vm without any sysadmin-like training nor a lab to test things out. This vm runs our website just fine, but I couldn't log in to VestaCp because disk space usage is at 100%.
I did setup azure to make daily backups. Now I'm wondering if azure somehow stores them on the same machine e.g. they're the cause of the full disk space.
if so, how do I remove a set of old backups?
Now I'm wondering if azure somehow stores them on the same machine e.g. they're the cause of the full disk space.
As mentioned in the official document about creating a recovery services vault for a VM:
The location of Recovery Services vault determines the geographic region where your backup data is sent.
If you have virtual machines in multiple regions, create a Recovery Services vault in each region.
There is no need to specify the storage accounts used to store the backup data--the Recovery Services vault and the Azure Backup service automatically handle the storage.
Per my understanding, your VM backup data could be stored on the storage accounts that are managed automatically by the Recovery Services vault (ARM) and the Azure Backup service (ASM).
Moreover, if this issue could not be solved by removing a set of old backups, I assumed that you could follow this tutorial to resize Azure VM OS or Data Disk created using Azure Service Manager (ASM) or this tutorial for resizing ARM VM OS & Data disk.
I have create more than 3 storage account and 3 VM and 3 Clusters.
Storage Accounts:
Storage Account 1
Storage Account 2
Storage Account 3
I want to know Storage Account 1 is associated with how many VM and Clusters. How can I find it via Azure Portal ?
A storage account isn't an "owned" or "dedicated" resource. That is, even if you use a storage account for a given app or service, there's no tight coupling between the two. Any service / app that has your account credentials (or a SAS link to a specific container/queue/table within your storage account) will be able to use that storage account.
However, if you look at the settings for a given app or service (in your case, your VM or HDInsight), you can see which storage accounts it's using, with a bit of digging. For example, your VM might have both OS and Data disks, with each disk using potentially a different storage account - you'd need to enumerate the OS+attached disks to see which storage accounts are in use for each.
Further, if you create all resources at once (again, imagine creating a new VM with new storage), all of your resources will be bundled together within the same Resource Group.
You can via the new Azure portal to find the Azure Storage Account, in the storage account, you will find the Container. The vhds container used for Azure VM by default, select the vhds, you will find the VMs' VHD files there. About the HDInsight, the default Container name is the HDInsight name, so we can find the result manually.
I want to create a couple of cloud services - Int, QA, and Prod. Each of these will connect to separate Db's.
Do these cloud services require "storage accounts"? Conceptually the cloud services have executables and they must be physically located somewhere.
Note: I do not use any blobs/queues/tables.
If so, must I create 3 separate storage accounts or link them up to one?
Storage accounts are more like storage namespaces - it has a url and a set of access keys. You can use storage from anywhere, whether from the cloud or not, from one cloud service or many.
As #sharptooth pointed out, you need storage for diagnostics with Cloud Services. Also for attached disks (Azure Drives for cloud services), deployments themselves (storing the cloud service package and configuration).
Storage accounts are free: That is, create a bunch, and still only pay for consumption.
There are some objective reasons why you'd go with separate storage accounts:
You feel that you could exceed the 20,000 transaction/second advertised limit of a single storage account (remember that storage diagnostics are using some of this transaction rate, which is impacted by your logging-aggressiveness).
You are concerned about security/isolation. You may want your dev and QA folks using an entirely different subscription altogether, with their own storage accounts, to avoid any risk of damaging a production deployment
You feel that you'll exceed 200TB 500TB (the limit of a single storage account)
Azure Diagnostics uses Azure Table Storage under the hood (and it's more convenient to use one storage account for every service, but it's not required). Other dependencies your service has might also use some of the Azure Storage services. If you're sure that you don't need Azure Storage (and so you don't need persistent storage of data dumped through Azure Diagnostics) - okay, you can go without it.
The service package of your service will be stored and managed by Azure infrastructure - that part doesn't require a storage account.