Protecting cloud-born applications requires a deeper discussion and a clearer understanding of the top-down BCDR strategy for applications. A “bottom-up” strategy, where the underlying physical hypervisor is the source, does not work, especially for PaaS-based applications.
You must understand how tenants are protecting their cloud-born applications in Azure (or AWS, GCS, and so on). In all cases, the services do not expose an infrastructure backup that targets the underlying computers running complex multitenant services.
Backup is delegated up the stack to the application/tenant. For example, most services expose create, read, update, and delete (CRUD) operations. Administration, development, and development operations can use the services to protect a specific resource, such as backup of an application service or database, replication of a BLOB, and so on.
No single operation backs up all data repositories across all applications and subscriptions. This approach has limitations if you want an application-consistent backup across multiple independent data repositories. There is no virtual switching system (VSS) for PaaS. Over the long term, the most sophisticated application provides native backup and restore capabilities that account for consistency, item level restore, failover, and so on.
As Microsoft ships new PaaS offerings, it offers a consistent set of capabilities for Azure Stack Hub. Each service cannot provide all capabilities on Day One, but Microsoft will close any gaps over time. Microsoft documents the backup and restore workflows that work for each service. For example, Microsoft does not currently support read-access geo-redundant storage (RA-GRS) for BLOB storage. This limitation affects how you design BCDR for an application. You can take a snapshot of a BLOB and copy it to another storage account, but the native replication of BLOBs between two regions is not yet available.
Because modern web applications use standard CRUD operations, viable third-party solutions exist to address continuity.
A solution such as ZeroDown ZeroNines can fill the niche for synchronizing data inbound to a web application by journaling the CRUD operation and playing back across multiple cloud targets. This decoupling of the inbound URI/CRUD command is a newer approach to addressing BCDR for web applications.
Due to the finite focus of the Infrastructure Backup Service, you must consider the infrastructure aspects that custom VM images represent, which are stored as BLOBs in the Azure Stack Hub cloud.
Protect your custom images and marketplace packages in addition to your other valuable data, and account for their recovery and re-creation in the event of a site recovery.