How to protect Azure Stack Hub and Azure Stack HCI
There are a lot of misunderstandings about Azure Stack solutions and how to protect each one of them. I want to help you better understand each solution within Azure Stack portfolio and how to protect them using Veritas NetBackup. As you already know, Veritas NetBackup is an enterprise-class backup and recovery suite that provides unified data protection for multi-cloud, virtual and physical environments that can be globally managed from a single console, including all Azure Stack solutions. The usual misunderstanding is to think Azure Stack is a solution itself, but Azure Stack is a portfolio of products comprised of three distinct offerings – Azure Stack Edge, Azure Stack Hub, and Azure Stack HCI. Azure Stack solutions help you extend Azure services and capabilities to your environment of choice – from the data center to edge locations and remote offices. The confusion kicks in mostly between Azure Stack Hub and Azure Stack HCI and how to protect them. https://docs.microsoft.com/en-us/azure-stack/operator/compare-azure-azure-stack?view=azs-2108 The most important feature of HCI is that it can run “disconnected” from Azure, in other words, HCI is just like your branch office server. It is a box that contains compute, power, storage, and network connections and holds Hyper-V based virtualized workloads and it has the option to connect to some Azure services. And so, as it is like a Hyper-V server, you can use Veritas NetBackup Hyper-V policy type to protect it along with all the features Veritas NetBackup already provided for Hyper-V: NetBackup for Hyper-V uses snapshot technology to keep virtual machines 100% available to users. NetBackup for Hyper-V creates quiesced Windows snapshots using Volume Shadow Copy Service (VSS) and Windows Management Instrumentation (WMI). NetBackup for Hyper-V performs full backups and file-level incremental backups of the virtual machine. With the WMI backup method, it also performs block-level incremental backups and Accelerator backups. Can restore the full virtual machine from the following: Full backups of the VM. Block-level incremental backups of the VM. Accelerator backups of the VM. Can restore individual files of the virtual machine from the following: Full backups of the VM. File-level incremental backups of the VM. Block-level incremental backups of the VM. Accelerator backups of the VM. Can restore to the original virtual machine, to other locations on the Hyper-V server, or to a different Hyper-V server. For details on how to protect Hyper-V, please check the NetBackup for Hyper-V Administrator’s Guide on the following URL: https://www.veritas.com/content/support/en_US/doc/21357025-151824041-0/v21357050-151824041 On the other hand, Azure Stack Hub is really the on-premise extension of the Azure public cloud. Almost everything you can do in the public cloud, you could also deploy on Hub: from VMs to apps, all managed through the Azure portal or even Powershell, including things like configuring fault and updated domains. In this case, you can still use the same deployment of Veritas NetBackup to protect your in-cloud workloads. The cloud data protection framework leverages the CloudPoint infrastructure to drive faster proliferation of cloud providers, since v8.3, CloudPoint can protect assets in AWS, AWS Outpost, Azure, Azure Stack hub and GCP clouds. Features includes: Automatic discovery of cloud assets: NetBackup retrieves the cloud assets pertaining to the cloud accounts every 2 hours by default. This period is configurable. Protection of intelligent cloud groups based on a set of filters called queries. All the assets satisfying the query conditions will automatically be protected. Protection of Microsoft Azure resources using resource groups. NetBackup Accelerator backups. Application consistent snapshots. You can perform original location and alternate location restores. Incremental snapshots. Backup from snapshot. Restore from snapshot copy, replica copy, backup copy or duplicate copy. Restore VMs to an alternate configuration, to a different region, to a different subscription, and restore VMs or disks to a different resource group. Granular files and folders restore For details on how to protect Cloud Assets, please check the NetBackup Web UI Cloud Administrator’s Guide on the following URL: https://www.veritas.com/content/support/en_US/doc/150074555-150074602-0/v130722342-150074602What's new in NetBackup v10 - Azure Stack ADFS based authentication in NetBackup Resiliency Platform
There are two options of authentication mechanism used by Microsoft Azure Stack: Azure Active Directory (Azure AD) Active Directory Federation Services (ADFS) Active Directory Federation Service (ADFS) is a software component developed by Microsoft to provide Single Sign-On (SSO) authorization service to users on Windows Server Operating Systems. ADFS allows users across organizational boundaries to access applications on Windows Server Operating Systems using a single set of login credentials. Deploying with ADFS allows identities in an existing Active Directory forest to authenticate with resources in Azure Stack Hub. In a connected scenario, you can choose Azure AD or AD FS. For a disconnected scenario (without a connection to the internet), only AD FS is supported. With Veritas NetBackup v10.0, Azure Stack can be configured in Resiliency Platform to use ADFS authentication type allowing customer to use their own Active Directory and in a disconnected scenario. It also allows customers to recover virtual machines from Azure AD to Azure ADFS or vice-versa as well Azure ADFS to Azure ADFS.
