Skip to main content

Backup and Restore Architecture on Azure

A policy-driven backup design on Azure with immutable, geo-redundant recovery points and regular restore testing. Immutability and soft delete make backups resilient to ransomware while geo-redundancy survives a regional outage.

Cloud Provider
AZURE
Components
6
Use Cases
3
Standards
4

What and When

Backup and restore protects against data loss from human error, corruption, and ransomware. The architecture defines what is backed up, how often, how long copies are kept, and crucially how quickly data can be restored. Build it for every workload that holds important state, and make immutability a priority given the prevalence of ransomware that targets backups.

This design uses Azure Backup with a Recovery Services vault configured for immutability and geo-redundancy.

Components

  • Azure Backup orchestrates scheduled backups of VMs, databases, files, and SQL workloads through policies.
  • Recovery Services vault stores recovery points and manages retention and access.
  • Immutable storage locks recovery points so they cannot be altered or deleted before their retention expires, defeating ransomware.
  • Geo-redundant storage replicates backups to a paired region for regional resilience.
  • Soft delete retains deleted backups for a grace period to recover from accidental or malicious deletion.
  • Backup Center gives a single pane to monitor jobs, compliance, and alerts.

Data Flow

Backup policies trigger on schedule. Azure Backup snapshots the workload, transfers the data to the Recovery Services vault, and writes an immutable recovery point. The vault replicates to the paired region via geo-redundant storage. To restore, an operator selects a recovery point in Backup Center and restores the item or full workload. Restore tests run regularly to validate that recovery actually works.

Scaling and Resilience

Policy-driven backup scales across hundreds of workloads without per-resource scripting. Geo-redundant storage protects against regional loss, and immutability protects against tampering. The key resilience practice is testing restores, not just confirming backups succeeded; an untested backup is a liability. Stagger backup windows to avoid contention and monitor for failed jobs.

Security

Immutability and soft delete are the core ransomware defenses: even an attacker with admin rights cannot destroy recovery points within the retention window. Require multi-user authorization for sensitive operations like shortening retention. Encrypt backups at rest and in transit, restrict vault access with least privilege, and alert on unusual deletion attempts. Align retention with regulatory requirements and document it for audit.

Trade-offs and Alternatives

Geo-redundancy and long retention increase storage cost, so tier retention by data importance. Immutability removes flexibility to delete early, which is the point but requires careful policy design. Native Azure Backup is simplest within Azure; third-party tools such as Veeam or Commvault offer cross-platform coverage for hybrid estates. For very low RTO, combine backups with a warm-standby DR design rather than relying on restore alone.