| title | description | ms.topic | ms.service | ms.custom | ms.date | author | ms.author |
|---|---|---|---|---|---|---|---|
Azure Backup glossary |
This article defines terms helpful for use with Azure Backup. |
reference |
azure-backup |
devx-track-azurepowershell, devx-track-arm-template, devx-track-azurecli, engagement-fy24 |
12/30/2024 |
AbhishekMallick-MS |
v-abhmallick |
This glossary of terms can be helpful when using Azure Backup.
Note
- Terms which are marked with the prefix "(Workload-specific term)" refer to those terms which are only relevant in the context of a specific subset of workloads that Azure Backup supports.
- For terms which are used commonly in Azure Backup documentation but refer to other Azure services, a direct link is provided to the documentation of the relevant Azure service.
Refer to Azure Files documentation.
A recovery done from the recovery point to a location other than the original location where the backups were taken. When you use Azure VM backup, this would mean to restore the VM to a server other than the original server where the backups were taken. When you use Azure File share backup, this would mean to restore data to a file share that is different from the backed-up file share.
(Workload-specific term)
Application-consistent backups capture memory content and pending I/O operations. App-consistent snapshots use a VSS VSS writer (or pre or post scripts for Linux) to ensure the consistency of the app data before a backup occurs. Learn more.
Refer to ARM templates documentation.
(Workload-specific term)
Autoprotection is a capability that lets you automatically protect all the databases in a standalone SQL Server instance or a SQL Server Always On availability group. Not only does it enable backups for the existing databases, but it also protects all the databases that you may add in future.
Azure Backup offers three types of replication to keep your storage and data highly available:
Locally redundant storage (LRS) replicates your backup data three times (it creates three copies of your backup data) in a storage scale unit in a datacenter. All copies of the backup data exist within the same region. LRS is a low-cost option for protecting your backup data from local hardware failures.
Geo-redundant storage (GRS) is the default and recommended replication option. GRS replicates your backup data to a secondary region, hundreds of miles away from the primary location of the source data. GRS costs more than LRS, but GRS provides a higher level of durability for your backup data, even if there's a regional outage.
Note
For GRS vaults that have the cross-region restore feature enabled, backup storage is upgraded from GRS to RA-GRS (Read-Access Geo-Redundant Storage).
Zone-redundant storage (ZRS) replicates your backup data in availability zones, guaranteeing backup data residency and resiliency in the same region. So your critical workloads that require data residency can be backed up in ZRS.
Refer to Azure CLI documentation.
Refer to Azure Policy documentation.
Refer to Azure PowerShell documentation.
Refer to Azure Resource Manager documentation.
Refer to Azure Disk Encryption documentation.
The actual storage used by a backup instance. Includes the size of all retention points that exist for the backup instance (as defined by the backup and retention policy).
Backup of operating system files and all data on critical volumes, except for user data. By definition, a bare metal backup includes a system state backup. It provides protection when a computer won't start and you have to recover everything. Learn more.
(Specific to Azure VM workload type)
Azure virtual machine (VM) extensions are small applications that provide post-deployment configuration and automation tasks on Azure VMs. Azure Backup backs up Azure VMs by installing an extension to the Azure VM agent running on the machine. Azure Backup automatically manages these extensions and users don't need to manually update these extensions.
A datasource backed up to a vault with a particular backup and retention policy constitutes a backup instance or a backup item.
A backup rule is a user-defined rule that specifies when and how often backups should be performed on a datasource. For some workload types, backup policy also provides a way to specify the snapshot method to be applied on the datasource (full, incremental, differential). Backup policies are often created as a combination of backup rules and retention rules.
An Azure Resource Manager resource of type Microsoft.DataProtection/BackupVaults. Currently, Backup vaults are used to back up Azure Databases for PostgreSQL Server. Learn more about Backup vaults.
BCDR involves a set of processes an organization must adopt to ensure apps and workloads are up and running during planned and unplanned service or Azure outages, with minimal business disruption. Learn more about the various services that Azure offers to help you create a sound BCDR strategy.
The percent of change in the data being backed up between two consecutive backups. This could be because of addition of new data, or the modification or deletion of existing data.
(Workload-specific term)
Crash-consistent snapshots typically occur if an Azure VM shuts down at the time of backup. Only the data that already exists on the disk at the time of backup is captured and backed up. Learn more.
As one of the restore options, Cross Region Restore (CRR) allows you to restore backup items in a secondary region, which is an Azure paired region.
Refer to data box documentation.
A resource (Azure resource, proxy-resource, or on-premises resource) which is a candidate for being backed up. For example, an Azure VM or an Azure File share.
(Workload-specific term)
Refer to the DPM documentation.
Refer to the ExpressRoute documentation.
(Workload-specific term)
File-system consistent backups provide consistency by taking a snapshot of all files at the same time. Learn more.
The size of the data to be backed up for a datasource. The frontend size of a datasource determines its Protected Instance count.
In full backups, a copy of the whole data source is stored for every backup.
A GFS (Grandfather-father-son) backup policy is one that enables you to define weekly, monthly, and yearly backup schedules in addition to the daily backup schedule. The weekly backups are known "sons", the monthly backups are known as "fathers" and the yearly backups are known as "grandfathers". Each of these sets of backup copies can be configured to be retained for different durations of time, allowing for more customization of retention choices for backup copies. GFS policies are useful in retaining backups for a long period of time in a more storage-efficient manner.
Refer to the Azure VM documentation.
Incremental backups store only the blocks that have changed since the previous backup.
(Workload specific term) Instant restore involves restoring a machine directly from its backup snapshot rather than from the copy of the snapshot in the vault. Instant restores are faster than restores from a vault. The number of instant restore points available depends on the retention duration configured for snapshots. Currently applicable for Azure VM backup only.
Input/output operations per second.
(Workload-specific term)
Restoring individual files or folders inside the machine from the recovery point.
A backup-related task that is created by a user or the Azure Backup service. Jobs can be either scheduled or on-demand (ad-hoc). There are different types of jobs - backup, restore, configure protection, and so on. Learn more about jobs.
(Workload-specific term)
With Azure Backup Server, you can protect application workloads such as Hyper-V VMs, Microsoft SQL Server, SharePoint Server, Microsoft Exchange, and Windows clients from a single console. It inherits much of the workload backup functionality from DPM, but with a few differences. Learn more
Refer to the Managed disks documentation.
(Workload-specific term)
This is also known as Azure Backup agent or Recovery Services agent, the MARS agent is used by Azure Backup to back up data from on-premises machines and Azure VMs to a backup Recovery Services vault in Azure. Learn more.
Refer to the NSG documentation.
Offline seeding refers to the process of transferring the initial (full) backup offline, without the use of network bandwidth. It provides a mechanism to copy backup data onto physical storage devices, which are then shipped to a nearby Azure datacenter and uploaded onto a Recovery Services vault. Learn more.
A backup job that is triggered by a user on a one-time need basis, and not based on the backup schedule (policy) that has been configured for the resource.
A recovery done from the restore point to the source location from where the backups were taken, replacing it with the state stored in the recovery point. When you use Azure VM backup, this would mean to restore the VM to the original server where the backups were taken. When you use Azure File share backup, this would mean to restore data to the backed-up file share.
(Workload-specific term)
A passphrase is used to encrypt and decrypt data while backing up or restoring your on-premises or local machine using the MARS agent to or from Azure.
Refer to the Private Endpoint documentation.
A protected instance refers to the computer, physical or virtual server you use to configure the backup to Azure. From a billing standpoint, Protected Instance Count for a machine is a function of its frontend size. Thus, a single backup instance (such as a VM backed up to Azure) can correspond to multiple protected instances, depending on its frontend size. Learn more.
Refer to the RBAC documentation.
A copy of the original data that is being backed up. A retention point is associated with a timestamp so you can use this to restore an item to a particular point in time.
An Azure Resource Manager resource of type Microsoft.RecoveryServices/vaults. Currently, Recovery Services vaults are used to back up the following workloads: Azure VMs, SQL in Azure VMs, SAP HANA in Azure VMs, and Azure File shares. It's also used to back up on-premises workloads using MARS, Azure Backup Server (MABS), and System Center DPM. Learn more about Recovery Services vaults.
Refer to the Azure Resource Manager documentation.
Refer to the Azure REST API documentation.
A user-defined rule that specifies how long backups should be retained.
RPO indicates the maximum acceptable amount of data loss measured in time. For example, if a disaster occurs at 12:00 PM and the last backup was at 10:00 AM, the RPO is two hours. This means that the organization is willing to accept losing two hours’ worth of data.
RTO is the target time within which a business process must be restored after a disaster occurs to avoid unacceptable consequences. For instance, if a critical application goes down due to a server failure and the business can only tolerate a maximum of four hours of downtime, then the RTO is four hours.
The following example scenario describes both the RPO and RTO concepts:
Your organization has an RPO of one hour for your customer database, which means you perform backups every hour. If a data loss incident occurs, you'll lose not more than one hour of data. When you set RTO to three hours, then in the event of a system failure, you aim to restore access to the database within three hours to minimize the impact on operations.
A backup job that is automatically triggered by the backup policy configured for the given item.
A regional pair consists of two regions within the same geography. One is the primary region, and the other is the secondary region. Paired regions are used by some Azure services (including Azure Backup with GRS settings) to ensure business continuity and protect against data loss. Learn more.
Soft delete is a feature that helps guard against accidental deletion of backup data. With soft delete, even if a malicious actor deletes a backup (or backup data is accidentally deleted), the backup data is retained for an additional period of time, allowing the recovery of that backup item with no data loss. Learn more.
A snapshot is a full, read-only copy of a virtual hard drive (VHD) or an Azure File share. Learn more about disk snapshots and file snapshots.
Refer to the Storage account documentation.
An Azure subscription is a logical container used to provision resources in Azure. It holds the details of all your resources, like virtual machines (VMs), databases, and more.
(Workload-specific term)
Backs up operating system files. This backup allows you to recover when a computer starts, but system files and the registry are lost. Learn more.
A tenant is a representation of an organization. It's a dedicated instance of Microsoft Entra ID that an organization or app developer receives when the organization or app developer creates a relationship with Microsoft, like signing up for Azure, Microsoft Intune, or Microsoft 365.
Currently, Azure Backup supports the following backup storage tiers:
(Workload specific term) In the first phase of VM backup, the snapshot taken is stored along with the disk. This form of storage is referred to as snapshot tier. Snapshot tier restores are faster (than restoring from a vault) because they eliminate the wait time for snapshots to get copied to from the vault before triggering the restore operation.
Backup data for all workloads supported by Azure Backup is stored in vaults which hold backup storage, an auto-scaling set of storage accounts managed by Azure Backup. The Vault-Standard tier is an online storage tier that enables you to store an isolated copy of backup data in a Microsoft managed tenant, thus creating an additional layer of protection. For workloads where snapshot tier is supported, there is a copy of the backup data in both the snapshot tier and the vault-standard tier. Vault-standard tier ensures that backup data is available even if the datasource being backed up is deleted or compromised.
Many Azure services depend on clusterAdmin kubeconfig and the publicly accessible kube-apiserver endpoint to access AKS clusters. The AKS Trusted Access feature enables you to bypass the private endpoint restriction. Without using Microsoft Entra application, this feature enables you to give explicit consent to your system-assigned identity of allowed resources to access your AKS clusters using an Azure resource RoleBinding. The Trusted Access feature allows you to access AKS clusters with different configurations, which aren't limited to private clusters, clusters with local accounts disabled, Microsoft Entra ID clusters, and authorized IP range clusters. Learn more.
Refer to the Unmanaged disks documentation.
A storage entity in Azure that houses backup data. It's also a unit of RBAC and billing. Currently there are two types of vaults - Recovery Services vault and Backup vault.
The vault credentials file is a certificate generated by the portal for each vault. This is used while registering an on-premises server to the vault. Learn more.
Refer to the VNET documentation.
Refer to the VSS documentation.