I’ve had a few people ask me recently about the difference between two resources that are both used for Azure Backup, namely Recovery Services Vault and the newer Backup Vault. Both of these are used by Azure Backup and both can be used to backup your virtual machine data as well as data from some other Azure services but they work in very different ways.
I wanted to write a post about the key differences between these two backup services and to try to help you make a decision on which one to use or even why you might want to use both.
Recovery Services Vault
This is the traditional service used by Azure Backup as a storage repository for your backup data. Up to recently, if you used Azure Backup for your virtual machines be they in Azure or on premises then you used a Recovery Services Vault. This service is also used by Azure Site Recovery for the purposes of disk replication for disaster recovery or migration but let’s focus on backups here.
In terms of virtual machine backups, the vault itself is regional and has some “per vault” configuration options around replication (LRS, ZRS, GRS) and encryption depending on what your preference is. You can have different backup policies for your different workloads including enhanced policy options which supports the most recent Azure features such as: Trusted Launch VMs, Ultra SSD support, shared disk support, multiple daily backups etc.
Fundamentally, Azure backup will protect your virtual machines by first performing a full backup job and then (with the exception of SQL Server backups) performing incremental backups after that point.
You are charged a fixed monthly fee per backup instance for the actual Azure Backup service and then in addition to this you are also charged for the storage consumption of your backup data. The storage will include your initial full backup and all incremental backups within the retention period of your backup policy which can be anything up to 9999 retention points.
This vault is designed for both short and long term data retention and recently we have seen the addition of a new feature to move long-term backups to an archive storage tier to avail of lower storage costs.
Furthermore, this service can be used to provide application consistent backups for many different workloads such as Windows, Linux and SQL Server by making use of VSS writers or backup pre-scripts and post-scripts.
Azure Backup Vault
Backup Vault is a service that provides backup storage for newer workloads that Azure Backup now supports such as Azure managed disks, Azure blob storage and Azure Database for PostgreSQL Servers. It is not therefore a replacement for the Recovery Services Vault but complimentary to it.
Similar to Recovery Service Vaults, each Azure Backup Vault is regional and has “per vault” settings for backup resiliency and encryption.
This vault is not used to perform full Virtual Machine application consistent backups but instead offers a backup option for Azure managed disks. This will provide a crash consistent data backup for both OS and data disks by taking incremental disk snapshots at regular time internals, as frequently as every hour.
The key difference compared to the Recovery Services Vault is that no data is transferred to a “vault” storage for long term retention, but instead you are provided with an operational backup facility. You are charged only for the cost of the delta changes in the snapshot storage, so no backup service fee is charged. As a standard, these snapshots are stored on Standard HDD storage to keep your storage costs to a minimum.
You can perform a maximum of 200 snapshots per disk at this time with a maximum of 180 snapshots per backup policy. This is significant because it limits the maximum retention period for your operational backups. For example, if you are taking a backup every 1 hour (24 backups per day), this limits you to a maximum retention period of 7 days. For daily backups it would be a maximum of 180 days.
Key differences vs Recovery Services Vault Backup
- Suitable for short-term operational backups
- You can take disk backups more frequently – up to once per hour
- No backup agent dependency and no performance impact on virtual machine during backup operation
- Crash consistent backups only
- Only backup the disks you need rather than the entire virtual machine
- Only pay for incremental snapshot storage on Standard HDD tier – no backup service cost
- On-demand backups and restores are much faster compared to Recovery Services Vault transfer operations
- Restore operation can create new disks only – no replace existing disk option
- Backup Vault uses managed identities for access to perform backup and restore operations
So as you can see there are some key differences between the two services and use cases for using one over the other depending on your workload types or potentially even using a combination of both services as part of your overall backup solution.