Azure blob container backup and recovery

azure blob storage snapshot
azure table storage backup
restore azure blob storage
azure file storage backup
azure recovery services vault backup blob storage
azure blob logo
azure blob storage pricing
azure storage

I am thinking of using Azure Blob Storage for document management system which I am developing. All Blobs ( images,videos, word/excel/pdf etc) will be stored in Azure Blob storage. As I understand, I need to create container and these files can be stored within the container.

I would like to know how to safeguard against accidental/malicious deletion of the container. If a container is deleted, all the files it contains will be lost. I am trying to figure out how to put backup and recovery mechanism in place for my storage account so that it is always guaranteed that if something happens to a container, I can recover files inside it.

Is there any way provided by Microsoft Azure for such backup and recovery or Do I need explicitly write a code in such a way that files are stored in two separate Blob storage account.

Backups There are several backup solutions offered for blob storage in case if containers get deleted.more product info can be found here:https://azure.microsoft.com/en-us/services/backup/

Redundancy

If you are concerned about availability, "The data in your Microsoft Azure storage account is always replicated to ensure durability and high availability. Replication copies your data, either within the same data center, or to a second data center, depending on which replication option you choose." , there are several replication options:

Locally redundant storage (LRS)

Zone-redundant storage (ZRS)

Geo-redundant storage (GRS)

Read-access geo-redundant storage (RA-GRS)

More details can be found here:

https://docs.microsoft.com/en-us/azure/storage/common/storage-redundancy

Managing Access

Finally, managing access to your storage account would be the best way to secure and ensure you'll avoid any loss on your data. You can provide read access only if you don't want anyone to delete files,folders etc.. through the use of SAS: Shared Access Signatures, allows you to create policies and provide access based on Read, Write, List, Delete, etc.. A quick GIF demo can be seen here: https://azure.microsoft.com/en-us/updates/manage-stored-access-policies-for-storage-accounts-from-within-the-azure-portal/

How to backup Azure Blob storage accounts, Blob storage is typically replicated three times within its Azure region. takes advantage of Recovery Service's backup support for Azure file  Azure Blob storage is Microsoft's object storage solution for the cloud. Blob Storage is ideal for storing, images, documents and other file types for distributed access. Read this Introduction to object storage in Azure to learn more about how it can be used in a wide variety of scenarios.

Anyone with access to your storage account's key (primary or secondary; there are two keys for a storage account) can manipulate the storage account in any way they see fit. The only way to ensure nothing happens? Don't give anyone access to the key(s). If you place the storage account within a resource group that only you have permissions on, you'll at least prevent others with access to the subscription from discovering the storage account and accessing it.

Within the subscription itself, you can place a lock on the actual resource (the storage account), so that nobody with access to the subscription accidentally deletes the entire storage account.

Note: with storage account keys, you do have the ability to regenerate the keys at any time. So if you ever suspected a key was compromised, you can perform a re-gen action.

Azure blob container backup and recovery, Backups There are several backup solutions offered for blob storage in case if containers get deleted.more product info can be found here:  The Recovery Services vault also contains the backup policies that are associated with the protected virtual machines. To create a Recovery Services vault: Sign in to your subscription in the Azure portal. On the left menu, select All services. In the All services dialog box, enter Recovery Services. The list of resources filters according to

Use Microsoft's Azure Storage Explorer. It will allow you to download the full contents of blob containers including folders and subfolders with blobs. Conversely, you can upload to containers in the same way. Simple and free!

Backup for Azure Blob Storage, If any of these occur they will be immediately replicated and nearly impossible to recover from. This is why we may want to backup this data. Recovery Services vaults make it easy to organize your backup data, while minimizing management overhead. Within an Azure subscription, you can create up to 500 Recovery Services vaults per subscription per region. Comparing Recovery Services vaults and Backup vaults. If you still have Backup vaults, they're being auto-upgraded to Recovery

We are using blob to store documents and for documents management. To prevent deletion of the blob, you can now enable soft deletion as described in here: https://azure.microsoft.com/en-us/blog/soft-delete-for-azure-storage-blobs-ga/

You can also create your own automation around powershell,azcopy to do incremental and full backups. The last element would be to use RA-GRS blobs where you can read from a secondary blob in read mode in another region in case the data center goes down.

Designing Highly Available Applications using RA-GRS

https://docs.microsoft.com/en-us/azure/storage/common/storage-designing-ha-apps-with-ragrs?toc=%2fazure%2fstorage%2fqueues%2ftoc.json

Why Azure Blob Storage GRS and RA-GRS are not a backup, If the accidental or malicious deletion of an object happens, GRS provides absolutely no recovery option, since the change replicates to all copies, including those  Storage, Backup & Recovery Manage and find data with Blob Index for Azure Storage—now in preview Monday, May 4, 2020. Blob Index—a managed secondary index, allowing you to store multi-dimensional object attributes to describe your data objects for Azure Blob storage—is now available in preview.

5 Azure Backup and Recovery Best Practices, Although Azure backup is simple to configure and use, you need to consider these best practices when using Azure storage as a backup and  Recently I came across a question on StackOverflow that was asking about how they could backup Azure Blob storage. They finished this question asking I can’t be the only one who needs to do this”. This struck a chord with me, as I recall feeling exactly the same when I had a need to do this. It feels like something that is so obvious, that should be built into the platform.

Performing Azure Blob Storage Data Backups, Backup and Restore Agents > Cloud Apps > Azure Blob Storage > Backup Operations > Performing Azure Blob Storage Data Backups  Blob snapshots are a read-only version of a blob and are usually used for backup or troubleshooting purposes. So say, we created a snapshot for Financing Agreement doc in the container, and mistakenly it got deleted.

Azure Blob Storage Overview, Backup and Restore Agents > Cloud Apps > Azure Blob Storage. Azure Blob Storage Overview. Microsoft Azure Blob Storage is a scalable, online cloud data​  At the Container step of the wizard, specify Azure Blob storage container settings: From the Container list, select a container that contains backups created with Veeam Backup for Microsoft Azure. Click Browse to select a folder that contains backups created with Veeam Backup for Microsoft Azure.

Comments
  • Redundancy should not be mixed with backups: If you delete a blob, it is instantly replica-deleted (well, queued up at least, and once the primary is deleted, you lose access to the replicas queued for deletion). And SAS is not going to help prevent deletion if someone has the access key, as I pointed out. That's only for sharing otherwise-private blobs. And finally: Azure's Backup service is not for backing up blobs.
  • Yep totally agree David, i mentioned the 3 areas to cover all corners, backups are still the best way to make sure nothing gets ever deleted permanently :)
  • If Backup service worked with blobs, that would be fantastic (hmm - I should post to UserVoice). As far as I am aware, it still doesn't offer a blob-backup mode.
  • this thread discusses blob backup options: stackoverflow.com/questions/11561844/…
  • Right - I'm aware of that. That's merely showing the use of a 3rd party tool, along with a tweak to the API to allow for async blob copy (vs sychronous blob copy, which used to be a major limitation of storage copy).
  • One additional step to prevent accidental deletion of container, is to acquire lease on the container for infinite period of time. This prevents "deletion" of container when in "leased" state. Of course, Breaking a lease is possible with just a click of button, still its good idea to put container in leased state. (Add/update/delete of the blob works as usual when container is in "leased" state)
  • Azure has also introduced the feature where it is possible to make the container and its contents immutable for specific number of days. This can be handy to implement certain regulations and make sure that data is not modified or deleted accidentally. Settings this policy, also makes the container delete-proof. docs.microsoft.com/en-us/azure/storage/blobs/…
  • Yes, I agree. However, in many escenaries is necessary an automatically process.
  • Thanks Anass. since I posted this question, there have been many improvements. We can also set access policy for container and make it immutable blob storage. Once the policy is set, blobs cannot be deleted accidently or even forcefully. We must de-activate the policy in order to make deletion work again