Three Ways to Secure Your Customer’s On-Premises Data Using Azure

by tukangoprekin blogon Posted on

Exploring Ways to Secure Your Customers’ On-Premises Data with Azure

I’ll be dedicating several upcoming posts to this topic, as it’s crucial for service providers and consultants (many of my readers) to stay informed about the latest options. This series will focus on the three main pillars of Azure Backup & Recovery for small and mid-sized businesses, with follow-up posts providing in-depth analysis, including pricing models and more.

This content will be relevant for customers with on-premises server infrastructure that requires offsite backup and recovery. While I’ve recently been exploring Microsoft 365 plans—which may indicate a serverless future for SMBs—many small businesses still depend on hardware-based infrastructure for their line-of-business applications. It makes sense to stay informed about solutions that support hybrid environments.

Replacing Traditional BDR with Azure Backup & Recovery Services

For years, service providers have relied on various third-party backup and disaster recovery (BDR) solutions. One common solution involves an appliance-based system—a server equipped with Windows Server Storage edition, backup software, and options for replicating backups to other locations.

This solution has proven reliable, but it comes with high costs:

  • Purchasing or leasing a server with CPU, networking, RAM, and storage involves significant capital expenditure.
  • Ongoing software licensing fees for the backup solution.
  • Additional costs for replicating to cloud storage.
  • Licensing requirements to meet Microsoft’s terms, in case virtualization of the environment is needed temporarily.
  • Providers often add monitoring, updates, and image restoration services on top of these costs.

The combined expenses can create a high entry point for smaller businesses.

Introducing Azure Backup and Recovery Services

With Azure, you can offer the same or even better recovery times, often at a lower price. Here are three Azure services to consider, either alone or in combination with other tools, to achieve cost-effective backup and recovery for customers. I’ll briefly cover them here and provide more details in upcoming posts.

Azure offers several cost-saving features:

  • Hybrid Use Rights: Use your existing Windows Server licenses for discounted cloud VMs, incurring costs only in actual disaster recovery situations.
  • No Software Licensing for Backup: Azure’s backup software includes enterprise-grade features like offsite storage, alerting, and extended retention—without third-party licensing fees.
  • Minimal Hardware Investment: A backup appliance is optional, or you can use a low-cost virtual appliance with inexpensive local storage for on-site backups if needed.

With Azure, your remaining costs are limited to storage fees and your services.

Solution #1: Azure Backup

Azure Backup is a straightforward option, similar to Windows Backup but writing to the cloud instead of an external drive or network share.

Benefits include:

  • Offsite backup for critical protection
  • Encryption for compliance
  • Protection through separate credentials, similar to offline storage
  • Affordable and simple to configure
  • Up to 9,999 retention points (at time of writing)

Downsides:

  • Limited to three backups per day, so RPO may not match a BDR appliance.
  • Application data (Hyper-V, SQL, Exchange) is not included—only files, folders, and system state are supported.
  • Longer restore times on average.

If cost-conscious clients are okay with longer Recovery Time Objectives, this may be a good fit. Costs include cloud storage and your services for setup, monitoring, and restoration.

Solution #2: Azure Backup Server

Azure Backup Server is essentially System Center Data Protection Manager, offered for free with replication to Azure. It supports application-aware backups for Hyper-V/VMware VMs, SQL databases, Exchange, and more.

This solution requires local network storage, which could be a VM attached to NAS storage or a standalone server appliance with inexpensive storage equal to 1.5-2x total environment data.

With Azure Backup Server, you get:

  • Local backup copies (5-day retention by default, with longer cloud retention).
  • Quick on-site restores, achieving RTOs similar to BDR appliances.
  • Free software, with standard Azure costs for instance protection and storage.

Choosing Between Azure Backup and Azure Backup Server

The choice depends on two questions:

  1. Is application-aware backup (e.g., for SQL, SharePoint, Exchange) essential?
  2. Is local restore capability necessary under certain conditions (e.g., do you need local disk backups)?

If the answer is yes to either, Azure Backup Server is likely the best choice.

Solution #3: Azure Site Recovery

This is where Azure truly shines. At a modest per-instance fee, plus standard cloud storage, you can replicate VMs from Hyper-V or VMware and bring them online in the cloud within minutes—often achieving faster RTOs than traditional on-prem BDR systems, with no hardware required on-premises.

With tools built into the Windows Server Essentials Experience role, setup from an on-premises GUI is streamlined, making this a viable option for service providers and SMB administrators without specialized Azure skills.

Paired with one of the backup options above, Azure Site Recovery offers a robust DRaaS solution for service providers.

Conclusion

Azure enables cost-effective offsite backup and disaster recovery without the need for on-premises hardware. However, remember that a separate physical appliance can still be beneficial for on-premises restoration during production downtime. Consider your clients’ downtime tolerance when planning.

By replacing traditional BDR systems with Azure services, small businesses gain improved uptime and recovery objectives at minimal upfront cost. Businesses accustomed to frequent BDR upgrades can also reduce capital expenditures.

Considerations for Service Providers

One limitation is that Azure doesn’t offer a centralized “MSP portal” for managing multiple clients. However, notification and alerting options are available, and with a ticketing system that supports email-triggered tickets and a system for tracking client portal credentials, this can be manageable. With the right setup, internal workflows can be streamlined, as I’ll illustrate throughout this series.

Leave a Comment

Your email address will not be published. Required fields are marked *