Understanding Azure Data Protection

How to Impress Your Boss by Understanding Azure Data Protection Methods with Cohesity

By Theresa Miller • March 4, 2020

When it comes to protecting your data in the cloud, who’s responsible? The customer or the cloud provider? Once this understanding is in place, the conversation shifts to learning more about the backup methods available through Microsoft. In this blog, we will examine what Cohesity can offer for your Azure virtual machine (VM) backup needs. Impress your boss with your data protection knowledge, let’s take a look.

Data Protection Responsibility

 Here are the facts. The responsibility for protecting enterprise data in the cloud lies with the cloud customer. The cloud provider is responsible for keeping the backend infrastructure up and running. Your data is your data, protect it with your Recovery Point Objectives (RPOs) and Recovery Time Objectives (RTOs) in mind.  

Microsoft Azure Native Foundational Backup methods

Before we can understand what Cohesity can do, it’s important to understand how to protect your virtual machines with Microsoft Azure foundational backup methods. These are the methods that customers can use without incurring any additional per VM charges beyond storage costs. Focusing primarily on the methods available to administrators and super-users when a VM is brought online, here’s how it breaks down: 

  • VM backups 
    • Needs to be enabled manually per VM. Navigate to machine properties under “backup”, but requires someone to remember to take this step
    • Can also be automated through PowerShell scripting. Scripting can be good, but after working in many enterprises that scripted various things, they can become a challenge to maintain and upkeep long-term as PowerShell commands change, people change, and backend technology changes
  • Other recovery considerations with foundational data protection in Azure
    • Limited to daily or weekly backup only
    • Retention options are also limited to weekly, monthly, or yearly 
    • Separate console from other backup solutions that may be in place 
    • Virtual machine backups can be verified on a per machine basis without a consolidated console

These options may or may not be enough for your enterprise. If the latter becomes or is true, then you may find yourself looking to purchase a tool to get the job done to meet your business requirements. 

Let’s look at the three options Cohesity has to offer if you are looking for something more.


We understand that every enterprise has different requirements for backing up your environment and in this case, we are going to discuss Azure VMs. When disaster strikes it’s important that a process is in place that ensures your backups have been happening routinely in an automated way. Making a choice about what to use is very specific to your enterprise needs, so even if you aren’t looking for something new just knowing what your other options are can help with a true understanding of the potential. 

Cohesity Protection Service (CPS) – DataPlatform 6.1 and later

There are many key benefits to leveraging CPS method for backup and recovery of your Azure Virtual Machines, but I am going to focus on some of the highlights. CPS does require an agent install and its primary use case is VM failover/failback. All data is stored on the Cohesity cluster providing all of the benefits of the Cohesity DataPlatform. File/folder level recovery is supported for those common calls where a user needs a file restored because it was deleted. – Need I say more?

Native Snapshot Method – DataPlatform 6.3 and later

The native snapshot Azure VM method ensures you can back up Azure VMs without an agent. Ensuring that your backup data is stored on the Cohesity cluster provides enterprises all the benefits of the Cohesity DataPlatform including support for both managed and unmanaged disks. The native snapshot method improves backup and recovery performance and ensures administrators can automatically do file and folder level recovery as needed. Enterprises find this to be a very robust option with great benefit for their data protection strategies.

Cloud Snapshot Manager (CSM) – DataPlatform 6.4.1 and later

The final backup method we offer came from the request to be able to back up Azure VMs outside of Cohesity DataPlatform in the cloud, or across many regions from a single cluster. With CSM, the data is not stored on the Cohesity cluster but instead is stored in Azure storage. Cohesity stores the metadata only with another key benefit being there are not any cloud-related data egress charges regardless of whether or not the Cohesity cluster is in the cloud or on-premises. This gives enterprises the power of choice to back up their data without being forced to buy a solution that runs in the cloud if that is not a desired configuration. However, when making this decision, consider the RTOs defined by your organization. With CSM, you can benefit with RTO performance (and no egress costs) by keeping the data in the cloud, but also managing and orchestrating remotely from on-prem so you don’t need additional backup infrastructure in the cloud. With this method you have the flexibility to deploy what is best for your enterprise, making this method an option that should be strongly considered.

 Think Differently

Now that you have this knowledge at your fingertips, you can impress your boss with all of the possibilities for protecting your Azure VMs. Before finalizing your decision be sure to determine your business requirements as it will help you confidently move forward. Ensure you have the right solution for data protection of your Azure VMs and other enterprise systems, so that your RPOs and RTOs can be exceeded through a simple management solution.