Cosmos DB Backup in Private Environment

If the private network deployment functionality is enabled for a backup appliance, Veeam Backup for Microsoft Azure performs Cosmos DB backup in the private environment using continuous backup — a native Microsoft Azure capability that allows you to eliminate consumption of extra provisioned throughput without affecting the database performance and availability. For more information on how continuous backup is performed, see Microsoft Docs.

If you enable backup to a repository, Veeam Backup for Microsoft Azure performs Cosmos DB backup in the following way:

1. In the region where the source Cosmos DB for PostgreSQL cluster resides, Veeam Backup for Microsoft Azure checks whether there is a virtual network configured for worker instances, and whether there is a storage account assigned the Veeam tag. If there is no such network or storage account in the region, Veeam Backup for Microsoft Azure creates it.

Veeam Backup for Microsoft Azure also checks whether the following private endpoints are configured for the Veeam storage account: one endpoint required for Azure Blob Storage and another for Azure Queue Storage. If there are no such endpoints, Veeam Backup for Microsoft Azure creates them.

2. Veeam Backup for Microsoft Azure launches a worker instance in an Azure region where the processed cluster resides in the following way:

1. Uploads worker binary files to the Veeam storage account using a shared access signature (SAS) URI. Veeam Backup for Microsoft Azure validates every file by checking its MD5 key.
2. Deploys an Azure VM running Ubuntu 22.04 LTS.
3. Sends a Run Command to the deployed Azure VM to download the worker binary files from the Veeam storage account using a SAS URI. These files are then used to install software components required for the worker instance to perform backup and restore operations.
4. Creates an Azure Queue in the Azure region where the backup appliance resides. Veeam Backup for Microsoft Azure then uses the Azure Queue Storage messaging service to communicate with the worker instance.

3. If you enable backup to a repository, Veeam Backup for Microsoft Azure creates a dump file of user data contained in the database, transfers the data to the target backup repository and stores it in the native Veeam format.