SQL Backup in Private Environment
If the private network deployment functionality is enabled for a backup appliance, Veeam Backup for Microsoft Azure performs SQL backup in the following way:
- [Applies only if you perform backup using a staging server] Depending on the type of the processed Azure SQL database, Veeam Backup for Microsoft Azure does the following:
- For an Azure SQL database residing on a SQL Server — creates a copy of the source database on the staging server using the Azure REST API.
- For a database residing on an Azure SQL Managed Instance — creates a copy of the source database on the staging server using point-in-time restore (PITR).
For more information on the Azure SQL family of SQL Server database engine products, see Microsoft Docs.
- In the region where the processed Azure SQL database resides, Veeam Backup for Microsoft Azure checks whether there is a virtual network configured for worker instances, and whether there is a storage account assigned the Veeam tag. If there is no such network or storage account in the region, Veeam Backup for Microsoft Azure creates it.
Veeam Backup for Microsoft Azure also checks whether the following private endpoints are configured for the Veeam storage account: one endpoint required for Azure Blob Storage and another for Azure Queue Storage. If there are no such endpoints, Veeam Backup for Microsoft Azure creates them.
- Veeam Backup for Microsoft Azure launches a worker instance in an Azure region where the processed Azure SQL database resides in the following way:
- Uploads worker binary files to the Veeam storage account using a shared access signature (SAS) URI. Veeam Backup for Microsoft Azure validates every file by checking its MD5 key.
- Deploys an Azure VM running Ubuntu 22.04 LTS.
- Sends a Run Command to the deployed Azure VM to download the worker binary files from the Veeam storage account using a SAS URI. These files are then used to install software components required for the worker instance to perform backup and restore operations.
- Creates an Azure Queue in the Azure region where the backup appliance resides. Veeam Backup for Microsoft Azure then uses the Azure Queue Storage messaging service to communicate with the worker instance.
- Exports the database schema, indexes and constraints to a BACPAC file. For more information on BACPAC files, see Microsoft Docs.
Important |
BACPAC export of databases with external references is not supported. If a SQL database was migrated to an Azure SQL Database Server or Azure SQL Managed Instance, make sure to clear legacy references, orphaned database users and credentials set up with authentication types not supported by Azure SQL, to avoid BACPAC export errors. |
- Reads data from the exported BACPAC file on the worker instance, compresses the data and transfers it to the target backup repository, and stores it in the native Veeam format.
- [Applies only if you perform backup using a staging server] Removes the copy of the source database from the staging server.
- When the backup session completes, Veeam Backup for Microsoft Azure deallocates the worker instance.
- If you enable the backup archiving mechanism, Veeam Backup for Microsoft Azure performs the following operations:
- Launches a worker instance in an Azure region in which the target backup repository resides.
- Retrieves data from the target backup repository and transfers it to the target archive repository.
- Deallocates the worker instance when the archive session completes.