This is the second part of a 4 part blog post series about backing up SQL Server to Azure. If you wonder why you’d like to back up data to Azure in the first place, please read the Part 1 of this series that explains some benefits of using Azure for backups.
In this post, we’ll look at how to set up your very own Storage Account and how to use some nice security features in it.
Creating Storage Account
At this point, I assume you already have an Azure account. If you do not have one, go and sign up for free. Before we being, there are quite a few ways to do things in Azure (Powershell, Azure CLI, etc.), but for these posts we’ll be using good old Azure Portal. This makes the posts a bit easier to follow and allows me to display some features available, that wouldn’t be obvious from the scripts.
We’ll start by logging into the Portal then, and then we go to All services and select Storage. From the list, we can then select Storage accounts.
At this point you will probably see something like this, that is if you don’t have Storage Account(s) already.
Click the Create storage account and it’ll open a new blade for you. This is also where you will need to make your first decisions.
If you have multiple subscriptions, select the one you want to use and then either create a new Resource Group or use an existing if you have one ready. After selecting a proper storage account name and location (which should ideally be closest to the source system you are backing up), there are a few things to pay attention to.
- Performance.
- Standard provides the performance of magnetic drives, they’re cheaper but also not that high performing. Good for backups and allow selection of more highly available replication models.
- Premium provides the best performance, being backed by SSDs. Support only for LRS.
- Account Kind
- StorageV2 is recommended as with general purpose, you can create different types of containers there.
- BlockBlobStorage can be used if you’re certain you only ever want to have Block Blobs stored here.
- Replication type, generally the more available solution you want, the more it will cost you. You can find more details about different replication models from Part 1.
- Access tier (default)
- Hot is for frequently accessed data
- Cool for infrequently accessed data
- Archive access tier is also available, but it can only be set to the Block Blob container level.
After we’re happy with these, we can move forward by clicking Next: Advanced. In this page, we can decide to use some security features. These can all be changed later on, but let’s look at the options anyway.
- Secure transfer required is basically used for setting up the access to only happen through https, any http connections will fail. If you’re using the storage account with Azure file service then an encrypted connection is required.
- Allow access from allows you to select specific networks that can access the storage account. I’d recommend restricting access to only to the networks that should have access.
- Blob soft delete is a good option to turn on, especially when you’re dealing with backups. In case someone accidentally does something horrible to your backups, this provides one way to negate the damages.
- Hierarchical namespace is pretty much relevant only to big data analytic workloads, if you have those then enable away.
Once we’re happy with the selections done here, let’s click Next: Tags. I will not go into details about tagging the resources, but basically this is a way to add metadata to resources your create, and then use that to organize them logically. If you are using tags, select those that apply and then click Next: Review + create.
In the review step, your configuration is validated, and it gives you an overview of what kind of Storage Account you are creating and what will be done to create it. If you’re happy with everything, click Create and wait a moment. After a short while, you’ll get a message saying that resource was created, and you can now navigate to it. Let’s do that and proceed with…
Creating block blob container
With the Storage Account setup, we’re left with one more thing to do. To create the actual Block Blob container where we’ll be storing our backups into. This is a relatively quick and simple thing to do.
First go to the Storage Account you just created, and scrolling down, there is a section called Blob service. Under that, select Blobs and click the + sign before the container.
Then you give the container you’re creating a name and select the Public access level, which should pretty much always be Private. After you’re done, click OK, and we’re ready!
We’ve now gone through the creation of the Storage Account and the Block Blob container. Next, let’s look at how we’ll use these with our backups. And if you want to look at the other posts in this series, you can find them from: