Merge pull request #298340 from MicrosoftDocs/main

Publish for release-adls-backup

Author: Saisang

articles/backup/azure-data-lake-storage-backup-overview.md

@@ -0,0 +1,68 @@
+---
+title: About Azure Data Lake Storage Gen2 Vaulted Backup (preview)
+description: Learn how the Azure Data Lake Storage Gen2 vaulted backup works
+ms.topic: overview
+ms.date: 04/16/2025
+author: jyothisuri
+ms.author: jsuri
+ms.custom: engagement-fy24
+--- 
+
+# About Azure Data Lake Storage Gen2 vaulted backup (preview)
+
+[Azure Data Lake Storage (ADLS)](/azure/storage/blobs/data-lake-storage-introduction) Gen2 vaulted backup (preview) is a streamlined, cloud-native solution to back up and restore general-purpose v2 storage accounts with a [hierarchical namespace](/azure/storage/blobs/data-lake-storage-namespace). It allows selective backup and restoration of containers, and store backups in a dedicated vault for granular control.
+
+>[!Note]
+>- This feature is currently in limited preview and is available in specific regions only. See the [supported regions](azure-data-lake-storage-backup-support-matrix.md#supported-regions).
+>- To enroll in this preview feature, fill [this form](https://forms.office.com/r/sixidTkYb4)  and write to [[email protected]](mailto:[email protected]).
+
+## Azure Data Lake Storage Gen2 backup workflow
+
+Vaulted backup uses platform capabilities such as snapshots and object replication to copy data to the Backup vault. Object replication asynchronously copies block blobs from a source storage account to a destination backup storage account, including the blob's contents, versions, metadata, and properties.  
+
+When you configure protection, Azure Backup sets up a destination storage account within the Backup vault and applies an object replication policy at the container level for both source and destination accounts. During backup, Azure Backup places a recovery point marker on the source account and tracks its replication. After the marker is replicated to the destination, the recovery point is created.
+
+*The following diagram shows the recovery point creation process after the snapshot is taken:*
+
+:::image type="content" source="./media/azure-data-lake-storage-backup-overview/recovery-point-creation-architecture.png" alt-text="Diagram shows the recovery point creation process in the backup flow."::: 
+
+Learn about the [supported scenarios and limitations for Azure Data Lake Storage Gen2 backup](azure-data-lake-storage-backup-support-matrix.md).
+
+## ADLS Gen2 backup configuration and retention (preview)
+
+The ADLS Gen2 backup requires a Backup vault that provides a centralized view of configured backups. Vaulted backup is set at the storage account level, with the option to exclude containers. 
+>[!Note]
+>If an account has over 100 containers, reduce the count to **<= 100**. Learn [about the supported container count for backup](azure-data-lake-storage-backup-support-matrix.md#protection-limits).
+
+Backup policies manage schedules and retention, supporting daily or weekly backups and recovery point creation. Retention can be set for daily, weekly, monthly, or yearly backups and can be retained up to **10 years**, with yearly rules taking priority. If no other rules are set, the default retention rule applies.
+
+Azure Backup automatically runs scheduled jobs, replicating block blobs from the source to the destination storage account. It preserves contents, versions, metadata, and properties based on the backup frequency. Backups remain in the vault per policy and are deleted once the retention period ends.
+
+>[!Note]
+>- Backup can be enabled for multiple storage accounts in a single vault using one or multiple backup policies.
+>- Vaulted backups support long-term retention for up to 10 years.
+
+### Backup management 
+
+After the ADLS Gen2 backup configuration is complete, a backup instance is created in the Backup vault. Use it to initiate restores, monitor activity, stop protection, and perform other backup operations.
+
+The Backup vault's managed identity needs specific permissions on storage accounts for backup and restore operations. These permissions are bundled into the **Storage Account Backup Contributor** role for ease of management.
+
+You can assign the role to the Backup vault before/during configuring backup. A managed identity is a service principal exclusive to Azure resources.
+Learn more about [managed identities](/azure/active-directory/managed-identities-azure-resources/overview).
+
+### Restoration from backups
+
+You can restore data from any point in time where a recovery point exists. Recovery points are created when a storage account is in a protected state, and remain available for restoration as long as they fall within the retention period defined by the backup policy. You can do a granular recovery by selecting specific containers, applying a prefix-based filter, or restore the entire storage account.
+
+
+Azure Backup allows restoring data from any recovery point within the retention period set by the backup policy. Recovery points are created when the storage account is in protected state, and can be used to restore until they expire as per the retention policy. This solution allows performing granular recovery by selecting containers, applying a prefix-based filter, or restoring the full storage account.
+
+>[!Note]
+>- To restore a recovery point to a different subscription, request the Azure Backup team to allowlist the required subscription and grant access by using the [signup form](https://forms.office.com/r/sixidTkYb4).
+>- Currently, the vaulted backup solution supports restoring data only to a different storage account within the same region as the vault. However, restoring data from older recovery points might result in a longer recovery time (higher [Recovery Time Objective](azure-backup-glossary.md#recovery-time-objective-rto)).
+
+## Next steps
+
+- [Configure vaulted backup for Azure Data Lake Storage Gen2 using Azure portal (preview)](azure-data-lake-storage-configure-backup.md).
+- [Restore Azure Data Lake Storage Gen2 using Azure portal (preview)](azure-data-lake-storage-restore.md).

articles/backup/azure-data-lake-storage-backup-support-matrix.md

@@ -0,0 +1,93 @@
+---
+title: Support matrix for Azure Data Lake Storage Gen2 Vaulted Backup (preview)
+description: Learn about the  regional availability, supported scenarios, and limitations for vaulted backups of Azure Data Lake Storage Gen2 (preview).
+ms.topic: reference
+ms.date: 04/16/2025
+ms.custom: references_regions, engagement-fy24
+ms.service: azure-backup
+author: jyothisuri
+ms.author: jsuri
+---
+
+# Support matrix for Azure Data Lake Storage Gen2 vaulted backup (preview)
+
+This article summarizes the regional availability, supported scenarios, and limitations for vaulted backups of Azure Data Lake Storage Gen2 (preview).
+
+## Supported regions
+
+Vaulted backups of Azure Data Lake Storage Gen2 are available in the following regions: France South, India Central, India West, East Asia, and Southeast Asia.
+
+## Supported storage accounts
+
+The following table lists the supported storage account details:
+
+| Storage  account details | Support |
+| ------------------------ | ------------------------------------------------------------ |
+| Account  Kind            | Only block blobs in a standard general-purpose v2 HNS-enabled storage account. <br><br>*Accounts using Network File Shares (NFS) 3.0, and Secure File Transfer Protocol (SFTP) protocols for blobs are currently not supported*.|
+| Redundancy              | Only Locally redundant storage (LRS) & Zone-redundant storage (ZRS) enabled storage account. |
+| Tier              | Hot, Cool, and Cold tier blobs are supported.<br><br>*Archive tier blob backup isn't supported*. |
+
+## Protection limits
+
+The following table lists the protection limits:
+
+| **Setting** | **Limit**                                                      |
+| ------------------------------------------------------------ | ----- |
+| Maximum number of containers in a storage account that can be protected | 100 |
+| Vault redundancy              | LRS/ZRS|
+
+### Supported and unsupported scenarios for Azure Data Lake Storage Gen2 protection (preview)
+
+Azure Data Lake Storage Gen2 protection (preview) has the following supported and unsupported scenarios:
+
+- Any new containers that get created after backup configuration for the storage account aren't backed up automatically. To enable the backup operation for the new containers, modify the protection of the storage account. 
+- The storage accounts to be backed up must contain a *minimum of one container*. If the storage account doesn't contain any containers or if no containers are selected, an error might appear when you configure backup.
+- The backup operation isn't supported for blobs that are uploaded by using [Data Lake Storage APIs](/rest/api/storageservices/data-lake-storage-gen2). 
+- If you delete and recreate a container with the same name, **Object Replication** doesn't track the change, and future Recovery Points still include the previous blobs and versions.
+- Backup vaults with User-Assigned Managed Identity (UAMI) aren't compatible with Azure Blob Vaulted backups. Only System-Assigned Managed Identity (SAMI) works, because the vault needs to access the storage account where the blobs are stored. The vault uses its system-assigned managed identity for this access.
+- Enabling backups isn't supported for the blob container that are configured with native replication using data factory.
+- You can protect the storage account with the vault in another subscription but in the same region as storage account.
+- Archive tier for vault is currently not supported.
+
+
+## Backup limits
+
+The following table lists the Backup limits:
+
+| **Setting** | **Limit**                                                      |
+| ------------------------ | ------------------------------------------------------------ |
+| Maximum number of on-demand backups per day             | 4|
+| Maximum number of scheduled backups per day             | 1|
+
+>[!Note]
+>If you suspend and resume protection or delete the **Object Replication policy** on the **source storage account**, the policy triggers a full backup.
+
+## Retention limits
+
+The following table lists the Retention limits:
+
+| **Setting** | **Limit**                                                      |
+| ------------------------ | ------------------------------------------------------------ |
+| Maximum retention of daily recovery points             | 3,650 days|
+| Maximum retention of weekly recovery points             | 521 weeks|
+| Maximum retention of monthly recovery points             | 120 months|
+| Maximum retention of yearly recovery points             | 10 years|
+
+## Restore method limits
+
+The following table lists the restore method limits:
+
+| **Setting** | **Limit**                                                      |
+| ------------------------ | ------------------------------------------------------------ |
+| Full restore             | You can restore the complete storage account to an alternate location.|
+| Containers restore       | You can select one or more containers or use prefix to filter specific containers to restore.|
+
+>[!Note]
+>- Cool and Cold tier blobs are restored in Hot tier.
+>- Restore to the source storage account is not supported. 
+>- The target storage selected for restore should not have any container with same name.
+
+## Next steps
+
+- [Configure vaulted backup for Azure Data Lake Storage Gen2 using Azure portal (preview)](azure-data-lake-storage-configure-backup.md).
+- [Restore Azure Data Lake Storage Gen2 using Azure portal (preview)](azure-data-lake-storage-restore.md).