Data Sources

Data sources available for use by the ICS community

Platforms

ICS supported platforms.

Teams

ICS Teams


Menu Button Menu Button

Resource Group: i2rdc3-prod-rg-backup

Overview

This resource group is designed to manage backups for various applications. It focuses primarily on snapshots of data disks used by different services, specifically Apache NiFi and PostgreSQL. It utilizes resources to ensure data redundancy, high availability, and efficient disaster recovery processes.

Resources

  1. Snapshots (Microsoft.Compute/snapshots)

    • Names:
      • AzureBackup_1afdc94a-9a1a-4f76-88d8-0aba3c18d75c_2024-10-08T08-02-00.0532389
      • AzureBackup_86293c58-9b81-4442-b373-cd741dba6bf1_2024-10-08T08-01-33.6276191
      • AzureBackup_97568816-3e43-4044-b86e-22c0b91f8d7a_2024-10-08T08-01-43.1352737
      • (Total of 72 snapshots listed)
    • Type: Snapshot used for backup purposes.
    • Relationships: Each snapshot points to a specific source data disk:
      • For example, the snapshots named AzureBackup_1afdc94a-9a1a-4f76-88d8-0aba3c18d75c are sourced from the i2rdc3-prod-nifi03-datadisk01 disk.
    • Important Configurations:
      • Disk Size: 256 GB or 16,384 GB for PostgreSQL disks.
      • Encryption: Enabled with Encryption at Rest using Platform Key.
      • Network Access Policy: AllowAll, which may expose the backups to public access.
      • Public Network Access: Enabled, permitting these snapshots to be accessed from outside of the Azure environment.

  2. Storage Accounts (Microsoft.Storage/storageAccounts)

    • Name: xowcuspod01otds1
    • Type: Storage Account for handling blob storage, file services, queue services, and table storage.
    • Important Configurations:
      • Access Tier: Hot - suitable for frequently accessed data.
      • Network ACLs: Allowing Azure Services to bypass network rules while default action permits access without filters, but no IP rules or VNet rules are defined.
      • Encryption: Automatic encryption for Blob and File services.

  3. Blob Services (Microsoft.Storage/storageAccounts/blobServices)

    • Name: xowcuspod01otds1/default
    • Type: Blob Service for handling blob storage in the storage account.
    • Relationships: Dependent on the storage account.
    • Important Configurations:
      • Removes the ability to perform permanent deletes.

  4. File Services (Microsoft.Storage/storageAccounts/fileServices)

    • Name: xowcuspod01otds1/default
    • Type: File Service for handling file storage in the storage account.
    • Important Configurations:
      • File shares have a retention policy.

  5. Containers (Microsoft.Storage/storageAccounts/blobServices/containers)

    • Names: Several containers such as data0b3a3ef506844a5ebf98384f5884cf8f, with additional unique identifiers.
    • Type: Storage containers to organize blob storage.
    • Important Configurations:
      • Default Encryption scope is set, enhancing data security.

Data Storage

The primary storage solution consists of Azure Blob Storage within the xowcuspod01otds1 storage account. The snapshots are stored as blobs, which allow for efficient and quick access. Snapshots create a point-in-time copy of the original disks, ensuring data integrity and recovery capabilities, especially in disaster recovery scenarios. The overall strategy includes:

  • Backing up important disk data from various services like NiFi and PostgreSQL.
  • Employing a tiered storage system, leveraging Hot storage for frequent access data.

Networking

  • Virtual Network: Not explicitly defined in the template provided, indicating that either default VNet configurations are used, or specific networking configurations are handled outside this template.
  • IP Address Configuration: There are no specific IP addresses listed, suggesting that Azure handles IP assignment dynamically based on resource use.
  • Security Considerations: The public network access settings for the snapshots raise potential concerns about exposure to public networks.

Security Overview

  • Encryption: All snapshots and storage accounts utilize encryption, crucial for protecting sensitive data against unauthorized access.
  • Network Access Policy: The “AllowAll” setting for network access in snapshots can be risky, as it permits any network to access the snapshots. It's recommended to configure these to limit access to specific IPs or virtual networks.
  • Public Access: Public network access enabled on snapshots could expose sensitive backup data. Review these settings regularly and consider a more restrictive approach to mitigate risks.

Other Information

  • Cost Management: Usage of snapshots may affect Azure costs based on storage tiers (e.g., Standard ZRS for redundancy). Monitoring usage can help optimize costs.
  • Scalability: Azure resources such as snapshots and storage accounts are naturally scalable, but the configurations need to be reviewed to ensure resources can grow to meet demands without incurring excessive costs.
  • Backup Strategy: It is essential to establish a clear backup and retention policy to avoid unnecessary data accumulation and manage costs effectively.

Monitoring the resources regularly, particularly focusing on security configurations and backup policies, ensures not only operational efficiency but also compliance with security requirements.

Note: This document was generated using the Azure Assistants script and an LLM

Table of Contents

Updated on October 29, 2024