Configure Backups for a TDE-Protected Database

During a backup, Commvault uses different methods based on the TDE configuration of the database:

• Service-managed TDE: Commvault uses a DacFX-based export to generate a .bacpac file.

• No TDE: Commvault uses standard Azure native backups with Azure Blob Storage.

• Customer-managed TDE: Commvault uses the Microsoft BACKUP DATABASE method.

For databases that use service-managed TDE, Commvault selects the nearest Azure native backup, restores it to the same instance as a temporary application-consistent copy (prefix cv_copy_*), and generates a .bacpac file. The .bacpac file is staged on the access node and then copied to Commvault storage.

DacFX-based backup is available only when a suitable Azure native backup exists, and DacFX limitations apply, including skipping databases larger than 2 TB.

Before You Begin

• Ensure that the Azure managed instance database has at least one native backup available.

• Update the bEnableDacFXForManagedAzureSQL entity setting value to 1 for the applicable access node connected to the Azure SQL Database Managed Instance.

• Ensure that the Azure SQL managed instance has at least twice the database size allocated to free storage to hold the restored database temporarily.

• Set a local staging path with Microsoft SQL Server Data-Tier Application Framework (DacFx) on the access node. By default, the staging path is the Job Results folder. If you want to specify a different path, set the path in the sStagePathForAzureSQLBackup setting.

  During the export process, the Data-Tier Application Framework (DacFX) generates temporary files that are stored in your chosen staging path. Make sure the drive you select has enough disk space to accommodate the export operation, as the temporary files may be up to three times the size of the database.

• You must have the following Azure permissions:

  • Microsoft.Sql/managedInstances/encryptionProtector/read

  • Microsoft.Sql/managedInstances/databases/transparentDataEncryption/read

  • Microsoft.Sql/managedInstances/databases/backupShortTermRetentionPolicies/write

Considerations

By default, the Commvault software skips backing up Azure SQL databases with sizes larger than 2 TB. This limitation arises because very large databases experience a high failure rate due to Azure's limitations, especially when data export operations to the Azure cloud exceed 20 hours. For more information, see Microsoft Documentation.

To override this default behavior, enter the maximum size of the Azure SQL database (in GB) that can be protected in the nAzureSQLDBMaxSizeForExportInGB setting, for the applicable access node. The backup jobs do not include any database larger than this threshold.

Procedure

1. Configure the Azure SQL database managed instance.

2. Back up an Azure SQL managed instance.

   Note

   By default, the jobresults directory on the access node is used for staging during backups.

3. Restore the Azure SQL managed instance.

   Note

   Optionally, you can specify a staging path for the .bacpac file. Otherwise, the jobresults directory is used by default if no staging path is selected.

Related Topics

• Adding a Setting for Servers and Server Groups

• Recommendations for Improving the Performance of Azure SQL Backups and Restores