How can we improve Azure Backup?

Allow VM Extension to talk directly to vault without internet access

Many customers do not want to grant their IaaS VMs direct access to the internet. Forced tunneling prevents the Azure Backup Service from protecting Azure IaaS VMs. If the Azure Backup VM Extension was allowed to talk directly the Recovery Service Vault through internal traffic in the datacenter, VMs would not need Internet access for backups to complete successfully.

23 votes
Vote
Sign in
(thinking…)
Sign in with: oidc
Signed in as (Sign out)
You have left! (?) (thinking…)
Dave Newman [MSFT] shared this idea  ·   ·  Flag idea as inappropriate…  ·  Admin →

1 comment

Sign in
(thinking…)
Sign in with: oidc
Signed in as (Sign out)
Submitting...
  • Andrew Herbert commented  ·   ·  Flag as inappropriate

    Totally agree - whilst it's getting 'easier' to make functionality such as this work using Firewall appliances, it's less-than ideal, and sadly isn't limited to Azure Backup - we have the same problem with Key Vault (used to encrypt the VMs and as a EKM for SQL TDE) and even basic VM Extension installation which needs to pull the installation files from storage via the internet.

Feedback and Knowledge Base