Cross-region backup-Cloud Backup(Cloud Backup)-阿里云帮助中心

How it works

After you configure cross-region backup, all existing and new backup data in the standard tier of the source backup vault is continuously and securely replicated to the replication destination backup vault using an asynchronous replication mechanism. This replication destination backup vault serves as a read-only replica of the source backup vault and is dedicated to disaster recovery and high availability.

By balancing cross-region network latency and transfer efficiency, this mechanism ensures data consistency and achieves a low Recovery Point Objective (RPO) that meets the disaster recovery needs of most business scenarios.

In the event of a regional outage or a major disaster, such as a data center failure or natural disaster, you can restore your data from the replication destination backup vault in the destination region. This allows you to rebuild critical applications and data to ensure business continuity.

Note

Cloud Backup now uses the term "replication destination backup vault" instead of "mirror vault". You do not need to take any action. Unlike mirror vaults that could not be managed independently, a replication destination backup vault can be retained even after replication is stopped. After replication is stopped, you can manage the backup points within the vault and enable backup lock on it.

Quotas and limits

For a list of regions that support cross-region backup, see Feature availability by region.
Cross-region backup is supported for the following data sources: ECS files, Object Storage Service (OSS), on-premises NAS, Apsara File Storage NAS, Tablestore, Cloud Parallel File System (CPFS), on-premises files, and SAP HANA.

Important
For ECS instance data sources, you can enable cross-region replication only within a backup policy.
Cross-region backup cannot be enabled on the following types of vaults: OSS Backup (30-day free trial), NAS Backup (30-day free trial), Tablestore Backup (30-day free trial), replication destination backup vaults, archive vaults, database backup vaults, container backup vaults, and vaults with an abnormal status (for example, ERROR).
Each account can create a maximum of five replication destination backup vaults in each region.
You cannot restore VMware virtual machines from a replication destination backup vault.
A backup vault can replicate its data to only one replication destination backup vault at a time. Even after the replication is stopped, the destination vault cannot be used for another replication relationship.
A replication destination backup vault can only be used to store and restore replicated data. You cannot configure a backup policy to create new backups directly in it.
When cross-region backup is active, the backup point lifecycle in the replication destination backup vault is synchronized with the source backup vault and cannot be modified independently.
If you enable automatic archiving for the source backup vault, data in the archive tier is not replicated to the replication destination backup vault. When data in the standard tier of the source vault is moved to the archive tier, the corresponding data in the replication destination backup vault is deleted.
To delete a source backup vault, you must first stop cross-region backup for it. After replication is stopped, deleting the source backup vault does not delete the replication destination backup vault.
Because backup points in a replication destination backup vault are not associated with any backup policy, they are automatically deleted based on the retention period of the source backup vault after replication is stopped. You can also delete them manually. The "Retain at least one version" setting in the source backup policy does not apply to the replication destination backup vault. Modifying the retention period for backup points in a replication destination backup vault is not currently supported.
Regardless of whether the source backup vault uses the Cloud Backup-managed or KMS encryption method, the replication destination backup vault must use the same encryption method.

Prerequisites

The Storage Vault Type of the source backup vault is General Backup, and the Storage Vault Type of the destination backup vault is Replication Target vault. You can view the types of created vaults in Vault Management. You can create a backup vault in Vault Management, when you create a backup policy, or when you configure a backup vault for a backup source.

Configure cross-region backup

You can enable cross-region backup from the Vault Management page or the Policy Center. Once enabled, all existing backup data in the standard tier of the source backup vault, and any new backups, are automatically replicated to the replication destination backup vault.

Note

For instructions on how to enable Backup Vault Replication when you create or edit a policy, see Policy Center.

Go to the Cloud Backup console > Vault Management page. On the Storage Vaults page, select the region of the source backup vault.
In the Actions column of the target backup vault, click Configure Vault Replication.

In the Initiate Vault Replication panel, configure the replication destination backup vault.

If a replication destination backup vault is available, click Select Replication Target Vault, and then select the target region and the replication destination backup vault.

If you have not created a replication destination backup vault or an existing one does not meet your requirements, click Create Replication Target Vault to configure its parameters.

Parameter	Description
Destination Region	Select the region for the replication destination backup vault. This must be different from the region of the source backup vault.
Vault Name	Enter a name for the replication destination backup vault.
Vault Description	Enter a description for the replication destination backup vault.
Vault Resource Group	Select the resource group for the replication destination backup vault.
Vault Encryption Method	Important The encryption method for the replication destination backup vault must match that of the source backup vault. Select the encryption method for the replication destination backup vault. The default is Cloud Backup-managed, which uses the built-in encryption method of the backup service. You can also select KMS to use a specified KMS key for encryption. If you select KMS, you must also specify the `Key ID` parameter. The `Key ID` parameter specifies the globally unique ID of the KMS key that you want to use. You can call the `ListKeys` operation to query the keys that are available in the current region. For more information, see ListKeys. If the source backup vault is encrypted with a custom key from Alibaba Cloud Key Management Service (KMS), click KMS and then select a KMS KeyId. For more information, see KMS Key Selection. Important After you enable encryption for a backup vault using Key Management Service (KMS), you cannot change the KMS key. To encrypt a backup vault with a KMS key, you must first create a key ID in KMS. For more information, see Create a key.

Click OK.

Cloud Backup begins to replicate the existing data from the source backup vault. You can monitor the progress in the destination region. After the configuration is complete, the status of the source vault in the vault list is Active with a note indicating Replicating to vault followed by the destination vault ID. This shows that cross-region replication is in progress. The Stop Vault Replication link is available in the Actions column to stop the task.

Data restore from a replication destination backup vault

Restore ECS files

Create an ECS instance to use as the restore destination.

The ECS instance must be in the same region as the replication destination backup vault.
In the Cloud Backup console, create an ECS file restore job.

For the source backup vault, select the replication destination backup vault. For the restore destination, select the ECS instance that you created in Step 1. Configure the other parameters as you would for a regular restore job. After the restore job is complete, the data is restored to the specified data source in the destination region.

Restore OSS data

Create an OSS bucket to use as the restore destination.

The OSS bucket must be in the same region as the replication destination backup vault.
In the Cloud Backup console, create an OSS restore job.

For the source backup vault, select the replication destination backup vault. For the restore destination, select the OSS bucket that you created in Step 1. Configure the other parameters as you would for a regular restore job. After the restore job is complete, the data is restored to the specified data source in the destination region.

Restore Apsara File Storage NAS data

Create an Apsara File Storage NAS file system to use as the restore destination.

The Apsara File Storage NAS file system must be in the same region as the replication destination backup vault.
In the Cloud Backup console, create a restore job for a single NAS file system in the same region.

For the source backup vault, select the replication destination backup vault. For the restore destination, select the Apsara File Storage NAS file system that you created in Step 1. Configure the other parameters as you would for a regular restore job. After the restore job is complete, the data is restored to the specified data source in the destination region.

Restore an SAP HANA instance

Prepare an SAP HANA instance to use as the restore destination.

The SAP HANA instance must be in the same region as the replication destination backup vault.
In the Cloud Backup console, register the SAP HANA instance.
In the Cloud Backup console, create a job to restore SAP HANA.

For the source backup vault, select the replication destination backup vault. For the restore destination, select the SAP HANA instance that you prepared in Step 1. Configure the other parameters as you would for a regular restore job. After the restore job is complete, the data is restored to the specified data source in the destination region.

Restore Tablestore data

Create a Tablestore instance to use as the restore destination.

The Tablestore instance must be in the same region as the replication destination backup vault.
In the Cloud Backup console, create a job to restore a Tablestore table.

For the source backup vault, select the replication destination backup vault. For the restore destination, select the Tablestore instance that you created in Step 1. Configure the other parameters as you would for a regular restore job. After the restore job is complete, the data is restored to the specified data source in the destination region.

Restore on-premises NAS data

Prepare an on-premises NAS to use as the restore destination.
Install the backup client, which is required to perform the restore job.
In the Cloud Backup console, create a job to restore on-premises NAS data.

For the source backup vault, select the replication destination backup vault. For the restore destination, select the on-premises NAS that you prepared in Step 1. Configure the other parameters as you would for a regular restore job. After the restore job is complete, the data is restored to the specified data source in the destination region.

Restore on-premises files

Prepare an on-premises server to use as the restore destination.

The restored files will be saved on this server. Create a restore folder on the server before you begin.
Install the backup client, which is required to perform the restore job.
In the Cloud Backup console, create a job to restore on-premises files.

For the source backup vault, select the replication destination backup vault. For the restore destination, select the on-premises server that you prepared in Step 1. Configure the other parameters as you would for a regular restore job. After the restore job is complete, the data is restored to the specified data source in the destination region.

Restore CPFS data

Prepare a Cloud Parallel File System (CPFS) file system to use as the restore destination.

The CPFS file system must be in the same region as the replication destination backup vault.
In the Cloud Backup console, create a job to restore CPFS data.

For the source backup vault, select the replication destination backup vault. For the restore destination, select the CPFS file system that you prepared in Step 1. Configure the other parameters as you would for a regular restore job. After the restore job is complete, the data is restored to the specified data source in the destination region.

Stop cross-region backup

Important

Stopping cross-region backup is irreversible and the replication relationship cannot be re-established. Once unlinked, the replication destination backup vault can only be used to restore data. Proceed with caution.

When you need to stop cross-region backup, go to the region where the source backup vault is located. In the Actions column for the source backup vault, click Stop Vault Replication and complete the confirmation.

After you stop cross-region backup, new data in the source backup vault is no longer replicated to the destination. The data that has already been replicated to the replication destination backup vault can still be restored.

Important

Deleting a backup vault permanently removes all backup data within it. This data cannot be recovered. Proceed with caution.

After you stop cross-region backup, perform the following operations as needed:

Delete data from the replication destination backup vault: Go to the restore job creation page, select this replication destination backup vault, and delete its data.
Enable backup lock for the replication destination backup vault: This protects the backup data from accidental deletion or ransomware attacks before its retention period expires.
Delete data in the source backup vault: Go to the region where the source backup vault is located, move the pointer to the ┇ icon in the Actions column for the source backup vault, and select Delete. Follow the prompts to confirm the deletion.

Billing

When you use cross-region backup, you incur a storage capacity fee and a cross-region replication traffic fee.

We recommend that you purchase a subscription resource plan to cover the storage capacity fee. For guidance, see the Resource Plan Purchase Guide. The cross-region replication traffic fee is pay-as-you-go only.
Cloud Backup does not charge a restore fee when you use a replication destination backup vault to restore data to a resource within the same region.

When you restore data to an on-premises NAS or on-premises server over the public internet instead of a VPN or dedicated connection, outbound data transfer fees apply. The fee is based on the amount of data restored. For more information, see On-premises NAS restore fees and On-premises server file restore fees.

For detailed pricing information, see Cloud Backup Pricing.

Frequently asked questions

View the replication destination backup vault

Switch to the region where the replication destination backup vault is located. On the Storage Vaults page in the Cloud Backup console, you can view the created replication destination backup vault.

In the vault list of the source region, the status of the source vault shows as Active, with a note below it indicating Replicating to vault. The Stop Vault Replication link is available in the Actions column to stop the replication.

Billable capacity calculation

The Storage Vault Data Size of a replication destination backup vault is the basis for its billable capacity.

Synchronization frequency configuration

For example, can the source backup vault be backed up daily, but the replication destination backup vault synchronizes only once a week?

No. Data from the source backup vault is synchronized to the replication destination backup vault by using continuous replication.

Zone-redundant storage support

Yes.

To maximize data redundancy, the system automatically selects a vault type based on regional availability. In regions that support zone-redundant storage, a Zone-redundant Vault is created by default. In other regions, a Locally-redundant Vault is created.

The regions that currently support zone-redundant storage are China (Hangzhou), China (Shanghai), China (Beijing), China (Zhangjiakou), China (Ulanqab), China (Shenzhen), China (Hangzhou) Finance, China (Shanghai) Finance, China (Shenzhen) Finance, China (Beijing) Finance (by invitation), and China North 2 Alibaba Government Cloud 1, China (Hong Kong), Japan (Tokyo), Singapore, Indonesia (Jakarta), Germany (Frankfurt), and Malaysia (Kuala Lumpur).