You can now protect secured Azure Storage Accounts for Blobs and Files using Druva’s Quantum Bridge technology. Restricted access support allows Druva to protect Azure Blob and Azure Files storage accounts that have network restrictions enabled. By default, Azure Storage accounts are created with public network access enabled from all networks.
However, Microsoft recommends (learn more) using Azure storage firewall rules (learn more) or Private Endpoints (learn more) to secure access to storage accounts over public or private networks.
Enterprise Workloads uses a temporary virtual machine (VM) in your subscription, known as the Quantum Bridge, to facilitate data transfer in these secured environments. It requires outbound connectivity from the selected Azure VNet to the control plane.
Key Features
Support for Private Endpoints: Enterprise Workloads can back up storage accounts where public access is disabled and access is only permitted via Private Endpoints.
Support for Service Endpoints: Druva protects storage accounts configured with Public access from selected networks, accessed via Service Endpoints.
Automated Life-Cycle Management: Druva automatically spawns a temporary VM in your Azure subscription during backup and restore jobs and destroys it once the task is complete to optimize costs.
Supported Network Configurations
Public Network Access + Scope | Description | Support |
Public access, All networks | Public network access is enabled, with network access scope set to Enable from all networks | Supported (Standard) |
Public access, Selected networks | Public network access is enabled, with network access scope set to Enable from selected networks | Supported (via Quantum Bridge) |
Public access, Disabled | Public network access is disabled. Private endpoints are configured on the storage accounts. | Supported (via Quantum Bridge) |
Public access, secured by perimeter | Public network access is set to Secured by perimeter. | Supported in NSP-Transition mode only. |