Druva’s Isolated Copy Protection provides a high-integrity, cloud-native backup framework designed for the modern Azure SQL ecosystem. By utilizing an ephemeral, agentless architecture, Druva orchestrates a transient "Copy-and-Export" workflow that ensures zero impact on your primary production workloads. Unlike traditional methods that may require invasive database-level configurations, this feature leverages native Azure COPY and bcp utilities to create transactionally consistent, air-gapped backups in the Cloud.
This approach offers universal compatibility across the Azure SQL family—including General Purpose, Business Critical, and Hyperscale—ensuring that organizations can maintain a unified security posture even in environments where Change Data Capture (CDC) is restricted by policy, performance overhead concerns, or specific service-tier limitation.
Key Benefits
Zero-Impact Data Extraction: By offloading the heavy lifting to an ephemeral, isolated copy, Druva ensures that the resource-intensive backup process never competes with your primary application’s IOPS or memory.
Universal Azure SQL Coverage: Provides a unified protection standard across the entire Azure SQL spectrum. This extends enterprise-grade backup capabilities to environments—such as Basic and Standard tiers—that are often left vulnerable due to a lack of support for log-based movement.
Zero-Friction Deployment: Deployment is completely non-invasive. Because this method requires no database-level configuration changes (like enabling CDC), no custom scripts, and reduced permission sets, it bypasses the typical "Red Tape" associated with DBA and Security reviews.
Full-Spectrum Consistency: Beyond just data, this method captures a transactionally consistent "point-in-time" snapshot of the entire database environment—including schema, metadata, triggers, views, and security roles—ensuring a "ready-to-run" state upon recovery.
How It Works
The Isolated Copy workflow is fully automated and ephemeral:
1. Copy Database: Druva triggers a native command to create a temporary copy of your source database on the same logical server (or within the same Elastic Pool).
2. Orchestration: A temporary compute instance (Druva Quantum Bridge) is spun up within your Azure environment.
3. Secure Transfer: The Quantum Bridge reads the temporary database copy and securely transfers the data to the Cloud. The data is deduplicated and stored in an air-gapped vault.
4. Cleanup: Once the data transfer is verified, Druva immediately deletes the temporary database copy and terminates the Quantum Bridge VM. This ensures no orphaned resources remain in your subscription.
To ensure data integrity, Druva orchestrates the creation of a temporary DB copy and a Quantum Bridge VM. This allows for a side-channel backup that doesn't impact your production instance's performance.
What is protected using Isolated Copy Protection
Isolated Copy Protection protects database-level objects, including data, schemas, views, and triggers. It does not capture instance-level metadata or configurations, such as:
SQL Agent Jobs
Server-level Logins
Linked Server Definitions
System Databases.
For limitations and considerations for Isolated Copy Protection, see Limitations and Considerations.