All Products
Search

This Product

    Cloud Backup:Manage backup policies

    Document Center

    Cloud Backup:Manage backup policies

    Last Updated:Feb 12, 2025

    You can configure independent backup policies for different data sources in different scenarios for enterprises. You can manage backup policies in a unified manner and flexibly back up data. You can configure the same backup policy for data sources of the same type and then associate the data sources with the backup policy to quickly back up the data sources. This topic describes how to create, modify, and associate a backup policy.

    Policy for backing up recent data densely and earlier data sparsely

    In enterprise-level backup scenarios, the capacity to back up recent data densely and earlier data sparsely is common and important for data protection. Cloud Backup provides such backup capability.

    The policy for backing up recent data densely and earlier data sparsely optimizes the efficiency in using storage resources while ensuring data security.

    • Dense backups of recent data: Cloud Backup frequently backs up the recent data that has changes. The backup may be performed on an hourly, daily, or weekly basis. This ensures that data can be restored to the most recent state if data is lost or corrupted. Recent backups are generally stored in more accessible storage systems, such as the Standard tier.

    • Sparse backups of earlier data: Some backups may not need to be accessed frequently over time. In this case, the backup frequency is reduced. For example, the backup may be performed on a weekly, quarterly, or yearly basis. These backups are generally migrated to more cost-efficient storage solutions, such as the Archive tier.

    This policy has the following advantages:

    • Cost-effectiveness: Storage costs decrease over time because high-cost fast-access storage resources do not need to be retained for all historical data.

    • Restoration efficiency: Recent backups can be quickly restored to ensure business continuity and data timeliness.

    • Data retention: Historical data that meets regulatory requirements and business requirements can be retained for a long time.

    • Resource optimization: You can migrate infrequently accessed data to cheaper storage systems, optimizing the use of storage resources.

    Cloud Backup automatically backs up data sources based on the backup policy that you configure. Backup policies help you flexibly manage data sources. A backup policy includes the following settings: the backup cycle, retention period, cross-region replication policy, and automatic archiving of backup data.

    Limits

    Important

    Before you create backup policies, take note of the following limits:

    • You can create backup policies only in some regions. To view the regions that support backup policies, click Policy Center in the left-side navigation pane of the Cloud Backup console.

    • Backup policies are available only for Elastic Compute Service (ECS) instance backup, Object Storage Service (OSS) backup, File Storage NAS (NAS) backup, on-premises file backup, ECS file backup, and on-premises NAS backup.

    • Backup vault configurations and the automatic archiving feature are available only for OSS backup, NAS backup, on-premises file backup, ECS file backup, and on-premises NAS backup.

    • The cross-region replication feature is available only for ECS instance backup.

    • The Immutable Backup feature can be enabled for backup policies (general backup policies or ECS instance backup policies) and general-purpose backup vaults. The immutable backup feature is not available for Tablestore backup vaults and database backup vaults.

    • The Backup Point Virus Detection feature is available only for ECS file backup (new version), on-premises file backup (new version), OSS backup, NAS backup, and on-premises NAS backup.

    • The Associate Resource Tag (Optional) feature is available only for ECS instance backup, ECS file backup, OSS backup, NAS backup, and Tablestore backup.

    • For more information about the features that are available in each region, see Features available in each region.

    Create a backup policy

    Before you back up a data source, you must create a backup policy.

    1. Log on to the Cloud Backup console.

    2. In the left-side navigation pane, choose Backup > Policy Center.

    3. In the top navigation bar, select a region.

    4. On the Policy Center page, click Create Backup Policy.

    5. In the Create Backup Policy dialog box, configure parameters such as Policy Type, Policy Name, Schedule, Lifecycle, Automatic Archiving, Backup Vault, and Replication Policy, and then click OK.

      image

      image

      Parameter

      Description

      Policy Type

      The policy type.

      • General Backup Policy: This type of policy applies to backup scenarios other than ECS instance backup, such as NAS backup, on-premises file backup, ECS file backup, and on-premises NAS backup. Backup data is stored in a general-purpose backup vault.

      • ECS Instance Backup Policy: This type of policy applies only to ECS instance backup. Backup data uses the snapshot capacity and is not stored in a backup vault. For more information, see Overview of ECS instance backup.

      Policy Name

      The name of the custom backup policy.

      The name must be 2 to 128 characters in length and cannot start with auto, a special character, or a digit. The name can contain only the following special characters: periods (.), underscores (_), hyphens (-), and colons (:).

      Schedule

      Backup Frequency

      The data backup cycle. You must specify parameters such as First Execution Time and Time Interval.

      • Hourly: Data is backed up at an interval of the specified hours.

      • Daily: Data is backed up at an interval of the specified days.

      • Weekly: Data is backed up at an interval of the specified weeks.

      • Monthly: Data is backed up at an interval of the specified dates.

      Lifecycle

      The retention period of backup data.

      • Permanent: Backup data is permanently retained and is not deleted.

      • Specify Time: The total retention period of backup data. For example, if you set the Specify Time parameter to 210 days, backup data is retained for 210 days and is deleted when the retention period expires.

      Special Retention Period

      To meet data security requirements, Cloud Backup allows you to specify a retention period for general backups and specify longer retention periods for the first backups that are generated every week, every month, and every year. A special retention policy includes the settings of retention periods for the first backups that are generated every week, every month, and every year. For more information, see Special retention periods.

      Important

      Limits are imposed on the special retention period and the general retention period. We recommend that you configure the special retention period based on system recommendations. Take note of the following limits:

      • You do not need to configure a special retention period for permanently retained backup data.

      • The special retention period must be longer than the general retention period.

      Keep At Least One Backup Version

      We recommend that you turn on the switch. If you turn on the switch, the latest backup version generated by the backup plan is not deleted due to the expiration of the retention period or accidental operations. This prevents the risk that no backup version is available for restoration due to reasons such as improper backup plan settings. For more information, see Keep at least one backup version.

      Important

      • This feature takes effect only after a data source is associated with this backup policy.

      • The latest backup is not automatically transferred to the Archive tier.

      Automatic Archiving

      Days to Transfer to Archive Tier

      The number of days after which backup data is transferred to the Archive tier. By default, backup data is retained at the Standard tier of the backup vault. If you need to retain backup data for a long period of time, you can use this feature to transfer backup and recovery points from the Standard tier to the Archive tier. This feature allows you to reduce data protection costs.

      Important

      • When you use a backup vault to create a mirror vault for cross-region backup, the data at the Archive tier of the backup vault is not replicated to a remote location. After the data at the Standard tier in the backup vault is transferred to the Archive tier, the corresponding data in the remote mirror vault is deleted.

      • Data at the Archive tier is calculated based on the size of the raw data that is transferred from the Standard tier to the Archive tier. An object or file whose size is less than 1 MB is calculated as 1 MB. If a large number of small files exist, we recommend that you carefully evaluate whether to transfer data to the Archive tier. For more information, see Automatic archiving.

      • Backup data must be retained at the Standard tier for at least 30 days before it can be transferred to the Archive tier. After backup data is transferred to the Archive tier, the data must be retained at the Archive tier for at least 60 days.

      • No: Backup data is permanently retained at the Standard tier and is not transferred to the Archive tier.

      • Specify Time: You can specify a retention period. Valid values: 30 to 999999. Unit: days. To balance data access frequency, recovery requirements, storage costs, and data lifecycle, Cloud Backup retains backup data at the Standard tier for at least 30 days before the data can be automatically archived. This strategy is based on the consideration that recent data has a higher probability of recovery. The strategy helps reduce your long-term storage costs and minimize the high costs that may be incurred by data restoration from the Archive tier. For example, if you specify to transfer backup data to the Archive tier after 30 days and the backup data is retained for a total of 210 days, the backup data is retained at the Archive tier for 180 days.

      Backup Vault

      Backup Vault

      The backup vault to which you want to store backup data.

      • Create Vault: If you select this option, create a backup vault to store backup data. By default, the vault name is assigned based on the date and time.

      • Select Vault: If you select this option, select a backup vault from the Vault Name drop-down list.

      To maximize the redundancy of your backup data, Cloud Backup uses zone-redundant storage (ZRS)-enabled backup vaults by default in regions that support ZRS-enabled backup vaults. For regions that support only locally redundant storage (LRS)-enabled backup vaults, Cloud Backup uses LRS-enabled backup vaults. You do not need to manually select a backup vault type.

      Vault Name

      This parameter is required only if you set the Backup Vault parameter to Create Vault or Select Vault. Enter or select the name of a backup vault.

      Vault Resource Group

      This parameter is required only if you set the Backup Vault parameter to Create Vault. This parameter specifies the resource group to which the backup vault belongs.

      You can use resource groups to manage resources owned by your Alibaba Cloud account. Resource groups help you simplify the resource and permission management of your Alibaba Cloud account. For more information, see Create a resource group.

      Backup Vault Encryption Method

      This parameter is required only if you set the Backup Vault parameter to Create Vault. This parameter specifies the method that is used to encrypt the data in the backup vault.

      • Cloud Backup-managed (default): You can use the default encryption method of Cloud Backup.

      • KMS: You can use Key Management Service (KMS) to encrypt the data that is stored in the backup vault. If you select this option, configure the KMS KeyId parameter.

        Important

        If you enable KMS-based encryption, you cannot modify a KMS key.

        Before you can use the KMS key to encrypt the data in the backup vault, you must create a key ID in the KMS console. For more information, see Create a CMK.

      Replication Policy

      Backup data is replicated to another region.

      • If you enable the cross-region replication feature, you are charged for the storage and traffic of various types of backup sources. For more information, see Billing methods and billable items. The following two cross-region replication technologies are available:

        • For General Backup Policy: A mirror vault is created in the destination region to implement cross-region replication. You can switch to the destination region to query the replication status of the mirror vault. For more information, see Cross-region backup.

        • For ECS Instance Backup Policy: The cross-region snapshot replication technology is used to implement cross-region replication. This technology can be used only to back up ECS instances.

      • If you configure a backup vault and enable cross-region replication, the replication policy applies to all the backup policies that are associated with the backup vault. Existing and newly generated backups of the backup vault are replicated based on the replication policy.

      Replication to Other Region

      If you turn on Replication to Other Region, the backups that are created by using the backup policy are automatically replicated to the specified destination region, implementing cross-region data protection.

      Note

      • For General Backup Policy: You can disable Replication to Other Region by deleting the mirror vault from the destination region.

      • For ECS Instance Backup Policy: After Replication to Other Region is disabled, the backup points that have been replicated to another region are not deleted immediately. These backup points are still automatically deleted when the retention period ends.

      Destination Region

      This parameter is required only if you turn on Replication to Other Region. This parameter specifies the destination region to which you want to replicate backup data.

      Remote Retention Period

      If you select ECS Instance Backup Policy and turn on Replication to Other Region, the cross-region snapshot replication technology is used to implement cross-region replication. This technology can be used only for ECS instance backup.

      • Permanent: Backup data is permanently retained.

      • Specify Time: You can specify a retention period. Valid values: 1 to 65535. Unit: days. The default retention period is 7 days. Data is deleted when the retention period expires.

      Data Security

      Immutable Backup

      After the immutable backup feature is enabled, it cannot be disabled.

      • For General Backup Policy:

        • After the immutable backup feature is enabled, the backup vault and all backup data in the backup vault cannot be deleted until the retention period expires.

        • After the immutable backup feature is enabled, all the existing backup points and newly generated backup points are locked.

        • If you enable both the immutable backup feature and the cross-region replication feature, the backup vault and the backup points replicated to another region are locked.

      • For ECS Instance Backup Policy:

        • After the immutable backup feature is enabled, backup points of ECS instances cannot be deleted until they automatically expire.

        • After the immutable backup feature is enabled, only the backup points created in the next backup cycle are locked. Existing backup points of ECS instances are not locked.

        • If you enable both the immutable backup feature and the cross-region replication feature, the backup points replicated to another region are locked.

        • After the immutable backup feature is enabled, the normal use of the corresponding disks and snapshots is not affected. For example, you can still create disks and share snapshots.

      For more information, see Immutable backup.

      Backup Point Virus Detection

      If you turn on this switch, data is automatically detected for viruses after the data is backed up. You can view the detection results at the related backup point. For more information, see Backup point virus detection.

      Important

      • After you enable the Backup Point Virus Detection feature in a backup policy, Cloud Backup performs a full virus detection for the first backup point and incremental virus detections for subsequent backup points.

      • You are charged for using the Backup Point Virus Detection feature.

      Associate Resource Tag (Optional)

      You can associate the backup policy with multiple resources by specifying tags.

      Resource Type:

      • If you set Policy Type to General Backup Policy, you can set Resource Type to ECS File, OSS, NAS, or Tablestore.

      • If you set Policy Type to ECS Instance Backup Policy, you can set Resource Type to ECS Instance.

      Select Resource: You can select all resources of a resource type, or click Specify Tag to associate the backup policy with specific resources.

      Resource Tag: The backup policy is associated with the resources that match all specified tags. You can click Associate Tags to add multiple tags.

      The tags that you specify must belong to the corresponding resource type:

      • If you set Resource Type to ECS Instance or ECS File, you must specify the tags of ECS instances.

      • If you set Resource Type to OSS, you must specify the tags of OSS buckets.

      • If you set Resource Type to NAS, you must specify the tags of NAS file systems.

      • If you set Resource Type to Tablestore, you must specify the tags of Tablestore instances.

      Note

      • You can specify up to 30 resource tags.

      • If you set Resource Type to ECS File and specify tags to associate an ECS instance with the backup policy, Cloud Backup automatically deploys a client for ECS file backup when the next backup job starts. If the tags of an ECS instance is no longer associated with any backup policy and all related backup jobs have expired, Cloud Backup automatically uninstalls the client for ECS file backup.

      • Each time a backup policy is executed, Cloud Backup performs the following process to check tags and match resources:

        1. Automatically associate newly matched resources: If a resource that has not been associated with the current backup policy matches a specified tag, Cloud Backup automatically associates the resource with the backup policy. Cloud Backup backs up the resource periodically from the next backup point.

        2. Automatically adjust associated resources: For resources that have been associated with the current backup policy, Cloud Backup checks whether the resources still meet the tag conditions of the backup policy. If a resource no longer meets the tag conditions of the backup policy, Cloud Backup automatically suspends the backup operation on the resource and disassociates the resource from the backup policy after the backup cycle ends.

      Detect Resources Hit By Tags: Click Detect Now to detect resources that match the specified tags.

      To add multiple types of resources, click Add Resource.

      After the backup policy is created, you can view the backup policy on the Policy Center page. You can click the image icon on the left side of the backup policy to view the associated data sources.

      Note

      To associate a backup policy with a data source, click the data source in the left-side navigation pane and select the backup policy from the drop-down list when you create a backup plan.

      • The following backup policy is created if you set Policy Type to General Backup Policy.

        image

      • The following backup policy is created if you set Policy Type to ECS Instance Backup Policy.

        image

    Usage notes

    Due to product feature upgrades, the existing backup policy is displayed as Legacy Backup Policy. Backup jobs are not affected.

    • You cannot create this type of backup policy or associate the backup policy with ECS instances. ECS instances that have been associated with the backup policy are not affected. If you want to add an ECS instance backup job, select ECS Instance Backup Policy.

    • The backup data of the ECS instances that are associated with the legacy backup policy uses the snapshot capacity. The backup data is not stored in a backup vault, replicated across regions with the backup vault, or automatically archived.

    image

    Modify the backup policy

    Click Edit in the Actions column to modify the backup policy. After the backup policy is modified, the modification takes effect in the next backup job.

    If the backup policy that you created does not meet your business requirements, you can perform this operation to modify the backup policy.

    Batch associate resources by resource ID

    After you create a backup policy, you can perform the Associate Resource operation in the Actions column of the policy to batch associate resources.

    • If you set the resource type to ECS File, select multiple ECS instances from the ECS Instance drop-down list.

      Cloud Backup automatically backs up files excluding system directories of the specified ECS instances based on the policy. You can view system directories in the Cloud Backup console.

    • If you set the resource type to OSS, select multiple OSS buckets from the OSS Bucket drop-down list.

      Cloud Backup automatically backs up all the specified Standard or Infrequent Access (IA) OSS buckets based on the policy.

    • If you set the resource type to NAS, select multiple NAS file systems from the NAS Filesystem drop-down list.

      Cloud Backup automatically backs up all the specified General-purpose NAS file systems based on the policy.

    • If you set the resource type to Tablestore, select multiple Tablestore instances from the Tablestore Instance drop-down list.

      Cloud Backup automatically backs up all the specified Tablestore instances based on the policy.

    To add resources of multiple types, click Associate Resource.

    Execute the backup policy immediately

    • Execute a backup job immediately for all data sources that are associated with the backup policy

      Choose More > Execute Immediately in the Actions column. A backup job is executed immediately for all the associated data sources.

    • Execute a backup job immediately for a specific data source

      Click image to expand the details of the backup policy and click Execute Immediately in the Actions column of the data source. A backup job is executed immediately for the data source.

    Disassociate the backup policy from a data source

    Navigate to the management page of the backup plans for the data source. Choose More > Delete Plan in the Actions column to disassociate the backup policy from the data source. After the backup policy is disassociated from the data source, Cloud Backup no longer performs the backup plan for the data source.

    Warning

    After a backup policy is disassociated from a data source, Cloud Backup no longer runs the backup policy for the data source. The data source is no longer protected, and the backups that have been generated are not affected. Proceed with caution.

    Delete the backup policy

    Choose More > Delete in the Actions column to delete the backup policy. After you delete the backup policy, Cloud Backup no longer runs backup jobs for the associated data sources but retains the backup data.

    Warning

    • You cannot delete a backup policy that is associated with a data source. To delete a backup policy, you must disassociate the backup policy from the data source.

    • After the backup policy is deleted, Cloud Backup no longer runs backup jobs for the associated data sources. The data sources are no longer protected. Proceed with caution.

    Remove resource tags from the backup policy

    Click Edit Policy in the Actions column. Then, click the image icon to remove resource tags from the backup policy. After a resource tag is removed, the data sources that match the tag are automatically disassociated from the backup policy. The disassociation takes effect the next time the backup policy is executed.