cancel
Showing results for 
Search instead for 
Did you mean: 
Create Post

Cloud Native Operational Solutions - Backup Management

Level 9

Public cloud providers have greatly simplified the process of creating a backup, but the challenge has always been managing that at scale with things like policies for retention or simple granular file level restores or regulatory focused dashboards. This is the value added by many of the backup management solutions discussed in the following post and becomes critical once an environment scales past a few instances and databases.

The benefits of managed backup management are:

  1. Simplified Management - The backup management solutions offered by public cloud providers are generally account or subscription focused and doesn't offer a holistic view of the entire environment.
  2. Scalability - Fully managed backup and SaaS solutions have been built to scale to the largest environments without any performance impact or major concern for running out of storage space. This eliminates the need to re-architect the backup management deployment to scale with the needs of the organization for things such as keeping data for twice as long because of a new mandate.
  3. Multi-Cloud Support - Many of the legacy backup products that are available on the market only support backing up data to public cloud providers or only support backing up workloads in a single cloud provider. More and more companies are implementing multi-cloud strategies and a solution that supports multiple clouds is essential to simplifying operations.

Unmanaged Deployment

The following solutions are unmanaged deployments. This means that the software is available to be installed by the customer or has been packaged in the native cloud format such as an AWS AMI but is not available in one of the cloud provider's marketplace.

Rubrik Cloud Data Management

Rubrik Cloud Data Management is a software appliance that can be deployed to AWS, Azure and GCP. The Cloud Data Management platform supports policy based snapshot management along with advanced analytics to generate operational insights.

Managed Deployment

The following solutions are managed deployments. This means the backup management software company has added a deployment solution to the respective cloud provider's marketplace to allow the infrastructure to be provisioned with the click of a button.

Veritas CloudPoint

Veritas CloudPoint is a backup management solution that supports automated deployment into Azure but supports backing up workloads on AWS, Azure and GCP. In addition to IaaS workloads across the three major clouds CloudPoint also supports application level backups such as Microsoft SQL, MongoDB and AWS Aurora.

SaaS Deployment

The following solutions are Software as a Service (SaaS) deployments. This means the backup management software company hosts the software for its customers.

Druva Apollo

Druva Apollo is a SaaS solution that provides data protection of AWS EC2, RDS, S3, EBS, and Glacier. Druva Apollo also includes SLA-based snapshot retention policies in addition to tiering to reduce costs as older snapshots are moved to cheaper storage and eventually deleted.

Rubrik Polaris

Rubrik Polaris is a SaaS solution that integrates with Rubrik's Cloud Data Management hardware and software appliances to provide a unified management platform for both on-premises and cloud-based workloads.

CloudRanger Backup and Recovery

CloudRanger Backup and Recovery is a SaaS solution that provides backup management of AWS EC2, RDS, and Redshift instances using native AWS snapshots. Instance and file level backups are supported along with multi-region and multi-account backup restore points.

Fully Managed

The following solutions are fully managed backup management solutions such that the cloud provider manages backups on your behalf.

Built-in Snapshots

Public cloud providers allow administrators to create snapshots of virtual machine instances, databases, etc. This doesn't provide a robust feature set in terms of management but does allow administrators to backup and restore to a given point in time.

Backup management is an unsexy topic to most but of course has tremendous value when there is a disaster but many of the new backup management solutions are becoming much more than just creating a snapshot via the public cloud providers native snapshot APIs.

10 Comments
Level 13

Good Article.

Level 9

Thanks for the feedback. There are quite a few interesting backup management solutions out there for cloud workloads.

MVP
MVP

Nice write up

Level 20

I sure wish is was simple... Our commvault solution we've standardized is anything but simple lol!  It has so many knobs and levers on it that it's crazy how many setting there are.

Level 9

I definitely agree that some of the "legacy" products are definitely quite clunky in terms of configuration and even the user interface. Many of the newer products have really nice looking and intuitive user interfaces.

Level 9

Thanks for the feedback.

So is the intent of Cloud Backup to backup to other locations on the Cloud? Do you backup to the same provider? Or do you backup to other providers for safekeeping?

Cloud Backup?  Not so fast.  (Literally and figuratively)

What should a person know BEFORE testing the cloud backup waters?  For starters:

  1. What guaranties are in place to ensure your data backed up to the cloud is:
    1. Safe
      1. Who has physical access to the facilities that house your stored data?
      2. What security is in place to ensure every physical access is prevented or reviewed and assured?
      3. Can you receive permission to visit ALL the facilities that will house your data--so you can get a real impression of their security?
      4. Are there multiple copies of your data distributed geographically for diversity and redundancy in case the main backup facility is off-lined for ANY reason?  (Bad guys, earth quake, plane crash, virus, or worse!)
    2. Secure
      1. Who has logical/virtual/remote access to the data?
      2. Can the vendor PROVE who has access and how no one else can receive access?
      3. What security is in place that ensures your data can ONLY be accessed by you?
      4. What records are provided to you that document attempts by unauthorized parties to access your data electronically?
      5. What methods are in place to prevent others from manipulating your data while it's in storage--changing it, deleting parts of it, adding new parts to it?
    3. Retrievable
      1. Can you access your data anytime, from anywhere, securely?
      2. Can you restore your data quickly anytime?
      3. Who else can restore your data?
    4. Resilient
      1. What single points of failure are there in the backup-solution?
      2. Is your data access dependent upon any single person or service or ISP or electric utility?
    5. Efficient
      1. Can you restore data as fast as you can back it up?  It would be unfortunate if the cloud backup provider was not using synchronous Internet I/O.
      2. Are the methods of securely accessing your data:
        1. Reliable?
        2. Speedy?
        3. Resilient?
        4. Easy to understand and use in the event of a need to quickly access it and restore it?
  2. What penalties will be realized against the cloud backup provider if your data is not secure, not retrievable on your schedule?

Ensure your company's transactions with every cloud provider cannot become headline events--BEFORE putting your data in the cloud.

Level 9

So is the intent of Cloud Backup to backup to other locations on the Cloud?

The intent of cloud backup is to create backups of cloud workloads and store them in a persistent storage such as S3 in the case of Amazon Web Services (AWS).

Do you backup to the same provider?

Many companies will backup resources to the same provider and may leverage a different region for storing backups for redundancy.

Or do you backup to other providers for safekeeping?

There are likely some companies that backup to different providers but the challenge becomes that most public cloud providers charge for moving data out of their cloud so backing up massive amounts of data to another cloud provider could be become quite costly.

Level 9

I wholeheartedly agree that there should be an extensive amount of due diligence performed when evaluating whether or not to move any data to a public cloud provider as ultimately you are on the hook for ensuring you are following regulatory guidelines as well as security best practices around securing your data.

Hopefully I can walk through many of the concerns brought up and we'll utilize AWS as the example platform for the answers.

AWS Security Whitepaper

http://d0.awsstatic.com/whitepapers/Security/AWS%20Security%20Whitepaper.pdf

What should a person know BEFORE testing the cloud backup waters?  For starters:

  1. What guaranties are in place to ensure your data backed up to the cloud is:
    1. Safe
      1. Who has physical access to the facilities that house your stored data? This information is addressed in a general manner within the AWS documentation in addition to the certifications they are compliant with.
      2. What security is in place to ensure every physical access is prevented or reviewed and assured? The only assurance of this is the provider's word as well as the industry recognized certifications that specifically cover physical security.
      3. Can you receive permission to visit ALL the facilities that will house your data--so you can get a real impression of their security? Typically most public cloud providers do not allow this level of access for various reasons.
      4. Are there multiple copies of your data distributed geographically for diversity and redundancy in case the main backup facility is off-lined for ANY reason?  (Bad guys, earth quake, plane crash, virus, or worse!) In AWS this is addressed by utilizing multiple availability zones in the the design which is composed of multiple separate physical data centers in a given geographical location. In addition to this higher redundancy can be achieve by utilizing multiple regions in the design to distribute the data across regions such as us-east-1 (Virginia) or us-west-1 (Northern California).
    2. Secure
      1. Who has logical/virtual/remote access to the data? In the case of AWS this is controlled by IAM policies within a single account and at a more granular level by a policy applied to the bucket to restrict access even within an account.
      2. Can the vendor PROVE who has access and how no one else can receive access?The data should be encrypted and it can be encrypted prior to upload to ensure that only you have the private key necessary to decrypt the data.
      3. What security is in place that ensures your data can ONLY be accessed by you? The data should be encrypted and it can be encrypted prior to upload to ensure that only you have the private key necessary to decrypt the data.
      4. What records are provided to you that document attempts by unauthorized parties to access your data electronically? AWS provides a service called CloudTrail that provides an audit log of all API calls to services such as S3 that store data.
      5. What methods are in place to prevent others from manipulating your data while it's in storage--changing it, deleting parts of it, adding new parts to it? Ideally the data is initially encrypted and a checksum of the data could be created prior to upload to validate the integrity of the file when it is being access. AWS also provides the ability to turn on versioning to provide data from accidentally being overwritten.
    3. Retrievable
      1. Can you access your data anytime, from anywhere, securely? In the case of AWS S3 the availability metrics are on par with the industry, S3 is globally accessible and from a security standpoint you could and should ensure that all communication is performed over a TLS encrypted session.
      2. Can you restore your data quickly anytime?This all depends on the service selected for storage whether it is a service that supports instant recovery or more of a cold storage solution that takes a few hours to restore.
      3. Who else can restore your data? Data can and should be encrypted before stored on the cloud provider's infrastructure which would ensure you know who can effectively restore your data from a decryption perspective.
    4. Resilient
      1. What single points of failure are there in the backup-solution? If the solution is designed for high availability then a multi-region approach could be taken and the SPOF would be at the data source if it were being generated on-premises.
      2. Is your data access dependent upon any single person or service or ISP or electric utility? As long as the solution is intuitive and the data is distributed across multiple regions this shouldn't be a concern.
    5. Efficient
      1. Can you restore data as fast as you can back it up?  It would be unfortunate if the cloud backup provider was not using synchronous Internet I/O. The major public cloud providers have circuits that serve the majority of the traffic being consumed via the internet.
      2. Are the methods of securely accessing your data:
        1. Reliable?
        2. Speedy?
        3. Resilient?
        4. Easy to understand and use in the event of a need to quickly access it and restore it? All of the above depend on the particular backup software solution that is chosen.
  2. What penalties will be realized against the cloud backup provider if your data is not secure, not retrievable on your schedule? All of the solutions discussed are backup software solutions other than the fully managed cloud provider native snapshotting and even then they have agreed upon SLAs that stipulate the penalty for not meeting the SLA.