Big Backup Targets: Balancing Data Integrity and Security
The move to protect data in the cloud is rising incrementally, and while there are numerous services provider options, Amazon Web Services and Microsoft Azure are key choices.
Public cloud infrastructure is increasingly offering a viable alternative to secondary datacenters and tape archiving, thanks to lower compute and storage costs.
Thousands of hosting providers of all sizes offer a variety of backup and recovery and disaster recovery (DR) services, and server OSes and virtual machine infrastructures now provide basic support for off-premises backup. In addition to replication improvements in modern hypervisors and server OSes, most providers of backup and recovery software and appliances have begun adding APIs and connectivity to public clouds.
Public clouds are still an incremental portion of overall backup targets, though implementation of disk-to-cloud (D2C) and disk-to-disk-to-cloud (D2D2C) have doubled in the past year in North America, according to the latest Gartner Inc. survey of datacenter managers. Cloud as a primary backup methodology in North America has doubled over the past year to 13 percent, according to the survey. It still trails disk-to-tape (D2T), which is still employed by 14 percent as a primary methodology. In Europe the disparity is wider, with only 6 percent using public clouds and 23 percent using D2T.
"Gartner expects backup to the cloud to incrementally increase in popularity, and workloads that move to the cloud will be backed up there," says Robert Rhame, a research director at Gartner. "It likely will not be an all-or-nothing scenario. Just as the datacenter is becoming more hybrid, we should expect backup to the cloud to be another target option for companies to leverage."
As organizations start using cloud services for core business functions, besides e-mail, at least some portion of backup and DR is among the first to move online. While smaller businesses may use a local provider, Amazon Web Services (AWS) is often the choice of many larger shops, while Microsoft Azure is considered the second-most popular. Many use both, and in addition to those two providers there are numerous popular options, including Google Compute Engine, Rackspace, IBM Softlayer and EMC Virtustream.
Given the considerable usage of AWS and Azure worldwide for backup and DR, this report looks at how to use the two providers' storage and archiving services.
Organizations looking for advanced management, e-discovery, and the ability to establish recovery point objectives (RPOs) and recovery time objectives (RTOs) will typically opt to use a backup and recovery solution. Most of the leading providers of software and appliances offer some form of support for the portfolio of AWS storage services, including S3, Elastic Block Storage (EBS) and its Glacier archiving platform, and Azure.
"We're seeing customers who first dip their toe in the water by using the cloud as a backup center as an alternative to a traditional datacenter," says Chris Resch, executive VP of 2nd Watch, one of the largest AWS-focused cloud consulting and integration partners. "They use that and can failover to that backup and all of a sudden they're live in the cloud."
Public cloud services are becoming more viable as backup and recovery organizations are finding security is less of a barrier, especially given the rapid growth of other types of cloud services such as CRM and e-mail. Security remains a primary concern, but the risk of breaches among organizations storing data on-premises is often greater rather than hosting it in the datacenters of cloud providers.
"We hear a lot that you lose control when you put your data into the cloud. We contend that you actually gain more control," said Bill Murray, AWS director of security programs, speaking at a recent one-day conference in New York held by security provider Alert Logic. Murray talked up the fact that security is the first consideration of any new capability added to the AWS portfolio of services.
Encryption with customer-managed keys resolves the security concern for customers, while deduplication offered by various solutions mitigates the bandwidth, recovery and storage issues, Rhame notes. "Keeping at least 48 to 72 hours of data on-site covers 99 percent of restores," he says. "Not all datacenter backup solutions can do this, and it is worth checking to see if expensive compute in the cloud to manage the deduplication is required."
Consequently, total cost of ownership of using cloud could be higher, particularly for those who routinely need to recover large amounts of data. For example, Rhame estimates it can cost $90 per terabyte of data just to recover and, depending on network capacity available between the host site and the AWS or Azure datacenter, it could take time to recover large amounts of data. Larger restores can require a provider to physically ship the data, which can add upward of 24 hours to the recovery. And for companies based in the European Union (or those who do business there), data sovereignty can be an inhibitor because AWS and Microsoft are U.S.-based.
In his experience, Resch says, 2nd Watch clients using AWS for backup typically prefer to do so with their existing backup and recovery solution and most support S3 and EBS as a target. "You can script out EBS snapshots. You can put your own ISV-type backup and recovery product like a Veritas NetBackup or Veeam or just about every other thing that's out there."
Acronis International GmbH, Arcserve, Commvault, Veeam Software and Veritas Technologies LLC are among the numerous providers of backup and recovery software that offer connectivity to a cloud provider. Some have better ties to AWS while others currently offer tighter integration with Azure, though they stop short of saying the latter is their preferred provider. Commvault is an obvious example of one that says it's cloud-agnostic, offering connectivity to both AWS, Azure and others.
Given its historic ties to Microsoft, the company has more experience with Windows and the Azure cloud. The Commvault solution protects 10PB of data that operate the Microsoft Xbox Live Network and the company's Global Foundation Services, which operate Azure, Bing, Office 365, OneDrive and Skype, among other services.
Randy De Meno, Commvault's chief technologist for Windows products and Microsoft partnership, says Azure and AWS are both growing as backup targets. In many instances customers will back up their Hyper-V and VMware workloads to both clouds for redundancy, he says. Likewise, many customers are asking Commvault to provide on-premises backups of Office 365 data. While some managed services providers offer backup and DR as a service based on Commvault software, the company recently launched its own service, which it hosts in Azure.
Because Microsoft will offer Azure customers its StorSimple storage appliance to move their backups to Azure, it brings up the question of where backup and recovery solutions fit. For basic replication, some might mirror a site to Azure, but any organization looking to have management controls, the ability to set policies and have e-discovery will want Commvault's solution, De Meno says. "We see StorSimple being used for primary storage," he says. "We have granular management of Exchange, SharePoint, Active Directory and SQL Server. With Commvault you get the full snapshot capability. It's not just limited to VSS."
Some solution providers are adding support for the StorSimple appliance. Talon recently added to the Azure Marketplace its software called CloudFAST, which it describes as a distributed network file system with caching, differencing and network optimization. The new release now runs on StorSimple, allowing organizations to recover their unstructured file data from Azure rather than an alternate or third-party datacenter. Many solutions, including the Veeam Backup and Replication Suite 9.0, can connect with the StorSimple appliance.
Acronis is another provider jumping on the Azure bandwagon. At the Microsoft Worldwide Partner Conference in Toronto last month the company introduced Acronis Backup for Azure and Azure Stack and Acronis Backup for Office 365 e-mail.
Yet, many backup solutions are optimized for AWS, given its larger customer base. One noteworthy supplier is Veritas, the provider of Backup Exec and NetBackup, which last year was divested by Symantec. Backup Exec and NetBackup will eventually have native support for Azure, but currently they offer a generic Amazon S3 interface, meaning they will support AWS and any S3-enabled storage such as Cloudeon, Datish Systems and Hitachi Data Systems, and local providers offering services that support the protocol.
Veritas customers using AWS as a target are doing so incrementally and usually with a hybrid implementation. In most cases it's for archival data or data that's 30 to 90 days old, according to Simon Jelley, Veritas VP of product management. "We expect more and more customers to grow in terms of the move to private and public cloud, and the important thing that's key to the integration is the ability for us to provide the lifecycle management to move data and to track the data so it moves to different environments," Jelley says.
Arcserve supports multiple cloud targets, including Azure, but it offers more extensive and native support for AWS. The company's Universal Data Protection (UDP) solution in the coming months will gain replication and continuous data protection (CDP) support in AWS. CDP is intended for functions that require high availability, says Christophe Bertrand, Arcserve's VP of marketing. "You can literally have your critical applications being continuously replicated to Amazon; should anything come up, we would failover to that instance," Bertrand says.
Of course, CDP and the use of continuous replication don't come cheap. "CDP is more of an investment," he says. "It's not for everyone."