While server virtualization helped to modernize the data center, cloud computing represents a much more impactful change wave that promises to modernize the enterprise. True to the title of this blog, it’s important to recognize that the cloud, and the internal initiatives to move and host applications on on-prem and off-prem cloud frameworks (CloudOps), render much of the last 10 years of data protection innovation R&D useless.
Cost, automation, security and flexibility are the primary drivers that are compelling customers to abandon traditional backup solutions while they abandon traditional data center architectures. Let me explain why:
First thing’s first – without the use of a block-snapshot service provided by the cloud service provider (ex. AWS EBS snapshots), it’s impossible to access the server host to perform image based backups. While many customers are OK with cloud-specific solutions such as EBS snaphots – there are some challenges, including:
- Volume snapshots are not deduplicated, creating excess storage capacity costs
- Often, customers want only to protect specific files, which volume snapshots don’t allow for –
full volume snapshots can also create challenges for recovery time when a user just needs a specific file and doesn’t want to wait for a full volume restore
- Volume snapshots must be managed by scripts, which can be complex to maintain
- And finally, cloud snapshot services can keep data hostage to the cloud (for example; Azure Backup Services cannot recover a server to AWS, or vice versa)
To limit the costs of server data protection, cloudops organizations are now demanding more advanced solutions that provide superior economics by providing file and application-level backup granularity and using global deduplication to eliminate backup capacity sprawl.
1 CLOUD, 2 CLOUDS, 3 CLOUDS, 4
CloudOps initiatives are often defined by being able to implement a variety of platforms as part of a larger cloud “fabric” where a ‘cloud of clouds’ is stitched together using sophisticated provisioning and cloud management tools, VPNs, service catalogs and an IT governance policy that dictates where it is and is not appropriate to deploy a specific application to.
In order to realize a true multi-cloud vision, a backup platform must at least feature two critical capabilities:
- The solution must not be specific to any one cloud, and must have support for a variety of object storage APIs to enable in-cloud backup and eliminate data transfer charges when appropriate (a full-in VPC solution)
- The solution must support WAN optimized data protection agents that compress and globally deduplicate data at the source prior to sending it to a media server so organizations can backup any cloud, to any cloud
APIS ARE THE NEW ADMIN
Beyond the inherent HW benefits (pay as you go, OPEX, better economies of scale) that organizations realize by using cloud computing platforms – cloud automation stands to be the greatest economic organizations will derive from the cloud era. Automated IT-as-a-Service is a critical aspect of CloudOps not only because organizations can direct administrators toward higher value tasks, but also because it helps users deploy cloud resources and applications instantaneously.
In order for this all to work – all relevant infrastructure – including data protection software – must provide the same operational benefit that a modern IaaS platform provides to administrators in order for organizations to realize the entire value of cloud operations.
CloudOps product requirement priorities include:
- A complete set of APIs that enable end-to-end automated service delivery and has zero dependency on systems administrators for routine operations
- Full integration with modern application and infrastructure service catalogs that enables developers and cloud users to compose application environments with the push of a button.
MULTI-TENANCY ELIMINATES THE “OOPS” FACTOR
Organizations go to great pains to implement primary storage security models where users are restricted from seeing each other’s data. The model, however, has historically experienced a glaring security weakness as backup administrators are tasked with recovering sensitive data to users, often under stressful conditions. This process can be prone to human error and organizations can experience data security and privacy issues when a backup administrator recovers a sensitive dataset to the wrong user.
Just as organizations seek to create multiple tenants from a shared infrastructure, data protection capabilities must also complement this initiative. A multi-tenant approach to server backup can offer organizations a number of benefits, including:
- Isolated tenant data, encrypted by tenants who are the exclusive passphrase holder, can ensure that a global data protection platform administrator can never improperly restore sensitive data to the wrong user
- Tenants can be delegated a certain amount of administrative capability, thereby lessening the load on a global (or platform) administrator and enabling additional scale
In the case of this requirement– there is not a lot of prior-art in the market for cloud architects who are looking to secure and isolate data at the source, and who do not want to implement 1,000 instances of a data protection solution to achieve security and/or compliance.
As you can tell – this is all leading to a huge opportunity in the market for a data protection vendor who can pull this all together and deliver an enterprise-grade “backup as a service” delivery platform that is built from the ground-up with born-in-the-cloud delivery, automation and data protection capabilities.
I’ll leave you with that thought – but stay tuned; we’ll have more to say later this week…