One of the most expedient ways to realize the economic benefits of cloud storage is to integrate your current backup...
or DR operations with a cloud backup service.
Cloud services adoption is growing, and last year’s tire-kickers are making real investments today. Research from Milford, Mass.-based Enterprise Strategy Group (ESG) found that 74% of IT departments will increase 2012 spending on public cloud computing services to help contain costs, while 63% plan to increase spending on server virtualization software or begin to build out a private cloud on top of their existing virtualized infrastructure (ESG Research Report, 2012 IT Spending Intentions Survey, January 2012).
For many, the on-ramp to the cloud is the integration of on-premises functions with cloud infrastructure. A relatively easy “entry point” to cloud storage services is to integrate on-premises backup operations with a cloud-based service.
Cloud-based storage and computing provide off-site, long-term storage and/or a disaster recovery (DR) platform without having to fund/build one. Organizations gain additional infrastructure assets, but at a fraction of the cost. The capital costs of equipment, as well as the operational costs of floor space, staff, energy, maintenance, software and equipment updates can be eliminated. Redundancy to support business continuity (BC) requirements is often inherent, without the additional costs typically expected in a do-it-yourself model.
Cloud backup services can be used to capture and store backup copies to replace a disk-to-disk-to-tape (D2D2T) approach while automatically storing backup sets off-site. The same services can often be used to store replicated instances of production workloads for cloud-based DR (see “Integrating with cloud DR services,” below).
For backup and recovery functions, there’s a spectrum of cloud integration approaches available (see “Cloud backup integration models, below”). One tactic that actually eliminates on-site backup infrastructure is backup software as a service (SaaS), which involves running the backup application and storing backup copies in the cloud. Another infrastructure elimination approach is to outsource IT services to a managed service provider (MSP), allowing the MSP to host production applications and manage IT infrastructure, including backup and recovery operations. There are also multiple ways to integrate on-premises backup functions with the cloud via a disk-to-disk-to-cloud (D2D2C) approach: leveraging a public cloud infrastructure as a service (IaaS), creating a virtual private cloud in a public cloud environment or developing a private cloud infrastructure.
Leveraging a public cloud infrastructure
A D2D2C approach with a public cloud infrastructure involves using an on-premises backup application that directly or indirectly integrates with IaaS vendors, such as Amazon, Google, Microsoft, Nirvanix, Rackspace and others, via the IaaS vendor’s published API. The APIs often support representational state transfer (REST) running over HTTP. Backup vendors that support the APIs directly write natively into a cloud service. Vendors such as Actifio, AppAssure (acquired by Dell), Arkeia, CA, CommVault, Druva, Symantec (NetBackup and Backup Exec) and Zmanda have done the heavy lifting to integrate their backup apps so they can communicate with other vendors’ cloud-based services. This eliminates the need for IT organizations to do complex scripting or employ cloud gateway appliances to integrate with the cloud services. However, users may need to purchase an add-on “cloud connector” or update media agents to the latest service pack to be compatible with a cloud storage provider’s infrastructure.
As an alternative to per-cloud integration via APIs, some backup vendors take advantage of cloud gateways for integration. Backup apps that don’t speak in REST interfaces can use the cloud as a storage repository via the use of a cloud gateway, such as those from Ctera Networks, F5 Networks, Nasuni, Panzura, Riverbed, StorSimple or TwinStrata. For example, an on-premises Riverbed Whitewater appliance can be deployed as a local storage target for the in-house backup application. It provides local deduplicated storage and automatic wide-area network (WAN)-optimized replication of data to a public cloud, including AT&T Synaptic Storage, Amazon, Microsoft Azure, Nirvanix and Rackspace. Some of the backup vendors implementing this form of cloud integration include CA, CommVault, IBM, Quest, Symantec and Veeam.
While the purchase of a cloud storage gateway appliance is an added cost, it can provide greater flexibility in IaaS vendor selection. This type of implementation, however, does have some drawbacks. First, IT organizations may have to adjust deduplication, compression and encryption settings. Deduplication, compression and encryption performed by the backup application itself would be redundant to the services offered by a gateway appliance like Riverbed’s. Also, retention settings for local and cloud storage are typically configured at the gateway appliance -- and not at the backup application -- which can introduce a layer of management complexity. Lastly, the backup application only sees the gateway device as the local storage repository; it’s not aware of copies replicated by the gateway appliance to the cloud tier, a situation that can delay recovery if the backup application requests data that resides only in the cloud.
Virtual private cloud integration
For IT organizations that have concerns about the performance and/or security of using the shared infrastructure of a public cloud but still want the economic and scalability benefits, a virtual private cloud (VPC) implementation may be more appropriate. A VPC exists within a shared or public cloud, and links cloud services with corporate-owned and -operated computing resources, but typically offers enterprise-grade security and performance. This option provides the privacy and reliability of dedicated resources with the rapid scalability and cost benefits of a shared-service model. The availability of a VPC will vary from one service provider’s IaaS platform to the next.
A variation of a VPC approach is also offered by some MSPs that have developed IaaS that’s based on on-premises-compatible technologies. Several backup vendors taking the non-public cloud stance in favor of MSP enablement include Actifio, EMC, FalconStor, IBM, NetApp, Symantec, Syncsort, Veeam and VMware. In this scenario, the service provider receives its tenant’s backups directly and maintains them on like infrastructure. For example, iland, an MSP, offers a hosted DR solution for VMware vSphere virtual machines based on Veeam Backup & Replication. Similarly, Verizon Terremark partners with NetApp to build out a cloud-based, multi-tenant backup solution based on NetApp’s storage systems and data protection portfolio. EMC’s cloud strategy is based on a similar model to deliver remote and replicated backup services. EMC MSPs use EMC Data Domain or EMC Avamar at the subscriber’s site for local protection, and replicate copies to multi-tenant configurations of EMC Data Domain or EMC Avamar at the MSP’s site for cloud copies.
Creating a private cloud
Companies that want the scalability and economic benefits of a shared infrastructure, and to maintain full custody and control of their corporate assets, may choose to develop a private cloud infrastructure. A private cloud infrastructure is intended for a single organization, but it delivers on-demand network access to a shared pool of elastic IT resources just like a public cloud. In this case, corporate sites use local, perpetually licensed backup apps to perform backup tasks and store backup data in the off-site private cloud. Most backup vendors’ products are based on multi-tenant architectures and can be used in private cloud implementations. Furthermore, several backup vendors are integrating with VMware vCloud Director in anticipation of its role in private and MSP-enabled clouds.
Single-vendor integrated backup
Cloud integration for backup is greatly simplified when the on-premises technology and cloud IaaS come from the same vendor, such as with EVault and SunGard Availability Services. With these implementations, on-premises software or an all-in-one backup appliance provides local protection, and off-site replication to the vendor’s cloud facilitates disaster recovery. SunGard’s Recover2Cloud for Server Replication replicates physical and virtual systems to the cloud, while Recover2Cloud for Vaulting copies backup sets to the SunGard cloud. EVault Plug-n-Protect is an on-premises appliance that combines with EVault Offsite Replication Service, which replicates the on-site “vault” to the EVault cloud to create a cloud-integrated solution. In addition to the “one throat to choke” benefits of dealing with a single vendor for an end-to-end solution, what stands out with these vendors is that they also offer recovery services where teams at the cloud data center can facilitate recovery in the cloud infrastructure.
Recovery in the cloud
Integrating on-site backup with public, private or virtual private clouds is only feasible if uplink bandwidth is sufficient. A daily incremental backup of a 100 GB of data at a 10 Mbps transfer rate could take nearly 24 hours to complete. Upgrading to a 100 Mbps connection reduces transfer time significantly to a little more than two hours; however, bandwidth costs are often doubled. That’s why it’s important to take advantage of bandwidth optimization features, such as deduplication and compression. The only “gotcha” is that data in a deduplicated or compressed state in the cloud still has to be “reconstituted” and restored to be recognized by the production application. The data isn’t in a usable state for a cloud-based DR scenario and there could be a time delay if a bulk transfer of data from cloud storage needs to occur for on-site recovery either over a bandwidth connection or via shipped portable media.
One remedy to this dilemma is to recover in the cloud. Implementing a D2D2C strategy for a whole system in the cloud -- not just the data -- improves recovery time objectives. For subscribers who have virtualized workloads at their primary site, this scenario is straightforward. The portability of a virtual machine encapsulating an application instance streamlines whole system backup and recovery processes. Nearly all backup vendors support backup and recovery of virtual systems, so it’s just a matter of contracting for the compatible cloud resources to create a failover site.
Some vendors, namely Arkeia and Zmanda, offer a virtual backup appliance. This allows customers to run the backup server in the cloud and replicate data between the on-premises backup server and the cloud-based one. Data can be restored in the cloud or the cloud storage can be mounted for on-premises backup services. Other products such as AppAssure and Symantec Backup Exec can perform recoveries in the cloud. Symantec’s solution is limited to virtual environments, but AppAssure can protect both physical and virtual systems. Replication between the on-premises AppAssure backup server and an AppAssure Core instance running in the Amazon Elastic Compute Cloud (EC2) makes it possible to recover in the cloud on demand. The ability to run the backup application in the cloud also helps organizations protect cloud-resident production applications.
Cloud infrastructure offers tremendous advantages to reduce costs and simplify recovery operations, especially for integrated backup. The on-demand, pay-as-you-go characteristics of cloud storage services are a perfect match for the D2D2C use cases for reducing or eliminating tape media and facilitating disaster recovery.
BIO: Lauren Whitehouse has more than 25 years of experience covering backup and replication, and other data protection technologies.