Cohesity Basics – Cloud Tier

I’ve been doing some work with Cohesity in our lab and thought it worth covering some of the basic features that I think are pretty neat. In this edition of Cohesity Basics, I thought I’d quickly cover off how to get started with the “Cloud Tier” feature. You can read about Cohesity’s cloud integration approach here. El Reg did a nice write-up on the capability when it was first introduced as well.

 

What Is It?

Cohesity have a number of different technologies that integrate with the cloud, including Cloud Archive and Cloud Tier. With Cloud Archive you can send copies of snapshots up to the cloud to keep as a copy separate to the backup data you might have replicated to a secondary appliance. This is useful if you have some requirement to keep a monthly or six-monthly copy somewhere for compliance reasons. Cloud Tier is an overflow technology that allows you to have cold data migrated to a cloud target when the capacity of your environment exceeds 80%. Note that “coldness” is defined in this instance as older than 60 days. That is, you can’t just pump a lot of data in to your appliance to see how this works (trust me on that). The coldness level is configurable, but I recommend you engage with Cohesity support before you go down that track. It’s also important to note that once you turn on Cloud Tier for a View Box, you can’t turn it off again.

 

How Do I?

Here’s how to get started in 10 steps or less. Apologies if the quality of some of these screenshots is not great. The first thing to do is register an External Target on your appliance. In this example I’m running version 5.0.1 of the platform on a Cohesity Virtual Edition VM. Click on Protection – External Target.

Under External Targets you’ll see any External Targets you’ve already configured. Select Register External Target.

You’ll need to give it a name and choose whether you’re using it for Archival or Cloud Tier. This choice also impacts some of the types of available targets. You can’t, for example, configure a NAS or QStar target for use with Cloud Tier.

Selecting Cloud Tier will provide you with more cloudy targets, such as Google, AWS and Azure.

 

In this example, I’ve selected S3 (having already created the bucket I wanted to test with). You need to know the Bucket name, Region, Access Key ID and your Secret Access Key.

If you have it all correct, you can click on Register and it will work. If you’ve provided the wrong credentials, it won’t work. You then need to enable Cloud Tier on the View Box. Go to Platform – Cluster.

Click on View Boxes and the click on the three dots on the right to Edit the View Box configuration.

You then can toggle Cloud Tier and select the External Target you want to use for Cloud Tier.

Once everything is configured (and assuming you have some cold data to move to the cloud and your appliance is over 80% full) you can click on the cluster dashboard and you’ll see an overview of Cloud Tier storage in the Storage part of the overview.

 

 

Thoughts?

All the kids are getting into cloud nowadays, and Cohesity is no exception. I like this feature because it can help with managing capacity on your on-premises appliance, particularly if you’ve had a sudden influx of data into the environment, or you have a lot of old data that you likely won’t be accessing. You still need to think about your egress charges (if you need to get those cold blocks back) and you need to think about what the cost of that S3 bucket (or whatever you’re using) really is. I don’t see the default coldness level being a problem, as you’d hope that you sized your appliance well enough to cope with a certain amount of growth.

Features like this demonstrate both a willingness on behalf of Cohesity to embrace cloud technologies, as well as a focus on ease of use when it comes to reasonably complicated activities like moving protection data to an alternative location. My thinking is that you wouldn’t necessarily want to find yourself in the position of having to suddenly shunt a bunch of cold data to a cloud location if you can help it (although I haven’t done the maths on which is a better option) but it’s nice to know that the option is available and easy enough to setup.

Random Short Take #5

So it’s been over six months since I did one of these, and it’s clear that I’m literally rubbish at doing them regularly.

Cohesity – SQL Log Backup Warning

This one falls into the category of “unlikely that it will happen to you but might be worth noting”. I’ve been working with some Cohesity gear in the lab recently and came across a warning, not an error, when I was doing a SQL backup.

But before I get to that, it’s important to share the context of the testing. With Cohesity, there’s some support for protecting Microsoft SQL workloads that live on Windows Failover Clusters (as well as AAGs – but that’s a story for another time). You configure these separately from your virtual sources, and you install an agent on each node in the cluster. In my test environment I’ve created a simple two-node Windows Failover Cluster based on Windows 2016. It has some shared disk and a heartbeat network (a tip of the hat to Windows clusters of yore). I’ve cheated, because it’s virtualised, but needs must and all that. I’m running SQL 2014 on top of this. It took me a little while to get that working properly, mainly because I’m a numpty with SQL. I finally had everything setup when I noticed the following error after each SQL protection job ran.

I was a bit confused as I had set the databases to full recovery mode. Of course, the more it happened, the more I got frustrated. I fiddled about with permissions on the cluster, manual maintenance jobs, database roles and all manner of things I shouldn’t be touching. I even went for a short walk. The thing I didn’t do, though, was click the arrow on the left hand side of the job. That expands the job run details so you can read more about what happened. If I’d done that, I would have seen this error straight away. And the phrase “No databases available for log backup” would have made more sense.

And I would have realised that the reason I was getting the log backup warning was because it was skipping the system databases and, as I didn’t have any other databases deployed, it wasn’t doing any log backups. This is an entirely unlikely scenario in the real world, because you’ll be backing up SQL clusters that have data on them. If they don’t have data on them, they’re likely low value items and won’t get protected. The only situation where you might come across this is if you’re testing your infrastructure before deploying data to it. I resolved the issue by creating a small database. The log backups then went through without issue.

For reference, the DataPlatform version I’m using is 5.0.1.

Rubrik Announces Polaris GPS

Rubrik recently announced their GPS module for Polaris. The product name gives me shivers because it’s the name of a data centre I spent a lot of weekends in years ago. In any case, Polaris is a new platform being built in parallel with Rubrik’s core offering. Chris Wahl very kindly took us through what some of the platform capabilities are.

 

Polaris What?

Polaris is the SaaS platform itself, and Rubrik are going to build modules for it (as well as allowing 3rd parties to contribute). So let’s not focus too much on Polaris, and more on those modules. The idea is to provide a unified control plane with a single point of control. According to Rubrik, there is a going to be significant focus on a Great User Experience ™.

“Rubrik Polaris is a consumable resource that you tap into, rather than a pile of infrastructure that you setup and manage”

 

I’m A Polaris

The first available module is “Rubrik Polaris GPS”. The idea is that you can:

  • Command and control of all Rubrik CDM instances, globally;
  • Monitor for compliance and leverage alerts to dig into trouble spots;
  • Work with open and documented RESTful APIs with visibility into a global data footprint. Automate and orchestrate all of Rubrik from a single entry point.

The creation and enforcement of business SLA policies is based on flexible criteria: geography, installation, compliance needs, planned growth, data migrations, etc. You can start to apply various policies to data – some you might want to keep in a particular geographical zone, some you might need replicated, etc.

Another cool thing is that the APIs are open and documented, making third-party integration (or roll your own stuff) a real possibility.

From a security perspective, there’s no currently available on-premises version but that’s a possibility in the future (for dark sites). You also need to add clusters manually (i.e. securely) – clusters won’t just automatically join the platform. The idea is, according to Rubrik, to “show you enough data to make actionable decisions, but don’t show too much”. This seems like a solid approach.

 

Questions?

Is my backup source data available to Polaris?

– No. The backup source data is available only to the respective Clusters. Polaris has access only to activities and reports on Clusters that have been granted access to Polaris.

Is Polaris a separate CDM version?

– No. Polaris is a SaaS service.

What is the maximum number of Clusters that can be managed by Polaris?

– There is no hard limit to the number of Clusters that can be managed by Polaris.

How secure is Polaris GPS?

– Polaris uses multiple levels of security to protect customer data and service: authentication, secure connection, data security, data isolation, data residency, etc.

 

Thoughts

So what problem are they trying to solve? Well, what if you wanted to apply global protection policies to multiple appliances? GPS could be leveraged here. This first module isn’t going to be very useful for folks who are running a single deployment of Briks, but it’s going to be very interesting for folks who’ve got a large deployment that may or may not be geographically dispersed. The GPS module is going to be very handy, and shows the potential of the platform. I’m keen to see what else they come up with to leverage the offering. I’m also interested to see whether there’s much uptake from third-parties. These extensible platforms always seem like a great idea, but I often see limited support from third-parties with the vendor doing the bulk of the heavy lifting. That said, I’m more than happy to see that Rubrik have taken this open approach with the API, as it does allow for some potentially interesting integrations to happen.

If you’ve been keeping an eye on the secondary storage market, you’ll see that the companies offering solutions are well beyond simply delivering data protection storage with backup and recovery capabilities. There’s a whole lot more that can be done with this data, and Rubrik are focused on delivering more out of the platform than just basic copy data management. The idea of Polaris delivering a consolidated, SaaS-based view of infrastructure is likely the first step in a bigger play for them. I think this is a good way to get people using their infrastructure differently, and I like that these companies are working to make things simpler to use in order to deliver value back to the business. Read more about Polaris GPS here.

Druva Announces Cloud Platform Enhancements

Druva Cloud Platform

Data protection has been on my mind quite a bit lately. I’ve been talking to a number of vendors, partners and end users about data protection challenges and, sometimes, successes. With World Backup Day coming up I had the opportunity to get a briefing from W. Curtis Preston on Druva’s Cloud Platform and thought I’d share some of the details here.

 

What is it?

Druva Cloud Platform is Druva’s tool for tying together their as-a-Service data protection solution within a (sometimes maligned) single pane of glass. The idea behind it is you can protect your assets – from end points through to your cloud applications (and everything in between) – all from the one service, and all managed in the one place.

[image courtesy of Druva]

 

Druva Cloud Platform was discussed at Tech Field Day Extra at VMworld US 2017, and now fully supports Phoenix (the DC protection offering), inSync
(end point & SaaS protection), and Apollo (native EC2 backup). There’s also some nice Phoenix integration with VMware Cloud on AWS (VMC).

[image courtesy of Druva]

 

Druva’s Cloud Credentials

Druva provide a nice approach to as-a-Service data protection that’s a little different from a number of competing products:

  • You don’t need to see or manage backup server nodes;
  • Server infrastructure security is not your responsibility;
  • Server nodes are spawned / stopped based on load;
  • S3 is less expensive (and faster with parallelisation);
  • There are no egress charges during restore; and
  • No on-premises component or CapEx is required (although you can deploy a cache node for quicker restore to on-premises).

 

Thoughts

I first encountered Druva at Tech Field Day Extra VMworld US in 2017 and was impressed by both the breadth of their solution and the cloudiness of it all compared to some of the traditional vendor approaches to protecting cloud-native and traditional workloads via the cloud. They have great support for end point protection, SaaS and traditional, DC-flavoured workloads. I’m particularly a fan of their willingness to tackle end point protection. When I was first starting out in data protection, a lot of vendors were speaking about how they could protect business from data loss. Then it seemed like it all became a bit too hard and maybe we just started to assume that the data was safe somewhere in the cloud or data centre (week not really but we’re talking feelings, not fact for the moment). End point protection is not an easy thing to get right, but it’s a really important part of data protection. Because ultimately you’re protecting data from bad machines and bad events and, ultimately, bad people. Sometimes the people aren’t bad at all, just a little bit silly.

Cloud is hard to do well. Lifting and shifting workloads from the DC to the public cloud has proven to be a challenge for a lot of enterprises. And taking a lift and shift approach to data protection in the cloud is also proving to be a bit of challenge, not least of which because people struggle with the burstiness of cloud workloads and need protection solutions that can accommodate those requirements. I like Druva’s approach to data protection, at least from the point of view of their “cloud-nativeness” and their focus on protecting a broad spectrum of workloads and scenarios. Not everything they do will necessarily fit in with the way you do things in your business, but there’re some solid, modern foundations there to deliver a comprehensive service. And I think that’s a nice thing to build on.

Druva are also presenting at Cloud Field Day 3 in early April. I recommend checking out their session. Justin also did a post in anticipation of the session that is well worth a read.

Cohesity Understands The Value Of What Lies Beneath

Disclaimer: I recently attended Storage Field Day 15.  My flights, accommodation and other expenses were paid for by Tech Field Day. There is no requirement for me to blog about any of the content presented and I am not compensated in any way for my time at the event.  Some materials presented were discussed under NDA and don’t form part of my blog posts, but could influence future discussions.

Cohesity recently presented at Storage Field Day 15. It’s not the first time I’ve spoken about them, and you can read a few of my articles on them here and here. You can see their videos from Storage Field Day 15 here, and download a PDF copy of my rough notes from here.

 

The Data Centre Is Boring

Well, not boring exactly. Okay, it’s a little boring. Cohesity talk a lot about the concept of secondary storage and, in their view, most of the storage occupying the DC is made up of secondary storage. Think of your primary storage tier as your applications, and your secondary storage as being comprised of:

  • Backups;
  • Archival data;
  • Analytics; Test/Dev workloads; and
  • File shares.

In other words, it’s a whole lot of unstructured data. Cohesity like to talk about the “storage iceberg”, and it’s a pretty reasonable analogy for what’s happening.

[Image courtesy of Cohesity]

 

Cohesity don’t see all this secondary data as simply a steaming pile of unmanaged chaos and pain. Instead, they see it as a potential opportunity for modernisation. The secondary storage market has delivered, in Cohesity’s view, an opportunity to “[c]lean up the mess left by enterprise backup products”. The idea is that you can use an “Apple-like UI”, operating at “Google-like scale”, to consolidate workloads on the Cohesity DataPlatform and then take advantage of copy data management to really extract value from that data.

 

The Cohesity Difference

So what differentiates Cohesity from other players in the secondary storage space?

Mohit Aron (pictured above) took us though a number of features in the Cohesity DataPlatform that are making secondary storage both useful and interesting. These include:

  • Global Space Efficiency
    • Variable length dedupe
    • Erasure coding
  • QoS
    • Multi workload isolation
    • Noisy neighbour prevention
  • Instant Mass Restore
    • Any point in time
    • Highly available
  • Data Resiliency
    • Strict consistency
    • Ensures data integrity
  • Cloud/Apps Integration
    • Multiprotocol
    • Universal access

I’ve been fortunate enough to have some hands on experience with the Cohesity solution and can attest that these features (particularly things like storage efficiency and resiliency) aren’t just marketing. There are some other neat features, such as public cloud support with AWS and Azure that are also worthy of further investigation.

 

Thoughts And Further Reading

There’s a lot to like about Cohesity’s approach to leveraging secondary storage in the data centre. For a very long time, the value of secondary storage hasn’t been at the forefront of enterprise analytics activities. Or, more bluntly put, copy data management has been something of an ongoing fiasco, with a number of different tools and groups within organisations being required to draw value from the data that’s just sitting there. Cohesity don’t like to position themselves simply as a storage target for data protection, because the DataPlatform is certainly capable of doing a lot more than that. While the messaging has occasionally been confusing, the drive of the company to deliver a comprehensive data management solution that extends beyond traditional solutions shouldn’t be underestimated. Coupled with a relentless focus on ease of use and scalability and the Cohesity offering looks to be a great way of digging in to the “dark data” in your organisation to make sense of what’s going on.

There are still situations where Cohesity may not be the right fit (at the moment), particularly if you have requirements around non-x86 workloads or particularly finicky (read: legacy) enterprise applications. That said, Cohesity are working tirelessly to add new features to the solution at a rapid pace, and are looking to close the gap between themselves and some of the more established players in the market. The value here, however, isn’t just in the extensive data protection capability, but also in the analytics that can be leveraged to provide further insight into your organisation’s protected data. It’s sometimes not immediately obvious why you need to be mining your unstructured data for information. But get yourself the right tools and the right people and you can discover a whole lot of very useful (and sometimes scary) information about your organisation that you wouldn’t otherwise know. And it’s that stuff that lies beneath the surface that can have a real impact on your organisation’s success. Even if it is a little boring.

Cohesity Basics – Auto Protect

I’ve been doing some work with Cohesity in our lab and thought it worth covering some of the basic features that I think are pretty neat. In this edition of Cohesity Basics, I thought I’d quickly cover off the “Auto Protect” feature. If you read their white paper on data protection, you’ll find the following line: “As new virtual machines are added, they are auto discovered and included in the protection policy that meets the desired SLAs”. It seems like a pretty cool feature, and was introduced in version 4.0. I wanted to find out a bit more about how it works.

 

What Is It?

Auto Protect will “protect new VMs that are added to a selected parent Object (such as a Datacenter, Folder, Cluster or Host)”. The idea behind this is that you can add a source and have Cohesity automatically protect all of the VMs in a folder, cluster, etc. The cool thing is that it will also protect any new VMs added to that source.

When you’re adding Objects to a Protection Job, you can select what to auto protect. In the screenshot below you can see that the Datacenter in my vCenter has Auto Protect turned off.

The good news is that you can explicitly exclude Objects as well. Here’s what the various icons mean.

[Image courtesy of Cohesity]

 

What Happens?

When you create a Protection Job in Cohesity you add Objects to the job. If you select to Auto Protect this Object, anything under that Object will automatically be protected. Every time the Protection Job runs, if the Object hierarchy has been refreshed on the Cohesity Cluster, new VMs are also backed up even though the new VM has not been manually included in the Protection Job. There are two ways that the Object hierarchy gets refreshed. It is automatically done every 4 hours by the cluster. If you’re in a hurry though, you can do it manually. Go to Protection -> Sources and click on the Source you’d like to refresh. There’s a refresh button to click on and you’ll see your new Objects showing up.

 

Why Wouldn’t You?

As part of my testing, I’ve been creating “catchall” Protection Jobs and adding all the VMs in the environment into the jobs. But we have some VMware NSX Controller VMs in our lab, and VMware “only supports backing up the NSX Edge and controller through the NSX Manager“. Not only that, but it simply won’t work.

In any case, you can use FTP to back up your NSX VMs if you really feel like that’s emoting you want to do. More info on that is here. You also want to be careful that you’re not backing up stuff you don’t need to, such as clones and odds and sods. Should I try protecting the Cohesity Virtual Edition appliance VM? I don’t know about that …

 

Thoughts

I generally prefer data protection configurations that “protect everything and exclude as required”. While Auto Protect is turned off by default, it’s simple enough to turn on when you get started. And it’s a great feature, particularly in dynamic environments where there’s no automation of data protection when new workloads are provisioned (a problem for another time). Hat tip to my Cohesity SE Pete Marfatia for pointing this feature out to me.

Updated Articles Page

I recently had the opportunity to deploy a Cohesity C2500 4-node appliance and thought I’d run through the basics of the installation. There’s a new document outlining the process on the articles page.

Zerto Announces ZVR 6.0

Zerto recently announced version 6.0 of their Zero Virtual Replication (ZVR) product and I had the opportunity to speak with Rob Strechay (Senior VP, Product) about the announcement.

 

Announcement

Multi-cloud Mobility

Multi-cloud workload mobility is probably the biggest bit of news from the 6.0 release. It provides “inter-cloud and intra-cloud workload mobility and protection between Azure, IBM Cloud, AWS and more than 350 cloud service providers (CSPs)”. This is the culmination of a lot of work by Zerto over the past few years, with support for AWS delivered in 2014, Azure in 2016, and now you have the ability to move workloads between clouds as well. The cool thing about this is that you can do some interesting stuff with workload migration, moving to and from Azure, and also in-between Azure (i.e. region to region).

GCP is on their roadmap, however demand for that functionality has not been as great according to Strechay.

 

Enhanced Analytics Visibility

Zerto’s analytics capability (first announced in ZVR 5.5) has been enhanced as well. Customers now have access to expanded dashboards with:

  • Live network analysis reports for troubleshooting and optimisation;
  • Insights into network throughput and performance;
  • The ability to monitor site-to-site and outbound traffic; and
  • 30 days of network history metrics for any site.

 

Cloud Portal for CSPs

CSPs are still a huge piece of what makes Zerto successful. The new CSP Management Portal will give CSPs the ability to “remotely upgrade customer sites to provide them with continuous availability and latest software releases”. This is a SaaS-delivered service, and will eventually be supported for Enterprise customers as well.

 

Thoughts and Further Reading

If you’ve ever been to VMworld (or similar events), you’ll see that Zerto make a big effort to get in front of current (and potential) customers and spread the good word about disaster recovery and disaster avoidance. Not only do they make pretty good t-shirts, they also have a nifty product (and excellent CSP ecosystem) that keeps improving as the years go by. They now support over 6000 customers in over 70 countries and have done quite a bit of work to make disaster recovery for virtual environments a relatively simple undertaking. This simplicity, coupled with some great improvements in cloud workload mobility make it worth a second look.

Disaster recovery (and disaster avoidance), like most data protection activities, isn’t sexy. It’s boring. And you hope you’ll never have to use it. But if you’ve ever had to, you’ll know how kludgy some solutions can be. Zerto has worked hard to not be one of those solutions, instead offering a simple mechanism for workload protection and mobility. If you’re into that kind of thing (and you probably should be), they’re worth checking out.

Zerto Analytics – Seeing Is Understanding

I attended VMworld US in August and had hoped to catch up with Zerto regarding their latest product update (the snappily titled Zerto Virtual Replication 5.5). Unfortunately there were some scheduling issues and we were unable to meet up. I was, however, briefed by them a few weeks later on some of the new features, particularly around the Zerto Analytics capability. This is a short post that focuses primarily on that part of the announcement.

 

Incremental But Important Announcement

If you’re unfamiliar with Zerto, they provide cloud and hypervisor-based workload replication for disaster recovery. They’ve been around since 2010, and the product certainly has its share of fans. The idea behind Zerto Analytics, according to Zerto, is that it “provides real-time and historical analytics on the status and health of multi-site, multi-cloud environments”.

It is deployed on Zerto’s new SaaS platform, is accessible to all Zerto VR customers, and, according to Zerto, “you will be able to quickly visualize your entire infrastructure from a single pane of glass”.

 

The Value

DR is a vital function that a whole bunch of companies don’t understand terribly well. Zerto provide a reasonably comprehensive solution for companies looking to protect their hypervisor-based workloads in multiple locations while leveraging a simple to use interface for recovery. because when it all goes wrong you want it to be easy to come back. The cool thing about Zerto Analytics is that it gives you more than the standard issue status reporting you’ve previously enjoyed. Instead, you can go through historical data to get a better understanding of the replication requirements of your workloads, and the hot and cold times for workloads. I think this is super useful when it comes to (potentially) understanding when planned maintenance needs to occur, and when a good time is to schedule in your test recoveries or data migration activities.

There’s never a good time for a disaster. That’s why they call them disasters. But the more information you have available at the time of a disaster, the better the chances are of you coming out the other end in good shape. The motto at my daughters’ school is “Scientia est Potestas”. This doesn’t actually mean “Science is Potatoes” but is Latin for “Knowledge is Power”. As with most things in IT (and life), a little bit of extra knowledge (in the form of insight and data) can go a long way. Zerto are keen, with this release, to improve the amount of visibility you have into your environment from a DR perspective. This can only be a good thing, particularly when you can consume it across a decent range of platforms.

DR isn’t just about the technology by any stretch. You need an extensive understanding of what’s happening in your environment, and you need to understand what happens to people when things go bang. But one of the building blocks for success, in my opinion, is providing a solid platform for recovery in the event that something goes pear-shaped. Zerto isn’t for everyone, but I get the impression anecdotally that they’re doing some pretty good stuff around making what can be a bad thing into a more positive experience.

 

Read More

Technical documentation on Zerto Virtual Replication 5.5 can be found here. There’s also a great demo on YouTube that you can see here.