Druva – In The Cloud, Of The Cloud, Protecting The Cloud

Disclaimer: I recently attended Tech Field Day 19.  My flights, accommodation and other expenses were paid for by Tech Field Day. There is no requirement for me to blog about any of the content presented and I am not compensated in any way for my time at the event.  Some materials presented were discussed under NDA and don’t form part of my blog posts, but could influence future discussions.

 

Druva recently presented at Tech Field Day 19. You can see videos of their presentation here, and download my rough notes from here. Here’s a photo of Jaspreet Singh kicking things off.

 

Let’s Talk About You

What do people want in a backup system?

I’ll tell you what we want. What we really, really want. Less Spice Girls ear worms. And a data protection service. It seems simplistic, but it’s true. A lot of organisations are tired of being IT organisations and they just want to consume services from companies that are IT organisations. That’s not a copout. They want to make money doing the things they’re good at. It’s one of the big reasons public cloud has proven so popular. Druva offers a service, and are positioning themselves as being to backups what Salesforce is to CRM. The key selling point is that they can do data protection simpler, faster, cheaper, and safer. And you get the two big benefits of SaaS:

  • There’s nothing to maintain; and
  • New features are made available immediately.

Am I The Ideal Druva Customer?

Are you a good fit though? If you’re running modern / virtualised workloads, Druva want to talk to you. To wit, if you find yourself in one of these categories you should be okay:

  • “Versatilist” Users;
  • Cloud focus or initiative;
  • Hybrid cloud environment;
  • Distributed workloads, including laptops;
  • SaaS adopter (SFDC, O365, G Suite); and
  • Moving away from legacy Unix and apps.

The more distributed your company is – the better Druva looks.

Who’s not a good fit for Druva though? Enterprises that:

  • Must have an on-premises backup system;
  • Have no desire to leverage cloud; and
  • Want a backup system for legacy OS / apps.

Poor enterprises, missing out again.

 

Challenges Solved by Druva

Curtis knows a bit about data protection, and he’s been around for a while now, so he remembers when not everything was peaches and cream in the data protection world. He talked about the various trends in data protection over the years and used the below table as an anchor point. The gist of it is that a solution such as the one Druva has doesn’t have quite as many challenges as the more “traditional” data protection systems we were using through for the last 20 plus years (yes, and longer still, I know).

! $ ? Challenges
$ ? Design, maintain, refresh physical backup server & storage
! $ ? Patch & upgrade backup server OS
! $ ? Patch & upgrade backup server software
! $ ? Manage multiple vendors (server, backup sw, tape, disk)
! Tape can be lost or stolen ???
$ ? Tape requires constant performance tweaking
$ Tape requires offsite vaulting vendor ???
$ Hardware typically bought in advance
$ ? Over-provision compute / storage (growth and variable load)
$ ? Not easy to scale
$ Unexpected / variable costs
$ Massive capital expenditures
! First large backup
! Any large restore

Every vendor can look good when you take tape out of consideration. It has an awful a lot of advantages in terms of capacity and economy, but the execution can often be a real pain. Druva also compete pretty well with the “hyper-converged” backup vendors, although I think they get a bad rap for having a focus on hardware that isn’t necessarily as much of a problem as some people think. The real killer feature for Druva is the cloud-native architecture, and the SaaS story in general.

 

Thoughts and Further Reading

It’s no secret that I’ve been a fan of Curtis for years, so when he moved to Druva I was intrigued and wanted to hear more. But Druva isn’t just Curtis. There are a whole bunch of people at the company who know cloud, and data protection, and have managed to put them together into a solution that makes a lot of sense. And I like what I’ve seen thus far. There’s a really good story here, particularly if you’re all in on cloud, and running relatively modern applications. The heritage in endpoint protection has helped them overcome some obstacles that other vendors haven’t had to deal with yet. They’re also willing to admit that not everything is perfect, particularly when it comes to getting that first large backup done. They also believe that “[w]ithin the limits of physics they can scale to meet the needs of most customers”. You’re not going to be able to achieve RPO 0 and RTO 0 with Druva. But that’s what things like replication are for. What they do offer, however, is an RTO of minutes, not hours. A few other things they don’t do include VM live mount and native support for Azure and GCP.

What Druva do do well is understand that customers have requirements that can be satisfied though the use of protection data. They also understand the real operational value (in terms of resiliency and reduced spend) that can be had with SaaS-based offerings. We all talk a tough game when it comes to buying what we think is the absolute best solution to protect our data, and rightly so. A business’s data is (hopefully) one of its most critical assets, and we should do anything we can to protect it. Druva are as dedicated as the next company to that philosophy, but they’ve also realised that the average business is under constant pressure to reduce costs wherever possible. Now you don’t just get to access the benefits of running your applications in the cloud – you can also get the benefit of protecting them in the cloud too.

Tape was hard to do well, and many of us have horror stories about things going wrong. Cloud can be hard to do well too, and there are plenty of stories of cloud going horribly wrong. Druva isn’t magic, but it does help take away a lot of the complexity that’s been frequently attached with protecting cloud-native workloads.

Brisbane VMUG – August 2019

hero_vmug_express_2011

The August edition of the Brisbane VMUG meeting will be held on Tuesday 20th August at Fishburners from 4 – 6pm. It’s sponsored by Dell EMC and should to be a great afternoon.

Here’s the agenda:

  • VMUG Intro
  • VMware Presentation: TBA
  • Dell EMC Presentation: Protecting Your Critical Assets With Dell EMC
  • Q&A
  • Refreshments and drinks.

Dell EMC have gone to great lengths to make sure this will be a fun and informative session and I’m really looking forward to hearing about their data protection portfolio. You can find out more information and register for the event here. I hope to see you there. Also, if you’re interested in sponsoring one of these events, please get in touch with me and I can help make it happen.

Random Short Take #18

Here are some links to some random news items and other content that I recently found interesting. You might find them interesting too. Episode 18 – buckle up kids! It’s all happening.

  • Cohesity added support for Active Directory protection with version 6.3 of the DataPlatform. Matt covered it pretty comprehensively here.
  • Speaking of Cohesity, Alastair wrote this article on getting started with the Cohesity PowerShell Module.
  • In keeping with the data protection theme (hey, it’s what I’m into), here’s a great article from W. Curtis Preston on SaaS data protection, and what you need to consider to not become another cautionary tale on the Internet. Curtis has written a lot about data protection over the years, and you could do a lot worse than reading what he has to say. And that’s not just because he signed a book for me.
  • Did you ever stop and think just how insecure some of the things that you put your money into are? It’s a little scary. Shell are doing some stuff with Cybera to improve things. Read more about that here.
  • I used to work with Vincent, and he’s a super smart guy. I’ve been at him for years to start blogging, and he’s started to put out some articles. He’s very good at taking complex topics and distilling them down to something that’s easy to understand. Here’s his summary of VMware vRealize Automation configuration.
  • Tom’s take on some recent CloudFlare outages makes for good reading.
  • Google Cloud has announced it’s acquiring Elastifile. That part of the business doesn’t seem to be as brutal as the broader Alphabet group when it comes to acquiring and discarding companies, and I’m hoping that the good folks at Elastifile are looked after. You can read more on that here.
  • A lot of people are getting upset with terms like “disaggregated HCI”. Chris Mellor does a bang up job explaining the differences between the various architectures here. It’s my belief that there’s a place for all of this, and assuming that one architecture will suit every situation is a little naive. But what do I know?

Zerto – News From ZertoCON 2019

Zerto recently held their annual user conference (ZertoCON) in Nashville, TN. I had the opportunity to talk to Rob Strechay about some of the key announcements coming out of the event and thought I’d cover them here.

 

Key Announcements

Licensing

You can now acquire Zerto either as a perpetual license or via a subscription. There’s previously been some concept of subscription pricing with Zerto, with customers having rented via managed service providers, but this is the first time it’s being offered directly to customers. Strechay noted that Zerto is “[n]ot trying to move to a subscription-only model”, but they are keen to give customers further flexibility in how they consume the product. Note that the subscription pricing also includes maintenance and support.

7.5 Is Just Around The Corner

If it feels like 7.0 was only just delivered, that’s because it was (in April). But 7.5 is already just around the corner. They’re looking to add a bunch of features, including:

  • Deeper integration with StoreOnce from HPE using Catalyst-based API, leveraging source-side deduplication
  • Qualification of Azure’s Data Box
  • Cloud mobility – in 7.0 they started down the path with Azure. Zerto Cloud Appliances now autoscale within Azure.

Azure Integration

There’s a lot more focus on Azure in 7.5, and Zerto are working on

  • Managed failback / managed disks in Azure
  • Integration with Azure Active Directory
  • Adding encryption at rest in AWS, and doing some IAM integration
  • Automated driver injection on the fly as you recover into AWS (with Red Hat)

Resource Planner

Building on their previous analytics work, you’ll also be able to (shortly) download Zerto Virtual Manager. This talks to vCenter and can gather data and help customers plan their VMware to VMware (or to Azure / AWS) migrations.

VAIO

Zerto has now completed the initial certification to use VMware’s vSphere APIs for I/O Filtering (VAIO) and they’ll be leveraging these in 7.5. Strechay said they’ll probably have both versions in the product for a little while.

 

Thoughts And Further Reading

I’d spoken with Strechay previously about Zerto’s plans to compete against the “traditional” data protection vendors, and asked him what the customer response has been to Zerto’s ambitions (and execution). He said that, as they’re already off-siting data (as part of the 3-2-1 data protection philosophy), how hard is it to take it to the next level? He said a number of customers were very motivated to use long term retention, and wanted to move on from their existing backup vendors. I’ve waxed lyrical in the past about what I thought some of the key differences were between periodic data protection, disaster recovery, and disaster avoidance were. That doesn’t mean that companies like Zerto aren’t doing a pretty decent job of blurring the lines between the types of solution they offer, particularly with the data mobility capabilities built in to their offerings. I think there’s a lot of scope with Zerto to move into spaces that they’ve previously only been peripherally involved in. It makes sense that they’d focus on data mobility and off-site data protection capabilities. There’s a good story developing with their cloud integration, and it seems like they’ll just continue to add features and capabilities to the product. I really like that they’re not afraid to make promises on upcoming releases and have (thus far) been able to deliver on them.

The news about VAIO certification is pretty big, and it might remove some of the pressure that potential customers have faced previously about adopting protection solutions that weren’t entirely blessed by VMware.

I’m looking forward to see what Zerto ends up delivering with 7.5, and I’m really enjoying the progress they’re making with both their on-premises and public cloud focused solutions. You can read Zerto’s press release here, and Andrea Mauro published a comprehensive overview here.

Random Short Take #15

Here are a few links to some random news items and other content that I recently found interesting. You might find them interesting too. Episode 15 – it could become a regular thing. Maybe every other week? Fortnightly even.

Veeam Basics – Configuring A Scale-Out Backup Repository

I’ve been doing some integration testing with Pure Storage and Veeam in the lab recently, and thought I’d write an article on configuring a scale-out backup repository (SOBR). To learn more about SOBR configurations, you can read the Veeam documentation here. This post from Rick Vanover also covers the what and the why of SOBR. In this example, I’m using a couple of FlashBlade-based NFS repositories that I’ve configured as per these instructions. Each NFS repository is mounted on a separate Linux virtual machine. I’m using a Windows-based Veeam Backup & Replication server running version 9.5 Update 4.

 

Process

Start by going to Backup Infrastructure -> Scale-out Repositories and click on Add Scale-out Repository.

Give it a name, maybe something snappy like “Scale-out Backup Repository 1”?

Click on Add to add the backup repositories.

When you click on Add, you’ll have the option to select the backup repositories you want to use. You can select them all, but for the purpose of this exercise, we won’t.

In this example, Backup Repository 1 and 2 are the NFS locations I configured previously. Select those two and click on OK.

You’ll now see the repositories listed as Extents.

Click on Advanced to check the advanced setttings are what you expect them to be. Click on OK.

Click Next to continue. You’ll see the following message.

You then choose the placement policy. It’s strongly recommended that you stick with Data locality as the placement policy.

You can also pick object storage to use as a Capacity Tier.

You’ll also have an option to configure the age of the files to be moved, and when they can be moved. And you might want to encrypt the data uploaded to your object storage environment, depending on where that object storage lives.

Once you’re happy, click on Apply. You’ll be presented with a summary of the configuration (and hopefully there won’t be any errors).

 

Thoughts

The SOBR feature, in my opinion, is pretty cool. I particularly like the ability to put extents in maintenance mode. And the option to use object storage as a capacity tier is a very useful feature. You get some granular control in terms of where you put your backup data, and what kind of performance you can throw at the environment. And as you can see, it’s not overly difficult to configure the environment. There are a few things to keep on mind though. Make sure your extents are stored on resilient hardware. If you keep your backup sets together with the data locality option, you’l be a sad panda if that extent goes bye bye. And the same goes for the performance option. You’ll also need Enterprise or Enterprise Plus editions of Veeam Backup & Replication for this feature to work. And you can’t use this feature for these types of jobs:

  • Configuration backup job;
  • Replication jobs (including replica seeding);
  • VM copy jobs; and
  • Veeam Agent backup jobs created by Veeam Agent for Microsoft Windows 1.5 or earlier and Veeam Agent for Linux 1.0 Update 1 or earlier.

There are any number of reasons why a scale-out backup repository can be a handy feature to use in your data protection environment. I’ve had the misfortune in the past of working with products that were difficult to manage from a data mobility perspective. Too many times I’ve been stuck going through all kinds of mental gymnastics working out how to migrate data sets from one storage platform to the next. With this it’s a simple matter of a few clicks and you’re on your way with a new bucket. The tiering to object feature is also useful, particularly if you need to keep backup sets around for compliance reasons. There’s no need to spend money on these living on performance disk if you can comfortably have them sitting on capacity storage after a period of time. And if you can control this movement through a policy-driven approach, then that’s even better. If you’re new to Veeam, it’s worth checking out a feature like this, particularly if you’re struggling with media migration challenges in your current environment. And if you’re an existing Enterprise or Enterprise Plus customer, this might be something you can take advantage of.

Random Short Take #14

Here are a few links to some random news items and other content that I found interesting. You might find them interesting too. Episode 14 – giddy-up!

Dell EMC Announces PowerProtect Software (And Hardware)

Disclaimer: I recently attended Dell Technologies World 2019.  My flights, accommodation and conference pass were paid for by Dell Technologies via the Media, Analysts and Influencers program. There is no requirement for me to blog about any of the content presented and I am not compensated in any way for my time at the event.  Some materials presented were discussed under NDA and don’t form part of my blog posts, but could influence future discussions.

Last week at Dell Technologies World there were a number of announcements made regarding Data Protection. I thought I’d cover them here briefly. Hopefully I’ll have the chance to dive a little deeper into the technology in the next few weeks.

 

PowerProtect Software

The new PowerProtect software is billed as Dell EMC’s “Next Generation Data Management software platform” and provides “data protection, replication and reuse, as well as SaaS-based management and self-service capabilities that give individual data owners the autonomy to control backup and recovery operations”. It currently offers support for:

  • Oracle;
  • Microsoft SQL;
  • VMware;
  • Windows Filesystems; and
  • Linux Filesystems.

More workload support is planned to arrive in the next little while. There are some nice features included, such as automated discovery and on-boarding of databases, VMs and Data Domain protection storage. There’s also support for tiering protection data to public cloud environments, and support for SaaS-based management is a nice feature too. You can view the data sheet here.

 

PowerProtect X400

The PowerProtect X400 is being positioned by Dell EMC as a “multi-dimensional” appliance, with support for both scale out and scale up expansion.

There are three “bits” to the X400 story. There’s the X400 cube, which is the brains of the operation. You then scale it out using either X400F (All-Flash) or X400H (Hybrid) cubes. The All-Flash version can be configured from 64 – 448TB of capacity, delivering up to 22.4PB of logical capacity. The Hybrid version runs from 64 – 384TB of capacity, and can deliver up to 19.2PB of logical capacity. The logical capacity calculation is based on “10x – 50x deduplication ratio”. You can access the spec sheet here, and the data sheet can be found here.

Scale Up and Out?

So what do Dell EMC mean by “multi-dimensional” then? It’s a neat marketing term that means you can scale up and out as required.

  • Scale-up with grow-in-place capacity expansion (16TB); and
  • Scale-out compute and capacity with additional X400F or X400H cubes (starting at 64TB each).

This way you can “[b]enefit from the linear scale-out of performance, compute, network and capacity”.

 

IDPA

Dell EMC also announced that the Integrated Data Protection Appliance (IDPA) was being made available in an 8-24TB version, providing a lower capacity option to service smaller environments.

 

Thoughts and Further Reading

Everyone I spoke to at Dell Technologies World was excited about the PowerProtect announcement. Sure, it’s their job to be excited about this stuff, but there’s a lot here to be excited about, particularly if you’re an existing Dell EMC data protection customer. The other “next-generation” data protection vendors seem to have given the 800 pound gorilla the wakeup call it needed, and the PowerProtect offering is a step in the right direction. The scalability approach used with the X400 appliance is potentially a bit different to what’s available in the market today, but it seems to make sense in terms of reducing the footprint of the hardware to a manageable amount. There were some high numbers being touted in terms of performance but I won’t be repeating any of those until I’ve seen this for myself in the wild. The all-flash option seems a little strange at first, as this normally associated with data protection, but I think it’s competitive nod to some of the other vendors offering top of rack, all-flash data protection.

So what if you’re an existing Data Domain / NetWorker / Avamar customer? There’s no need to panic. You’ll see continued development of these products for some time to come. I imagine it’s not a simple thing for an established company such as Dell EMC to introduce a new product that competes in places with something it already sells to customers. But I think it’s the right thing for them to do, as there’s been significant pressure from other vendors when it comes to telling a tale of simplified data protection leveraging software-defined solutions. Data protection requirements have seen significant change over the last few years, and this new architecture is a solid response to those changes.

The supported workloads are basic for the moment, but a cursory glance through most enterprise environments would be enough to reassure you that they have the most common stuff covered. I understand that existing DPS customers will also get access to PowerProtect to take it for a spin. There’s no word yet on what the migration path for existing customers looks like, but I have no doubt that people have already thought long and hard about what that would look like and are working to make sure the process is field ready (and hopefully straightforward). Dell EMC PowerProtect Software platform and PowerProtect X400 appliance will be generally available in July 2019.

For another perspective on the announcement, check out Preston‘s post here.

Random Short Take #13

Here are a few links to some random news items and other content that I found interesting. You might find them interesting too. Let’s dive in to lucky number 13.

Cohesity Marketplace – A Few Notes

 

Cohesity first announced their Marketplace offering in late February. I have access to a Cohesity environment (physical and virtual) in my lab, and I’ve recently had the opportunity to get up and running on some of the Marketplace-ready code, so I thought I’d share my experiences here.

 

Prerequisites

I’m currently running version 6.2 of Cohesity’s DataPlatform. I’m not sure whether this is widely available yet or still only available for early adopter testing. My understanding is that the Marketplace feature will be made generally available to Cohesity customers when 6.3 ships. The Cohesity team did install a minor patch (6.2a) on my cluster as it contained some small but necessary fixes. In this version of the code, a gflag is set to show the Apps menu. The “Enable Apps Management” in the UI under Admin – Cluster Settings was also enabled. You’ll also need to nominate an unused private subnet for the apps to use.

 

Current Application Availability

The Cohesity Marketplace has a number of Cohesity-developed and third-party apps available to install, including:

  • Splunk – Turn machine data into answers
  • SentinelOne – AI-powered threat prevention purpose built for Cohesity
  • Imanis Data – NoSQL backup, recovery, and replication
  • Cohesity Spotlight – Analyse file audit logs and find anomalous file-access patterns
  • Cohesity Insight – Search inside unstructured data
  • Cohesity EasyScript – Create, upload, and execute customised scripts
  • ClamAV – Anti-virus scans for file data

Note that none of the apps need more than Read permissions on the nominated View(s).

 

Process

App Installation

To install the app you want to run on your cluster, click on “Get App”, then enter your Helios credentials.

Review the EULA and click on “Accept & Get” to proceed. You’ll then be prompted to select the cluster(s) you want to deploy the app on. In this example, I have 5 clusters in my Helios environment. I want to install the app on C1, as it’s the physical cluster.

Using An App

Once your app is installed, it’s fairly straightforward to run it. Click on More, then Apps to access your installed apps.

 

Then you just need to click on “Run App” to get started

You’ll be prompted to set the Read Permissions for the App, along with QoS. It’s my understanding that the QoS settings are relative to other apps running on the cluster, not data protection activities, etc. The Read Permissions are applied to one or more Views. This can be changed after the initial configuration. Once the app is running you can click on Open App. In this example I’m using the Cohesity Insight app to look through some unstructured data stored on a View.

 

Thoughts

I’ve barely scratched the surface of what you achieve with the Marketplace on Cohesity’s DataPlatform. The availability of the Marketplace (and the ability to run apps on the platform) is another step closer to Cohesity’s vision of extracting additional value from secondary storage. Coupled with Cohesity’s C4000 series hardware (or perhaps whatever flavour you want to run from Cisco or HPE or the like), I can imagine you’re going to be able to do a heck a lot with this capability, particularly as more apps are validated with the platform.

I hope to do a lot more testing of this capability over the next little while, and I’ll endeavour to report back with my findings. If you’re a current Cohesity customer and haven’t talked to your account team about this capability, it’s worth getting in touch to see what you can do in terms of an evaluation. Of course, it’s also worth noting that, as with most things technology related, just because you can, doesn’t always mean you should. But if you have the use case, this is a cool capability on top of an already interesting platform.