Rubrik Cloud Data Management 4.2 Announced – “Purpose Built for the Hybrid Cloud”

Rubrik recently announced 4.2 of their Cloud Data Management platform and I was fortunate enough to sit in on a sneak preview from Chris Wahl, Kenneth Hui, and Rebecca Fitzhugh. “Purpose Built for the Hybrid Cloud”, there are a whole bunch of new features in this release. I’ve included a summary table below, and will dig in to some of the more interesting ones.

Expanding the Ecosystem Core Features & Services General Enhancements
AWS Native Protection (EC2 Instances) Rubrik Envoy SQL Server FILESTREAM
VMware vCloud Director Integration Rubrik Edge on Hyper-V SQL Server Log Shipping
Windows Full Volume Protection Network Throttling NAS Native API Integration
AIX & Solaris Support VLAN Tagging (GUI) NAS SMB Scan Enhancements
SNMP AHV VSS snapshot
Multi-File restore Proxy per Archival Location
Reader-Writer Archival Locations


AWS Native Protection (EC2 Instances)

One of the key parts of this announcement is cloud-native protection, delivered specifically with AWS EBS Snapshots. The cool thing is you can have Rubrik running on-premises or sitting in the cloud.

Use cases?

  • Automate manual processes – use policy engine to automate lifecycle management of snapshots, including scheduling and retention
  • Rapid recovery from failure – eliminate manual steps for instance and file recovery
  • Replicate instances in other availability zones and regions – launch instances in other AZs and Regions when needed using snapshots
  • Consolidate data management – one solution to manage data across on-premises DCs and public clouds

Snapshots have been a manual process to deal with. Now there’s no need to mess with crontab or various AWS tools to get the snaps done. It also aligns with Rubrik’s vision of having a single tool to manage both cloud and on-premises workloads. The good news is that files in snapshots are indexed and searchable, so individual file recovery is also pretty simple.


VMware vCloud Director Integration

It may or may not be a surprise to learn that VMware vCloud Director is still in heavy use with service providers, so news of Rubrik integration with vCD shouldn’t be too shocking. Rubrik spent a little time talking about some of the “Foundational Services” they offer, including:

  • Backup – Hosted or Managed
  • ROBO Protection
  • DR – Mirrored Site service
  • Archival – Hosted or Managed

The value they add, though, is in the additional services, or what they term “Next Generation premium services”. These include:

  • Dev / Test
  • Cloud Archival
  • DR in Cloud
  • Near-zero availability
  • Cloud migration
  • Cloud app protection

Self-service is the key

To be able to deliver a number of these services, particularly in the service provider space, there’s been a big focus on multi-tenancy.

  • Operate multi-customer configuration through a single cluster
  • Logically partition cluster into tenants as “Organisations”
  • Offer self-service management for each organisation
  • Centrally control, monitoring and reporting with aggregated data

Support for vCD (version 8.10 and later) is as follows:

  • Auto discovery of vCD hierarchy
  • SLA based auto protect at different levels of vCD hierarchy
  • vCD Instance
  • vCD Organization • Org VDC
  • vApp
  • Recovery workflows
  • Export and Instant recovery
  • Network settings
  • File restore
  • Self-service using multi-tenancy
  • Reports for vCD organization


Windows Full Volume Protection

Rubrik have always had fileset-based protection, and they’re now offering the ability with Windows hosts to protect a volume at a time, eg. C:\ volume. These protection jobs incorporate additional information such as partition type, volume size, and permissions.

[image courtesy of Rubrik]

There’s also a Rubrik-created package to create bootable Microsoft Windows Preinstallation Environment (WinPE) media to restore the OS as well as provide disk partition information. There are multiple options for customers to recover entire volumes in addition to system state, including Master Boot Record (MBR), GUID Partition Table (GPT) information, and OS.

Why would you? There are a few use cases, including

  • P2V – remember those?
  • Physical RDM mapping compatibility – you might still have those about, because, well, reasons
  • Physical Exchange servers and log truncation
  • Cloud mobility (AWS to Azure or vice versa)

So now you can select volumes or filesets, and you can store the volumes in a Volume Group.

[image courtesy of Rubrik]


AIX and Solaris Support

Wahl was reluctant to refer to AIX and Solaris as “traditional” DC applications, because it all makes us feel that little bit older. In any case, AIX support was already available in the 4.1.1 release, and 4.2 adds Oracle Solaris support. There are a few restore scenarios that come to mind, particularly when it comes to things like migration. These include:

  • Restore (in place) – Restores the original AIX server at the original path or a different path.
  • Export (out of place) – Allows exporting to another AIX or Linux host that has the Rubrik Backup Service (RBS) running.
  • Download Only – Ability to download files to the machine from which the administrator is running the Rubrik web interface.
  • Migration – Any AIX application data can be restored or exported to a Linux host, or vice versa from Linux to an AIX host. In some cases, customers have leveraged this capability for OS migrations, removing the need for other tools.


Rubrik Envoy

Rubrik Envoy is a trusted ambassador (its certificate is issued by the Rubrik cluster) that represents the service provider’s Rubrik cluster in an isolated tenant network.

[image courtesy of Rubrik]


The idea is that service providers are able to offer backup-as-a-service (BaaS) to co-hosted tenants, enabling self-service SLA management with on-demand backup and recovery. The cool thing is you don’t have to deploy the Virtual Edition into the tenant network to get the connectivity you need. Here’s how it comes together:

  1. Once a tenant subscribes to BaaS from the SP, an Envoy virtual appliance is deployed on the tenant’s network.
  2. The tenant may log into Envoy, which will route the Rubrik UI to the MSP’s Rubrik cluster.
  3. Envoy will only allow access to objects that belong to the tenant.
  4. The Rubrik cluster works with the tenant VMs, via Envoy, for all application quiescence, file restore, point-in-time recovery, etc.


Network Throttling

Network throttling is something that a lot of customers were interested in. There’s not an awful lot to say about it, but the options are No, Default and Scheduled. You can use it to configure the amount of bandwidth used by archival and replication traffic, for example.


Core Feature Improvements

There are a few other nice things that have been added to the platform as well.

  • Rubrik Edge is now available on Hyper-V
  • VLAN tagging was supported in 4.1 via the CLI, GUI configuration is now available
  • SNMPv2c support (I loves me some SNMP)
  • GUI support for multi-file recovery


General Enhancements

A few other enhancements have been added, including:

  • SQL Server FILESTREAM fully supported now (I’m not shouting, it’s just how they like to write it);
  • SQL Server Log Shipping; and
  • Per-Archive Proxy Support.

Rubrik were also pretty happy to announce NAS Vendor Native API Integration with NetApp and Isilon.

  • Network Attached Storage (NAS) vendor-native API integration.
    • NetApp ONTAP (ONTAP API v8.2 and later) supporting cluster-mode for NetApp filers.
    • Dell EMC Isilon OneFS (v8.x and later) + ChangeList (v7.1.1 and later)
  • NAS vendor-native API integration further enhances our current capability to take volume-based snapshots.
  • This feature also enhances the overall backup fileset backup performance.

NAS SMB Scan Enhancements have also been included, providing a 10x performance improvement (according to Rubrik).



Point releases aren’t meant to be massive undertakings, but companies like Rubrik are moving at a fair pace and adding support for products to try and meet the requirements of their customers. There’s a fair bit going on in this one, and the support for AWS snapshots is kind of a big deal. I really like Rubrik’s focus on multi-tenancy, and they’re slowing opening up doors to some enterprises still using the likes of AIX and Solaris. This has previously been the domain of the more traditional vendors, so it’s nice to see progress has been made. Not all of the world runs on containers or in vSphere VMs, so delivering this capability will only help Rubrik gain traction in some of the more conservative shops around town.

Rubrik are working hard to address some of the “enterprise-y” shortcomings or gaps that may have been present in earlier iterations of their product. It’s great to see this progress over such a short period of time, and I’m looking forward to hearing about what else they have up their sleeve.

Random Short Take #5

So it’s been over six months since I did one of these, and it’s clear that I’m literally rubbish at doing them regularly.

Rubrik Announces Polaris GPS

Rubrik recently announced their GPS module for Polaris. The product name gives me shivers because it’s the name of a data centre I spent a lot of weekends in years ago. In any case, Polaris is a new platform being built in parallel with Rubrik’s core offering. Chris Wahl very kindly took us through what some of the platform capabilities are.


Polaris What?

Polaris is the SaaS platform itself, and Rubrik are going to build modules for it (as well as allowing 3rd parties to contribute). So let’s not focus too much on Polaris, and more on those modules. The idea is to provide a unified control plane with a single point of control. According to Rubrik, there is a going to be significant focus on a Great User Experience ™.

“Rubrik Polaris is a consumable resource that you tap into, rather than a pile of infrastructure that you setup and manage”


I’m A Polaris

The first available module is “Rubrik Polaris GPS”. The idea is that you can:

  • Command and control of all Rubrik CDM instances, globally;
  • Monitor for compliance and leverage alerts to dig into trouble spots;
  • Work with open and documented RESTful APIs with visibility into a global data footprint. Automate and orchestrate all of Rubrik from a single entry point.

The creation and enforcement of business SLA policies is based on flexible criteria: geography, installation, compliance needs, planned growth, data migrations, etc. You can start to apply various policies to data – some you might want to keep in a particular geographical zone, some you might need replicated, etc.

Another cool thing is that the APIs are open and documented, making third-party integration (or roll your own stuff) a real possibility.

From a security perspective, there’s no currently available on-premises version but that’s a possibility in the future (for dark sites). You also need to add clusters manually (i.e. securely) – clusters won’t just automatically join the platform. The idea is, according to Rubrik, to “show you enough data to make actionable decisions, but don’t show too much”. This seems like a solid approach.



Is my backup source data available to Polaris?

– No. The backup source data is available only to the respective Clusters. Polaris has access only to activities and reports on Clusters that have been granted access to Polaris.

Is Polaris a separate CDM version?

– No. Polaris is a SaaS service.

What is the maximum number of Clusters that can be managed by Polaris?

– There is no hard limit to the number of Clusters that can be managed by Polaris.

How secure is Polaris GPS?

– Polaris uses multiple levels of security to protect customer data and service: authentication, secure connection, data security, data isolation, data residency, etc.



So what problem are they trying to solve? Well, what if you wanted to apply global protection policies to multiple appliances? GPS could be leveraged here. This first module isn’t going to be very useful for folks who are running a single deployment of Briks, but it’s going to be very interesting for folks who’ve got a large deployment that may or may not be geographically dispersed. The GPS module is going to be very handy, and shows the potential of the platform. I’m keen to see what else they come up with to leverage the offering. I’m also interested to see whether there’s much uptake from third-parties. These extensible platforms always seem like a great idea, but I often see limited support from third-parties with the vendor doing the bulk of the heavy lifting. That said, I’m more than happy to see that Rubrik have taken this open approach with the API, as it does allow for some potentially interesting integrations to happen.

If you’ve been keeping an eye on the secondary storage market, you’ll see that the companies offering solutions are well beyond simply delivering data protection storage with backup and recovery capabilities. There’s a whole lot more that can be done with this data, and Rubrik are focused on delivering more out of the platform than just basic copy data management. The idea of Polaris delivering a consolidated, SaaS-based view of infrastructure is likely the first step in a bigger play for them. I think this is a good way to get people using their infrastructure differently, and I like that these companies are working to make things simpler to use in order to deliver value back to the business. Read more about Polaris GPS here.

Rubrik Cloud Data Management 4.1 Released – “More Than You Might Expect”

Rubrik recently announced Version 4.1 of its Cloud Data Management product, and I thought it would be worthwhile running through some of the highlights.



Azure CloudOn

This feature enables customers to power-on an archived snapshot of a VM in the cloud

  • Instance type recommendation based on VM config file (.vmx)
  • 2-click deployment with orchestration
  • UI Integration to launch, power off or de-provision an instance
  • On-demand or constant conversion

What are the use cases?

  • Spin up a cloud sandbox for dev/test use
  • Disaster Recovery
  • On-premises to cloud migration


[image courtesy of Rubrik]


There are some limitations to note:

  • The OS must be supported by Azure
  • A 1TB Max Disk Size


Other Enhancements

There are a few other enhancements, including:

  • AWS Glacier and Google CloudOut
  • Hyper-V SCVMM

I won’t cover them here but the Glacier and GCP Archive features seem pretty cool.


Core Features


Alta introduced a lot of Oracle support, and this version introduces support for SQL Server AlwaysOn Availability Groups (AAGs). Rubrik auto-detects settings / configurations within SQL Server

  • Availability Groups (“AGs”) – collections of SQL server replicas
  • AlwaysOn settings – includes replica failover order

Rubrik dynamically backs up the appropriate AG node based on the AG’s backup preferences. The AGs and selected AlwaysOn settings are displayed in the Rubrik UI.

There’s support for AlwaysOn manual and automatic failover transitions:

  • Target secondary replica specified by AlwaysOn settings
  • Previously had to manually swap DBs within Rubrik
  • Automatic failover for synchronous commit replicas only
  • Rubrik continues to backup DBs during AlwaysOn failover

There are some limitations to note:

  • Cannot restore / create DB within an Availability Group via Rubrik. This must be done within the SQL Server product;
  • SQL Server only supports automatic failover for synchronous replicas; and
  • The feature is not supported in versions of SQL Server from before 2012 (no Availability Groups then).

These limitations are common to AlwaysOn as a technology and are not Rubrik specific.



Logically divide Rubrik Clusters into multiple management units (organizations). There are three roles that can be leveraged: Global Admin, Org Admin and End User.

Global Admin

  • Comprehensive privileges across all resources
  • Define Organization: subset of all resources
  • Assign Org Admin and define privileges

Org Admin

  • Privilege subset scoped to Organization resources
  • Assign End User and define privileges

End User

  • May be scoped to Organization
  • Can browse snapshots, recover files, and live mount on select resources

Organizations can be used to fully partition ALL objects associated with your Rubrik cluster by customer (MSP) or department (enterprise)

  • Protected objects
  • Archival targets
  • Replication targets
  • SLA domains
  • Service credentials
  • Users

Groups of logical objects (SLA Domains, Archival Targets, Protected Objects, Users) can be independently managed as an organization. There’s also integration with an existing directory service (AD).


VLAN Tagging

All the kids are into VLAN tagging nowadays, and Rubrik’s implementation provides the ability to segment traffic within physical networks via IEEE 802.1q. This is configurable at bootstrap or later via the CLI, and supports up to 25 VLANs per cluster. If you choose not to create any VLAN configuration during initial cluster setup all traffic will be untagged. Additionally, traffic that does not belong to a directly attached VLAN will be placed on the management interface/VLAN and routed through the default gateway.


General Enhancements

New Envision Report Customisations 

  • Two new Default reports (Capacity Over Time and Global Protection Summary)

Oracle Enhancements

  • Ability to resize Managed Volumes while still mapping across the underlying cluster resources in a scale-out fashion

Archive Cascading

  • Allows customers to replicate from a Rubrik cluster at Site A to a Rubrik Cluster at Site B with the data then archived from the Site B Rubrik cluster

[image courtesy of Rubrik]



I’ve been a fan of Rubrik for some time now. I don’t cover these announcements just because they put me on a #vAllStars baseball card or because they send me swag from time to time. I genuinely think they’re doing some cool stuff and it’s been great to see the evolution of the product over the last few years. Version 4.0 (Alta) was a pretty big release for them (there’s a webinar series you can access on-demand here) and this one adds some new features that a lot of people (particularly enterprise folks) have been asking for.

Brisbane VMUG – September 2017


The September edition of the Brisbane VMUG meeting will be held on Thursday 21st September at the Telstra Building (Level 4, 275 George Street, Brisbane City) from 16:00 – 18:00. It’s sponsored by Telstra and Rubrik and promises to be a great afternoon.

Here’s the agenda:

  • Introduction and VMUG News
  • VMworld US News
  • Telstra Cloud Gateway and Virtual Storage Overview
  • Rubrik v4.0 Overview and VMware Integration

This will be followed by vBeers at Cicada from 17:30 – 18:30.

Rubrik and Telstra have gone to great lengths to make sure this will be a fun and informative session and I’m really looking forward to hearing about what they’re up to. You can find out more information and register for the event here. I hope to see you there. Also, if you’re interested in sponsoring one of these events, please get in touch with me and I can help make it happen.

VMware – VMworld 2017 – MGT3342BUS – Architecting Data Protection with Rubrik

Disclaimer: I recently attended VMworld 2017 – US.  My flights were paid for by ActualTech Media, VMware provided me with a free pass to the conference and various bits of swag, and Tech Field Day picked up my hotel costs. There is no requirement for me to blog about any of the content presented and I am not compensated in any way for my time at the event.  Some materials presented were discussed under NDA and don’t form part of my blog posts, but could influence future discussions.

Here are my rough notes from “MGT3342BUS – Architecting Data Protection with Rubrik” presented by Rebecca Fitzhugh and Andrew Miller at VMworld US 2017. You can download my rough notes from here. Here’s a proof of life shot of Rebecca and Andrew.


Why bother with Data Protection?

There’s one big reason. Your stuff is important. However, the business expectations of a company’s DR / data protection frequently != the IT capabilities for DR / data protection.


What are you really protecting yourself against?

  • Lost or postponed sales and income
  • Regulatory fines
  • Delay of new business plans
  • Loss of contractual bonuses
  • Customer dissatisfaction
  • Timing and duration of disruption
  • Increased expenses such as overtime labor and outsourcing
  • Employee burnout

Disaster – what does that really look like?

  • Natural – tornadoes, earthquakes, etc; and
  • Man-made – power loss, human error.


Where do we begin? How do we deal with this?

What is a Business Impact Analysis (BIA)? Something you need to do if you haven’t done it already.

A process to understand:

  • What is the monetary impact of a disaster or failure?
  • What are the most time-critical and information-critical business processes?
  • How does the business REALLY rely upon IT service and application availability?
  • What availability ore recoverability capabilities are justifiable based on these requirements, potential impact and costs?

Composed of two components

  • Technical discovery – data gathering
  • Human conversation – talk to people!

Example output – recovery priority tiers.


What is an SLA?

A contract between an external service provider and its customers or between an IT department and internal business units it services


  • Two 9s – 99% = 3.65 days of downtime per year (easy to achieve, less expensive)
  • Three 9s – 99.9% = 8.76 hours of downtime per year
  • Four 9s – 99.99% = 52.6 minutes of downtime per year
  • Five 9s – 99.999% = 5.26 minutes of downtime per year (difficult to achieve, expensive!)

DR – key measures

  • RPO: how much data can I lose?
  • RTO: Targeted amount of time to restart a business service after a disaster event

The smaller your RTOs and RPOs – the more money you’ll spend


BC vs DR vs OR – Say What?

Business Continuity

  • All goes on as normal despite and incident
  • Could lose a site and have no impact on business operations (active/active sites)

Disaster Recovery

  • To cope with and recover from an IT crisis that moves work to an alternative system in a non-routine way
  • A real “disaster” is large in scope and impact
  • DR typically implies failure of the primary data centre and recovery to an alternate site

Operational Recovery

  • Addresses more “routine” types of failure (server, network, storage, etc)
  • Events are smaller in scope and impact than a full disaster
  • Typically implies recovering to alternate equipment within the primary DC

Each should have its own clearly defined objectives – at minimum you should know the difference.


Where Rubrik Helps

Complexity is the enemy. Whatever you do. Whatever you buy. Simplify your architecture & expect more.


Key Evaluation Criteria

What Rubrik have seen that makes a difference:

1. Reliability of data recovery

  • Simplicity of setup and day 2 operations – SLA policies!
  • Immutability – is your data there when you need it?

2. Speed of data recovery

  • Search and Live Mount
  • API usage / automation to enhance restore capabilities

Not a lot has changed in data management since the 1990s. Last decade we introduced disk-based backup and deduplication. The problem is we added capabilities to existing architectures. This didn’t necessarily make things simpler.


Rubrik Cloud Data Management

Software fabric for orchestrating apps and data across clouds. No forklift upgrades.


How it Works

  • Quick start – Rack and go. auto discovery.
  • Rapid Ingest – Flash-optimized, parallel ingest accelerates snapshots and eliminates stun. Content-aware dedupe. One global namespace.
  • Automate – Intelligent SLA policy engine for effortless management.
  • Instant Recovery – Live mount VMs and SQL. Instant search and file restore.
  • Secure – end-to-end encryption. Immutability to fight ransomware.
  • Cloud – “CloudOut” instantly accessible with global search. Launch apps with “CloudOn” for DR or test/dev. Run apps in cloud.


Data Management in the Cloud

SLAs are important, and you’ll likely need to consider the following aspects.

  • RPO
  • Availability Duration (Retention)
  • When to archive (RTO)
  • Replication Schedule (DR)

*Demo Time

Under the hood – Interface, Logic, Core.

“Simple is hard”

Use an API-first platform to create powerful automation workflows

“Don’t Backup. Go Forward”



It should be no secret that I’m quite a fan of the Rubrik architecture and approach to data protection. I’ve written about them before on this blog. I like when data protection firms talk to me about what’s important to the business and the kinds of scenarios they protect against. I also like the focus on BIA and SLAs. Rubrik have made some great strides in the marketplace and are delivering new features at a rapid clip. If you haven’t had time to look at the them and you’re looking for a new approach to data protection, I recommend you look into their solution.

Rubrik Announces Cloud Data Management 4.0 – Expands Ecosystem Support

Rubrik recently announced version 4.0 (“Alta”) of their CDM platform (the 9th release overall). I’ve covered some of their previous releases here and here, and you can read my very brief overview of the technology here. Rubrik expects this release to be generally available (GA) 30-60 days post announcement (after a “directed availability” period). I had the good fortune to sit in on a briefing prior to the announcement, and thought I’d share some of the highlights here.



Rubrik have been working hard to expand their ecosystem support, including:

  • Oracle;
  • Hyper-V;
  • Nutanix AHV; and
  • Cloud Instantiation.


Oracle Support

In this release, the Rubrik Cluster is a NAS Target for Oracle RMAN using an agent-less approach. RMAN manages backup and restore activities for the DB and Redo logs. There’s also support for Incremental Merge (an advanced RMAN feature providing the ability to take an initial full backup, subsequent incremental backups, and then on a rolling basis update the full backup with a previously taken incremental).

There’s also multi-channel support and ingest to flash for fast backup.


Hyper-V Support

Hyper-V? It’s “[t]oo big to ignore”, according to Rubrik. Hyper-V 2016 is where you’ll find all the good stuff in terms of support.

For Hyper-V 2016

For Hyper-V versions < 2016


Native API (WMI) based support

Connectors based support

Auto Protect



Failover Cluster Support



Agentless backups



Incremental Forever



Live Mount



Instant Recovery







Nutanix AHV Support


You get the good stuff like automated protection and restore workflow, including:

  • Support for policy driven protection and retention operations;
  • VM-granular backup and restore;
  • Auto-protection of newly discovered VMs;
  • The ability to export and recover VMs; and
  • File browse and download

You can also securely replicate or archive to other sites, and you get access to Rubrik’s “Core Capabilities” (global search, erasure coding, reporting, and more). You can also scale as you need. Note, however, that file-level restore and live mount is not currently supported.


So how do you do a backup?

  1. Create a snapshot on Nutanix. Identify the changed regions between the newly created snapshot and the base snapshot;
  2. Rubrik authenticates with the volume group;
  3. Data is ingested; and
  4. A cleanup of the volume group and base snapshot is run. The snapshot created in step 1 becomes the new base.

To restore?

  1. Create an empty temporary volume group;
  2. Copy data from Rubrik to empty the disks in the volume group;
  3. Create an export VM with disks cloned from the volume disks;
  4. Power on the VM; and
  5. Cleanup the temporary volume group.


Cloud Instantiation

What is that?

  • You can power-on a snapshot of a VM in the cloud (specifically AWS);
  • The instance type recommendation is based on the VM configuration file;
  • You get 2-click deployment and end-to-end orchestration; and
  • UI integration to launch, power off or de-provision an instance.

Why would you?

  • You might want to spin up a cloud “sandbox” for dev / test;
  • You can spin up machines as needed (at potentially lower cost);
  • Refresh machines with the latest copy of production data;
  • You could use this as a form of disaster recovery; or
  • As a means to perform a migration of an on-premises VM to the cloud.


  1. Create a VMDK (from snapshots in S3 using Rubrik-in-Cloud or on-premises)
  2. Upload to S3
  3. Create an AMI (using AWS APIs)
  4. Launch the EC2 instance from AMI

[image courtesy of Rubrik]

Note that there is no requirement to have a Rubrik Cloud Cluster running in the target Amazon region.


New Core Features

SQL Live Mount


  • Power on read/write clones instantaneously;
  • Provision a clone to any desired Point in Time;
  • Mount the same database across multiple hosts (e.g. dev/test machines);
  • RestAPIs allow the automation of workflows;
  • Self service capability using RBAC.


  • Ad hoc Restores – you might want to perform granular restores without restoring entire database (e.g. restore table of large database by copying from Live Mounted database);
  • Database backup health checks; or
  • Dev/Test workloads: Spin up copies of your production database (carefully obfuscating identifying data, no doubt).


Archive to, erm, Tape

Believe it or not, there are still a lot of people who want / need /can’t let go of tape as a backup option. Rubrik have recognised this, and have partnered with QStar to deliver tape out functionality. QStar exposes the tape library as NFS/SMB shares. Note that Rubrik cannot speak directly to tape libraries. There are a number of reasons why they’ve (sensibly) decided to let QStar do the heavy lifting in this scenario:

  • Each tape vendor has their own proprietary interface;
  • QStar presents a common interface irrespective of the tape vendor; and
  • QStar supports the industry standard LTFS format.


Other Neat Stuff

NFS Archive Encryption

  • Provides both in-flight and at-rest encryption
  • AES256-bit encryption at-rest


Custom TLS Certificate

You can now provide a custom TLS Certificate signed by a trusted CA (hooray!). It’s a fairly simple process too.

  1. Generate the Certificate Signing Request (CSR);
  2. Get the CSR signed by a trusted CA; and
  3. Provide the signed certificate in the Rubrik UI.

No more browser alerts, and your security team will sleep better at night too.



It may be surprising that Rubrik have taken this long to introduce Oracle support, given the Oracle heritage within the company but the simple answer is that customers have been asking for SQL support as a focus. I think that Rubrik are on the money with their position that Hyper-V is “too big to ignore”, and the added support for Nutanix AVH is also a really smart move. Whilst anecdotally it seems the majority of Nutanix customers are still leveraging vSphere, Nutanix are keenly pushing Acropolis as their flagship offering. While the tape-out option may leave some scratching their heads, I think there’s still an appetite in the marketplace for this kind of technology. Bear in mind that regulators are oftentimes not at the cutting edge of data protection tech either. So while you mightn’t see the need, some auditor in the finance sector absolutely does.

The fun thing about watching startups evolve is that you get to see them grow in terms of technology capability and market presence. Rubrik have introduced some neat features and broadened their ecosystem support in this release. They’ve also hired some very smart people (in addition to the smart ones they had working their already) and they seem responsive to the needs of their customers. It will be interesting to watch this evolution in terms of technology and company, and I’m wondering how they will cope with the constant demands of the marketplace to support and protect every damn combination of technology you can imagine without losing their ability to execute on their core capabilities. Time will tell but I have high hopes that Rubrik is on the right track with what they’ve delivered to date.

Rubrik Announces Cloud Data Management 3.2 – Gets Cloudier

As Cloudy As They Wanna Be

Cloud Cluster – What’s That?

Rubrik‘s Cloud Cluster provides the ability to truly run a Rubrik cluster in the cloud as well as providing ability to protect specific cloud workloads. You deploy it with 4 nodes (to enable erasure coding), and get the following capabilities:

  • Protection of SQL Server, Windows, and Linux via Rubrik connectors;
  • Replication to other clusters – these could be cloud clusters or something on-premises;
  • Replication from on-premises cluster to a cloud cluster; and
  • Archival to supported cloud archives – these could be AWS and/or Azure.


[Image via Rubrik]

The cool thing about this is you get a lot of what you’ve (already?) come to expect from Rubrik, including:

  • One Data Management platform to protect on-premises and cloud workloads
  • Policy-Based Data Management
  • Advanced reporting out of the box with Envision
  • Scale-out – add one node at a time to the cluster
  • Data Integrity via the same methods as with physical clusters (erasure coding, checksums, fingerprinting, and more). Check out the “Data Integrity with Rubrik” (Registration required) Technical White Paper for further details.


What Other Benefits Do I Get?

Rubrik suggest that with this approach you’ll experience the following good fortune:

  • Data mobility to avoid vendor lock-in;
  • Replication to different regions within AWS or Azure (this is handy);
  • Replicate to different cloud vendors or on-premises (everyone loves to think they’re not beholden to a single provider); and
  • Backups from the cloud (databases or filesets) can be restored on-premises or restored to another
    cloud vendor.


What Do I Need To Get Started?

Not a huge amount. Rubrik have provided the following minimum specifications in AWS and Azure to get started.

[Image via Rubrik]


What About NAS?

No, not that Nas. NAS backups. These have been supported since 3.0 but there are now specific UI components for setting up NAS backups and having the Rubrik cluster connect directly to NAS servers. There’s even a separate tab and everything. The good news is that both NFS and SMB are supported.


Further Reading and Thoughts

There have been a few other key (!) enhancements as well, with Rubrik introducing support for external key managers both for software encryption (r3xx Briks) and hardware encryption (r528 Briks). Ed Morgan did a nice write-up here that covers off the announcement pretty thoroughly. Whilst Ed is a Rubrik employee, he’s not known for talking crap, so you can trust what you read there. He also provided some decent coverage of the Pure Storage FlashBlade and Rubrik integration that you can find here.

I’ve written a few times about Rubrik product announcements now, and each time I’m impressed with the depth and breadth of new features that are being introduced in what are ostensibly minor releases. In my opinion this is testament to Rubrik’s responsiveness to customer feedback rather than serious deficiencies in their offering. It’s great to see them focus on cloud, because that’s been a bit of a black hole when it comes to comprehensive data protection solutions in the past. Their continued focus on ease of use and security enhancements is also refreshing. You can find their press release here.

Rubrik Announces Cloud Data Management 3.1 – Heaps Better Than Windows 3.1

I probably need to ease up on the article titles that only I find funny. In any case, I blogged about Rubrik a little while ago and since then I had the opportunity to sit in on a briefing from Chris Wahl (of Rubrik and Wahl Network fame) on their Cloud Data Management 3.1 release. Whilst it might be a little odd to make a song and dance about a minor release, there’s a lot going on with this one, and I thought it would be worthwhile posting some of the highlights.


Traffic Lights – I Need Traffic Lights!

Infrastructure reporting is hard at times. Particularly when executives really just want to see traffic lights (or some bizarre representation of your infrastructure’s health represented as traffic lights). While not obviously delivering traffic light nirvana, Rubrik Envision does provide the ability to do a whole bunch of custom reporting.

  • Build-your-own or select from the system-built reports
  • Customize report visualization with advanced charts
  • Select granular reporting attributes and timelines
  • Schedule report emails in easy-to-read HTML5 format
  • Download on-demand Excel reports
  • Create a gallery of reports with easy searchability

They’re also designed for multiple audiences and multiple scenarios, with some pre-canned reports including:

  • Daily backup administrator report – quickly check for problems from the previous evening’s backup
  • Weekly management report – a summary report of the last 7 days activity
  • Audit report – check on a subset of clients at a particular point in time
  • Remote sites – you don’t want to have a DR event and stale remote data.

Reports can also be scheduled and sent as HTML5 with csv attachments.


Look, I’ve Got This Windows Server

Not everyone is happy with VM-based backups or exclusively run Linux. With this release, Rubrik have introduced Windows-native protection options (with support for Windows Server 2008 R2, 2012, and 2012 R2), supporting granular folder/file level backups inside Windows via “filesets”. Filesets are a logical construct based on Includes and Excludes. These are often around a direct path to a file or folder but can use wildcards for greater flexibility around what is included or excluded. But what does that mean? For example, you might backup C:\Users on all Windows servers on a daily basis excluding .mp3 files. At the same time, you might backup other folders on the same servers on a weekly or hourly basis. Filesets can be applied to multiple clients and a single client can even have multiple filesets applied which allows for great flexibility. Filesets also integrate with Rubrik’s core SLA policies.

Windows backup support integrates with the existing Role Based Access Controls and specifically the “End User” Role which can browse snapshots and recovery files for the specific objects to which it is granted permission. Note that Rubrik uses VSS to capture Open/Locked files but will still take a backup if VSS is unavailable.

Sleepy Encryption

My youngest daughter loves a good pun. Which is why I called this bit on software encryption at rest (SARE) “sleepy encryption”. Okay so it’s not a great pun. Let’s move on.

Rubrik currently supports encryption at rest with the r528 Appliance via Self Encrypting Drives with FIPS 140-2 Level 2 compliance. With the 3.1 release though, SARE (I’m just being lazy, that isn’t the official product name) is now available on new R3xx appliances that have a Trusted Platform Module (TPM). There’re two components that it focuses on:

  • The Atlas file system (holds backup data and indices); and
  • Metadata (internal db, logs, stats, etc).

Atlas is protected via AES-256 for all file writes. Rubrik tell me the overhead in performance is somewhere between 1-2%. Metadata is protected via a metadata-optimized method also using AES-256 encryption. Rubrik tell me that the “solution can theoretically scale to 32 exabytes within a single cluster”.


But Wait, There’s More!

UI Enhancements

There is now a dedicated page per host showing the filesets associated with each host.


SQL Server Enhancements

  • Support for SQL Servers on Windows Server Failover Clusters (WSFC)
  • Advanced export – specify at an individual file level the restore location during an export operation.
  • Support for SQL Server 2016
  • Cross-version Restore – restore to the same or newer version of SQL. Check the table below.


Customer-driven Upgrades

Rubrik are keen for customers to do their own upgrades too, providing the ability to do self-service upgrades via the CLI. All you need to do is upload the package to cluster and away you go. This is handy in “dark sites” without internet access.


Other Stuff

There’s a new End User Role – Overwrite Restore Enhancement. There is now a new “Allow destructive restore” checkbox available when creating a restore user. This allows a user with End User RBAC privileges to overwrite existing files during a restore. While supported for all protected objects, the primary use case is for SQL database restores. Because sometimes you just need to kill it with fire.

Edge Improvements – you can now add capacity to a running Edge instance.

In-place file restore inside a Linux VM – can restore a file or folder directly back to a source VM with relevant permissions. The restore can overwrite existing files/folders or go to a separate folder on the source VM.



For a minor release, there are some major features included here. I’m excited to see how this goes in the field and looking to see what else Rubrik has coming in the next few months. They’ve been around for a little while now and the impression I get is that they’re growing rapidly. Copy data management, secondary data, cloud data management – whatever you want to call it – is no longer the annoying uncle at the annual family reunion. It’s finally getting some attention in the market for all of the right reasons. Rubrik have taken a neat approach with policy-driven software and hardware that focuses on the requirement, not just what the tech can do. I think this will be key to their continued success in the marketplace. In short, it’s pretty cool stuff and I recommend you check them out if you’re into that kind of thing.


Rubrik – Cloud Data What?

I’ve done a few posts on Cohesity in the past, and I have some friends who work at Rubrik. So it seemed like a good idea to put up a short article on what Rubrik do. Thanks to Andrew Miller at Rubrik for helping out with the background info.


The Platform

It’s converged hardware and software (called “Briks” – there are different models but 2RU (4 nodes) are the most common).

[image via Rubrik’s website]

The Rubrik solution:

  • Is fundamentally built on a scale out architecture;
  • Provides a built-in backup application/catalogue with deduplication and compression;
  • Uses a custom file system, distributed task scheduler, distributed metadata, etc;
  • Delivers cloud native archiving, policy driven at the core around imperative vs. declarative;
  • Can leverage cloud native archive (with native hooks into AWS/Azure/etc.);
  • Has a custom VSS provider to help with STUN (super VMware friendly),
  • Provides a native API since day one (REST-based), and along with vSphere (VADP, CBT, NBDSSL), handles SQL and Linux natively (there’s apparently more to come on that front); and
  • There’s an edge appliance for ROBO, amongst other things.


Cloud Data Management

Rubrik position their solution as “Cloud Data Management”.

In a similar fashion to Cohesity, Rubrik are focused on a bunch of stuff, not just backup and recovery or copy data management. There’s a bunch of stuff you can do around archive and compliance, and Rubrik tell me the search capabilities are pretty good too.

It also works well with technologies such as VMware vSAN. Chris Wahl and Cormac Hogan wrote a whitepaper on the integration that you can get here (registration required).



As you can see from this post there’s a lot to look into with Rubrik (and Cohesity for that matter) and I’ve really only barely scratched the surface. The rising popularity of smarter secondary storage solutions such as these points to a desire in the marketplace to get sprawling data under control via policy rather than simple tiers of disk. This is a good thing. Add in the heavy focus on API-based control and I think we’re in for exciting times (or as exciting as this kind of stuff gets in any case). If you’re interested in some of what you can do with Rubrik there’s a playlist on YouTube with some demos that give a reasonable view of what you can do. I’m hoping to dig a little deeper into the Rubrik solution in the next little while, and I’m particularly interested to see what it can do from an archiving perspective, so stay tuned.