VMware – VMworld 2016 – STO8718-SPO – Building Next-Gen Data Protection for VMware Environments with Rubrik

Disclaimer: I recently attended VMworld 2016 – US.  My flights were paid for by myself, VMware provided me with a free pass to the conference and various bits of swag, and Tech Field Day picked up my hotel costs. There is no requirement for me to blog about any of the content presented and I am not compensated in any way for my time at the event.  Some materials presented were discussed under NDA and don’t form part of my blog posts, but could influence future discussions.


Here are my rough notes from “STO8718-SPO – Building Next-Gen Data Protection for VMware Environments with Rubrik” presented by Chris Wahl and Chris Gurley.




  • What is Cloud Data Management?
  • Protection via policy-driven SLAs
  • Restoring Services


Cloud Data Management

What customers are doing? Looking to build more cloud like environments for legacy and next-generation applications.
So what about Rubrik? They “deliver killer applications to democratise public cloud for enterprises with an easy button to protect, manage, and secure data everywhere”.
Wrapping data in an intelligent software fabric

  • All your data. Activated.
  • Assign policies
  • Layer on security
  • Track compliance
  • Introduce automation
  • Define user access
  • Instantly search.

Topology agnostic – manage data everywhere.
Accelerate data for lifecycle usage

  • Backup & Recovery
  • Search & Analytics
  • Copy Data Management (so hot right now)
  • Disaster Recovery
  • Archival & Compliance
  • Cloud Instantiation

Rubric is a programmatic software fabric

  • API-first architecture – Rubrik consumes the same APIs
  • Automation – Create, select, execute. Repeat.
  • Extensible – APIs designed to be resilient to change.

Automation Real-world use cases

  • Post-script automation for linux files protection
  • Automated management in vCenter for objects and tags
  • PowerShell automation for DSC
  • Self-service via vRealize Suite
  • New workload provisioning for DevOps shops with Chef and Puppet

Orchestrating data across clouds

An intelligent software fabric to orchestrate data retention across public and private clouds

  • Security
  • SLA-based tiering
  • Global deduplication
  • Global search

Data Platform Security

  • Management Plane
    • Role Access – granular control of user access to data
    • Compliance Reporting – centralised compliance reporting
    • Log Monitoring and Audit – Monitor system events, operational tasks, capacity, logs and user events

Data Plane

  • Data encryption – FIPS-140 Level 2 HDDs/SSDs protect against even physical theft or breach
  • Data encryption in-flight – data encryption before and after leaving appliance
  • Key management – cryptographic keys protected by Trusted Platform Modules
  • Reference Point-in-time – revert to point-in-time to determine breach or for recovery

Chris G – Demo

OH “Don’t knock on the projector, they’re here now”. “It’s okay, I don’t think he owns it”
Chris W – “Is this kind of fun? Like Asteroids for data protection?”


Protection via Policy-driven SLAs

Provide the information (RPO, RTO, etc) and the policy will make it so.
Users consume services and data.

How do you recover an application?

  • One VM?
  • Tier of VMs?
  • A section of the DC?
  • An entire DC?

IO scales linearly (20000 IOPs per box).

Traditionally there’s been a large focus on data ingest.


But can I quickly / easily restore the data?
Add Archival Location (S3 / Object Store / NFS) – I like when they can answer a question by jumping into the product and doing a demo.
This was a top session with some great demos. It’s a real treat to sit in sessions where the presenters can answer questions quickly through a demo. 5 stars.