Skip to main content

Hi Everyone,

 

The countdown to World Backup Day 2022 continues!

If you missed the previous Fun Friday post/game then check it out here!

 

I want to stick with the fun theme here and have a new game. I’ll provide a scenario and you can choose what type of backup YOU would want, and leave a comment as to the why below! There’s no right or wrong here, just perspectives. What has worked for you? What gave you buyers remorse and made you want to choose something else?

 

Scenario:

You’re responsible for data protection in your organisation and have asked for budget to get some form of immutability or airgapped backup in-place. You have only one chance to get your budget approved and need to justify why you believe it is best. What do you go for? Why?

 

Infrastructure:

You have a simple three-node vSphere cluster running 20VMs, total production size of 10TB. This is connected to the internet via a 1Gbps link with a 1Gbps MPLS connection to a DR site, this has three-nodes and no production workloads. You backup to a physical Windows Server with ReFS within the production site.

I would go for AWS S3 with immutability. I recognize there is an existing DR site, however, it is unclear how saturated the existing link is going to be. I was considering to purchase some server with storage and set up as Linux immutability but I think given the small shop we are dealing with it might not be correctly secured/locked down. As such, I opted for the S3 because I think even with  a relatively high change rate we should be able to offload copies of the backups without a problem. I also preferred this for potential scale over time.


If possible I would go for a DR site Deduplicated storage, like StoreOnce or Quantum vm, and also a Internet S3 provider with Immutable storage, but if the budget is reduced, minimum the first one.

my personal opinion and just with the little info of this hypothetical case.

thanks!


I don’t have buyer remorse BUT I inherited a dedup appliance from the old backup software and waiting a lots of time to recuperate free space after deleting some backup got me crazy. Me and my colleagues like to control hardware to OS on repository. Black box could be cool if you don’t have the time and knowledge to deal with performances issues etc…

If i could i will choose object storage on cloud provider or on premise to have a second media because the management and performance are better than tape. BUT the exponential growth of data, capacity of storage of tape and securities alerts (due to cyber war) helped me to change my opinions.

BTW from the POV of French information system security agency Airgap is obviously a disconnected storage (hello my old friend Tape...). Well put tape in faraday cage in fireproof safe are not for everyone FORTUNATELY :rofl:

In close future we will probably use a kind of glacier on premise who will erase some king of disadvantages of tape with the ability to adress data with S3 and have replication between Datacenter.

 

Question part:

Hmm It’s a tough question, you should know more about the strategie of the client:

  • Can it use cloud provider?
  • What is the policy retentions?
  • What is the RTO?
  • Do they have a storage node in spare for hardened repo?
  • Do they have a security policy? Object storage could compliant with their definition of Airgap?

Quick and easy answer for me : S3 Compatible Provider with Immutability support
You can set up this quickly if you have the agreement and a credit card hehe.

For the DR site if needed you can add the bucket to restore data.


This seems to be a rather small company/customer. Therefore I would select a solution “with some help” for them. Either a Cloud connect provider or an AWS (or compatible) S3 storage with immutability.

With these two solutions the customer does not have to customize and maintain all of the systems and does not have to secure them. The amount of data which has to be sent every day should be manageable.

 

For a bigger environment I would probably select a hardened repository or a tape solution at the DR site...


So based on what I have seen and dealt with all of these years, and after much pain …. I would go with Tape shipped to DR with the process being under my control. Yes old fashion but it is the close to being air gapped. Almost everything else while very good I have seen at least once defeated by bad guys bad stuff or by human error (lack of monitoring properly and automation issues)

Keep in mind Air Gapped is very specific in its meaning and nothing here is truely air gapped due to the fact that human control of data transfer is also required with no automation, so even the auto tape jobs might not be fully compliant, but we do what we can with what we have so. From NIST:

Air Gap

An interface between two systems at which (a) they are not connected physically and (b) any logical connection is not automated (i.e., data is transferred through the interface only manually, under human control).

 

https://csrc.nist.gov/glossary/term/air_gap


As we can see, Internet and MPLS link are both with the same throughput. So, I will choice a Linux hardened repository on DR site with BC jobs copying backups site to site. On this way we can have immutability on DR side given that production side we don’t.


I voted other because we are an SP and I would go with our new HCPCS offering for the offsite portion or even our newest product which S3 to Tape vaulting. :smiley:


I would go with a S3 Compatible storage which supports immutability as it's a rather small environment and cost/budget is a limiting factor. Also the internet bandwidth is good enough, so I would prefer S3 over tape.

But I did select the ‘Other’ option. While S3 will satisfy the requirements, I would still want to utilize the DR cluster. So, I would in addition create replication jobs to this cluster. They wouldn't be immutable and also not really air-gapped, but still on different media/format and offer a better RTO than the cloud storage.


And the results are in! Thank you to all who voted, it’s great to see a spread, but it’s great to see Object Storage getting such love, thank you to all who elaborated as well in the comments. As I said, there’s no right or wrong answer, just perspectives.

 

My perspective on this is that I’d rather a level of isolation for both trust and responsibility within my environment, so I’d be looking at some form of immutable service offering, either VCC or Object Storage via a provider that supports immutability. I’m a big advocate that there is a risk of insider threats to all systems being maintained by internal staff that could result in compromise, especially when a business is of a smaller size when one person tends to wear my hats/perform more duties. This threat could be accidental (forgot to insert new tape/rotate USB), it could be malicious (nobody else can see this so I can get away with it), or it could be lack of knowledge/experience (I don’t know how to properly secure storage or evaluate the risk in my design). In any scenario, establishing different fault domains is a great way to minimise fallout from disaster.


Just arrived from @Kseniya & @kirststoner12’s world backup day LinkedIn Live?

 

Vote and add your say below!


Comment