Skip to main content
  • EN

Brand Building is a Multinational corporation with 10 data centers in North America. 

The backup Team is located in Boston, and they remotely administer all of the local VBR servers in each DC, which are also members of the production AD. They have fast, secure connections between sites and use Enterprise Manager to manage all of their sites. This also allows them to allocate certain roles to local users. Each location has a tape drive and they have been doing local backup to tape jobs for DR. These tapes are later moved to secure storage outside of the Data Centers but not more than 20KM away. They have a legal requirement to keep Monthly full backups for 7 years

Their local repositories are all NTFS on Windows servers. 

After completing an audit, they are aware that they must increase their protection against ransomware. They would like to replace the local repositories with secure ones. The would also like to add Cloud backups for more redundancy. However, they are worried about extra costs especially linked to hidden egress or ingress fees. They could always send backup copies from each DC to another but would that really satisfy the 3 2 1 rule?

 

 

What design would you recommend? 

 

Nice task!

If it’s fit in the customers budget, i would recommend to go for Linux Hardened Repositories on every site as the primary backup target. Depending on the amount of backup data and the required RTO, maybe on a SSD base. Would be also nice for Instant Recovery and fast Sure Backup scenarios.

Backup Copies could be done to Wasabi Cloud Storage (also in regards to ingress/egress fees). 

I would leave the Tape-Job as it is, it’s a good/cheap/air-gapped solution for their legal requirements. If the current Windows Repository will be replaced completely, and if it’s currently also used as the tape proxy role, they have to get a seperate tape proxy server.

Regarding the mentioned production domain, i would recommend to place the whole Backup Infrastructure in a seperate AD, without any trust to the productive domain.

Comment


Terms & Conditions