混合雲的資料安全保護 架構與策略 - fis · •self-service selection - from...
TRANSCRIPT
• XtrmeIO&DD 20倍速備份
• EMC Cloud Data Protection
• Cloud Storage
• Hybrid Model
• Born In The Cloud Model
• VMware vRealized Data Protection Extension
AGENDA
Technology Underlying ProtectPoint w/ XtremIO
• Change Block Tracking/Data Movement Engine
– XtremIO and RecoverPoint technology
• Protection Storage– Data Domain
Full Backup
Block
1. Dedupe2. Compress3. Write to File System
New Block
Production
New Block
Point in Time Copy
App Integration:
Agents1. File Systems Agent2. Application Agent
BACKUP WITH PROTECTPOINT FOR XTREMIO
1. App owner triggers backup at an application consistent checkpoint
2. Only changed blocks sent directly to Data Domain
3. Data Domain uses the changed blocks to create full backups in native format
FULL BACKUPS EVERY TIME, ONLY UNIQUE BLOCKS SENT
Application Server
1
2
3
Production
Backup
Application Owner
Catalog
Agent
BACKUP WITH PROTECTPOINT FOR XTREMIO
1. Infrastructure policy initiates triggers backup at an storage consistent checkpoint
2. Only changed blocks sent directly to Data Domain
3. Data Domain uses the changed blocks to create full backups in native format
INFRASTRUCTURE DRIVEN BACKUPS
Application Server
12
3
Production
Backup
Catalog
Agent
NEW!
RECOVERY WITH PROTECTPOINT FOR XTREMIO
1. App owner triggers recovery
2. The backup image is read from the Data Domain
3. Primary storage replaces production LUN with the recovered copy
FULL RECOVERY DIRECTLY FROM DATA DOMAIN
Catalog
Application Server
1
2
3
Backup
Backup
Production
Agent
Application Owner
RECOVERY WITH PROTECTPOINT FOR XTREMIO
1. App owner triggers recovery
2. App server connects to the backup image from the Data Domain
3. App owner recovers the specific object(s) to the production database
GRANULAR RECOVERY VIA INSTANT ACCESS
Catalog
Application Server
1
2
3
Backup
Backup
Production
Agent
Application Owner
ENABLING CLOUD DATA PROTECTION FOR ALL CONSUMPTION MODELS
EMC CLOUD DATA PROTECTION
EMC Data Protection
CatalogPolicy-basedAutomation
Monitoring AnalyticsRecovery SecurityAvailability Compliance Platform Integration
Data Protection Services Data Management Services
On-Premise Storage
3rd Party
On Premise HybridVirtual Born In The Cloud
Cloud Storage
3rd PartyClouds
BaaS & DRaaS
30 Retention (LTR)
Archive
Partner Clouds
ENABLING CLOUD DATA PROTECTION FOR ALL CONSUMPTION MODELS
EMC CLOUD DATA PROTECTION
EMC Data Protection
CatalogPolicy-basedAutomation
Monitoring AnalyticsRecovery SecurityAvailability Compliance Platform Integration
Data Protection Services Data Management Services
On-Premise Storage
3rd Party
On Premise HybridVirtual Born In The Cloud
Cloud Storage
3rd PartyClouds
BaaS & DRaaS
30 Retention (LTR)
Archive
Partner Clouds
ELASTIC CLOUD STORAGE
Documents (XLS, PPT, DOC) Rich Media (PDF, JPG, Video, Streaming)
Sensor Data (GPS, measurements)
Unstructured Content (Web Server logs, etc.)
No Single points of Failure
Broad Industry Standard Support
Lower OpEx with no Vendor Lock-in
Scale Effortlessly - Store Efficiently - Access Globally
SAOJBOSS
參考建置架構
SAOJBOSS
GSLBServer Load Balancer
GSLBGlobal Server Load Balancer
Authentication
Authentication
Hsinchu Taichung Tainan
SAOJBOSS
SAOJBOSS
GSLBServer Load Balancer
Hsinchu Tainan
SolrCloud
Storage Access ObjectHome Grown Application
Active
OpenLDAP
ActiveStandby
SAOJBOSS
SAOJBOSS
GSLBServer Load Balancer
Taichung
Active
Storage Access ObjectHome Grown Application
OpenLDAP
Authentication
OpenLDAPOpenLDAP
Authentication
OpenLDAPOpenLDAP
Standby
G3-Flex-2408 Nodes with 4TB DisksRAW Capacity: 960TB
G3-Flex-2408 Nodes with 4TB DisksRAW Capacity: 960TB
G3-Flex-2408 Nodes with 4TB DisksRAW Capacity: 960TB
ECS SoftwareEnterprise & SPs
DIY with Third Party Commodity Hardware
ECS ApplianceEnterprise & SPs
Hyperscale Cloud Storage PlatformEMC Service and Support
ENABLING CLOUD DATA PROTECTION FOR ALL CONSUMPTION MODELS
EMC CLOUD DATA PROTECTION
EMC Data Protection
CatalogPolicy-basedAutomation
Monitoring AnalyticsRecovery SecurityAvailability Compliance Platform Integration
Data Protection Services Data Management Services
On-Premise Storage
3rd Party
On Premise HybridVirtual Born In The Cloud
Cloud Storage
3rd PartyClouds
BaaS & DRaaS
30 Retention (LTR)
Archive
Partner Clouds
CLOUDBOOST ENABLES AN ALTERNATIVE SOLUTION IN CLOUD TO AVOID TAPE HEADACHES
CloudBoost Appliance(Virtual or Physical)
Metadata
Site Cache
DesktopsLaptops
Files NAS/NDMP
VMware &Hyper-V
Databases
Email Applications
DB
ROBO
Primary storageEMC Data
Protection Suite
Veritas NetBackup
LAN
Public Cloud
Private Cloud
LAN
3rd PartyClouds
Partner Clouds
*future
• 支援備份資料長期保留• Cloud 作為 Remote Site
SUPPORTED CLOUDS
Public Private
AT&T Synaptic Storage EMC ECS
Amazon S3 OpenStack Swift
Microsoft Azure EMC Atmos
Google Cloud Storage
建議備份架構示意圖及規劃重點
FileEmailDB
Private Cloud
NetWorker&Avamar Server
Data Domain
BackupD
ata
Public Cloud
Metadata &
Com
mand
1st
Copy2nd
Copy
涵蓋虛擬、實體機及各種資料庫的完整備份方案
VM
Cloud Storage
加密去重複雲端複製
引用Cloud Storage降低建置成本
單一備份Server,管理維護容易
Client Direct,不需Media Server
備份速度比一般備份軟體快3-5倍
架構簡單,維護容易,具成本效益
去重複率優,儲存及複製頻寬成本低
擴充容易,只需增加硬碟櫃
Web
CloudBoostVirtual orPhysical
Appliance
CloneTo
Cloud 以Cloud Storage降低成本支援長期保存、並提供異地方案。一個CloudBoost 可管
理6PB
以去重複技術降低與Cloud的資料傳輸費用及
儲存成本
以DD作第一階備份儲存設備,加速備份及回復速
度,也降低Cloud成本
Client Direct、BBB、VSF 提供3-5倍的備份效能提升
DATA DOMAIN CLOUD TIERING FOR THE LONG TERM RETENTION (LTR) USE CASE’S
Networker/Avamar
3rd Party DDBoost Enabled
Backup Apps
DDBoost for Enterprise
Apps
ActiveDedupe
Cloud Tier*
Data
mo
vem
en
t Po
licy
ECS OnPremECS² Service*8
ATMOS EMC Partner Clouds
3rd Party Public Clouds
* DD Cloud Tiering Targeted for 2H 2016
** ECS² Is a Object storage as a Service Solution targeted for 1st Half 2016
Dedupe Data copied to
Cloud. Jut Meta Data
moved to Cloud Tier
What ever dedupe
rate you get in Active
= Dedupe in the
Cloud
Dedupe Data copied to
Cloud. Jut Meta Data
moved to Cloud Tier
Backup Server
Data Domain
ENABLING CLOUD DATA PROTECTION FOR ALL CONSUMPTION MODELS
EMC CLOUD DATA PROTECTION
EMC Data Protection
CatalogPolicy-basedAutomation
Monitoring AnalyticsRecovery SecurityAvailability Compliance Platform Integration
Data Protection Services Data Management Services
On-Premise Storage
3rd Party
On Premise HybridVirtual Born In The Cloud
Cloud Storage
3rd PartyClouds
BaaS & DRaaS
30 Retention (LTR)
Archive
Partner Clouds
of companies using
SaaS apps reported
they’ve lost data
Source: IDG and Spanning research
SAAS DATA LOSS IS COMMON
58%
SAAS VENDORS CAN’T OFFER COMPLETE PROTECTION
SaaS data is a business asset and customer responsibility:
• SaaS backup focus on reliability, availability and security, not on data recovery
• SaaS providers promise to delete data when you ask them to
• SaaS vendors can’t tell if the “delete/edit” request is legitimate or not
SPANNING IS BORN-IN-THE-CLOUD BACKUP
Enterprise-grade backup and restore for Office 365 Mail,
Calendars, People
Spanning Backup for
- Planned GA, May 2015 -
Enterprise-grade backup and restore for Gmail, Drive,
Contacts, Calendars and Sites
Spanning Backup for
4200+ Customers
- Launched March, 2011 -
“In-app” backup and recovery of objects, custom objects, files, attachments, and customizations
Spanning Backup for
Top Rated Backup Solution on Salesforce AppExchange
- Launched March, 2014-
EMC DATA PROTECTION FOR MICROSOFT CLOUDS
• Microsoft Private & Hosted Cloud VM protection – Disaster recovery
– Granular file recovery
• OS & Application consistent protection
• Hyper-V over CSV Federated Backup– Multi-proxy backup for high performance
• Agentless backup and recovery
• Automated protection of self-service VMs
• And now …
AVAMAR VIRTUAL EDITION FOR VMWARE & HYPER-V
• Protecting Enterprise Data in a Private & Public Cloud– Protection Storage Virtual Appliance for VMware & Hyper-V (.5, 1, 2, 4TB)
– Replication from remote office to Datacenter for DR
AVAMAR VIRTUAL EDITION (AVE) FOR VMWARE & HYPER-V
VMware
Data CenterRemote Site 1
Avamar
Hyper-V
Remote Site N
Avamar
NEW FOR AZURE
• Detects Hyper-V or Azure during install
• Backup to Cloud, Recover from Cloud, Protect Data Born in the Cloud
– Superior SLAs with incrementals forever replica copy
– Ability to access data in the cloud in the case of disaster
– Simple solution with a virtual appliance
AVAMAR VIRTUAL EDITION FOR MICROSOFT AZURE
Avamar
Protecting Data Born in the Cloud
Backup to Cloud
Avamar
Operational Recovery
Disaster Recovery
DR: Recover from Cloud
Avamar
AVAMAR PLUG-IN FOR VREALIZE
Automation Governance Self-Service
vRealize Automation vRealize Operations, Log Insight
Monitoring Troubleshooting Remediation
ITBM
vRealize Orchestrator
VMware vRealize
Suite
AWSvCloud Air
Data Protection
Cloud AdminService Architect End-users
Performance Mgr.
Cost Analytics
For End-Users
•Self-service selection - From pre-defined catalog of blueprints
- From predefined set of backup policies
•Agility: self-managed backup- Ad-hoc and scheduled backups
- Browse backup catalog & restore
•Visibility- Job status monitoring
For Data Protection Admins
•Transform the operating model- Leveraging existing infrastructure &
architecture
•Automation & Operational Efficiency- Automate data protection tasks
•Governance- Oversight & control of end-user actions
- Backup admin retains complete control without managing every action
(AVAMAR) PLUGIN FOR VREALIZE AUTOMATIONBenefits
EMBEDDING PROTECTION POLICIES INTO APPLICATION BLUEPRINTS
EMC DATA PROTECTION FOR VREALIZE AUTOMATION
Backup Admin
EMC Avamar Gold
• Define backup policies• Monitor backup
infrastructure
Silver
Bronze
Cloud Admin
vRealize Automation
• Embed backup policies• Entitle users to ‘Day 2
actions’
Linux
MySQLWindows
End-Users
Linux MySQLWindows
• Provision protected Apps• On-Demand/Scheduled
Backups & restores
vRealize Automation
SELF-SERVICE ‘DAY 2‘ ACTIONS
Add Policy On Demand Backup Restore Detach Policy View Protection Status File Restore