混合雲的資料安全保護架構與策略 - fis · •self-service selection - from...

資深技術顧問藍基能

混合雲的資料安全保護架構與策略

• XtrmeIO&DD 20倍速備份

• EMC Cloud Data Protection

• Cloud Storage

• Hybrid Model

• Born In The Cloud Model

• VMware vRealized Data Protection Extension

AGENDA

Technology Underlying ProtectPoint w/ XtremIO

• Change Block Tracking/Data Movement Engine

– XtremIO and RecoverPoint technology

• Protection Storage– Data Domain

Full Backup

Block

1. Dedupe2. Compress3. Write to File System

New Block

Production

New Block

Point in Time Copy

App Integration:

Agents1. File Systems Agent2. Application Agent

BACKUP WITH PROTECTPOINT FOR XTREMIO

1. App owner triggers backup at an application consistent checkpoint

2. Only changed blocks sent directly to Data Domain

3. Data Domain uses the changed blocks to create full backups in native format

FULL BACKUPS EVERY TIME, ONLY UNIQUE BLOCKS SENT

Application Server

1

2

3

Production

Backup

Application Owner

Catalog

Agent

BACKUP WITH PROTECTPOINT FOR XTREMIO

1. Infrastructure policy initiates triggers backup at an storage consistent checkpoint

2. Only changed blocks sent directly to Data Domain

3. Data Domain uses the changed blocks to create full backups in native format

INFRASTRUCTURE DRIVEN BACKUPS

Application Server

12

3

Production

Backup

Catalog

Agent

NEW!

RECOVERY WITH PROTECTPOINT FOR XTREMIO

1. App owner triggers recovery

2. The backup image is read from the Data Domain

3. Primary storage replaces production LUN with the recovered copy

FULL RECOVERY DIRECTLY FROM DATA DOMAIN

Catalog

Application Server

1

2

3

Backup

Backup

Production

Agent

Application Owner

RECOVERY WITH PROTECTPOINT FOR XTREMIO

1. App owner triggers recovery

2. App server connects to the backup image from the Data Domain

3. App owner recovers the specific object(s) to the production database

GRANULAR RECOVERY VIA INSTANT ACCESS

Catalog

Application Server

1

2

3

Backup

Backup

Production

Agent

Application Owner

ENABLING CLOUD DATA PROTECTION FOR ALL CONSUMPTION MODELS

EMC CLOUD DATA PROTECTION

EMC Data Protection

CatalogPolicy-basedAutomation

Monitoring AnalyticsRecovery SecurityAvailability Compliance Platform Integration

Data Protection Services Data Management Services

On-Premise Storage

3rd Party

On Premise HybridVirtual Born In The Cloud

Cloud Storage

3rd PartyClouds

BaaS & DRaaS

30 Retention (LTR)

Archive

Partner Clouds

ELASTIC CLOUD STORAGE

Documents (XLS, PPT, DOC) Rich Media (PDF, JPG, Video, Streaming)

Sensor Data (GPS, measurements)

Unstructured Content (Web Server logs, etc.)

No Single points of Failure

Broad Industry Standard Support

Lower OpEx with no Vendor Lock-in

Scale Effortlessly - Store Efficiently - Access Globally

SAOJBOSS

參考建置架構

SAOJBOSS

GSLBServer Load Balancer

GSLBGlobal Server Load Balancer

Authentication

Authentication

Hsinchu Taichung Tainan

SAOJBOSS

SAOJBOSS


Hsinchu Tainan

SolrCloud

Storage Access ObjectHome Grown Application

Active

OpenLDAP

ActiveStandby

SAOJBOSS

SAOJBOSS


Taichung

Active

Storage Access ObjectHome Grown Application

OpenLDAP

Authentication

OpenLDAPOpenLDAP

Authentication

OpenLDAPOpenLDAP

Standby

G3-Flex-2408 Nodes with 4TB DisksRAW Capacity: 960TB



ECS SoftwareEnterprise & SPs

DIY with Third Party Commodity Hardware

ECS ApplianceEnterprise & SPs

Hyperscale Cloud Storage PlatformEMC Service and Support



EMC Data Protection




On-Premise Storage

3rd Party


Cloud Storage

3rd PartyClouds

BaaS & DRaaS

30 Retention (LTR)

Archive

Partner Clouds

CLOUDBOOST ENABLES AN ALTERNATIVE SOLUTION IN CLOUD TO AVOID TAPE HEADACHES

CloudBoost Appliance(Virtual or Physical)

Metadata

Site Cache

DesktopsLaptops

Files NAS/NDMP

VMware &Hyper-V

Databases

Email Applications

DB

ROBO

Primary storageEMC Data

Protection Suite

Veritas NetBackup

LAN

Public Cloud

Private Cloud

LAN

3rd PartyClouds

Partner Clouds

*future

• 支援備份資料長期保留• Cloud 作為 Remote Site

SUPPORTED CLOUDS

Public Private

AT&T Synaptic Storage EMC ECS

Amazon S3 OpenStack Swift

Microsoft Azure EMC Atmos

Google Cloud Storage

建議備份架構示意圖及規劃重點

FileEmailDB

Private Cloud

NetWorker&Avamar Server

Data Domain

BackupD

ata

Public Cloud

Metadata &

Com

mand

1st

Copy2nd

Copy

涵蓋虛擬、實體機及各種資料庫的完整備份方案

VM

Cloud Storage

加密去重複雲端複製

引用Cloud Storage降低建置成本

單一備份Server，管理維護容易

Client Direct，不需Media Server

備份速度比一般備份軟體快3-5倍

架構簡單，維護容易，具成本效益

去重複率優，儲存及複製頻寬成本低

擴充容易，只需增加硬碟櫃

Web

CloudBoostVirtual orPhysical

Appliance

CloneTo

Cloud 以Cloud Storage降低成本支援長期保存、並提供異地方案。一個CloudBoost 可管

理6PB

以去重複技術降低與Cloud的資料傳輸費用及

儲存成本

以DD作第一階備份儲存設備，加速備份及回復速

度，也降低Cloud成本

Client Direct、BBB、VSF 提供3-5倍的備份效能提升

DATA DOMAIN CLOUD TIERING FOR THE LONG TERM RETENTION (LTR) USE CASE’S

Networker/Avamar

3rd Party DDBoost Enabled

Backup Apps

DDBoost for Enterprise

Apps

ActiveDedupe

Cloud Tier*

Data

mo

vem

en

t Po

licy

ECS OnPremECS² Service*8

ATMOS EMC Partner Clouds

3rd Party Public Clouds

* DD Cloud Tiering Targeted for 2H 2016

** ECS² Is a Object storage as a Service Solution targeted for 1st Half 2016

Dedupe Data copied to

Cloud. Jut Meta Data

moved to Cloud Tier

What ever dedupe

rate you get in Active

= Dedupe in the

Cloud

Dedupe Data copied to

Cloud. Jut Meta Data

moved to Cloud Tier

Backup Server

Data Domain

ECS HARDWARE AND UPGRADE PATH

備份儲存設備評估報告 – Gartner & IDC

EMCData Domain

EMCData Domain

Gartner IDC



EMC Data Protection




On-Premise Storage

3rd Party


Cloud Storage

3rd PartyClouds

BaaS & DRaaS

30 Retention (LTR)

Archive

Partner Clouds

of companies using

SaaS apps reported

they’ve lost data

Source: IDG and Spanning research

SAAS DATA LOSS IS COMMON

58%

SAAS VENDORS CAN’T OFFER COMPLETE PROTECTION

SaaS data is a business asset and customer responsibility:

• SaaS backup focus on reliability, availability and security, not on data recovery

• SaaS providers promise to delete data when you ask them to

• SaaS vendors can’t tell if the “delete/edit” request is legitimate or not

SPANNING IS BORN-IN-THE-CLOUD BACKUP

Enterprise-grade backup and restore for Office 365 Mail,

Calendars, People

Spanning Backup for

- Planned GA, May 2015 -

Enterprise-grade backup and restore for Gmail, Drive,

Contacts, Calendars and Sites

Spanning Backup for

4200+ Customers

- Launched March, 2011 -

“In-app” backup and recovery of objects, custom objects, files, attachments, and customizations

Spanning Backup for

Top Rated Backup Solution on Salesforce AppExchange

- Launched March, 2014-

Virtualization & Cloud

VMware, Hyper-V & Azure

EMC DATA PROTECTION FOR MICROSOFT CLOUDS

• Microsoft Private & Hosted Cloud VM protection – Disaster recovery

– Granular file recovery

• OS & Application consistent protection

• Hyper-V over CSV Federated Backup– Multi-proxy backup for high performance

• Agentless backup and recovery

• Automated protection of self-service VMs

• And now …

AVAMAR VIRTUAL EDITION FOR VMWARE & HYPER-V

• Protecting Enterprise Data in a Private & Public Cloud– Protection Storage Virtual Appliance for VMware & Hyper-V (.5, 1, 2, 4TB)

– Replication from remote office to Datacenter for DR

AVAMAR VIRTUAL EDITION (AVE) FOR VMWARE & HYPER-V

VMware

Data CenterRemote Site 1

Avamar

Hyper-V

Remote Site N

Avamar

NEW FOR AZURE

• Detects Hyper-V or Azure during install

• Backup to Cloud, Recover from Cloud, Protect Data Born in the Cloud

– Superior SLAs with incrementals forever replica copy

– Ability to access data in the cloud in the case of disaster

– Simple solution with a virtual appliance

AVAMAR VIRTUAL EDITION FOR MICROSOFT AZURE

Avamar

Protecting Data Born in the Cloud

Backup to Cloud

Avamar

Operational Recovery

Disaster Recovery

DR: Recover from Cloud

Avamar

VREALIZE DATA PROTECTION EXTENTION

AUTOMATED, SELF-SERVICE BACKUP & RECOVERY

AVAMAR PLUG-IN FOR VREALIZE

Automation Governance Self-Service

vRealize Automation vRealize Operations, Log Insight

Monitoring Troubleshooting Remediation

ITBM

vRealize Orchestrator

VMware vRealize

Suite

AWSvCloud Air

Data Protection

Cloud AdminService Architect End-users

Performance Mgr.

Cost Analytics

For End-Users

•Self-service selection - From pre-defined catalog of blueprints

- From predefined set of backup policies

•Agility: self-managed backup- Ad-hoc and scheduled backups

- Browse backup catalog & restore

•Visibility- Job status monitoring

For Data Protection Admins

•Transform the operating model- Leveraging existing infrastructure &

architecture

•Automation & Operational Efficiency- Automate data protection tasks

•Governance- Oversight & control of end-user actions

- Backup admin retains complete control without managing every action

(AVAMAR) PLUGIN FOR VREALIZE AUTOMATIONBenefits

EMBEDDING PROTECTION POLICIES INTO APPLICATION BLUEPRINTS

EMC DATA PROTECTION FOR VREALIZE AUTOMATION

Backup Admin

EMC Avamar Gold

• Define backup policies• Monitor backup

infrastructure

Silver

Bronze

Cloud Admin

vRealize Automation

• Embed backup policies• Entitle users to ‘Day 2

actions’

Linux

MySQLWindows

End-Users

Linux MySQLWindows

• Provision protected Apps• On-Demand/Scheduled

Backups & restores

vRealize Automation

SELF-SERVICE ‘DAY 2‘ ACTIONS

Add Policy On Demand Backup Restore Detach Policy View Protection Status File Restore

Thank you.

資深技術顧問藍基能

混合雲的資料安全保護 架構與策略 - fis · •self-service selection - from...

Documents

混合雲的資料安全保護架構與策略 - fis · •self-service selection - from...