Tech ONTAP Blogs
Tech ONTAP Blogs
Certain organizations have strict security policies which don’t allow open connections to the internet and don’t allow inbound/outbound network traffic to and from their data centers. Also, for many organizations, there is imperative to keep data protected with the highest level of security standards—simply backing up to the public cloud is not an option. This would essentially mean that such organizations cannot utilize cloud storage services to move their secondary backups to the cloud. This can create serious on-prem storage crunch issues, especially when it comes to storing infrequently used backup data.
Cloud Backup now comes with a self-managed, or “software-only” mode. With the software-only option, users have more control to keep data securely stored within their data centers. The chief feature of the software-only option is that it does not need any outbound internet connectivity. This makes it ideal for customers who would like to manage their data backups in the private cloud.
In this blog, we’ll look at how Cloud Backup support for dark-site deployments provides all the benefits of automatic, block-level forever backup and restore for users, and how it can be installed and used.
There are 3 kinds of customer environments for which we look to enable cloud services, based on the customer’s ability to allow inbound/outbound network from the data center.
Dark sites are a deployment method normally used by high-security installations (government, military, and intelligence communities, as well as select highly regulated financial services) where they need to ensure there are no external network connections that present the opportunity for breach. Most often we'll see this in the intelligence communities, but other industries may apply this method for the protection of intellectual property and regulated data.
There are 2 types of “Dark Sites” deployments.
Cloud Backup SaaS deployment usually requires outbound communication from the customer’s data center to the SaaS-based UI and other essential endpoints for day-to-day operations but the software-only option does not. With the software-only option, all packages, dependencies, and essential components are packed as a single bundle software that can be installed and run on a local machine. The application can be installed or updated via an installer, like a traditional software product. In this deployment model, backup storage is kept locally in the data center without consuming any resources over the internet.
In dark site deployment, Cloud Manager services, Cloud Backup services, and the required databases are installed and run on a local Linux machine that resides on the private cloud. These services work together and are sustained within the dark site without requiring any external internet connection. These services are designed to take backups of ONTAP clusters which are then moved to StorageGRID S3 object store. Adding NetApp Cloud Backup cloud-integrated data protection, you can extend your StorageGRID Webscale cloud to include backups and cold archived data.
When you enable Cloud Backup on the on-premises ONTAP system, the service performs a full backup of your data. Volume snapshots are not included in the backup image. After the initial backup, all additional backups are incremental, which means that only changed blocks and new blocks are backed up. This keeps network traffic to a minimum.
Backup copies are stored in an object store that Cloud Manager creates in your cloud account. There’s one object store per cluster/working environment, and Cloud Manager names the object store as follows: "netapp-backup-clusteruuid". Be sure not to delete this object-store. In StorageGRID, Cloud Manager uses an existing storage account for the object store bucket.
The Connector software must run on a host that meets specific operating system requirements, RAM requirements, port requirements, and so on. A dedicated host is required. The Connector is not supported on a host that is shared with other applications. The host must be a dedicated host.
Supported operating systems
The Red Hat Enterprise Linux system must be registered with Red Hat Subscription Management. If it is not registered, the system cannot access repositories to update required 3rd party software during Connector installation.
The Connector is supported on English-language versions of these operating systems.
Docker Engine version 19 or later is required on the host before you install the Connector. View installation instructions.
Installation of Unified Manager on a Linux system can be performed by the root user or by non-root users by using the sudo command.
In this section, we will discuss how Cloud Manager DarkSite with Cloud Backup Support can be installed.
sudo systemctl enable docker && sudo systemctl start docker
chmod +x /path/ darksite-installer
4. Run the installation script:
sudo /path/ darksite-installer
Now that we have installed Cloud Manager DarkSite with Cloud Backup Support, let's go ahead and examine how it can be configured and set up.
You should see the following screen. Click on set up new Cloud Manager.
Please try it out and let us know. In this blog , we haven’t covered every possible scenario, and we know that you’ll have questions and concerns, so please contact us on Teams Group.