Tech ONTAP Blogs

Google Cloud NetApp Volumes: Here’s all the power you need to protect your data

rarvind
NetApp
268 Views

Hey there, dear cloud storage super stars…

Are you dealing with the most sought-after treasure in this world today?

Some refer to it as the new oil, other call it precious old gold—whatever the name, data commands respect!

The primary way to respect data is by giving it the necessary protection that it deserves, no matter where it is.

 

In the ever-evolving landscape of cloud computing, data protection remains a top priority for businesses.

Data is omnipresent, spread across the edge, core, and public cloud, driving the need for an overarching data protection suite that is seamless across all endpoints, enabling a fully secure hybrid cloud.

 

The approach to building a data protection strategy can start from any of these endpoints. In this blog, we’ll look at how NetApp, the world’s leading intelligent data infrastructure management company, comes together with Google Cloud to provide an array of options to protect your data with Google Cloud NetApp Volumes. It’s just our way of respecting data.

 

Google Cloud NetApp Volumes is a fully managed cloud-based storage service that delivers the rich data management features of NetApp® ONTAP® data management software by combining with Google's robust infrastructure backbone and network delivery services. It’s available in all Google Cloud regions catering to a wide spectrum of workloads, ranging from shared files, databases, VMs, SAP, and GenAI.

 

It’s time to traverse the data protection landscape of NetApp Volumes. By leveraging features like NetApp Snapshot copies, backups, and cross-region replication independently or together, the data in NetApp Volumes can be fortified at various levels based on need.  

 

Hop on the data protection ride for a full tour now.

 

Snapshot copies

One of the core data protection features of NetApp Volumes is the ability to create Snapshots -read-only copies of the volume at a specific point in time. They provide a way to recover data if it’s accidentally deleted or becomes corrupted.

With NetApp's advanced Snapshot technology, users can :

rarvind_0-1728536134546.png

 

 

  • Create frequent Snapshot copies. Schedule regular Snapshot copies to capture changes in your data so that you have up-to-date recovery points. They can be scheduled at reoccurring time intervals and with configurable retention policies as per business needs.
  • Optimize storage utilization. Snapshot copies are space efficient, only storing changes made since the last Snapshot copy, which minimizes storage overhead.
  • Recover data instantly. Quickly revert to a previous state or spin up a new volume with the data present in the Snapshot copy.

 

 

 

 

Backup

While snapshot copies play a key role in instant recovery of data, they are locally present on the same production system. There are several mantras to a data protection strategy, the first is to eliminate single points of failure. A step toward this goal is to maintain a full copy of the data in a second location that will ensure recovery if the production data is unavailable.

With NetApp Volumes, the data can be backed up to a backup vault (which is independent of the primary storage system) at a predefined cadence. These vaults are provisioned in the region where the production data resides. The recovery points are "incremental forever" to optimize the storage used by backups, contributing to a sustainable approach. This approach leads to a higher impact, especially when backups are being created for long-term retention.

 

The standard approach is to set up automated backups using a schedule so that the data is consistently protected without manual intervention.

 

To create a backup policy, you provide the retention count for each backup recurrence: daily/ weekly/monthly.

rarvind_1-1728536134549.png

 

 

Then you can assign the policy to one or more volumes to kick-start the autopilot for protection.

 

 

rarvind_2-1728536134555.png

 

Volume replication

The second mantra for data protection: “Expect the unexpected and always have a plan B.”

 

Although it’s unlikely, it’s possible for a region to go down unexpectedly or enter a degraded state. If the applications can’t be switched to another region so that operations can resume within a reasonable time, the outcome can be disastrous to the business.

 

Data is always the focal point of a business continuity and disaster recovery (BCDR) plan. With NetApp Volumes, data can be asynchronously replicated across different geographic locations—that is, regions in Google Cloud—at a predefined interval, such as a recovery point objective (RPO) as low as 10 minutes.

 

By implementing a BCDR plan with NetApp Volumes, a copy of data is always available in the DR region when it’s needed the most:

  • Disaster recovery. Maintain a replica of your data in a separate region, so that data is available even if one region experiences issues.
  • Business continuity. Minimize the impact of regional outages or data center failures by enabling instantaneous failover to replicated volumes.

A business continuity plan can be brought into effect by using an automated workflow with the following inputs from the end user -

 

  • Source volume
  • RPO interval
  • Storage pool in the destination
  • DR region
  • Volume name for the DR volume and the name of the share

 

rarvind_3-1728536134560.png

 

rarvind_4-1728536134566.png

 

 

The volume is automatically created in the destination region and the replication is initiated per the specified RPO window.

 

rarvind_5-1728536134569.png

 

The DR drill can start right away, allowing failover to the DR region, resynchronizing data back with a region that was down, and finally reversing the roles of the regions after complete recovery.

 

Regional volumes

Another fault domain for consideration is within a region, where a zone could encounter an outage leading to business downtime.

 

With the Flex service level, the storage pools can be configured with regional availability, by selecting two zones in a region for data availability.

 

The production volume is hosted in the active zone, and a cross-zone synchronous replication is established to the replica zone to provide high-availability across zones.

 

rarvind_6-1728536134572.png

 

If the active zone is down, the volume will automatically fail over, and data will continue to be served from the replica zone.

 

rarvind_7-1728536134575.png

 

The same setup can also be used to enforce a manual zone switch, in which all the data access switches over to the replica zone (the new active) and the former active zone takes the back seat as the new replica zone.

 

A typical day with NetApp Volumes

Now that we’ve taken a look at the foundational data protection features of Google Cloud NetApp Volumes, let’s see how a financial institution such as a bank can leverage these capabilities to safeguard their business-critical data.

 

On a regular business day, the data that’s being created, stored, and retrieved for bank operations holds the highest importance. To safeguard the bank’s interest as well as that of its customers, multiple levels of protection need to be put in place for the business-critical data.

 

With NetApp Volumes, a volume that contains customer information and associated financial records is provisioned as a regional volume that provides data availability even if a zone fails, addressing the standard near-DR objective. As an added measure, this volume is replicated to another volume in a different region, addressing the far DR measures.

 

For high-speed recovery, the production volume is configured with a Snapshot schedule that maintains point-in-time representations of data for every business hour in a day. These Snapshot copies will be retained for 7 business days or more as needed, and they can be used for instantaneous recovery if data is accidentally deleted or becomes corrupted.

 

For compliance and long-term retention, the bank implements a backup program, where a copy of the data in the volume will be backed up to a backup vault at the end of every business day, week, and month. These backups will be retained for 7 days, 12 weeks, and 60 months respectively, providing the bank a compliance coverage period of 5 years.

 

In this way, the bank can meet its data protection objectives in a few clicks by using the built-in capabilities of NetApp Volumes.

 

How about a second line of defense?

The defending power of a fort is only as strong as its weakest wall. Likewise, the smallest loophole in securing data is all that it takes for a breach.

 

Considering that, NetApp Volumes also delivers a host of additional features aimed at strengthening the walls to our data fort.

 

Encryption

Data encryption is crucial for protecting data both at rest and in transit. With NetApp Volumes, the data is encrypted with Google’s built-in, default encryption scheme that’s based on AES-256.

 

Alternatively end users can take control and encrypt their data by integrating with customer-managed encryption keys (CMEK). In either case, the settings are handled at the storage pool level, and the encryption scheme applies to all the volumes contained within the pool.


For a deeper dive, please refer to - https://community.netapp.com/t5/Tech-ONTAP-Blogs/Customer-managed-encryption-keys-with-Google-Cloud-NetApp-Volumes/ba-p/455107

 

Access controls and audit logging

Integrating with Google Cloud’s audit logs service, you can enable the collection of audit logs for the operations in NetApp Volumes by navigating to the logs explorer and providing the following parameters in the query builder:

 

resource.type="audited_resource"

resource.labels.service="netapp.googleapis.com"

 

That’s all that it takes—now every activity corresponding to NetApp Volumes will be logged and reported.

 

For role-based access control (RBAC), NetApp Volumes provides two predefined identify and access management (IAM) roles in Google Cloud—admin and viewer—that can be assigned to users. If there is a need, administrators can also configure a custom user role with a specific set of permissions and assign it to a user.

 

Compliance and regulatory support

For organizations subject to regulatory requirements, NetApp Volumes has bagged multiple certifications:

  • SOC 1 Type 2
  • SOC 2 Type 2
  • SOC 3
  • HIPAA

The service goes through regular third-party audits that include comprehensive testing of the design, security standards, and operating effectiveness of the controls within each audit period.

 

Conclusion

Google Cloud NetApp Volumes delivers a comprehensive suite of features designed to protect the integrity, availability, and confidentiality of data. With capabilities such as Snapshot copies, integrated backup solutions, volume replication for BCDR, encryption, and robust access controls, businesses can confidently leverage cloud storage while maintaining stringent data protection standards. By using these features, organizations can effectively safeguard their data against loss, corruption, and unauthorized access, supporting a resilient and secure cloud infrastructure.

 

The power to protect is always in your hands—and with Google Cloud NetApp Volumes, it’s a superpower!

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Public