Data Protection for Enterprise Applications in the Public Cloud · WHITE PAPER . Data Protection for Enterprise Applications in the Public Cloud . Dell EMC NetWorker with CloudBoost

WHITE PAPER

Data Protection for Enterprise Applications in the Public Cloud Dell EMC NetWorker with CloudBoost Solution for AWS

Abstract Dell EMC NetWorker with CloudBoost is a unified data protection solution that centralizes, automates, and accelerates backup and recovery across multi-platform environments.

This white paper explains the benefits, sizing, and architecture of the NetWorker with CloudBoost solution for data protection of enterprise applications residing in the AWS public cloud.

August 2016

2

Copyright © 2016 Dell Inc. or its subsidiaries. All Rights Reserved. Dell, EMC, and other trademarks are trademarks of Dell Inc. or its subsidiaries. Other trademarks may be the property of their respective owners. Published in the USA. 08/16, White Paper, H15328

Dell believes the information in this document is accurate as of its publication date. The information is subject to change without notice.

3

Table of contents

About .........................................................................................................................................4

Enterprise data protection in the cloud .................................................................................5 Preface .............................................................................................................................................. 5

Requirements for enterprise data protection in the cloud .................................................................. 5

Dell EMC NetWorker with CloudBoost Solution ................................................................................ 5

Solution overview .............................................................................................................................. 5

Use cases ......................................................................................................................................... 6

Solution benefits ................................................................................................................................ 7

Availability and sizing ..............................................................................................................8 CloudBoost ........................................................................................................................................ 8

NetWorker ......................................................................................................................................... 8

Solution components and architecture............................................................................... 10 Solution components ....................................................................................................................... 10

Cloud object storage ....................................................................................................................... 11

Data path explained ........................................................................................................................ 12

Control path explained .................................................................................................................... 13

Management capabilities ................................................................................................................. 13

Disaster recovery ............................................................................................................................ 14

Security and auditing ....................................................................................................................... 14

Solution examples ................................................................................................................. 15 Small environment ........................................................................................................................... 15

Enterprise environment ................................................................................................................... 15

Learn more ............................................................................................................................. 17

4

About Dell EMC is a global leader in enabling businesses and service providers to transform their operations and deliver information technology as a service (ITaaS). The cloud is fundamental to this transformation. Through innovative products, services and partnerships, Dell EMC accelerates the journey to the cloud, helping IT departments to extend to, manage, protect and analyze their most valuable asset—information—in a more agile, trusted and cost-efficient way.

Dell EMC works with organizations around the world, in every industry, in the public and private sectors, and of every size, from startups to the Fortune Global 500. Dell EMC holds a commanding first place position for backup appliances market with >60% market share, and has maintained its leadership position in the Gartner Magic Quadrant for Data Center Backup and Recovery Software for 17 consecutive years.

Dell EMC has the industry's broadest portfolio of systems, software and services, as well as a deep, broad array of partners including many other industry leaders. Alone or with those partners, Dell EMC offers totally integrated solutions as part of our commitment to deliver the best Total Customer Experience in this industry.

Dell EMC NetWorker is a unified data protection software solution for the enterprise that centralizes, automates, and accelerates backup and recovery across multi-platform environments, both physical and virtual. Its record-breaking performance for applications of all kinds—including the most popular database, messaging, content, and ERP applications—ensures fast, secure, easy-to-manage backup/recovery for any size organization, from small offices to large data centers.

Whether operating on-premises in the customer’s data center or in the cloud, NetWorker helps drive cost and complexity out of the backup and recovery operation. Centralized management and intuitive interfaces require fewer personnel and reduce training costs. A plethora of native NetWorker technologies developed and honed over twenty-five years serve to maximize resource utilization, lower maintenance needs, and reduce recurring costs for NetWorker customers. With NetWorker, one can start small and grow big. NetWorker delivers investment protection through assured performance, coverage and scalability.

Dell EMC CloudBoost is a data protection-optimized cloud enabler for use on-premises and in the cloud. The data protection solution based on NetWorker with CloudBoost provides optimized data protection for enterprise applications regardless of whether they are running on-premises or in AWS. Moreover, the very same solution can be used for operational backup purposes and long term retention (LTR) with support optimized for object storage including AWS S3.

A single NetWorker with CloudBoost environment can span extending on-premises data protection to the cloud for long term retention, direct-to-cloud data protection and in-the-cloud data protection where all components—backup clients, NetWorker components and the CloudBoost appliance—are fully supported to run in AWS.

The NetWorker with CloudBoost solution for enterprise data protection in the cloud offers unparalleled scalability, performance, efficiency and security for its enterprise customers.

5

Enterprise data protection in the cloud

Preface When applications run in the cloud, infrastructure responsibility shifts from the customer to the cloud vendor. Nonetheless, critical data protection requirements remain the same. As existing 2nd platform applications move to the cloud, data protection capabilities should follow those applications in a way that is non-disruptive yet cloud-optimized.

Requirements for enterprise data protection in the cloud Data protection in the cloud does not only need to be cost sensitive, it needs to match the architectural assumptions of cloud economics while maintaining the data protection requirements of the traditional applications.

For applications running in the cloud, such as those running on-premises in the customer’s data center, data protection must include recovery point objectives (RPOs) and recovery time objectives (RTOs) that match the specific requirements of the business. Similarly, protecting these applications must entail appropriate per-application service level objectives (SLOs).

Beyond RPO, RTO and SLO requirements, data protection for in-cloud applications must be efficient—it must make optimal use of resources such as storage capacity and network bandwidth. As such, the protection strategy should include technologies such as deduplication (to ensure that only unique data is transferred over the wire and stored in the cloud), compression, WAN optimization (to further minimize network traffic and enable best usage of long-distance links) and of course incremental backup capabilities. Data protection for in-cloud applications must also offer end-to-end, enterprise-grade security through the use of encryption in-flight and at-rest, self-protection mechanisms, service isolation, and other means. Finally, data protection for in-cloud applications should be rendered cost-effective and resource-efficient through the native use of simple, inexpensive and highly durable object storage as the backend target.

Dell EMC NetWorker with CloudBoost Solution The Dell EMC NetWorker is a unified data protection software solution for the enterprise that centralizes, automates, and accelerates backup and recovery across entire IT environments. Dell EMC CloudBoost, designed specifically for NetWorker, is a data protection-optimized cloud enabler for use on-premises and in the cloud.

Solution overview The Dell EMC NetWorker with CloudBoost solution provides optimized data protection for enterprise applications regardless of whether they are running on-premises or in AWS. Moreover, the very same solution can be used for operational backup purposes and long term retention (LTR) with support optimized for any object storage type including AWS S3.

NetWorker 9.0.1 with CloudBoost 2.1 provide an integrated solution for cloud data protection with optimizations for all three major use cases.

6

Use cases Backup on-premises and replicate to the cloud

This use case is designed for situations where the user has existing on-premises infrastructure and would like to use public cloud object storage for long-term retention and compliance requirements. Backup copies required for short term operational recovery remain on-premises for fast restore; and optionally, a disaster recovery site may be established for contingency purposes. Ideal candidates for this use case include backup environments that use tape for long term retention and compliance. In this case the tape storage is replaced with public cloud object storage.

An optional site cache eliminates the impact of long-distance connectivity. Site caches are beneficial for environments such as remote and branch offices where low bandwidth, high latency or network reliability may be an issue.1

Advantages:

• Fast restore from on-premises short-term backup copies

• Consumption of low-cost public cloud object storage for long term retention backup copies

• Data de-duplication, encryption and compression before replication to cloud

Backup to the cloud

This use case is designed for situations where the user has on-premises infrastructure and would like to use public cloud object storage for all backup workloads, including short term backups for operational recovery and long term backups for compliance.

As with the use-case of replication to cloud, optional site cache eliminates the impact of long-distance connectivity. In use-case of backup to the cloud, it also better meets recovery time objectives because the most frequently used data is locally cached.

Advantages:

• Fast restore from locally cached short-term backup copies (when using the optional site cache)

• Consumption of low-cost public cloud object storage for all backup copies

• Data de-duplication, encryption and compression at source before transfer to cloud

Backup in the cloud

This use case is designed for situations where the user has workloads running in public cloud virtual machine instances and would like to use public cloud object storage for all backup workloads, including short term backups for operational recovery and long term retention backups for compliance.

Advantages:

• No on-premises infrastructure required

• Consumption of low-cost public cloud object storage for all backup copies

• Data de-duplication, encryption and compression at source for optimal security and solution efficiency

1 Site cache service is not available when CloudBoost appliance is deployed within AWS

7

Solution benefits The data protection solution based on Dell EMC NetWorker with CloudBoost natively deployed in AWS provides optimized data protection for enterprise applications running in the public cloud.

Scale, performance, efficiency and security

A single CloudBoost appliance can support 6 petabytes of logical data in the cloud. Additional appliances can easily be deployed in the environment to increase overall scale and flexibility. In this solution, the low-cost and highly durable cloud object storage is used to store backup copies for short term operational recovery requirements or long term retention and compliance requirements.

The cloud object storage represents a near infinite amount of storage that can be consumed by the NetWorker with CloudBoost solution to store and retrieve backup copies.

Fine-grained deduplication, compression and WAN optimization—all applied at the source—optimize performance and conserve valuable storage and network resources.

An optimized, direct data path obviates the need for data to first be cloned to a local backup target (NetWorker Storage Node) before being sent to the cloud. Efficiency is maximized as data flows from the protected system directly to cloud storage with built-in WAN optimizations without the bottlenecks of a single gateway in the data path. (The option of cloning to cloud is available as well.)

CloudBoost delivers a full security model regardless of whether data is stored in a public or private cloud. All data is segmented into small chunks, each of which is individually encrypted with its own independent AES-256 key. All data transfers additionally take place over SSL/TLS, and data remains encrypted both in-flight and at rest at all times. As a result, CloudBoost delivers enterprise-grade security even when data must move or reside outside the customer’s firewall. On a related note, self-protection in the form of a native disaster recovery feature automatically and securely protects all system metadata and configuration settings in the target cloud so the entire solution can be recovered in minutes at the push of a button.

Enterprise-proven and cost-optimized

Dell EMC is a global leader in enterprise data protection. With over twenty-five years of experience, Dell EMC has invested heavily in re-architecting proven data protection solutions for the modern, software-defined data center. This experience and strategic focus is reflected in the NetWorker with CloudBoost solution where, for example, the highest levels of storage utilization efficiencies are achieved, reducing consumption of precious resources as well as total cost of ownership. The solution also minimizes the footprint of required components with an all-software architecture (though a physical CloudBoost appliance is also available). Moreover, it supports multiple types and tiers of object storage to offer customers maximum flexibility in deploying and operating the system.

Dell EMC affords customers additional flexibility in the form of simplified licensing. Individual components of the NetWorker with CloudBoost solution can be deployed on-demand without limitation, the only licensed item being logical protected capacity.

Finally, recognizing that modern IT infrastructure requires a modern customer service experience, Dell EMC answers the call with a wide range of customer service offerings and capabilities that are personalized, proactive and predictive. These include 24x7 worldwide support by phone, email and Web with the industry’s highest SLAs; worldwide onsite assistance for critical issues; proactive monitoring and support of customers’ environments; and Professional Services assistance for solution design and implementation.

8

Availability and sizing

CloudBoost Starting with version 2.1, the CloudBoost appliance is fully supported in multiple form factors; VMware image for on-premises deployments, physical appliance for on-premises deployments and native AWS AMI image for in-the-cloud deployments.2

Note that the CloudBoost site-cache feature is available as optional component for on-premises deployments, but not required for in-the-cloud deployments.

The CloudBoost virtual appliance for AWS is delivered in native AMI format and is automatically associated with the AWS Account provided to Dell EMC Sales. Each CloudBoost virtual appliance can manage up to 6PB of logical protected capacity, while additional appliances can be deployed to increase overall scale, performance and flexibility.

In the event the CloudBoost appliance needs to scale to support higher data volumes, the environment must scale out by adding a second CloudBoost appliance and associating it with the existing NetWorker media pool. Once this is done, NetWorker will distribute the workloads across the available CloudBoost servers.

A single CloudBoost appliance provides performance of over 500MB/sec throughput with fully unique data when using Client Direct and 120MB/sec3 when used in low-connectivity proxy mode. Performance for actual de-duplicated data varies, but is typically calculated at 4x-8x.

Example configuration would include:

• Compute: Minimum instance with 4 vCPUs, 16GB memory (example: type AWS EC2 m4.xlarge)

o For larger workloads of more than 1PB of managed capacity, recommendation is 8 vCPUs with 32GB memory

• Storage: 100GB IOPS optimized SSD4 storage volume for appliance metadata (example: type AWS EBS io1) per 400TB of logical backup data under management

o The primary metadata volume can be expanded to 3TB to manage up to 6PB of logical protected capacity

Note: smaller environments can alternatively choose an instance with unified compute and storage such as AWS EC2 m3.xlarge that includes 4 vCPUs, 15GB memory and 2x40GB SSD storage.

The CloudBoost appliance requires Amazon Elastic Block Store (AWS EBS) for the operating system disk and metadata database as AWS EC2 instance default storage volumes are ephemeral and should not be used for the CloudBoost appliance.

The CloudBoost appliance should be deployed and configured before its attempted usage by NetWorker.

NetWorker NetWorker is available as user-installable software packages that can be deployed on any supported operating system regardless of underlying platform. In-cloud deployments with optimized support for AWS are supported starting with NetWorker 9.0.1. NetWorker software packages are available for download from Dell EMC:

• Download location for NetWorker Server, Management Console, Storage Node and Client

• Download location for NetWorker Module for Databases and Applications

• Download location for NetWorker Module for Microsoft

NetWorker Server can be deployed on any AWS EC2 instance5 running a supported Operating System version.

2 Additional form factors will be added in future versions of CloudBoost appliance 3 Saturates a 1Gbps network link 4 Note that usage of IOPS optimized SSD volumes is highly recommended for operational metadata.

9

The primary components that need to scale in this solution are the NetWorker server and the CloudBoost appliance. The NetWorker server is responsible for tracking real-time activities across the Data Protection service. There is a limit to the number of real-time activities and elements a NetWorker server can track given the available resources. The NetWorker server sizing table in the solution requirements section of this document describes how the virtual machine resources can be scaled up to satisfy additional workload. Once it is determined that scaling up yields diminishing returns, the environment must scale out by adding a subsequent NetWorker server.

An example configuration would include:

• Compute: o Small size: Unified instance with 4vCPUs, 15GB and 80GB SSD storage (example: type AWS EC2 m3.xlarge)

Sufficient for 50-100 clients with overall low parallelism of up to 50 concurrent jobs

o Medium size: Recommended dedicated instance with 4 vCPUs and 16GB of memory (example: type AWS EC2 m4.xlarge) for up to 200 clients, 10,000 jobs per day and high parallelism of up to 200-400 concurrent jobs.

o Large size: Recommended instance with 8 vCPUs and 32GB of memory (example: type AWS EC2 m4.2xlarge) for up to 1,000 clients with more than 10,000 jobs per day and extreme parallelism of up to 1,000 concurrent jobs.

• Storage: o 100GB IOPS optimized SSD6 volume for core operations (type AWS EBS io1)

o Optional HDD volume for large index maintenance (type AWS EBS st1)

Detailed sizing guidelines for CPU, memory, and storage requirements for NetWorker are documented in the NetWorker Performance Optimization & Planning Guide.

NetWorker Management Console is a UI monitoring, configuration and reporting solution for NetWorker and can be co-installed on the same system as NetWorker Server. However, for large environments or environments with multiple protection data zones, it is recommended to deploy NMC server separately from NetWorker Server.

Configuration Wizard with checklist as seen in NetWorker Management Console

Note that NetWorker with CloudBoost solution requires fully functional DNS services. DNS services can be hosted locally on a DNS server in the frontend network or can be provided by the cloud provider or an external Internet facing provider.

5 List of AWS EC2 instance types: https://aws.amazon.com/ec2/instance-types/

6 Note that usage of IOPS optimized SSD volumes is highly recommended for operational metadata.

10

Solution components and architecture

Solution components

The NetWorker Server is the core component of the solution and supports the policy, scheduling and catalog functions of the solution to manage backup and recovery processes between the NetWorker clients, CloudBoost appliances and cloud object storage. The NetWorker server also coordinates NetWorker Application Modules to create consistent and recoverable backup copies of operating system and application workloads.

A NetWorker client is a software component deployed in public cloud virtual machine instances to protect the operating system and application data. Once deployed, the client configuration is performed from the NetWorker Management Console and associated with one or more protection policies. These protection policies determine when clients are protected, what is protected, where backup copies are sent, and how long they are retained.

NetWorker application modules are software components deployed alongside NetWorker clients to integrate the Data Protection service with application workloads. It is recommended these modules be deployed to provide application administrators with control and visibility of Data Protection services and granular recovery capabilities and to ensure the application state is transaction-consistent at the time of backup.

There are two application module bundles that would be appropriate for public cloud use cases.

• NetWorker Module for Microsoft (NMM)—support for Microsoft applications (such as MS SQL Server, SharePoint)

• NetWorker Module for Databases and Applications (NMDA)—support for UNIX applications (such as Oracle, DB2, Sybase, SAP, MySQL)

NetWorker Storage Nodes are optional components that can co-exist with any NetWorker Client or be installed on a dedicated system. Actual resource requirements are small; any instance with a minimum of 4 vCPUs is considered sufficient. Storage node deployment is required for support of NetWorker clients without Client Direct workflow, in which case multiple storage nodes can be used to load balance concurrent operations from large number of clients.

The CloudBoost appliance provides access to the cloud object storage for backup data. Once deployed and activated, the CloudBoost appliance is considered headless and managed via the Dell EMC Cloud Portal. This portal is hosted by Dell EMC so that CloudBoost appliances can be deployed and managed across any combination of private and public cloud environments. The Dell EMC Cloud Portal is accessed in a standard web browser. Some of the management functions available include configuration, monitoring, capacity and performance management, upgrading and recovering CloudBoost appliances.

11

Cloud object storage The NetWorker with CloudBoost solution uses AWS S3 cloud object storage as the primary type of backup storage for all purposes, including client backup data as well as protection of the NetWorker and CloudBoost metadata stores. Usage of other cloud storage types such as EBS as backup target is possible7, but not recommended due to higher cost, limited concurrent access and lower durability.

The durability of data stored in AWS S3 cloud object storage is a function of the AWS S3 service. Types of S3 storage that are recommended for data protection are:

• Standard: designed for 99.99% availability and 99.999999999% durability

• Standard-Infrequent Access: designed for 99.9% availability and 99.999999999% durability

It is important to recognize that redundancy provided by S3 does not prevent data loss in the event of accidental, intentional or malicious deletion of objects contained in the S3 storage. It is for this reason you should strongly consider whether other forms of isolation are necessary to minimize the risk of permanent data loss.

The choice of usage between S3 and S3 Infrequent Access cloud object storage is primarily defined by desired solution performance characteristics.

Note that overall solution performance depends on the underlying performance of S3 cloud object storage which can experience throttling. S3 scales to support very high request rates, but support for that has to be enabled on the AWS side. For large environments with high session concurrency, it is recommended to contact AWS support8 to avoid temporary limits on request rate.

For further information refer to AWS S3 services documentation.

7 EBS storage can be configured in NetWorker as target for AFTD backup device type 8 http://docs.aws.amazon.com/AmazonS3/latest/dev/request-rate-perf-considerations.html

12

Data path explained

Client Direct provides the optimal data path from client to cloud object storage without introduction of bottlenecks in form of a single system. With Client Direct, each client transfers data to cloud object storage directly (as instructed by backup server) while metadata is registered with CloudBoost appliance (location of each chunk) and NetWorker server (logical information such as file-level properties).

When Client Direct is not available or a direct route to cloud object storage does not exist, client falls back to data flow via NetWorker storage node.

In environments with limited connectivity to cloud object storage, data optionally gets routed via the CloudBoost appliance for control of a single point of egress. This reduces overall backup performance, but allows for protection of clients that do not have sufficient connectivity.

Notes:

• Client Direct workflow is currently supported only for NetWorker client on Linux platform. Other NetWorker clients can route data via NetWorker Storage node on Linux platform for hybrid workflow.9

• For smaller environments or environments with limited connectivity, use of an embedded NetWorker Storage Node inside the CloudBoost appliance allows for deployments without external storage node. However, this reduces overall scalability of the solution due to single data path – all data is routed via the CloudBoost appliance.

9 Support for NetWorker clients on Windows with Client Direct will be added in future versions of NetWorker

13

Control path explained

As it can be seen in the previous two illustrations, all NetWorker components communicate using RPC protocol while all data transfers to cloud object storage are done over HTTPS.

Management capabilities

All NetWorker servers and clients are managed from the NetWorker Management Console server. The management console provides reporting and monitoring capabilities for all NetWorker servers and clients and can also provide logging and alerting of events and notifications.

The console server is accessed through a graphical user interface that can be run from any system with a supported web browser and Java Runtime Environment (JRE). Multiple users can access the console, and authentication can be integrated with Lightweight Directory Access Protocol (LDAP/S) and Microsoft Active Directory Server (AD).

To reduce the number of virtual machine instances required, the console server can be deployed on a server that is also acting as the NetWorker server.

14

Disaster recovery While very unlikely, public cloud environments are susceptible to outages and disaster scenarios. It is prudent to ensure that the Data Protection management solution and the data under management are recoverable from failure scenarios affecting the public cloud provider. The NetWorker with CloudBoost solution provides auto-protect capabilities of the data protection solution itself.

There are three datasets required to rebuild the Data Protection management solution. These include the NetWorker server bootstrap data and client file indexes, and the CloudBoost server metadata database.

NetWorker bootstrap data and client file indexes are backed up regularly via standard NetWorker policy and stored in cloud object storage.

The CloudBoost metadata is also backed up regularly to the cloud object storage and is configured via the Dell EMC Cloud Portal.

In the event of a disaster that renders the servers inoperable, the following steps would be taken:

• Deploy a new CloudBoost appliance and register it to the Dell EMC Cloud Portal account (but do not configure it)

• Recover the CloudBoost appliance using the Dell EMC Cloud Portal (select the un-configured CloudBoost server)

• Deploy a new NetWorker server instance and associate it with the CloudBoost appliance

• Recover the NetWorker bootstrap and client file indexes

The default values for self-protection of NetWorker server metadata is once-per-day while the default value for self-protection of CloudBoost appliance metadata is every 6 hours. Both values are fully configurable and determine worst-case recovery point objective in case of corruption of primary systems.

Security and auditing NetWorker Authentication Service provides a NetWorker environment with token-based authentication and single sign on (SSO) support. Token-based authentication enables users to securely connect to the NetWorker Management Console and NetWorker server and to perform secure backup and recovery operations.

When a NetWorker or NetWorker Management Console operation requires authentication, the requesting process contacts the NetWorker Authentication Service to verify the credentials of the user account that started the request. When the NetWorker Authentication Service successfully verifies the user, the application issues a time-limited, signed, and encrypted SAML token to the requesting process. All the NetWorker components that require authentication can use the token to verify the user until the token expires.

The NetWorker Authentication Service supports both an internal authentication authority and external authentication authority via LDAP and AD services. The service also provides a hierarchical security model for users and groups, which enables you to define access levels, authentication and authorization in a multi-tenant configuration.

The CloudBoost technology implements both in-flight and at-rest encryption for all transactions. CloudBoost uses Secure Socket Layer (SSL) to communicate with the object storage and also produces signed URLs that are only valid for a limited time and cannot be replayed. The signed URLs are used to access the public object storage securely. CloudBoost uses Secure Hash Algorithm Standard 2 (SHA-2 with subtype SHA-256) to uniquely identify and track the data and Advanced Encryption Standard (AES-256) to encrypt the data stored in the cloud object storage.

The data collected by the NetWorker server facilitates auditing tasks and activities performed by specific users. By default the retention policy for audit data is one year; however, this can be increased as required.

15

Solution examples

Small environment The following example provides general sizing guidelines for a deployment of a minimal viable data protection in the cloud solution:

• 50-100 clients, primarily Linux-based servers utilizing Client Direct feature with small number of Windows servers utilizing embedded NetWorker Storage node within CloudBoost appliance.

Solution sizing

Minimal configuration:

• NetWorker server and co-hosted NetWorker Management Console Server running on a unified AWS EC2 instance such as instance type m3.xlarge with 4 vCPUs, 15GB memory and 2x40GB SSD storage

• CloudBoost appliance running on a unified AWS EC2 instance such as instance type m3.xlarge with 4 vCPUs, 15GB memory and 2x40GB SSD storage

In this configuration, there is no need for additional EC2 instances such as separate NetWorker Management Console server or additional storage nodes.

Enterprise environment The following example provides general sizing guidelines for a deployment of data protection in the cloud solution for the environment.

• 500 Clients, even mix of Windows and Linux servers (unspecified number of applications)

• Total front end protected capacity is 100TB with largest clients being in the multi-TB range

• Daily backup with backup window of 8 hours and typical retention policy of 30 days, but can be extended for some clients

Assumptions:

• That there are 4 sessions per client on average (total of 2,000 sessions per day).

• Front end protected capacity equals back end storage requirements after de-duplication and when calculated over time with 30 days of typical data retention period.

Solution sizing

Optimal recommendations for data protection environment:

1 x NetWorker server running on EC2 instance with 4 vCPUs, 16GB memory and 200GB EBS SSD storage

1 x NetWorker Management Console server running on a separate EC2 instance with 4 vCPUs, 16GB memory and 50GB EBS SSD storage

2 x CloudBoost appliance running on EC2 instance with 4 vCPUs, 16GB memory and 100GB SSD storage each

4 x NetWorker storage node running on EC2 instance with 4 vCPUs, 8GB memory each and without attached EBS dedicated storage.

Optimal overall data zone parallelism10 for this setup is 500 concurrent jobs, but to achieve this we need to setup multiple CloudBoost devices on the NetWorker server as each device is limited to parallelism of 100. Since we have two CloudBoost appliances, we can create three CloudBoost devices pointing to each appliances and share them across storage nodes in following manner:

• Devices 1,2,3 pointing to CloudBoost appliance #1

• Devices 4,5,6 pointing to CloudBoost appliance #2

10 Data zone parallelism is ability of data protection solution managed by a single NetWorker server to manage multiple concurrent jobs or backup sessions.

16

All devices are part of the same NetWorker server media pool and as such are available for the client-direct workflow.

Devices 1,2,3 should be shared between NetWorker storage nodes 1 and 2 for load balancing of remaining sessions. Devices 4,5,6 should by shared between NetWorker storage nodes 3 and 4.

NetWorker storage nodes would be used to load-balance backups only from Windows clients (~250) as Linux clients would utilize Client-Direct feature. This would result in 4 x 250 = 1,000 sessions distributed over 4 storage nodes with 3 devices each (total of 12 devices with 1,000 sessions is below the limit of 100 sessions per device).

This can result in overall performance reaching 1GB/sec physical throughput toward AWS S3 cloud object storage. Even with a low deduplication rate of 4x, the result is 4GB/sec peak performance for logical (virtual) throughput. Note that to achieve an initial full backup within the required backup window, the required performance is 100TB/8h = 3.55GB/sec, which is below our design target.

Minimal recommendations for data protection environment:

If full backups are not required to meet the specific backup window and that requirement only applies to daily incremental backups, then the solution can be reduced to:

• 1 x CloudBoost appliance

• 2 x NetWorker storage nodes

This would reduce overall throughput of the solution, but it would remain well within the limits required by daily incremental backups. Note that the average daily change rate is assumed to be 4% (typically lower for filesystems and higher for applications).

Maximal recommendations for data protection environment:

As the number of clients grows from 500 to 1,000 (2x servers) and total protected capacity grows from 100TB to 400TB (2x more data per server), this solution can be expanded on the fly.

• Increase EC2 instance sizing for NetWorker server to 8 vCPUs, 32GB memory and 500GB SSD storage

• Increase number of attached NetWorker storage nodes from 4 to 8 (without change in specifications)

• Increase EC2 instance sizing for each CloudBoost appliance to 8 vCPUs, 32GB memory and 200GB SSD storage

• Change the NetWorker server configuration to increase overall parallelism to 1,000 sessions and configure larger number of CloudBoost devices (from 12 devices to 24 devices).

This results in a solution that can offer protection with 4x overall data volume increase without reaching the limits or need for re-architecture. The same recipe can be followed to even higher limits – up to more than 20,000 sessions day with almost unlimited managed capacity (for example, configuring 10 CloudBoost appliances under management of a single NetWorker server can give a theoretical maximum size of 60PB of managed capacity).

Capacity optimized recommendations for data protection environment:

In scenarios where the backup window is flexible or the average data retention policy is longer and thus requiring a larger solution, the configuration can be modified to increase the size of attached EBS storage volumes on CloudBoost appliances to allow for management of larger logical capacities (up to 3TB of storage, which allows management of up to 6PB logical capacity per CloudBoost appliance) without the need to increase compute resources for any of the components.

17

Learn more • CloudBoost Installation Guide

• CloudBoost Administration Guide

• CloudBoost Security Guide

• CloudBoost Release Notes

• NetWorker with CloudBoost Integration Guide

• NetWorker Documentation Portfolio

• Cloud Portal Overview & Security Mechanisms