Architecture Matters: Blueprints for Backup as a Service Offerings
As a service provider (SP), how happy are you with your legacy backup architectures? How do they perform in this increasingly cloud-based, always-on world? My educated guess is that you are looking straight into the eyes of a nightmare. With data no longer confined in data centers or fitting neatly into a prescribed set of on-premises databases, architecture matters. The backups of yesteryear can be replaced with cloud-based and software-defined architecture designed for a brave new data world.
Cohesity’s platform approach to building and delivering applications on a single platform drives efficiencies of scale. The platform supports numerous use cases and helps service providers manage their data requirements, whether these are on-prem, collocated, hybrid, or multi-cloud environments. In this blog series, we’ll look at how architecture matters to service providers (SPs) who want to provide the best for their customers. In this first blog of the series, I tackle how Cohesity Powered backup as a service for service providers delivers the maximum flexibility for your and your clients’ needs.
What’s Wrong with Legacy Backup?
Figure 1 represents a common legacy backup scenario. This traditional, multipoint architecture is full of silos, and consists of backup software, target storage, media and master servers, and bolt-on cloud gateways — all from different vendors. IT teams must monitor, keep track of, and think about multiple things at all times while negotiating with multiple vendors. This fragmented, slow, on-premises, and expensive architecture is fraught with challenges:
Meeting SLAs is increasingly difficult.
Audits from legacy backup vendors add costs, time, and complexity to management.
The cost of adding and maintaining backups is increasing while budgets are tightening.
A simple software update is labor-intensive and requires downtime.
Multiple user interfaces and complex-to-configure solutions complicate data and backup management.
Massive upgrades are required every 3-5 years.
For SPs, whose data strategy must meet the needs of each application, legacy backup creates a divide between apps, data, and the cloud. Most SPs are key to helping organizations manage their paths to the cloud and deliver better business outcomes. Yet, they themselves often struggle with the siloed, traditional approach to back up and recovery with its multiple solutions that are made of software, components, and hardware.
Scaling these to meet customer needs and addressing client challenges is increasingly difficult. But it doesn’t have to stay that way. Backup as a service is an attractive alternative to the traditional legacy backup architecture that reduces complexity, scales easily, delivers increased performance, and keeps costs down.
What Is Backup as a Service?
Backup as a service (BaaS) is a method of offsite data storage that delivers data backups to a remote secure cloud-based data repository over a network connection. A managed service provided by SPs, BaaS connects systems to a private, public, or hybrid cloud, instead of centralized, on-premises data centers managed by ITs. It is easier to manage than other offsite services because data storage administrators can offload maintenance and management to the SP. Here are four of the most common use cases for BaaS.
Consolidating Backup Infrastructure
Legacy backup point products fragment data across infrastructure silos, management systems, and locations, making it too complex for IT to find, protect, and leverage for business differentiation. What’s needed is a simpler way to make use of all your data. Multicloud software-defined BaaS infrastructure eliminates unnecessary data copies and addresses mass data fragmentation by consolidating all backed up data and apps on a single web-scale platform.
Mitigating Ransomware Attacks
The Colonial Pipeline story is proof: ransomware attacks are mainstream. Attackers are increasingly modifying their ransomware to track down and eliminate on-premises backups — often as the first point of attack. When machine learning is incorporated into BaaS, it can continuously monitor for anomalies in data and quickly and automatically locate and remediate infected data across a global footprint, including public cloud. Instant mass restore to any point in time to bring back data and apps fast for business continuity is a key feature.
Deriving Insights from Dark Backup Data
Data silos created by legacy backup products make it difficult not just to find valuable business information in backup data but also turn it into actionable insights. BaaS can shine a light on dark data for e-discovery, compliance, and analytics requirements, making it easier to analyze massive data sets to derive insights and avoid compliance violations.
Developers need to speed application creation and testing is often too hard to access in a legacy architecture. BaaS can speed up DevOps delivery both on-premises and across clouds by making backup data easily and instantly available. It can support the quick zero-cost cloning, customizing, and tearing down of dev and test environments on a single platform, further eliminating fragmented, expensive-to-operate infrastructure stacks dedicated to development.
BaaS as a Service Deployment Scenarios
Just like there are common BaaS use cases, there are also several common options for deployment:
Hosted backup: Service providers often provide shared hosted infrastructure as a service (IaaS) wherein they host the customer’s IT infrastructure. Cohesity Helios provides them with the ability to offer their customers BaaS in a secure multi-tenant environment. Hosted back is typically implemented in one of two backup network topologies; a tenant-reachable or tenant-isolated network, depending on existing infrastructure and business requirements.
Local backup and replication: Service providers can provide managed BaaS for customers who prefer to keep the primary copy of the backup data on-premises and then replicate a copy of the backup to a central service provider location (similar to tape offsiting) for disaster recovery (DR) purposes
Remote backup: Using Cohesity Helios, service providers can provide BaaS over the internet by using either a dark fiber connection or a VPN tunnel or even over the WAN.
Each of these scenarios has its pros and cons. There are BaaS offerings that combine some of them, but when you consider the disparate, muti-modal, big, siloed, and unstructured data generated by most modern organizations, one or a few of these deployment options is not enough.
The Cohesity Difference: Blueprints for the Deployment Scenarios
Cohesity’s software-defined solution replaces fragmented data center silos with a web-scale platform that dramatically improves business flexibility for SPs. By offering Cohesity-powered data management services, service providers can deliver a multitude of services, starting with Backup as a Service. As Figure 3 shows, we have the blueprint for deploying on customer premises, internal data centers, as well as public cloud providers, to deliver a complete suite of backup as a service offerings in various modalities.
The primary value proposition for SPs is simplicity. Cohesity helps you simplify your data silos so you can focus on delivering superior customer experiences. Cohesity modernizes your architecture and provides the inherent hybrid connectivity for BaaS. From day 1, the Cohesity platform was built with SPs in mind. It offers the multitenancy you need to support multiple customer backups and workloads on the same platform with secure namespace isolation and per-tenant encryption. It also ensures the security of data at-rest and in-flight with VLAN support. This is just the tip of the iceberg, though.
Why SPs Should Choose Cohesity for BaaS
As you can see from the diagram, in addition to simplicity and multi-tenancy, there are a myriad of reasons why your SP should choose Cohesity for BaaS.
Cohesity offers SPs pre-built integrations for all backup workloads with VMware vCloud Director, ServiceNow, and VMware vRealize Suite. Plus, flexible options for self-service tenant management through Cohesity and third-party GUIs simplify operations.
Architecture matters. Cohesity’s API-first architecture and full-featured REST API, along with the Terraform provider, support the need to invoke backup workflows as code or script, enabling automation with multi-tenant awareness. Cohesity is fully compatible with PagerDuty, Ansible, and ServiceNow as well.
For SPs, achieving high efficiency in backup VM or file storage is paramount to cost reduction. And with Cohesity, although tenants are securely isolated, Cohesity’s cross-tenant, global variable-length deduplication pulls the maximum efficiency from identical data sets across customers. In addition, the Cohesity file-system delivers unlimited scalability, and guaranteed data resiliency.
SPs that use public cloud in their backup framework or deliver cloud backup as a managed service on public cloud. To deliver this SPs can deploy Cohesity’s multi cloud platform in the public cloud.
The Cohesity Marketplace adds a whole new dimension to BaaS for SPs. Apps on the Marketplace unlock a variety of differentiated and value-added services, such as network security, mainframe backup, anti-virus, and more, that can be instantly deployed and run.
For SP environments with globally distributed customers, Cohesity Helios provides global visibility and control from a single dashboard. Manage backups that span your globally distributed data estate with Cohesity.
Blueprint Schematics: The Technical Advantages of Cohesity-Powered BaaS
What would architectural blueprints be without schematics? In the Cohesity blueprints for BaaS, the schematics are the underlying technology and its advantages.
For service provider backup as a service offering, Cohesity deploys a proxy VM called Hybrid Extender on the tenant side. This helps set up a secure TCP/IP channel between the tenant’s local network and the service provider datacenter. It includes identifying unique vCenters within the same IP range and source-side deduplication to reduce egress volume and SP compute load. On the SP side, each tenant can be assigned its own VLAN and storage domains.
Role-Based Access Control
With the Cohesity BaaS offerings for SPs, your admins have granular control over what users have access to. They can create organizations composed of storage and network resources and set up individual sources, protection jobs, and reports.
From a single Cohesity BaaS dashboard, you can manage multiple clusters, including multi-cluster monitoring, reporting, and orchestrated upgrades, without having to connect to an external network.
Global Actionable Search
Cohesity delivers Google-like searchability across clusters, including backed up files and VMs, and inspect for anomalies and appropriately remediate. For example, you can search for all unprotected VMs and create jobs to protect them, or audit recently accessed files.
Automatically schedule and orchestrate jobs and workloads to help meet your SLAs. Get recommendations based on capacity forecasting and disk failure prediction. View important Cohesity field notices.
Detect threats and other anomalies across clusters with the unified Alerts page. Use Cohesity’s framework against Ransomware attacks to detect and respond with machine learning algorithms that detect anomalous behavior and alert users of potential ransomware behavior and in the event of Ransomware attack deliver fast restoration times.
Reporting and Analytics
With deep visibility into backup statistics, you can implement accurate pricing and chargeback mechanisms, isolated per tenant. In addition, Cohesity’s custom reporting app can help you generate detailed performance and usage reports on demand or on schedule.
Real-Life Blueprint for SP BaaS Success: 1901 Group
SPs like 1901 Group are benefiting from and achieving ROI from Cohesity’s powered backup as a service for SPs. 1901 Group wanted to move away from aging legacy infrastructure and also address similar challenges for its clients who were often juggling three or more legacy platforms for data backup and recovery. They chose Cohesity to address these issues. Cohesity’s flexible licensing model, outstanding deduplication and compression, and data security enable the company to predict costs, effectively manage cash flow, and align capacity with demand in a multitenant provider environment. Cohesity’s encryption of data-at-rest and data-in-motion are especially critical for 1901 Group’s U.S. public sector clients in both commercial and GovCloud AWS environments where security and compliance include particularly stringent requirements.
The results 1901 Group achieved with Cohesity include:
Up to 35% in cost savings compared to other solutions
Data recovery time reduced by up to 99%
Deduplication and compression of 115x
Scalable and flexible disaster recovery and archival options natively integrated with secure GovCloud providers
Unified data platform stretching across data centers and public cloud
One of the biggest reasons we went with Cohesity was that the platform enables a predictable cost model for scalability and flexibility to manage a highly-regulated multi-tenant environment.