Read our other posts on this subject here and here. For a quick best practices overview check out this short video: Data Retention Best Practices for MSPs

What is the Technology Behind the Cloud Backup & Disaster Recovery Curtain?

Recently, there has been a lot of media coverage about Hillary Clinton using an MSP and a cloud backup vendor to protect her emails on her private email server — and the ongoing federal investigation that’s ensued. While the headlines and politicians rant, there seems to be murkiness in the media reports surrounding the technologies behind data protection solutions, the cloud, and who’s responsible for what. In this post, let’s consider what’s really going on behind the figurative data protection curtain. The first in a 5-part series, this blog will explain — from a technology point of view — the different cloud data protection options available to you.

Data vs System Protection

Traditional backup products look at which files have been updated on a server and copy those changed files to another place, be it tape or disk or the “cloud.” This is “legacy” backup and it’s been around for decades. Modern data protection tools look not just at the individual files on a server, but also take an image snapshot of the entire system, which includes files, applications, and the OS. The difference between file backup and system-level data protection? With the latter, you can not only recover individual files and folders, you can recover the entire system. The benefit of full-system recovery: It saves you the time required to get the system and apps up and running again. When comparing data protection technologies, it’s important to understand what type of protection the products you’re considering offer. Are you getting file backup? Or true image-level system protection? And perhaps most important, what type of protection do you really need?

Data Recovery and Server Failover

Whether an employee deletes a file, a system inadvertently corrupts a database, or a server crashes a hard drive, you have to immediately engage in recovery operations. To recover an individual file, you might select the latest restore point that could contain that file, browse through the backup, and click on the file you want to restore. You might recover an entire server image via what’s called a Bare Metal Restore (BMR for short), which allows you to rebuild a server to the image that was backed up—which, in turn, allows you to restore the files, applications, and operating system. This saves you time because you don’t have to re-install everything from scratch. Some solutions, like Axcient, also let you export a server image as a VMDK file, so you can recover that image directly into a VMware host.

Another recovery option is called a “server failover.” After a server fails, you spin up an exact copy of that system as a virtual machine, so that employees can continue working with the files and applications hosted by said server. You can execute failover operations locally (through an existing server or appliance) or remotely (in the cloud or in a separate location). Either allows the business to continue functioning while you rebuild the crashed server or fix whatever issue brought it down in the first place. You can now perform what is called a “failback,” meaning you can copy the data changes from the virtualized or failed-over server, back to the production server.

Granular Application Recovery

Another vital aspect of recovering backed up data: granular recovery of applications. Although most data protection products can take a copy of a Microsoft Exchange database and recover that entire database if needed, not many solutions can recover individual email messages without first restoring the entire database. The time savings you’ll realize when you’re able to search for and pinpoint an exact email or attachment — and recover that specific artifact — without having to recover the entire database, is significant. The same goes for a database like Microsoft SQL Server, which may be backed up, but if you only need to recover a certain table or a certain row of a specific table, you need to make sure your BC/DR product allows for that. Besides Axcient, there are only a couple of other vendors in the market with this type of application-aware granular recovery technology.

Local and Off-Site protection

When you want to protect your IT infrastructure, you have several different deployment options. Some vendors will give you a software-based product, which you must install on a server, making the resultant deployment your “backup server.” From this, you set up protection policies, defining the devices to protect, how to protect them, and for how long (retention). In many cases, you will also have to download and install “software agents” in each machine you want to protect. From there, you select where you want your backups stored, be it on tapes, to a disk, or on a SAN in your network — or maybe even in the cloud. Some vendors will give you a “backup appliance,” which is basically a purpose-built backup server that you connect to your network. All data is then backed up to this device, where it is stored conforming to your retention policies. Other vendors, like Axcient, follow a hybrid approach. This consists of a backup appliance that you deploy to your network (either as a physical server or a software-only virtual appliance), and that appliance connects to the cloud. The data is then stored both locally and in the cloud, for extra protection.

Another possible configuration: site-to-site replication. Two separate backup appliances are deployed in different locations. One appliance backs up your servers, and this appliance itself backs up to another appliance in another physical location (e.g. remote office, data center, etc.).

Finally, some vendors may present you with you an entirely different option, allowing you to download a software agent directly to the devices you want to protect (laptops, servers, etc.). Those devices then back up directly to the cloud. Axcient gives you this option with one key difference: We do image-level protection directly to the cloud, while most vendors will only do file-level protection in this cloud-only configuration.

Cloud Backup, Failover, and Office Virtualization

Cloud backup products abound, yet they all fall within three major categories: The first is consumer-grade cloud backup, meaning products that are focused on making copies of files from your laptop or small server to the cloud. These solutions are great for making sure you can retrieve your family pictures and important documents if something happens to your personal computer. The second type is cloud backup for businesses, which typically allows you to do image-level backups of your servers to a cloud location. (This acts as a storage target.) If anything happens to your server, you can download the backed up image and recover it. This works great for small businesses that can afford to operate for a few days without a non-critical server. The process entails fixing or getting a new server, downloading the image backup from the cloud, and either copying it over to the new server or doing a Bare Metal Restore.

The third type of cloud solution is made for companies that cannot afford to be down for more than a few minutes to a couple of hours. This approach gives you image-level server protection in the cloud, and allows you to perform a server failover directly into the cloud. Which means you can spin up a virtual copy of the server in the cloud, so that all the applications and data are available for access … and the business can continue to operate.

Many vendors (sometimes classified by analysts as DRaaS, or Disaster Recovery-as-a-Service) can failover a server in the cloud. But you also need additional details: Can physical Windows servers be failed over or just virtual servers? Which virtual machines, if any, are supported (VMware, Hyper-V, XenServer, KVM, etc.)? What is the process for failover (e.g. can you easily do it yourself via a web interface or do you have to request assistance from the vendor’s service department)? How fast can you failover a crashed server in the vendor’s cloud? And an important one that can’t be neglected: After failing over a server in the cloud, are backups created for that specific server?

The final element of cloud failover involves what we call “Office Virtualization.” Executing a failover for one server in the cloud is straightforward, but how about for all of your servers? What happens if your entire network needs to be virtualized in the cloud? In cases where a full-site outage (power outage, natural disaster, virus, etc.) renders the office unusable, you need a vendor that will allow you to virtualize not just your servers, but the entire network, including active directories, domain controllers, and all interconnected elements. Axcient, for example, offers a patented-technology solution that gives you the ability to set up a virtual network with IP addresses, port forwarding, and VPN access, such that you hold a complete solution for cloud-based disaster recovery, which also acts as a secondary data center in the cloud.

Final Thoughts
The technologies employed for cloud backup and data protection can vary greatly from vendor to vendor. We hope this brief introduction to what goes on behind the technology curtain has helped you decide what’s best for your business. And no matter what technology you use to protect your data, make sure that everyone (vendors included) understand your business objectives and data protection and retention policies. The best technology in the world cannot protect you when it’s implemented in a way that does not support your unique business requirements. So: For an essential guide on how to craft a simple, comprehensive business recovery plan, download our eBook. Read more about Hillary Clinton’s email issues.

Steve Noel