Data Orchestration

Data Orchestration Product Specification

• Use of this document
• Overview
• Terms
• Functional Specification Description

Use of this document

This document is the functional specification definition of the product's functionality.

Overview

The Data Orchestration product automates data sync from a PowerScale cluster S3 compatible storage. This allows customers to maintain a 3rd copy of data off site in the cloud or on premise local copy. This solution allows customers to comply with 3-2-1 backup best practise 3 copies of data, stored on 2 different storage technologies and 1 copy is off site. In addition to backup copies the solution allows for various hybrid cloud data movement, orchestration or on demand workflows to enable modern data workflows that requires bridging file systems and object storage into a seamless data pool. When integrated with Superna security products and hardened data mover , sync or backup workflow can be enabled that prevents data movement when threat levels are detected by Ransomware Defender or Easy Auditor using an integrated zero trust API.

Terms

1. Golden Copy GUI - User job monitoring, alarms and user interface to interact with product configuration.

2. Easy Auditor - a product offering with real time triggers that can detect storage threats and make use of the Zero Trust API

3. Ransomware Defender or Security Edition - This capability is referenced on this link is recommended component of any Data Orchestration solution.

Functional Specification Description

1. Dependencies 

   1. Storage Cluster must be licensed for Data Orchestration

   2. Only available in vmware OVA or Hyper-v appliance formats

   3. Internet bandwidth sufficient to allow backup operations

2. Key Use Cases
   1. 3rd Copy Backup copies of data in object format
   2. One 1 way data sync to cloud or sync data from cloud storage to a file system 
   3. Data move operations for edge storage computing workflows
3. Patching

   1. The product does not support hotfix patching and requires and complete upgrade of the software version or build number to apply any patch

   2. Operating system patches are not provided and must be downloaded directly through an out of band method and requires physical access to the secured physical equipment to apply patches, updates, or upgrades.

4. Compatibility 

   1. The product does not support forward compatibility with target devices and will require a software upgrade to support a forward version of a target device.   This includes minor or build number changes of the target device.

5. Appliance Modifications

   1. Modifying the operating system packages, removing or adding packages, changing the OS configuration and support of these changes is not covered by support and customers must support OS modifications and perform necessary testing.   No support for customer modifications with the exception of applying opensuse OS package patches that shipped with the original appliance or published procedure in documentation.

6. Operational Procedures

   1. If documentation does not list a procedure, it is explicitly unsupported unless support provides a procedure. 

7. Installation

   1. Recommended to use subject matter experts to consult on mapping the product to business use case and outcome expectations.

   2. Customer installable and upgradable solution requires knowledge of file systems and object storage services from Cloud providers. Professional services are highly recommended for complex business workflows and requirement mapping.

8. Product Use Limitations

   1. Insufficient bandwidth (local or Internet) for the backup or orchestration workflow 

   2. Insufficient product VM's for a target throughput requirement.

   3. RTO & RPO constraints based on backup and restore use case over high latency network using a file by file backup and restore operation

   4. Not a replacement for Disaster Recovery low RTO or low RPO requirements. 

   5. Not a replacement technology for Storage Array to Storage Array built in block level replication either asynchronous or synchronous replication solutions.

9. Data Orchestration software Automates

   1. Data sync from production to s3 storage
      1. Detection of existing data in S3 and skipping of backup data that has not changed
      2. incremental detection capabilities to detect create, update or delete operations and apply updates to target storage
   2. Data move operations
      1. File to object
      2. Object to File
   3. User presentation of file & object data for self service
      1. Restore
      2. Archive
      3. Recall
      4. Sync or move operations
   4. Built In data security awareness of SMB security (share level) and object level security
   5. RBAC within the CLI
   6. RBAC GUI (administrator or end user)
   7. Automatic data retry on backup or restore operations
       

10. Data Orchestration Function 

    1. Licenses

       1. Data Orchestration

          1. License subscription based on source device total capacity

    2. Management

       1. During Data Orchestration monitoring

          1. file count

          2. bytes

          3. throughput

          4. errored data

          5. error %

          6. completion %

          7. Skipped data count and %

          8. job history

          9. Detailed job step summaries

          10. Automated retry on failed operations

       2. API automation

       3. CLI interface

       4. GUI interface

       5. 
          

    3. Reporting

       1. Job history summary

          1. job errors

          2. success

          3. failures

          4. duration of jobs

          5. type of job indicator

          6. Job detailed file by file break down of each success or failure or both

    4. Monitoring

       1. Appliance environmental and software module monitoring of:

          1. cpu

          2. memory

          3. network usage

          4. disk IO 

       2. alerts

          1. email

          2. syslog

    5. Configuration

       1. CLI over ssh

       2. GUI for some functions 
          

    6. Data Security

       1. Inflight HTTPS

       2. Data read operations with addon read/write protocl level encryption (SMB only)

       3. Data at rest is the responsibility of the Cloud provider to provide 
          

11. Installation Knowledge Transfer post installation

    1. The product installation process informs customers of the decisions they own to determine the protection features needed for a specific use case or business requirement. Operational training is provided by Superna installation services. Failure to follow documented procedures in documentation can limit or terminate your entitlement to support.

12. Operational Expectations for all deployments

    1. Data Orchestration is a component of an overall backup solution that must include the following best practices in order to correctly deploy a solution.  The operational steps below are expected to be followed for correctly using and integrating Data Orchestration into a data protection solution.

       1. A data protection plan should include multiple layers including Disaster Recovery for business continuity. This product is not a replacement for well designed and implemented BC/DR solution.

       2. Backup data should be stored off line so that it is not connected to the network.  An offline backup is a requirement in all scenarios.

       3. Documented Data Recovery run book developed externally to this product correct usage.

       4. Product support is not a managed data recovery service and includes break/fix product level support.

       5. The specification and operational management of this product Requires:

          1. Monitor jobs and failures, review job logs and retry jobs to ensure 100% of all data is backed up. Failure to monitor the job logs may result in data loss scenarios.

          2. Patching and firmware updates to all hardware components that make up the backup network, storage and compute and management environments.

          3. Product usage assumes endpoint protection Anti-virus software is in place on all operating systems, devices, computers are in place to prevent corrupt, encrypted, comprised data getting backed up. Failure to prevent the source data from malicious behaviors that comprise the integrity of the data is the responsibility of the customer using this software. Failure to meet this requirement will result in un-usable data in the backup copy and is not covered by license terms (warranty, indemnification)

          4. All computers with operating systems are patched regularly

          5. All CVE's are acted upon with patches and remediation applied to all devices within the IT infrastructure.

          6. All firewalls, security devices are running current versions and configured correctly to protect networks

          7. The compute infrastructure is maintained and provides minimum product requirements for cpu, memory, disk latency.

          8. The end users and IT are trained to respond to a Data Orchestration attack and have a run book to respond to an incident.

          9. End users are trained regularly for phishing attacks and social attacks intended to compromise computers with Malware/Data Orchestration

          10. All product alerts are acted on in a timely manner to ensure processing of audit data is protecting the file system.

          11. Daily Mandatory operational tasks

              1. Monitor successful data syncs into the object storage, monitoring of disk space within the object storage or source file system, alarm monitoring and response actions necessary to resolve any faults within the backup jobs, monitoring the backup components (cluster, network devices , switches, firewall walls, management devices for remote access, security logs)

              2. Failure to properly monitor the product can and will result in data loss scenarios.