Data Orchestration
Data Orchestration Product Specification
Use of this document
This document is the functional specification definition of the product's functionality.
Overview
The Data Orchestration product automates data sync from a PowerScale cluster S3 compatible storage. This allows customers to maintain a 3rd copy of data off site in the cloud or on premise local copy. This solution allows customers to comply with 3-2-1 backup best practise 3 copies of data, stored on 2 different storage technologies and 1 copy is off site. In addition to backup copies the solution allows for various hybrid cloud data movement, orchestration or on demand workflows to enable modern data workflows that requires bridging file systems and object storage into a seamless data pool. When integrated with Superna security products and hardened data mover , sync or backup workflow can be enabled that prevents data movement when threat levels are detected by Ransomware Defender or Easy Auditor using an integrated zero trust API.
Terms
Golden Copy GUI - User job monitoring, alarms and user interface to interact with product configuration.
- Easy Auditor - a product offering with real time triggers that can detect storage threats and make use of the Zero Trust API
Ransomware Defender or Security Edition - This capability is referenced on this link is recommended component of any Data Orchestration solution.
Functional Specification Description
Dependencies
Storage Cluster must be licensed for Data Orchestration
Only available in vmware OVA or Hyper-v appliance formats
Internet bandwidth sufficient to allow backup operations
- Key Use Cases
- 3rd Copy Backup copies of data in object format
- One 1 way data sync to cloud or sync data from cloud storage to a file system
- Data move operations for edge storage computing workflows
- Patching
The product does not support hotfix patching and requires and complete upgrade of the software version or build number to apply any patch
Operating system patches are not provided and must be downloaded directly through an out of band method and requires physical access to the secured physical equipment to apply patches, updates, or upgrades.
Compatibility
The product does not support forward compatibility with target devices and will require a software upgrade to support a forward version of a target device. This includes minor or build number changes of the target device.
Appliance Modifications
Modifying the operating system packages, removing or adding packages, changing the OS configuration and support of these changes is not covered by support and customers must support OS modifications and perform necessary testing. No support for customer modifications with the exception of applying opensuse OS package patches that shipped with the original appliance or published procedure in documentation.
Operational Procedures
If documentation does not list a procedure, it is explicitly unsupported unless support provides a procedure.
Installation
Recommended to use subject matter experts to consult on mapping the product to business use case and outcome expectations.
Customer installable and upgradable solution requires knowledge of file systems and object storage services from Cloud providers. Professional services are highly recommended for complex business workflows and requirement mapping.
Product Use Limitations
Insufficient bandwidth (local or Internet) for the backup or orchestration workflow
Insufficient product VM's for a target throughput requirement.
RTO & RPO constraints based on backup and restore use case over high latency network using a file by file backup and restore operation
Not a replacement for Disaster Recovery low RTO or low RPO requirements.
Not a replacement technology for Storage Array to Storage Array built in block level replication either asynchronous or synchronous replication solutions.
Data Orchestration software Automates
- Data sync from production to s3 storage
- Detection of existing data in S3 and skipping of backup data that has not changed
- incremental detection capabilities to detect create, update or delete operations and apply updates to target storage
- Data move operations
- File to object
- Object to File
- User presentation of file & object data for self service
- Restore
- Archive
- Recall
- Sync or move operations
- Built In data security awareness of SMB security (share level) and object level security
- RBAC within the CLI
- RBAC GUI (administrator or end user)
- Automatic data retry on backup or restore operations
- Data sync from production to s3 storage
Data Orchestration Function
Licenses
Data Orchestration
License subscription based on source device total capacity
Management
During Data Orchestration monitoring
file count
bytes
throughput
errored data
error %
completion %
Skipped data count and %
job history
Detailed job step summaries
Automated retry on failed operations
API automation
CLI interface
GUI interface
Reporting
Job history summary
job errors
success
failures
duration of jobs
type of job indicator
Job detailed file by file break down of each success or failure or both
Monitoring
Appliance environmental and software module monitoring of:
cpu
memory
network usage
disk IO
alerts
email
syslog
Configuration
CLI over ssh
GUI for some functions
Data Security
Inflight HTTPS
Data read operations with addon read/write protocl level encryption (SMB only)
Data at rest is the responsibility of the Cloud provider to provide
Installation Knowledge Transfer post installation
The product installation process informs customers of the decisions they own to determine the protection features needed for a specific use case or business requirement. Operational training is provided by Superna installation services. Failure to follow documented procedures in documentation can limit or terminate your entitlement to support.
Operational Expectations for all deployments
Data Orchestration is a component of an overall backup solution that must include the following best practices in order to correctly deploy a solution. The operational steps below are expected to be followed for correctly using and integrating Data Orchestration into a data protection solution.
A data protection plan should include multiple layers including Disaster Recovery for business continuity. This product is not a replacement for well designed and implemented BC/DR solution.
Backup data should be stored off line so that it is not connected to the network. An offline backup is a requirement in all scenarios.
Documented Data Recovery run book developed externally to this product correct usage.
Product support is not a managed data recovery service and includes break/fix product level support.
The specification and operational management of this product Requires:
Monitor jobs and failures, review job logs and retry jobs to ensure 100% of all data is backed up. Failure to monitor the job logs may result in data loss scenarios.
Patching and firmware updates to all hardware components that make up the backup network, storage and compute and management environments.
Product usage assumes endpoint protection Anti-virus software is in place on all operating systems, devices, computers are in place to prevent corrupt, encrypted, comprised data getting backed up. Failure to prevent the source data from malicious behaviors that comprise the integrity of the data is the responsibility of the customer using this software. Failure to meet this requirement will result in un-usable data in the backup copy and is not covered by license terms (warranty, indemnification)
All computers with operating systems are patched regularly
All CVE's are acted upon with patches and remediation applied to all devices within the IT infrastructure.
All firewalls, security devices are running current versions and configured correctly to protect networks
The compute infrastructure is maintained and provides minimum product requirements for cpu, memory, disk latency.
The end users and IT are trained to respond to a Data Orchestration attack and have a run book to respond to an incident.
End users are trained regularly for phishing attacks and social attacks intended to compromise computers with Malware/Data Orchestration
All product alerts are acted on in a timely manner to ensure processing of audit data is protecting the file system.
Daily Mandatory operational tasks
Monitor successful data syncs into the object storage, monitoring of disk space within the object storage or source file system, alarm monitoring and response actions necessary to resolve any faults within the backup jobs, monitoring the backup components (cluster, network devices , switches, firewall walls, management devices for remote access, security logs)
Failure to properly monitor the product can and will result in data loss scenarios.