Administration Guides

Cloud Vault

Home



Overview

Customers looking for next generation backup solution with an immutability option and file versioning support that require a rapid RTO for data recovery can now leverage Golden Copy and Ransomware Defender with Cloud S3 storage to create a Cyber Vault solution.   


Key Challenges Solved

  1. 3-2-1 policy allows the vault storage to use only the S3 protocol to access the vault in a steady state.
  2. Rapid RTO of a Cyber Vault backup using PowerScale and the S3 protocol
  3. File Versioning to store multiple versions of your data
  4. Object Lock for Immutability
  5. Support for file versioning and repaid object recovery in bulk using Snapshots on PowerScale versus S3 version aware recall with Golden copy.  This provides a much faster point in time recovery using S3 storage
  6. Integrated with Ransomware Defender Zero Trust Backup API to ensure backups automatically stop replication with the source data is under threat.


Prerequisites

  1. Cloud Object Storage 
  2. Security Bundle subscription and Data Orchestration Bundle Subscription

Topology Diagram


Configuration Steps

  1. Enable Zero trust api integration with Ransomware defender
    1. Login to Golden copy node 1
    2. nano /opt/superna/eca/eca-env-common.conf
    3. paste this line to the file and change the yellow highlighted x.x.x.x with the ip address of Eyeglass VM,  and the API token created to authenticate.  API web token can be created from the main menu Eyeglass API menu UI.
    4. export EYEGLASS_LOCATION=x.x.x.x
    5. export EYEGLASS_API_TOKEN=yyyyyyyy   
    6. control + x to save and exit

Configure Cloud Storage bucket


  1. Follow your Cloud providers bucket creation steps
  2. Configure versioning if needed and object lock policies


Configure Golden Copy

  1. NOTE: Delete handling needs to be configured globally on Golden Copy.  Determine if you want data deleted from the cybervault S3 bucket during incrementals or to leave deleted data in the vault.
  2. Login as ecaadmin
  3. add a folder definition using examples for each Cloud provider.  See guide.
  4. Run a full backup job
  5. Configure an incremental job on the folder definition to run before the schedule snapshot on the cyber vault path.
  6. Best Practice:  Enabling the Configuration backup feature in Golden Copy exports all shares, nfs exports, quotas to json format and stores a copy on the vault cluster.  This is documented here.  This provides not only a data protection solution but also a device level solution to restore the cluster configuration information.



Data Recovery & Cluster Configuration Backup

  1. Recovery Scenarios
    1. Scenario 1 - To recover data the PowerScale can leverage SMB or NFS access in read only or read write mode anywhere in the file system tree that was created by Golden Copy.
      1. Select a snapshot version and reverting Golden Copy backup data to any point in the passed based on snapshot retention settings on the Vault cluster
    2. Scenario 2 -  Restore data to the source PowerScale using Golden copy recall feature.  Full or partial recovery of any path in the file system is possible to prioritize which data is recalled first.
    3. Scenario 3 -  Create SyncIQ policies on the Vault cluster and use differential mode to only copy updated data back to the production cluster OR create new policies to replicate data to a new powerscale cluster.
    4. Scenario 4 -  Determine if the configuration data backup is needed.  Copy the json files to the PowerScale cluster and run the import configuration CLI commands to read the json files and create the configuration information on the cluster.  Consult with Dell support on the specific steps. 

Summary

This solution protects provides a Cyber Vault on S3 storage that is capable of sharing data in a read-only state and providing immutability.


© Superna Inc