Data Protection
This article is part of a series. I would recommend reading the articles in order, starting with “Modern IT Ecosystem”, which provides the required framing.
- Modern IT Ecosystem
- Service Delivery
- SD-WAN
- Hybrid Multi-Cloud
- Automation
- Device-as-a-Service
- Identity Access Management
- Unified Communications
- Line of Business Apps
- Architecture Community
As a brief reminder, this series aims to explore the “art of the possible” if an enterprise business could hypothetically rebuild IT from the ground up, creating a modern IT ecosystem.
Within this article, I will highlight my proposed positioning for Enterprise Data Protection, covering the process of safeguarding important information from corruption, compromise or loss.
Introduction
As highlighted in the article “Hybrid Multi-Cloud”, my proposed hosting architecture includes multiple Colocation Data Centres, Azure regions and Edge Computing sites.
Each of these locations would host applications and data, ranging in complexity and sensitivity. For example, with my previously defined business characteristics in mind, the edge computing sites would need to support GxP compliant workloads, placing a focused on reliability (24x7 uptime) and local business continuity.
To enable a comprehensive, cost-effective and simple approach to data protection, I would position Assured Data Protection (ADP), who provide a fully managed service overlay based on Rubrik technology.
With over 100 years of combined industry experience, ADP is the only dedicated Rubrik service provider globally. This relationship provides ADP with unique access into the Rubrik business, covering feature requests, support and case escalation.
Rubrik
Rubrik is a market leader in backup and recovery, enabling automated backup, recovery, offsite replication and data archival capabilities across a hybrid multi-cloud architecture.
Rubrik delivered the industry’s first converged data management solution, offering backup software, catalogue management, replication and de-duplicated storage in a single appliance that scales linearly. The distributed nature of the architecture maximises efficiency and cost savings, whilst simultaneously enables near-zero recovery times, as well as unified file search and recovery from any location.
In short, Rubrik aims to replace the legacy “backup job” paradigm with policy-driven management, allowing businesses to holistically automate data protection, ensuring any Recovery Time Objective (RTO) and/or Recovery Point Objective (RPO) can be met without significant manual intervention.
Rubrik Architecture Overview
I would position a converged architecture, where ADP and Rubrik would be hosted across my proposed Hybrid Multi-Cloud architecture (e.g. Colocation Data Centres, Public Cloud and Edge Computing). This approach would maximise the return on existing investments, whilst avoiding the complexities that exist when looking to set up, maintain and guarantee a dedicated/isolated hosting environment.
With this approach in mind, a core Rubrik cluster would be deployed within each Colocation Data Centre, acting as the central location for backup and recovery. All data would be fully encrypted in-flight and at-rest ensuring data is immutable and therefore protected against threats such as Ransomware. These core Rubrik clusters would provide a unified environment to instantly restore data at an individual file, folder or server/VM level.
I would also provision Rubrik within my preferred the Public Cloud (Azure), protecting (where required) cloud applications and data, as well as providing cost-effective archive and long-term retention capabilities. Recognising the inherent data protection capabilities enabled by the Public Cloud providers, Rubrik would be positioned to complement (not replace) these capabilities, targeting advanced and/or specialised requirements.
Finally, Rubrik appliances would be provisioned at the Edge Computing sites, enabling site-specific backup and recovery. Edge Computing sites would leverage the core clusters for replication, as well as the Public Cloud for archiving and long-term retention.
The diagram below provides a high-level view of my proposed architecture.
Core Rubrik Clusters
My proposed architecture would be designed to scale, likely starting small with 10TB of deduplicated capacity on each core Rubrik cluster, with 100TB of usable capacity. Any additional capacity would be enabled via the Rubrik scale-out architecture, where individual nodes would be added without any downtime or impact to performance.
To further enhance the data protection, Rubrik would be configured to securely replicate data bi-directionally between each core cluster. This form of replication, alongside the inherent resilience built into my Software-Defined Data Centre (SDDC) architecture would provide the ability to perform Disaster Recovery (DR) from either core Rubrik cluster.
Finally, data would be transferred to my preferred Public Cloud object store (Azure Blog Storage) for archive and long-term retention.
Edge Computing
My proposed architecture would position three Edge Computing patterns, driven by the site sensitivity and required capacity. This approach would enable local (isolated to the specific site) data backup, as well as instant recovery at an individual file, folder or server/VM level. Where appropriate, data would be replicated to a core Rubrik cluster or archived directly to the Public Cloud.
-
Pattern One (Virtual): A virtual Rubrik appliance hosted on the previously described highly-converged infrastructure.
-
Pattern Two (Small): A single-node Rubrik hardware appliance supporting locations with less than 20TB of backup data.
-
Pattern Three (Large): A four-node Rubrik hardware appliance supporting locations with greater than 20TB of backup data.
Any site supporting GxP compliant workloads would be positioned physical hardware (Patterns Two or Three), helping to guarantee local business continuity.
Conclusion
The amount of data created and stored by enterprise businesses continues to grow at an unprecedented rate, which emphasises the importance of a robust, cost-effective Data Protection architecture.
My proposed Data Protection architecture would enable a fully managed (SaaS-like) solution, leveraging market-leading expertise from ADP and technology from Rubrik. Simultaneously, it would maximise existing investments (e.g. Colocation Data Centre, Public Cloud and Edge Computing), whilst supporting a “pay for data, not for capacity” commercial model.