How to protect a cloud

With all of the talk about the Cloud these days, one thing that can be taken for granted is data protection in this cloud environment. Moving data to highly redundant clouds can sometimes cause a false sense of security. Think about the problems in the cloud that occurred in 2011 alone. Amazon – April, Sony – April, Google – February. These are not small time providers either. In the case of Google, they actually had to go to their tape backups to restore data because of issues with the highly available and redundant architecture. As Google stated on their blog “in some rare instances software bugs can affect several copies of the data” ( When Amazon’s services were impacted, they stated that “As with any complicated operational issue, this one was caused by several root causes interacting with one another” ( In the case of Sony, it was even more serious. The external security breach led to Sony stating that “the resources of this company have been focused on investigating the entire nature and impact of the cyber-attack we’ve all experienced” (

So what does all of this really mean? In all of the examples above, the importance of data protection become plainly evident. In addition, the trust, economic, and financial aspects of moving workloads to the cloud became appropriate filters to use when evaluating your own move to the cloud.

Filters used to evaluate workloads for the Cloud

First, we need to define what the cloud really is. There are three different cloud types that you will use in your infrastructure. One of these you most likely already have. The private cloud is a collection of x86 workloads in your environment that have already been move into a virtualized architecture. The second type of cloud is the public cloud, and can be purchased from many service providers that specialize in this market space. This category also makes up the application-as-a-service of software-as-a-service space such as or email services provided by Microsoft’s Office 365. Finally, are hybrid clouds. These are made of low-cost, virtualized, pay-as-you-go shared services offered by the same providers that allow you to extend your private cloud into the public cloud based on demand for IT services. Say you are a healthcare provider, and you have an application that analyzes samples that are sent to a lab. You may have virtualized this infrastructure, but due to a recent acquisition, have found that demand for this application exceeds capacity. By leveraging federation between your private cloud, and these hybrid public cloud providers, you can now add capacity to your environment without deploying costly infrastructure on an as needed basis. In addition to these cloud components, your infrastructure will likely consist of physical, legacy, or large mainframe systems that are not candidates for virtualization. If you put this all together, you will find your mix will look similar to the following chart.

Example cloud breakdown

So this brings me back to the main point. How do you protect a cloud? It’s complicated to say the least, but today’s deduplication backup portfolios provide the same protection for the cloud, as they have for the physical infrastructure of yesterday. Flexible client deployment options allow you to choose how to best protect an application. API’s allow you to leverage tools like tracking of changed blocks, ability to mount snapshots on the fly, and robust reporting and integration points. What is universally important here is the ability to reduce network traffic as virtual environments leverage fewer and fewer physical ingress/egress points to the backbone. They must efficiently store data to reduce the cost of storage by leveraging global reduplication, and must be simple enough for the shrinking pool of IT resources to manage. To manage the SLAs defined around these cloud apps, the data protection environment must be robust enough to bring systems back online fast, and reliably. Finally, these systems must be able to ingest data at a high rate of speed to ensure that the shrinking windows allotted for data protection are not exceeded, and that aggressive RTO requirements are met.

I am an EMC employee and could be accused of being biased about which systems I feel meet these requirements, but I am an EMC employee BECAUSE i feel that these devices meet these requirements best. EMC Avamar has been developed with VMware directly in our engineer’s minds. The ability to leverage the VADP APIs gives Avamar unique features that make it excel in a Cloud infrastructure. With the recent integration of EMC Data Domain and Avamar, workloads that can better leverage Data Domain’s SISL and DIA architecture and scalable hardware can be directed to the most appropriate device while still being managed through a single GUI. In order to provide the advanced reporting required to make IT-as-a-service reality, Data Protection Advisor (DPA) has custom reports available to outline departmental chargeback, engineering overviews of the backup infrastructure, and even granular reporting all the way down to the client level. Finally, in the cases where regulations or processes still require the use of legacy tape or disk storage, EMC Networker can manage all of the above.

The flexibility these systems provide mirror the flexibility and agility that your private, public, or hybrid clubs provide. As your private cloud grows and merges with the public cloud, no matter what may come your way, if you have provided a strong foundation of data protection, your cloud will be able to weather any storm.

Leave a Reply

Please log in using one of these methods to post your comment: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.