Organisations today, being challenged with exponential data growth, rely on multiple backup and data protection solutions to manage their data. Enter backup appliances, which have grown from a bandage to becoming an integral part of any data protection system. These appliances can drive huge improvements in backup performance and recovery times.
A little over 15 years ago, backup appliances came into the market and were a product of two introductions to the storage industry: SATA disk arrays and deduplication. Before the use of SATA disks, arrays were more expensive and there wasn’t much sense in using them as backup targets. SATA disks, on the other hand, were more affordable, so companies introduced them as a place to store older copies of data and backups.
Backup appliances started to gain popularity when the concept of deduplication entered the market. The way backups were traditionally made created an excess of duplicate data and the ability to identify and eliminate that duplicate data significantly reduced the cost of using disk as a backup target.
Today’s backup-to-disk market is changing as customers shift from simply sending backups to disk to learning how that disk can enable better functionality for their environment. There are now two main types of backup appliances:
- Backup targets are designed to accept backups from backup software and were initially for those who already have an existing backup product and wanted to upgrade their storage hardware. It also provides the ability to refresh the computing side of the backup equation at different rates than the storage side.
Technically, any storage system accessible via NFS, SMB or other storage protocols can be used as a backup target. But typically, they are disk systems specifically designed for backups. Being designed for backup means these systems are cost-effective (at least moreso than primary storage) and highly scalable – storing petabytes of capacity. And it means that they typically include deduplication as a core feature – deduplication identifies and eliminates data between backups, allowing a disk storage system to store much more backup history in the same amount of disk space.
- Backup systems on the other hand, are complete systems that contain the backup software and sufficient storage to hold backups. They tend to put both functions in one place, so it’s not possible to upgrade one and not the other. However, companies that prefer their backup appliances to be more “plug and play” tend to prefer systems over targets.
In contrast to backup targets, they are easier to understand and classify. In addition to some security and performance advantages, the main purpose of these systems is to be a turnkey system ready to do backups as soon as they’re turned on.
Threats to backup appliances
Besides the historical threats of failed media, disasters taking out an entire server or storage array, or simply human error, today’s backup servers have more threats than ever – especially if they are Windows-based systems. The biggest threat comes in the form of ransomware, insider attacks or other malware that will delete or otherwise corrupt backups or the backup software’s configuration files.
One of the biggest pitfalls that backup appliances face is that any data stored on a typical backup appliance is simply available via an SMB or NFS mount. If someone were to access that mount outside the backup process, they could encrypt or delete the backups along with the original data. Organisations should consider the following:
- Lock down access to that shared folder – this can be done via ACLs, VPNs and basic SMB and NFS controls that allow only the backup server to mount the directory in question.
- Use a protocol between the backup software and backup appliance down the backup systems, tighter than any other system in the data centre.
- Use a different authentication system for the backup system that is separate from anything, so that someone compromising the corporate system would not be able to compromise the backup system too.
- Ensure intrusion detection systems treat the backup server as a high priority system from a security perspective, as it has a copy of everything in the environment.
There are a variety of approaches to the challenges of safely storing and protecting backup data. Each offers advantages and disadvantages, including performance or security enhancements, or simply ease-of-use differences. We partner with Veeam Software as the innovative provider of solutions that deliver ‘Availability for the Always-On Enterprise’. Customers save time, mitigate risks, and dramatically reduce capital and operational costs.
‘Backup now and give Appliances room’ extracts taken from Veeam ebook entitled ‘A Guide to Backup Appliances and Data Availability’.