Monday, September 6, 2021

Cyber bunker - architecture, network, recovery - remote discussion, 30 minutes, Friday, September 10, 12:00 Vienna time

Register for the discussion!

Cyber bunker provides recovery after hacker / ransomware attack, allows verification of production, is fully automated.
That is why it is gaining more and more popularity.

   * How does cyber bunker look like?
   * How is connected with the rest of the world?
   * What happens in the bunker when the attack starts?
And the most important: What is the cost?

Let me invite you for 30-minute journey into inside of the vault:
    Cyber bunker - architecture, network, recovery
    Friday, 10th of September, 12:00pm CEST (Vienna time) – 30 minutes
Internet invitation:

We will see cyber bunker construction, networking, TCO.
And ... we will simulate the attack!

Before our meeting have a look on video about Cyber Recovery:
And article:

Prepare coffee, questions and ...
See you in the bunker!
Daniel Olkowski

Friday, September 11, 2020

How to protect virtualizations? - Red Hat, oVirt, KVM , Xen, Oracle, Nutanix, Proxmox

Direct links to the above discussion about protection of virtualizations like Red Hat, oVirt, KVM , Xen, Oracle, Nutanix, Proxmox:

Here are the links to particular topics from the conversation:

What is vProtect?

vProtect architecture
1 phase backup with Data Domain with source de-dup
Server and node

Installation of vProtect

vProtect demo

Backup of images
Snapshots kept on the virtualizations
We can restore just the state of VM
Self backup infrastructure

Recovery plan
One button recovery
Scheduled recoveries

Backup cinsistency

Data Domain integration
Source de-duplication

Huge speed customer example

vProtect and source de-dup in the same license bundle

Summary of functionalities
Full backups
Incremental backups with CBT
Restoring single file
Mounting disks from backups to virtualixzation paltform
Disk exclusions
Self backup environment
Pre and post commands
File level restore - question

backup on demand
Starting bckups
Creating automated policy
Creating recovery plan

Great CLI interface


How vprotect is licensed?

Protect everything!

Thursday, August 27, 2020

Data Domain 7.2 - What is new?

Performance & Security - these are flagship Data Domain features.
They are further improved in new Data Domain 7.2.
Let me invite you for short discussion about new DD 7.2 features.

Direct link to the above discussion about new DD7.2 features:

What is new in Data Domain 7.2?
Compliance - absolute lock for protected data

Data Domain allows you to absolutely block backups for a specified period of time. Thanks to this, neither ransomware nor hacker can hurt our data - we can always restore from Data Domain:

Data Domain blocks data removal / change for defined period of time (month / quarter / …) Hacker cannot change to bypass the lock - neither directly nor through the NTP server:

Version 7.2 further extends the flexibility of compliance. We can define the maximum time change applied to Data Domain and the maximum number of changes:

The compliance function is available in Data Domain hardware appliances:

Further extension of Compliance (no removable lock) is Cyber Bunker:
described in the article:

How much more space do we gain with new Data Domain models?

New Data Domain models compress new blocks more effectively thanks to dedicated compression card:

And we also gain more performance:

How much do we additionally gain thanks to compression card? The video shows the real numbers from production, worldwide Data Domain:

Let's assume that the old Data Domain would need 100TB for data storage.
New models (DD6900 / 9400/9900) will need
  • only 77TB for storing backups for securing your file system
  • only 85TB for storing backups for securing databases
Detailed explanation of the mechanism that makes new Data Domains to use less space for backups:

BoostFS = huge fast backup speed thanks to source de-duplication
For everyone!

BoostFS Live:

Data Domain 7.2 provides even faster BoostFS backups:

DD 7.2 increases the already super performance of BoostFS - - Real data from SQL backups:

Recovery performance

Each recovery stream is split into multiple threads to speed up recovery!
As a result, even if we have Data Domain with a small number of disks, we achieve a big speed:

Further optimization of Garbage Collection algorithms.

Data Domain provides huge performance – regardless if it performs internal processes or not. 
Thanks to this, it has over 50% market share:

How to set Data Domain cleanup parameters - live:

Data Domain - algorithmic device:
focused on performance:
Possibility to extend compliance for ever

Data Domain allows for fast, frequent backups

No visibility of source de-dup for production:

The video is recording for customers/partners discussion.
Thank you very much all that took place in this event live!
Thank you for time, discussion and... fun!!!

Performance and Security!

#datadomain #dd #7.2 #dd7.2 #backup #backupperformance #recovery #recoveryperformance #dataprotection #security #datasecurity #news #backupmedia #media #boostfs #boost #deduplication #de-dup

Wednesday, January 8, 2020

Ransomware attack - how can we recover?

Whatever we do in our life, it is always good to have Plan B.

What if my data are encrypted by ransomware?
Do I have Plan B?
How can I access my data?

What if I have backups that have no chance to be ransomwared/ removed?
What if I have a cyber bunker?
What if I have Cyber Recovery plan?
And... can it be with very attractive cost?

What backup/recovery solution can offer me in case of ransomware/hacker attack?
Why Plan B is important?

How can I lock against ransmoware/hacker?
How can I be sure that none can remove /change my backups.
Can I restore in case of ransomware/hacker attack.

Bunker in IT? - Why, When, How?
Can we do everything automatically?
Can we control our IT over ransomware?
Can we recover immediately?

All methods to protect against ransomware/hacker

Hardening - let's remember about this simple approach

Data Domain Snapshots 
No cost, no additional space, no performance degradation method to have protection of our backups

Why source de-duplication increases my security?

We can protect ourselves against ransomware/hacker
We can have plan B
We can make it easy and automated...

Let's consider it...

Presentation about Cyber Recovery (the one used in video):

Only successful recoveries!

Monday, December 9, 2019

Why new Data Domain models? - DD6900 / DD9400 / DD9900 backup/recovery appliances

In September 2019 Dell announced 3 new Data Domain models (DD6900 / DD9400 / DD9900)
Shall we take under considerations new Data Domain models?

If so why?
What is the architecture?

Below is the summary of changes in new Data Domain models:
  • DD6900
  • DD9400
  • DD9900

Automated protection against ransomware / hacker.
Any backup performed on new Data Domain models is automatically protected for defined period.
Neither ransomware nor hacker can delete it.
How is it possible?

Reducing disk space required for backups
New models require 10-30% less space for storing backups comparing to previous ones.
Wow! Can it be?

Starting even 64 Virtual Machines from new Data Domains with 60 000 IOps performance!
Hugh, can backup be faster than production?

Faster restores from new Data Domain

Capacity on demand
In new Data Domain models we can get more space but pay for the one that we use.

Faster internal components
Does it matter?

Scalability from 48 TB to 1 250 TB

100Gb Ethernet card is possible!

Very little space required Can you store 1.25PB in single rack?

Monitoring and visualizing online all its components

How can it move to new models?

New Data Domain models have a number new & exciting things.
It makes sense to have a closer look on them...

Presentation about new Data Domain models (the one used in video):

Only immediate recoveries!

Wednesday, August 21, 2019

How to keep long term backups? - Tiering or... something simple!

Recently, customer asked me the question:
      I’m looking for a discussion document which outlines best practice for tiering backups.
This question comes for ages.

Idea of tiering in backup comes from our internal dream:
Let’s have fast, secure and good media (storage) for recent backups/data
but at the same time
Let’s keep old backups as cheap as possible

Recent backups we usually keep on Data Domain (
Data Domain gives us huge performance, security, and restore.
This is what we require from protection production: no load, fast backup and easy, fast restore.

For older backups copies (archive backups) we really do not know what to do?
We just need old backups to keep cheap...

We have couple of options for storing old backups:
Object storage (local/cloud)
Or maybe…

Why not just keep 5 years backup on Data Domain?
Local Data Domain / Data Domain in cloud – as one wishes.

During one of the workshops I asked customer:
       How long do you keep backups on Data Domain, how long on tape?
He said:
       Daniel, I have no time and money to play with backup tiering.
       I have bought 2 Data Domains (little bigger) and I just replicate between 2 cities.
       I have 90 copies on each Data Domain (30 daily for last month and 60 monthly for last 5 years)
       No touch, same cost, dream life.

My experience (I would choose it for myself) is that little bigger DD - for both production backups and archive backups - in many cases is better than tiering.
Money are similar, simplicity is incomparable.

Of course, every case is different, but…
Most simple solutions are the best ones!

And let me quote my great friend from UK:

When I started dealing with backup I was said that the more we retain on Data Domain, the better de-duplication is.
And that is so true…

The current push for tiering backups in reality makes more problems rather than solving any.
Tiering backup is:
  • Expensive
  • Complicated because of restore 
  • And many other compatibility issue
Why keeping last backups on great media (like Data Domain) and moving older backups to tape/object provides complication, less flexibility, additional costs?

With tiering in backup, we have 2 different media, software, policies to manage those 2 different backup media?

Why do we do that all complication?
To make backup cheaper.

But… Even hard costs of tiering like additional storage (second tier) + potential licenses for tiering in many cases eat that whole difference in price between 2 different media.

Not mentioning soft costs like management, integration, know how, …
This is what my customer just said from his experience.

So having fantastic media like Data Domain, we can just increase a little bit its space – not much due to de-duplication – and we can enjoy f.e. 5 years retention!
With no problems, no management, easy.
And with similar or even less money…

And... Data Domain can be in the cloud using Object Storage as the space for backups.
But this something for another article...

Most simple solutions are the best ones!

Only successful recoveries….

Friday, August 17, 2018

DP4400 backup/recovery appliance and… everything is ready!

Video about DP4400 (below there are links to each part of discussion):

Presentation about DP4400:   

Let’s imagine we have chosen our dreamed backup solution. It was not easy, we had to compare and check plenty of parameters. But it is over. We know what data protection is best for us.
Is it really over? Can we really just wait for delivery of our preferable solution?

Unfortunately not.  We still need to take care about:
  • Design
  • Implementation

Design is important. If we do not take care about proper design and we provide too few resources for:
  • Backup server
  • Media servers
  • De-duplication pool
  • Network

we can have poor backup/recovery performance best. More probably we will expirience instability of our backup solution or in the worst case data loss (f.e. because of currupted de-dup database).

Also implementation of the above take us weeks if not months. This is pain for OS guys, Virtualization guys, Network guys.

Do we really have to take risk (as company, personally) for design / implementation / maintenance?
Is there another approach?

DP4400 is 2U backup/recovery appliance that is ready to backup our environment just after power on. The ease is not compromised with capabilities. We get top market features ready to run.
Just after power on and providing our IP addresses.

What functionalities does DP4400 provide?
DP4400 includes:
  • Software to backup/recovery of VMware, HyperV, OpenStack, databases, file systems, NAS devices, remote offices, laptops, … - any systemsBackup engine is based on the Avamar system
  • Media to keep our backups
    It is based on top market Data Domain technology and offers plenty unique features:
    • Best de-duplication (least storage required, least bandwidth required for replication)
    • No network usage during backup (source de-duplication)
    • Ransomware protection (locking backups)
    • ...
  • Finding any phrase in backups (GDPR)We get huge efficient Elastic Search engine
  • Cloud as Disaster RecoveryWe can replicate our Virtual Machines to Cloud and start them for Disaster Recovery / tests
  • Export old backups to cheap S3 storageDD technology within DP4400 has CloudTier functionality that moves old backups to cheap and secure S3 storage
  • ReportsOver 300 reports, analysis of problems, predictions of future provided by DP Advisor engine
  • Single console to mange the whole backup environment - our DP4400

DP4400 provides all the below beauty of backup solutions:

What about desing / implementation / maintance of DP4400?
DP4400 is 2U appliance that comes to us:
  • Installed
  • Configured
  • All components are properly tuned
  • All components have resources required to work with full power
  • Ready to backup / recover our data just after power on

We turn on our 2U device and we can enjoy the backup/recovery:

DP4400 is installed in rack - what do I need to do perform backup/recovery?
After power on DP4400, to perform backup/recovery we need to provide things that factory does not know:
  • our IP addresses
  • define what we want to backup (SQL, VMware, Hyper-V, Windows, laptops, remote offices, …)

What environments can DP4400 protect?

DP 4400 can backup:
  • Virtual Machines (VMware, Hyper-V, OpenStack, ….)
  • Databases and applications (SQL, Oracle, Sybase, Exchange, Lotus, …)
  • Files (Windows, Linux, Unix, FreeBSD)
  • Remote offices (protected environment can be even far 100ms from DP4400)
  • NAS (Unity, Isilon, Netapp, ZFS)
  • Standalone servers
  • Laptops
And we can use Cloud as Disaster Recovery!

What features we can enjoy with DP4400?
Let me share with you some of the capabilities that we get within DP4400:
  • Backup from 100 to 1000 VMware Virtual Machines per hour
    Extremely important for ransomware attack – we almost not lose any data!
  • Every backup is full backup!
  • Restore of single file, table, mail from image level backups
  • Immediate repairing of damaged VM (2 minutes to repair 1TB VM)
  • Starting Virtual Machines directly from DP4400 with SSD disks
    Zero time recovery with SSD disks speed!
  • Excluding any files (pagefile.sys) / paths  from VMware image level backup
  • Built in global de-duplication, source de-duplication, smallest block size on the market
  • Very small pipe for replication between DP4400
  • Sending about 1% of data to another DP4400 to replicate backups
  • Finding phrases in backed up documents in less than 1 second!

All the above we always get - no matter which DP4400 we will order! All the features are ready to work, configured in every DP4400.

What are DP4400 options?
Let’s say I take under consideration DP4400. What options do I have?
DP4400 2U device that we can buy in the below capacities:
  • 8TB
  • 12TB
  • 16TB
  • 20TB
  • 24TB
  • 36TB
  • 48TB
  • 60TB
  • 72TB
  • 84TB
  • 96TB

We can buy any capacity and upgrade as many times as we want to higher capacities. For example:
  • We can purchase DP4400 12TB and upgrade to 16TB
  • We can purchase  DP4400 24TB net capacity
  • Upgrade to 48TB net capacity
  • And then upgrade to 72TB net capacity
  • And then upgrade to 96TB net capacity

The upgrade is easy because DP4440 always come with full capacity:
  • 24TB net for Entry Model
  • 96TB net for Full Model
Upgrade with the model is just by entering the license
So for example upgrading from 24TB to 60TB is just entering the license.

If we want to upgrade from entry level model (24TB) to full model (96TB) we get couple of disks that we or Dell put in and that is all!

How big DP4400 do I need to protect my environment?
You shall contact Dell EMC or Dell EMC partner for sizing DP4400 for your environment.
Anyhow, the rule of thumb tells us the DP4400 24TB net allows us to protect 25TB environment with 30 days retention and 10TB environment with 5 years retention. The same proportion we can use for bigger capacities.

What is the price?
For price you shall contact Dell EMC. Vendor claims that price is very attractive – less than buying components separately.
But we shall take under consideration that within the price we get:
  • No risk approach (full power, made by factory)
  • Implementation / configuration
  • All the hardware resources for backup/recovery solution

DP4400 presentation
DP4400 video

And below there links to topics covered in the video.
DP4400 – what it is:
DP4400 – one slide summary:
DP4400 – capacities, upgrades:
De-duplication within DP4400:
DP4400 – licensing, environment we can backup:
Cloud as Disaster Recovery
NAS backup by DP4400:
Management, VMware backup, search and other features of DP4400:
Initial configuration

Only successful recoveries!