dataprotection

by

While instant recovery was a critical step forward, customers are now looking for an instant recovery upgrade. The next advancement of recovery needs to maintain its point-in-time independence while shrinking recovery point objectives (RPO) and recovery time objectives (RTO). Traditional methods of data recovery can often lead to significant downtime, disrupt business operations, and lead to potential revenue loss. Instant recovery has filled that gap for a decade, but now customers need more. VergeOS’ ioGuardian for VergeOS is changing the landscape by offering real-time data recovery.

Understanding Real-time Recovery with ioGuardian

ioGuardian for VergeOS is a backup solution integrated into VergeOS. It is an instant recovery upgrade. Unlike conventional backup software, it offers inline recovery capabilities that ensure continuous data access, even in scenarios where traditional hardware failure protections fail, such as during multiple drive or node failures. Even instant recovery might cause delays, but ioGuardian delivers missing data segments to virtual machines (VMs) inline, enabling operations to continue without downtime.

One of ioGuardian’s key benefits is its ability to tighten RPOs and RTOs. It achieves this through the use of VergeOS snapshots, which can be executed frequently based on the customer’s needs, ensuring more regular data protection and inline recovery. This approach enables ioGuardian to provide real-time recovery of missing data segments, ensuring VMs can continue their operations seamlessly without crashing or requiring a separate recovery process. These capabilities are included in VergeOS at no additional charge other than licensing the server used for ioGuardian.

Setting Up Real-time Recovery

An Instant Recovery Upgrade

The setup for ioGuardian involves configuring a dedicated server as the ioGuardian target, which can be an older, repurposed server or storage system capable of running VergeOS. It runs outside the production instance and represents a third copy of data beyond the protections built-in to the production VergeOS instance. Since it is also running VergeOS, it also provides global inline deduplication, so the storage capacity needed for the ioGuardian server is optimized, allowing for reduced data transfer and footprint. Additionally, placing an ioGuardian server on-premises and at a remote location can enhance data recovery efforts by providing access to data blocks from multiple sources if needed.

Comparing Instant Recovery to Real-time Recovery

While there are a lot of rapid recovery technologies on the market, instant recovery was the former state-of-the-art. The concept offered by several backup vendors aims to quickly re-instantiate a VM on a backup appliance. While this method can be effective, it typically requires downtime for the VM to restart on the backup appliance. It is also hosted on the backup appliance, which might not offer the same performance as the primary system to the point that even though recovery is “instant,” performance is so bad that IT can’t use it.

Moreover, instant recovery often involves manual intervention from IT staff due to limitations in how often entire environments are protected and how available the IT team is. The actual RTO could range between four to eight hours. Also, instant recovery requires another manual intervention for IT to move the VM back into the production environment eventually. This may also cause an outage while the movement occurs.

When the drives are replaced, instant recovery does not aid in restoring those drives. Recovery requires a manual and complete restoration of the impacted volumes. Even a RAID rebuild will likely not work, and if it does, it will be very time-consuming and extract a performance toll.

An Instant Recovery Upgrade

As an instant recovery upgrade, ioGuardian’s inline recovery method introduces potentially no downtime. It provides the missing data segments to VMs in real-time, bypassing the need for IT intervention and achieving an instant RTO with an RPO of minutes. Furthermore, VMs continue running from the primary production hardware, avoiding the performance drawbacks of running on a backup appliance. As a result, an outage to move the VM back to the production environment is eliminated. Lastly, when the failed drives are replaced, the ioGuardian server rebuilds the data on those drives automatically, avoiding further restoration or time-consuming RAID rebuilds.

Conclusion

The real-time and instant data recovery comparison highlights the advanced capabilities and benefits of inline recovery solutions like ioGuardian for VergeOS. IoGuardian sets a new data backup and recovery standard by providing real-time data recovery without downtime or manual IT intervention. As businesses rely heavily on their data, adopting innovative recovery solutions while keeping costs in check will ensure operational continuity and resilience in the face of data loss challenges.

To learn more, register for our upcoming webinar, “Can Your Hypervisor Do This? Real-Time and Inline Data Recovery” We spotlight VergeOS’s ioGuardian capabilities, challenging the status quo of hypervisor functionality. Learn what it would take and how much it would cost for other hypervisors to deliver similar capabilities. We will also demonstrate live how ioGuardian delivers missing data segments to virtual machines (VMs), maintaining continuous operations even during multiple simultaneous hardware failures.

Filed Under: Protection Tagged With: ,

by

overcome DR cost and complexity

IT professionals trying to implement disaster recovery (DR) plans that enable their organizations to survive, struggle to overcome DR cost and complexity. The problem is that most solutions don’t take a holistic approach. Instead, current solutions require IT to use a DR component for each tier of the data center infrastructure: storage, applications, and networking, which not only increases cost and complexity but lowers the likelihood that a recovery will be successful.

VergeOS’ holistic approach greatly simplifies DR to the extent that it “just works,” while lowering costs. In addition to unprecedented DR capabilities, VergeOS provides complete high availability and data protection. Learn in our upcoming live webinar and demonstration, “The Missing Fourth Tier of Convergence: High Availability, Data Protection, and Disaster Recovery.”

The DR Problem with Array-Based Replication

overcome DR cost and complexity

Storage systems are a primary focus of any DR solution. Replicating data from a primary site to a secondary site is table stakes for any enterprise solution, and most storage vendors provide such a capability with their products. However, including replication still requires IT to overcome DR cost and complexity issues and makes it very difficult for them to overcome DR cost and complexity.

Dedicated storage arrays, that include replication, often require the same or a very similar storage array in the DR site. As we discussed in our article “The High Cost of Dedicated Storage,” storage vendors already markup the cost of their solutions 5X to 10X the regular cost of hardware, and now, to protect their organizations from a disaster, IT must pay that markup twice.

Creating a separate disaster recovery process for the storage system creates complexity when executing recovery. Storage replication only replicates the data on that dedicated device. If the customer, as many do, has multiple storage systems from different vendors, they need a separate replication process for each system.

In addition, most customers do not place all their data on the storage area network (SAN) or the network-attached storage (NAS). Many customers at least boot their virtualized environments from local storage and many store critical aspects of the application on storage within those local servers. Also, array-based replication will not capture any network configurations and settings. Those need to be separately captured and applied at the disaster recovery site.

As a result, array-based replication, which is by far the most common means of complying with a disaster recovery requirement, is incomplete, complex, and expensive. It forces IT to manage a separate disaster recovery process for each storage system and maintain separate processes for the application tier and the network infrastructure.

The DR Problem with Hypervisor-Based Replication

To overcome DR cost and complexity of array-based replication, some solutions will replicate at the hypervisor, from hypervisor vendors like VMware and standalone third parties like Zerto, now owned by HPE. These solutions capture and replicate data from a virtual machine perspective. The likelihood of success increases if the organization stores all its data within the virtual machines. However, most organizations do not and have separate data storage silos. Hypervisor-based replication also enables replication to disparate storage hardware.

There are challenges to hypervisor-based replication. First and foremost is the cost. These solutions are dramatically more expensive than even array-based replication. The second challenge is that hypervisor-based replication often will not pick up unique storage settings at each location, so the storage infrastructure has to be correctly maintained. Finally, hypervisor-based replication cannot capture all the unique network configurations unless the network is software-defined.

As a result, when performing a disaster recovery test or recovering from a declared disaster, hypervisor-based replication takes significant amounts of time to apply last-minute updates to the DR site, which delays the speed at which the organization can recover from the disaster. Each last-minute step is also a potential point for human error, which can delay the recovery process even further.

Solve the DR Problem with VergeOS

overcome DR cost and complexity

VergeOS’ unique multi-tenant virtual data centers (VDC) provide a holistic disaster recovery solution where every aspect of the data center is captured and replicated in a single movement, enabling IT to overcome DR cost and complexity.

A VDC is an encapsulation of the entire data center, similar to how a virtual machine is an encapsulation of a physical server. A VDC contains all of the components of the data center: all the VMs, all the network settings, and all the storage settings. This encapsulation means IT can perform VM-like movement functions to the entire data center.

While there are many use cases for Virtual Data Centers, the most common is to implement them as part of a DR strategy. To establish a DR site, IT only needs to copy the VDC to their DR site and establish an asynchronous replication between the two. The remote VDC benefits from VergeOS always-on global inline deduplication. Multiple sites can replicate to a single disaster recovery site, and only data unique to the entire global footprint must be transmitted.

In the event of a disaster, the DR copy of the VDC is perfect, containing all the components and configuration settings of the original data center, even the network settings. The DR site can contain different server, storage, and network hardware than the primary, and everything will still function as expected because the VDC has abstracted everything from the physical hardware.

Every infrastructure component is securely stored at the DR site so that recovery occurs seamlessly without last-minute configuration updates. When IT needs to perform a DR test or recover from a real-life disaster, it “just works.”

IT just needs to make the VDC instance active and direct users to start logging into it. Most VergeOS customers report a dramatic reduction in the time and effort to perform their DR tests, and 100% of those impacted by an actual disaster have been able to execute a rapid, successful recovery. In short VergeIO customers have overcome DR cost and complexity.

Lowering Disaster Recovery Costs with VergeOS

Not only does VergeOS simplify disaster recovery, but it also lowers its costs. VergeOS is a single piece of software that integrates virtualization, storage, networking, as well as high availability, and disaster recovery into a cohesive operating environment. As a result, VergeOS includes all of the above functionality in the core software product at no additional charge. The cost savings are dramatic when comparing the cost of a multi-component disaster recovery solution to VergeOS’ holistic DR approach. Many customers report reducing their DR total cost of ownership (TCO) by 60% or more. When customers add the savings of eliminating double-marked-up storage costs and proprietary networking hardware, they can reduce their TCO by 80%.

Conclusion

IT professionals have long struggled to overcome DR cost and complexity. VergeOS offers a simplified and cost-effective DR solution integrated into the platform’s core instead of a never-ending series of expensive add-ons.

VergeOS integrates virtualization, storage, networking, high availability, and disaster recovery into a single software solution, eliminating the need for multiple components and significantly reducing the total cost of ownership (TCO). VergeOS’s multi-tenant virtual data centers (VDC) streamline the process, capturing all data center components in one movement, ensuring seamless recovery.

In today’s unpredictable business landscape, VergeOS revolutionizes disaster recovery, making it efficient and affordable for organizations.

Filed Under: Protection Tagged With: ,

by

Ransomware counts on Patch Tuesday to successfully infiltrate an organization. While there is nothing wrong with applying patches on Tuesday, it is which Tuesday the patch is applied that can open the door that ransomware plows through. Ideally, you want to apply the patch the next Tuesday after the release; doing so would eliminate the exploits that most ransomware and other cyber threats use to do their work.

The problem is organizations wait weeks or even months to apply patches. Why? Because the IT team needs to understand how the proposed patch will impact the rest of their environment. They don’t want to apply a patch that suddenly causes other currently working environments to fail.

Today’s infrastructure solutions must enable IT to vet and apply patches quickly and eliminate Patch Tuesday altogether. IT needs a solution that can address these patching challenges:

  1. Difficulty determining where the potential conflict is because of the number of vendors involved in delivering IT services.
  2. Difficulty in assembling and maintaining a lab environment to test patches.
  3. Difficulty rolling back a patch once it is deployed.
Ransomware Counts on Patch Tuesday

Eliminate Patch Tuesday and set yourself up for ransomware recovery success by attending our live TechTalk, “Creating a Ransomware Response Strategy,” this Thursday at 1:00 PM ET.

There are Too Many Vendors to Eliminate Patch Tuesday

One of the biggest challenges facing IT as they attempt to apply patches to prepare for the next ransomware attack is the complexity of the multi-vendor data center and this is why ransomware counts on patch Tuesday. While Hyperconverged Infrastructures (HCI) were supposed to make the multi-vendor data center easier to manage, they have the opposite effect. Traditional HCI is still a vertically layered stack of multiple software solutions. At a minimum, most HCI has software-defined storage (SDS), hypervisor (VMware/Hyper-V), software-defined networking, and software that protects the environment (backup and recovery).

Many environments are only one step down the software-defined path, running a legacy three-tier stack, virtualizing only compute. As a result, legacy data centers and even more “modern” HCI data centers are equally confusing when determining the impact of applying a patch.

Ultraconverged Infrastructure Simplifies Patch Reconciliation

VergeOS rotates the traditionally vertical IT stack into a tightly integrated linear plane that provides all infrastructure services (networking, hypervisor, storage, data protection) as a data center operating system within a singular software code base. We call this ultraconverged infrastructure (UCI), and it moves beyond legacy hyperconverged infrastructure to deliver greater efficiency and scalability at a significantly lower cost.

Reducing the IT stack to a singular, horizontal layer increases efficiency and scalability and simplifies the patching process. Updates for the entire infrastructure come from a single source, and because VergeOS is inherently highly-available, IT can apply patches and updates without disruption. VergeOS applies patches one node at a time, and workloads automatically move between nodes so that applications are unaffected.

You Need a Lab to Eliminate Patch Tuesday

Patches also come from operating systems and application vendors. Properly evaluating the impact of these patches is best done in a lab. IT organizations need a lab for patch testing and various other use cases. The problem is not just the cost to configure and maintain the lab but also making sure the lab has the same settings and data as the production environment. These requirements mean that most organizations don’t have a dedicated lab environment. When one is needed, they have to scramble to put something together. As a result, the lab is nothing like the production environment they are looking to simulate.

Virtual Data Centers: The Always Ready Lab

One of the critical capabilities of VergeOS is Virtual Data Centers (VDC). Virtual Data Centers are to physical data centers, what virtual machines (VM) are to physical servers, an encapsulation. Using another VergeOS capability, IOclone, IT professionals can, within milliseconds, create a space-efficient copy of their entire data center within.

Capturing the entire data center, including the data, networking configuration, storage policies, and application setups, is critical to ensuring that IT does patch verification against an exact replica of production. Since the copy is standalone and not dependent on the original, administrators can apply the patch without concern of impacting the production environment.

IT can implement a single VDC for its entire data center or subdivide it by application or workload. For example, a VergeOS administrator may create a VDC for Oracle, another for MS-SQL, and a “core” VDC for general-purpose VMs. Each VDC can be cloned hundreds of times, and those clones can be used as golden masters, backups, development, and patch verification.

IT Needs to Eliminate Patch Tuesdays AND Surprise Wednesdays

Even with the best testing, sometimes an errant patch slips through. Depending on the level of chaos it causes, IT may have to recover from the backup infrastructure completely. Recoveries from backup, especially large ones, are time-consuming, meaning IT may deal with the Wednesday surprise for the rest of the week. The problem is most infrastructure software is too inefficient to maintain its data protection points, typically traditional snapshots, for more than a few hours. As pointed out in this article, “VMware Storage Challenges,” this problem is especially apparent in VMware environments.

IOclone: Unlimited Clones and Retention

To make surprise Wednesdays less of a concern, IT needs the ability to retain backup copies for more than a few hours. Traditional backup software can meet this need, but the time and nuances in recovering an application with an errant patch are significant. IOclone has the entire state of the VM and the entire data center or workload. No rollback is needed; point to the last known good instance, and the application is running.

Get Ahead of Ransomware

Ransomware Counts on Patch Tuesday

Because ransomware counts on patch Tuesday, applying the latest patches is critical to staying ahead of ransomware. With VergeOS, IT can apply patches almost as soon as they are released without waiting for Tuesday. They can test application patches against a mirror image of their production environment. If an errant patch slips through, they can instantly point to the non-patched version.

Even with the improved patching capabilities within VergeOS, ransomware may still slip through because of user carelessness. Our IOfortify solution takes you the rest of the way by leveraging the hardened VergeOS, IOclone, and new detection capabilities to deliver rapid restoration from an attack. During our TechTalk, “Designing a Ransomware Response Strategy,” we will conduct a live demonstration of IOfortify in action. See if we can recover a VM under attack during the webinar.

Patch Comparison: Traditional Infrastructure Software vs. VergeOS

Rapid Patch RequirementTraditional Infrastructure SoftwareVergeOS
Determining Patch ImpactDifficult – Multiple vendors makes identifying potential conflicts time consumingEasy – One Vendor
Pre-deployment TestingDifficult – Hard to setup, maintain and pay for dedicated labEasy – Virtual Data Centers and Cloning can create “Instant labs.”
Patch RollbackHard – Recovering from a backup copy is very time consumingEasy – No rollback required, just point to pre-patched clone.

Filed Under: Blog, Ransomware Tagged With: ,

by

The best time for IT Professionals to start building a ransomware response checklist is now, before an attack occurs. There are several reasons for creating a checklist:

√ Successful Ransomware Response requires preparation.

√ Stress levels are high during an attack. You might forget a critical element in a rush to get everything back online.

√ A checklist will expose areas where you must practice and test.

√ A checklist provides a framework for comprehensive auditing.

Section One: Build a Ransomware Resilient Foundation

Implement a Prevention Solution
The first step in building a ransomware response checklist is to have the foundational elements covered. The best response is the one you don’t have to conduct because the attack doesn’t get through. While no prevention solution is perfect, and you still need a response strategy, they are effective at preventing many types of attacks.

Simplify Patching
Most patch releases sent to IT professionals today involve closing down potential security exploits. These patches should be applied upon release. The problem is most IT professionals are hesitant to apply patches to the environment because of downtime and the potential for unexpected impact of the patch. This is especially true of infrastructure software since an errant patch or downtime because of a patch can impact dozens of servers instead of just one.

Simplifying patching is a critical item when Building a Ransomware Response Checklist.

Another challenge is that most IT infrastructures are comprised of multiple pieces of software. Instead of a single, cohesive data center operating system (DCOS), IT must run layers of incompatible infrastructure software components, including networking software, virtualization software, storage software, and data protection software. Patches are applied to these layers when the respective vendor for each layer releases a service pack, which rarely coincides with when the vendors of the other layers release their patches.

Look for a vendor that takes a DCOS approach to infrastructure, which is not only critical to simplifying patching but also simplifies the entire ransomware response effort.

A DCOS should provide two deliverables in terms of patching. First, it should be able to simplify the foundational DCOS patching process by integrating the legacy IT stack into a single software element. Second, it should make the patching of guest operating systems and applications running inside VMs simpler by enabling zero-capacity and zero-performance impact clones so that IT can test the released patch for conflicts with other elements within the data center. If there is a problem with the patch, IT can roll back to the prior version, or if the patch works, roll the patched version into production.

▢ Harden the Operating Environment
An essential but often overlooked step is to harden the infrastructure software as much as possible. Suppose the ransomware can infect a part of the core infrastructure, like the hypervisor, the storage software, or the data protection software. The impact is widespread in that case, and recovery is far more complex.

Hardening the Data Center is a critical item when Building a Ransomware Response Checklist

While most mainstream OSs are not resilient to attack, you should ensure your core infrastructure software, like the hypervisor, storage, and networking software, are hardened. Look for infrastructure software that takes special developmental steps to make it act like firmware, loaded into RAM, and can be replaced easily from an unalterable good copy. Again, a DCOS makes these processes easier since only one software component needs to be hardened instead of three or four.

Section Two: Build a Ransomware Resilient Protection Strategy

Increase Protection Frequency and Retention
Protecting data is an obvious inclusion in any attempt at building a ransomware response checklist. Most data centers run into three challenges when creating a ransomware-resilient data protection strategy:

  1. Protection events occur too infrequently to be meaningful.
  2. Protected copies aren’t retained long enough to outlive a prolonged attack.
  3. Too many protection solutions are used, making the process complex and expensive.
    A best practice for a successful ransomware response is to make sure you are capturing all data hourly. Snapshots, on paper, look ideal for this use case, but most solutions experience significant performance problems as the number of snapshots increases, limiting how long those snapshots can be retained.

Consolidate Protection Tools
To get around the limitation of traditional snapshots, most organizations use at least four data protection tools to protect their environment. They may use a combination of hypervisor snapshots, storage system snapshots, replication software, application-level backup utilities (dumps), and enterprise backup software. Using all these applications makes the data protection process more expensive and complex, especially during a ransomware recovery effort. IT may be unsure which part of the process has the best known good copy.

Look for an infrastructure DCOS that enables you to consolidate, preferably down to one, the number of tools used for data protection. In essence, the DCOS will protect itself. It should provide the ability to protect data frequently and retain those protection events indefinitely without suffering performance degradation. It should enable you to restore the entire data center footprint, if need be, including network and storage configurations, with a single click. Lastly, it should enable affordable, high availability so data can be moved off-site and adhere to all aspects of the 3-2-1 rule.

Finding an alternative to traditional snapshots is a critical item when Building a Ransomware Response Checklist

Consider a Snapshot Alternative
Traditional snapshot technology, standard in most storage systems and hypervisors, is ill-suited to meet these requirements. The metadata requirements to maintain a high frequency, long retention snapshot schedule is too great. It impacts performance and makes deleting old snapshots to free up capacity too time-consuming. Clones are a better option for performance and retention because they are independent copies, but without global inline deduplication, frequent clones and long retention will consume too much storage capacity and degrade performance too much to be practical.

Look for an infrastructure that combines the best benefits of both clones and snapshots by implementing DCOS-wide deduplication. If the deduplication technology is built into the core of the DCOS, then it will eliminate concerns about algorithmic performance overhead and capacity consumption while enabling the cloning of PBs of data in milliseconds.

Section Three: Build a Ransomware Resilient Detection Strategy

Alerting to a potential attack is a critical item when Building a Ransomware Response Checklist

Detect Data Anomalies
Detection is a critical component of building a ransomware-resilient checklist. The sooner the DCOS can alert IT to an attack, the faster IT can stop and remedy the situation. Most ransomware attacks take two vectors after the malware finds its way into the environment. First, they start encrypting files as fast as possible, and second, the malware starts replicating itself to encrypt more files in parallel.

Again multiple detection tools are problematic. Look for a DCOS that can deliver in near real-time, a single source of alerting based on data change rates. In a globally deduplicated environment, the DCOS builds an alert off of an unexpected increase in capacity consumption.

Preserve Forensic Data
When ransomware attacks, most IT professionals’ first reaction is to start the recovery response as quickly as possible. The problem with jumping right into recovery is that the process will likely destroy any forensic data available to determine how the attack entered the environment and how it spread. Both data points are crucial to future prevention efforts.

Instead, look for a DCOS that enables quick isolation of the current state. Again using a cloning type of technology powered by global inline deduplication enables these clones to be made in milliseconds without consuming too much capacity. It is also critical that this clone be independent and isolated.

Create Ransomware Honeypots
Another detection strategy is to create Honeypots of the environment and expose them to attack, obviously anonymizing data in them. These honeypots can alert you of a potential wider threat and provide excellent practice for further hardening your data center. Honeypots typically have a lower false positive rate, when compared to most traditional intrusion-detection systems.

Look for a DCOS that can virtualize entire data centers in the same way that virtual machines virtualize servers. Then the DCOS can easily create honeypot data centers that are securely isolated from the production virtual data centers.

Section Four: Build a Rapid Recovery Strategy

Mount the Recovery, Don’t Copy

When ransomware strikes, rapid recovery is critical. Depending on the severity of the attack, IT may need to recover a few VMs or an entire data center. Copying data from another snapshot or a backup process takes too much time. Again, clone the current state for forensic reasons, then start recovery. The key is to be able to mount, in place, the last known good copy of data. That mount still needs isolation so IT can scan it for any malware trigger files before returning it to production.

Look for a DCOS that can in-place mount a previous VM version or an entire data center. An in-place mount provides instant access to the data so IT can scan it to ensure there are no malware remnants and then provide user access.

How’s Your Checklist?

Building a Ransomware Response Checklist is only effective if you tick all the boxes. If your evaluation is missing a couple of marks, then consider attending VergeIO’s next TechTalk, “Creating a Ransomware Response Strategy,” with our CEO, Yan Ness, and SE Director, Aaron Reid. They will dive deep into the elements of this checklist and show you a live demo of our IOfortify solution for recovering from a ransomware attack.

Filed Under: Ransomware Tagged With: , , ,

by

Ann Arbor, Mich, April 25th, 2023 — VergeIO, the Ultraconverged Infrastructure (UCI) company, today announced the launch of IOclone, a new solution that solves the virtualization snapshot problem facing users today. VMware and other virtualized environments suffer from highly inefficient snapshots and because of performance concerns, customers can only maintain a few active snapshots. This level of retention is insufficient for adequate data protection. With IOclone, customers can now leverage the built-in global data deduplication capabilities of VergeOS to create complete clones of virtual machines (VM) within milliseconds, regardless of VM size. Each clone is immutable and space efficient, initially consuming no additional capacity.

Hypervisors without the powerful capabilities of IOclone require customers to use expensive array-based snapshots or integrate with backup software solutions, forcing customers into an expensive and complicated multi-step solution for data protection. By comparison, IOclone is a single-step process tightly integrated into VergeOS. Once IT sets up a cloning policy, snapshots happen regularly without administrative intervention.

Now customers can create and maintain thousands of space-efficient copies of virtual machines or even virtual data centers without impacting performance. Both the original production instance and clones perform at the full performance of the infrastructure. Clones are instantly available for use in testing, QA, and development purposes, or customers can create “golden masters” and spawn hundreds or even thousands of VMs or virtual data centers (VDCs) from the original, again without impacting performance.

“Both clones and snapshots typically have some overhead in the capacity they consume and the processing required to use them. Clones typically have to make a copy of all of the metadata information, which means the cloning process takes some time upfront, but then they are ready to use and independent. Snapshots trade up front processing time and instead show performance degradation when in use or during clean-up,” said Greg Campbell, VergeIO founder and CTO. “IOclone delivers the best of both. Because our deduplication is part of the metadata in our filesystem, we get all the performance and independence benefits of cloning without their upfront overhead.”

Customers can execute IOclone on the virtual machine, the volume, or an entire virtual data center (VDC). In the same way that a virtual machine is an encapsulation of a server, a VDC clone is an encapsulation of the entire data center. It includes all the VMs within the data center and all the storage and networking policies, delivering near-instant recovery. 

IOclone does not require specialized storage controllers or storage data processing units. Thanks to the efficiency of VergeOS, it works with off-the-shelf servers using commodity flash and hard disk drives within the VergeOS environment. It is integrated into VergeOS and is available now at no additional charge to VergeOS customers. Customers looking to migrate off VMware can leverage VergeIO’s IOprotect and benefit from the immutable limitless protection of IOclone.

To learn more about IOclone, join VergeIO for “TechTalk, A Deep Dive into Virtual Infrastructure File Systems.” Live on May 4th at 1:00 PM ET / 10:00 AM PT. 

About VergeIO

VergeIO is the Ultraconverged Infrastructure (UCI) company. Unlike hyperconverged infrastructure (HCI), it rotates the traditional IT stack (compute, storage, and networking) into an integrated data center operating system, VergeOS. Its efficiency enables greater workload density on the same hardware with high levels of data resiliency. The result is dramatically lower costs and greatly simplified IT.

Filed Under: Press Release Tagged With: ,

by

snapshots or clones for data protection

Most storage solutions will provide IT professionals with either snapshots or clones for data protection, but are the differences between the two functions significant enough to make it part of your selection criteria? Like all things in IT, the answer depends.  In this case, it depends on if and how your vendor implemented the two technologies. 

Register now to join us live on May 4th for technical deep dive into virtual infrastructure file systems and see a live demonstration of IOprotect.

What Are Snapshots?

Deciding if snapshots or clones are best for data protection first requires understanding how the two technologies work. First, let’s look at snapshots. Most storage solutions, be they a filesystem or block storage, have a metadata layer that points to where each data segment resides. A snapshot makes a copy of those pointers at a specific time and then sets those blocks pointing to a read-only mode until it expires. 

Snapshot Update Methods

There are two methods for updating a read-only segment because of a snapshot.  The first method is a copy-on-write process. When a user or application attempts to update or change an existing segment, the storage solution copies the old segment to a new location and allows the new data to occupy the original segment. The storage solution then updates the snapshot metadata with the old segment’s new location. 

The second snapshot update method is “redirect on write”. Using this method, the storage system will write the modified data to a new location and update the metadata of the “production view” of the data. It does not need to update the “snapshot view” of the data. 

Both of these methods limit the scalability of snapshots because multiple writes and multiple changes to metadata need to occur. Also, many storage systems use separate metadata trees to manage each snapshot. As the number of snapshots increases and the depth of those snapshots (snapshots of snapshots), the complexity of managing and updating the metadata wears on system performance.  As a result, where the snapshot is occurring within the hypervisor, on the same hardware as the hypervisor (software-defined storage running as a virtual machine), or on dedicated storage hardware, there are limits to how many snapshots the storage solution can maintain. 

The complexity shows itself by degrading overall system performance. Storage systems with legacy snapshot technology require:

  • Limitations to number of copies retained
  • High-end processors in the storage servers
  • Dedicated data processing units (DPUs)
  • Days to remove old snapshots

What Are Clones?

Clones are copies of existing segments. They are more standalone, and updating a clone does not require the same metadata overhead as snapshots. The independence of a clone means that they don’t suffer from performance degradation as snapshots regardless of how many there are or how long they are retained. Clones don’t need either of the sophisticated update methods that snapshots require.

The Downside to Clones

The typical downside to clones is that they are either complete copies of the original volume or deduplicated copies. A full copy, means that data must traverse the internals of the storage infrastructure, travel across the network to the hypervisor, and back down the network again to the storage system. 

Some hypervisors have initiated capabilities to eliminate traversing the network, saving time. Still, most cloning functions must process data through the internals of the storage solution twice, even if that solution has a deduplication feature. With deduplication, the resulting clone may not consume any additional capacity, but the time to create that copy is still significant, especially if the volume is of any measurable size. It is best not to use the applications while the storage solution clones it. As a result, most organizations don’t use cloning as part of their data protection strategy. 

IOclone — The Best of Clones and Snapshots

As we’ve discussed, clones and snapshots typically have some overhead in the capacity they consume and the processing required to use them. Clones typically have to make a copy of all of the metadata information, which means the cloning process takes some time upfront, but then they are ready to use and independent. Snapshots don’t have the upfront processing time and, as a result, are ready for use almost instantly. However, they show performance degradation as the number of snapshots increases when used or during snapshot clean-up routines. 

IOclone is a capability of the VergeOS operating system that combines the best of clones and snapshots into a single solution. Since global inline deduplication is part of the metadata in VergeOS, IOclone, copies are similar to snapshots. Regardless of capacity, it can create clones of VMs, volumes, or entire virtual data centers in milliseconds. At the same time, IOclone-created copies have the stand-alone performance of independent clones without initially consuming additional capacity footprint.

With IOclone, IT doesn’t have to choose between snapshots or clones for data protection. This capability within VergeOS can retain hundreds, even thousands of copies of VMs, volumes, or entire Virtual Data Centers (VDC) without negatively impacting performance or capacity consumption.

Learn More

snapshots or clones for data protection

Conclusion

IOclone is also part of our IOprotect solution, which enables you to start a VMware Exit by first using VergeOS as a disaster recovery solution. Most customers find IOprotect reduces the cost of disaster recovery by more than 50% without adding additional hardware. It provides a complete recovery environment, converging disaster recovery so that data, applications, and the processing power to recover are all available from a small cluster of nodes. 

As your confidence in VergeOS grows, you can use it for your production environment. The tightly integrated VergeOS architecture delivers more efficient performance, increasing workload density on less physical hardware. Once your conversion is complete, you’ll lower costs by as much as 80% and enjoy an actively developed data center operating system with unparalleled support.

snapshots or clones for data protection

Filed Under: Storage Tagged With: