Backup for EBS: A Solution Driven by Customer Requirements

Clumio recently announced that its secure backup as a service for enterprises now supports AWS EBS. In this post, we will cover some of the customer motivations and challenges we had to overcome to build the solution.

Gathering Requirements

After we launched our service to protect VMWare workloads on-prem and in VMware Cloud on AWS, our customers started asking for a similar backup as a service for AWS EBS. It made perfect sense for Clumio to build this new solution. Since we are heavy users of AWS (our platform is built on AWS), we understand where the data protection challenges are. But it was most important to spend time with our customers to determine some of the specific issues they needed to overcome to create a better backup experience that would help propel them faster on their cloud journey.

Here are some of the requirements that we collected:

• Multi-account: Most customers have several AWS accounts. We have seen customers with tens of accounts and in some cases thousands of accounts. One reason organizations create multiple accounts is because it is the recommended way to limit exposure if a single account gets compromised.Customers also asked us to perform backups and restores across different regions. Clumio’s data reduction technologies not only help with the storage costs but also with the cross-region transfer costs. Remember, everything is metered in the cloud.Requirement: Enterprises need an easy way for admins to configure and monitor backup policies across multiple accounts and regions.
• Air gap: Backups cannot be in the same account as the primary workload. Customers are creating multiple accounts to replicate snapshots to try to limit the exposure of an account getting compromised. EBS snapshots are created in the same account/region as the primary and thus does not satisfy this condition. An EBS snapshot can be copied to a different account. however, this approach has limitations given the extra cost, scalability, and management needed.
  Requirement: Enterprises need to have data backed up outside their existing AWS accounts to avoid exposure to data loss.
• Cost-effective: The solution must be cost-effective. We heard several times that EBS snapshot retention policies are determined based on the budget. Very often the retention period in the cloud is a lot shorter for EBS snapshots than backups on-prem as a result.Requirement: Enterprises need predictable costs for data protection in the cloud plus high levels of efficiency to ensure any AWS costs are minimized.
• File-level restore: 90% of the restores are single files, thus the best solution must post-process every backup and catalog individual files to allow efficient file-level search and recovery.Requirement: Enterprises need global search and single file restore capabilities, without the complexity or time wasted to mount existing snapshots and find the files.

Meeting the Requirements with a Service

All the points described in the previous section can be achieved only by implementing a first-class data management platform in the cloud. EBS snapshot-based products (aka snapshot managers) fall short in delivering some or all of these points.

Customers can add multiple AWS accounts and regions into Clumio (multi-account). All data that is ingested is securely stored in Clumio (air-gap) and indexed to allow file searches and restores (file-level restore). This is no different from what we have previously done for VMWare VMs. It is the same solution and experience regardless of the source of the data.

In addition to delivering all the customer values described above, we continued to incorporate our core design principles when implementing our secure cloud-native data platform.

• Simple: Customers can manage several to thousands of AWS accounts and in multiple regions. They can add as many accounts as they want and it is extremely simple to onboard them.
• Security: Principle of least privilege. Clumio operates with the least privilege and every access must be justified and time bounded.
• Data Encryption: All data is processed and encrypted before leaving the customer’s account.
• Audit: Everything that Clumio does in the customer’s account can be traced and is auditable.

The Big Picture

Adding AWS EBS backup to the Clumio service is the most recent step forward as we execute toward our vision to deliver a c0onsolidated data management platform. Users can now add multiple data centers distributed in different sites, VMC and any number of AWS accounts into our platform. Customers can manage all of these from a single policy engine and the data is deduplicated across all of your data regardless of their source. Backup from one location and restore it into a completely different location. This all happens through the consumption of SaaS just like other enterprise workloads for email, salesforce automation, or data warehousing.