SaaS Backup for VMware Cloud on AWS – Have Your Cake and Eat it too
Don’t we all want to have our cake and eat it too? I know I do…. In today’s enterprise, having it all means leveraging both public and private clouds together without having to compromise or change the way things are done. This is the value of VMware Cloud (VMC) on AWS. Customers get the benefit of public cloud as a managed service offering jointly built with VMware and AWS, on a platform they all know and love on-premises. VMC has quickly become an easy button for enterprises to seamlessly and securely move their applications to the cloud without compromise. But once you are there, your application data needs to be protected from ransomware, cyber attacks, and potential data loss. To avoid all of this, I am excited to announce that Clumio has achieved VMware Cloud on AWS validation and has earned its VSAN Ready Badge. Now you can confidently protect your VMware environment on-premises or in the public cloud with the same policies and the same awesome Clumio authentic SaaS experience. The validation is not an easy one and it assures customers that Clumio is built to VMware’s stringent standards for reliability, interoperability, and is optimized for VMware.
In this blog, we are going to review some of the challenges with developing a data protection solution on VMC and how our joint engineering with VMware enables a new experience for our customers. Before we dig into the nuts and bolts of why this validation is important, let’s review some of the fundamentals of vSphere backup with VMware hosting this solution on AWS.
Network Block Address (NBD) vs SCSI Hot Add:
Traditional backup solutions, especially hardware appliances, frequently leverage Network Block Device (NBD) access. NBD connects a storage device in VMware to a remote server, typically a backup media server or node in a backup cluster.
NBD requires access to the VMKernel ports, which are unfortunately gated on VMware’s private network in VMC. This becomes a substantial challenge for most backup vendors that leverage NBD and why you don’t hear about many vendors of yesterday supporting data protection in VMC.
At Clumio, we leverage SCSI hot add and this is the only way it is currently supported with VMC. SCSI hot add works by leveraging the Clumio Cloud Connector as a proxy to mount VMware snapshots which allows us to backup the VMDKs.
Once snapshots are attached, data is deduplicated, compressed, and encrypted by Clumio before sending the data to an air gap solution outside the customer’s VMC instance to be stored in Clumio’s AWS account (the customer owns the encryption keys). You may have heard of SCSI HotAdd in the past from other legacy products with limited success, as it requires manual scaling, tuning, and management per proxy. The Clumio Cloud Connector, on the other hand, can scale-out as needed, with linear performance growth, no management, and intelligent auto-optimization and balancing.
An additional challenge with data protection in VMC is egress charges for every byte that leaves your VPC (Virtual Private Cloud) which results in additional, unpredictable AWS costs. Clumio’s architecture takes advantage of Amazon S3 VPC endpoints to maximize performance and negate the egress costs associated with moving backup data from a customer’s VMC Connected VPC to the Clumio cloud service. These endpoints are easy to configure, highly reliable, and provide a secure connection to S3 that does not require traversing the internet gateway. We are one of the only validated solutions to provide this benefit shown in the diagram below:
AWS VPC ENDPOINTS FOR CONNECTIVITY TO S3
PREFERRED SOLUTION – SAME AWS REGION
Beyond all of these optimizations, this validation enables a better experience for our customers through VMware support. We made significant updates for VDDK 6.7 to orchestrate snapshots through VMware supported Library platforms. This joint engineering work with both Clumio and VMware enables internal logging for VMware support to ensure full visibility of our platform. We now show up in VMware’s phone home details and their compatibility list which means a support engineer from VMware can analyze and troubleshoot the issues. If APIs ever break, VMware can quickly notify us of potential problems. We are a member of TSAnet, so VMware has communication channels to talk with us directly making support issues a breeze for customers.
Lastly, VMC validation opens new opportunities for customers to restore faster if they have a disaster on-premises or want to migrate to VMC. Many of our customers love the idea of a protected migration, where they backup the data on-premises and restore to VMC. Restores can be faster as well, with large internet pipes in AWS cloud, with every restore on its own pipe for bandwidth. This enables customers to launch more jobs in parallel and scale-out cloud connectors to get more concurrent streams and reduce RTO.
And our customers love this solution as well. Thomas Dixon, ISO and Director of Information Security at Cal State East Bay said, “VMware Cloud on AWS allows us to accelerate our aggressive cloud initiatives given that it is a simple extension of our VMware environment on-prem. However, data in the cloud requires a different treatment when it comes to security and data protection. Clumio secure backup as a service offering fits perfectly with our SaaS-first, Cloud-first approach and its ability to support multiple workloads with a single service and a single set of backup policies will provide massive value regardless of where our cloud journey takes us over time.”
Clumio is removing barriers to the cloud so that customers can fully embrace the benefits of SaaS backup within the software-defined data center, helping them to accelerate to the cloud even faster. The unique engineering of authentic SaaS and the simplicity of VMware Cloud on AWS enables ransomware and data loss protection and is a secure as a service solution with little to no management.
To learn more about this validation and solution, please check out the following resources:
Until next time, take care and stay SaaSy my friends……..