What are you looking for ?
Advertise with us
RAIDON

Rubrik NAS Cloud Direct on AWS

To elevate your unstructured data protection strategy

This article, published on October 16 2024, was written by Alpika Singh, technical marketing architect, Rubrik, Inc. and Girish Chanchlani, principal solutions architect, AWS.

From AWS: Elevate your Unstructured Data Protection strategy
with Rubrik NAS Cloud Direct

Unstructured data is the foundation of most companies and growing at an unprecedented scale. As the volume of unstructured data expands, it presents multiple challenges from a data protection perspective. First, due to its constantly changing nature and growing size, it needs backup and recovery methods that are optimized, fast and scalable for reliable protection. Secondly, because of the growing threat of malware such as ransomware, backups need to be stored in secure immutable formats to protect them from being modified or deleted. Finally, the solution has to be cost efficient.

In this blog post, we showcase how Rubrik NAS Cloud Direct, a SaaS solution built on AWS, helps you meet these challenges by providing a highly scalable data protection solution that can protect multi-terabyte sized file systems running on-premises or in the cloud.

Rubrik, an APN Storage Competency Partner, provides multiple solutions that help protect your applications and data, no matter where they reside. NAS Cloud Direct combines robust data protection, cyber resilience, and recovery with efficient management across cloud-native, hybrid, and data center applications.

NAS Cloud Direct: Solution Overview
NAS Cloud Direct (NAS CD) is a SaaS-based offering in which the control plane exists within a Rubrik-owned isolated tenant environment on AWS. It hosts the index database and compute resources that manage backup jobs and policies. This SaaS control plane deploys stateless VMs in customer’s own infrastructure to support backup and recovery operations.

Designed for high-speed data transfers, NAS CD optimizes network bandwidth during backup, archive, and replication tasks without impacting production file services. It provides a simple policy-based model to help users configure backup frequency, data retention, and optional replication targets (local or cloud-based), based on their business requirements.

Figure 1: Rubrik NAS Cloud Direct Architecture on AWS
Rubrik Nas F1

Rubrik NAS CD enables organizations to backup unstructured data by copying it from multiple sources such as generic NAS storage, Amazon Elastic File System (Amazon EFS), Amazon File System on NetApp (Amazon FSxN), and Amazon Simple Storage Service (Amazon S3) to an Amazon S3 target in customer owned AWS accounts. It supports most Amazon S3 storage classes including archive storage classes such as Amazon S3 Glacier Flexible Retrieval and Amazon S3 Glacier Deep Archive for cost effective long-term storage. The solution enables rapid and efficient recovery and archival, offering the ability to quickly search through billions of files and recover to AWS, on-premises, or alternate targets.

As highlighted in the figure 1 above, NAS CD architecture comprises of 3 main components: Rubrik Security Cloud (RSC), Stateless VM, and the Rubrik Managed NAS CD Control Plane. Using zero-trust principles, RSC provides centralized backup and security policies across enterprise, cloud, and SaaS applications, ensuring secure data protection, recovery, and access. It implements strong authentication through Single Sign-On (SSO), Multi-Factor Authentication (MFA), Role-Based Access Control (RBAC), and SSO with SAML for customers to use their enterprise identity providers for authentication.

The stateless VM, deployed as an Amazon EC2 instance through the AWS marketplace AMI catalog, is deployed in customer owned AWS accounts for protecting AWS resources and connects to Rubrik’s control plane for backup, archive, and recovery operations. Similarly, for on-premise sources, customers can deploy the stateless VM on supported hypervisors.

The Rubrik Managed NAS CD Control Plane operates core elements of the architecture, including Cloud Slab, which is the central storage layer responsible for securely managing key components like metAdata: indexes, and the blob data store. It maintains job information repository that tracks status of data tasks for real-time system performance monitoring. The Index Database captures and organizes metadata for efficient data retrieval, supporting protection and recovery operations. Cloud Apps provide a centralized management interface (accessed only via RSC) for overseeing all operations, such as creating backup and archive policies, performing recovery operations, and monitoring backup and recovery jobs.

Backup Process

Figure 2: Rubrik NAS Cloud Direct Backup Process on AWS
Rubrik Nas F2

NAS CD orchestrates backups by connecting a stateless VM to various data sources (SMB share, NFS export, or S3 bucket), where it employs advanced scanning to identify new, modified, or deleted files (step 1 as shown in figure 2). This preparatory phase includes parallel processing of scanning, indexing, and copying of data for efficient handling. Once data is earmarked for backup, the VM transfers it along with its metadata to a specified destination (step 2a), ensuring secure replication according to predefined policies.

In a subsequent step (step 2b), the VM also updates the NAS CD Control Plane with job status and metadata. This ensures centralized control and oversight over backup activities. The process maintains a one-to-one source-target relationship, with an initial full backup followed by incremental ones, assuming no change in the source and target configurations. The framework allows for simultaneous scanning, indexing, and data writing, speeding up the handling of large volumes of unstructured data and optimizing the backup process efficiency.

All communication with the VM is encrypted over HTTPS, with the VM handling only outbound traffic. As noted, VMs are stateless, where if a VM was to abruptly stop in the middle of an operation, Rubrik control plane spins up another one that resumes the halted operation with minimal impact. Customers can also deploy additional VMs to meet performance requirements for backup and restore operations.

Restore Process

Figure 3: Rubrik NAS Cloud Direct Restore Process on AWS
Rubrik Nas F3

A restore is initiated from a specific snapshot at a designated time, either through the user interface or using APIs (step1). Based on the restore timestamp, the restore service in the VM then generates a list of directories, files or objects and identifies their references in the target storage (step 2). The read plan table is created which contains the list of objects and blobs to be retrieved from the target storage, based on the detailed list generated in the previous step (step 3). Backup data can either be restored back to the original source, or to an alternate destination. If data is restored back from Amazon S3 Glacier storage classes, it is first rehydrated to Amazon S3 Standard storage class and then restored to the destination. During a restore, directory structure is first recreated, and large files are restored immediately. Small files to be restored are grouped into 100MB chunks for efficient processing, and directory permissions are then applied to maintain access controls (step 4a). After initiating the data restore, administrators can track its progress via the Rubrik NAS CD UI, providing full transparency and control throughout the process (step 4b).

Additional capabilities of Rubrik NAS Cloud Direct

Migration to AWS at Petabyte Scale
Beyond core NAS data protection, NAS CD facilitates fast and secure transfers of large-scale data (petabytes) to AWS. The service supports migrations from on-prem and cloud sources to AWS file services and Amazon S3, using an ‘incremental forever’ approach for data synchronization. This minimizes bandwidth use and accelerates data transfers, facilitating easier and quicker cloud migrations.

Protection from Cyber Threats
Another key capability of NAS CD is its ability to store backup snapshots in an immutable format, which protects backup data from modification or deletion by ransomware or unauthorized users. This provides a reliable last line of defense vs. cyberattacks. Rubrik’s Anomaly Detection features proactively monitor data patterns to identify signs of ransomware and other threats. By detecting unusual activity early, Rubrik helps organizations respond swiftly to potential attacks, enhancing overall data security. In the event of a ransomware attack, Rubrik enables rapid data recovery from snapshots free of anomalies to minimize downtime and data loss.

Customer Case study: Healthcare customer
Digitizing patient records improves healthcare quality and efficiency, but simultaneously creates complex data management issues. A typical healthcare organization needs to secure millions of sensitive files – including patient records, medical images, EHRs – to meet regulations like HIPAA and protection vs. cyber threats. As systems like EHR applications span diverse infrastructures, traditional data management solutions often lack application awareness and scalability required to manage this large data volume, leading to performance issues and backup failures.

To address these challenges, a healthcare organization partnered with Rubrik and implemented NAS CD to protect their unstructured healthcare data. The solution offered a unified platform to manage, secure, and recover critical healthcare data across various environments and workloads. The organization was able to meet their large-scale backup needs with high performance and scalability. The advanced security tools built into Rubrik NAS CD, enabled Anomaly Detection and cyber recovery, helping the organization quickly respond to cyber threats while maintaining data privacy and compliance with regulations like HIPAA and GDPR. By partnering with Rubrik, the healthcare organization successfully addressed data management challenges, improved cyber resilience and ensured rapid recovery for BC.

Conclusion
The rapid growth of unstructured data, combined with escalating cyber threats, presents a triple challenge: protecting data reliably, securing it from threats, and controlling costs. NAS Cloud Direct, built on AWS, effectively addresses these challenges by providing a reliable, secure, and efficient data management solution. This solution protects your unstructured data across various sources, including on-premises and cloud-based environments, and backs it up to multiple storage targets, including most Amazon S3 storage classes.

It is built for the cloud, ensuring that organizations can protect and easily recover their data in any situation.

Articles_bottom
ExaGrid
AIC
ATTOtarget="_blank"
OPEN-E