New buildings are inherently more secure than those constructed even five years ago. In the past, simply locking your most valuable assets in a safe was enough. Today security must encompass the whole building. Elevators restrict access to certain floors, spacious floor layout to ensure visitors are easily identified and entry and exits easily monitored, information networks designed to prevent access by intruders. A building’s security begins with the architect.
This is the approach Veritas took toward security when we began work on the new NetBackup Flex Scale operating environment. Security and resilience were architected into the product at its very inception. The Immutable Architecture is multilayered to encompass the entire data protection infrastructure.
At the core is immutable storage—preventing data from being modified by a bad actor and is a crucial component in ransomware resiliency. Competitive products end with immutable storage, but this is where the Immutable Architecture in NetBackup Flex Scale begins. An intruder would need to get past three layers of protection before they could even get to the immutable storage.
The next layer of protection for the NetBackup Flex Scale is based on containers and container isolation. Containers provide isolation between NetBackup services and include internal software firewalls blocking unauthorized traffic and preventing visibility between namespaces.
The next layer is a hardened operating system that restricts access even to superusers and restricts single-user mode boot options. Hardened operating systems are readily available on the market, but their effectiveness depends on setting the correct policies. Veritas has years of experience deploying hardened operating systems in over 30,000 appliances. All this experience is built into NetBackup Flex Scales Immutable Architecture.
Finally, there is a layer of Intrusion Detection and Prevention to further protect against an attack by a bad actor.
NetBackup Flex Scale 2.1 was released on November 15, 2021, with new resilience features.
Active-Active Dual Site Disaster Recovery ensures fast recovery across sites. Copies of data are automatically replicated between NetBackup Flex Scale systems across sites. Each site is a working deployment, and data is replicated in both directions. If one site goes down, the second site can be accessed for fast recovery, while normal activity continues at the second site.
With the latest release (2.1), NetBackup Flex Scale can easily be integrated into an existing NetBackup deployment. Customers can easily try out scale-out data protection or migrate to scale-out at a pace suited to their business.
NetBackup Flex Scale is inherently more secure and resilient than legacy first-generation scale-out data protection solutions with its immutable architecture. It includes all the security and resilience capabilities of NetBackup and adds layers of resilience beyond just immutable storage.
To find out more about NetBackup Flex Scale and the new 2.1 release, visit: Veritas.com/NetBackup-Flex-Scale or contact your Veritas salesperson.
Additionally, check out this demonstration of how NetBackup Flex Scale automates scaling capacity and job concurrency in a self-managed scale-out cluster with ransomware resiliency and enterprise-level availability.
Really encouraging and good to see the improvements and modern approach here.
I just had one question around whether it was possible, where we have a 2x DC active/active setup and low latency high bandwidth inter-site network links (sub 2-5ms, 100GbE+), to run Flex-Scale in a single cluster configuration across sites and have some kind of affinity for clients in DC1 to target nodes/defined media service in DC1, clients in DC2 to target nodes/defined media service in DC2 etc?
Is this possible, or is this approach not recommended and why...and is the recommended (or only) approach simply to use the built in site-based DR of flex-scale, setting up a primary/secondary cluster etc for dual site and single NetBackup domain configuration?
Thanks for the great question. We support single domain dual site configurations that are active-active, whereby you can have different clients backing up to each site and the data automatically replicating between sites. The catalog is also replicating and if there is a site failure the primary service can be taken over by the remaining site. This is super easy to do and can be configured directly in the NetBackup Flex Scale UI or via API.
I plan to write a blog detailing this in the next month so keep your eyes out for more details. There is also an updated technical overview white paper that should be published within the week that details this as well.
While this is two separate clusters it is a single NetBackup domain. As far as a single stretch cluster with affinity for writing to different sites that is not possible and would defeat the purpose of a single self managed solution with automatic load balancing. Please feel free to reach out to your Veritas rep to setup a call and ask them to include me if you would like to discuss more details.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.