Backup and Disaster Recovery solution at Koningin Elisabeth Instituut (KEI)

Backup solutions have changed greatly over the years but true conceptual changes have been rare. Using traditional infrastructure for backup strategies was common practice. It included complicated implementations and high maintenance. This led to difficult recovery and unreliable backups. Veeam software brought many advantages and it’s a great solution for many customers, but it’s still hard to scale, complicated and therefore, it generally has a slow recovery for entire virtual machines.

What is the most important characteristic of a backup and a disaster recovery (DR) solution for businesses? The answer is a recent point objective (RPO) which is reliable and preferably does not affect the end-user or the environment. For disaster recovery, this is a quick recovery time objective (RTO), preferably with a simple restore-procedure to follow when a disaster occurs.

Rubrik delivers this, and we have been able to provide these backup and DR characteristics (and much more) to one of our customers, a rehabilitation treatment center called ‘Koningin Elisabeth Instituut’ (KEI).

Koningin Elisabeth Ziekenhuis (KEI) is situated in the coastal municipality of East Dunkirk. KEI provides an IT-infrastructure to more than 300 employees. Using Orange Cyberdefense's Workspace, they deliver virtual desktops to the end-users. Want to know how Orange cyberdefense improved their IT environment? Check out the reference case. In order to deliver reliable services, a backup and DR solution was essential.

More information about the architecture can be found here:

• A detailed presentation about the Atlas file system: https://vimeo.com/192017460
• A white paper (Rubrik) about data integrity: https://pages.rubrik.com/DataIntegritywithRubrik_Registration.html

The architecture provides security in different ways.  The communication between the nodes is FIPS level 1, encrypted with TLS containing self-signed certificates or X.509 certificated signed by a certificate authority. For the 3xx series, internal software-based encryption is supported through AES-256 encryption. The Key Encryption Keys (KEKs) are stored on the internal  Trusted Platform Module (TPM) chip or on an external KMIP server. Self-encrypting drives are available on the 5xx series.

Remark: the Edge virtual appliance which is used as a Remote Office/Branch Office (ROBO)-solution, has the same architecture and functionality but it does not support data encryption at rest.

The first backup taken of a VM is a full backup. All following backups are always incremental. Currently, no network throttling is available, yet. This could stress the network if the first backups are not being monitored. If stress would get too high, assigning an initial backup window could solve this. After this, Rubrik always uses incremental backup based on the changed blocks on the host before data transfer, minimizing the network saturation.

There are different backup capabilities depending on the used operating system and environment. Using vCenter as a source, Rubrik uses VMware tools to take the backup.

By default, three SLA Domains are present: Gold, Silver and Bronze. These can be customized and tailored SLA Domains can be created. Each SLA Domain has specific policies assigned:

• Backup frequency and retention period
• Replication to another cluster (physical or cloud)
• Archiving to the cloud (Amazon S3 or Azure), NFS or Tape
• When archiving and replicating, security is ensured by using AES-256 encryption

When another Rubrik Cluster is present for replication, the SLA Domains on that second cluster are listed on the local cluster as ‘Remote SLA Domains’.

SLA Domains can be assigned to specific objects or vCenter folders, host or cluster.

It’s important to know that in case the retention period of an SLA Domain is increased, it not only affects future backups but also the backups that were previously taken. A different approach and mindset are needed when discussing a backup strategy using Rubrik.

Using email reporting, Rubrik can be used without being constantly worried about the reliability of the backups. The reports can list SLA Domain compliance, storage usage, amount of data transferred, daily growth of the backup data, etc.

Combined with graphs of the storage usage over time and an estimated runway of used storage, this ensures the backup admin has time to react before the cluster has an issue. Adding a node or configuring archiving can be done long before storage is full.

Using the Atlas filesystem, predictive search can be used for all names of the backed-up objects. This is convenient for management and in case of an emergency, there is no need to browse and try to find a certain VM in a long list.

Many targets are supported, including but not limited to:

1. Hypervisor: 
   • ESXi 5.1, 5.5, 6.0, 6.5
   • Hyper-V 2008 R2 with connectors, 2016 natively with WMI and RCT
   • Nutanix AHV 5.1 or higher
2. OS/Application 
   • Physical/Virtualized Linux RHEL 5/6/7, CentOS 5/6/7, Oracle Linux 5/6/7, and SUSE 11 SP4
   • Physical/Virtualized Windows 2008 R2, Windows 2012 and 2012 R2, Windows 2016
   • SQL DB’s with transaction log backup. Starting from Rubrik 4.0, named Alta, Live Mount for SQL DB’s has been added.
   • Oracle RMAN (Oracle Database 12c R1 (12.1.0), 11g R2 (11.2.0), and 10g R2 -ASM & RAC Supported)
   • Application-aware backup and recovery is available through Microsoft VSS integration for Microsoft Windows 2012/2008 R2, Microsoft Exchange Server 2010/2013, Microsoft SharePoint 2013, Microsoft SQL Server 2008/2008 R2/2012/2014, Microsoft Active Directory in Windows Server 2012/2008 R2

Rubrik provides an easily manageable yet feature-rich backup solution, many features were not covered here. It takes backup and disaster recovery to a new level with features we did not associate it with before. We look forward to the next Rubrik release to provide an even better solution to our customers.Do you have a question about this blog post? Please, do not hesitate to contact us.