Blog

Google Cloud Disaster Recovery and Data Protection with Cloud Volumes ONTAP

The tools and processes an organization have at its disposal to ensure data protection with Google Cloud increase significantly compared with the ones available in traditional on-premises data centers. But there are still challenges to consider, namely data protection, which includes your Google Cloud disaster recovery and Google Cloud backup plans.

With more government regulation and compliance requirements appearing in recent years, combined with an increased demand for globally available systems and infrastructure, it is safe to say that both the expectation level and challenges an organization faces to ensure data protection and privacy have also grown.

In this post we’ll take a closer look at the data protection challenges Google Cloud users face, and how Cloud Volumes ONTAP can help address them.

Data Protection Challenges

It can be a daunting task to get a holistic view of what an organization needs and can use for Google Cloud data protection. This can be challenging at any time, but possibly even more so when juggling the many tasks involved with a Google Cloud migration

While cloud managed services act as solid building blocks that can make this less painful, with features such as storage snapshot technology and multi-region replication, it still requires deep tech expertise to design and orchestrate a highly available system that can properly implement Google Cloud disaster recovery, backup data protection, and security measures. Bottom line: as engineers, we know that it will require a significant amount of effort (time and money), and it can be really challenging to tick all these boxes.

However, the true challenge of data protection goes beyond mere technical capabilities. The biggest challenge is what and how an organization can govern the data they store and process. Today, security and compliance are critical areas for businesses running on Google Cloud. GDPR, CCPA, PCI-DSS, and other regulatory guidelines can help, but it is ultimately the responsibility of the organization to handle the data subject requests, audits, and overall making sure everything is properly taken care of.

Therefore, from a business point of view, you want to minimize the risk of a service disruption, data breach, and corruption, all of which can expose your organization to a potential loss of revenue and business impacts due to operational disruption, reputation damage, lawsuits, and compliance issues.

What Google Cloud Services Offer for Data Protection

Google Cloud does not have data protection services, per se, but its service offering has built-in data protection capabilities. Google uses a multilayered approach towards data protection and reliability, one that covers distinct areas from the physical (data center, network, hardware) to the virtual (user identity, internet communications, services) spectrum. A Google Cloud user needs to know the right combination of services and configuration to fulfill data protection requirements.

The main built-in storage services in Google Cloud (Google Cloud Storage, Cloud Filestore, and Persistent Disks) have readily available capabilities that help with basic data protection needs.

While providing a solid base for data protection, it requires some effort to assemble the needed building blocks and custom develop these capabilities (for example, disaster recovery, backup data protection and data governance). Furthermore, the storage services from Google Cloud do not provide an holistic view and storage management of an enterprise's needs since they are limited to the Google Cloud environment and can’t be used in hybrid scenarios (on-premises data centers or across cloud providers). 

Data security is another, equally important requirement. From a technical perspective, data needs to be automatically encrypted while in transit and at rest. Also, any storage access requires a strong authentication and authorization for both humans and services that can be audited and trusted. Moreover, it should be possible for data to be replicated and made available as needed for backup and disaster recovery purposes.

By default, with any of Google's own storage services, all data is encrypted at rest using Google-managed encryption keys. Further, customers have the ability to use Google KMS to manage their own encryption keys and control access to resources using Cloud IAM.

To ease off the security and compliance concerns over data privacy, Google provides the Cloud Data Loss Prevention service, that can help to discover, classify, and redact sensitive data.

Adding Value with Cloud Volumes ONTAP Data Protection Capabilities

NetApp Cloud Volumes ONTAP is an innovative data management solution for Google Cloud that enhances the existing Google Cloud services. It provides out-of-the-box storage capabilities, such as data protection, storage efficiency, cloning, tiering, storage hybridity and much more. Cloud Volumes ONTAP features are especially useful for organizations with demanding data governance needs. 

Cloud data protection is a key element of a good cloud strategy and governance. NetApp Cloud Volumes ONTAP covers the different data protection challenges an organization faces, and overall simplifies the storage management.

NetApp Snapshot Copies

The ability to create point-in-time copies of a storage volume is crucial for data management. The snapshot functionality that exists in most cloud storage services provides that ability, enabling incremental copies of your data and serving as a means of backup. There are however, key aspects that differentiate how different storage services implement this technology. 

Contrary to the Google Cloud own storage services, NetApp Snapshot™ technology does not require a full copy of the source data, which allows snapshots to be taken and restored much faster. A traditional limitation of snapshots is that to ensure a complete and consistent copy of the data, the compute instances should suspend data writes during the snapshot creation process. NetApp Snapshot copies are created instantly, and users can keep up to 255 snapshots of a hot, active file system without any performance degradation.

In addition to the performance and flexibility, the NetApp Snapshot copies also end up saving you money due to the space optimization compared with other snapshot technologies, enabling snapshots to be automatically transitioned to inexpensive storage tiers.

Backup and Recovery

Data protection strategy is not complete without a proper process and mechanism for backup and recovery. While using Google Cloud, as per the cloud shared responsibility model, the customer is ultimately responsible for the deployed resources, which includes making sure backup data protection is in place. It is also essential to consider not only the data you store in Google Cloud, but also any other data storage locations such as on-premises or additional cloud providers.

It is important to have a well-defined process and service that can store data safely and securely throughout its entire lifecycle. In addition to the usage of a snapshot technology, it is crucial to have data archives that can be used to store data that is still valuable to the organization but might not be in active use anymore.  

NetApp Cloud Volumes ONTAP enables data replication—that act on the current state (version) of the data volume—and data archiving capabilities, which provide a way for organizations to backup data volume historical versions, for audit purposes, saving costs, or meeting compliance requirements. This feature enables organizations to backup data in an efficient way and without Google Cloud data storage costs getting out of hand.

Furthermore, because Cloud Volumes ONTAP work across multiple cloud providers and on-premises locations, it makes it simpler to implement a backup and recovery process and have a holistic data protection strategy.

Google Cloud Disaster Recovery

Often, backup and disaster recovery are confused because they both share a similar logic and goals, yet there are significant differences between them. A backup is designed to help recovering from data corruption and service disruptions in a given infrastructure environment, while disaster recovery is slightly different and expands this ambition behind this goal.

The main objective of disaster recovery remains the same as backups, in that it enables the organization to recover data in case something happens—but disaster recovery goes beyond this goal and has often different service level agreements, infrastructure location, and data integrity requirements. Disaster recovery is designed to help recover the whole infrastructure, making it possible to seamlessly failover the entire operation to a secondary copy during a disaster and then failback when the problem has been resolved, even in a different location if required.

NetApp Cloud Volumes ONTAP DR provides a significant advantage compared with Google Cloud built-in storage services. Because Cloud Volumes can be easily made available in different locations, it makes it extremely easy to create a remote replica of your environment in a different location and have it ready to take over in case of a failure in the primary environment.

Using SnapMirror®, Cloud Volumes ONTAP’s built-in replication technology, the entire Google Cloud disaster recovery process can be offloaded from custom business logic running on instances to the built-in capabilities of the storage solution itself, thus ensuring a fully-synchronized mirror site of the environment. In addition, it comes with out-of-the-box support to make this possible across different availability zones, regions, or even cloud providers, ensuring that organizations have maximum flexibility regarding the location of their secondary replica environment.

This entire DR process is cost effective, as Cloud Volumes ONTAP’s storage efficiencies make the secondary copy even less expensive to store in the cloud. Besides deduplication, compression, and compaction, Cloud Volumes ONTAP also allows the entire copy to be tiered to inexpensive Google Cloud Storage, where costs are much lower than on Google Performant Disk. When the copy is needed, Cloud Volumes ONTAP shifts it seamlessly back to Performant Disk for rapid use.

Data Security

The security of an organization's data is vital to its day-to-day operations. A data breach or corruption can ruin the reputation and cause massive revenue loss. The storage service needs to support encryption at rest as well as in transit, and enable strict data access control. As we mentioned earlier, Google Cloud KMS and IAM help to address these requirements. However, data security in an enterprise environment expects additional capabilities from a storage service itself.

A growing concern for enterprise organizations is handling data security in multi-tenant cloud environments. Since the underlying resources are sometimes shared by multiple departments, business units, or external customers, it is important that an organization can take precautions against any kind of unauthorized access.

Cloud Volumes ONTAP’s data security features build on this, enabling organizations to use different encryption technologies both at rest and in transit using the SMB3+/NFS4.1+ protocols and immutable write-once/read-many (WORM) storage volumes. In addition, Cloud Volumes ONTAP comes with out-of-the-box Vscan antivirus integration and ransomware protection, ensuring both the integrity, availability and reputation of your organization.

High Availability (Coming Soon)

The Cloud Volumes ONTAP high availability (HA) configuration is an upcoming feature for Google Cloud that changes the game in terms of how organizations can achieve high availability, in order to meet a “five nines” service level agreement and maintain a RPO (recovery point objective) of 0, while ensuring strict compliance and data integrity requirements.

Traditionally fulfilling these requirements and expectations with on-premises data centers has been a highly challenging endeavor. With cloud, managed services make it possible to create highly available systems with less hassle, however choosing the right services and configuration combination of such a solution still requires expert knowledge.  

NetApp’s Cloud Volumes ONTAP dual instance HA configuration provides a ready-made solution for storage in the cloud without the risk of data loss. With HA enabled, all data volumes can be synchronously mirrored across multiple locations, with operations only completing after all the information has been written to each Cloud Volumes ONTAP node. This allows different high availability scenarios and modes of operation such as active-active, where data can be written to either node, or active-passive, where one of the nodes stays in standby and only serves out reads.

A Better Solution for Data Protection Challenges

As we saw throughout this article, Google Cloud disaster recovery and data protection can be enhanced by NetApp Cloud Volumes ONTAP’s capabilities to enable more secure cloud deployments. Moreover, it will optimize the cloud storage costs and performance, by using built-in storage efficiency capabilities and automatic storage tiering, shifting infrequently-used data to the appropriate storage type without manual intervention.

-