Originally posted by: JOWALTER

by Wilhelm Gardt and Joerg Walter

Introduction

Today many organizations are using some form of cloud services, be it private, public or hybrid cloud and storage infrastructure is an integral part of these deployments. Another noticeable trend in the data center is to get more out of backup data than just recovery. Reusing backup data for new use cases such as DevOps and analytics allows IT organizations to derive more value from their data.

An IBM Blueprint describes how to bring together an on-premises virtual IT environment and IBM Cloud in a disaster recovery solution and manage the overall environment with IBM Spectrum Protect Plus. IBM Spectrum Copy Data Management adds fast storage-based FlashCopy technology.

Real-world examples demonstrate the business value of this solution: Backup, restore and re-use of Oracle and Microsoft SQL Server databases, as well of VMware virtual machines.

IBM Spectrum Protect Plus is a simplified backup/recovery and data access solution for virtual environments and applications on physical and virtual servers.
The new IBM FS9100 platform is the storage foundation for building the next-generation Data Protection and Reuse solutions. It runs IBM Spectrum Virtualize software and enables the backup storage of Spectrum Protect Plus to act as a temporary datastore for instant access and cloning operations.

Architecture Overview

The solution described in the blueprint consists of a vSphere environment comprising two data centers. The primary data center, on-premises, contains a VMware environment and application systems on virtual and physical servers, such as Microsoft SQL Server or Oracle databases. The secondary data center, off-premises in IBM Cloud, holds a replicated copy of primary backup data and provides compute resources to take over systems in case of an outage or disaster at the primary site. In addition, the backup data in both data centers can be used to clone VMs and databases or just start up a new environment (without restoring) for DevOps, reporting, analytics and more.
Figure 1: VMware Data Protection and Reuse in a Hybrid Cloud environment

The components of the solution and their configuration are described in more detail in the following chapters.

The Network Design

Communications between the on-premises VMware environment and the off-premises components in the IBM Cloud environment must be enabled without exposing hosts or VMs to the public Internet. To do this securely and transparently, an IP-sec VPN tunnel is established between both sites. This tunnel allows all types of data to traverse between the on-premises and off-premises private net-works, without the need to assign public interfaces to the VMware hosts.
The following diagram describes the network layout that was implemented and used for this solution:

Figure 2: Network Design Example for Hybrid Cloud Connectivity

Note: This is just an example, and the implementation might differ in real world scenarios, based on the requirements or existing infrastructures.

IBM Virtual Router Appliance (VRA) and VyOS – Linux based Routers and Firewalls

The IBM Cloud Gateway Appliance

An IBM Gateway Appliance is established in the IBM Cloud to allow the creation of an IPsec VPN tunnel between the off-premise Cloud and the on-premises data center.
An IBM Virtual Router Appliance (VRA) allows an IBM Cloud customer to selectively route private and public network traffic through a full-featured enterprise router with firewall, traffic shaping, policy-based routing, VPN, and a host of other features. All VRA features are customer-managed. VRA gives an IBM Cloud customer a degree of control normally reserved for on-premises net-works.
A gateway appliance fixture can be ordered in the IBM Cloud Web portal or the IBM Cloud API to choose network segments (VLANs) to route through a VRA. VLAN selections can be changed at any time.

The VyOS Gateway

The VyOS gateway is the counterpart to the IBM Cloud Gateway Appliance. VyOS is an open source network operating system that can be installed on physical hardware or a virtual machine on your own server, or a cloud platform. It is based on GNU/Linux and joins multiple applications such as Quagga, ISC DHCPD, OpenVPN, StrongS/WAN, VPN and Firewall features and others under a single management interface.

Solution components overview

IBM Spectrum Protect Plus as a Data Protection and Data Re-Use Solution

IBM Spectrum Protect Plus is a data protection and availability solution for virtual environments and applications on physical and virtual servers. IBM Spectrum Protect Plus includes its own backup storage repository (the “vSnap”), which allows to create real block-based copies of VM and application data, providing a higher grade of disaster protection.
IBM Spectrum Protect Plus offers the ability to create and catalog snapshot copies for databases including SQL and Oracle and vSnap repository replication. In addition, administrators can protect the copy repository and make it available for easy access at second sites.

In our solution an IBM® Spectrum™ Protect Plus Appliance runs in the on-premises data center, performing VM and application backups to a local vSnap repository. Powered by the performance of a FS9100 storage backend, this solution allows to run backup, restore, cloning, instant access and data replication to the Cloud at the same time.
The following list outlines the required Spectrum Protect Plus configuration steps:

1.    Install Spectrum Protect Plus in the on-premises environment and optionally in the IBM cloud environment (see previous chapter).
2.    Install Spectrum Protect Plus repositories (“vSnaps”) in the on-premises environment and in the IBM cloud environment (see previous chapter).
3.    Create SLA policies that allow for a backup to the local vSnap and a replication to the vSnap in the IBM Cloud.
4.    Register the VMs and the databases to SPP and run inventory job for all of them.
5.    Assign SLA policies to the VMs and the databases.
6.    Schedule backup jobs. Optionally run the backup jobs manually.

As all backup data and a copy of the SPP catalog is replicated to the IBM Cloud, the whole primary environment can be recovered in the off-premise location.

For further information refer to the IBM Spectrum Protect Plus Installation and User’s Guide or Knowledge Center:

https://www.ibm.com/support/knowledgecenter/SSNQFQ

IBM Spectrum Copy Data Management for DevOps and Test

IBM® Spectrum™ Copy Data Management makes hardware assisted (snapshot) copies available to data consumers when and where they need them, without creating unnecessary copies or leaving unused copies on valuable storage.
Copy Data Management can automate workflows for replicating and intelligently reusing snapshots, vaults, and mirrors:

• Copy data from a variety of storage providers to multiple locations.
•  Reuse and recover resources from snapshots, vaults, mirrors, and other copies and replicas.
• Support use cases for automated data protection, recovery, DevOps, Dev/Test, data and database validation with data masking, using auto-mated Instant Disk Restore, Instant VM Restore, volume, and file restore functions.

In our solution, an IBM® Spectrum™ Copy Data Management is used to create snapshot copies of VMware virtual machines and databases and re-use them in instant access and cloning operations.

The following list outlines the required Spectrum Copy Data Management con-figuration steps:

1.    Deploy an IBM CDM appliance.
2.    Register the so-called providers in CDM:

• Storage system
• vSphere
• Applications and databases etc.

3.    Create SLA policies in CDM (includes backup schedule and retention time).
4.    Optionally run manual backups.

For further information refer to the IBM Spectrum Copy Data Management User’s Guide or Knowledge Center:

https://www.ibm.com/support/knowledgecenter/SS57AN

IBM FS9100 Storage System

FS9100 is IBM’s follow-on platform to Storwize V7000F and FlashSystem V9000. It runs Spectrum Virtualize software and introduces remarkable new features in comparison to the predecessor models:

• NVMe drive support: NVMe is a new logical device interface standard from 2011 for accessing non-volatile storage media that is attached via a PCI Express bus.
• Lower latencies through RDMA - direct memory access from the memory of one node into that of another without involving either one's operating system.
• Clustering option with the older V7000 systems.

As traditional storage systems can provide capacity for legacy backup environments, the new IBM FS9100 systems are the perfect storage foundation for building the next-generation Data Protection and Reuse solutions.

Reference

The IBM Blueprint “IBM FlashSystem 9100 Multi-Cloud Solution for Data Re-use, Protection and Efficiency” describes this solution in detail:

https://www.ibm.com/common/ssi/cgi-bin/ssialias?htmlfid=64016864USEN&