Nmedia - Fotolia


How private clouds impact the backup and recovery process

Brien Posey explains why private clouds impact the backup and recovery process and what you can do to be sure your data is recoverable.

In spite of vendors' relentless push for customers to move resources to the public cloud, it is becoming more common for organizations to deploy private or hybrid clouds.

Of course, moving to a private cloud environment represents a fundamental shift in the way that IT services are provided throughout the organization and it is important to consider how this transition will impact the backup and recovery process.

Private clouds are often perceived as making backups easier. After all, production workloads run on virtual machines (VMs) and there are a variety of options available for backing up or even replicating VMs.

However, there are other considerations that must also be taken into account. Some of these considerations pertain to protecting the private cloud infrastructure, while other considerations involve protecting resources that have been created by the end users.

Infrastructure considerations

Private clouds typically provide a self-service provisioning mechanism that allows authorized users to deploy virtual servers or line-of-business applications. There are a number of different infrastructure components involved in providing such services, and these infrastructure components need to be protected.

The actual components that are used vary depending on which vendor's product is being used. Typically private cloud environments make use of virtualization host servers, management servers (such as vCenter or System Center Virtual Machine Manager), a Web server hosting the self-service portal and perhaps a database server.

In addition to providing server-level protection, backup administrators must make sure that the private cloud's configuration and library data is backed up.

Configuration data consists of things like user role assignments for the private cloud, VM network definitions, permissions and resource quotas. Protecting the configuration data is usually relatively easy because private cloud vendors tend to store the configuration information in a database.

For the first few months that a private cloud is in production, backups of the database should be made daily because a lot of provisioning takes place during that time. Later on, the organization might be able to get away with less frequent backups.

The protection of library data is also important. Again, every vendor has their own way of doing things, but library data refers to the provisionable resources that exist within the private cloud.

Suppose, for instance, that you want designated users to be able to deploy a virtualized Windows Server. In that situation, make sure the VM adheres to your security policies. One way of accomplishing this is to build a template VM that users can employ when creating VMs.

Template VMs are commonly treated as library objects. Because the template VMs are not "real" VMs, they might not get backed up as a part of a normal VM backup job. Private cloud libraries might also contain ISO images, virtualized applications and other resources that can be deployed within the private cloud.

Private cloud resource considerations

In addition to protecting library and configuration data, you may also need to protect VMs and other resources that are deployed by users. Although VM backups might not seem especially challenging, the private cloud environment can complicate things.

Private clouds are specifically designed to provide multi-tenancy. Each department, for instance, might be treated as a separate tenant. The only way that a private cloud environment can securely provide multi-tenancy is by creating isolation boundaries between the tenant environments. This isolation is commonly achieved through the use of separate VM networks.

This isolation can also become a challenge when it comes to VM backups. Backup software can protect only the VMs that it can see. Unless your backup software is specifically designed to work with your private cloud software there may be some virtual network segments that the backup software is unable to protect.

Another thing that you will have to consider is the VM creation process. In a private cloud environment, authorized users can create VMs on an as-needed basis. You will need to make sure that your backup product can protect those VMs without you having to explicitly include them in the backup. Many enterprise-grade backup systems will automatically detect and protect newly created VMs, but it is important to test to make sure that this functionality continues to work in a private cloud environment.

In some ways, private clouds can provide a great deal of flexibility for VM backups. At the same time, however, you will likely have to reexamine the way that you protect your infrastructure and resources due to the way that private clouds differ from typical server virtualization. One way that you can evaluate the level of protection that you are providing for your private cloud is to set up a dummy tenant, a corresponding VM network segment and some VMs. Once that is in place, you can test your ability to back up and recover those resources. You should also test your ability to back up and restore the private cloud configuration database.

Next Steps

Streamline your backup and recovery process

Four ways to improve your backup and recovery process

LL Bean overhauls its backup process

Dig Deeper on Backup for virtual servers