The Data Protection market is struggling to address new challenges, that go beyond simply accessing copies of data for the purposes of restoring application services. Cyberattacks and Ransomware continue to haunt business applications as a real, imminent threat - driving small and large enterprises to look for methods to protect their backups and disaster recovery centers.
Vendors are addressing this threat in different ways with tools such as WORM-based Shares. InfiniGuard's is utilizing the underline InfiniBox storage system immutable snapshot feature to protect backups by taking snapshots of the deduplication engines and data.
InfiniGuard's Cyber Protection goal is to provide customers with the confidence that the data, as well as the appliance services, can recover from attacks without compromising the data integrity.
Stored backup data can get corrupted directly or indirectly. Human error, technical malfunction, and cyber-attack are the main causes of data loss or data unavailability. InfiniGuard Cyber Recovery solves these issues by taking snapshots (including immutable snapshots) of the entire InfiniGuard environment, with the ability to restore to a point-in-time.
The solution is based on taking periodic snapshots and keeping them for a configured time period. This provides the ability to restore the entire DDE to a point-in-time. Should an attacker attempt to delete, encrypt, or corrupt the backup data, the immutable snapshots are safe and can be used for restoring the entire DDE which includes both the backup data and the DDE operating system.
Once locked, no one (not even administrators) can make any changes
- No one can Modify the content (the snapshot remains read-only)
- No one can Delete the snapshot
- No one can Expedite the lock expiry (it can be extended)
This means that even if attackers manage to steal the administrators credentials, they can’t use it to hijack the snapshot contents
InfiniGuard data is encrypted on drives
Snapshots are an InfiniBox feature and are not directly accessible from InfiniGuard DDE
Customers can choose to activate this solution during initial system installation - this solution cannot be added later on.
The minimum supported version is InfiniGuard version 3.5
The InfiniGuard system must be pre-installed with capacity allocated to accommodate the Cyber Recovery snapshots. Consult your TA or Sales representative prior to the system installation for more information.
During installation capacity allocation for each DDE may be set with reservation for the snapshots:
- 1PB system: 1 - FULL, 2- 300TB (per DDE), 3 - 400TB (per DDE)
- 2PB system 1 - FULL, 2- 500TB (per DDE), 3 - 700TB (per DDE)
If we set for 1PB system option 2, each DDE will be allocated with 300TB and the rest 400TB is reserved for Cyber Recovery snapshots.
The capacity for snapshots can only be allocated during the initial installation of the InfiniGuard system.
If set with option 1 (Full) the entire storage capacity is allocated to the DDEs and none is reserved for snapshots. As such the cyber recovery feature is disabled and cannot be enabled in the future.
Cyber Recovery Snapshots
The heart of the Cyber Recovery solution is the Snapshots Engine. Based on predefined policies, the engine takes snapshots of the entire system for each DDE. The snapshot configuration policies are configured per DDE and include the following options:
- When to take snapshots
- How long to keep each snapshot (lifespan)
- Are snapshots be immutable
The snapshot manager also deletes expired snapshots.
Immutable snapshots are locked for their life span. These snapshots cannot be deleted, changed, encrypted, or edited in any way by anyone.
As such, immutable snapshots can help with cyber-attacks, ransomware, or technical malfunction.
There are several types of snapshots. See the following table for the details on each:
System snapshots are immutable and cannot be deleted or changed.
Configuring system snapshots policy is available only via Infinidat support. Contact your TA or Infinidat technical support for more information.
Manual snapshots are not immutable.
InfiniGuard administrators can take manual snapshots by clicking Take Snapshot at the snapshot table.
|Pre Recovery Snapshot||Pre Recovery Snapshots are automatically created by system policy before a recovery operation is performed. You can use this snapshot to go back and recover to the point of time before the last recovery operation.|
Pre-recovery snapshots grow in size after the recovery is complete.
Infinidat recommends deleting this snapshot after validating the recovery.
System snapshot policy
System policy creates snapshots that are locked and immutable to changes. When a System policy creates a snapshot, it is of type 'System'.
The System policy is defined, enabled, and updated with the assistance of technical support. This provides a layer of defense against honest mistakes, such as disabling the snapshots and even against attackers with access to the system.
The System policy defines the following:
- Frequency - The time interval between snapshots, in hours. The default is 1hour, and the range is 1-24 hours (once an hour, up to once a day). The snapshots begin at the next round hour.
- Retention - Time to keep each snapshot. The default is 14 days, and the range is 1-30 days. After the retention period, the snapshot will be deleted.
- Immutable - immutability status set to 'Yes' for the system policy.
InfiniGuard Cyber Recovery supports up to 1000 snapshots per DDE, the amount is total for all types of snapshots.
The maximum number of immutable system snapshots per deduplication engine (DDE) is 720 snapshots.
Users can take up to 275 manual snapshots using the 'Take a Snapshot' button or via API.
In addition, when the total number of snapshots (both system and manual) is 900 or above manual snapshots cannot be taken.
Snapshot Policies Configuration
Click Configure to open the snapshot policy configuration dialog.
System snapshots can be configured only by Infinidat support.
Suspending the snapshot deletion:
On the lower part of the Snapshot Configuration tab, the Suspend Deletes switch allows you to suspend snapshot deletion. Under normal circumstances, the snapshot engine regularly deletes expired snapshots. If you need to retain the snapshots, you can disable this option. This allows you to keep the snapshots if a cyber attack was detected, and have more time to analyze the information.
Keep in mind that while the snapshots are not deleted, you need to monitor capacity utilization - avoid suspending deletes for an extended period of time.
If you suspect a cyber attack, Infinidat recommends stopping all system backups and isolate the InfiniGuard from the network until the data is proven to be safe.
Once snapshot deletion is re-enabled, all snapshots that would have been deleted will be deleted at the next round hour. A warning will be displayed, letting you know that mass deletion will take place.
Attaching a snapshot to the standby node
Starting with InfiniGuard 3.6 you can select any snapshot and attach it to the standby node. This allows testing and validation of a point in time recovery and the integrity of the backup data.
After the snapshot is attached, a new Deduplication Engine tab will be added and you can use that tab to configure network and other settings.
Node Failover considerations
While the system is in a failover state a snapshot cannot be attached to the standby node as it is used for the failover.
While a snapshot is attached to the standby failover cannot start and you will need to first detach the snapshot.
Setting the network for the standby node
Before attaching a snapshot to a DDE engine, it is recommended to set the network in the standby node. After attaching a snapshot the configured network settings will be used. Network settings for the standby node can be set also after the attach.
Select 'Deduplication Engines' from the left sidebar then go to 'DDE Standby' tab.
Next, select the 'Configuration' menu from the left side-bar and configure the network settings for the standby node. These settings will be used when attaching a snapshot to the standby node.
Attaching a snapshot to the standby node
In order to attach a snapshot to the standby node, select the snapshot from the snapshot table and click 'Attach' or right-click a snapshot and select 'Attach' from the menu. The following dialog box will open with information to review.
Click the 'Attach' button to confirm or 'Cancel' to cancel the operation and close the dialog box.
The attach operation may take few minutes and a progress bar above the snapshots table will indicate the operation progress.
Once the snapshot attach operation is finished the standby node is ready and operational, representing the point in time defined by the snapshot. All data and configurations are identical to the originating DDE at the time of the snapshot except the network configurations.
During the attach operation standby node may indicate an error while rebooting
During the snapshot attach operation the standby node is being configured and will display the following under the deduplication engines tab: "System State is transient"
After reboot and once the snapshot is successfully attached to the standby node the following message on the top of the snapshots table will be displayed:
DDE Node 3: Running attached snapshot. Failover to this node is not available until snapshot is detached.
Managing the attached snapshot as deduplication engine
Once a snapshot is attached to the standby node it will be available as a deduplication engine under the 'Dedup Engines' section labeled "Copy of DDE App". In addition, under the 'App / Node managing' tab 'DDE Node 3' will indicate attached snapshot is available on the standby node.
Once the attached snapshot operation is successfully finished managing and configuring the deduplication engine is now ready and all services are operational.
Detaching a snapshot from the standby node
In order to detach the snapshot from the standby node and return the node to it's original role as standby node, in the snapshot table click 'Detach Snapshot' button.