These days, there’s no shortage of vagueness related to technology terms. In fact, it sort of feels like a conspiracy. The more abstract the terminology, the more people can alter the meaning to serve their own purposes, and the less accountability there exists for them to maintain consistency across an industry. The most notorious example of this is, “the Cloud”. Another misunderstood, abused, and abstract term relates to backups, the infamous “Offsite Backups”, “Cloud Backups”, or “Managed Backups”. Specifically, anything referring to keeping copies of data at a secure and off-site location.
Some other terms and methods attributed to this sort of platform:
- Cloud storage
- Offsite backups
- Online backups
- Offline backups
- Cloud data storage
- Object backups
- S3 backups
- Managed Backups-as-a-Service
The question is, what are the differences between these various options? I would consolidate them into 3 main categories:
“Cloud Storage” can refer to so many different things. First off, what type of storage is it and how is it consumed? Is it object storage? Block storage? File storage? Where is it located? What’s the redundancy level?
Within the context of backups, it’s best to liken this term to object storage platforms provided by large public clouds such as AWS S3, Microsoft Azure Blob storage, Wasabi, or the various other iterations provided by large hyperscalers. Regardless of the provider, I’d point out these attributes to keep in mind when considering them for secure storage of your critical data:
DIY Cloud Platforms
The platforms mentioned above are all Do-It-Yourself, and there’s nothing wrong with that, but it’s just something to keep in mind. The type of redundancy and resiliency included relates to the options you select during deployment. Ensuring they’re properly secured, compliant, and not exposed to the public internet is also something you’re responsible for. For large IT shops already in the business of taking responsibility for such critical components, this may not sound like a big deal. However, others may not fully appreciate the shared responsibility model between the user and the provider.
Software Integration Considerations
Keep in mind, you’re purchasing storage from one vendor, and backup software from another. You own “the glue” and you’re responsible for ensuring both sides of the fence are configured and working properly. Yes, your software vendor has done everything they can to ensure the two are compatible, however, their responsibility ends at a specific point. If you suffer a ransomware attack or similar, and the restores aren’t working, who are you trusting to help you until the issue is fully resolved? In the tech world, we’ve all experienced finger-pointing, and in this example, we’d hope the software vendor doesn’t say “it’s a storage problem”, and vice versa. This is not always a sure thing, but buyer beware.
When it comes to cost, the actual cost to store the data is typically the last thing you need to be worried about. The low cost-per-GB-per-month cost is only one component of the larger fee structure. The rest is made up of API fees (gets, puts, reads, lists), region replication fees, fees associated with tiering the data between hot and cold/archival platforms, and retrieval fees. In fact, when it comes to the offsite backups use-case, these additional fees can make up anywhere from 30-70% of the bill. The reason there’s such a spread is due to the fact that not all backup tools interact with object storage the same way. Some like to split up data into smaller chunks to save on space, however that means more objects, more API fees, and more costs. So you must be very careful in looking past the simple cost per-GB for storage and understand the true monthly cost specifically related to how your backup tool interacts with various object storage platforms.
You may notice various providers like Webair offer a product called Backups-as-a-Service, also referred to as BaaS. On the surface, it may look very similar to what the above gets you, offsite & secure backup storage capabilities, however, there are some important additions typically provided by Backups-as-a-Service. Those include:
Backup Software & Storage Solution
As part of the service, the provider will typically provide you not only the offsite cloud storage but the actual backup software as well. Veeam is the most commonly deployed backup software because of its vast platform support and its long list of features. Veeam also includes a proprietary protocol called CloudConnect, which runs on the provider’s infrastructure and allows backups to be copied to the cloud in a highly efficient and secure manner. Consuming the storage & software together from a single vendor means you’ll have one neck to choke (or back to pat). This provides a high level of assurance, especially in situations where you may need to restore critical data in a pinch.
Backup Services with Security, Compliance, and Georedudancy
Instead of DIY public cloud storage, where everything related to security, compliance, and multi-region replication is left up to the user to configure within a hyperscaler, BaaS providers will pre-configure and manage all of these aspects long term. Outsourcing ownership of these components is increasingly important since there are multiple layers of security settings and sovereignty rules. We’ve all heard of those unfortunate organizations who’ve had their data exposed by improperly configured S3 buckets, or ones that failed audits because data was mistakenly sent across country lines. The BaaS providers will turn your business requirements into contracted assurances that you can rely on, and back them with legal liability.
Service Level Agreements
The Service Level Agreements, or SLAs, provided by the large hyperscalers are typically more limited than people would expect, but this is by design. That’s because everything is really left up to the user. Want your data to be highly available and redundant? Make sure you select multi-region replication and pay double. Want better response time? Pay for higher-level support. What you’ll find from BaaS providers is that you’ll get better SLAs and ones that will cover not just the storage availability, but all of the other important components related to support response time, escalation, and software assistance. This makes sense, too. If we as BaaS providers are providing the software, we can go deeper from an ownership perspective.
When you think about offsite backups, you typically think storage only. However, one of the great things about using Veeam and Backups-as-a-Service is that the CloudConnect protocol does much more than provide space to store data. It’s also a compute platform that’s controlled directly from the client’s Veeam instance. Specifically, you only need to send daily change data on an ongoing basis and can instruct the cloud side to create synthetic full backups for weeklies, monthlies, and yearlies. These separate backup files are then sealed and completely independent from one another. This may not seem like a big deal, however, moving the creation of these periodic backups to the cloud means a large reduction in the amount of local storage needed. It also means savings on all of the IO and compute required to read and merge the files. In some cases, this amounts to over 1PB across a large enterprise.
Another benefit of BaaS is that all fees are typically consolidated into a simple and singular cost model, normally cost-per-GB-per-month for stored data. This allows for easy prediction and budgeting of future bills without having to worry about all of the “gotcha” costs. Additionally, all of the added BaaS features related to multi-region replication, support, software, and everything else mentioned are also included in this simple and singular cost metric.
As you can see, Backups-as-a-Service provides all of the benefits of simple cloud storage with a bunch of great added features and is even more useful when organizations are not looking to go it alone.
So what does “Managed” mean then when it comes to managed Backups-as-a-Service? Well, going even deeper, we see that not all Backups-as-a-Service providers are created equal. Some will simply send you a link to download the backup software and provide you with instructions on how to install it, and then connect it to their cloud storage. Some go further and help hold your hand through the install, and provide responsive support as required. However, once you’re up and running, the rest is typically up to you, just call them when you need assistance. This can still be a sticky proposition though since so much of the success of copying your data offsite depends on your local infrastructure being properly configured and functioning properly. In fact, over 90% of issues related to offsite backups are actually related to the “local” backups and have nothing to do with the cloud. So again, you must be sure how deep the provider will go before pointing fingers at the underlying infrastructure, storage, virtualization, and more, and not wanting to assist.
At Webair, whenever we’ve provided Backups-as-a-Service in the way mentioned above, we’ve always found our customers were looking to lean on us for much more, and we’ve adapted our service offering to match their needs. In fact, it’s something that we’re always improving upon.
Here’s what the “Managed” in Managed Backups-as-a-Service should mean:
Managed Backups: Implementation
- Strategy and design of how the backup software should be installed, where it should reside on customer infrastructure, and ensuring the proper hardware is in use to support it.
- Strategy and design for the backup job creation to ensure the organization’s retention requirements are met by employing the most optimal and space saving configurations.
Managed Backups: Monitoring & Management
- Proactive monitoring and alerting of the customer’s local backups infrastructure and its health. This includes letting our customers know when their backup software is out of date and needs an update, when they’re about to run out of space on their local backup storage, when their license is going to expire, and a myriad of other alerts.
- Proactive alerts when offsite backup copy jobs fail, sent specifically to the technical contact responsible for the job in question.
- Providing customers with the ability to create customized RPO notifications for their backups, completely independent of the actual backup tool itself. After all, should you really use a tool to alert you when the tool itself is broken?
- Assisting customers when any of the above issues do arise, including ensuring upgrades work properly, post upgrade issues, deep technical support, and everything in between. This always includes never passing the buck to a software vendor, and owning issues from start to finish.
Managed Backups: Reporting & Compliance
- Providing customers with extremely detailed reporting of what they’re actually backing up to the cloud. This includes the number of retention points per backup, and each point’s dates, sizes, types, and compression details with extreme drill down capabilities. This comes in handy when your backup storage is growing and you’re not sure which servers or backups it’s associated with.
- Providing usage statistics over time, including storage utilization per server and per job.
- Allowing customers to see which backups violate their actual retention requirements, specifying servers that don’t have as many backups as they should, and even ones that have too many backups that are wasting space.
- Exposing which cloud backups are actually encrypted and which are not, on a per-server basis, to ensure no security or compliance laps.
- Built-in Ransomware protection. That’s a lofty statement, but one of the great things that we do here at Webair is provide a default configuration to our customers that includes immutability and offline backups, out of the box. This means without having to ask the right question, you will have copies of your data stored in a secure location which is physically impossible to be deleted, even by an attacker who gains access to your local environment, your backup tool, or even your online Webair portal.
I could keep going on and on about what should be included in a managed Backups-as-a-Service offering, but a picture is worth a thousand words. Below are some screenshots from Webair’s portal highlighting some of these amazing features that make up our Managed Backups-as-a-Service solution:
Backup Policy Explorer: Exposing which servers have too few backups or too many backups based upon a retention policy:
Backup details per server: including retention points, sizes, and current RPO:
Realtime and historical RPO & SLA monitoring: Per server, with the ability to customize thresholds and set alarms:
Customer site alarms: With per alarm details and resolution monitoring:
Aggregated site-wide, real-time and historical utilization details:
The above screenshots of Webair’s Cloud Panel showcase just a few of 20+ tools and features within our portal that our staff and customers use for proactive management of customer backups.
As you can see, when it comes to backup solutions, a single word can make all the difference.
Want a full demo of our Cloud Panel and to learn more about the features of our managed Backups-as-a-Service? Click the button below and schedule your demo today with one of our data management experts.