ExaGrid is a scalable, cost-effective disk-based backup with deduplication solution that revolutionizes how organizations back up and protect their data.
With ExaGrid, you get the only disk backup appliance purpose-built for backup that leverages a unique architecture optimized for backup and restore performance, scalability, and price. Only ExaGrid’s performance-based GRID architecture offers you:
- Fastest backups up front with permanently short backup windows as data grows
- Instant recovery of full systems, VMs, and files so you have the least downtime
- Lowest total cost over time by eliminating “forklift” upgrades and product obsolescence
Our patented zone-level deduplication reduces the disk space needed by a range of 10:1 to 50:1 by storing only the unique bytes across backups instead of redundant data. Adaptive deduplication performs deduplication and replication in parallel with backups while providing full system resources to the backups for the shortest backup window. Adaptive deduplication delivers the fastest backups, and as your data grows, only ExaGrid avoids expanding backup windows by adding full appliances in a GRID. ExaGrid’s unique landing zone keeps a full copy of the most recent backup on disk, delivering the fastest restores, instant VM recovery, “Instant DR,” and fast tape copy. And, as data grows, ExaGrid saves you 50% in total system costs compared to competitive solutions by avoiding costly “forklift” upgrades.
Protecting Data at Rest
Data security is a growing requirement for businesses of all sizes today. While many companies have invested heavily in methods to thwart network-based attacks and other virtual threats, most do not protect their business against potentially costly exposures of proprietary data resulting from a hard drive being physically stolen, misplaced, retired, or redeployed.
ExaGrid encrypted systems offer improved data security with enterprise-proven, industrystandard Self-Encrypting Drive (SED) technology. SEDs provide a high level of security for data at rest and can help reduce IT drive retirement costs in the data center. All data on the disk drive is encrypted automatically without any action required by users. Encryption and authentication keys are never accessible to outside systems where they can be stolen. Unlike software-based encryption methods, SEDs typically have a better throughput rate, particularly during extensive read operations.
Protecting Data on the WAN
Data can be encrypted during replication between ExaGrid sites. Encryption occurs on the sending ExaGrid site, is encrypted as it traverses the WAN, and is decrypted at the target ExaGrid site. This eliminates the need for a VPN to perform encryption across the WAN. Separately, ExaGrid also offers data encryption at rest.
ExaGrid Retention Time-Lock for Ransomware Recovery
Ransomware attacks are on the rise, becoming disruptive and potentially very costly to businesses. No matter how meticulously an organization follows best practices to protect valuable data, the attackers seem to stay one step ahead. They maliciously encrypt primary data, take control of the backup application and delete the backup data.
Protection from ransomware is a primary concern for organizations today. ExaGrid offers a unique approach to ensure that attackers cannot compromise the backup data, allowing organizations to be confident that they can restore the affected primary storage and avoid paying ugly ransoms.
The challenge is how to protect the backup data from being deleted while at the same time allowing for backup retention to be purged when retention points are hit. If you retention lock all of the data, you cannot delete the retention points and the storage costs become untenable. If you allow retention points to be deleted to save storage, you leave the system open for hackers to delete all data. ExaGrid’s unique approach is called Retention Time-Lock. It prevents the hackers from deleting the backups and allows for retention points to be purged. The result is a strong data protection and recovery solution at a very low additional cost of ExaGrid storage.
ExaGrid is Tiered Backup Storage with a front-end disk-cache Landing Zone and separate Retention Tier containing all retention data. Backups are written directly to the “networkfacing” ExaGrid disk-cache Landing Zone for fast backup performance. The most recent backups are kept in their full undeduplicated form for fast restores.
Once the data is committed to the Landing Zone, it is tiered into a “non-network-facing” long-term retention repository where the data is adaptively deduplicated and stored as deduplicated data objects to reduce the storage costs of long-term retention data. As data is tiered to the Retention Tier, it is deduplicated and stored in a series of objects and metadata. As with other object storage systems, the ExaGrid system objects and metadata are never changed or modified which makes them immutable, allowing only for the creation of new objects or deletion of old objects when retention is reached. The backups in the retention tier can be any number of days, weeks, months, or years that is required. There are no limits to the number versions or length of time backups can be kept. Many organizations keep 12 weeklies, 36 monthlies, and 7 yearlies, or even sometimes, retention ”forever”.
ExaGrid’s Retention Time-Lock for Ransomware Recovery is in addition to the long-term retention of backup data and utilizes 3 distinct functions:
- Immutable data deduplication objects
- Non-network-facing tier (tiered air gap)
- Delayed delete requests
ExaGrid’s approach to ransomware allows organizations to set up a time lock period that delays the processing of any delete requests in the Retention Tier as that tier is not network facing and not accessible to hackers. The combination of a non-network facing tier, a delayed deletion for a period of time and immutable objects that cannot be changed or modified are the elements of the ExaGrid Retention Time-Lock solution. For example, if the time lock period for the Retention Tier is set to 14 days, then when delete requests are sent to the ExaGrid from a backup application that has been compromised, or from a hacked CIFS, or other communications protocols, the entire long-term retention data (weeks/months/years) is all intact. This provides organizations days and weeks to identify that they have an issue and restore.
All retention repository data is time-locked for up to 30 days against any deletion. This is separate and distinct from the long-term retention storage that could be kept for years. The data in the Landing Zone will be deleted or encrypted, however, the Retention Tier data is not deleted upon an external request for the configured period of time – it is time-locked for up to 30 days against any deletion. When a ransomware attack is identified, simply put the ExaGrid system into a new recover mode and then restore any and all backup data to primary storage.
The solution provides a retention lock, but only for an adjustable period of time as it delays the deletes. ExaGrid chose not to implement Retention Time-Lock forever because the cost of the storage would be unmanageable. With the ExaGrid approach, all that is needed is up to an additional 10% more repository storage to hold the delay for the deletes. ExaGrid allows the delay of deletes from 1 day to 30 days.
Recovery Process – 5 Easy Steps
- Invoke recover mode
- Retention Time-Lock clock is stopped with all deletes put on hold indefinitely until data recovery operation
- Retention Time-Lock clock is stopped with all deletes put on hold indefinitely until data recovery operation
- The backup administrator can carry out the recovery using the ExaGrid GUI, but since this is not a common operation, we suggest contacting ExaGrid customer support
- Determine the time of the event so you can plan restore
- Determine which backup on the ExaGrid completed deduplication before the event
- Perform restore from that backup using the backup application
- Long term-retention is not impacted and retention time-lock is in addition to the retention policy
- Immutable deduplication objects cannot be modified, changed or deleted (outside of the retention policy)
- Manage a single system instead of multiple systems for both backup storage and ransomware recovery
- Unique second Retention Tier that is only visible to ExaGrid software, not to the network (tiered air gap)
- Data is not deleted as delete requests are delayed and therefore ready to recover after a ransomware attack
- Daily, weekly, monthly, yearly, and other purges still occur, but are simply delayed, to keep storage costs in line with the retention periods
- Requires up to an additional 2% to 10% of repository storage
- Storage does not grow forever and stays within the backup retention period set to keep storage costs down
- All retention data is preserved and is not deleted
- Turnkey cost-effective disk-based backup solution with all hardware and software included.
- Zone-level deduplication technology reduces the amount of disk space needed by as much as 50:1.
- Adaptive deduplication performs deduplication and replication in parallel with backups while providing full system resources to the backups for the shortest backup window and an optimal recovery point at the disaster recovery site.
- Global deduplication across all NAS shares and appliances in a GRID.
- Unique landing zone reduces downtime by keeping a full copy of the most recent backup in complete form for instant recovery of VMs, full systems, and files. Competing solutions must reassemble the most recent backup from millions or billions of deduplicated chunks causing much longer recovery time.
- Scalable GRID computing architecture allows for costeffective growth and eliminates obsolescence.
- Plug and play expansion – various sized appliance models allow full backups of up to 40TB per appliance. Combining up to 25 appliances in a single GRID allows for scalability from a 2TB full backup to a 1PB full backup (1.9PB usable storage).
- Single primary site system allows for existing offsite tape strategy if desired, and support for two site or multi-site topologies can supplement or eliminate offsite tape with a disk-based system.
- Support of Oracle RMAN Channels for multi-hundred terabyte databases with the fastest backup, fastest restore performance, and failover.
- Bandwidth throttling for WAN efficiency.
- Management software notifies via SNMP or email that the system is reaching capacity thresholds.
- RAID6 guards against up to two simultaneous disk failures.
- Self-Encrypting Drive (SED) technology (encrypted models only) ensures that data at rest is always protected.
- WAN encryption for secure data transfer.
- Immutable deduplication objects that cannot be changed or modified or deleted (outside of the retention policy)
- Any deletion requests are delayed by the number of days in the protection policy
- Encrypted data written to ExaGrid does not delete or change previous backups in the repository
- Landing Zone data that is encrypted does not delete or change previous backups in the repositor
- Set delayed deletion in 1 day increments from 0 days to 30 days (this is in addition to the backup long-term retention policy)
- Protects against loss of any and all retained backups including monthlies and yearlies
- Two-Factor Authentication (2FA) protects changes to Time-Lock setting
- Only Administrator role is allowed to change Time-Lock setting
- 2FA with administrator Login/Password and system generated QR code for second factor authentication
- Separate password for primary site versus second site ExaGrid
- Separate Security Officer or Vice President of Infrastructure/Operations password to change or turn off Retention Time-Lock
Data is deleted in the ExaGrid disk-cache Landing Zone via the backup application or by hacking the communication protocol. Since the Retention Tier data has a delayed delete time lock, the objects are still intact and available to restore. When the ransomware event is detected, simply put the ExaGrid in a new recover mode and restore. You have as much time to detect the ransomware attack as the time lock was set for on the ExaGrid. If you had the time lock set for 14 days, then you have 14 days to detect the ransomware attack (during which time all backup retention is protected) to put the ExaGrid system in the new recover mode for restoring data.
Data is encrypted in the ExaGrid Disk-cache Landing Zone or is encrypted on the primary storage and backed up to ExaGrid such that ExaGrid has encrypted data in the Landing Zone and deduplicates it into the Retention Tier. The data in the Landing Zone is encrypted. However, all previously deduplicated data objects never change (immutable), so they are never impacted by the newly arrived encrypted data. ExaGrid has all previous backups before the ransomware attack that can be restored immediately. In addition to being able to recover from the most recent deduplicated backup, the system still retains all the backup data according to the retention requirements.
ExaGrid Basic Concept
ExaGrid appliances work seamlessly with industry-leading backup applications and utilities by presenting themselves as standard NAS shares (CIFS or NFS). Backup jobs are directed to the ExaGrid appliance. ExaGrid appliances are easily integrated into existing backup environments, as illustrated below.
ExaGrid Sits Behind Your Existing Backup Server and Replaces Tape Onsite or Offsite
ExaGrid appliances are comprised of Intel Quad Core XEON processors, RAID 6 + Hot Spare storage using enterprise class SATA or SAS drives, and ExaGrid software. Each appliance plugs into a switch and is virtualized into a shared GRID.
The media server is connected to the same switch and sees the appliances as one or more NAS shares. Since each appliance includes the appropriate amount of processor, memory, disk and bandwidth for the rated data size, performance increases as more appliances are added to the GRID.
ExaGrid Appliances Connect to Form a Scalable GRID
Advanced Backup Features (GRT and OST)
Another area to consider when looking at disk-based backup solutions is how well a particular solution supports advanced backup application features such as Backup Exec GRT (Granular Restore) and Symantec’s OST (Open Storage Technology) for Backup Exec and NetBackup. Some solutions do not integrate well with these features; poorly implemented GRT solutions, for example, may take hours to restore an individual e-mail or may not work at all.
Symantec’s Open Storage is another popular feature that allows for more integrated offsite data protection, and it is important to check whether these features are supported if you are using Symantec NetBackup or Backup Exec.
Another example is Veeam for virtualized environments. Most of Veeam’s unique features such as Sure Backup, Virtual Lab, Instant VM Recovery, Copy and Replicate and other advanced features require an undeduplicated copy on disk. Only ExaGrid provides this with its unique landing zone. All other solutions only store deduplicated data. In addition, ExaGrid includes an integrated Veeam data mover with each appliance called the ExaGrid-Veeam Accelerated Data Mover. This improves all backup and restore processes and also allows a synthetic full to be created directly on the ExaGrid for increased performance.
Offsite Data Protection for Disaster Recovery
While keeping offsite copies of backups has traditionally meant maintaining a set of tapes at an offsite location, companies using ExaGrid appliances can easily maintain offsite backups through the use of an offsite ExaGrid appliance in conjunction with a primary site ExaGrid appliance.
Backing up your data to an ExaGrid appliance at your primary site dramatically reduces the amount of disk space required to store all of that data due to its high-performance data deduplication capability. In a multi-site ExaGrid environment, the onsite ExaGrid system is only sending deduplicated data—the backup data bytes that change between each backup—over the wide area network (WAN) to the offsite ExaGrid appliance. The offsite ExaGrid appliance is ready for data restore and fast recovery in the event of a disaster or other primary site outage.
- Optimizes most recent backups for “Instant DR”
- Avoids delays from restoring from tape
- Restores faster from full copy vs. “rehydrating” data
ExaGrid supports three models for disaster recovery sites:
- Unidirectional replication to offsite for disaster recovery
In this use case, the entire offsite system can be configured for repository, allowing for a half-size system to be used offsite. ExaGrid is asymmetrical in this use case where all other solutions are symmetrical.
- Cross protection
In this use case, data is backed up at both the offsite and onsite systems and cross replicated such that each site becomes the disaster recovery site for the other.
- Multiple data center sites
ExaGrid can support up to 16 sites in a single star topology with 15 spokes to a hub. Full systems or individual shares can be cross replicated such that data center sites can serve as disaster recovery sites for each other.
|ExaGrid Model||EX3000||EX5000||EX7000 / -SEC||EX10000E / – SEC||EX13000E / -SEC||EX21000E / -SEC||EX32000E / -SEC||EX40000E / -SEC||EX63000E / -SEC|
|Memory||8 GiB||8 GiB||8 GiB||16 GiB||16 GiB||32 GiB||32 GiB||64 GiB||128 GiB|
|CPUs / Cores||1 CPU
4 hyperthreaded cores
4 hyperthreaded cores
6 hyperthreaded cores
8 hyperthreaded cores
|NICs||Four 1GbE and two optional 10GbE||Four 1GbE, two 10GbE or two optional 40GbE|
|All ExaGrid Servers|
|Application Support||Backup Applications, Utilities, and Methods
|Temperature||10o to 35o C (50o to 95o F)|
|Humidity||20% to 80% non-condensing|