Tiered backup architectures with different logical and geographic locations can help meet the diverse backup and recovery needs of today’s businesses—but this isn’t a new idea. What is “new” to report is that tiered backup architectures are needed now more than ever—provided they are next-generation solutions.

Businesses are struggling to manage rapidly expanding data volumes in a complex risk and threat landscape that’s evolving just as fast. I’ve covered the impacts of ransomware attacks and other cyber threats. All too often, an outcome is a complete shutdown of operations that can last for days and put not only information but also people at risk.

Backups Won’t Be Enough

Previously, I wrote about how these architectures amplify data protection against insider threats and advanced malware when they’re combined with data bunkers and Pure Storage® SafeMode™ protections. Backing up data remains critical for data protection, but it’s not enough. 

For one, backups should be the last line of defense. Also, many backups just aren’t fast enough to get a business back online after a total shutdown. That’s why organizations need to take a serious look at next-generation backups—implementing architectures that can help them address every angle, mitigate every risk, and give them every chance to be as resilient as possible.

What is an example of a next-gen backup solution? A Pure Tiered Resiliency Architecture.

Before I explain why Pure’s solution is next-gen, let’s consider what came before it. 

Initially, companies wanted to make sure they had a way to back up their data in an 8-12 hour, overnight time window. Once they could do that, they then started to worry about backup failure. So, they adopted a new approach: the 3-2-1 strategy of having three copies of data on two different media (disk and tape) and keeping one copy of the data off-site, just in case disaster would strike. 

However, through recent events such as the Colonial Pipeline breach and others, it has become quite clear that even with backups, recovery times can be weeks or longer without the right architecture and technology solutions in place.

So, the 3-2-1 approach, with multiple, distributed copies of backups, isn’t ideal if the aim is to recover as swiftly as possible following an event (disaster, cyberattack, human error, etc.). And you’ll find that most business leaders today don’t care as much about the redundancy of data as they do about a speedy return to normal operations.

The Future of Disaster Recovery Is Here

Pure is helping organizations revolutionize their antiquated legacy backup environments with advanced resiliency, performance, and simplicity. 

The Pure Tiered Resiliency Architecture is a multilayered, recovery architecture that primarily uses SafeMode snapshots to implement the lowest possible recovery times based on an organization’s needs and the recovery time objectives (RTOs) the business might define. SafeMode is a data protection solution built into Pure FlashArray™ and FlashBlade®. These are super immutable, out-of-band, multifactor-authenticated snapshots. 

“Super immutable” SafeMode snapshots are different from “traditional” immutable snapshots. Unlike their simple, traditional alternatives, SafeMode snapshots can’t be modified once written (thus making them immutable), but they also can’t be deleted! While traditional, immutable snapshots can’t be modified once created, with the right privileges on the storage array (generally, admin-level), they can be deleted. 

SafeMode snapshots also come with one additional, huge caveat: No bad actor (person or process)—even with administrative privileges—can fully eradicate data from a Pure Storage array without invoking a special, out-of-band Pure Storage support process. Period. That means you have a guaranteed point of recoverability right there on your primary storage arrays. So, you can get your recovery started immediately and have your business back up and running in far less time than would otherwise be required.

If you want to take a deeper dive into the value of using SafeMode, check out this page and this post.

Why Implement a Pure Tiered Resiliency Architecture?

For speed and near-instant recovery. A tiered resiliency architecture enables your business to recover data very quickly in the event of a cyberattack, disaster, or administrative accident. SafeMode snapshots afford you a near-instant recovery capability, instead of relying on other backup technologies that are slow, complex, and prone to malfunction or experience other technical issues at exactly the worst time. 

Even if you’re using Rapid Restore from Pure to help dramatically increase the speed of data restoration, the restore times will still be significantly longer than recovering from a SafeMode snapshot, which can be done in milliseconds, or as fast as a user can click the mouse or type a command on the keyboard. 

In addition, other backup technologies can be sluggish compared with the speed of recovery that a Pure Tiered Resiliency Architecture can offer. (Restoring from a snapshot is even faster than using Pure with Commvault, which can recover 270 terabytes (TB) per hour compared with other widely used solutions, which can generally recover between 2TB and 6TB per hour or often much less.)

The Advantages of a Resiliency Architecture

As you’ve no doubt gathered by now, speed is the number one benefit of implementing a Pure Tiered Resiliency Architecture. Your business can create faster recoverability for your critical business technology—recovery that takes seconds or minutes vs. hours or days—because there’s no need to rely on slow, antiquated backups. By reducing the time to recovery following a major incident, your business is more protected. 

But that’s not all. By implementing a resiliency architecture, you’ll also benefit from:

  • Reduced management overhead
  • Improved environmental and sustainability metrics
  • Enhanced ability to easily test and prove the environment is working—and confirm that your recoverability goals are being met
  • A lifetime of nondisruptive upgradability, so you never need to migrate data again

Resiliency Architectures

How to Build a Pure Storage-based Resiliency Architecture

Now, let’s get down to the details of how to build this next-gen backup solution with Pure. 

We’ll start with a high-level overview of the architecture’s structure. Generally, a tiered resiliency architecture is implemented in several tiers or layers of defense:

Tier 0

Mission-critical infrastructure at this layer includes, but isn’t necessarily limited to, Active Directory, DNS, and time services. Without these services, little or nothing else in the environment will function.

Tier 1

Here’s where you host your primary data. Applications at this level are critical to your business operations and include elements like core databases and application services, along with their defined dependencies. These apps will be the primary focus of recovery because when they’re unavailable, neither is your organization’s ability to deliver business services to customers.  

Tier 1 should house three to seven days of SafeMode snapshots. Depending on your application’s performance requirements, you could use either FlashArray//X™, FlashArray//XL™, or FlashArray//C™ to create this layer.

Tier 2

Tier 2 is essentially a snapshot replica archive for storing offloaded snapshots from Tier 1, which also lives at this layer. The archive should be able to store the snapshots for the longer term. At minimum, “longer-term” means three months (90 days) with a recommended duration of 6-12 months—or longer, if possible.

You can build a snapshot archive on FlashArray//C, FlashBlade//S™, or FlashBlade//E™.

Note: While Tier 2 is meant for storing data for the long term or meeting data compliance needs, you could, in the event of a major disruption, use this layer to run workloads at slightly lower performance to keep your business running. 

Tier 3 

This layer can be a fast backup tier to turn to in extreme scenarios only. Generally, the backup tier should be used as a long-term retention layer for compliance or to restore data for applications that don’t warrant protecting with snapshots.  

Here again, you could use FlashArray//C or FlashBlade//S, with ISVs and enterprise application native solutions integrated to allow backup data to be written directly to the array and protected with immutable snapshots and SafeMode. You could also use FlashBlade//E to replace traditional spinning disk backups.

Tier 4

Finally, an optional Tier 4 layer of defense would comprise a one-way-in data bunker used for large-scale disasters. Data bunkers are a solid strategy for defending your critical data against today’s threats. They’re highly secure and provide an extra layer of durability as optional disaster recovery sites serving behind your primary and secondary backup sites. 

At Tier 4, you would want to host a replicated copy of data and make compute available on demand. Potentially, you could store years of data at the Tier 4 layer.

If you’re using Pure Storage to build your resiliency architecture, you could create Tier 4 on FlashArray//C or FlashBlade//S. You can also build this layer by using public cloud S3 targets or cloud-adjacent bare metal services such as Equinix Metal. 

You would generally want higher speed storage FlashArray//X or FlashBlade//S for Tier 4, as the intent is to run just as current production would, only in a different location.

Key Steps to Enabling Your Resiliency Architecture with Pure

Once you’ve decided how many layers of defense you need, and which Pure flash storage arrays you want to use to build and support your resiliency architecture, you’ll need to take the following key steps:

  • Step 1: Store the data for the workloads you want to protect on your Pure Storage array.  
  • Step 2: Enable snapshots on those arrays and set up protection groups to support your desired disaster recovery objectives. 
  • Step 3: Let the snapshots run for a couple of weeks, based on your defined policies. This process will help ensure protection group policies are proven to be configured accurately. It will also give you the opportunity to tune the policies without having to invoke the out-of-band process with Pure Support. 
  • Step 4: Enable Pure SafeMode to protect snapshots from accidental or purposeful deletion and eradication. (Remember that after you turn on SafeMode, the only way to change protection group settings or disable SafeMode is through a special Pure support process.)

Why You Should Build Your Resiliency Architecture with Pure

You don’t have to use Pure to build a tiered backup architecture. But without it at the foundation of your architecture, and without capabilities like SafeMode, you won’t have a truly next-gen solution for backup and recovery. 

A Pure Tiered Resiliency Architecture is the future of disaster recovery. It brings advanced resiliency, performance, and simplicity to help your organization truly revolutionize its legacy, antiquated backup environment.