This article is part of a series (links below). I would recommend reading the articles in order, starting with “Greenfield Opportunity”, which provides the required framing.
- Greenfield Opportunity
- Modern IT Ecosystem
- Service Delivery
- Hybrid Multi-Cloud
- Identity Access Management
- Unified Communications
- Line of Business Apps
- Architecture Community
- O365 Tenant Migration
Within this article, I will highlight our proposed positioning for Enterprise Data Protection, covering the process of safeguarding important information from corruption, compromise or loss.
As highlighted in the article “Hybrid Multi-Cloud”, our hosting architecture includes two Colocation Data Centres, four Azure regions and fourteen edge (local) sites.
Each of these locations will host applications and data, ranging in complexity and sensitivity. For example, our edge sites will support GxP compliant workloads, which in certain scenarios require 24x7 uptime and local data protection.
To enable a comprehensive, cost-effective and simple approach to data protection, we have chosen to partner with Assured Data Protection (ADP), who provide a fully managed service overlay based on Rubrik technology.
With over 100 years of combined industry experience, ADP is the only dedicated Rubrik service provider globally. This relationship provides ADP with unique access to Rubrik, covering feature requests, support and case escalation.
As part of our architecture, ADP will design, implement and support our end-to-end Data Protection ecosystem.
Rubrik is a market leader in backup and recovery, enabling automated backup, recovery, offsite replication and data archival capabilities across a hybrid multi-cloud architectures.
Rubrik delivered the industry’s first converged data management solution, offering backup software, catalogue management, replication and de-duplicated storage in a single appliance that scales linearly. The distributed nature of the architecture maximises efficiency and cost savings, whilst simultaneously enabling near-zero recovery times, as well as unified file search and recovery from any location.
In short, Rubrik aims to replace the legacy “backup job” paradigm with policy-driven management, allowing users holistically automate data protection, ensuring any Recovery Time Objective (RTO) and/or Recovery Point Objective (RPO) can be met without significant manual intervention.
Rubrik Architecture Overview
To maximise the return on our existing investments, ADP and Rubrik will build upon hosting architecture (e.g. Colocation DC, Public Cloud, Edge). We have no plan to deliver a dedicated/isolated hosting location specifically for Data Protection.
A core Rubrik cluster will be deployed within each Colocation DC, acting as our central location for backup and recovery. All data will be fully encrypted in-flight and at-rest ensuring data is fully immutable and therefore protected against threats such as Ransomware. The core Rubrik clusters will provide a unified environment to instantly restore data at an individual file, folder and/or server/VM level.
Rubrik will also be available within the Public Cloud (initially Azure), protecting (where required) cloud applications and data, as well as providing cost-effective archive and long-term retention capabilities. Recognising the inherent data protection capabilities enabled by the Public Cloud providers, Rubrik will be positioned to complement (not replace) these capabilities, targeting advanced and/or specialised requirements.
Finally, Rubrik appliances will be deployed at the edge sites, enabling site-specific backup and recovery. Edge sites can leverage the core clusters for replication, as well as the Public Cloud for archiving and long-term retention.
The diagram below provides a high-level view of the proposed architecture.
Core Rubrik Clusters
Due to our unique situation, we do not have a comprehensive view of our current/future data requirements. Therefore, the architecture has been designed to start small with 10TB of deduplicated capacity on each core Rubrik cluster, with 100TB of usable capacity, enabling instant expansion. If additional capacity is required, enabled by the Rubrik scale-out architecture, individual nodes can be added without any downtime or interruption to performance.
To further enhance the data protection, Rubrik will securely replicate data bi-directionally between each core cluster. This form of replication, alongside the inherent resilience built into our Software-Defined Data Centre (SDDC) architecture provides the ability to perform Disaster Recovery (DR) from either core Rubrik location.
Finally, Rubrik supports archiving and long-term retention to Public Cloud object stores. Initially, we will leverage Azure Blob as a cost-effective and cost-competitive storage option.
The proposed architecture will enable two edge patterns, both resulting in the implementation of hardware appliances at the physical site. This approach enables local data backup, as well as instant recovery at an individual file, folder and server/VM level. Where required, data will be replicated to a core Rubrik cluster or archived directly to the Public Cloud.
Pattern One (Small): A single-node Rubrik hardware appliance supporting locations with less than 20TB of backup data.
Pattern Two (Large): A four-node Rubrik hardware appliance supporting locations with greater than 20TB of backup data.
Rubrik also offers virtual appliances, however, these are not currently in-scope of our architecture.
The amount of data created and stored within a business continues to grow at an unprecedented rate, with the insights enabled from the data arguably becoming the most valuable asset.
Therefore, having a robust Data Protection architecture that can operate cost-effectively across the end-to-end ecosystem has become critical.
Our proposed Data Protection architecture delivers a fully managed (SaaS-like) solution, leveraging market-leading expertise from ADP and technology from Rubrik. Simultaneously, it maximises our existing investments (e.g. Colocation DC, Public Cloud and Edge), whilst delivering a “pay for data, not for capacity” commercial model.
We believe this approach will help ensure we are set up for success, as we continue to scale and explore innovative services via our Hybrid Multi-Cloud strategy.