News/Trends

Thoughts from Mr. Backup: AWS Backup

W. Curtis Preston, Chief Technology Evangelist

Amazon recently introduced AWS Backup services. Since then, everyone has been asking what I thought about Amazon’s latest announcement about AWS Backup (I got a lot of “What does Mr. Backup think about AWS Backup?”). After reading the first sentence of the product description, I can see why they might ask that question.

“AWS Backup is a fully managed backup service that makes it easy to centralize and automate the back up of data across AWS services in the cloud as well as on-premises using the AWS Storage Gateway.”

“Isn’t that what Druva does?” they ask. While the introductory sentence above may give that impression, the full story is quite different.

Amazon says you need to back up AWS

The most dangerous data protection strategy an enterprise can have is inaction, and clearly, AWS agrees. Cloud customers often believe that their data is automatically protected because it’s “in the cloud.” Nothing could be further from the truth, of course, but the most important thing about this announcement is that AWS is confirming you need to backup your AWS data. This will allow Druva to skip that conversation and spend more time on how you should back up AWS workloads.

AWS Backup adds new APIs Druva can use

AWS Backup includes a new set of APIs that Druva will be able to leverage to extend our current capabilities, along with future capabilities we will add over time. These APIs enable us to decrease our time-to-market and further our ability to reduce complexity, data risk, and cost barriers for our customers.

AWS backup

It’s akin to VMware Data Protection Manager

This may seem like a digression, but stick with me. Those who have been around a while will remember when VMware (part of EMC at the time) started offering basic backup and recovery services as part of their product. The product was called VMware Data Protection (VDP) and was actually a stripped-down version of Avamar, an EMC product.

At the time we were all asking, “Why would VMware would want to signal that they were going into the data protection business – directly competing with other partners? Are they going to compete with their own partners – the ones they desperately need to succeed?” I asked them that question and their answer was there was a subset of the VMware customer base that was never going to buy a commercial backup utility of any kind, and VDP was meant to serve the backup and recovery needs of that group of customers.

I see AWS Backup meeting the same need to the same type of customers – people who (for whatever reason) would never spend money on a commercial backup system. Perhaps someone has already spent this year’s backup budget but have recently begun using AWS.  Another group might just be experimenting with AWS development and doesn’t feel they can justify the cost of a data protection service for their experiment. AWS Backup gives these people something that is better than nothing – and keeps them from moving their apps to the competition.

There’s a lot more to backup than AWS Backup

Druva customers have migrated significant portions of their datacenter to AWS; some have gone all in on AWS. Let’s talk about these customers for a minute, and let’s assume for the moment that a given customer has a budget for data protection and data management. Both AWS Backup and Druva use EBS Snapshots to backup AWS customer data to S3 and Glacier. If a customer can get AWS Backup for free, why should they buy something else? Here’s a quick list of the many answers to that question.

  • Granular search and access: Snapshots are adequate for restoring a single, full system, however, most organizations ask for the next level down; identify specific files and data for either recovery purposes or for other business reasons; compliance, legal, etc. If AWS chose to develop this service, it would have to come at an additional cost due to the index storage requirements. This service is just one of many services included in Druva’s offerings.
  • Legal hold and compliance: Above and beyond the basics of snapshots are needs to address compliance and legal data identification and handling requirements. This has been foundational to Druva’s success and an area we continue to expand, going beyond ‘compliance’ in the sense of long-term cold storage of snapshots. Organizations want to dig into the data, quickly identify relevant files, review, preserve and recall them as quickly as possible and support their governance workflows.
  • Cross-cloud / Multi-cloud Support: This is a very real future that extends well beyond AWS.  With other cloud providers establishing market share and companies looking to cross-cloud and multi-cloud support to further decrease the risk of loss to their data, cross-cloud is increasingly becoming top of mind. This is a place where third party solutions like Druva differentiate from cloud vendors, offering an easier way to restore, copy, or move a workload to support even greater resiliency.
  • Hybrid environmentsThough cloud has gained huge momentum and adoption, and been a critical factor to our success, the mix of on-premises and cloud-based workloads is the norm today and will continue to be for some time. Supporting these environments in a seamless way, while providing the aforementioned capabilities adds a huge benefit to time savings and overall manageability of an enterprises data protection environment.
  • Cross-region Disaster Recovery: In addition to snapshot systems, enterprises need to duplicate their entire VPC environments across regions to protect against catastrophic failure.
  • Cross-account backup storage: After a series of attacks and accidental deletions (codespaces.com) companies have gotten wise and want to ensure their backups are isolated from the primary production account. Even if AWS eventually offers this service, it will most likely be implemented via some type of cross-account authentication, creating the possibility of a “rolling attack” that takes out both the primary and the backup. Only a third-party service authenticating to both can provide this service without compromising either account.

What about the Storage Gateway?

No, I did not miss the “as well as on-premises using the AWS Storage Gateway” part, either. Does that mean AWS is getting into the business of helping customers backup their on-premises datacenter? Not really.

For those unfamiliar with it, the AWS Storage Gateway is a VM or appliance that acts as a, well,  storage gateway to S3 and Glacier. It can present itself to the customer as a file server, iSCSI LUN, or Virtual Tape Library – or all of the above. But let’s focus on the backup use case. Customers can backup to the file server or to the virtual tape library, and their data will be automatically copied to S3. Recent data will be automatically stored on the local cache, and any “cache misses” are automatically managed.

Like AWS Backup, this solution will probably work fine for very small environments but as a customer grows in size, there are very large differences between the AWS Storage Gateway and Druva.

  • A Single integrated service. Storage Gateway is only a backup target. Customers will have to pay for and manage one or more backup products that will send their backup data to the Storage Gateway. Customers will also have to purchase and maintain the storage behind the Storage Gateway. It is only a cache, but that cache may be of substantial size. Druva offers a complete data management service that includes backup and recovery, disaster recovery, federated search, and compliance into a single service. Comparing Storage Gateway to Druva is like comparing a tire to Uber or Lyft.
  • Global Deduplication. Storage Gateway does not support deduplication. In contrast, data stored by Druva is globally deduplicated across a customer’s entire account. This significantly reduces the amount of data sent to S3, reducing bandwidth costs, S3 storage costs, and increasing restore speeds from the cloud. Many customers find that this deduplication reduces costs enough that they get all of what Druva offers at a price similar to what they would pay just to store their backup data in S3 using the AWS Storage Gateway.
  • No Egress Fees. The only thing worse than having to do a large restore is to pay egress charges when it happens. The Storage Gateway runs in your account, and any restores that experience a “cache miss” will create egress fees. Restores from Druva never have such fees.

Simpler is better

This has been one of my catchphrases for a long time. I’ve always been a fan of a single enterprise-class backup and recovery system over a patchwork of products from various vendors. With Druva, you get a single service that can protect all your data – including laptops, mobile phones, on-premises servers, VMs running in any hypervisor or hyperscaler, and native AWS data. Why pay for and manage so many tools, when you can have a single service handle it all?

Druva has a very close relationship with AWS, and AWS Backup does not change that. We will continue our collaboration with AWS, and are exploring the new features introduced with AWS Backup, such as new APIs, which we believe will enable us to offer our customers even more. More to come soon!

Identify and reduce your ransomware risk with Druva

Identify and reduce your ransomware risk with Druva — want to learn more about how your team can protect and secure your AWS workloads? Check out our new eBook to learn the 10 key capabilities for keeping your AWS data ransomware-ready.