Why a lift and shift backup architecture is a bad idea

W. Curtis Preston, Chief Technology Evangelist

Most “cloud” backup services are based on lifting and shifting a legacy backup product into the cloud. Druva reps discuss this a lot, but they often get pushback with phrases like “why do I care how the vendor makes my backups happen?” This episode answers why you should care very much. It affects your flexibility, cost, and risk – all for the worse.

All SaaS services should be delivered in such a way that allows a customer to consume them however and whenever they want, while the technology and cost scale up or down based on their needs. That’s simply not possible with a lift-and-shift system, and this episode explains why.

[00:00:00] W. Curtis Preston: This week on No Hardware required, we’re gonna talk about lifted and shifted backup architectures and why that matters. With me as always is my co-host Stephen Manley. Thanks for joining.

Hi and welcome to Druva’s No Hardware Required podcast.

I’m your host w Curtis Preston. And with me, I have none other than our CTO, Stephen Manley. How’s it going, Stephen?

[00:00:25] Stephen Manley: it’s going great. You know, I, I spent my day lifting weights cuz I don’t lift architectures.

[00:00:31] W. Curtis Preston: Nice. Yeah, I’m pretty sure You’ve lifted a lot more weights than I have, but then let’s not talk about that. That’s too depressing. There is a lot of activity in the SaaS space. If, if we go back say five years ago, there was us and nobody

[00:00:50] Stephen Manley: And us

[00:00:52] W. Curtis Preston: yeah. Us and us and us. Right? Yeah. You know, we, we, I know we used that phrase that we, we, we like to say that we, we were skating where the puck is going. For a while, we were over in a corner. You know, sitting there with a hockey stick, waiting

[00:01:06] Stephen Manley: For waiting for the

[00:01:08] W. Curtis Preston: Right. Well, right now, suddenly everybody else is playing over in our corner. Right. So, you know, we have one or two competitors that are SaaS only competitors, but I think the bigger thing is that we have, uh, vendors that have taken their traditional backup architecture and lifted and shifted it and put it in the cloud. And then, um, offered that as a service. That doesn’t mean that it’s not SaaS. It’s just mean that they will have challenges that we do not have. And so I think the thing I wanted to talk about is if I’m a customer or a potential customer of those services, why do I care?

[00:01:49] Stephen Manley: I think the first thing, you know, even before we get to what they look for, it’s almost, why should they care? You know, what the architecture is. And, and, and one of the things I like to lead with is, you know, in our industry, Uh, there’s not a lot of secrets, right?

It’s a, sometimes I, I, I get a customer and they say, well, you know, I’m not sure if we’re under NDA and this, that, and the other like, look 99% of what I tell you is public. And the other 1%, all the other vendors know. The challenge isn’t knowing what the right answer is. It’s how you get there. And so if you look at everybody in our industry, every single one of them is making some sort of SaaS motion, SaaS play, which tells you what. It tells you that everybody knows that SaaS is the right answer. Uh, and so, so going back to, to, to sort of, you know, they’re coming to where we are. So, so why should this matter? Because the market has told you, this is the single most important thing someone can do right now, just like 20 years ago, the single most important thing we were doing was deduplication.

Data Domain came out with deduplication and everyone went, oh, we don’t need that. And then furiously tried to figure out how to build deduplication, because we all knew that it was a genius idea, this kind of the same thing right now, everyone sort of poo-pooed SaaS, but they’re all desperately trying to build SaaS because it’s the most important thing you can do in the market right now. So that’s the first thing is why should you care? Because everybody’s shown you, it’s the thing you should care about.

So then we get to the second one. How can you tell a good one from a bad one? So there’s the simple way, which is, if you go with somebody who built it from the ground up, someone who’s been doing it for the longest, somebody that has the most customers, somebody that, you know, only does that.

There’s a good chance. They’ve got it right. Um, but if you wanna dig in a little bit deeper, some of the things you wanna look for are, you know, what’s your size of deduplication. Um, you know, how much can you scale up and down in terms of your workloads, uh, how many different regions can you run in? Um, you know, how many different workloads do you support?

How effective are you at managing your network bandwidth. We could dig into why those matter, but, but those are some of the things you wanna look for.

[00:04:03] W. Curtis Preston: I’ve never drawn this analogy, but before, but I’m gonna do it now. I am the proud owner of a 2013 Toyota Prius. All right. I would argue that Prius is so far the single most reliable hybrid car. Right. And, uh, it’s not, I, I think there might be some models that might get slightly better gas mileage, but it is, you know, by far the, the, the most vetted, if you will hybrid architecture, there are other products, some of which there are offered by Toyota that are what I would call bolt on hybrids.

Where they put the, the hybrid engine next to the, the gasoline engine. It adds a lot of cost when you do it that way. It’s very similar to when you do a lift and shift architecture versus a purpose built architecture. And so this is why I have a Prius and not a Toyota Corolla hybrid version, right.

Because the Toyota Corolla costs. 6,000. I don’t know. It’s, it’s four to 5,000 more for that hybrid option and you never make up the difference in gas, right? I think it’s the same thing here. When you take a, an architecture that was previously built for the data center, and then you move it into the cloud.

Basically their costs will be higher than our costs. And why should that matter to the customer? Because this is the way business works, right?

[00:05:29] Stephen Manley: That cost will get passed onto you

[00:05:32] W. Curtis Preston: And I had one thought that like, when I think about one of our competitors, one way, I think to really look at the way their, how, if you will sassy a vendor is, is how they bill you. Do you have to buy, uh, and pay for capacity that you need, but don’t use, I know some of our competitors, they charge, they say how big is your data center? And they charge you for how big that data center is upfront pricing or front end pricing. And that doesn’t, it doesn’t matter how well.

Uh, that product dedupes, they’re going to charge you for that front end, uh, data center. They’re also often charging you for, if you’ve got a, I don’t know, 500 terabyte data center and you pay for 500 terabytes. You are going to be paying for a 500 terabyte license, regardless of how many terabytes you actually back up. Right. Um, so that’s one way I think is to look at how sassy, if you will. A, uh, backup product is, is how well the, uh, the, the price that you pay matches exactly what you are doing, not what you want to be doing or, or, you know, your need to do in the future. Does that sound about right?

[00:07:01] Stephen Manley: It, it does. And I, and I think that’s reflective of something, you know? And, and I, I had an old boss that, that used to that used to basically admonish me and say, look, you’re looking at this from a technical perspective and that’s fine cuz cuz that’s, that’s, that’s what we pay you to do. But you need to understand that, that it’s usually, you know, business requirements and business changes that are much harder, uh, in terms of dealing with disruption on the technology side.

So, so what you’re pointing at, I think is there are these companies that are used to getting paid a certain way, paying their sales people a certain way, protecting themselves so that they, they, you know, they, they aren’t holding the bag. and, and, and so shifting that business model to say, no, we’re gonna do on demand pricing.

No, you know, we’re, we’re, you know, you’re, we have confidence in how this works and, and we’re only gonna charge you for what, what you’re actually storing as opposed to how much data you have on the front end. That’s the harder shift. As hard as it is to build a system like Druva on the back end, shifting your business from a, a perpetual license model and a buy appliances model to that kind of cloud on-demand model is like an order of magnitude harder than building the tech.

[00:08:13] W. Curtis Preston: Yeah. I hadn’t even thought about its impact on the, on the sales, uh, side of things. But that, that is a very important point. So I think the question to ask the vendor is let’s say I start out with 200 terabyte. But it’s I’m six month in and due to various issues. I haven’t yet deployed anything. How much am I paying now?

Right. I, I said I wanna back up 200 terabytes. It’s six months later, I got delayed. How much am I paying now? That’s one question to ask. Next question is, let’s say I deployed everything. I’m backing up 200 terabytes and then I sell off half the company. Now my data center is a hundred terabytes.

Now, how much am I paying? If, if the, the answer to the first one is, well, you’re paying for 200 terabytes because that’s what you said you had. And the second one is you’re paying for 200 terabytes because that’s what you said you had, we get down there. There’s no down, right? There’s no, there’s no going down.

[00:09:14] Stephen Manley: Right,

[00:09:15] W. Curtis Preston: If, if, if it’s a true SaaS offering, you can very easily go down.

[00:09:20] Stephen Manley: right.

[00:09:20] W. Curtis Preston: And you can very easily go up, but it’s the down part. That’s what, that’s what you made me think about. It’s that down part. Can I, uh, you know, will my cost go down?

[00:09:30] Stephen Manley: right. Because again, when, when I, in that old hardware mindset, you bought the box, you bought the box with the 200 terabytes. It is yours. If you never wanna use it. Cool. If you wanna store 200 terabytes on it, cool. Either way you paid me for the 200 terabytes and I’m done, you know, with, with cloud and SaaS it’s let’s work.

And this is, and this is why so many people, I think like cloud by so many people like SaaS when you do it. Right. And, and this is, this is the second part is. If there’s no hidden fees that are sort of compensated, cuz that’s the other way, right? That, that, that you can, you can sometimes get bit is you say no, no, we won’t charge you for the 200.

Uh, but by the way, we’re charging you for all the transfers and we’re charging you, uh, extra for restores and we’re charging you every time you try to tier the data and you know, if you’re getting those hidden fees that that’s, that’s just as bad. Right. So, so, so I think that those, those are the two things to look for.

[00:10:31] W. Curtis Preston: And I think complication too, right. Complications of billing. So I can think again, of one of our competitors that they charge both for front end terabytes and for backend terabytes. Right? So assuming you use their storage, they do allow you to use other vendor storage. And that’s a different challenge.

If you do that, we could talk about that. But if you use their storage, you’re paying for both the front end. Well, I’d say either way, you’re paying for both the front end and the back end. The question is, uh, just who you’re, you know, who you’re

[00:11:04] Stephen Manley: paying

How many people you’re paying? Yeah,

[00:11:06] W. Curtis Preston: And that’s very interesting because it’s a complicated, uh, business structure, right? So versus the way we price, which is globally de-duplicated and we charge you only by the gigabyte of what you store on the back end. And that’s the way we charge the, for the data center for the, you know, for the backing up endpoints and, uh, SaaS, uh, apps we charge by the seat, which is, which is, I think appropriate.

I know you and I have talked about this. We charge the same way you’re paying for that service, right.

[00:11:41] Stephen Manley: And I think, I think that simplicity, right. If I can explain to you in two sentences, the way Curtis just did, how you’re going to pay for my service, I’ve got a good SaaS service. If I’m pulling out seven pages of legal ease to explain to you how you’re paying for the service, a I don’t have a good SaaS service and B.

It’s not gonna work out well for you. The seven page documents about how you’re getting charged, never turn out in your favor.

[00:12:10] W. Curtis Preston: Well, they turn out well for, for the other guy. Just not for,

[00:12:14] Stephen Manley: Right, exactly right. The person who wrote the seven pages, they’ve made sure it works great for them. You’re gonna get bit somewhere. And so, so that’s one of the things I, I, I really take pride in on the Druva side is it is as simple as that. End points and SaaS applications, you’re playing seat per user, uh, data center, you’re paying per backend capacity.

What, including deduplication compression and all of that, that. And, and, and if you wanna do long-term retention and tier to, to cooler storage, you know, we knock a certain percentage off right there, right? It, it, it doesn’t matter exactly how much data moves. We’re knocking a certain percent off your, off your bill.

And if you wanna back up directly to cold, we’re knocking a certain percent off your bill. So, so again, you have that certainty. It’s just, boom, there it’s done. You, you certainty matters in SaaS.

[00:13:02] W. Curtis Preston: And I want to talk about this idea of, you know, again, going back to the lifted and shifted, but besides billing. one. So I’m gonna, I’m gonna ask sort of two questions. One is one way, you know, how do I know if my, my potential vendor is using a lifted and shifted architecture? And I would say the quickest way to know that is if they’re using phrases, like this is the same old ABC product that you already know and love.

If it’s the same old product you already know and love. That means they , they took it and they put it in VMs, in the cloud on your behalf. That’s not wrong. It’s just, it’s very obvious that that means they lifted and shifted it because if they refactored it, then. They’re lying to you. It’s not the same product that you already know and love.

It’s a completely rewritten product. So I, one of these two things have to be true. Either it’s lifted and shifted or it’s the, you know,

[00:14:07] Stephen Manley: Or it’s different.

[00:14:08] W. Curtis Preston: refactored product. Right.

[00:14:09] Stephen Manley: yeah, that that’s, that’s, that’s having built both types of, of applications. I can’t, I can’t overemphasize how important that is from deduplication. You know, the way we built deduplication in Data Domain is vastly different than how we built deduplication in Druva and, and the way Data Domain built it for appliances was, was nothing short of genius.

And the way Druva does it in the cloud is, is similarly just uniquely brilliant. And so, but they’re different. And there’s no way you would say one, you can’t just lift and shift to the other. They’re different. The same is true for processing backups. The same is true for cataloging backups. The same is true for authentica.

I mean, each one of these steps you are going to do differently if you’re going truly SaaS, because the cloud is not about building boxes and installing software on boxes, it is, it is about truly building a service.

[00:15:05] W. Curtis Preston: And I want to go back to, well, why should I care? Okay, so, so I, you know, I I’ve acknowledged that this potential vendor of mine is, has used it a lifted and shifted architecture. I think on the, the first part, we talked a lot about the cost. I think that if you are not. Uh, I know because I’ve seen how cloud billing works.

If you’re not, if you’re using a lifted and shifted architecture, their costs will be more, those costs will be passed on to you. Um, there, there is a possibility there that at least right now, they might be doing a loss leader approach. Where they’re losing money on that side, but that can only last for so long.

Right. But let me talk about what for some might be an even more important concern and that is security. If you are taking a lifted and shifted Unix or Linda’s Linda’s If you are taking

[00:16:03] Stephen Manley: a new hybrid.

[00:16:04] W. Curtis Preston: lifted and shifted Unix or Windows box and you are moving it into a VM in the cloud, Here’s my question. If you are hiding the existence of that server from me, who’s managing that server. Who has root on that server because when it was in my data center, the answer was me.

But if you’ve lifted and shifted it and put it into the cloud and you’ve hid it from me by putting a SaaS layer in front of it, who has root on it. And the answer is, well, they do.

[00:16:39] Stephen Manley: Right,

[00:16:39] W. Curtis Preston: And again, I’ve used a lot of different backup products and if I have root on your backup server. I am all powerful. I can see whatever I want.

I can do whatever I want. I can delete backups. I can do all of these things. So that that’s, I think the, the second approach is, or the, the second reason why you, um, should be concerned about a lifted and shifted architecture. What do you think.

[00:17:09] Stephen Manley: Yeah. Yeah. And, and, and it’s interesting because I think a lot of those lifted and shifted architectures trying to spin it as a positive, oh, we have a dedicated environment for you. It’s it’s not shared. Uh, and so, so that means you’re totally isolated from everybody else. The first thing is we’re all, again, all those, let’s say it’s AWS, all those EC two instances that are running your windows server.

They’re not that isolated if they’re all run by the same company. Uh, and then the second one is like Curtis said, because it’s in that architecture, you know, Everything is built, assuming that root has access to everything. So absolutely. You know, if, if you truly build a multitenant architecture, they should be able to walk you through all the layers.

Right? Uh, we, we use a mixture of containers and Lambda here at Druva. We have multiple layers that prevent any human being from ever directly accessing any of the production environment. We have layers upon layers of security and privacy validation. We have envelope encryption to make sure you hold the keys.

We do all these things. I personally spent hours talking customers through what this means. If the response you get from your vendor is, oh, it’s a dedicated environment. You’ll be fine. not a good answer. Right.

[00:18:23] W. Curtis Preston: Yeah, exactly. We talked in the previous podcast about how we have global deduplication and how that we, unlike any vendor that I am aware of. We have customers that are double digits of petabytes, all de-duplicating data in one dedupe database. Right. And, and, and I don’t know any other vendor that can say that. When I think about some of these other vendors that are more traditional legacy backup providers that have lifted and shifted their architecture.

I know they have dedupe limitations. I know it for a couple of reasons. I’ve seen. Um, uh, reports recently. And again, I’m thinking about one specific vendor, but I won’t call them out. I’ve seen two partners of theirs advertise how you can send their de-duplicated data and store it on their appliance. And they get another 50% of dedupe out of out of that data.

So I know that their dedupe is not that efficient. Number one, number two, I know that they have dedupe limitations. Right. So that, that basically they can only go up to a certain number of hundreds of terabytes before they have to create another dedupe database. I also know that you have to do things like, you know, um, sort of closing off the database and starting over after some period of time, here’s a, if you have those going on, that will impact the number of gigabytes that you’re going to need on the back end.

You’re going to be storing more gigabytes because it’s not as efficient at what, as what Druva does. There will also be occasional. And I, I can’t say how often it will happen, but what you should be looking for is occasional jumps in pricing that doesn’t happen with Druva customers.

Right. Our bills do go up because why? Because your data goes up over time, but it it’s never like, and all of a sudden it shoots up a hundred

[00:20:20] Stephen Manley: I had to make a whole new copy of everything.

[00:20:23] W. Curtis Preston: Yeah. If it, if it did that, it’s because you suddenly started backing up an entirely new world that you weren’t backing up before. Right. But with these other vendors, if the, if their database, their dedupe database works like that, you will get jumps in pricing.

Because you suddenly have to store another new full image, which again, that simply doesn’t happen in a purpose built SaaS architecture.

[00:20:50] Stephen Manley: I, I think the other one that I, that I always point out to customers again, if you have built dedupe for the cloud, if you’ve built it to, you know, from the ground up, one of the things that we get you pretty much just automatically because of our architecture is when we tier from, uh, S3 to say glacier deep archive, we’re not starting with a whole new copy to your point, right?

We are simply moving the unused blocks and they are part of the same dedupe pool So that, you know, because our deduplication is above the storage layer. I can dedupe across multiple storage layers, and it is totally transparent to the customer. And there’s no jump in price. There’s no, it’ll get more expensive before fingers crossed.

It gets less expensive. It’s it instantly gets less expensive because it’s all one dedupe pool. And if you’re not hearing things like that from your vendor, it’s lift and shift.

[00:21:44] W. Curtis Preston: Right. Can you think of anything else that we should bring?

[00:21:48] Stephen Manley: I, I think the last one, uh, and this one, it probably, because I’m more on the development side matters to me. Uh, the most of all is in a true SaaS architecture. I am constantly and relentlessly releasing new functionality, supporting new workloads, adding, adding new functionality for say, ransomware protection or for data governance.

Uh, I’m adding new workloads like Kubernetes and Microsoft 365 and, and all the sub parts of Microsoft 365. And I’m doing that. Uh, and, and so you see that cadence of new functionality releasing much more frequently, and just as importantly, it always just shows up for you. You know, if there’s a lifted shift architecture, you’ll see that weird thing where it’s like, they announced this and maybe some people are using it, but not others because they’ve only upgraded some parts.

You know, when you’re in a true SaaS architecture, it shows up for you automatically. You don’t have to do anything.

[00:22:45] W. Curtis Preston: Yeah. And that again, it’s one of those things that you don’t really think about until you’ve used a, a pure SaaS architecture, but if you think about. Again, a true SaaS architecture is something like Microsoft 365. When they add new functionality, suddenly all of the customers have it. You don’t have to upgrade stuff, uh, to, to have the new functionality.

You just get it. And, um, if you’re doing a lift and shift architecture, that means that that vendor is going to have to go in log in as root or administrator and upgrade your backup server during which you will have an outage. right. Uh, that’s another thing is that the, the way that you do a purpose built architecture, you build all of this in, and you’re able to upgrade things, uh, you know, with very quickly with, without, uh, uh, any major outages.

So, um, which is why, by the way, we’re able to guarantee things like that. Talk to that vendor about their resiliency guarantee. Ask them what they guarantee in terms of uptime and recoverability and all of that. And then compare that to what we offer with the Druva data resiliency guarantee. So, yeah, I, you know it, to me, it’s one of these things where this is really obvious.

It it’s, it’s difficult when, when you’re dealing with a competitor who will say we’re not lift and shift. Well, again, that that’s the most challenging is, you know, um, I’m aware of at least one phone call where we had a, a customer that is a customer of this other vendor. And this other vendor said we’re not lift and shift. Again, you’re the same vendor that says that, um, it’s the same

[00:24:32] Stephen Manley: the same.

[00:24:33] W. Curtis Preston: ABC, right? so it’s either the same. Or it’s not. You, you great. Uh, so you can’t have your cake and eat it too, but, um, anyway. All right, well, um, you and I could probably talk about this for ages, but we’re only supposed to go about 20 minutes and we went past that.

So, well, anyway, thanks for having a chat with me.

[00:24:55] Stephen Manley: uh, my, my pleasure. And again, everybody out there, you know, SaaS is the way to go. Just be careful before you make your purchase. So you’re picking the right true SaaS solution.

[00:25:06] W. Curtis Preston: And thanks again to our listeners and remember to subscribe and remember here at Druva there’s no hardware required.