Transcription
Smarter Endpoint BackupThis whitepaper discusses Druva's unique approach to smarter backupof endpoint devices.
Table of ContentsIntroduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2Challenges of Endpoint Backup . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3Storage Requirements are Growing Faster than Available Bandwidth . . . . . . . . . . . . . . . . . . . . . . . . . . . 3Wireless WANs Have Unreliable and Spotty Coverage . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4Non-VPN Data Transfers are Subject to Higher Security Risks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4Resource Intensive Backup Diminishes User Experience on Endpoints. . . . . . . . . . . . . . . . . . . . . . . . . . . 4Limitations of Existing Solutions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5Sub-optimal Server Triggered Backup Architecture. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5Dependence on Low Latency, High Bandwidth Network. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5Lack of Support for Mobile Devices . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5No Protection Against Data Breach . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5Highly Intrusive End-user Experience . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5Costly Deployment and High Maintenance. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5Druva inSync – Smart and Secure Backup for Endpoints. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6Client Triggered Backup Architecture . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6Enterprise Security. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6Smarter Deduplication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7Advanced WAN Optimization. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .9Integrated Data Loss Prevention . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9Mobile User Empowerment . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10Non-intrusive End-User Experience . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10Enterprise-grade Scalability. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10Flexible Deployment and Easy Management. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11Secure File Sharing and Collaboration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11Enhanced IT Control and Visibility with Rich Data Analytics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11Laptop Backup Benchmarks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12About Druva. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13Data Sources and References. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 131Smarter Endpoint Backup
IntroductionThe face of the modern enterprise is changing as more and more employees are using laptops and mobile devices leading toa rapid increase in the number of endpoints accessing key corporate data. A recent IDC study indicates that the global mobileworker population will reach 1.3B representing 37% of total workforce by 2015.1 Of this growing workforce over 70% ofindividuals never plan a backup of their endpoint devices. The risk of loss of key corporate data stored on endpoints is greaterthan ever and will continue to rise.The IT department of an enterprise is ultimately responsible for the security of corporate data and needs to ensure that dataon endpoints is securely backed up.This whitepaper discusses the challenges that IT faces in performing secure endpoint backups and describes importantshortcomings of existing solutions. It concludes with a discussion of how Druva inSync solves these challenges and provides asmarter endpoint backup for enterprises.Reasons for Investing in a Smart Endpoint Backup Solution 2, 3, 417%Corporate data lossis rising260%annuallyof these devicesNearlylose data that38%cannot berecoveredof all corporate data resideson users’ devicesOnly200 millionAboutemployeeswork remotely, i.e. they are not at their deskwhile accessing emails.Over70% of mobile employeesnever plan a backup either before or during travel35%of enterprises backup laptops,even fewer backup smartphones& tabletsOver600,000notebooks are lostat US airports every year2Smarter Endpoint Backup
Challenges of Endpoint BackupEndpoints are different from desktop PCs in that they connect over public WANs, and are typically battery powered whichmakes their backup significantly more complex than that of PCs. Several factors make endpoint backup challenging:The Main Factors That Drive the Increased Complexity of Endpoint Backup:FASTBACKUP SPEEDMINMAX21Storage requirementsare growing fasterthan available bandwidth3Wireless WANshave unreliableand spotty coverage4Resource intensivebackup diminishesend-user experienceNon-VPN datatransfers aresubject to highersecurity risksStorage Requirements are Growing Faster than Available BandwidthRecent statistics show that an average corporate laptop has about 10GB of critical corporate data—a 20X increase from2000. At the same time, the bandwidth on corporate networks available for laptop users has increased at a muchslower pace, making backup of these laptops significantly more difficult.Total Storage & Bandwidth Needed by Traditional Software to Backup 1,000 Users20X e: Matt’s Hardware Trends website, UCLA Computer Science Dept StudyOne case that is specifically problematic for IT is backup of email data. Almost 80% of corporate laptop data is in theform of archived emails. The rate of addition/change of data is about 1% but the actual differential change doubles toabout 2% because of the email archival formats used by most email clients (like Microsoft Outlook), which make a hordeof post-processing and index changes on archived data.3Smarter Endpoint Backup
Transferring this differential data (160 MB) over a WAN connection can be especially problematic and is likely to interferewith users’ tasks such as reading and answering new emails.Total Storage & Bandwidth Needed by Traditional Software to Backup 1,000 YEAR2000200320062010Source: Matt’s Hardware Trends website,4 UCLA Computer Science Dept StudyBased on the graph above the backup of data from 1000 corporate laptops using traditional backup software requires30 TB in storage.Wireless WANs Have Unreliable and Spotty CoverageUnlike desktop PCs, laptops and mobile devices are often not connected to a corporate LAN or a VPN.Users connect their endpoint devices via networks with varying level of reliability and bandwidth e.g.hotspots, home networks, airport networks. This complicates the task of backing up an endpointdevice in three main ways. First, unreliable networks may cut out at any time e.g. right in the middleof a backup. Second, the bandwidth assigned to endpoints on these networks is significantly lowerthan the bandwidth available on corporate networks. Third, endpoint devices do not get a static IP address. Sometimesthe endpoint devices do not even get a publically visible IP address on these networks making it very difficult for thebackup server to connect and exchange data with the endpoint device.Non-VPN Data Transfers are Subject to Higher Security RisksEnsuring security is the most obvious challenge of endpoint device backup when compared to desktopbackup. Endpoint devices typically connect over non-VPN networks such as Wireless WANs. For instance,employees may use their devices over unprotected hotspots. Given the possibility of unencrypted datatransmission over WANs, there is a much higher security risk with endpoint backup than with desktopbackup that is performed over a LAN connection.Resource Intensive Backup Diminishes User Experience on EndpointsMobile endpoints typically have less processing power than desktop PCs in order to conserve battery life. As aresult, backup software may consume critical processing resources in endpoints when run simultaneously with otherapplications, leading to a poor end-user experience.4Smarter Endpoint Backup
Limitations of Existing SolutionsMost of the existing solutions (“legacy” solutions) are derived from tape backup or network backup solutions for mainframes.Consequently, legacy solutions have multiple limitations when used with endpoints:Sub-optimal Server Triggered Backup Lack of Support for Mobile DevicesLegacy systems often do not supportArchitecturemobile operating systems such as iOS, andServer-based backup systems use a centralAndroid. Lack of support for smart phonesbackup server, which initiates backup andand tablets is a major shortcoming given therestore requests. Such architecture worksrelatively well for desktop PC backup. sharp rise in enterprise use of these devices.However, server triggered backup architecture imposesNo Protection Against Data Breachthree key limitations with regard to endpoints:These systems do not provide any1. S ECURITY – The server initiates and sends networkfunctionality ensuring that data cannotrequests outside the corporate network when a user isbe accessed maliciously from a lost ortraveling. Unlike a web or email server, this is a specialstolen device. DLP is not a major concerncase and needs more attention.for desktop PCs, since desktops rarely get lost or stolen.2. ACCESS TO THE USER’S DEVICE – A user’s device However, DLP has become a major concern as more andmust be visible to the server on a published IP address. more employees are using endpoint devices for work. TheseThis becomes a problem when the user is traveling and small and mobile devices often get lost offsite (airports,connected through WAN/Internet.coffee shops etc.) and can fall into the wrong hands.3. SOLUTION SCALABILITY – As the number of endpointsgrows, server load becomes a bottleneck when handling Highly Intrusive End-user Experiencebackup schedules, reconnects, dependencies on lastLegacy systems are resource intensive andbackup status, etc.significantly compromise the end-userexperience by utilizing a high percentageof available CPU and bandwidth resources.Dependence on Low Latency, HighUsers often have to stop working, and wait for the backupBandwidth NetworkThanks to the tape-backup legacy, most to complete; eventually they begin to dread and avoidnetwork backup systems today use same backups altogether.old R-Sync style checksum algorithms forincremental backups. These algorithms Costly Deployment and Highrequire a large number of network interactions and MaintenanceTraditional systems require significant timedeteriorate the performance of legacy backup systems,and effort in order to achieve an enterprisewhich need low-latency for less network turn-around timeswide rollout and maintenance over time.and faster execution.The installation process often requiresEndpoint devices rarely have the luxury of low-latencyweekswithonsiteprofessional services help. Maintenancenetworks; these devices usually connect via WANs thatusually includes a costly contract with onsite professionalhave variable reliability.services help.In addition, these solutions are limited to an on-premisedeployment, which suits only some organizations. Otherorganizations may prefer a cloud deployment because ofits easier rollout, on-demand scaling, and flexible pricing.5Smarter Endpoint Backup
Druva inSync – Smart and Secure Backup for EndpointsDruva inSync is an automated enterprise endpoint backup solution that protects corporate data while in office or onthe move. It features simple backup, point-in-time restore, and patent-pending deduplication technology that increasebackup speed and minimize resource use. With several unique features, inSync is designed to handle endpoints andovercome limitations of legacy solutions.Client Triggered Backup ArchitectureDruva inSync uses a client triggered backup architecture enabling high levels ofscalability and security. inSync has two components :1. inSync CLIENT is a client agent that is installed on endpoints. It is equippedwith sufficient backup intelligence to initiate and accomplish backup.Configuring a client takes five simple steps and can be completed withinminutes of installation.2. inSync SERVER is a software service that runs either on a dedicated serveron-premise server or on cloud, and scales to handle terabytes of enterprisedata. It accepts backup and restore requests on published IP addresses.Enterprise SecurityinSync was built from the ground up with highest security standards in mind. inSync employs the following securitytechnologies and practices:DATA ENCRYPTION – inSyncfeatures 256-bit SSL encryptionfor data in transit and 256-bit AESencryption for data in storage.CERTIFICATIONS – inSync runs onAmazon Cloud infrastructure, whichis SAS-70 certified. Druva cloudoperations and design is also ISAE3000 certified.ENCRYPTION KEY MANAGEMENT – While some cloud providers use the same encryption key for all of their usersand fail to compartmentalize data from their multiple customers, inSync, in an industry-first, provides sophisticatedtwo-factor encryption. inSync uses unique encryption key management for each customer as well as uniqueauthentication and access control for each customer. This setup ensures that no one, including Druva employees,can gain access to a customer’s encrypted data except the customer with access credentials.SINGLE SIGN-ON - inSync uses Security Assertion Markup Language (SAML), an XML-based open standard, toprovide single sign on capabilities. Users can securely sign-on to inSync over the Web using their credentials onexternal identity services, such as Microsoft Active Directory.6Smarter Endpoint Backup
Smarter DeduplicationWithin any enterprise, proliferation andpreservation of many versions and copiesof emails and documents contribute totremendous data ntechnologyeliminatesunnecessary duplication and saves a singlecopy of content that is duplicated across allusers and endpoints of an enterprise.MORE THAN80%of enterprise data5 is duplicatedacross users, creating storage& bandwidth bottlenecksduring backup.Steps to Eliminate Duplicates in Backup157During restore,a user sees all hisfiles irrespectiveof the duplicates.The inSyncclient agentcontinuouslymonitors &captures filelevel changes.4The server maintains onlya single copy of duplicateddata & multiple references.Smarter Endpoint Backup23Before performing a backup, ituses patent pending advancedfile fingerprinting to check withthe server if a file, or even a partof a file has been backed up before,by any user from any endpoint.Then, it sends only the uniquecontent to the server.
Salient Features of Druva’s Deduplication Technology1 Global:2 Client-side:data redundancy is eliminatedacross all users and endpoints.duplication checks andcaching of these checks are performed at theclient substantially reducing bandwidth andspeeding up backups.3 Application aware:understanding of on-disk formats ofapplications (e.g., Outlook, Office, &PDF) results in 100% accurate, fasterdeduplication and reduced storagerequirements.performance &4 HighScalable:HyperCache technologyreduces disk I/O by up to 80% andoptimization for SSDs improves overallbackup throughput by 5x.A detailed explanation of deduplication techniques and Druva’s innovative approach to deduplication is available in a white paper on data deduplicationfor endpoints at www.druva.com/resources.8Smarter Endpoint Backup
Advanced WAN OptimizationinSync automatically detects networks (LAN/WAN/VPN) and changes in a network. Its advanced WAN optimizationboosts speed and efficiency of data transfers over WAN networks. inSync optimizes packet size and uses parallelconnections to make best use of available bandwidth. When a backup is interrupted over a weak network, inSync ensuresthat the backup is resumed. Users or IT administrators can set limits on percentage of network bandwidth and CPU usage.inSync’s WAN optimization makes it highly suitable for endpoints as they often connect over weak WAN links.Optimizes Packet Sizebased on network noise, & latencySmart Bandwidththrottling adapts to varyingnetwork conditionsAuto-Resume Backupsaves critical user time& productivityIntegrated Data Loss PreventioninSync prevents critical corporate data from falling into the wrong hands. With inSync, data on an endpoint device isencrypted so no one but the device owner or an IT administrator can access that data. inSync also allows remote wipeout of endpoint data. inSync puts IT in control; IT can set policies enforcing which files on a device are encrypted as wellas when files should be remotely wiped out (e.g. if device has not connected for N days). Further, IT administrators canimmediately wipe a device if they believe that it has been compromised. Finally, inSyn
shortcomings of existing solutions . It concludes with a discussion of how Druva inSync solves these challenges and provides a smarter endpoint backup for enterprises . Corporate data loss is rising 260% annually Nearly 38% of all corporate data resides on users’ devices of thes
