11:11 Systems recently released our Cyber Vault for Cohesity solution which allows you to put your critical archives in an immutable cloud storage. This cost efficient, immutable secondary copy or archiving of Cohesity backup data makes it safer and easier to store your long-term backups.
Leveraging this solution should help you optimize the cost of your overall Cohesity solution and adhere with a 3-2-1-1-0 protection strategy. This is part of the wider release of Cyber Vault products from 11:11 with versions for Veeam and Zerto coming shortly.
We’ve been focusing on the deployment of the base Cohesity capability, Cloud Archive v2, lately. For those paying close attention, you’ll notice that 11:11 Systems is putting our secret sauce in simplifying the deployment, consumption, and monitoring of the solution. This is done by removing your need to manage the cloudy bits and simplifying the billing to a simple per TB, per month model.
CAv1 vs CAv2 vs Cyber Vault vs S3
When it comes to Cohesity’s Cloud Archive capability—which 11:11’s Cyber Vault service is based on—there are all kinds of different terms that float around. In the Cohesity UI this all revolves around the choices for Archival Format, between “Incremental with Periodic Full” and “Incremental Forever.” In marketing, documentation and when you speak to people at Cohesity, they are referred to as CAv1 and CAv2, respectively. The differentiation here is how efficient data deduplication is once the blocks go through a full retention cycle in object storage.
CAv1 is very simplistic in that it writes a restore point to object, on a regular basis also copies a full backup up and then as restore points age out they simply get deleted. While simple this does lead to a bunch of inefficiencies both in terms of deduplication as well as API calls as Cohesity has to remotely deal with all that data it’s written.
Enter Incremental Forever, or CAv2, which uses Lambda functions to efficiently perform deduplication across the replication set, without the need for periodic fulls or repeated remote API calls against the bucket. While their documentation requires a login to access, you can read a longer comparison in Cohesity’s 7.1.2 LTS documentation set.
Finally, keep in mind that while this is based on Amazon Simple Storage Service (AWS S3) Standard Infrequent Access, you cannot create multiple buckets via S3 browser or AWS CLI like you can for other 11:11 and AWS S3 services. This is because this is a multi-service AWS integration. What this means to you is that if you need multiple buckets for your use case, then you will need to work with our award –winning support to create each one. A good use case for this would be to consider a different external target per protection policy to allow for clean segregation.
Integrating 11:11 Cyber Vault for Cohesity
When you onboard 11:11 Cyber Vault for Cohesity, you will be provided with a few key pieces of information:
- Region
- AWS Account ID
- Access Key
- Secret Key
- Bucket Name
Once you have that information, you can navigate to External Targets under Infrastructure in the Cohesity UI and click Add External Target. As you can see in the image below, there are quite a few settings with information we’ve created through the steps above. Of note here is I’ve selected the S3-IA Storage Class. You should be able to use the information provided (as listed above) to fill in all the blocks you see, and then hit Register at the bottom of the screen.
Creating and Applying Policy
Now that we have our external target, we need to create a policy that can be applied to our protection groups to run jobs. Let’s start by navigating to Data Protection > Policies in Cohesity UI and click Create Policy. What I want to be able to do is the following:
- Locally
- Backup daily
- Retain for 30 days
- Keep the data immutable for 30 days
- External Target
- My imm-01 external target
- Retain for 90 days
- Keep the data immutable for 90 days.
You’ll need to click the “More Options” button to get into our fun stuff, but once you do that it’s relatively simple. Simply fill in the blanks for the primary copy then click “Add Archive” and complete as needed.
Once your policy is created it can be applied to any type of Protection you have. This can be VMs, M365 data, File Shares, etc., which is nice.
And now we’re done!
Conclusion
11:11 Cyber Vault for Cohesity is a rapidly evolving but important part of your data protection strategy in the Cohesity platform. This allows you to maintain copies of your data in cost-efficient AWS S3 storage while leveraging other cloud native services to optimize storage and related costs.
Additional resources:
https://1111systems.com/services/cyber-vault/
https://1111systems.com/request-a-quote/
