Service Overview Enterprise Cloud Backup Techgate s Enterprise Cloud Backup, powered by Asigra, is a service that gives you state-ofthe-art data protection at an affordable price. Vernon King Sales Operations Manager, Techgate plc Introduction Techgate offers an end-to-end data protection solution to protect servers, desktops, laptops, structured and unstructured applications and raw files residing on the LAN as well as laptops in the field. Data from your server(s) is backed up through the Asigra DS-Client ( DS-Client ), and sent over the Internet or through a dedicated telecommunications line to our secure, mirrored off-site data vault ( DS-System ), located within our own data centres outside central London. The Incremental Forever feature ensures that ongoing bandwidth and processing is kept to a minimum. Asigra software technology combined with Techgate s fully resilient, high availability data centres provides an exceptional data protection service. Techgate supports Public, Private and Hybrid cloud environments. The Asigra software components can run and reside in physical or virtual environments, and can backup from, and restore to, both environments. You can leverage Techgate s Enterprise Cloud Backup technology as software or Software as a Service (SaaS) to optimise, economise, and modernise your backup infrastructure.
Techgate s Enterprise Cloud Backup is comprised of two main components: Asigra DS-Client: This is installed at the end customer s premises to collect data from all servers, desktops, laptops, corporate mobile devices, structured applications and raw/unstructured files that need protection. The DS-Client is the data collector. Asigra DS-System This is installed at Techgate s off-site Data Centre, where the protected data resides. The DS-System is the data aggregator. There are a number of DS-Clients offered within the backup solution, Microsoft Windows, Linux and Mac, allowing complete control of all aspects of the network environment. Backup and recovery software typically requires that separate individual agents are installed on each host server that a system administrator wants to back up. Even in a modest-sized environment, agent management can get extremely complex when an administrator is forced to deal with different operating systems and revision levels. The complexity of agent management is further complicated by the growing number of software packages that also require agents running on the same host servers - which is referred to as agent pollution. Traditional agent based architecture Full coverage from multiple available clients This one-to-many architecture (one DS-System serving many DS-Clients) enables Asigra to support additional backup loads from multiple operating systems, servers, databases, applications and storage environments. Agents can pose a major security risk because they require open ports on the firewall. The Asigra software does not require any agents to be installed for each machine or for each application that needs to be protected; instead it reaches out over the network to back up operating systems, file systems, and applications, using industry standard programming interfaces. Asigra agentless technology Agentless Cloud Backup Techgate s Enterprise Cloud Backup requires no agents, which makes it inherently easier to install and support than legacy backup and recovery solutions. Techgate plc : SO-CBENTAsigra-1012-7 : Page 2
Agentless: Saves You Time Dealing with backup software agents is a cumbersome and mundane task that can be extremely time consuming. Matching agent revisions with operating system levels, researching compatibility issues, and other labour-intensive tasks are non-existent when using the Techgate Enterprise Cloud Backup solution. Agentless: Easier to Support Additionally, many problems that occur while managing backup software are due to agent bugs and their incompatibility with host servers. Asigra is inherently easier to support and the risk of problems is reduced as compared to other solutions because of its agentless design. Agentless: Less Resource-Intensive Traditional backup and recovery software puts agents onto servers, causing processing power to be stolen away from a server s core application to feed the needs of agents. Asigra s agentless architecture makes no such demands of the servers it is backing up. Agents Can Pose a Major Security Risk Agents require open ports on the firewall which can make a system vulnerable to outside interference. Protection for all leading applications and Operating Systems VMware Oracle Windows XenServer DB2 Linux Hyper-V PostgreSQL Unix MS SharePoint Sybase AIX MS Exchange Lotus Notes Domino MS Outlook GroupWise Mac OS X MS SQL Server MySQL Apple ios 4 System I/Power 6 Smart phones Android tablets SAP Security and Compliance features Techgate s Enterprise Cloud Backup is the most secure agentless data protection platform in the industry. Due to the multi-tenant nature of the cloud environment, security becomes a paramount concern of anyone trying to utilise the cloud for backing up and recovering their data. There are a number of security features that help and maintain data security and integrity. Digital Signatures In order to ensure integrity of the data that the DS-Client backs up and restores on a customer network, a digital signature is created and attached to every file that the DS- Client transfers to the DS-System. A digital signature represents 128-bit code that identifies data within the file. a one-bit change to a file will produce a different signature, allowing us to verify that the file content is exactly the same as was backed up. DS-Client Encryption Keys In order to secure customer information that is transferred to the DS-System, the DS-Client encrypts every file it sends to the DS-System with encryption keys provided by the customer. The files are stored and remain encrypted on the DS-System at all times. Asigra encrypts the data in-flight and at-rest from cradle to grave. The decryption process occurs during the restore operation on the DS-Client itself. This ensures that any information transferred and stored outside the customer location is always encrypted. Customers can choose from encryption strengths that range from triple DES 56-bit with an 8-character key, to AES 256-bit with a 32-character key. Asigra maintains backward Techgate plc : SO-CBENTAsigra-1012-7 : Page 3
compatibility of its software so that even now, using the most current release, users can still access and retrieve data encrypted with DES 56- bit encryption years ago. Configuration and Location of Encryption Keys The DS-Client encryption keys are configured during the DS-Client installation or with the DS- Client configuration program. Encryption keys are stored in the DS-Client database in encrypted form, so even a person with full access to the DS-Client computer (e.g. administrators) cannot find out the values of the encryption keys. The software used for Techgate s Enterprise Cloud Backup is FIPS 140-2* certified. *FIPS 140-2 is the standard for security requirements for cryptographic modules by The National Institute of Standards and Technology Asigra protects over 400,000 end customer sites and over the last 25 years of operations, there have been ZERO breaches or compromised systems. Password Management and Password Rotation Password Management and Password Rotation align your organisation's existing security policies and procedures with your data protection policies. Asigra software includes a feature that allows for the auto generation of passwords. These passwords are changed at random for specific backup user accounts, preventing any unauthorized access to the account or the data. The Compliance Advantage Techgate s Enterprise Cloud Backup can help your business with a variety of compliance issues. The Asigra technology is a disk-based, automated solution that runs quietly in the background with no human intervention tape backups require manual intervention and are therefore not compliant with regulations like Sarbanes Oxley (SOX), Payment Card Industry Data Security Standard (PCI DSS), Safe Harbour, and others. All backup data is aggregated, allowing for immediate recovery - traditional backup solutions are rarely centralised and this leads to difficulties in obtaining, collating and providing records in a timely manner. Backup data is automatically & securely transferred offsite using FIPS 140-2 certified security requirements via private or public cloud - traditional backup architecture requires additional 3rd party products or manual involvement when transferring data offsite on disk or tape and is therefore deemed unsecure or unreliable. How Techgate s Enterprise Cloud Backup service handles backups Initial Backup The initial backup for many customers may take a long time over the IP WAN: possibly so long that it will not be completed before the next scheduled backup is required. Asigra has an initial backup feature that allows backing up directly to disk. The customers can specify an initial backup set and perform the first backup to a disk attached to the DS-Client computer. Simply send the secure disk of encrypted data to Techgate s Data Centre and it will be integrated into your data storage, eliminating the time needed for extensive downloads and expensive bandwidth. Another approach for long initial backups is to do the initial backup in several sessions over the IP WAN spread over time. Incremental Forever Backup After the initial backup, Incremental Forever backup processing begins. Backups are typically scheduled for a specific frequency and time period, although they can be started manually. What data should be backed up, when it should be backed up, and other Techgate plc : SO-CBENTAsigra-1012-7 : Page 4
related information is stored in the backup set definition. Once a file is sent to the Asigra DS-System, it is normally never sent again in its entirety. Data to be backed up is handled through block-level processing and changed blocks of data in that file are isolated in subsequent backup sessions and only the changed blocks are sent through to the DS-System. The Backup Process The basic steps of the backup process are as follows: 1. The backup is started by schedule or on demand. 2. Any pre-execution functions, such as stopping a service, are started. For some backup sets, a database dump is performed. 3. The DS-Client scans for data to be backed up, comparing what it finds in the DS-Client database with the file attributes of the backed up data. It looks for: a. files with a changed size or changed write time since the last backup b. files that have no previous backup (no entry in the DS-Client database) c. databases or permissions-only backup sets - for these, the databases, tables, or dumps are always considered to have changed since the last backup 4. The DS-Client connects to the DS-System. For a backup set configured to back up to a local disk cache, even if the DS-System connection is not available, the DS-Client will backup locally and will send the data to the DS-System when a WAN connection is available. For a scheduled backup set, checks are made to see if the backup set is out of sync and, if it is, perform synchronization. 5. The DS-Client detects what data should be backed up for each file detected by the scan done in step 3. 6. The DS-Client does compression, then encryption (even if data was encrypted at source). 7. The DS-Client sends data to the DS- System, which puts the files in the correct location within the DS-System storage. 8. Confirmation of successful data storage is sent back to the DS-Client, where it is logged. The DS-Client database is updated. 9. Any post-execution commands (such as re-starting a database server) are run. 10. Notification is sent to indicate that the backup is complete. Interrupted Backups Scheduled backups that lose their connection to the DS-System will retry, by default, three times over five minutes to resume the backup. If the connection is re-established, the DS-Client re-starts the backup where it left off. For file system backup sets, or database backup sets using the DS-Client buffer, backup resumes at the block-level. About Delta Block Processing The DS-Delta algorithm analyses files at the block level. The processing is generic: it will work on any binary file, regardless of its file type or content. The algorithm divides all backed-up files into data blocks to reduce storage requirements and increase back up speed. Techgate plc : SO-CBENTAsigra-1012-7 : Page 5
Delta processing is performed if all of the following conditions are met: a. files are between 32 K and 512 GB (32- bit DS-Clients) or between 32 K and 4 TB (64-bit DS-Clients), and b. the backup item has the number of generations set to three or more; and c. files are not executables, DLLs, or driver files being backed up without streams (this is a backup set option) Delta Block processing on a file global de-duplication (Common File Elimination) across all protected sites. Asigra identifies duplicate data by looking for the same data queued for backup more than once. All data is compared based on its content, so it does not matter if the files are on different servers or have different names. Common data is stored to the appropriate repository and a pointer/stub is used to point from the data s original location to the library location. This is a continuous process, as common data can appear at any time. Data Compression The compression ratio achieved is dependent on data type. Higher compression ratios can be achieved for databases than for image or audio files. Since, compressing already compressed data can increase the file size, Asigra technology has the intelligence to detect compressed files and it skips recompression of such files Legacy Backup Asigra Technology If a file qualifies for delta processing, the DS- Delta algorithm will identify if this new online generation will be considered a master or a delta based on whether or not other generations of the same file exist. Integrated De-Duplication Techgate s Enterprise Cloud Backup offers unprecedented levels of efficiencies to the data being captured, ingested, stored and transmitted over the network by a number of methods. De-Duplication The Asigra technology offers local/client side duplication at Local Area Network level as well as Techgate plc : SO-CBENTAsigra-1012-7 : Page 6
Continuous Data Protection Techgate s Enterprise Cloud Backup features Continuous Data Protection (CDP), which enables data recovery back to any point in time in the event of a disaster. Users often want their data to be protected as soon as it is in its final state. CDP refers to automatic backup of the data each time a change is made to that data (asynchronous backup). Therefore, CDP enables data copies almost in real-time, capturing every version of the data whenever the user saves it. It allows the data to be restored to any point in time. Asigra s agentless CDP feature allows unlimited granularity since users can have their data recovered from an infinite number of Recovery Point Objectives (RPO). CDP protected files are backed up whenever they are saved to disk by users at the source computers. It also continuously monitors the changes on the specified target files and backs up the changes as soon as they are detected. Asigra CDP is implemented as a backup option and can be applied to file systems and email backup sets to improve recovery SLA of critical data. The benefits of using CDP include: track of the previous versions, allowing data recovery from a wider range of time. 3. Immediate protection of critical data. Once protected data is saved to disk, it is backed up locally (if local storage is available) and is simultaneously sent encrypted over the Wide Area Network (WAN) to be stored offsite at Techgate s data centres. Backup window and Recovery Time Objectives (RTOs) are reduced to zero. Tiered Recovery Organisations don t treat all their data the same way. Neither do we expect them to. We understand that businesses don t value older data the same as younger, more critical data. When formulating a backup and recovery strategy, organisations would need to establish different Recovery Point and Recovery Time Objectives (RPOs and RTOs) for different data sets. Techgate s Enterprise Cloud Backup provides the flexibility needed by having multiple tiers of recovery. This is achieved by having the Local Storage Facility and the Backup Lifecycle Management functionality available. 1. Increase SLA compliance. CDP provides the user with the peace of mind that the latest version of critical data has been backed up as soon as they save it on their hard drive and that it is available to be recovered. 2. Flexible RPOs. Traditional backups can only restore data to the point at which the backup was taken. With CDP, there are no backup schedules. When protected data is saved to disk, it is also asynchronously written to the central storage repository (DS-System) or to the Cloud. CDP keeps not only the latest saved version of protected data but also keeps With our partners, we continue to assist the users of Techgate s Enterprise Cloud Backup service in establishing the right mix between Techgate plc : SO-CBENTAsigra-1012-7 : Page 7
having the fastest and the most cost-effective recovery capabilities for their data. Techgate will help you to align the value of your information with the cost of protecting it. Years ago, we treated all data as being equal. All data originated on one type of storage and stayed there until it was deleted. We now understand that not all data is created equal. Some types of data are more important than others, or accessed more frequently than others. For example: Data that is 2 minutes old is highly valued. Data that is 2 months old may be of interest but is not as highly valued. Data that is 2 years old may be needed for records but it is not critical to the daily functioning of the company. Use of the Local Storage Facility Techgate s Enterprise Cloud Backup allows data to be stored locally as well as offsite. Since data stored locally can be backed up and restored at LAN speeds, Local Storage gives organisations an added, low cost tier of recovery. The Local Storage module can help address customer disaster restore requirements by saving copies of the backup files at a local storage location. If a restore is needed, the file can be quickly restored from the local environment, at LAN speed, without connecting through IP WAN to DS-System. Local storage can be configured for specific backup sets, typically ones containing critical data. On the first regular backup, the whole backup set is stored in the local storage. From then on, any changed files are replaced, in their entirety, on the local storage. Note: Local Storage does not apply during the initial backup process. Any backup sets configured for local storage will ignore the setting until the initial backup is transferred to the DS-System platform. How Data is Stored on Local Storage Data stored on Local Storage is compressed but not encrypted, and stored as regular generations, without elimination of common files or delta processing for the data that is sent to the DS-System. Any backup sets marked for Local Storage are also stored in the DS-System Online Storage in the normal encrypted, compressed way, with master/delta online generations and common file elimination. Monitoring Local Storage disk space Using this module can require significant available capacity, depending on the volume of data being stored. The DS-Client will write events to the Event Log if local disc space is getting low, but local storage errors do not cause the DS-Client to stop. Data deletion and Local Storage Data deleted from DS-System (in response to a DS-Client request) is also deleted from Local Storage. Data deleted from source computers and identified by a backup process is deleted from Local Storage by the backup process, but remains on the DS-System. Backup Lifecycle Management Techgate recognises that companies can require multiple tiers of backup of active data. Critical data requires more frequent backups on higher performance devices. Less critical backups can be relegated to less expensive, lower performance devices to reduce costs when necessary. Techgate plc : SO-CBENTAsigra-1012-7 : Page 8
Backup Lifecycle Management (BLM), provides the functionality that allows data to be archived. The purpose of the BLM product is to: enable cost-effective long term data storage allow the searching of archived data (data indexing) allow easy restoration of archived data manage data destruction BLM can free up the DS-System space occupied by stale files, reducing the cost of protecting inactive files online. The BLM product handles moving or copying data from the on-line storage (DS-System) to the BLM Archive. The transfer of data from the source to the DS-System (and keeping local copies, if configured) can be affected by the BLM Archiving processes. Data Storage The flexibility of Techgate s Enterprise Cloud Backup means that you have the ability to meet any RTOs required. Classify data How Asigra Handles Restores Routine Restores When data needs to be restored: 1. A customer, via the DS-User, requests the specific online generation (version) they want restored. Depending on how many generations are being saved, and how the restore is requested, the customer can choose to restore data backed up during a specific time period or even choose to restore deleted files. The scope of the restore is flexible: customers can restore a single file or entire shares/directories. Many restore options are available, including activities to be done before or after the restore (such as stopping or starting a service), and whether to restore to the original or alternate locations. Note that the restore options available depend on what type of data is being restored. 2. The DS-System identifies the data to be restored. For master generation or delta generations, - identifies which generations should be used to restore the specified file, and reconstructs the file in the appropriate state 3. The DS-System sends the reconstructed files to the DS-Client. Additional local copy Young data ONLINE Old data BLM 4. The DS-Client decrypts and decompresses the files and stores them in the chosen location, after having checked the digital signature. Restoring Data Techgate s Enterprise Cloud Backup allows complete flexibility when restoring data: data can be restored at the online generation level, the file level, or the database level. Data can be restored to the original location, or an alternate location, with a variety of data options. Ensuring Restored Data is Valid During a restore, the DS-Client recreates the digital signatures of the files on the source computers and compares them to the digital signatures attached to the files backed up to the DS-System. This verifies that the file content is exactly the same as was backed up. This is especially important when restoring databases, registry, NDS (domain service), or other types of data where the smallest change can make the data useless. Techgate plc : SO-CBENTAsigra-1012-7 : Page 9
The digital signature is generated from the file content during backup. A digital signature is a 128-bit code that identifies data in the file. It ensures the integrity of the data that the DS- Client backs up and restores. The DS-Client creates a digital signature for every nonempty file that it transfers to the DS-System. The signature is attached to the file and goes with it. Even one bit changed in the file will produce a different digital signature, allowing us to verify that the file content is exactly the same as was backed up. Speed of Restores Restore speed is limited by network speed, CPU speed, and file system speed. 1. Data is sent over the network in compressed format, so the network usage is low. The DS-Client also has the option of backing up to a Local Storage path which allows fast retrieval of backed up data. 2. The restore process is multi-threaded, meaning that very fast restores are possible, restoring many files at once from many directories. Restoring many small files will always be slower than restoring big files. 3. CPU usage during restore is lower than during backup and is usually not a bottleneck for the restore process. Message Level Restore The DS-MLR service enables customers to back up and restore emails, down to the level of a single message. It should be installed on each email server the customer would like to back up. Best Practice: For Microsoft Exchange, it is recommended to do both a Microsoft Exchange Server backup and, for selected users, use DS-MLR to back up emails. a. emails handled as individual messages, not necessarily whole mailboxes) b. public and private folders c. attachments It includes a powerful filter to selectively backup and restore email elements. Only authorised users are allowed to restore messages. Emails are encrypted and stored in the DS-System. The DS-MLR module needs to be enabled for each DS-Client that is going to use it. Restoring to a Different Platform The DS-Client supports the restoring of file system backup sets (other than those using backup streams options) across different operating systems. This means that any data backed up from one server can be safely restored to another server, regardless of the server type. Permissions should be skipped. Some file system types may have different properties even on the same operating system (like NTFS and FAT). Investigate the compatibilities before restoring data from such file system types to other file systems. Bare Metal Restore (Windows) Any disaster that destroys a computer requires a bare metal restore to replace the damaged computer with a new machine. A new computer must be configured with a base operating system. After this, the DS-Client can be used to restore the complete system (data, profiles, registry/system state, service pack files, etc.). DS-MLR supports Exchange, Outlook, Lotus, and GroupWise. It allows customers to back-up and restore: Techgate plc : SO-CBENTAsigra-1012-7 : Page 10
For further information on all processes and the platforms it is supported for, please contact us. Further information: Asigra Technical Guide Installation Asigra Technical Guide Configuration Asigra Technical Guide Management Asigra BLM Guide Asigra Installation and Support Matrix Please refer to Techgate s Resource Centre for more information on training material, videos, presentations and white papers. Please contact Techgate for further information on trials and pricing.