Rubrik announced the r528 cloud appliance today. Yes, Rubrik just got sexier. Not only has Rubrik grown exponentially as a company ,they are on their 3rd update and are now quite the global force with 90+ signed Channel Partners and 4PB+ Protected in the Field
The r528 offers encryption at rest and in flight from VMware. Because the appliance is using hardware encryption, there is no compromise on speed or performance. The self encrypting drives (SED), use AES 256 circuitry. All data written to disk is encrypted automatically and data read is decrypted automatically. Eliminating or overwriting the security key would perform an instantaneous wipe. If a drive were to be taken out, it would be deemed worthless without the key
Boring stuff you should know about: NIST
This offering is FIPS 140-2 Security validated. What does that mean? It sounds important. The drives and Rubrik Cryptographic library are FIPS 140-2 certified. Where most backup appliances are Level 1, Level 2 brings about the ability to detect physical tampering. If you want to nerd out and read up on FIPS 140 here. From there, you can read that FIPS 140-2 Level 1 provides the lowest level of security. Basic security requirements are specified for a cryptographic module (e.g., at least one Approved algorithm or Approved security function shall be used). No specific physical security mechanisms are required in a Security Level 1 cryptographic module beyond the basic requirement for production-grade components. FIPS 140-2 Level 2 improves upon the physical security mechanisms of a Security Level 1 cryptographic module by requiring features that show evidence of tampering, including tamper-evident coatings or seals that must be broken to attain physical access to the plaintext cryptographic keys and critical security parameters (CSPs) within the module, or pick-resistant locks on covers or doors to protect against unauthorized physical access.
For key management, Rubrik supports external key standards using KMIP 1.0 or they also provide a Trusted Platform Module (TPM) so there would be no need for KMS . Giving the customer options if they don’t have KMS setup in their environment.
But wait there’s more!
Rubrik Converged Data Management 2.2
Enhancing the auto protect and SLA inheritance Rubrik already offers
- Dynamic Assignment – Set policy on a vCenter, Data Center, Cluster, Folder, Host, and more.
- Inheritance Options – Any new object or workload created will automatically pick up parent SLA assignment.
- Do Not Protect – Block SLA policy from being inherited with explicit denial to prevent data protection at any desired level.
Throttle detection!
Most people don’t want backups to affect workloads. The software can look for latency to make sure it’s not causing performance issues. If storage latency is rising, it is smart enough to halt additional tasks on the fly. Backups don’t continue to pile up on your environment like a WWE royal rumble.
Scalability
- In testing, Rubrik has scaled out to a 20u, 10 brik, 40 node cluster. That’s insane
- Protect 10,000 VMS using vSPhere 6.0
- Instant recovery: Quicker spin up of clone workloads (thanks to being able to get 20,000 I/O per brik) and faster storage vMotion to your production environment.
Cluster Policy Enhancements
- Global pause gives you the ability to use a maintenance window to perofrm work on the cluster
- Recurring First Full Snapshot Window gives you control to say when a full backup should be performed within an SLA
- New Retention Periods bring increased flexibility for SLA policies to meet different customer requirements
- Blackout Windows define when no operational taks should be executed by the cluster
Automation Fun
An oldie but goodie, you can tell from this blog, we’re all about automating all the things possible.
There are several options to satisfy the automation ninja within you:
GitHub PowerShell-Module Repository
PowerShell Gallery (NuGet)
Continuous Integration with AppVeyor
And a personal favorite:
vRealize Orchestrator Packages
Rubrik maintains it’s mantra don’t backup go forward with it’s continuous improvements to the backup experience.