The ZFS cloud marketplace image provides the same retetention protection policies as the on-premises ZFS Appliance and can be leveraged to add a higher level of data protection. ZFS offers both protection from a cyber attack, and the ability meet compliance regulations. You can find out more about the available retention capabilies of ZFS in Joe Hartley’s blog post here.

So why use ZFS for replication with the cloud marketplace image?

Replicating from an on-premises ZFS Appliance to OCI or visa versa has some great benefits over simply backing up into an object store.

  • Retention policies are also replicated.  By default, the data replicated from on-premises to OCI inherits the same retention policies in OCI as on-premises and in some cases retention policies can be strengthened to provide even better cyber protection
  • Most backup strategies rely on a weekly full/daily incremental strategy. This strategy pushes a lot of duplicate objects/files across the network taking time, and incurring ingress/egress charges (depending on your cloud plan and vendor). The ZFS only replicates changed blocks.

 

Below are a few examples where the ZFS cloud image can be leveraged to provide an additional off-site copy to protect data against a cyber attack.

Critical application data 

Many customers leverage ZFSSA within their data center to host critical files for their applications.  ZFSSA is a highly available NAS devices that provides unparalleled performance. With the rise of cyber attacks these same customers require an off-site copy of that critical data, and the ZFS cloud image provides just that.  

 

Backup data 

ZFSSA is a very popular solution for backups, especially datatabase backups.  When cyber attacks occur not only is the database attacked, but the backups themselves are attacked.  Attackers know that removing backups makes it extremely difficult to recover from an attack.  Many customers are requiring a protected off-site backup as an extra level of protection.  This would be in addition to the on-site backups strategy.

 

Configuration data 

Along with backing up your application files and databases, it is also important to backup configuration data.  You are probably wondering what type of data is “configuration data”.  An example of this is the OEDA.  If you are Oracle Engineered Systems customer you are familiar with the OEDA  (Oracle Exadata Deployment Assistant) which can be used to re-image an Exadata or ZDLRA.  When a cyber attack occurs you can not be sure what infrastructure pieces are tainted with a dormant virus waiting to attack again. It is critical to store ALL configuration information that is necessary to re-image any critical infrastructure in your environment.  This is much more than backups of the data contained on the infrastructure, it includes “gold copies” of critical systems, version information, network topology, encryption wallets etc. etc.

These are just a few examples of the type of data you should be protecting off-site and the architecture diagram below depicts how this can be accomplished by leveraging the ZFS cloud marketplace image.

 

Replication from ZFSSA to OCI
Replication from an on-premises ZFSSA to an OCI marketplace image for cyber protection

Critical data replicated from Cloud to on-premises

Along with replicating offsite from on-premises to OCI, you can also replicate from OCI back to on-premises.  As you move your environments to cloud, you might require an additional off cloud copy of your critical data.  ZFS replication provides the best way to accomplish this.

 

Below is an an example architecture depicting how to accomplish this.

 

Replicate from OCI to ZFSSA
Replication from the OCI marketplace image back to on-premises for cyber protection

 

Advantages of the ZFS marketplace image in OCI

 

One of the biggest advantages of the ZFS marketplace image in OCI is the flexibility of the image configuration.  The ZFS Appliance on-premises, being an appliance has set  CPU, Memory and disk configurations.  The ZFS marketplace image allows you to chose the CPU and memory configuration all the way up to a bare metal configuration.  For storage you can choose the needed ammount of storage to allocate to the image along with chosing the performance of the storage. For high availability you can even configure a clustered configuration to provide the highest level of performance and availability.

This flexibility allows you to balance performance and cost to meet your goals.

Lastly from a network perspective, on the architecture diagrams you will notice that I configured multiple subnets attached to the ZFS image.  Having multiple subnets attached through VNICs allowed me to segrate the replication traffic from other network traffic within the ZFS image and my virtual network, and then utilize routing tables to connect the replication traffic through the replication VNIC to the gateway.  From within OCI I also configured routing rules to ensure the only path (and ports) across the gateway was the replication traffic.

 

For more information on this topic you can log into your OCI tenancy and within the marketplace you will find the documentation on how to create and configure a ZFS image in OCI.