What are Air-Gapped Backups?
With their ability to isolate critical volumes from the primary environment, air-gapped networks provide reliable ransomware protection to enterprise workloads – making them a necessary feature for all hyperconverged infrastructure (HCI) and backup and disaster recovery (DR) solutions.
In this section, we explain air-gapping, how air-gapped backups work, the role of air-gap in the 3-2-1-1-0 data protection rule, and the built-in air-gap features included in StoneFly solutions.
Looking for purpose-built air-gapped nodes? Check out StoneFly DR365VIVA.
What is Air-Gapping?
Air-gapping is an advanced data protection feature used to isolate and detach target storage volumes from unsecure networks, production environments, and host platforms.
In other words, air-gapped volumes are “turned-off” by default and are inaccessible to applications, databases, users, and workloads running on the production environment. Air-gapped data storage only becomes accessible when it is “turned-on”.
Depending on the software and vendor, the ability to turn-on and turn-off air-gap volumes can be manual or automatic via user-defined policies. Additionally, also dependent on the vendor, air-gap volumes can be provisioned on-premises and/or in the cloud.
How Air-Gapped Backups Work
Air-gapped backups leverage air-gapped target storage volumes to store backups, snapshots, replicas, and redundant copies of business-critical volumes. As air-gapped volumes are turned-off and inaccessible by default, they keep the stored data safe from any disaster that may affect the primary production environment.
In the event of a disaster, air-gapped volumes can be turned-on and the data stored in them can be used to restore operations quickly and seamlessly – without fail.
Air-Gapped Systems: On-Premises & in the Cloud
How are air-gapped backups set up on-premises
Two common practices are used by storage administrators to set up on-premises air-gapped systems:
- Offline tape arrays or secondary storage systems that are manually attached and detached. This is an error-prone process and not entirely secure, which is why most data security experts advise against it.
- Leverage software-defined networking to deploy virtual target storage repositories, on VMware, Hyper-V, KVM, or Citrix (formerly XenServer), that can be attached or detached automatically as per user-defined policies.
How are air-gapped backups set up in the cloud
Air-gapped backups are not the same thing as redundant data storage. Air-gapped storage provides an additional layer of security against cyber-threats. To do so, simply creating and storing a secondary copy is not enough.
Similar to the software-defined on-premises air-gapped backups, air-gapped repositories in the cloud are set up on an isolated network and are offline by default. The storage volumes are only attached to the primary repository to store critical data and then detached as per user-defined policies.
Advantage of Air-gapped Backups
With air-gapped target volumes, organizations can protect their mission-critical structured, unstructured, and object workloads from threats like ransomware, virus, failed software-upgrade and human error.
The primary function and advantage of air-gapped repositories is to provide a storage location that uses software-defined network to isolate itself from the production environment. In the event of a disaster, the data stored in air-gapped volumes remains available; even if the production environment fails.
3-2-1-1-0 Data Protection Rule with Air-Gapped Volumes
The 3-2-1-1-0 rule is an advanced data protection strategy that leverages backup & DR capabilities to ensure high availability, recoverability, and delivers near-zero downtime.
The rule states that you need to have three different copies of data, stored on two storage media, with one offsite copy, and one offline copy.
While conventional practices leverage tape arrays or physical storage media to create the offline copy, air-gapped volumes deliver a software-defined, easy-to-manage, and affordable alternative.
Air-Gapping in StoneFly Solutions: Air-Gapped Vault™ & Air-Gapped Fabric™
StoneFly air-gapped features are available as Air-Gapped Vault™ and Air-Gapped Fabric™.
- Air-Gapped Vault are target storage repositories that can be set up on-premises or in the cloud of your choice using StoneFly’s patented storage OS (StoneFusion and SCVM).
- Air-Gapped Fabric provides seamless data management of all air-gapped repositories deployed on-premises and/or in the cloud.
The StoneFly Air-Gapped Vault is available with two deployment options: air-gapped repositories and air-gapped controllers.
Air-gapped repositories consist of one virtual storage controller connected to two target storage repositories. One target repository is network-facing, always accessible and available to user-groups, applications, etc. The second target repository is air-gapped, detached, and isolated.
Air-gapped repositories can be deployed on popular hypervisors and in the cloud of your choice. Users can define policies to automatically turn-on (attach/connect) and turn-off (detach/disconnect) air-gapped repositories.
Air-gapped controllers consist of two virtual storage controllers connected to one target repository each.
One pair of virtual storage controller and target repository are network-facing, always accessible and available to user-groups, applications, etc. The second pair of virtual storage controller and target repository are air-gapped, detached, and isolated.
Air-gapped controllers can be deployed on popular hypervisors and in the cloud of your choice. Users can define policies to automatically turn-on (attach/connect) and turn-off (detach/disconnect) air-gapped controllers.
StoneFly Solution with Air-Gapping
The following StoneFly solutions offer air-gapped data storage as a standard feature:
StoneFly HCI Solutions
- StoneFly Unified Storage and Server (USS™) HCI Appliances (link)
- StoneFly USS High Availability (HA) HCI Appliances (link)
- StoneFly Clustered TwinHCI Appliances (link)
Note: The above HCI appliances are ready-to-deploy systems that support VMware, Microsoft Hyper-V, KVM, and Citrix (XenServer) hypervisors.
StoneFly Backup & DR Solutions
- StoneFly DR365V – Veeam-Ready Backup & DR Appliance (link)
- StoneFly DR365 – DR Site in a Box (link)
- StoneFly DR365U – Universal Backup & DR Appliance (link)
- StoneFly DR365Z – Backup & DR Appliance for Zerto (link)
- StoneFly DR365VIVA – Purpose-built Air-Gapped Nodes for Veeam Backup Environments
Note: The above backup & DR appliances are ready-to-deploy systems that support VMware, Microsoft Hyper-V, KVM, and Citrix (XenServer) hypervisors.