Data deduplication is the most popular form of storage capacity optimization. Deduplication makes it possible to store more on disk with less backend storage, hence it is a very promising method to eliminate or minimize tape as the backup medium.
The traditional deduplication appliances may reduce the storage required for backups, but it still does not address key issues in data protection for enterprise data centers.
- Shrinking backup windows: The data needs to be streamed to a backup server before it can be written to deduplication storage, hence the backup servers still need resources at the same or higher level as was the case before introducing the deduplication device. As the production data size increases, the backup infrastructure would need to be upgraded or expanded to maintain the backup window.
- Flooded network infrastructure: The traditional deduplication appliances are typically end points in a backup stream. These deduplication appliances typically have an Ethernet based or Fibre Channel based connection to the backup server, the production clients need to use the network to reach the backup server before data can be sent to deduplication device. Additional dedicated networking infrastructure may be required to reduce the impact on production network.
- Security: Encrypted backup streams cannot be deduplicated as deduplication technique relies on identifying redundant information in the stream. With third party appliances, even the most critical production servers with extremely confidential data need to stream backups to backup server without encrypting at source.
With NetBackup Deduplication which is also available in appliance form factor, you don’t have to worry about any of the above. The data deduplication can be done on client (source deduplication) or on backup servers (target deduplication). By offloading most of the deduplication processing overhead to clients, there is no need to keep adding media servers or adding additional network bandwidth as frontend data size grows.
NetBackup appliances provide two levels of security for backup streams. When using client side deduplication, the unique segments of data are sent to appliance over secure socket layer (SSL) and hence not getting exposed to risks in transit. Additionally, encryption may be configured which occurs on client after deduplication processing is done but before the data enters the network. Thus NetBackup appliances can use encryption for data before transit and it stays encrypted on storage at rest.
Whether you want to deduplicate and encrypt on client or on target backup server can be set on per client basis, per media server basis or globally for all clients. Third party deduplication appliances can only do target deduplication and provide encryption just for the data at rest.
Blogs in this series
The power of NetBackup Deduplication: Distributed processing and secure backup streams (this blog)