“I need to modernize my data estate. What’s the best way to get started?”
We’ve heard this question countless times from enterprise IT teams. Our answer is usually some flavor of “let’s talk about what we’ve done to help enterprises similar to yours.”
Cohesity experts then proceed to guide executives and practitioners through a whiteboard session and discuss:
- Key design factors to consider when transforming enterprise data security and management processes and tooling
- A list of relevant topologies to match the requirements of the enterprise
- Practical next steps that move the initiative forward
A summary of the most impactful elements of these discussions is now codified into a new white paper: Modern data security and management topologies: A guide for IT leaders. This new paper captures what we learned from helping scores of Fortune 100 companies refresh their data systems for the modern age. Download the white paper here.
Plan your deployment with “blueprints”
The core idea of the paper is blueprints—a collection of reference architectures and deployment topologies that support various business requirements. For example, consider an organization with aggressive RTO and RPO targets and a long-term retention requirement. The modernization team will want to consider a deployment across multiple data centers with multiple copies of data. In this scenario, this blueprint is a great starting point:
This blueprint will deliver against RTO and RPO requirements and adds an archive for long-term retention. The second replica provides additional disaster recovery and ransomware protection. The Cohesity Data Cloud can restore an archive via a primary or secondary cluster. Adding an air gap to the second replica provides additional resilience.
You’ll find this blueprint—and many others—in the white paper.
Design factors to consider for your data modernization project
The white paper includes over a dozen blueprints proven to deliver faster cyber recovery and improved security at scale. Why so many? Organizations have different goals that, in turn, translate into different technical attributes.
We’d love to have a conversation with you about your business requirements. But for the sake of this blog post, let’s focus on the technical aspects that will eventually support said requirements. Three questions should be answered.
First, what types of data do you need to manage and secure? We see three common flavors of data:
- Backups are formed from a primary copy and result in deduplicated, compressed, and encrypted data. This processing is performed once on the data, and then the processed backup data can be copied to a replica or an archive.
- Replicas are generally used for short-term retention, typically months, not years.
- Archives are generally used for longer-term retention and are often kept for years. Archives are often used for compliance and regulatory purposes.
Next, how many copies of data do you need to manage and secure?
- If you require two or fewer copies, a basic deployment topology is recommended.
- If you require three copies, an enhanced deployment topology is likely the best first.
- If you must store four or more copies, then a mission-critical deployment is required.
Finally, what type of availability architecture do you need?
- Active-Standby. Here, workloads operate out of a single data center. Often, there will be a standby disaster recovery site that takes over in the event of an outage.
- Active-Active. In this setup, primary workloads are split across two data centers. In the event of a data center failure, the remaining data center can take over the entire load.
- Hub and Spoke. This option is popular in certain verticals like retail. Workloads are characterized by a large set of remote/branch offices that are then connected to a single data center.
As mentioned earlier, your compliance needs and risk tolerance will inform the answers to these questions. In most cases, there’s a blueprint in the paper to help you design your deployment.
Navigate the trade-offs
Successful IT strategies achieve an optimal balance of performance, availability, and cost. Leaders will need to manage these trade-offs with their modern data platforms.
When it comes to data storage, “more” is not always better. Each additional copy of data adds operational, licensing, and often hardware costs. In some cases, we don’t advocate adding another copy—but instead encourage the use of different types of copies.
We often recommend the use of archives for company compliance activities and to promote cyber resilience. Therefore, our customers often choose to keep the same number of copies of data—but change the type of copies they use. They may, for example, replace an onsite, nonsecure archive with an isolated archive such as a cloud cyber vault to provide copies that can be used both for compliance and ransomware resilience purposes.
Blueprints are powerful because they allow you to review all relevant, proven options and make an informed decision about which to use in your deployment.
Learn from your peers
Every worthwhile modernization project carries risk. This certainly applies when transforming enterprise data security and management processes and tooling. But the alternative—a status quo with mounting technical debt, manual processes, and siloed systems that don’t protect against modern cyberattacks—is far riskier. Maximize your chances for success by learning from your peers.
