New 3PAR Model + Other HPE Storage Announcements

As per previous years HPE have decided to pre-announce their storage news before HPE Discover starts in a couple of weeks. There are a number of announcements on different product ranges, so let’s step through each in turn.

New 3PAR Model +20,000 rEFRESH

HPE have today announced the 9000 series 3PAR. This is not a replacement for any existing 3PAR but rather an addition to the line-up. As the name suggest this model will sit between the 8000 and 20,000 series. Today the 9000 series consists of a single model the 9450, this is an all flash model and scales up to 4 nodes.

The 9000 series runs off the existing GEN 5 ASIC like the other current batch of 3PAR models and will continue to use the same OS, so the management experience and range of data services will be familiar. Also like other models the 9450 will come with all data services enabled and be available on the HPE 3PAR Flash now scheme, which allows a 3PAR to be consumed without a large upfront const.

The 9450 essentially fills a gap in the portfolio for the requirement of a larger more high performance flash system but not crazy big i.e. 20,000. HPE advise the system can deliver up to 1.8M IOPs and a max capacity of 6PB.

The 20,000 series receives a refresh which aims to give it more horsepower.  The new controllers are expected to give a 15% boost in performance versus the current model. The SSD density doubles compared to the current model to 228 SSD’s per rack

 

MSA New Generation

The 5th generation of HPE MSA was also announced, the model line-up consists of the 2050 and the 2052. The two models are very similar, with the actual controller hardware being identical between the two models. The 2052 includes 2 SSD’s and additional data services in the form of 512 snapshots and remote snaps. Since the controllers are identical there is no restriction to starting with a 2050 and then effectively upgrading to a 2052 at a later date. It is claimed the new generations of MSA’s offers twice as much performance in terms of random IOPS, as the existing 2040

The new models will continue to support data services such as SSD read cache, thin provisioning and tiering.

Nimble Storage

With the Nimble acquisition just closing, the upcoming HPE Discover event will be the first Discover to view the systems and time to announce that Nimble storage can now be purchased through HPE partners. Nimble have a wide range of products for what is a relatively young company. In terms of actual storage products they offer both all flash and hybrid systems. Last week at VeeamON they announced the secondary flash array. A hybrid flash system with enhanced dedupe, intended to be the target for backups. Since the system is more powerful than traditional backup storage it lends its self to environments where backups are not only held but actively worked with like in a test and dev environemnt.

They also offer block based storage that can be consumed by the cloud and Infosight which gathers a wealth of data from all Nimble storage arrays to enable predictive analytics. The reach of Infosight is beyond the array it’s self and can assist with application related issues. Nimble advise 54% of problems resolved are outside of storage.

StoreOnce CloudBank

Also announced last week at VeeamON was StoreOnce CloudBank, this allowed the cloud to be used as an additional tier of storage for backups. The clouds currently supported are Azure and AWS

This blog post on the official HPE Storage blog has a bunch of videos that cover off the announcements.

To make sure that you don’t miss any updates, you can get e-mail updates, or follow via Face Book, LinkedIN and Twitter.

 

 

Ransomeware and Backup Considerations

Given the fun and games that many IT departments will have had over the weekend with the weekend with the WannaCrypt ransomeware I wanted to revisit this topic to understand what ransomeware is and what can be done to reduce risk.

Ransomware was first seen in the mid 2000’s and has grown into a prevalent security threat, with TrendMicro reporting they blocked 100 million plus threats between 2015-16.

 What is Ransomeware?

Ransomware is essentially a hijack of the users of machine, that renders it unusable or operating at reduced capacity unless a payment is made. The hijacks fall into two main types of attack, a lockout screen which stops the users accessing any elements of the system until payment is made. In the second type of attack the users files are encrypted and again a ransom is demanded but this time to decrypt the files. The prevalence of these sort of attacks is unfortunately directly linked to that fact they have proved to be a highly effective business for the criminals behind them. We storage administrators have known for some time that both users and organisations data is critically important to them, now unfortunately it seems so do criminals and they are willing to cash in. ZDNet estimated based on Bitcoin transaction information that between 15 October and 18 December CryptoLocker had been used to extort $27 million from victims.

WannaCrypt

WannaCrypt hit towards the end of last week and so far cases have been recorded in 150 countries. It is a worm that spreads across networks by exploiting a bug in the MS SMB file sharing protocol, once infected the ransomware demands $300 worth of Bitcoins in order to be able to access the system again.  The exploit had been previously identified by Microsoft and a patch released in March for supported OS. Of course this meant that legacy systems to such as XP and server 2003 did not receive the patch. Large uses of these legacy systems such as the NHS in England where particularly badly hit, with 48 different trusts reporting issues. Since this time MS have also released the patch to cover legacy systems XP and Server 2003.

Reducing Risk

Given that this is a storage focused blog I wanted to look at the specific considerations around backup given that this is the predominant recovery method. It is an important consideration that the encryption type software will look to encrypt all attached local and network drives.  The behaviour of encrypting network shares can be particularly damaging to organisation and is why it is important that users are given the most restrictive rights possible so that the ransomware cannot execute.  The importance of staying current and patching has been brought home with the recent WannaCrypt attacks.

Ransomeware Backup Considerations

Replication is not backup – Sometimes high availability and backup are confused.  Replication is not backup and ransomware is a good example of why not. If the primary end becomes infected, so will the target once replication is competeBear in mind this would include automatic backup to the cloud services.

Hold an offline copy of data – Whilst there have been no confirmed cases of backup software getting hit by an attack ,it is a sensible precaution to protect against a future variant by keeping a backup copy offline or at least in a separate media form.  This is in accordance with the standard good practice laid out in the 3-2-1 rule, have 3 copies of your data, 2 different types of media and one offsite copy.

RPO becomes key – With the random nature of these attacks and the potential level of destruction with multiple key file shares potentially being rendered unusable by a single users, how much data can you afford to lose? For those shares which you consider to be at greater risk perhaps due to the number of users you could consider a shorter RPO. Read this article to learn more about selecting an effective RPO and RTO. It may be time to look at more regular snapshot based back ups

Number of Recovery points – The number of recovery points and retention policy also needs to be considered. If you are using a simple policy of 14 days for example it is possible that an infrequently used share, such as one containing monthly finance reporting may only be noticed by a when time all the backups also contain the encrypted files.

Endpoint backup – If users save files locally to their desktop / laptop consider endpoint protection such as Mozzy or Veeam End point protection to safeguard these devices.

 

Veeam Cloud Backup – $1000 in free cloud services

A quick post to let you know about an interesting offer from Veeam which may allow you to dip your toe in with cloud based backups. Good backup policy follows the 3-2-1 rule, 3 copies of your data, on 2 different media and 1 stored offsite.

Veeam offers a service with their Cloud Connect option to store backups and replicas in the cloud. This allows the meeting of the rules concerning keeping one copy of your data off site and two types of media with cloud and onsite storage. Veeam are offering an incentive of $1000 worth of credit towards Cloud Connect, the offer is available until the end of June. You can see the steps to getting the free access below.

You can see further details here.