So good morning. Um welcome to this session. Uh my name is Simon Anastasio. I am the CTO of Cloud Wise uh Italian system integrator company. I know you have seen this slide a lot of time but I have to remember that all the information presented are confidentially for purpose only. So let's go ahead. So in this session we present a solution that we have realized insome of our customers environments um combining the netup andconvolut technologies uh to create a safe place uh where the data will be always available and protected like what we have called it likenakavuuh and we want that uh also that this placeh is always secure uh no matter what happen in the data center. uh also in case of cyber attacks for example. So this is the agenda how we show you why we have pinked uh this type of solution and then we see the technologies that we have used it and how we have combined it and then I will show you of course some use cases realized. If you have any question during the session I kindly ask you to keep it until the end of the session. So let me do a quick introduction about why. So um talking about uh cyber attacks uh you know there are different type of attacks uh the deny of service and data expilation uh generally uh do not involve data encryption but of course youhave to protect against uh these type of attacks.You can do it using uh different tools or solutions in your environments. Um and in case of one of these events um the recovery is generally not so difficult. Um so I don't want to talk about thisuh vance but also because themost common anddangerous attacks uh is the ransomware attacks in this type of attack. Uh the main target is to encrypts all the data uh toask you to pay ransom. Uh so all the data are inaccessible and unusable andthe services goes down until you recover all the data uh all the encrypted data. So and in case of attacks or any other uh failure where data needs to be recover restored uh you can recover indifferent way uh based on your protection plans and so you can have different recovery source that you could use to recover the data. Uh so local snapshots uh for example are the most common use because yeah you know the restore is very quick and sorry and the data uh generally are the most upto-date as possible. Um yes you can use a backup copy from third party software or uh if you have a disaster recovery environment uh yes youcan use it but you know this is the last option thatyou would use of course for this because the recovery can be more complex or takelong time but whatever is the recovery sources that you want to use remember that it needs to be available and so And the ransomware attacks can be executed in two uh main different ways like the malware orhuman attacks. Oh, the malware attacks. Yes, you know, typically encrypts the data by running a software just a software that runs ona compromised endpoint and do not require humanactions. But yeah, it could be used togive access uhto external people. Um youcan block this type of attacker with tools of solution like antivirus or XDR or something like that of policy if you want. Um in case you need to recover the data orpart of it, you can use the recovery resources more most more suitable for you. Um but remember thatit needs to be available to use. So and this is why the most dangerous attack in fact is the human attacks. So in this type of attacks uhone or more hickle groups need to plan the attack. This is why an attack is started uhweeks or months before you noticed uh because the first step that uh the hickers needs to do is to understand how many uh and which are your recovery sources available. Um remember that the target of these type of attacks uh is to take your money. Uhthey wanted to pay the ransom. So and uh to do that the first action that they uh need to plan is to destroy all your recovery sources available. Uh so they delete all the snapshots. They want todestroy the backup environment, compromise the DR site and so on so forth. So they do not start the attack until they have planned this actions. So because if you can recover the data of course youwill not pay the rent. So this is why we have decided to create this solution that we have called it the kaboo to protect the data also from these type of events. How we have realized it this is the technologies that we have used it. Uh first of all um we have used it in the top snapshot technology. Of course uh later you can see that the snapshots can be used in different ways but of course snapshots are used to create a local primary storage uh copy and it can be created uhdirect from the snapshot policy on the volume or by the combo server. Um then we have used the combalt intellis feature that he used is uses to create thestory snap snapshots uh directly from combo server. Um combo called the intellap snapshots as a snap copy protection and the rotation and the aging of these snapshots are completely demanded u uh to the cons conserve server. So nettop do not managethese type of snapshots in their snapshots policy and these snapshots can have also the application uh consistency protection uh because combot use the application agents to orchestrate thecreation of this that snapshots from the storage. Um then we have also used the as the mirror features the mirror sn feature to replicate the storage snapshots uhon other storage. Uh in this case the updates uh of the relationships can be triggered using the schedule on the storage or directly from convolt also. And uh of course we have used thesnap lock feature. is the most important feature that we have added because uh it's used to create the security lock of the snapshots to guarantee the protection from intentionally deletions. Um the most important things to remember is that the snaplock cannot be bypassed or removed in before the expiring time. So it just simply never is there is no way to remove. So this is very important for us. Uh so snapro is very important. Um and we have used it togive the assurance that what we have set cannot be deleted and uhbut how snaplo can achieve this uh we have used the snaplock feature in compliance mode uh it means that uh thecompliance mode have two major key points to remember the first it's about the time uh because you know allthe regular system clock uh are never sufficient because can be changed you and move backward or forward. Uh so uh before enable snap lock in a cluster uh netup requires that you can you must execute thecompliance clock initialization uhthat can be done on eachnode once in an entire lifetime. So you cannot do it again. You can do it just one time. Um the compliance clock when it when is initialized uh have two levels. Um the first is this system compliance clock that is maintained uh per node um on the root volume andthe volume compliance clock that is maintained for each snap volumes. Um the volume compliance clock is derivative from the node where the volume is created the first time andis maintained. Uh also if the volume is moved on different nodes uh also if the ter destination node have a different system compliance tool thetime is associated and if you can move the volume uh the compliance clock of the volume remain the same. This is important when for example when you think about a tech refresh if you change the nodes in a cluster uh it's theall the volume compressed clock is maintained on the volume. So if you move onother nodes umso then the each expiring time that is set on volumes or snapshots or data if you want are calculated using the volume compliance clock that is associated and the second important things to remember that is that what I call it a zero admin trust policy uh it means that there aren't any user or that can delete or override the expiring time set. So administrator are not trusted to do any delete operations. Uh this is very important because um there's no admin user, no super user, hidden user, direct user, whatever you want. No sub support team included cannot uhdelete the expiring time that is set on a snapshot in compliance mode. Um and also if there is at least one single file in an entire aggregate that uhis not expired uh the entire aggregate cannot be deleted and all the disks that is associated to the aggregate cannot be initialized also. So this is very important for us to uhguarantee that what we have set ismaintained. So uh these are some uh use cases that uh I realized in with our customers. Um the first is a big company in Italy uhthat have many netup storage installed in different sites. Uh they have a metro cluster uh in two different sites. Say I have another site with SBMDRbecause site with the mirror andso and uh in this case the com combalt uses the to protect part of the data and other part are protected directly using the uh netup technologies. So what we had done in 2020 uh was to add to a new storage system on the backup site and uh the new storage is system is completely uh dedicated uh to protect the backup environment using uh snap lock. So the system um we have added a new system because in 2020 they were using on top 9.8 and where snap lock this the steplo requirement is so different from now for example uh now uhin 9.8 eight you must create a new dedicated aggregate to enable snap lock. We have added a new system and created a new copy of the volumes for from the system to the snap lock environment. Um in this case on each sites uhand on each storage there are different protection policy set and uh and one of the most interesting thing is the in this use case is that starting from 9.10 10 um snaplock a lot of improvements added for example uh in the new aggregate the new dedicated aggregate that is no longer required. So uhwhenwe have upgraded for example the metro cluster at uh 9.12 uh we simply added the snaplock uh license on the metro cluster and protected local snapshots uh using the snapshot temper proof. Uh now with theon top one bundle if you know yeah we can protect anysites any storage uh simply uh upgrading the system adding the license because snaplo is for free it's included. So the second uh case uh is very interesting also uh because uh is a public company that have a primary storage uh cluster um with a for node cluster uh and they have started to use convol as a backup software by themselves but uh we have talked with the responsible people of the project and we have suggested to modify the project uh adding a more efficient and secure uh feature using for example Intellisnap that is not planned was not planned to be used atthe beginning. Uh so we have reshaped the protection policy and in the project andadded a new dedicated backup storage uh cluster with a six node cluster with one pabyte of storage available and um here the data are completely protected and managed using convolt uh that also update the net relationship uh between the cluster andalso in thedest destination on the backup storage there are also uh some volumes for the convolt repository. Uh so in this case some convolt create theprimary snap copy on the primary storage uh using intellis and then update the snap relationship uh on the backup storage where uh thetarget volumes are snaplocket volume for the volt copy what they call v copy and in this case the customer uh wants that combo create another backup copy on tapes for the rules of print to one copy. No. Um, yes. This generally the volt copy is uses to do that to take the data from the volt copy and put it on tapes on the third copy. Uh but in this case uh we must use the snap copy instead of the vault copy because um uh before 913 uh when you create sorry to do that uh combalt uhcreate ask to the storage to create a flex clone volume of the sources thatwere used. So in this case the bul copy aresnap locket volumes andif you uh create a flex clone of a snap lock volume uh the volumes cloned inherits the snap lock protection so it means that it's locked. So at the end of the job uh um the convolt cannot delete thevolumes they have created and um so this is why we have used the intellis but as I say this is before 913 uh because from starting from 913 now you have the option to not inherit thesnap lock protection on the flex cloned volume from snap lock volume but this is a manually operation and we are working with the dev team of combot to use thisfeature also. Yes, the data in these cases arethe same uh but it adds more IO on the primary storage when we read fromthe intellis from the primary copy. So the last scenario uh is a university based in Rome that not have any top storage and in their data center I not to use uh not using convolt before. So here the data that needs to be backed up is uh is on different third party storage from different sources. Um and also for example they want uh to back up data from the endpoint PCs in this case. So uh here we couldn't use Intellisnap and so we have created anew backup environment with a dedicated storage uh used only as a repository uh forcomb. So here the repository reside on a dedicated SIF shares uh that are accessible only from uh themedia agents uh server on a dedicated private networks and then we have protectedall the repository volumes uh using the snapshot temper proof feature in this caseandafter a while thecustomer asked us to that thedata are also copied uhon another site. Uh so uh we have simply added a newsystem on the storage side on another site uh and created a number relationship between the storage. Uh so the SIFS volumes are on dedicated snaplock volume on the destination. So the interesting things in this scenario is that now we are protecting the data from any backup s fromany sources from any vendor. Uh so not only from the top storage as primary storage for example. Um because we have protected uh theentire backup environment.Uh yes, in this case the recovery time for example could be more slow because we cannot have thesnapshots from on the sources but uh we can use this scenario in uh any type of environment in any uh customer. Uh key takeaways. So remember uh that uh you need a secure backup uh because it needs to be available no matter what happen in case of a cyber attacks you know uh your recovery sources are the first target of the attack. So you need to protect it and I suggest to be creative uh because combining thetop technologies and convol in this case but whatever you want uh you can create unique challenges and unique use cases in very different way. So and the most important things to remember is about the snaplock compliance guarantee. This is a guarantee of protection for us because the zeroadmin approach is very important. Uh there remember that if there is a way to bypass a protection uh the hacker can find it. So we are talking about this type of events wehave to understand which wewhich arehers. So here are some of other related sessions that you can attend if it's not just uh run but uh and links for other informations. Uh the last link uh is about the ransomware recovery guarantee program that we have said this morning. It's very interesting. It's very important for us also. Umhere is my address if you want to stay connected. My time is over. Maybe I come from for a question a couple of minutes. Um yeah and so my question was uh couple question one can sofor example you get it what cobalt would you have a file so you're back to the files and you have a pile that shouldn't be all of the bags with cobalt you can go in delete that file remove of all the bad if you're doing thesnapshots does net have a similar way to remove unwanted data from snapshots us. >> Uh, no per >> I'm thinking of a like classified document or something like that. It's still accidentally got off to anetwork file shared. >> Youmean whenuh you are unknown in the top on the volumes or directory with the data available.>> Yeah. Welike to want to delete just the file not the whole volume. >> Yeah. whenis you say in the top storage if you remove if you have a snapshots the file is maintained in each snapshot so it cannot be deleted from the snapshots it's maintained forever until the snapshots exist >> then in this scenario also uh if you're going to take right >> nois thesnapshot ofthe um the source is cloned and is uses to create the volume yes but if the >> yeah>> Yeah. Maintained thesame protection of the source volume. >> Okay. And thenin the second scenario, does Convault uh is that like an approved backup scenario forclinging just the storage to another array?>> Um >> Um >> Um >> for Convalt support that say you had a scenario where the storage compromised and we have a cloud and we >> Yeah.You can do that. Yeah, you can do that. Can a storage grid being used as a private cloud like a destination of a luxury copy? It use it but uh it can use as a S3 storage to the presationa bit. I stretch a bit. Okay. Yeah.