Cohesity DataProtect 5.0 Multi-Hypervisor Support: Microsoft Hyper-V

This is an exciting week for everyone at Cohesity, we have officially announced our Orion 5.0 release which is filled with new features, capabilities as well as expanded support for new hardware, applications and virtualization platforms including Microsoft’s Hyper-V. It is gratifying to know that our sophisticated and modern architecture and the capabilities of our end-to-end data protection and recovery application that is fully converged on top of the Cohesity DataPlatform will be available to our current and future customers using Microsoft Hyper-V as their virtualization platform.

As the adoption of Microsoft’s Hyper-V increase in the enterprise, organizations are faced with the challenge of identifying a modern solution that can protect and recover their critical business information and applications timely and efficiently. Today’s business requirements demand shorter recovery points and faster recovery times to accommodate their growing business needs.

Cohesity has been satisfying the business requirements for shorter recovery points and faster recovery times needs for customers using VMware vSphere as their virtualization platform. Now we can deliver the same value for Hyper-V customers and their virtual infrastructures. Cohesity DataProtect will now consolidate end-to-end data protection and recovery infrastructure – including target storage, backup, replication, disaster recovery, and cloud tiering for Hyper-V and eliminate data protection and recovery silos by converging all backup infrastructure components on a single unified scale-out platform.

Cohesity’s implementation and support for Microsoft’s virtualization platform Hyper-V is tightly developed by leveraging Microsoft’s and Cohesity’s technologies to provide customers the same simplified management, efficiency, values we have been providing for VMware vSphere customers. Cohesity’s provides integration and support for two different versions of Microsoft’s virtualization platform Hyper-V 2012 R2 and Hyper-V 2016. Let me highlight some of the points of integration and the specifics between both versions.

For both supported version of Hyper-V, we use Microsoft native PowerShell and WMI APIs to manage communications and subsystem interactions. PowerShell is used when interacting with Microsoft System Center Virtual Machine Manager (SCVMM), and WMI is used for interactions with Hyper-V hosts. For modern and intelligent space efficiency features and capabilities, we combine the use of both Microsoft’s and Cohesity’s native technologies to deliver optimal data protection and recovery benefits for Hyper-V:

  • Volume Shadow Copy (VSS)
  • Resilient Change Tracking (RCT)
  • Cohesity Change Block Tracking (CBT)
  • Cohesity Ephemeral Dynamic Helper Agent

Because Cohesity supports two different versions of Hyper-V the implementation and use of technologies to interact and manage the necessary subsystems is slightly different between the two versions from an implementation standpoint.

Hyper-V 2012 R2

With Hyper-V 2012 R2 – WMI, VSS and Cohesity Change Tracking are utilized:

  • WMI APIs are used to discover the VM properties. Cohesity CBT driver tracks the changes within the virtual disk files (VHD and VHDX).
  • Cohesity Ephemeral Dynamic Helper Agent interacts with VSS to trigger the VM snapshots with the changes where only the change areas will be backed up.
  • The data captured is then transferred through Cohesity’s secure layer from the primary storage system onto the Cohesity DataPlatform where the virtual disk files (VHD and VHDX) will be kept fully hydrated.

Hyper-V 2016

With Hyper-V 2016 – WMI and RCT (Resilient Change Tracking) are utilized:

  • Cohesity uses the WMI APIs to trigger and manage the snapshot creation and deletion and integrates with Microsoft’s RCT to backup just changed blocks.
  • The data is transferred through Cohesity’s secure layer from the primary storage system onto Cohesity DataPlatform, and the virtual disk files will be kept fully hydrated.
  • The integration is a bit more elegant because the use of Microsoft’s Resilient Change Tracking eliminates the use of additional components and simplifies the entire process for identifying changes within the disks.

As an extra capability to customers, once the VMs are stored on our DataPlatform, customers can then use our native cloud integration services and capabilities with Microsoft Azure for archive, DR, Test/Dev, analytics, and other potential use cases.

As illustrated, Cohesity’s implementation and support of Hyper-V is performed at a subsystem level without having to rely on installation agents in the guest operating system. Also, Cohesity’s Ephemeral Dynamic Helper Agent for SCVMM and Hyper-V hosts is fully managed by the Cohesity Cluster, and they are automatically upgraded when needed with new software revisions.

– Enjoy

For future updates about Cohesity, Hyperconverged Secondary Storage, Cloud Computing, Networking, VMware vSAN, vSphere Virtual Volumes (VVol), vSphere Integrated OpenStack (VIO), and Cloud-Native Applications (CNA), and anything in our wonderful world of technology be sure to follow me on Twitter: @PunchingClouds.

Cohesity SpanFS: The Difference Maker in The Enterprise and Secondary Storage Architectures

With the Orion 5.0 release, Cohesity announced the introduction of SpanFS, a new file system uniquely designed to consolidate and manage all secondary storage at scale. SpanFS and its architecture are the core of the Cohesity DataPlatform that enables enterprises to unify the control of their secondary data with web-scale capabilities.

The emphasis on enterprise storage architectures typically focuses on providing specialized capabilities and scalability that are on dependent proprietary hardware capabilities  vendors Scalability and space efficiency features such as compression, deduplication, and snapshots for resiliency standardized file interfaces such as NFS, SMB. Cloud storage architectures are developed by hyperscale companies like Google and Amazon focus on delivering scale-out software-defined solutions that run on commodity x86 hardware with robust and resiliency capabilities to support hardware failures. But they tend to rely on proprietary protocols and APIs for data access.
Today’s enterprise organizations are in desperate need for the best of both storage architectures. Enterprise organizations are looking to move onto software-defined, web-scale solutions that run on commodity x86 hardware, just like cloud storage. The Web-scale capabilities provide multiple advantages such as ‘pay-as-you-grow’ consumption, always-on availability, non-disruptive upgrades (instead of forklift upgrades), simpler management, and lower costs.

Enterprise storage solutions are traditionally deployed into segregated management silos because of different use case and requirements. Typically, purpose-built file systems are introduced which are dependent on vendor specific proprietary features.

For example, purpose-built backup appliances (PBBA) provide in-line variable-length deduplication to maximize space efficiency, but at the expense of random IO performance. Test/dev filers, such as NetApp, provide much better random IO performance and great snapshots, but can’t afford the performance overhead of inline deduplication.

To effectively consolidate secondary storage silos, enterprises need a file system which is simultaneously able to handle the requirements of multiple use cases. It must provide standard NFS, SMB and S3 interfaces, robust IO performance for both sequential and random IO, inline variable length deduplication, and scalable snapshots. And it must provide native integration with the public cloud to support a multicloud data fabric, enabling enterprises to send data to the cloud for archival or more advanced use cases like disaster recovery, test/dev, and analytics. All of this must be done on a web-scale architecture to manage the ever-increasing volumes of data effectively.

SpanFS was specifically designed to manage all secondary data, including backups, files, objects, test/dev, and analytics data, on a web-scale platform that spans from the edge to the cloud.  And overcome the logical and physical constructs limitations of today’s enterprise storage and cloud storage architectures. SpanFS is the combination of the best of both enterprise and cloud storage architectures simultaneously. And it’s the only file system in the industry that simultaneously provides NFS, SMB and S3 interfaces, global deduplication, and unlimited snaps and clones, on a web-scale platform.

SpanFS Architecture

SpanFS is an entirely new file system designed for secondary storage consolidation.

Access Layer – SpanFS exposes industry-standard, globally distributed NFS, SMB, and S3 interfaces and our built-in DataProtect application. All volumes or object buckets can be configured simultaneously on a single Cohesity cluster. The volumes are completely distributed with no single choke point. Each of these volumes benefits from all the unique SpanFS capabilities such as global deduplication, encryption, replication, unlimited snapshots, and file/object level indexing and search.

IO Engine – manages IO operations for all the data written to or read from the system.  It detects random vs. sequential IO profiles, splits the data into chunks, performs deduplication, and directs the data to the most appropriate storage tier (SSD, HDD, cloud storage) based on the IO profile. To keep track and manage the data sitting across nodes, Cohesity also had to build an entirely new metadata store.

Metadata Store – incorporates a consistent, distributed NoSQL store for fast IO operations at scale, SnapTree provides a distributed metadata structure based on B+ tree concepts. SnapTree is unique in its ability to support unlimited, frequent snapshots with no performance degradation. SpanFS has QoS controls built into all layers of the stack to support workload and tenant-based QoS, that can replicate, archive and tier data to another Cohesity cluster or the cloud.

Data Store – is responsible for storing data on HDD, SSD, and cloud storage. The data is spread out across the nodes in the cluster to maximize throughput and performance and is protected either with multi-node replication or with erasure coding. Sequential IOs may go straight to HDDs or to SSDs based on QoS policies. Random IOs are directed to a distributed data journal that resides on SSDs. As the data becomes colder, the data store can tier the data down from SSD to HDD. And hot data can be up-tiered to SSD.

Consistent NoSQL Store – The metadata store uses a distributed NoSQL store that stores the metadata on the SSD tier. This is optimized for fast IO operations, and provides data resiliency across nodes, and is continually balanced across all the nodes.
However, the key-value store by itself provides only ‘eventual consistency.’ To achieve strict consistency, the NoSQL store is complemented with Paxos algorithms.

With Paxos, the NoSQL store offers strict and consistent access to the value associated with each key.

QoS – Quality of Service is designed into every component of the system. As data is processed by the IO Engine, Metadata Store, or Data Store, each operation is prioritized based on QoS. High priority requests are moved ahead in subsystem queues and are given priority placement on the SSD tier.

Replication and Cloud – SpanFS can replicate data to another Cohesity cluster for disaster recovery, and archive data to 3rd party storage like tape libraries, NFS volumes, and S3 storage. SpanFS has also been designed to interoperate seamlessly with all the leading public clouds (AWS, Microsoft Azure, Google Cloud). SpanFS makes it simple to use the cloud in three different ways:

  • CloudArchive enables long-term archival to the cloud, providing a more manageable alternative to tape.
  • CloudTier supports data bursting to the cloud. Cold chunks of data are automatically stored in the cloud and can be tiered back to the Cohesity cluster once they become hot.
  • CloudReplicate provides replication to a Cohesity Cloud Edition cluster running in the cloud. The Cohesity cluster in the cloud manages the data to provide instant access for disaster recovery, test/dev, and analytics use cases.

Cohesity designed SpanFS, as a web-scale, distributed file system that provides unlimited scale across any number of industry-standard x86 nodes. SpanFS manages data across private data centers, and public clouds span media tiers and cover all secondary storage use cases including data protection, file and object storage, cloud integration, test/dev, and analytics.

– Enjoy

For future updates about Cohesity, Primary and Secondary Storage, Cloud Computing, Networking, Cloud-Native Applications (CNA), and anything in our wonderful world of technology, be sure to follow me on Twitter: @PunchingClouds.

Cohesity Orion 5.0: The Next Level of Hyperconverged Secondary Storage

Today we are announcing the release of Cohesity Orion 5.0, the latest version of our Hyperconverged secondary storage platform. This new release is packed with new features, improvements, and capabilities to all layers of the platform. Orion empowers enterprise organizations with a modern data platform with features to enable them to break away from the inefficient and fragmented silos in the data center and transform their secondary storage infrastructures into modern, scalable, and efficient environments. With Cohesity Orion 5.0 enterprise organization can consolidate traditional storage silos and get away from the multitude of storage products that were built based on outdated technologies and architectures. Centralize enterprise data protection, file services, object storage, and cloud gateways onto a single web-scale platform with best-in-class security, and space efficiency features.

Data Protection and Instant Recovery for Any Platform – Simplify management with a single UI and policy-based automation. Support for all the leading hypervisors with automated data protection for Microsoft Hyper-V 2012R2 (with agentless CBT), Hyper-V 2016 (using the new RCT change tracking), Nutanix AHV, and Linux KVM. We also protect any NAS storage, including snapshot-based data protection for Pure Storage FlashBlade, NetApp, and Dell EMC Isilon. Orion provides high-performance NAS backups with parallel tracking of changed data and multi-stream data transfers. Accelerate your recovery points and recovery times while cutting data protection costs by 50%. Integrate with all the leading public clouds for archival, tiering and replication. 

Advanced and Unlimited Object and File Services with Global Search  –  Provide globally distributed access to all storage abstraction and views on the platform. Offer simultaneous multiprotocol access via NFS, SBM, and S3 to all data that is stored on the platform. Space efficiency features like deduplication are globally applied. Orion provides the industry’s only globally deduplicated S3-compatible object storage. Indexing capabilities for all file and object metadata and global search across an entire cluster.

Multicloud Accessibility – Enables organizations to deploy a Cohesity cluster in any public cloud. Allowing them to replicate data to and from the cloud, manage information in the cloud, and instantly provision applications for disaster recovery, test/dev, and analytics. Orion enables organizations to recover an entire data center in the public cloud, near-instantaneously and to any point-in-time enabling Cloud disaster recovery at scale. DataPlatform Cloud Edition (CE) is now Generally Available for Microsoft Azure and available in Azure Marketplace. DataPlatform CE is also in limited availability on Amazon Web Services.

New Hyperconverged Storage Nodes – In addition to the C2000 series, a new C3000 dense storage node has been added to our list of certified appliances. Orion can now be deployed on a new C3000 dense storage node. Each node provides up to 183TB of raw capacity in a 2U form factor, providing almost 2X the storage density compared to C2000. The C3000 is optimized for large files and objects. Each Cohesity cluster can combine C2000 and C3000 nodes, and Orion provides intelligent data placement across node types based on IO profile and QoS.

Orion 5.0 is an incredible release and a milestone for us. We are just scratching the surface on the way to deliver our vision for hyperconverged secondary storage. Stay tuned there is more to come. See you all at VMworld 2017 in Las Vegas and Barcelona.

– Enjoy

For future updates about Cohesity, Primary and Secondary Storage, Cloud Computing, Networking, Cloud-Native Applications (CNA), and anything in our wonderful world of technology, be sure to follow me on Twitter: @PunchingClouds.

Cohesity and VMware NSX: Slayers of Ransomware – WannaCry

Last week the world witnessed the impact of a malicious cyberattack which affected several organizations and institutions across the globe. Hospitals, airports, courier delivery service, telecommunications, government agencies, and others all fell victims to what is being described as one of the worst and most extensively spread ransomware attacks in history as reported by CNN Tech called WannaCry. The WannaCry ransomware is a severe threat that is exposing several global organizations to the potential risks of losing access to business intellectual property and customer related information. To make matters worse, the impact of WannaCry is putting lives at risk. As reported by CNN Tech, sixteen National Health Service (NHS) organizations in the UK were impacted and as a result, some hospitals were forced to cancel outpatient appointments and informed patients to avoid emergency departments for the time being if possible.

At this point, it is safe to say that the impact of WannaCry exceeds the financial burden of impacted organizations but it also exposes human lives at risk when hospitals and health institutions are forced to refrain from seeing patients because they don’t have access to their personal health records.

It would be remiss of me not to mention the fact that it takes more than just technology and tools for organizations to proactively protect their infrastructures and data from cyberattacks such as WannaCry. This has very much to do with the aptitude and maturity of the management team responsible for the IT infrastructures. The lack of operational maturity and reliance on antiquated policies around system patching is also one of the biggest reasons as to why WannaCry has been so impactful. All of the tools and technology in the world can’t really fix human ignorance.

There are many technology solutions available that can help organizations protect their infrastructures against these types of cyberattacks. Before I provide a couple of recommendations to keep the ransomware from spreading and how to quickly get access to infected systems and the data being held at ransom, let me provide some information on what the WannaCry cyberattack is doing, what it does, how does it do, and what has already been done to mitigate the risk of infection.

WannaCry is a global ransomware attack that is spreading throughout the world by exploiting a Windows operating system vulnerability which was described in. The vulnerability allows remote code execution of malicious develop code that sends messages to a Microsoft Server Message Block (SMB) Server over a network of connected Windows systems. According to Microsoft, a security patch to fix the Windows operating system vulnerability that is being exploited by the WannaCry ransomware was released in March. They have also recommended and instructed for everyone to path their windows operating systems and enable Automatic Windows Update to be safe and overcome the risks of being impacted by the WannaCry ransomware cyberattack.

WannaCry spreads over networks, and it locks down all the files of an infected system by encrypting them and preventing access to any data. The demanded ransom to gain access to files is a payment of $300 per infected system in Bitcoin currency. After the ransom is paid, a private key is then provided which would then be used to decrypt the files and regain access. In the event, the payment is not paid in a defined period the files on the infected systems will remain encrypted and will be permanently lost.

Now that I’ve provided information about the cyberattack and the vulnerability that is being exploited, the operating systems that are being targeted, and its overall purpose I can provide some technological recommendations to be considered for proactive preparation against cyberattacks like WannaCry.

WannaCry Attack Points and Infrastructure Responsibilities Impacted:

  • WannaCry is targeting Windows operating systems exploiting a vulnerability found in the Microsoft Server Message Block 1.0 (SMBv1) Server – Patching, Network, Security
  • WannaCry is designed to gain control of information and data by encrypting any file that it finds in an infected system – Data Protection, Immutability
  • WannaCry data access or data loss demands are based on time – Low RTO and RPO

With most the world’s enterprise data centers being highly virtualized they are all likely to be hosting an exponential number of virtual machines running Windows operating systems. While I have no data to validate this next statement, I’m going to assume that the WannaCry ransomware cyberattack has impacted or could impact a significantly large number windows virtual machines that are being hosted on virtualized infrastructures. The virtualization platforms may vary ranging from VMware vSphere, Microsoft Hyper-V, KVM, etc. There are several solutions available to each one of those platforms to combat against cyberattacks but I’m going to focus on the platform I know best which is VMware vSphere. VMware vSphere and their partner ecosystem is also the most adopted virtualization platform in the enterprise today.

Recommendations Against WannaCry for Cohesity and VMware NSX Customers

  • WannaCry is targeting Windows operating systems that haven’t been patched since March. This is not an entirely technology driven problem but an inefficient security and vulnerability patching operating model and procedure. Even with the right tools in place organizations may fall victims to these types of attacks all because of the lack of operations maturity and inadequate procedures for rolling out patches.
    • Recommendation – do a better job arranging the roll out of patches. This is more on the infrastructure management and operations policies and procedures than anything else.
  • WannaCry is exploiting a vulnerability found in the Microsoft Server Message Block 1.0 (SMBv1) Server, and it is spreading over the network. The right network and security tools can help secure and lockdown application ports and networks interfaces to eliminate the exploit being use by the cyberattack.
    • Organizations using VMware NSX can easily configure NSX to block and isolate infected virtual machines automatically and prevent the WannaCry from spreading over the network by defining a security group for Windows virtual machines that can use to quarantine the state of all windows virtual machine via a system security policy.

  • Use NSX Microsegmentation to block the ports that are being exploited by the vulnerability by creating a security policy at placing it at the top of the NSX distributed firewall rules.
    • Create a rule blocking the following ports to prevent WannaCry from spreading:
      • 137 UDP NETBIOS Name Service
      • 138 UDP NETBIOS Datagram Service
      • 139 TCP NETBIOS Session Service
      • 445 TCP Microsoft CIFS

  • WannaCry is designed to encrypt files located on infected systems. A limited time is provided before the price of the ransom to regain access to the files is increased to a larger cash amount. If the ransom is not paid the encrypted files are at risk of permanent loss. From a data recoverability perspective, organizations that are using Cohesity DataPlatform for converged data protection and recovery and other secondary storage functions can overcome the impact of ransomware cyberattacks such as WannaCry.
    • Cohesity provides robust protection and recoverability capabilities against ransomware cyberattacks by keeping data (virtual machines or files) that are backed up onto the platform secure. With Cohesity backups are performed and protected via time-based snapshots and the primary backups are kept in an immutable format that is stored in logical presentation abstraction known as Views which are never exposed and inaccessible for operating system mount functions.
    • As WannaCry spreads throughout an infrastructure infecting Windows virtual machines, it is only infecting the running instance of the virtual machines and not its clone counterparts. Once Cohesity has protected the Windows virtual machines, an administrator can quickly restore the infected files of virtual machines from an immutable copy of the files of virtual machines to a point in time before the virtual machines were infected. This approach is also applicable to database applications.

  • WannaCry file encryption can be quickly mitigated by organizations using Cohesity because of the DataPlatform’s ability to perform near-instant recoverability and infinite recovery points due to its space and time efficient fast snapshotting capabilities.

  • Below is a simulated ransomware cyberattack demonstration which showcases the effectiveness and efficiency of Cohesity by highlighting how quickly organizations can recovery from ransomware cyberattacks such as WannaCry. For more details on how Cohesity can protect organizations against ransomware cyberattacks read the article “Ransomeware meets its match in Cohesity”

We are at the precipice of the world’s digital transformation and as we digitize more information and depend on it more than ever we can expect cyberattacks that are aimed at gaining control of your data to continue happening. It is important to improve organization operating process and procedures. Look for modern solutions for patching, network, security and data management (protection, archival, retention) to help with modern threads of the digital era. VMware NSX modern networking and security features and capabilities and Cohesity’s modern DataPlatform together and individually provide significant ways to proactively and reactively eliminate the impact of cyberattack from a network, security and data accessibility and recoverability perspective but the fight will continue. Stay Alert!


For future updates about Cohesity, Data Management, Primary and Secondary Storage, Cloud Computing, Networking, VMware vSAN, vSphere Virtual Volumes (VVol), vSphere Integrated OpenStack (VIO), and Cloud-Native Applications (CNA), and anything in our wonderful world of technology be sure to follow me on Twitter: @PunchingClouds.