Building infrastructure that can accommodate cyber recovery scenarios has become a requirement for many organizations. While VMware Advanced Cyber Compliance brings you comprehensive cyber recovery capabilities within your VMware Cloud Foundation (VCF) environment, you need a physical infrastructure that provides a secure recovery environment in order to mitigate ransomware threats.
Alongside the VCF 9.1 announcement, we’re addressing this challenge with the announcement of new vSAN ReadyNodes certified specifically for cyber recovery environments. Let’s look at what they are and how they compare to other available vSAN ReadyNodes.
A New Class of Infrastructure
Previously, vSAN ReadyNodes fell into two profile categories: Aggregated vSAN HCI clusters and disaggregated vSAN storage clusters. These two ReadyNode categories were intended for production workloads, which meant that the hardware specifications were higher than what a dedicated recovery site may need.
Recovery sites typically do not have the storage demands of production environments. So we introduced a third profile category that is tailored specifically for the purpose of cyber recovery environments. These ReadyNodes have lower CPU requirements, reducing the minimums by as much as 33% in some cases. This not only drives down hardware costs, but reduces the licensing footprint for the recovery site.
A key capability of these new ReadyNodes is the support of high-density QLC storage devices. These NVMe-based Quad-Level Cell (QLC) devices offer much higher capacity than their Triple-Level Cell (TLC) counterparts. Initially, the maximum supported QLC device is 30TB, twice the density of the largest supported TLC storage device. QLC devices do come with tradeoffs, however. While they offer a tremendous amount of storage capacity, their rated level of endurance is much lower than vSAN certified TLC storage devices with a typical rating between 1-3 drive writes per day (DWPD). This means that at this time, QLC devices are only suitable for a subset of use cases like recovery scenarios.
Figure 1. ReadyNodes certified for cyber recovery deployments
vSAN ESA has multiple ways to monitor the wear rate of your storage devices. It can monitor the endurance levels of discrete NVMe storage devices, and send warning alerts when they approach critical wear levels determined by the storage device OEM. vSAN also provides a “Proactive Hardware Management” capability that allows vSAN Health services to read telemetry data when using some OEM server vendors. Not only can it help predict problematic drive conditions, but when these conditions are reported the OEM will guarantee the exchange (RMA) of the device(s) that are predicted to fail. For more information on these capabilities, see the post: “Enhanced Intelligence in vSAN 8 U3 and VMware Cloud Foundation 5.2.”
Flexible Deployment Options and Scalability
At recovery sites running VMware Advanced Cyber Compliance, these ReadyNodes can be deployed in one of two ways.
- Dedicated storage cluster: For most scenarios, ReadyNodes for Cyber Recovery will be deployed as a dedicated vSAN storage cluster. The limited amount of CPU and RAM with these ReadyNodes tends to make them ideal for providing storage services exclusively. (Although they can, in theory, be used for cyber recovery cleaning in temporary durations.) Decoupling the compute resources from storage will also allow you build out an appropriately sized vSphere environment to run your VM instances as well as cleaning and analysis.
- Combined storage and clean room: For small, consolidated environments that need a secure recovery environment with a minimal footprint, the ReadyNodes can be deployed as an aggregated HCI cluster, where workloads and storage reside on the same cluster. This can keep hardware costs to a minimum for small environments
Regardless of what you choose, raw storage capacities of up to 720TB per host make for an incredibly scalable recovery environment. For example, a cluster with 16 hosts using 2U servers can provide as much as 11.5PB of raw storage capacity in a single rack. When you pair the enhanced data compression and the general availability of vSAN Global Deduplication, the amount of capacity provided is extraordinary.
Three Profile Types with Simple Sizing
As described in the post “Driving Down Storage Costs with Lower Hardware Requirements for vSAN,” the hardware requirements for vSAN ReadyNodes certified for ESA has not only been reduced, but greatly simplified. The new ReadyNodes certified for cyber recovery environments use this same approach and pair nicely with the vSAN Protection and Recovery enhancements for VCF 9.1. Within each profile type, there are three profiles (small, medium, large) representing different performance capabilities of the hosts. The profiles offer a starting point when building out clusters in your environment.
Figure 2. ReadyNode profile categories representing all of your production and recovery needs
For the latest ReadyNode requirements, see: “vSAN ESA ReadyNode Hardware Guidance.”
Recommendation: If you don’t have sizing data to determine which ReadyNode profile to choose, start with a medium profile and adjust your capacity requirements as needed. This option will offer the most flexibility if your needs change.
Do you have more questions on vSAN? Check out the extensive list of frequently asked questions on the vSAN FAQs document.
Summary
VCF 9.1, when paired with VMware Advanced Cyber Compliance (ACC). provides all the software you need for a comprehensive recovery environment for cyber threats. Now, with new ReadyNodes certified for cyber recovery, you can build a high-capacity, highly secure recovery infrastructure with less hardware.
Discover more from VMware Cloud Foundation (VCF) Blog
Subscribe to get the latest posts sent to your email.
