We replace foreigners and protect virtual machines

Recently, together with the ROSA company, we held an event where we talked about how our Cyber ​​Backup and virtualization platform ROSA Virtualization help in the tasks of import substitution. In this publication we would like to highlight several important points.

The departure of foreign vendors affected all components of the corporate IT infrastructure – from the OS to virtualization platforms and other infrastructure software. In addition, the government has tightened control over some areas – to operate software to protect personal data or work in CII, a FSTEC license may be required.

The task of finding analogues of products that were previously actively used by Russian companies has become urgent. In the context of our topic, this is primarily VMware, the share of whose solutions in the domestic market reached almost 90%. An interesting fact is that Russian developers were ready for such a development of events. For example, the first version of the ROSA Virtualization platform was released in 2017, and in 2018 it already received FSTEC certification. In 2023, the platform entered the top 5 Russian virtualization platforms in CNews rating.

Virtualization platform ROSA Virtualization

The ROSA Virtualization platform is based on the time-tested “core” KVM virtualization and fully meets the security requirements of the fourth level of trust of the Federal Service for Technical and Export Control. Thanks to the compact all-in-one image, no access to third-party resources is required, installation can be done in a closed loop, and import tools from third-party virtualization platforms, such as VMware, make the transition to the platform as painless as possible.

It is also worth noting that the ROSA Virtualization virtualization platform was created with fault tolerance in mind. This is achieved thanks to the hyperconverged installation mode using the distributed file system GlusterFS in a configuration of three nodes and from two nodes in a cluster in a storage configuration. No additional licensing is required to connect external data storage systems. The platform supports the most common connection modes – iSCSI, FC, NFS.

The ROSA Virtualization virtualization platform can be used not only in private data centers, but also in data centers of government agencies or enterprises. The presence of developed discretionary and role-based access models (virtual machines, hosts, clusters, data centers) distinguishes ROSA Virtualization from similar solutions; provides the ability to create multiple networks and separate service and user traffic into different information flows using VLAN technology, as well as aggregation of network connections when building a high-performance fault-tolerant network infrastructure.

The package includes a FreeIPA module and also supports MS AD for identification, authentication and authorization of users and administrators through a security domain.

The user's remote desktop delivery tool is as easy as possible to learn and offers a functional application using common protocols SPICE, VNC, HTML5, RDP and forwarding media resources such as USB, disk images and audio to the remote desktop.

ROSA Resource Manager

Import substitution projects for virtualization environments can take a fairly long period of time, and several virtualization environments begin to be used in the infrastructure. In addition, customers are increasingly beginning to use public clouds. To effectively manage such a hybrid virtual environment, special centralized management tools are needed.

The ROSA Resource Manager software package allows you to obtain a single standardized interface for monitoring and managing the hybrid infrastructure of virtualization platforms. Let's highlight the main features of the platform:

  • Operational Awareness

  • Automation

    • The ability to avoid manual operations, increase productivity, and reduce errors.

  • Self-service

  • Cost optimization

  • Reporting

  • Billing

    • Allows you to understand in monetary terms how resources are used, which can be used both when providing resources on demand for commercial purposes (B2B), and for the needs of internal self-financing.

Backup system

The Cyber ​​Backup backup system allows you to backup and restore more than 50 software platforms, which include operating systems, virtualization platforms, DBMS and applications. Together with our technology partners, of whom we already have more than 40, we try to ensure that our product is compatible with all solutions in demand on the market.

In terms of virtualization, we support most platforms on the market, and have been for quite some time. Thus, support for the oVirt platform appeared in version 15.

Interaction with Russian development companies within the framework of technology partnerships allows us to conduct joint testing and issue certificates confirming the correct operation of compatible solutions.

Cyber ​​Backup can work with virtualization platforms in two fundamentally different ways: through a virtual device (this mode is also called agentless) and directly as an agent in each protected guest OS. We try to implement the work through a virtual device, since we consider it the most effective – the virtual device is installed on the virtualization host and uses the virtualization platform API to obtain snapshots of all host loads and, based on them, creates backup copies of virtual machines. This method has a number of undeniable advantages:

  • Simple and straightforward administration – there is no need to install agents inside each protected VM.

  • Easy installation – ready-to-deploy virtual appliances for every virtualization system.

  • Competition for resources between backup and VM loads is eliminated.

  • The snapshot mechanism allows you to make backup copies even of things for which there are no special agents.

  • Significant increase in backup speed.

In cases where agentless mode cannot be used, protection can be achieved by installing agents inside virtual machines.

In Cyber ​​Backup, protecting virtual machines is done in a few simple steps:

Step 1. In the “Devices” section, add a device through the ROSA Virtualization item.

Step 2. Specify the host address and credentials to access it, add the host to the list of devices

Step 3. Go to the host and get a list of virtual machines.

Step 4. Select machines to protect. If necessary, we combine them into a group – this is convenient in scenarios when the number of protected machines will expand. In this case, when they are added to the group, they will be subject to the existing protection plan.

Step 5. Next, select the “Protect Group” command and create a new protection plan for it.

Step 6. Specify the creation schedule and storage period for backups, as well as the data to be saved and the device on which the backups will be stored.

Step 7. Also, to ensure additional reliability of storing backups, you can add additional storages where backup replicas will be placed.

Step 7. Click “Create” – and after optimization, the protection plan is ready for execution according to the schedule we set.

Please note: it is best to store backups in several places; for this purpose, we can specify several storage locations for the backup directly in the protection plan. And in order to relieve the load on the productive system and the agent that performs the backup, you can transfer the operation of replicating backup copies to another agent. To do this, you should use a separate backup replication plan.

Virtual machine (VM) migration scenarios

In addition to VM backup and recovery, Cyber ​​Backup supports a number of migration scenarios – P2V (creating a virtual machine from a backup copy of a physical machine), V2P (bare metal recovery) and V2V (moving a virtual machine to another virtualization host), which provide support for heterogeneous infrastructures in their development, significantly reduce the RTO when restoring physical machines and the access time to the data contained in their backup copies. We have discussed V2V migration scenarios in detail here.

We are sometimes asked, why buy a separate backup tool when you can use the built-in mechanisms of virtualization platforms?

Works with almost any platform

As we noted above, many customers use several virtualization platforms and, as in the case of the need for unified management of them – for example, using ROSA Resource Manager from STC IT ROSA, a solution is required that allows centralized backup.

Scaling to thousands of protected objects

A single console is especially relevant when the number of protected objects exceeds several dozen and reaches thousands and tens of thousands. But all these protection objects have unique protection plans, settings and restrictions. And this is where our Cyber ​​Backup comes to the rescue, supporting dozens of different virtualization platforms and thousands of protection objects from a single web console.

Virtualization, business applications, servers and workstations

We should also not forget that modern IT infrastructure is not only about virtualization. And here, again, unified, centralized backup mechanisms will not only reduce the administrator’s time, but will also make it possible to obtain a holistic picture of the protection status of all system objects, the status of running processes and other important information.

Management, reports and more

Beyond that, IBS is more than just backup and restore. This includes replication of backups and storages, validation of recovery capabilities, cleaning of storages, replication of virtual machines, and the migration scenarios mentioned above.

Finally

The example of a joint solution we considered allows us to effectively solve the problems of import substitution – both virtualization platforms and backup systems. This becomes possible due to the fact that both products support a wide range of domestic and foreign platforms – ROSA allows you to manage them, and Cyber ​​Backup allows you to perform backups. Thus, in projects where several virtualization platforms are used (and migration often occurs in stages), your VMs will be reliably protected throughout the entire process of replacing imported solutions with domestic ones.

It should be noted that both solutions are included in the register of the Ministry of Digital Development and have a FSTEC certificate, this will make it possible to apply these solutions in various industries with strict regulatory standards and regulations.

If you prefer the video format, you can find a recording of the event at link.

Similar Posts

Leave a Reply

Your email address will not be published. Required fields are marked *