Protect your ONTAP cluster data using BlueXP backup and recovery

The BlueXP backup and recovery service provides backup and restore capabilities for protection and long-term archive of your ONTAP cluster data. Backups are automatically generated and stored in an object store in your public or private cloud account, independent of volume Snapshot copies used for near-term recovery or cloning.

When necessary, you can restore an entire volume, a folder, or one or more files, from a backup to the same or different working environment.

Features

Backup features:

  • Back up independent copies of your data volumes to low-cost object storage.

  • Apply a single backup policy to all volumes in a cluster, or assign different backup policies to volumes that have unique recovery point objectives.

  • Create a backup policy to be applied to all future volumes created in the cluster.

  • Make immutable backup files so they are locked and protected for the retention period.

  • Scan backup files for possible ransomware attack - and remove/replace infected backups automatically.

  • Tier older backup files to archival storage to save costs.

  • Delete the backup relationship so you can archive unneeded source volumes while retaining volume backups.

  • Back up from cloud to cloud, and from on-premises systems to public or private cloud.

  • For Cloud Volumes ONTAP systems, your backups can reside on a different subscription/account or different region.

  • Backup data is secured with AES-256 bit encryption at-rest and TLS 1.2 HTTPS connections in-flight.

  • Use your own customer-managed keys for data encryption instead of using the default encryption keys from your cloud provider.

  • Support for up to 4,000 backups of a single volume.

Restore features:

  • Restore data from a specific point in time.

  • Restore a volume, a folder, or individual files, to the source system or to a different system.

  • Restore data to a working environment using a different subscription/account or that is in a different region.

  • Data is restored on a block level, placing the data directly in the location you specify, all while preserving the original ACLs.

  • Browsable and searchable file catalogs for easy selection of individual folders and files for single file restore.

Supported ONTAP working environments and object storage providers

BlueXP backup and recovery enables you to back up ONTAP volumes from the following working environments to object storage in the following public and private cloud providers:

Source Working Environment Backup File Destination

Cloud Volumes ONTAP in AWS

Amazon S3

Cloud Volumes ONTAP in Azure

Azure Blob

Cloud Volumes ONTAP in Google

Google Cloud Storage

On-premises ONTAP system

Amazon S3
Azure Blob
Google Cloud Storage
NetApp StorageGRID

You can restore a volume, a folder, or individual files, from an ONTAP backup file to the following working environments:

Backup File Location Destination Working Environment

Amazon S3

Cloud Volumes ONTAP in AWS
On-premises ONTAP system

Azure Blob

Cloud Volumes ONTAP in Azure
On-premises ONTAP system

Google Cloud Storage

Cloud Volumes ONTAP in Google
On-premises ONTAP system

NetApp StorageGRID

On-premises ONTAP system

Note that references to "on-premises ONTAP systems" includes FAS, AFF, and ONTAP Select systems.

Support for sites with limited connectivity

BlueXP backup and recovery can be used in a site with limited internet connectivity (also known as "restricted mode") to back up and restore volume data. In this case, you’ll need to deploy the BlueXP Connector in the restricted region.

Support for sites with no internet connectivity

BlueXP backup and recovery can be used in a site with no internet connectivity (also known as "private mode" or "dark" sites) to back up volume data. In this case, you’ll need to deploy the BlueXP Connector in private mode.

Supported volumes

BlueXP backup and recovery supports the following types of volumes:

  • FlexVol read-write volumes

  • SnapMirror data protection (DP) destination volumes

  • SnapLock Enterprise volumes (requires ONTAP 9.11.1 or later)

    • SnapLock Compliance volumes aren’t currently supported.

  • FlexGroup volumes (requires ONTAP 9.12.1 or later)

See the sections on Backup and Restore Limitations for additional requirements and limitations.

Cost

There are two types of costs associated with using BlueXP backup and recovery with ONTAP systems: resource charges and service charges.

Resource charges

Resource charges are paid to the cloud provider for object storage capacity and for writing and reading backup files to the cloud.

  • For Backup, you pay your cloud provider for object storage costs.

    Since BlueXP backup and recovery preserves the storage efficiencies of the source volume, you pay the cloud provider object storage costs for the data after ONTAP efficiencies (for the smaller amount of data after deduplication and compression have been applied).

  • For restoring data using Search & Restore, certain resources are provisioned by your cloud provider, and there is per-TiB cost associated with the amount of data that is scanned by your search requests. (These resources are not needed for Browse & Restore.)

  • If you need to restore volume data from a backup file that has been moved to archival storage, then there’s an additional per-GiB retrieval fee and per-request fee from the cloud provider.

Service charges

Service charges are paid to NetApp and cover both the cost to create backups and to restore volumes, or files, from those backups. You pay only for the data that you protect, calculated by the source logical used capacity (before ONTAP efficiencies) of ONTAP volumes which are backed up to object storage. This capacity is also known as Front-End Terabytes (FETB).

There are three ways to pay for the Backup service. The first option is to subscribe from your cloud provider, which enables you to pay per month. The second option is to get an annual contract. The third option is to purchase licenses directly from NetApp. Read the Licensing section for details.

Licensing

BlueXP backup and recovery is available with the following consumption models:

  • BYOL: A license purchased from NetApp that can be used with any cloud provider.

  • PAYGO: An hourly subscription from your cloud provider’s marketplace.

  • Annual: An annual contract from your cloud provider’s marketplace.

Note

If you purchase a BYOL license from NetApp, you also need to subscribe to the PAYGO offering from your cloud provider’s marketplace. Your license is always charged first, but you’ll be charged from the hourly rate in the marketplace in these cases:

  • If you exceed your licensed capacity

  • If the term of your license expires

If you have an annual contract from a marketplace, all BlueXP backup and recovery consumption is charged against that contract. You can’t mix and match an annual marketplace contract with a BYOL.

Bring your own license

BYOL is term-based (12, 24, or 36 months) and capacity-based in 1 TiB increments. You pay NetApp to use the service for a period of time, say 1 year, and for a maximum amount capacity, say 10 TiB.

You’ll receive a serial number that you enter in the BlueXP digital wallet page to enable the service. When either limit is reached, you’ll need to renew the license. The Backup BYOL license applies to all source systems associated with your BlueXP account.

Learn how to manage your BYOL licenses.

Pay-as-you-go subscription

BlueXP backup and recovery offers consumption-based licensing in a pay-as-you-go model. After subscribing through your cloud provider’s marketplace, you pay per GiB for data that’s backed up — there’s no up-front payment. You are billed by your cloud provider through your monthly bill.

Learn how to set up a pay-as-you-go subscription.

Note that a 30-day free trial is available when you initially sign up with a PAYGO subscription.

Annual contract

When using AWS, two annual contracts are available for 12, 24, or 36 month terms:

  • A "Cloud Backup" plan that enables you to back up Cloud Volumes ONTAP data and on-premises ONTAP data.

  • A "CVO Professional" plan that enables you to bundle Cloud Volumes ONTAP and BlueXP backup and recovery. This includes unlimited backups for Cloud Volumes ONTAP volumes charged against this license (backup capacity is not counted against the license).

  • When using Azure, you can request a private offer from NetApp, and then select the plan when you subscribe from the Azure Marketplace during BlueXP backup and recovery activation.

  • When using GCP, you can request a private offer from NetApp, and then select the plan when you subscribe from the Google Cloud Marketplace during BlueXP backup and recovery activation.

Learn how to set up annual contracts.

How BlueXP backup and recovery works

When you enable BlueXP backup and recovery on a Cloud Volumes ONTAP or on-premises ONTAP system, the service performs a full backup of your data. Volume snapshots are not included in the backup image. After the initial backup, all additional backups are incremental, which means that only changed blocks and new blocks are backed up. This keeps network traffic to a minimum. BlueXP backup and recovery is built on top of the NetApp SnapMirror Cloud technology.

Caution Any actions taken directly from your cloud provider environment to manage or change backup files may corrupt the files and will result in an unsupported configuration.

The following image shows the relationship between each component:

A diagram showing how BlueXP backup and recovery communicates with the volumes on the source systems and the destination object storage where the backup files are located.

Where backups reside

Backup copies are stored in an object store that BlueXP creates in your cloud account. There’s one object store per cluster/working environment, and BlueXP names the object store as follows: "netapp-backup-clusteruuid". Be sure not to delete this object store.

  • In AWS, BlueXP enables the Amazon S3 Block Public Access feature on the S3 bucket.

  • In Azure, BlueXP uses a new or existing resource group with a storage account for the Blob container. BlueXP blocks public access to your blob data by default.

  • In GCP, BlueXP uses a new or existing project with a storage account for the Google Cloud Storage bucket.

  • In StorageGRID, BlueXP uses an existing storage account for the object store bucket.

If you want to change the destination object store for a cluster in the future, you’ll need to unregister BlueXP backup and recovery for the working environment, and then enable BlueXP backup and recovery using the new cloud provider information.

Customizable backup schedule and retention settings

When you enable BlueXP backup and recovery for a working environment, all the volumes you initially select are backed up using the default backup policy that you define. If you want to assign different backup policies to certain volumes that have different recovery point objectives (RPO), you can create additional policies for that cluster and assign those policies to the other volumes after BlueXP backup and recovery is activated.

You can choose a combination of hourly, daily, weekly, monthly, and yearly backups of all volumes. The Snapshot policy applied to the volume must be one of the policies recognized by BlueXP backup and recovery or backup files will not be created. You can also select one of the system-defined policies that provide backups and retention for 3 months, 1 year, and 7 years. These policies are:

Backup Policy Name Backups per interval…​ Max. Backups

Daily

Weekly

Monthly

Netapp3MonthsRetention

30

13

3

46

Netapp1YearRetention

30

13

12

55

Netapp7YearsRetention

30

53

84

167

Backup protection policies that you have created on the cluster using ONTAP System Manager or the ONTAP CLI will also appear as selections. This includes policies created using custom SnapMirror labels.

Once you have reached the maximum number of backups for a category, or interval, older backups are removed so you always have the most current backups (and so obsolete backups don’t continue to take up space in the cloud).

See Backup schedules for more details about how the available schedule options.

Note that you can create an on-demand backup of a volume from the Backup Dashboard at any time, in addition to those backup files created from the scheduled backups.

Tip The retention period for backups of data protection volumes is the same as defined in the source SnapMirror relationship. You can change this if you want by using the API.

Backup file protection settings

If your cluster is using ONTAP 9.11.1 or greater, you can protect your backups from deletion and ransomware attacks. Each backup policy provides a section for DataLock and Ransomware Protection that can be applied to your backup files for a specific period of time - the retention period. DataLock protects your backup files from being modified or deleted. Ransomware protection scans your backup files to look for evidence of a ransomware attack when a backup file is created, and when data from a backup file is being restored.

The backup retention period is the same as the backup schedule retention period; plus 14 days. For example, weekly backups with 5 copies retained will lock each backup file for 5 weeks. Monthly backups with 6 copies retained will lock each backup file for 6 months.

Support is currently available when your backup destination is Amazon S3, Azure Blob, or NetApp StorageGRID. Other storage provider destinations will be added in future releases.

See DataLock and Ransomware protection for more details about how DataLock and Ransomware protection works.

Tip DataLock can’t be enabled if you are tiering backups to archival storage.

Archival storage for older backup files

When using certain cloud storage you can move older backup files to a less expensive storage class/access tier after a certain number of days. Note that archival storage can’t be used if you have enabled DataLock.

  • In AWS, backups start in the Standard storage class and transition to the Standard-Infrequent Access storage class after 30 days.

    If your cluster is using ONTAP 9.10.1 or greater, you can choose to tier older backups to either S3 Glacier or S3 Glacier Deep Archive storage in the BlueXP backup and recovery UI after a certain number of days for further cost optimization. Learn more about AWS archival storage.

  • In Azure, backups are associated with the Cool access tier.

    If your cluster is using ONTAP 9.10.1 or greater, you can choose to tier older backups to Azure Archive storage in the BlueXP backup and recovery UI after a certain number of days for further cost optimization. Learn more about Azure archival storage.

  • In GCP, backups are associated with the Standard storage class.

    If your cluster is using ONTAP 9.12.1 or greater, you can choose to tier older backups to Archive storage in the BlueXP backup and recovery UI after a certain number of days for further cost optimization. Learn more about Google archival storage.

  • In StorageGRID, backups are associated with the Standard storage class.

    If your on-prem cluster is using ONTAP 9.12.1 or greater, and your StorageGRID system is using 11.4 or greater, you can archive older backup files to public cloud archival storage after a certain number of days. Current support is for AWS S3 Glacier/S3 Glacier Deep Archive or Azure Archive storage tiers. Learn more about archiving backup files from StorageGRID.

See Archival storage settings for more details about archiving older backup files.

FabricPool tiering policy considerations

There are certain things you need to be aware of when the volume you are backing up resides on a FabricPool aggregate and it has an assigned policy other than none:

  • The first backup of a FabricPool-tiered volume requires reading all local and all tiered data (from the object store). A backup operation does not "reheat" the cold data tiered in object storage.

    This operation could cause a one-time increase in cost to read the data from your cloud provider.

    • Subsequent backups are incremental and do not have this effect.

    • If the tiering policy is assigned to the volume when it is initially created you will not see this issue.

  • Consider the impact of backups before assigning the all tiering policy to volumes. Because data is tiered immediately, BlueXP backup and recovery will read data from the cloud tier rather than from the local tier. Because concurrent backup operations share the network link to the cloud object store, performance degradation might occur if network resources become saturated. In this case, you may want to proactively configure multiple network interfaces (LIFs) to decrease this type of network saturation.

Limitations

Backup limitations

  • When creating or editing a backup policy when no volumes are assigned to the policy, the number of retained backups can be a maximum of 1018. After you assign volumes to the policy, you can edit the policy to create up to 4000 backups.

  • When backing up data protection (DP) volumes:

    • Relationships with the SnapMirror labels app_consistent and all_source_snapshot won’t be backed up to cloud.

    • If you create local copies of Snapshots on the SnapMirror destination volume (irrespective of the SnapMirror labels used) these Snapshots will not be moved to the cloud as backups. At this time you’ll need to create a Snapshot policy with the desired labels to the source DP volume in order for BlueXP backup and recovery to back them up.

  • FlexGroup volume backups can’t be moved to archival storage.

  • FlexGroup volume backups can’t use DataLock and Ransomware protection.

  • SVM-DR volume backup is supported with the following restrictions:

    • Backups are supported from the ONTAP secondary only.

    • The Snapshot policy applied to the volume must be one of the policies recognized by BlueXP backup and recovery, including daily, weekly, monthly, etc. The default "sm_created" policy (used for Mirror All Snapshots) is not recognized and the DP volume will not be shown in the list of volumes that can be backed up.

  • MetroCluster support:

    • When using ONTAP 9.12.1 GA or greater, backup is supported when connected to the primary system. The entire backup configuration is transferred to the secondary system so that backups to the cloud continue automatically after switchover. You don’t need to set up backup on the secondary system (in fact, you are restricted from doing so).

    • When using ONTAP 9.12.0 and earlier, backup is supported only from the ONTAP secondary system.

    • Backups of FlexGroup volumes are not supported at this time.

  • Ad-hoc volume backup using the Backup Now button isn’t supported on data protection volumes.

  • SM-BC configurations are not supported.

  • ONTAP doesn’t support fan-out of SnapMirror relationships from a single volume to multiple object stores; therefore, this configuration is not supported by BlueXP backup and recovery.

  • WORM/Compliance mode on an object store is supported on Amazon S3, Azure, and StorageGRID at this time. This is known as the DataLock feature, and it must be managed by using BlueXP backup and recovery settings, not by using the cloud provider interface.

Restore limitations

These limitations apply to both the Search & Restore and the Browse & Restore methods of restoring files and folders; unless called out specifically.

  • Browse & Restore can restore up to 100 individual files at a time.

  • Search & Restore can restore 1 file at a time.

  • When using ONTAP 9.13.0 or greater, Browse & Restore and Search & Restore can restore a folder along with all files and sub-folders within it.

    When using a version of ONTAP greater than 9.11.1 but before 9.13.0, the restore operation can restore only the selected folder and the files in that folder - no sub-folders, or files in sub-folders, are restored.

    When using a version of ONTAP before 9.11.1, folder restore is not supported.

  • Directory/folder restore is supported for data that resides in archival storage only when the cluster is running ONTAP 9.13.1 and greater.

  • Directory/folder restore is supported for data that is protected using DataLock only when the cluster is running ONTAP 9.13.1 and greater.

  • Directory/folder restore is not currently supported on FlexGroup volume backups.

  • Restoring from FlexGroup volumes to FlexVol volumes, or FlexVol volumes to FlexGroup volumes is not supported.

  • The file being restored must be using the same language as the language on the destination volume. You will receive an error message if the languages are not the same.

  • The High restore priority is not supported when restoring data from Azure archival storage to StorageGRID systems.