Learn about Cloud Backup

Contributors netapp-tonacki Download PDF of this page

Cloud Backup is an add-on service for Cloud Volumes ONTAP and on-premises ONTAP clusters that delivers backup and restore capabilities for protection, and long-term archive of your cloud data. Backups are automatically generated and stored in an object store in your cloud account, independent of volume Snapshot copies used for near-term recovery or cloning.

A snapshot is an instant record of your system metadata at a given moment in similar storage as the original file, while a data backup is a standalone replica of your data, stored away in a separate system.

There are two services that provide the full suite of backup and restore functionality:

  • The Cloud Backup service enables you to create backup files from volumes on your Cloud Volumes ONTAP and on-prem ONTAP clusters.

  • The Restore service enables you to restore an entire volume, or one or more files, from a backup file to the same or different Cloud Volumes ONTAP or on-prem ONTAP cluster.

You must use Cloud Manager for all backup and restore operations. Any actions taken directly from ONTAP or from your cloud provider results in an unsupported configuration.

Features

  • Back up independent copies of your data volumes to low-cost object storage in the cloud.

  • Backup data is secured with AES-256 bit encryption at-rest and TLS 1.2 HTTPS connections in-flight.

  • Back up from cloud to cloud, and from on-premises ONTAP systems to cloud.

  • Support for up to 1,019 backups of a single volume.

  • Restore data from a specific point in time.

  • Restore a volume or individual files to the source system or to a different system.

  • Browsable file catalog for single file restore.

Supported working environments and object storage providers

Cloud Backup enables you to back up volumes from the following working environments to object storage in the following cloud providers:

Source Working Environment Backup File Destination

Cloud Volumes ONTAP in AWS

Amazon S3

Cloud Volumes ONTAP in Azure

Azure Blob

Cloud Volumes ONTAP in Google

Google Cloud Storage

On-premises ONTAP system

Amazon S3
Azure Blob

You can restore a volume, or individual files, from a backup file to the following working environments:

Backup File Location Destination Working Environment

Volume Restore

File Restore

Amazon S3

Cloud Volumes ONTAP in AWS
On-premises ONTAP system

Cloud Volumes ONTAP in AWS
On-premises ONTAP system

Azure Blob

Cloud Volumes ONTAP in Azure
On-premises ONTAP system

Cloud Volumes ONTAP in Azure
On-premises ONTAP system

Google Cloud Storage

Cloud Volumes ONTAP in Google
On-premises ONTAP system

Cost

There are two types of costs associated with using Cloud Backup: resource charges and service charges.

Resource charges

Resource charges are paid to the cloud provider for storage and for running a virtual machine/instance in the cloud.

  • For backup, you pay your cloud provider for object storage costs.

    Since Cloud Backup preserves the storage efficiencies of the source volume, you pay the cloud provider object storage costs for the data after ONTAP efficiencies (for the smaller amount of data after deduplication and compression have been applied).

  • For file restore, you pay your cloud provider for compute costs only when the Restore instance is running.

    The instance runs only when browsing the backup file to locate the individual files you want to restore. The instance is turned off when not in use to save costs. And it is not deployed at all if you never attempt to restore individual files.

    See the type of virtual machine/instance that is deployed for each supported cloud provider.

  • For volume restore there is no cost because no separate instance is required.

Service charges

Backup service charges are paid to NetApp and cover both the cost to create backups and to restore volumes, or files, from those backups. You pay only for the data that you protect, calculated by the target backup capacity before ONTAP efficiencies.

There are two ways to pay for the Backup service. The first option is to subscribe from the service provider, which enables you to pay per month based on the amount of backed up data. The second option is to purchase licenses directly from NetApp. Read the Licensing section for details.

Licensing

Cloud Backup is available in two licensing options: Bring Your Own License (BYOL) and Pay As You Go (PAYGO). A 30-day free trial is available if you don’t have a license.

Free trial

When using the 30-day free trial, you are notified about the number of free trial days that remain. At the end of your free trial, backups stop being created. You must subscribe to the service or purchase a license to continue using the service.

Backup are not deleted when the service is disabled. You’ll continue to be charged by your cloud provider for object storage costs for the capacity that your backups use unless you delete the backups.

Pay-as-you-go subscription

For PAYGO you’ll need to pay your cloud provider for object storage costs (as described earlier) and NetApp for backup licensing costs. The licensing costs are based on target backup capacity (before ONTAP storage efficiencies):

Bring your own license

BYOL is term-based (1YR/2YR/3YR) and capacity-based in 1 TB increments, based on the logical (before ONTAP storage efficiencies) backed up capacity. You pay NetApp to use the service for a period of time, say 1 year, and for a maximum amount backup capacity, say 10 TB, and you’ll need to pay your cloud provider for object storage costs (as described earlier).

You’ll receive a serial number that you enter in the Cloud Manager Licensing page to enable the service. When either limit is reached you’ll need to renew the license. See Adding and updating your Backup BYOL license. The Backup BYOL license applies to all Cloud Volumes ONTAP and on-premises systems associated with your Cloud Central account.

BYOL license considerations

When using a Cloud Backup BYOL license, Cloud Manager notifies you when backups are nearing the capacity limit or nearing the license expiration date. You receive these notifications:

  • When backups have reached 80% of licensed capacity, and again when you have reached the limit

  • 30 days before a license is due to expire, and again when the license expires

Use the chat icon in the lower right of the Cloud Manager interface to renew your license when you receive these notifications.

Two things can happen when your license expires:

  • If the account you are using for your ONTAP systems has a marketplace account, the backup service continues to run, but you are shifted over to a PAYGO licensing model. You are charged by your cloud provider for object storage costs, and by NetApp for backup licensing costs, for the capacity that your backups are using.

  • If the account you are using for your ONTAP systems does not have a marketplace account, the backup service continues to run, but you will continue to receive the expiration message.

Once you renew your BYOL subscription, Cloud Manager automatically obtains the new license from NetApp and installs it. If Cloud Manager can’t access the license file over the secure internet connection, you can obtain the file yourself and manually upload it to Cloud Manager. For instructions, see Adding and updating your Backup BYOL license.

Systems that were shifted over to a PAYGO license are returned to the BYOL license automatically. And systems that were running without a license will stop receiving the warning message and will be charged for backups that occurred while the license was expired.

How Cloud Backup works

When you enable Cloud Backup on a Cloud Volumes ONTAP or on-premises ONTAP system, the service performs a full backup of your data. Volume snapshots are not included in the backup image. After the initial backup, all additional backups are incremental, which means that only changed blocks and new blocks are backed up.

Where backups reside

Backup copies are stored in an S3 bucket, Azure Blob container, or Google Cloud Storage bucket that Cloud Manager creates in your cloud account. For Cloud Volumes ONTAP systems the object store is created in the same region where the Cloud Volumes ONTAP system is located. For on-premises ONTAP systems you identify the region when you enable the service.

There’s one object store per Cloud Volumes ONTAP or on-premises ONTAP system. Cloud Manager names the object store as follows: netapp-backup-clusteruuid

Be sure not to delete this object store.

Notes:

  • In AWS, Cloud Manager enables the Amazon S3 Block Public Access feature on the S3 bucket.

  • In Azure, Cloud Manager uses a new or existing resource group with a storage account for the Blob container.

  • In GCP, Cloud Manager uses a new or existing project with a storage account for the Google Cloud Storage bucket.

Supported storage classes or access tiers

  • In Amazon S3, backups start in the Standard storage class and transition to the Standard-Infrequent Access storage class after 30 days.

  • In Azure, backups are associated with the cool access tier.

  • In GCP, backups are associated with the Standard storage class by default.

    You can also use the lower cost Nearline storage class, or the Coldline or Archive storage classes. See the Google topic Storage classes for information about changing the storage class.

Backup settings are system wide

When you enable Cloud Backup, all the volumes you identify on the system are backed up to the cloud.

The schedule and number of backups to retain are defined at the system level. The backup settings affect all volumes on the system.

The schedule is daily, weekly, monthly, or a combination

You can choose daily, or weekly, or monthly backups of all volumes. You can also select one of the system-defined policies that provide backups and retention for 3 months, 1 year, and 7 years. These policies are:

Backup Policy Name Backups per interval…​ Max. Backups

Daily

Weekly

Monthly

Netapp3MonthsRetention

30

13

3

46

Netapp1YearRetention

30

13

12

55

Netapp7YearsRetention

30

53

84

167

Backup protection policies that you have created on the system using ONTAP System Manager or the ONTAP CLI are also available as selections.

Once you have reached the maximum number of backups for a category, or interval, older backups are removed so you always have the most current backups.

Note that the retention period for backups of data protection volumes is the same as defined in the source SnapMirror relationship. You can change this if you want by using the API.

Backups are taken at midnight

  • Daily backups start just after midnight each day.

  • Weekly backups start just after midnight on Sunday mornings.

  • Monthly backups start just after midnight on the first of each month.

The start time is based on the time zone set on each source ONTAP system. At this time, you can’t schedule backup operations at a user specified time.

Backup copies are associated with your Cloud Central account

Backup copies are associated with the Cloud Central account in which Cloud Manager resides.

If you have multiple Cloud Manager systems in the same Cloud Central account, each Cloud Manager system will display the same list of backups. That includes the backups associated with Cloud Volumes ONTAP and on-premises ONTAP instances from other Cloud Manager systems.

Supported volumes

Cloud Backup supports FlexVol read-write volumes and data protection (DP) volumes.

FlexGroup volumes and SnapLock volumes aren’t currently supported.

FabricPool tiering policy considerations

There are certain things you need to be aware of when the volume you are backing up resides on a FabricPool aggregate and it has an assigned policy other than none:

  • The first backup of a FabricPool-tiered volume requires retrieval of all local and all tiered data (from the object store). This operation could cause a one-time increase in cost to read the data from your cloud provider.

    • Subsequent backups are incremental and do not have this effect.

    • If the tiering policy is assigned to the volume when it is initially created you will not see this issue.

  • Consider the impact of backups before assigning the all tiering policy to volumes. Because data is tiered immediately, Cloud Backup will read data from the cloud tier rather than from the local tier. Because concurrent backup operations share the network link to the cloud object store, performance degradation might occur if network resources become saturated. In this case, you may want to proactively configure multiple network interfaces (LIFs) to decrease this type of network saturation.

  • A backup operation does not "reheat" the cold data tiered in object storage.

Limitations

  • When making backups from on-premises ONTAP systems, the Connector must be deployed in the cloud. There is no support for on-premises Connector deployments.

  • When backing up data protection (DP) volumes, the rule that is defined for the SnapMirror policy on the source volume must use a label that matches the allowed Cloud Backup policy names of daily, weekly, or monthly. Otherwise the backup will fail for that DP volume.

  • In Azure, if you enable Cloud Backup when Cloud Volumes ONTAP is deployed, Cloud Manager creates the resource group for you and you cannot change it. If you want to pick your own resource group when enabling Cloud Backup, disable Cloud Backup when deploying Cloud Volumes ONTAP and then enable Cloud Backup and choose the resource group from the Cloud Backup Settings page.

  • When backing up volumes from Cloud Volumes ONTAP systems, volumes that you create outside of Cloud Manager aren’t automatically backed up. For example, if you create a volume from the ONTAP CLI, ONTAP API, or System Manager, then the volume won’t be automatically backed up. If you want to back up these volumes, you would need to disable Cloud Backup and then enable it again.

  • ILM (tiering) from the object storage, or direct write to AWS Glacier or similar lower tier object storage, is not supported.

  • SVM-DR and SM-BC configurations are not supported.

  • MetroCluster (MCC) backup is supported from ONTAP secondary only: MCC → SnapMirror → ONTAP → Cloud Backup Service → object storage.

  • WORM/Compliance mode on an object store is not supported.

Single File Restore limitations

  • Single file restore can restore individual files. There is currently no support for restoring folders/directories.

  • The file being restored must be using the same language as the language on the destination volume. You will receive an error message if the languages are not the same.

  • The ONTAP version must be 9.6 or greater in your Cloud Volumes ONTAP or on-premises systems.

  • Cross account restore requires manual action in the cloud provider console. See the AWS topic granting cross-account bucket permissions for details.

  • Single file restore is not supported when using the same account with different Cloud Managers in different subnets.

  • Restore can browse a single directory with flat files up to a maximum of 30,000 files. Larger directories are currently not supported.