Backing up cloud applications is never easy but Asigra gets it done
Trust an old pro
Review As the recent Code Spaces debacle has taught us, just because you use cloud computing doesn't mean you can't properly engineer your IT design.
A huge part of that is having proper backups that are set up on separate providers with different administrative credentials. Asigra is a data protection company that claims it can accomplish this so I have been investigating its offerings.
Asigra hails from Toronto and has been around since 1986, which makes it a firmly established player in an overcrowded market. Despite this it is probably not the first data protection company many storage guys think of, or perhaps even in the top five.
That is a shame, as its offerings are competitive with the big guys and it has some fiercely loyal clients.
The company has a well-developed partner channel (it doesn't do direct sales at all) and is differentiating itself by focusing on cloud backup capabilities, something it has been doing for more than 20 years. If you have a workload or some data, Asigra can back it up to the cloud.
Recently the firm moved into cloud to cloud backup – backing up data from SaaS-based app such as Google Apps and Office 365. Not only can it back things up to the cloud, it can back workloads and data that are in the cloud over to other clouds or back down to your premises.
For better or worse, Asigra now represents "the cloud backup guys”. It even has a Docker containers backup whatchamacallit all built in. What separates it from all the eleven squillion other cloud backup guys out there, however, is that thing of having been around since 1986.
Data protection is miserable and nearly every application in the space is a nightmare to use. This is at least in part because data protection applications have to deal with an ungodly number of different applications, data sources and destinations.
Being positively ancient when compared with the Silicon Valley startups is a good thing for Asigra. It has years of experience integrating with applications the younger, hipper crew have not even heard of.
There is really only room for one "we only backup virtual machines so put everything in a virtual machine" Veeam player to reach the big league. Everyone else has to talk to SQL databases and virtual machines and file servers and SANs and clouds and lion and tiger and bears.
Data protection is data protection. It is hard to make it sexy. It has one job: make copies of your workloads and their data and get those copies back where they belong when you need them. Despite this, the idea that all backup software is awful is as true today as it ever has been, and you can't escape having to actually understand how it works.
Anyone who has dealt with data protection applications of any kind will have encountered the agent-versus-agentless debate.
Data protection software with agents require a (hopefully but not always) smallish piece of software to live inside each server, virtual machine or service that requires backing up. The agent calls home to the backup server to get the job done, and only the backup server needs to have any ports exposed through its firewall to accomplish this.
Agentless backups do the job by exposing something on the server, virtual machine or service that the backup software can look at instead. This is usually an API, but not everything has APIs to play with so you might end up having to expose much more vulnerable services.
On the other hand, there is no installable software widget to baby, update and have go horribly, horribly wrong.
Pretty much by definition, any proper cloud backup software is the agentless variety. Microsoft is not going to be receptive to the idea of installing a data protection agent into your copy of Office 365 so you can back it up.
And I would pay good money to watch a YouTube of you trying to find who to call at Google, then trying to explain to the bewildered person you manage to get on the phone what the hell it is you are talking about.
Cloud services have APIs. If you want to get data on and off cloud services you have to go through APIs. So that means no agents (yay!) but it also means you are at the mercy of the API restrictions (boo!).
This has some important real-world implications that need to be considered when talking about cloud-to-cloud or cloud-to-home backups.
As any data protection software should, Asigra's software will let you choose the frequency and granularity of your backups. It lets you do this per data source, meaning that if you really wanted to you could tell it to try to back up Google Apps every minute. That would not actually work in the real world.
When the public cloud providers are not busy changing the world with their magical subscription model made out of rainbows, they are busy being pragmatic and ruthlessly business-focused.
Those pesky APIs the cloud providers use? They have limits. This can seriously affect your backup and recovery plans.
You must still engage brain before using clouds
Microsoft's limits for Office 365 are here and Google's Apps limits are here. Be aware that schlepping things in and out of the API counts just as if you were hauling that data through a front-door protocol like IMAP. It counts against your limits.
Google's absurdly low 2.5GB per day IMAP limit has got me into trouble on more than one occasion. So, like the Code Spaces thing – where some putz got the credentials to Code Space's cloud accounts, then deleted the primaries and the backups, effectively deleting the whole company – you must still engage brain before using clouds.
In this case, you need to profile the data usage of your users before you start making decisions about how frequently to do your cloud backups.
Additionally, not all cloud providers are created equal. Microsoft, for example, has recently decided that it will leave things in the deleted items bin forever by default.
By contrast, in Google's world the same object/email with multiple “tags” will appear as multiple identical objects in different "folders" to traditional mail clients and data protection software.
Tied up in knots
All this may seem indirectly related to Asigra's cloud-to-cloud data protection software, but we need to understand the context. Asigra's software is the evolution of software designed by a backup company; it was around long before the market called itself data protection and as such gives you lots and lots of rope to hang yourself with.
The software is feature rich. You can do the normal things that data protection software can do. You can set RTO and RPOs to whatever meets your organisation's needs (within the constraints of the cloud providers' limits, naturally).
You can store all the data on your own site, point to a colo or hosted offering, or punt it to another cloud provider. But fair warning, the latter can get complicated if you try crossing the streams without consulting an expert first. Office 365 and Google Apps are less cross-compatible than some might imagine.
Asigra can encrypt backups and uses a policy-based approach, so that you can push out data protection rules to as many users as you want at the same time. Of course, the big seller is that that you always have a copy of your data, even if your subscription with the service provider is cancelled or it goes out of business.
So what is it like to use the software? Asigra’s cloud-to-cloud offering is identical to every other piece of data protection software from companies that were around since we called this stuff backup software.
It is clearly designed by backup geeks for backup geeks. It is nerd-centric and presumes the fellow driving the software has a high level of privilege.
I won’t say Asigra is a joy to use, but then, what data protection software is? What I can honestly say is that of the dozen or so applications I have tried out that have some ability to backup my cloudy apps, I hate Asigra the least.
I spend significantly more time swearing at Office 365's byzantine administration UI than at Asigra, and it doesn't fill me with a cold, spiteful rage the way every UI made by Google in the past four years has managed to do.
For those with experience in data protection software, I'd call Asigra less irritating than Commvault, but not so easy to use as Veeam. It is more like Retrospect back when Retrospect was good, but now with the ability to select points cloudy as data sources and as targets.
The main selling point here is clearly the functionality, and Asigra has this mostly under wraps. It is an early go at things cloudy, and there are clearly additional levels of integration required as well additional cloud providers that need to be integrated.
But it was ever thus in the data protection industry and for now, Asigra has reason to crow about one-upping the competition. ®