00:00
Storage snapshots are a foundational feature to any storage system, but not all snapshots are created equally, and this is just another area where pure storage outshines the competition in the marketplace. Our snapshots are 100% metadata, which brings so many additional benefits. You can instantly snap any volume with 100% immutability, with zero reservations,
00:29
zero performance overhead, thousands of times, literally thousands of times, with no impact. Snapshots, since they're based off metadata like I discussed, are just really new volumes, which provides unsurpassed data flexibility. You can mount that snapshot as a new volume, you can read to write to it as the volume,
00:49
you can snap it again if you need to, and there's zero. Parent-child relationship or dependencies between the original snapshot and the clone of the snapshot. So if you need to delete the original, you're not going to impact the new copy or the new clone, and vice versa, right? So you just get this very elegant data
01:08
flexibility. And since our snapshots are quote unquote always full, there's no wasted space. They're always thin, they're always de-duped, and they're always compressed, thus taking up no additional space on the array. And like I said, with the fact that they're basically new volumes, it provides great recovery and data resiliency pretty
01:31
much anywhere. You can roll those snapshots forward or backward as needed. You can recover any volume from any snapshot, and then you can actually replicate those snapshots, you know, to maybe another pure array that's on site, or maybe you leverage our cloud blocks or product in,
01:47
you know, one of the public cloud. You can replicate there. So again, you're just gonna have this flexibility both for data resiliency, as well as maybe you need that data mobility where maybe you need to take a snap of a, you know, a production database and you want to now mount that to a test dev environment to, you know, run some data or some data processing or whatever,
02:06
you're just gonna get the ultimate in flexibility when you're leveraging our snapshots for those types of activities. But With that said, let's actually just dive into a demo and let me show you everything I'm talking about. So as you can see, I'm in the lab environment. This is what you would get, you're gonna get presented basically with the Windows,
02:24
you know, console, and what I've gone ahead and done for this kind of snapshot demo is on the D drive with the volume that's already mounted, I've created 3 folders Finance 1, Finance 2, and Finance 3. And then in finance 2 we have these very important PO or, you know, documents, right, that just cannot be lost.
02:43
So that's kind of the data, you know, the data side of things that I wanted to present. If we actually go into the array, so this is our dashboard for purity, and let's go into storage. For this we'll go into volumes. We're working with the Windows box, so it's gonna be this Windows volume one.
03:01
If we click into that, so you can see the Windows host over here and then on the right you kind of see our our snapshot area. Now we do have a default snapshot which I'll get into for for safe mode, but really there's no snaps on this volume right now. So if I want to create a new snapshot, it's simple as basically clicking on this little check box or this plus box, and I'm gonna give it a great uh suffix,
03:24
so we're gonna call this Langer demo, super technical here, and we're just gonna click create. And as you can see, we've got a snapshot, right? It's pretty fast. So like all those things I talked about before, once we have the snapshot, there's a lot of different things we can do with it.
03:39
So if I go over here in the console and I click the little burger menu, we've got copy, we have restore, rename, send, and destroy and destroy is really pure pure speak for deletion, and So this is where the kind of the magic can happen for these manual created snapshots. So let's say I wanna, you know, restore this snapshot and let's say, you know,
04:03
somebody went in and unfortunately was messing around and they deleted this very important PO2 and you get the phone call and they're like, hey, uh, storage admin, like I we've lost this file, we need it back, right? So that's a pretty easy thing to do now. It's a two step process really when you're dealing with Windows.
04:22
So some of this is purity and some of it's Windows. So before we can restore. The volume, right? We actually need to actually go in and take the existing, you know, volume or drive offline from a Windows perspective. So I'll go into disk management.
04:38
I'll take it offline. So now it's offline, and if I go back over here, click the snapshot, go to the the burger menu basically hit restore. It's basically gonna say, are you sure you want to do this cause I'm going to overwrite whatever is existing there. And of course we're like,
04:54
yep, let's overwrite it, so we click restore. Let's go back over here. We're gonna have to bring that volume, you know, back online in the Windows part. Let's explore it. And then finance 2 and voila, we see that our very important PO2 file has been restored,
05:14
right? So that's a very basic kind of show of what the snapshots can do. Now, to take things a step further, let's say back to my comment of like maybe I want to actually take that snapshot and turn it into an actual volume. So I go back over here, hit the burger menu, and then I can do copy.
05:32
And then I'm gonna give it again a very, you know, highly technical name, so I'm gonna call it Langer demo copy. And I'm just gonna click copy. So you don't really see anything happening here on this screen, but if I go back up to the volumes, we now see that I've got this Laer demo copy volume
05:50
sitting over here, and you can see that it's 10GB just like the original size of the initial volume or the volume that I copied. But we need to actually go in and attach that volume to the Windows host. So there's a lot of different ways to do that, but I'm just gonna go into the actual volume itself, and I've got this connected host section.
06:10
And I'm just gonna click on the burger menu, click connect. There's my Windows VM or my Windows hosts, click connect. That's gonna run. Now if we go into disk management. It should, it might self populate. If not, let's go ahead and just run a re-scan.
06:30
And now we've got our, our volume here, so we just want to bring this online. Took it as the F drive. Now really this should just be a mirror copy of the data from the original volume, so let's go into Windows Explorer. We see finance 1, finance 2, finance 3, and we see our three important files, right? So, All pretty straightforward, very simple to
06:52
do, and then lastly, let's go into back into the volumes. Let's go into this Windows volume. And last but not least, I can just easily destroy this, right? So you, you took the snapshot, you needed to do with it, whatever you needed to do.
07:06
I click destroy and it's gonna say, are you sure you want to do that? Like, yep, let's get rid of it, and now it's destroyed. And what you'll see here is it's in this little destroyed uh bucket, and if I expand that. You'll notice Oh there it is. You'll notice,
07:26
sorry, just take a second. You notice I've got some timers and some deletion, so if I, so once you if you destroy something, it's not really gone yet. It goes into this destroyed bucket, um. And then I could just click this for what we call an eradication, which means it's going to be really gone. So I can delete that or I can set a timer,
07:43
but I'm gonna leave that there because this actually ties into or gets into the next topic which is going to be safe modes. Safe mode is our ransomware protection strategy with flash array and flash blade as well from a snapshot's perspective. And really what we're trying to do is we're trying to limit the exposure or limit the risk
08:09
that you have from a ransomware attack. Now, I listed these as the four stages of a ransomware attack, and I'm sure somebody could probably dive in and say there's more, but really if you boil it down, it comes into these 4 as far as I'm concerned. They want to hack into your system.
08:23
They want to identify some sensitive data and then encrypt it, so you know, they're looking for your grandma's chocolate chip recipe or whatever IP is very important to you, or maybe it's customer data, credit cards, so on and so forth, but they're looking for that data and then they're going to encrypt it so you can't use it or access it.
08:39
But beyond that, the next thing they're going to want to do is cripple your ability to actually recover that data, right? So they're going to try and find your snapshots on your storage system. They're going to try and find your backups, whatever they can do to make sure you cannot recover to a known good point in time for that data because that's where they're going to look for the ransom data,
08:58
AKA they want to get paid, right? So they made it so you can't recover, they've got your important information locked out and you're at their mercy. But with safe mode, what we're really trying to do is we're gonna stop them in the tracks. So we're going to make it so they can't limit your ability to restore that data or, you know, recover that encrypted information, which means,
09:21
of course, they're not going to get paid. And how do we do that is again with our safe mode. So what we, this is a kind of a quick explanation of a of a workflow of how safe mode works. So manually destroyed data or snapshots are placed into what we call this eradication bucket.
09:38
So remember when I was doing the snapshot demo, I had that destroyed area, right, that's quote unquote the eradication bucket. But then once data lands in there, there's a duration or a timer that's set for how long. It can live there before it can be eradicated, meaning before you really destroy it and it is just gone. Now, That timer can be set from 1 to 30 days.
10:03
So by default, like on our screen, I think you saw it was set for 24 hours or when I get back in, I can show it to you. But this is where your flexibility comes in of like if I destroy an object, whether it be a volume or, you know, try to edit something, I can set like that has to live in the the eradication bucket for 4 days before it can be
10:22
destroyed. Right, or 16 days or whatever it is. So really that's what where the protection comes in, comes in where not only if they try to, you know, delete your snapshots, so maybe they got in and they figured out how to delete the snapshot snapshots, but now they're sitting there and they can't be eradicated so you have that,
10:38
that recoverability like we just did with like you clone it to a snap, do you restore it, whatever that scenario is, and that's how you limit the ransomwares or the attacker's ability to, you know, to ransom your data. Now. For a safeguard, of course, cause sometimes maybe you do actually need to change something or delete something.
10:57
This is where our, what I would say for our authentication for eradication comes in. So anytime something needs to be eradicated before that timer is expired, a known, you know, account or, you know, authorized person within your organization has to call 色控传媒 technical support. And of course then they're identified by our support, whether,
11:19
you know, it's pin numbers or whatever, there's multiple ways we handle that. We can say, OK. Langer works as a valid contact and he wants to now remove these snapshots or eradicate them. The peer support person is validated, then we can go ahead and hit the buttons and delete them. So that's kind of the safeguard of when you need to make changes,
11:37
both to just the, you know, the safe mode policies or again if you need to really, you know, you just don't want to wait for something to age out from that eradication timer, you need to delete it now. So that's where the safeguard comes in with pure technical support. Now, finally, before I really get into the demo, there's two operating modes for safe mode.
11:56
There's a ray wide and there's per object safe mode. Now a ray wide is like we're locking everything down. Anything that once you've got it configured and you've turned safe mode on, you're gonna have to call peer support to make any changes, and that's usually for folks that have like very secure sites,
12:13
dark sites, whatever, like. You're super, super, you know, security conscious you might go with a ray wide, but what we do see in what our default model is, is the per object safe mode, which basically means you can't something that's protected in a port uh protection group or what we refer to as a PG group cannot be deleted and PG groups is basically the the
12:32
container that's going to hold those volumes and I'll show that to you in the demo, um. Per object safe mode is the default safe mode for any new array. So if you're not an existing customer and you go out and you purchase a new array, when we come in and we set it up, this would be turned on.
12:48
If you are an existing customer watching this webinar and you're not running, you maybe you're not on 6.4.1 or newer, once you upgrade your purity environment to that level, that's when the per object safe mode would be turned on. Like I said, when safe mode is enabled, here's a couple of things that you can and can't do. So you can increase the frequency of snapshots, but you can't decrease the frequency of
13:12
snapshots. So meaning again if that hacker gets in, you can make more of them to make it safer, but you can't take less of them to make yourself, you know, more at risk. Uh, you can't remove the protection group objects again, that's what I'm talking about, that's gonna basically be where you contain your volumes
13:27
that you're taking these snapshots of and putting the safe mode policy on. You can't disable the snapshot schedule, and you can't disable safe mode itself. And one key thing to call out is only the snapshots created via these protection groups are protected from this immediate manual deletion. So that's like that snapshot I created in our snapshot demo,
13:49
I could go in there and delete that as my heart contents because it's not created via this policy, right? So if you do need to like take some one-off or ad hoc snaps and you just need them to do a quick recovery, a quick test, you 100% can go in there and delete them, not based off the eradication timer. It's anything that you do that follows this
14:07
protection group strategy. So I've talked a lot, I apologize. Let's go ahead and get back into the demo. So I'll get over here. I go into protection groups. You're gonna see I have this PG group auto, right?
14:21
So that's the default group that gets created when safe mode uh is enabled. And so I'll go in here and you'll see on the left. The volumes that I have and including that new uh clone volume I created are already in here, right? So you see the Langer demo copy and the other volumes, right? So again, everything that gets created is going
14:38
to be positioned or placed into this default group. And as you can see here, I've got safe mode is turned on, AKA it's ratcheted, so like I said, I can't make things work, so worse. So if I see I can't even turn this off here. Uh, if I had a replication schedule, I don't, I only have one array in this lab,
14:56
so I can't show you that, but if I had a replication schedule, I couldn't make it worse. I could only make it better. And then here's like our snapshot schedule again, so, uh, I can't turn it off. I'll hit disabled, hit save. And it's like, nope, you can't do that. Safe mode's turned on,
15:12
you can't disable it. So I cancel there. I want to go in and let's say I want to instead of every 6 hours, let's say I want to make them every 8 hours, right? Hit save. Again, I'm making the protection strategy worse, so it's not gonna let me do that.
15:29
But what if I'm like, you know what, every 6 hours is enough. I want to do it every 3 hours, which again would be better. That change, it is gonna let let me make, right? So that's how when it comes in, I could kind of throttle things uh. To make them more secure, I just can't throttle them to make them less secure.
15:49
Now if I go into the volumes again, and I go into Windows Volume, the Windows, you know, that D Drive that we have, and we look at our destroyed, right, we've got the Langer demo and then we have this copy. So back to my comment of like you can delete anything that's manually created, that's why you see here my Langer demo, you see the countdown is still remaining,
16:10
but since it's not enabled or protected by safe mode, I can eradicate it now, so I can just go ahead and You know, basically it's gonna tell me you're gonna lose this snapshot they just permanently deleted. I'm like, yep. I'm good. But notice the this Windows one volume copy.
16:25
These are being created by the PG A group, right? The one that's the protection group that has safe mode turned on. These ones I'm not gonna be able to destroy because they're not, they're not in um the policy has not been. Exhausted yet, right? So that's why this one is great out here.
16:46
Once this timer expired cause remember it's set to one day, I'll then be able to go in and delete it. Like I don't have to delete it 24 hours. I could still leave it for a couple days. That's just the soonest I would be able to delete it. And again, this is all about protecting yourself from ransomware and your ability to
17:02
recover from like anything where, you know, somebody comes in and they've encrypted your data or encrypted your drives.
![Lightning bolt icon](/content/dam/purestorage/online-assets/icons/lightning.svg.imgo.svg"/){kind=icon}
