Riverbed Whitewater and the Cloud Security Concern
Posted by riverbedtest on December 10, 2010
Whitewater is one of Riverbed's two newest products (with Cloud Steelhead being the other). This new product allows Riverbed customers to archive their backup data into the Amazon S3 cloud. Whitewater simply presents out a CIFS or NFS file share, and then all you have to do is point your backup media server to it. The data received by Whitewater will then be deduplicated and sent into the Amazon cloud. Whitewater leverages the same advanced deduplication technology that is used in the Riverbed Steelhead product, which is able to recognize common byte-level data patterns at an average 100-byte granularity.
The Riverbed deduplication technology allows Whitewater to achieve data reduction ratios of between 20:1 to 50:1 for most types of backup data. For example, if you have 20TB of data, Whitewater will shrink that down to something like 600GB before sending that backup data to the Cloud, yielding cost savings from cloud providers such as Amazon S3 who charge by the amount of GB consumed.
However, Whitewater does more than optimize usage of cloud resources. It also addresses the top concern by IT professionals when it comes to moving data into the Cloud, which is data security. Security is a vital concern for potential cloud users since we're talking about a multi-tenant environment where different customers are using the same shared storage infrastructure.
But Whitewater addresses the security issue by encrypting all data with 256-bit AES prior to sending it into the Cloud. This renders the data into a meaningless blog to anyone except the owner of the private key. If the cloud provider somehow accidentally allows someone else to access your backup data, you can rest assured that they will not be able to extract any meaningful information from that blob.
Now what if the Whitewater device fails? Or what if your data center is wiped-out in a 9/11-type event? How will you recover your cloud-hosted data in these scenarios? Well all you have to do is obtain a replacement Whitewater device from Riverbed. As long as you still have the original private key used to encrypt the data (which can be offloaded from the original Whitewater device and sent to a different site for safekeeping), then any Whitewater appliance–even one fresh out of the box–can be used to recover your cloud-resident backup data.
Leo said
Hi Josh,
Can Whitewater present a CIFS/NFS-based shared folder to Windows XP, 2K3 or 2K8?
Josh Tseng said
Hi Leo,
Yes, it sure can, although it’s tuned for sequential I/O operations that are characteristic of backup jobs. So if you plan to do file operations on the shared folder, don’t expect lightning-fast response times.
Josh
J (Encrypted Flash Drive Guy) said
I think there are two main security matters for cloud computing. One is Security issues faced by cloud providers (organizations providing Software, Platform, or Infrastructure as a Service via the cloud) and other is security issues faced by their customers. But in case if Whitewater fails, what is most efficient way to replace it?
Bob Gilbert said
Hi J,
One of the great properties of Whitewater is that it is stateless, meaning that you can easily replace the Whitewater with another Whitewater and it will simply learn the previous backup sequences and allow you to access/optimize the cloud storage. remember that all the data persists in the cloud. Also keep in mind that a physical Whitewater can be replaced with a virtual version, which improves flexibility in your H/A design.