The Riverbed Blog (testing)

A blog in search of a tagline

Riverbed Whitewater and the Cloud Security Concern

Posted by riverbedtest on December 10, 2010

Whitewater is one of Riverbed's two newest products (with Cloud Steelhead being the other).  This new product allows Riverbed customers to archive their backup data into the Amazon S3 cloud.  Whitewater simply presents out a CIFS or NFS file share, and then all you have to do is point your backup media server to it.  The data received by Whitewater will then be deduplicated and sent into the Amazon cloud.  Whitewater leverages the same advanced deduplication technology that is used in the Riverbed Steelhead product, which is able to recognize common byte-level data patterns at an average 100-byte granularity. 

The Riverbed deduplication technology allows Whitewater to achieve data reduction ratios of between 20:1 to 50:1 for most types of backup data.  For example, if you have 20TB of data, Whitewater will shrink that down to something like 600GB before sending that backup data to the Cloud, yielding cost savings from cloud providers such as Amazon S3 who charge by the amount of GB consumed.

However, Whitewater does more than optimize usage of cloud resources.  It also addresses the top concern by IT professionals when it comes to moving data into the Cloud, which is data security.  Security is a vital concern for potential cloud users since we're talking about a multi-tenant environment where different customers are using the same shared storage infrastructure.

But Whitewater addresses the security issue by encrypting all data with 256-bit AES prior to sending it into the Cloud.  This renders the data into a meaningless blog to anyone except the owner of the private key.  If the cloud provider somehow accidentally allows someone else to access your backup data, you can rest assured that they will not be able to extract any meaningful information from that blob.

Now what if the Whitewater device fails?  Or what if your data center is wiped-out in a 9/11-type event?  How will you recover your cloud-hosted data in these scenarios?  Well all you have to do is obtain a replacement Whitewater device from Riverbed.  As long as you still have the original private key used to encrypt the data (which can be offloaded from the original Whitewater device and sent to a different site for safekeeping), then any Whitewater appliance–even one fresh out of the box–can be used to recover your cloud-resident backup data.

4 Responses to “Riverbed Whitewater and the Cloud Security Concern”

  1. Leo said

    Hi Josh,
    Can Whitewater present a CIFS/NFS-based shared folder to Windows XP, 2K3 or 2K8?

  2. Josh Tseng said

    Hi Leo,
    Yes, it sure can, although it’s tuned for sequential I/O operations that are characteristic of backup jobs. So if you plan to do file operations on the shared folder, don’t expect lightning-fast response times.

  3. I think there are two main security matters for cloud computing. One is Security issues faced by cloud providers (organizations providing Software, Platform, or Infrastructure as a Service via the cloud) and other is security issues faced by their customers. But in case if Whitewater fails, what is most efficient way to replace it?

  4. Bob Gilbert said

    Hi J,
    One of the great properties of Whitewater is that it is stateless, meaning that you can easily replace the Whitewater with another Whitewater and it will simply learn the previous backup sequences and allow you to access/optimize the cloud storage. remember that all the data persists in the cloud. Also keep in mind that a physical Whitewater can be replaced with a virtual version, which improves flexibility in your H/A design.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: