Lower Your Costs With Optimized Backups of Your TDE Databases on a Cyber Resilient Appliance

见解 April 10, 2023

Many security-related compliance regulations mandate that sensitive data needs to be stored using encrypted storage. To solve this, Oracle and MS-SQL databases provide Transparent Data Encryption (TDE) which encrypts data at rest in a database. In Oracle, this can be implemented on either application tablespaces or specific sensitive columns. In SQL Server it’s implemented for the entire database.  While this addresses regulatory requirements, it can eliminate compression and deduplication savings resulting in additional costs for your backup storage. 

Best Cost Savings with Similar Deduplication Savings as Non-TDE Databases

Although you can’t get compression savings on TDE databases, NetBackup is able to achieve deduplication savings like non-TDE backups with its intelligent stream handlers specifically designed for MS-SQL and Oracle databases.  Most other vendors rely on the native backup method and so do not provide this level of functionality for TDE databases.

The way it works is quite simple.  A full backup is initially taken, and the intelligent stream handler checks the format of the incoming backup data and analyzes it to identify and align the segments with the header and page boundaries. For subsequent backups Oracle will create the backup set using the same page boundaries and RMAN will send the data utilizing the same patterns. Since NetBackup knows of these page boundaries it can identify identical pages within the backup data and achieve deduplication savings by not writing this data again.

Increase Database Backup and Restore Performance

In addition to optimized deduplication, using stream-based mode enables jobs to be processed using multiple parallel streams which can substantially increase database backup and restore performance. 

Remove I/O Bottlenecks on Backup Target for VLDB

If you have a very large database (VLDB), NetBackup can stream the data to multiple storage targets in parallel, thus removing I/O bottlenecks from the backup target. For Oracle VLDB (very large databases) the backup sets are sent across multiple channels where each channel can intelligently utilize different media and storage servers.

Performance Optimized Storage

Veritas designed both NetBackup Flex and Flex Scale with performance-optimized storage that is needed to support multiple parallel streams and multiple storage targets.  In addition, NetBackup Flex Scale offers near-linear performance scalability, allowing you to add more parallel streams and channels as you scale your cluster. Check out the performance white paper for details including support for 800 parallel streams.

Full Backups at the Cost of Incremental with Instant Access Recovery

To further minimize backup windows and provide instant access recovery operations, NetBackup supports Universal Share for Oracle Incremental merge. This allows Oracle customers to get full backups utilizing the incremental forever strategy which minimizes the backup window and network overhead. The backups and snapshot generation are fully automated. The incremental backups are merged utilizing Oracle tools to create a new full. And most importantly, NetBackup’s instant access capability enables instant recovery by mounting a database recovery point that you can use to immediately access your database.

To use instant access you simply:

  1. 1. Configure an instant access mount from the recovery point
  2. Mount the instant access mount point on the client
  3. Start the database in mount mode, catalog the backup images on the recovery mount point, and restore the database

Cyber Resilient By Design

NetBackup Flex and Flex Scale appliances were built with security as the primary objective, making it easy to achieve the highest level of cyber resiliency for your backup environment. The architecture is built with multiple layers of security to provide a Zero Trust architecture, including:

  • Automated AI-driven anomaly detection that can identify trends and deviations in backup data streams and alert administrators
  • Access controls that limit or removes root access to users and services
  • Secure communication such as management controls and enhanced data infrastructure security such as the removal of restricted remote destructive operations, ensuring no one can access a system via IPMI and making system-level changes such as formatting hard drives, encrypting, or deleting data.
  • A hardened OS that removes all unnecessary services and software and adds isolation and restrictions to control processes and resources at the OS level.
  • WORM storage
  • Cluster-based immutable compliance clock for controlling backup image retention that is independent of OS time and NTP
  • Service and network isolation

Check out these white papers for more details on cyber resiliency built into NetBackup Flex Scale and  Flex.

In addition, NetBackup Flex Appliance also supports an Isolated Recovery Environment (IRE) enabling air-gapped backup copies. It works by disabling network connectivity to a secure copy of your critical data that can provide administrators with a clean set of files on demand to neutralize the impact of a ransomware attack.

Helping Meet Your Sustainability Goals

In addition to NetBackup Flex and Flex Scale appliances' significant TCO savings from efficiency and recovery, they can help you reach your sustainability goals too. With data deduplication and high-density design, you can achieve:

  • 54% reduction in power consumption with the latest appliances
  • 90% reduction in cloud storage footprint and network traffic

Additionally, Veritas is committed to responsible product development, and we are on track to meet our science-based sustainability targets by 2025, and thus far have achieved:

  • 34% reduction in Greenhouse gas emissions since 2019
  • 55% renewable energy
  • Reused and recycled 17 tons of appliances

In summary, unlike most other vendors that claim support for TDE, but treat them as any other backup, NetBackup Flex Scale and Flex Appliances offer the easiest and most cyber-resilient way to protect your TDE databases. With performance-optimized storage, stream-based backups, instant recovery, and universal share for Oracle Incremental Merge, you get the fastest backup and instant recovery options.  

For configuration and deduplication best practices refer to the NetBackup Oracle Admin Guide. For more information, check out the Data Deduplication with Veritas Appliances white paper and contact your local Veritas expert.

Sandra Moulton
Dir, Solutions Architect
VOX Profile