October 18, 2022
Topics: Cloud Manager Data ProtectionAdvancedRansomware ProtectionSecurity
Dark site deployment is here for Cloud Manager. That means you can now use Cloud Manager to manage data that is stored in on-premises NetApp environments that are completely segmented and air-gapped from the internet.
In this post we’ll take a look at what a dark site deployment is, who can benefit from using it, and introduce you to the features Cloud Manager brings to this highly secure deployment model.
Use the links below to jump down to the sections on:
- What Is a Dark Site?
- How Dark Site Mode Works with Cloud Manager
- Data Services Available in Dark Site Mode Through Cloud Manager
What Is a Dark Site?
In general terms, a “dark site” is a closed network environment that does not have any internet connectivity. The main public cloud provider’s secret governmental regions, such as Azure’s Department of Defense (DoD) Impact Level 6 (IL6) and AWS Amazon Commercial Cloud Services (C2S) services, largely operate as dark sites.
Note that, though the name is similar, dark sites are not to be confused with the dark web, which are sites that use the internet via overlay networks that can only be accessed using specialized software, mainly for illicit purposes.
Who can benefit from dark site deployment?
Traditionally, dark site deployment has mainly been used by governmental agencies working with highly classified materials. But the applications for the deployment model go well beyond that.
With the closed environment a dark site offers, all data and permissions can be entirely contained within the closed network. That provides an added level of security that is relevant to any organization, not just governmental bodies. With threats becoming increasingly more sophisticated from both criminals and state-based actors, major enterprises need to take the proper precautions to make sure critical data remains safe. Dark site deployment can make that possible.
Many enterprises can benefit from this extra airgap for their core data—such as important research or critical IP documents—which can be targeted by cyberattacks or corporate espionage. Dark site deployment can also be beneficial for organizations with large amounts of highly sensitive data to protect, such as financial and healthcare institutions. With NetApp Cloud Manager’s dark site mode, NetApp customers now have a way to do that. Dark site deployment is part of NetApp’s unified control plane, delivering a simplified experience for storage and data services across environments, and Cloud Manager is key to that.
How Dark Site Mode Works with Cloud Manager
Until recently, Cloud Manager was only available for deployment as a software-as-a-service (SaaS) model. But for SaaS deployment you need connectivity from the environment to NetApp’s SaaS layer via the internet. That has changed with the new dark site mode for Cloud Manager.
Don’t let the name confuse you: though this is Cloud Manager, it doesn’t necessarily operate in the cloud. In this model, Cloud Manager works directly with existing NetApp on-prem deployments. Cloud Manager in dark site deployment gives users the same intuitive interface without any internet connectivity. That means you’ll be able to discover the ONTAP systems in your data center, scan your data with Data Sense, and protect it with Cloud Backup, all from a single pane of glass.
Note that since this version of Cloud Manager operates completely offline, that means the automatic features of the SaaS will not be available. It will be up to the administrator to download and install all of the updates that the software needs and to manage everything about the configuration. This doesn’t necessarily need to be considered a drawback, as this added level of responsibility is inherent with managing any kind of dark site environment, and some admins may appreciate the hands-on nature of maintaining the software.
The first step to set up dark site mode is to install the connector. You can read the full instructions on how to install the connector here.
Data Services Available in Dark Site Mode Through Cloud Manager
There are more services on the way, but Cloud Manger can be used to operate two key NetApp services that are available to take advantage of dark site deployment mode: Cloud Backup allows users in dark sites to create efficient, block-level backups that are stored in offline object storage, and Cloud Data Sense gives users the power to scan, assess, and govern data across the dark site.
Cloud Backup in Dark Site Deployment
Cloud Backup can work with NetApp StorageGRID® appliances to store your backup copies in a dark site setting. Cloud Backup adds another layer of security for this critical data, as it automatically backs up and restores more efficiently and securely than employing a third-party NDMP-based backup method.
We’ve written about dark site deployment with Cloud Backup before, but coinciding with the dark site functionality coming to Cloud Manager, we’ve added some important new functionality to using Cloud Backup’s in dark site mode:
- Now the containers running behind the scenes for the cloud restore instance are fully integrated as part of the dark site Connector. That means there’s no extra jump between the connector and your StorageGRID environment when you’re restoring data.
- Ransomware protection with Cloud Backup DataLock makes it possible to store backup copies in immutable WORM storage in the secondary environment.
- Single-file restores through Cloud Backup’s browsable catalog are now fully supported for dark site Cloud Backup deployments.
Data Sense in Dark Site Deployment
New to dark site deployment is Data Sense. NetApp’s data governance toolkit gives users the ability to scan, map, identify, and report on data, but there are some differences when used in dark site environments.
First off, due to its offline nature, dark site Data Sense will be able to scan any of the local supported data sources in the same on-prem site as the dark site. The supported data sources include databases, ONTAP storage systems, NFS or CIFS file shares (either NetApp or non-NetApp), and object storage that follows the S3 protocol (including StorageGRID appliances).
For more details, check out the documentation on Data Sense dark site deployment here.
Highly sensitive data that demands the highest level of protection can’t be accessible via the internet. But that doesn’t mean you should have a limited toolset to work with it.
Cloud Manager’s new dark site capabilities make it possible for NetApp users to maintain isolated environments and manage them through Cloud Manager, with access to Cloud Backup and Cloud Data Sense for better backup protections and data governance too.
For more information on how to set up the dark site deployment option for Cloud Manager, visit the documentation here.