French national research centre insources with Rubrik backup

France’s national research organisation wanted to insource IT back from Atos and built its private cloud on VMware across two locations with Rubrik appliances for backup

After taking over responsiblility for infrastructure and services at France’s National Scientific Research Centre (CRNS) in September 2015, David Bercot proposed a mini revolution – to bring back in-house core research applications and infrastructure that was then collocated with Atos, near Angers in the west of the country.

He had two key objectives – to save money, and to build the skillset of his teams around new technologies involved in the deployment of a new private cloud. A big part of achieving that was to roll out a backup infrastructure for the VMware environment it would be based on.

Download as PDF

Access this article wherever and whenever you want.

Hardware, virtualisation, security, firewalls, backup, “we reviewed everything, from top to bottom”, says Bercot. That all started with the organisation’s servers being relocated in the summer of 2017 to a datacentre belonging to the Institute of Nuclear and Particle Physics (IN2P3), a division of CRNS.

Paris-based CRNS had relied on tape, with all the inconveniences that go with it, such as long queues and delays in backup and restoration. The situation had become untenable, says Bercot. “Backups normally took place at night, but sometimes they ran to more than 24 hours,” he says.

Several key criteria were taken into account by Bercot when it came to choices about the new solution. The IT department – which manages about 100 applications, though not the labs’ scientific software – was hoping for a state-of-the-art solution compatible with private cloud and advanced automation functionality.

He didn’t want his operational team and experts to be wasting their time on repetitive tasks. Also, backup needed to take full advantage of the VMware functionality available in CRNS’s environment.

“The software we had worked in all environments but was not optimised to work in virtual environments,” says Bercot.

Two on the shortlist

Two backup suppliers made the shortlist – Veeam, perhaps the best-known maker of software for virtual environments, and Rubrik. “While looking at the market, we noticed a number of interesting things about Rubrik, in particular the complete integration with vRealize Automation [VMware’s infrastructure orchestration product],” says Bercot.

CRNS eventually went for two Rubrik backup appliances, which were deployed at IN2P3.  The two hardware instances functioned in synchronous replication mode, which allowed for failover between the two in case of an issue.

The first appliance took care of virtual machine (VM) backups at the primary site, with the two appliances synchronising. The internal private cloud comprised a total of 30 physical servers and 163 VMs, all backed up on 67TB on the Rubrik appliances.

“We don’t have to worry any more that there are machines not being backed up,” says Bercot. “When a VM is created, a backup policy is automatically applied, depending on its status – as a production machine, test and development, and so on.”

Read more on backup appliances

It’s like day instead of night compared to the previous backup solution for the seven people on the IT department’s operations team, he says. “We can carry out backups during the day, not only at night because they are so quick [being based on snapshots]. And restores are simple. You just need to navigate the file tree, choose the files to restore and the correct date.”

Originally, the two appliances had to be located at two remote sites – IN2P3’s Lyon site or CRNS in Grenoble, in the foothills of the Alps, were the choices.

“This is a latency constraint of VMware vSAN, which means the two sites can’t be more than 100km apart,” says Bercot. “And the replication solution supports latency to a maximum of 50ms. It was 55ms to Grenoble.” So one appliance was moved to IN2P3 in the Lyon area.

There are some advantages for tape over disk, such as greater reliability and the fact that they are potentially more secure, being disconnected from the network – but Bercot is dismissive.

“We have had bad experiences with unreadable tapes during restoration,” he says. “I’ve never had that problem with disk. And with regard to security, we can encrypt the backups.”

Encryption of sensitive applications

From 2019, CRNS has demanded encryption of sensitive applications, and Bercot thought that was covered. “We had thought that, with Rubrik, encryption was active by default,” he says. “But it isn’t the case. And to carry out retrospective encryption, you have to do a complete reset of the Rubrik cluster and a loss of data integrity.”

So a little ingenuity was needed to resolve the issue. That involved disconnecting each appliance, carrying out a reset, and resynchronisation between appliances while activating the encryption.

That done, there is more that Bercot wants to achieve. “The next stage will be to integrate our Oracle databases with the private cloud,” he says. “For now, it is on one physical server for reasons of licensing.”

And therein lies a whole new challenge.

Read more on Enterprise software

Data Center
Data Management