00:00
Storage snapshots are a foundational feature to any storage system, but not all snapshots are created equally. And this is just another area where pure storage out outshines the competition in the marketplace. Our snapshots are 100% metadata which brings so many additional benefits. You can instantly snap any volume with 100% immutability with zero reservations,
00:29
zero performance overhead, thousands of times, literally thousands of times with no impact snapshots. Since they're based off metadata, like I discussed are just really new volumes which provides unsurpassed data flexibility. You can mount that snapshot as a new volume, you can read or write to it as the volume. You can snap it again if you need to and there's zero parent child relationship or
00:55
dependencies between the original snapshot and the clone of the snapshot. So if you need to delete the original, you're not gonna impact the new copy or the new clone and vice versa, right? So you just get this very elegant data flexibility. And since our snapshots are quote unquote, always full, there's no wasted space, they're always thinned,
01:16
they're always d duped and they're always compressed. Thus taking up no additional space on the array. And like I said, with the fact that they're basically new volumes, it provides great recovery and data resiliency pretty much anywhere. You can roll those snapshots forward or backward as needed.
01:35
You can recover any volume from any snapshot and then you can actually replicate those snapshots. You know, to maybe another pure ray that's on site or maybe you leverage our cloud blocks for product and you know, one of the public you can replicate there. So again, you're just gonna have this flexibility both for data resiliency as well as maybe you need
01:55
that data mobility where maybe you need to take a snap of a, you know, a production database and you want to now mount that to a test DEV environment to, you know, run some data or some data processing or whatever. You're just gonna get the ultimate inflexibility when you're leveraging our snapshots for those types of activities.
02:13
But with that said, let's actually just dive into a demo and let me show you everything I'm talking about. So as you can see, I'm in the lab environment, this is what you would get. You're gonna get presented basically with the windows, you know, console. And what I've gone ahead and done for this kind of snapshot demo is on the D drive or the
02:32
volume that's already mounted. I created three folders, finance one, finance two and finance three. And then in finance two, we have these very important po or you know, documents, right, that just cannot be lost. So that's kind of the data per you know, the data side of things that I wanted to present if we actually go into the array.
02:49
So this is our dashboard for purity and let's go into storage for this. We'll go into volumes, we're working with the windows box. So it's gonna be this windows volume one if we click into that. So you can see the windows host over here and then on the right, you kind of see our our snapshot area. Now we do have a default snapshot,
03:09
which I'll get into for safe mode for safe mode. But really, there's no snaps on this volume right now. So if I want to create a new snapshot, it's simple as basically clicking on this little check box or this plus box and I'm gonna give it a great uh suffix. So we're gonna call this layer demo super technical here and we're just gonna click create.
03:30
And as you can see, we've got a snapshot, right? It's pretty fast. So like all those things I talked about before, once we have the snapshot, there's a lot of different things we can do with it. So if I go over here in the console and I click the little burger menu, we've got copy, we have restore, rename, send and destroy and destroy is really pure,
03:50
pure, speak for deletion. And so this is where the kind of the magic can happen for the, these manual created snapshots. So let's say I wanna, you know, restore this snapshot. And let's say, you know, somebody went in and unfortunately was messing around and they d
04:06
deleted this very important po two and you get the phone call and they're like, hey, uh storage admin, like we've lost this file, we need it back, right? So that's a pretty easy thing to do. Now, it's a two step process really when you're dealing with windows. So some of this is purity and some of its windows.
04:24
So before we can restore the volume, right, we actually need to actually go in and take the existing, you know, volume or drive offline from a windows perspective. So I'll go into disc management, I'll take it offline. So now it's offline. And if I go back over here, click the snapshot, go to the,
04:45
the burger menu, basically hit restore. It's basically gonna say, are you sure you want to do this because I'm going to overwrite whatever is existing there. And of course, we're like, yep, let's overwrite it. So we click restore. Let's go back over here.
05:00
We are gonna have to bring that volume, you know, back online and the windows part, let's explore it. And then finance two and Voila, we see that our very important po two file has been restored, right? So that's a very basic kind of show of what the snapshots can do now to take things a step further, let's say back to my comment of like,
05:22
maybe I want to actually take that snapshot and turn it into an actual volume. So I go back over here, hit the burger menu and then I can do copy and then I'm gonna give it again a very, you know, highly technical name. So I'm gonna call it Linger demo copy and I'm just gonna click copy. So you don't really see anything happening here on this screen. But if I go back up to the volumes,
05:47
we now see that I've got this Linger demo copy volume sitting over here and you can see that it's 10 gig just like the original size of the initial volume or the volume that I copied. But we need to actually go in and attach that volume to the windows host. So there's a lot of different ways to do that, but I'm just gonna go into the actual volume itself and I've got this connected host section and I'm just gonna click on the burger menu.
06:12
Click connect, there's my Windows VM or my windows host, click connect that's gonna run. Now, if we go into disc management, it should, it might self populate. If not, let's go ahead and just run a rescan. And now we've got our, our volume here. So we just want to bring this online,
06:35
took it as the F drive. Now. Really, this should just be a a mirror copy of the data from the original volume. So let's go into Windows Explorer. We see Finance one, finance two, finance three, and we see our three important files, right? So all pretty straightforward, very simple to do. And then lastly let's go into back into the
06:56
volumes. Let's go into this Windows volume and last, but not least I can just easily destroy this, right? So you, you took the snapshot, you needed to do with it, whatever you needed to do I click destroy. And it's gonna say, are you sure you wanna do that?
07:10
Like? Yep, let's get rid of it and now it's destroyed. And what you'll see here is it's in this little destroyed uh bucket. And if I expand that, you notice, ah, there it is, you'll notice. Sorry, just took a second. You know, I've got some timers and some deletion.
07:29
So I, so once you, if you destroy something, it's not really gone yet, it goes into this destroyed bucket. Um, and then I could just click this for what we call an eradication, which means it's going to be really gone. So I can delete that or I can set a timer, but I'm gonna leave that there because this actually ties into or gets into the next topic, which is going to be safe mode,
07:55
safe mode is our ransomware protection strategy with flash array and flash blade as well from a snapshots perspective. And really what we're trying to do is we're trying to limit the exposure or limit the risk that you have from a ransomware attack. Now, I listed these as the four stages of a ransomware attack and I'm sure somebody could probably dive in and say there's more.
08:17
But really if you boil it down, it comes into these four. As far as I'm concerned, they want to hack into your system, they wanna identify some sensitive data and then encrypt it. So, you know, they're looking for your grandma's chocolate chip recipe or whatever I IP is very important to you or maybe it's customer data,
08:33
credit card, so on and so forth. But they're looking for that data and then they're going to encrypt it so you can't use it or access it. But beyond that, the next thing they're gonna want to do is cripple your ability to actually recover that data, right? So they're gonna try and find your snapshots on your storage system. They're gonna try and find your backups,
08:49
whatever they can do to make sure you cannot recover to a known good point in time for that data because that's where they're going to look for the ransom data A K, they want to get paid, right? So they made it so you can't recover. They've got your important information locked out and you're at their mercy. But with safe mode, what we're really trying to do is we're gonna stop them in the tracks.
09:10
So we're going to make it so they can't limit your ability to restore that data or, you know, recover that encrypted information, which means of course, they're not going to get paid. And how do we do that is again with our safe mode. So what we, this is a kind of a quick explanation of a,
09:31
of a workflow of how safe mode works. So, manually destroyed data or snapshots are placed into what we call this eradication bucket. So remember when I was doing the snapshot demo, I had that destroyed area, right? That's quote unquote the eradication bucket. But then once data lands in there, there's a duration or a timer that's set for how long it
09:51
can live there before it can be eradicated, meaning before you really destroy it and it is just gone. Now that timer can be set from 1 to 30 days. So by default, like on our screen, I think you saw that was set for 24 hours or when I get back in, I can show that to you. But this is where your flexibility comes in of like if I destroy an object, whether it be a volume or you know,
10:15
try to edit something I can set like that has to live in the eradication bucket for four days before it can be destroy, right or 16 days or whatever it is. So really, that's what where the protection comes in comes in where not only if they try to, you know, delete your snapshots. So maybe they got in and they figure out how to delete the snapshot snapshots, but now they're sitting there and they can't be eradicated.
10:37
So you have that, that recover like we just did with like do you clone it to a snap, do you restore it? Whatever that scenario is and that's how you limit the ransomware or the attacker ability to, you know, to ransom your data. Now for a safeguard, of course, because sometimes maybe you do actually need to change
10:55
something or delete something. This is where our, what I would say for our authentication for eradication comes in. So anytime something needs to be eradicated before that timer is expired, a known, you know, account or, you know, authorized person within your organization has to call pure storage, technical support.
11:17
And of course, then they're identified by our support, whether you know, it's pin numbers or whatever. There's multiple ways we handle that. We can say, OK, Langer works as a valid contact and he wants to now remove these snapshots or eradicate them. The peer support person is validated, then we can go ahead and hit the buttons and delete them.
11:32
So that's kind of the safeguard of when you need to make changes both to just the, you know, the safe mode policies. Or again, if you need to really, you know, you just don't want to wait for something to age out from that eradication timer, you need to delete it now. So that's where the safeguard comes in with pure technical support.
11:51
Now, finally, before I really get into the demo, there's two operating modes for safe mode, there's array wide and there's per object safe mode. Now, array wide is like we're locking everything down anything that once you've got it configured and you've turned safe mode on, you're gonna have to call pure support to make any changes. And that's usually for folks that have like
12:11
very secure sites, dark sites, whatever like you are super, super, you know, security conscious, you might go with a raw, but what we do see in what our default model is is the per object safe mode, which basically means you can't, something that's protected in a port uh protection group or what we refer to as a PG group cannot be deleted.
12:30
And PG groups are basically the the container that's going to hold those volumes and I'll show that to you in the demo. Um Her object safe mode is the default safe mode for any new array. So if you're not an existing customer and you go out and you purchase a new array when we come in and we set it up, this would be turned on if you're an existing customer watching this
12:50
webinar and you're not running you, maybe you're not on 6.4 0.1 or newer. Once you upgrade your purity environment to that level. That's when the per object, safe mode would be turned on. Like I said, when safe mode is enable, here's a couple of things that you can and can't do. So you can increase the frequency of snapshots, but you can't decrease the frequency of
13:12
snapshots. So, meaning again, if that hacker gets in, we, you can make more of them to make it safer, but you can't take less of them to make yourself, you know, more at risk. Uh You can't remove the protection group objects. Again, that's what I'm talking about. That's gonna basically be where you contain your volumes that you're taking these snapshots
13:29
of and putting the safe mode policy on. You can't disable the snapshot schedule and you can't disable safe mode itself. And one key thing to call out is only the snapshots created via these protection groups are protected from this immediate manual of deletion. So if I, but like that snapshot I created in our snapshot demo,
13:49
I could go in there and delete that as my heart contents because it's not created via this policy, right? So if you do need to like take some one off or ad hoc snaps and you just need them to do a quick recovery, quick test, you 100% could go in there and delete them not based off the eradication timer. It's anything that you do that follows this protection group strategy.
14:09
So I've talked a lot, I apologize. Let's go ahead and get back into the demo. So I'll get over here. I go into protection groups. You're gonna see I have this PG group auto, right? So that's the default group that gets created when safe mode uh is enabled.
14:25
And so I'll go in here and you'll see on the left, the volumes that I have and including that new uh clone volume I created are already in here, right? So you see the lay your demo copy in the other volumes, right? So again, everything that gets created is going to be positioned or to place into this default group.
14:42
And as you can see here, I've got safe mode is turned on A K A, it's ratcheted. So like I said, I can't make things work so worse. So if I see, I can't even turn this off here. Uh If I had a replication schedule, I don't, I only have one array in this lab. So I can't show you that. But if I had a replication schedule,
14:59
I couldn't make it worse, I could only make it better. And then here's like our snapshot schedule again. So uh I can't turn it off, I'll disabled, hit save and it's like, nope, you can't do that safe modes turned on, you can't disable it. So cancel there if I want to go in. And let's say I want to,
15:18
instead of every six hours, let's say I wanna make them every eight hours, right? Hit save again. I'm making the protection strategy worse. So it's not gonna let me do that. But what if I'm like, you know what, every six hours is enough. I want to do it every three hours, which again would be better that change it is gonna let,
15:38
let me make. Right. So that's how when it comes in, I could kind of throttle things, uh, to make them more secure. I just can't throttle them to make them less secure. Now, if I go into the volumes again and I go into windows volume the windows, you know that D drive that we have and we look at our destroyed,
15:59
right? We've got the Langer demo and then we have this copy. So back to my comment of like you can delete anything that's manually created. That's why you see here my Langer demo, you see the countdown is still remaining, but since it's not enabled or protected by safe mode, I can eradicate it now. So I can just go ahead and you know,
16:16
basically, it's gonna tell me you're gonna lose this snapshot that is permanently deleted. I'm like, yep, I'm good. But notice the, this Windows one volume copy. These are being created by the PG auto group, right? The one that's the protection group that has safe mode turned on these ones, I'm not gonna be able to destroy because they're
16:37
not, they're not in um the policy has not been exhausted yet. Right. So that's why this one is great out here once this timer expired. Because remember I it's set to one day I'll then be able to go in and delete it. Like I don't have to delete it 24 hours like it to leave it for a couple days. That's just the soonest I would be able to
16:57
delete it. And again, this is all about protecting yourself from ransomware and your ability to recover from like anything where, you know, somebody comes in and they've encrypted your data or encrypted your drives.
