Back Up Your On-premises Data to the Cloud Using Storage Gateway and Object Storage
Protecting data is critical for organizations, whether it's stored on-premises or in the cloud. The amount of data continues to grow, posing on-going challenges of continuously adding storage requirements, especially when stored on-premises. The requirement to store data on-premises can come from a regulatory requirement or a specific requirement for an application or a line of business. This necessity can slow down the rollout of new services and applications and impact agility.
Oracle Cloud Infrastructure offers unlimited storage using Oracle Cloud Infrastructure Object Storage service. Oracle Cloud Infrastructure Object Storage provides a standard tier for data that's frequently accessed and requires faster retrieval time, infrequent access for data that's accessed infrequently and isn't sensitive to retrieval time, and an archive tier for long-term storage. You can utilize cross-region replication for disaster recovery scenarios. You can also configure lifecycle management policies on Oracle Cloud Infrastructure Object Storage to move files to the infrequent access tier and delete files, meeting lifecycle rules, and other operations to reduce storage costs. For more information, see Overview of Object Storage.
You can use Oracle Cloud Infrastructure Storage Gateway to connect your on-premises applications with Oracle Cloud Infrastructure. Applications that can write data to a network file system (NFS) target can also write data to Oracle Cloud Infrastructure Object Storage without requiring application modification to uptake the REST APIs.
Architecture
Oracle Cloud Infrastructure Storage Gateway is used to migrate data from on-premises applications that can write data to an NFS target to Oracle Cloud Infrastructure Object Storage. You can use Oracle Cloud Infrastructure FastConnect for secure and efficient transfer.
Along with backing up data written to the NFS target, you can also back up other data (such as data from a database) to Object Storage directly. Setting up Storage Gateway is a simple operation with the following steps:
- Install Storage Gateway on an Oracle Cloud Infrastructure Compute instance in Oracle Cloud Infrastructure or on-premises.
- Create a file system on the Storage Gateway to store or retrieve data from Object Storage.
- Map the exposed NFS mount point of the Storage Gateway to any host that supports an NFSv4 client. The Storage Gateway mount point maps to an Object Storage bucket with the same name.
Object Storage buckets and the objects within those buckets exist in a flat hierarchy. So, for files in nested directories, Storage Gateway flattens the directory hierarchy into nested object prefixes in Object Storage.
With easy backups, the Storage Gateway provides the following features:
- Automated object deletion: When you delete files on the Storage Gateway file system, the corresponding object in Object Storage is automatically deleted.
- Cache pinning: Pin files to the file system cache for quick access.
- Health check: Automated check of services and resources, local storage, file system cache, metadata storage, and log storage.
- Cloud sync: Integrated utility to store and retrieve files from Object Storage.
For more information on Storage Gateway, refer to Overview of Storage Gateway.
The following diagram illustrates this reference architecture. This architecture shows the use of cross-region replication for disaster recovery in the unlikely event of a regional outage. You can enable replication using a replication policy.
The architecture has the following components:
- Region
An Oracle Cloud Infrastructure region is a localized geographic area that contains one or more data centers, called availability domains. Regions are independent of other regions, and vast distances can separate them (across countries or even continents).
- Network Connectivity
To enable your administrators to manage the environment, you can connect to your existing on-premises infrastructure by using site-to-site IPSec VPN connections or dedicated Oracle Cloud Infrastructure FastConnect circuits. Utilize the private endpoint option to enable private access to services within Oracle Cloud Infrastructure. Private access means that traffic does not go over the Internet
- Compartment
Compartments are cross-region logical partitions within an Oracle Cloud Infrastructure tenancy. Use compartments to organize your resources in Oracle Cloud, control access to the resources, and set usage quotas. To control access to the resources in a given compartment, you define policies that specify who can access the resources and what actions they can perform.
- Object Storage
Object storage provides quick access to large amounts of structured and unstructured data of any content type, including database backups, analytic data, and rich content such as images and videos. Use standard storage for "hot" storage that you need to access quickly, immediately, and frequently. Use archive storage for "cold" storage that you retain for long periods of time and seldom or rarely access.
- Cloud Guard
Use Oracle Cloud Guard to monitor and maintain the security of your resources in Oracle Cloud Infrastructure. Cloud Guard uses detector recipes that you can define to examine your resources for security weaknesses and to monitor operators and users for risky activities. When any misconfiguration or insecure activity is detected, Cloud Guard recommends corrective actions and assists with taking those actions, based on the responder recipes that you can define.
Recommendations
- VCN
When you create a VCN, determine the number of CIDR blocks required and the size of each block based on the number of resources that you plan to attach to subnets in the VCN. Use CIDR blocks that are within the standard private IP address space.
Select CIDR blocks that don't overlap with any other network (in Oracle Cloud Infrastructure, your on-premises data center, or another cloud provider) to which you intend to set up private connections.
After you create a VCN, you can change, add, and remove its CIDR blocks.
When you design the subnets, consider your traffic flow and security requirements. Attach all the resources within a specific tier or role to the same subnet, which can serve as a security boundary.
Use regional subnets.
- Security
Use Oracle Cloud Guard to monitor and maintain the security of your resources in OCI proactively. Cloud Guard uses detector recipes that you can define to examine your resources for security weaknesses and monitor operators and users for risky activities. When any misconfiguration or insecure activity is detected, Cloud Guard recommends corrective actions and assists with taking those actions, based on responder recipes that you can define.
Considerations
When deploying this reference architecture, consider your requirements for the following parameters:.
- Performance
Depending on the amount of data, you can use Oracle Cloud Infrastructure FastConnect or IPSec VPN to manage costs. For faster access, you can use the Object Storage Standard tier to store files that you need frequently.
- Security
By default, Oracle Cloud provides encryption of all objects stored in Object Storage buckets. For extra security, you can choose to encrypt these objects using customer-managed keys.
- Availability
Object Storage is highly available. However, you can choose to configure cross-region replication to protect against unlikely regional outages.
- Cost
Pricing varies depending on which Object Storage tier you choose. So, carefully consider the appropriate tier. Moreover, some objects have retention requirements, and violating the requirements can trigger extra charges. For these requirements and costs, refer to the Overview of Object Storage.