Use BlueXP to protect Epic EHR with a 3:2:1-compliant backup policy

In a prior technical blog post, I wrote about the simplicity of protecting your NetApp® ONTAP® primary storage with the NetApp Cloud Backup service, which backs up ONTAP Snapshot™ copies to NetApp StorageGRID^® object storage. Cloud Backup functionality has now moved under the NetApp BlueXP™ control plane, but the value proposition remains the same. You get the use of a separate physical infrastructure that is enhanced in terms of scalability, efficiency, and cost for backup data.

The industry calls it a “3:2:1 backup architecture”—as in 3 copies of data, 2 different storage systems, and 1 remote copy. In our case, ONTAP is the primary source of data, and StorageGRID is the backup target. This solution can be applied to an EHR implementation or any similar application.

The BlueXP backup and recovery capability and StorageGRID are ideal companions to ONTAP primary storage systems. In this blog post, I cover the benefits of the solution: “Why do I need this?” or WIIFM? (“What’s in it for me?”). This post also includes a link to a step-by-step technical implementation guide.

Let us count the ways:

1. BlueXP backup is a block-based approach to backup and restore with significant advantages, such as:
   1. Incremental-forever backup: Only changed blocks are backed up.
   2. High efficiency: In addition to copying only changed blocks, the ONTAP storage efficiencies are preserved.
   3. Low overhead: Compared with other backup solutions, a NetApp SnapMirror® block-based backup solution reduces the ONTAP system utilization.
   4. No intermediary: ONTAP data is backed up directly to the object store with minimal overhead. No additional technology or staging area is involved in the process.
2. BlueXP backup is secure:
   1. BlueXP backup uses AES-256-bit encryption for data at rest. When backup data is sent from ONTAP to the object store, Transport Layer Security (TLS) 1.2 HTTPS connections are used to encrypt the data in transit.
3. BlueXP backup and StorageGRID provide ransomware protection:
   1. BlueXP can manage the StorageGRID S3 Object Lock functionality, turning the ONTAP Snapshot data into immutable objects with a user-defined expiration date.
4. Seamless integration offers technical and business advantages:
   1. An all NetApp solution benefits from deep technical product integration and compatibility testing.
   2. An all NetApp solution also benefits from simple case management and a superior customer support experience.
5. TCO is lower, and financial operations are simpler:
   1. An all NetApp solution simplifies vendor management, technical refreshes, and license management and co-termination.
   2. A single StorageGRID namespace can serve as the target for tiering and backup policies, improving the efficiency and cost of ownership of your primary ONTAP system.
   3. A single StorageGRID namespace can also serve additional S3 and object workloads in the client environment. StorageGRID supports multitenancy with different SLAs for workload isolation.

You can use the StorageGRID object storage solution on premises to store your data at scale. With StorageGRID, you get native support for Amazon Simple Storage Service (Amazon S3) APIs and industry-leading innovations such as automated lifecycle management to store, to secure, to protect, and to preserve your data cost-effectively. As a geo-distributed solution, a single StorageGRID namespace can span multiple active data centers (where ONTAP is physically present) and your remote bunker sites for longer-term data storage.

And let’s not forget the StorageGRID information lifecycle management (ILM) policies. They enable the ingestion of data in your primary data center in physical proximity to your ONTAP systems for maximum performance of backup jobs. Then for geo-dispersed resilience, ingestion is followed by nondisruptive, policy-driven data movement to your bunker sites.

In the earlier blog post, I gushed over the simplicity of the BlueXP canvas layout to orchestrate your backup and restore jobs. Here I talk about the use of RESTful APIs to extend the same data protection to ONTAP hosted LUNs that service databases or applications that use databases under the covers. The problem that we are trying to solve is one of orchestration. A database usually consists of multiple LUNs. That is to say, it has multiple moving parts, interdependent file systems, and data that may have been modified in the server memory but not yet written to disk (in this case, the ONTAP LUN).

To create a usable and restorable snapshot of a database, the database must be in the proper state. Most databases refer to it simply as “backup mode.” You don’t want to keep operating with the database in backup mode for too long. So, your ONTAP administrator must be ready to create the LUN snapshots quickly so that the application can be returned to normal operations as soon as possible.

This situation is familiar to anyone who has children and tries to orchestrate a family photo. The more children (that is, LUNs) in the photo (that is, snapshot), the harder it is to get everyone to keep still at the same time. In our family, to quiesce the children, I run the script ./wife. Wife has root privileges on all the family systems. I know it is a security risk, but you need to be root to disable root, and I have only “sudo” privileges on a small subset of commands. (Apropos of nothing, I did buy my wife a T-shirt that said, “I am <root>. Obey me.” She did not find it amusing.) Obviously, the children can stay still for only so long—but because I am both the “database” admin and the “storage” admin, the process is relatively quick. In the IT world, to bridge the database administrator and the storage administrator, we use automation.

The specific steps are documented in this technical post on the NetApp Community site. The upshot of that post is that you use a single REST API command to achieve your 3:2:1 backup strategy. This one command can be added to your existing automation framework.

For electronic health record (EHR) instances, this framework is typically an Ansible script or is driven by the NetApp SnapCenter® licensed capability. This one command triggers ONTAP Snapshot and copies the data to StorageGRID. The BlueXP backup and recovery capability automatically refreshes to make the backup data available for restores.

With ONTAP, StorageGRID, and BlueXP backup, it’s easy to protect your applications. Adding a single REST API call to the automation framework that you use to quiesce the database for backup is a simple and powerful method of protecting any application with a 3:2:1 architecture.

Get started today, for any of your applications!

BlueXP backup and recovery can also integrate with NetApp SnapCenter, which adds support for specific databases such as Oracle, Microsoft SQL Server, and SAP HANA. For more information about how to integrate with SnapCenter, check out Protect your on-premises applications data.