NetApp SnapVault
NetApp SnapVault protects data on a SnapVault primary system by maintaining a number of read only versions of that data on a SnapVault secondary system. This SnapVault secondary is always a data storage system running Data ONTAP.
First, a complete copy of the data set is pulled across the network to the SnapVault secondary. Each subsequent back up transfers only the data blocks that have changed since the previous backup.
SnapVault and Snapshots
When the initial full back up is performed, the SnapVault secondary stores the data in a WAFL file system, and creates a Snapshot image of that data. A Snapshot is a read-only, point in time version of a data set. A new Snapshot is created each time a backup is performed, and a large number of Snapshots can be maintained according to a schedule configured by the back up administrator. Each Snapshot consumes an amount of disk space equal to the differences between it and the previous Snapshot.
Each time a SnapVault incremental backup occurs, the SnapVault primary compares the previous snapshot with the current snapshot to determine which data blocks have changed and need to be sent to the SnapVault secondary. The SnapVault secondary writes these data blocks to it’s version of the qtree. When all qtrees in the secondary volume have been updated, it takes a Snapshot to capture and retain the current state of all the qtrees.
This mechanism effectively combines data from multiple Snapshots on multiple primaries into a single Snapshot on the SnapVault secondary. However it is important to remember that SnapVault does not transfer Snapshots; it only transfers selected data from within Snapshots.
Self Service Restores
One of the unique benefits of SnapVault is that users do not require special software or privileges to perform a restore of their own data. Any users who wish to performa restore of their own data may do so without the intervention of a system administrator, saving time and money.
Restoring a file from a SnapVault backup is simple. Just as the original file was accessed via an NFS mount of CIFS share, the SnapVault secondary may be configured with NFS exports and CIFS shares. So long as the destination qtrees are accessible to the users, restoring data from the SnapVault secondary is as simple as copying from a local snapshot.
Consistent Security
A common statement in the computer security community is that backups are "...a reliable way to violate permissions at a distance." With most common backup methods, the backup copy of the data is stored in a format that is usable by anyone with a copy of the appropriate backup software; access controls may be implemented by the backup software but they can not be the same as the access controls on the original files.
SnapVault stores backup copies of the data in a WAFL file system which replicates all of the file permissions and access control lists held by the original data; if a user was not authorised to access a file on the original system, they will not be authorised to access a file the backup copies of that file. This allows the self service restores described above to be performed safely.