Yesterday, 17th November, Dell Technologies released PowerProtect Cyber Recovery for Google Cloud. It enables customers to deploy an isolated cyber vault in Google Cloud to more securely separate and protect data from a cyberattack.
Unlike standard cloud-based backup solutions, access to management interfaces is locked down by networking controls and can require separate security credentials and multi-factor authentication for access.

Organizations can use their existing Google Cloud subscription for purchasing PowerProtect Cyber Recovery through the Google Cloud Marketplace, and the service can be acquired directly from Dell and its channel partners.

This release fits perfectly into Dell Technologies' multi cloud data protection strategy. 

What is the Dell PowerProtect Cyber Recovery solution?

The Cyber Recovery solution maintains mission-critical business data and technology configurations in a secure, air-gapped 'vault' environment that can be used for recovery or analysis. 
The Cyber Recovery solution enables access to the Cyber Recovery vault only long enough to replicate data from the production system. At all other times, the Cyber Recovery vault is secured and off the network. A deduplication process is performed in the production environment to expedite the replication process so that connection time to the Cyber Recovery vault is as short as possible. Within the Cyber Recovery vault, the Cyber Recovery software creates point-in-time (PIT) retention-locked copies that can be validated and then used for recovery of the production system.

The Cyber Recovery vault on Google Cloud Platform

The Cyber Recovery software manages a virtual air gap between a production environment and the Cyber Recovery vault. It disables replication links and replication ports on the DD system in the Cyber Recovery vault when Cyber Recovery policies are idle. 
To function on Google Cloud Platform, the Cyber Recovery software requires that PowerProtect DD Virtual Edition (DDVE) is also installed on the Google Cloud Platform VPC. The Cyber Recovery solution deployment on Google Cloud Platform installs DDVE.

The software enables and disables access to both a private subnet and DDVE in the Cyber Recovery vault, which are installed during the solution deployment, through Google Cloud Platform firewall rules.
When a policy runs, the Cyber Recovery software enables the flow of data into the Cyber Recovery vault by enabling both the replication link and the replication port of the DD system. When a policy finishes synchronizing data into the Cyber Recovery vault using the replication link, the Cyber Recovery software disables the replication link. 
Also, when all policies no longer use a specific DD port to synchronize data into the Cyber Recovery vault, the Cyber Recovery software disables the port by bringing down the interface.
Google Cloud Platform firewall rules provide virtual private cloud (VPC) security that provides additional security measures for the Cyber Recovery vault.
The Cyber Recovery software enables and disables access to a private subnet, and enables and disables access to an instance through firewall rules.

PowerProtect Cyber Recovery for Google Cloud offers flexible restore and recovery options to bring critical data back online quickly and is supported by tested and documented recovery programs. Cyber Recovery for Google Cloud enables recovery of critical data from the vault after a cyberattack or for recovery testing procedures - allowing you to recover your data back to the corporate data center, or an alternate, or to a new VPC or clean environment within Google Cloud. 

Architecture Overview

The basic Cyber Recovery solution on Google Cloud Platform architecture includes a single region, two Virtual Private Clouds (VPCs), and a single availability zone (AZ).

The following figure represents the architecture. The right side of the figure shows the Google Cloud Platform resources that define the Cyber Recovery vault architecture:

  1. The production environment can be on premises or also deployed on Google Cloud Platform or another cloud provider. The workstation at the production site enables you to connect to the jump host, which is in a private subnet in the VPC. The jump host provides access to the Cyber Recovery management host and the DDVE management console. For additional security, the workstation has a limited IP range.

  2. The Terraform template deploys all the components that the Cyber Recovery solution requires in the VPC on Google Cloud Platform. The template creates three private subnets:
    • A private subnet that includes the jump host
    • A private subnet that includes the Cyber Recovery management host and DDVE
    • A private subnet that includes the second network interface card (NIC) of the DDVE that is used for replication

  3. The firewall rules allow access between:
    • The production workstation and the jump host subnet
    • The private subnets that include the jump host, the Cyber Recovery management host, DDVE, and the other components that make up the Cyber Recovery vault
    • The private subnet that includes the subnet for network traffic to the DDVE, that is, the replication path.

  4. The Cyber Recovery email capability provides one-way email from the Cyber Recovery management host. 

For further information, review Dell Technologies' cyber recovery landing page and product documentation.