COURSE OUTLINE

Introduction to Druva inSync cloud

Getting started with inSync
inSync profiles
Administrator roles
inSync clients
User management
Active directory and LDAP integration
Integrated mass deployment

2017 Druva. All rights reserved.

 COURSE OUTLINE
Public Cloud App backup
Governance
o Compliance
o Legal Hold
o Audit Trails
o DLP

2017 Druva. All rights reserved.

 LEARNING OBJECTIVES
After completing this section, you will be able to:

Explain how Druva provides converged data protection

Understand Druvas cloud architecture
Describe Druvas security model

2017 Druva. All rights reserved.

 INCREASING DATA & BUSINESS RISKS

40 Exabyte
Cloud
Endpoints
Remote Sites Corruption Ransomware
Data Centers & Loss & Malware

Insider Threat
2000 2005 2010 2015 2020 2025 & IP Theft

Legal Exposure Compliance

& Sanctions Infractions
2017 Druva. All rights reserved.
CLOUD INFORMATION MANAGEMENT

2017 Druva. All rights reserved.

 DRUVA PRODUCT LINES

Product Description Deployment

Enables data center class Cloud
availability and governance On-Premise
for the mobile workforce
Server Backup and Archiving Cloud

2017 Druva. All rights reserved.

 DRUVA INSYNC CLOUD OVERVIEW
inSync Cloud is Software-as-a-service(SaaS) platform
o Provides on-demand storage scalability and elastic architecture.
inSync is hosted by Amazon Web Services (AWS) and Microsoft
Azure
Data is replicated across multiple storage facilities
o AWS guarantees 99.99999% data durability over any given year
o Azure guarantees 99.99% data durability over any given year
inSync infrastructure availability was 99.96% last year
o Excluding any scheduled maintenance windows

2017 Druva. All rights reserved.

 PUBLIC CLOUD NATIVE

Metadata
Backup from anywhere (Dynamo DB)
Restore to anywhere

Internet
Object
Cloud Master Compute Nodes (EC2)
Storage
(S3/Glacier)
Endpoint Devices Servers and VMware

Engineered natively in the Designed for multi-tenancy

Cloud Highest level of data durability
Fully elastic infrastructure Built on object storage
2017 Druva. All rights reserved.
 INSYNC CLOUD GLOBAL STORAGE
Regional, on-demand object storage
o 30+ customer-selectable regions to
address regional data residency and
provide instant capacity
Industrys best durability and reliability
o Multiple data centers per region ensure
data integrity and high availability
Highest level of certifications
Stateless elasticity provides scale and
data security as demand increases

2017 Druva. All rights reserved.

 DRUVA ARCHITECTURE
SSO Backup
DynamoDB

Servers
U Availability Zone #1
S Backup
Servers
Availability Zone #2 S3

Cloud
DynamoDB
Master Backup
E Servers
M Availability Zone #1
E Backup
A Servers
Availability Zone #2 S3

WAN DynamoDB
Backup
Servers
A
Availability Zone #1
P
Config DB
J Backup
RDS
Servers
Availability Zone #2 S3

Druva Cloud
2017 Druva. All rights reserved.
 HOW THE DATA IS STORED

Volatile
Memory Space

S3

(TLS 1.2 / AES-256)

EC2
Storage
Node

DynamoDB

Global Deduplication Encrypted Block Storage

2017 Druva. All rights reserved.
 INSYNC DEDUPLICATION
Global, Client-Side Deduplication
o Deduplication across all users, devices
o Minimizes bandwidth utilization at the client
Application Aware
o Global deduplication is at the sub-file, object level
o MAPI for PST backup
o Optimized for common apps (MS Office, PDF,
Outlook)
Multiple Benefits
o Fastest backups (initial and incremental)
o Highest storage/bandwidth savings and best user
experience

2017 Druva. All rights reserved.

DRUVA SECURITY OVERVIEW
SHARED RESPONSIBILITY MODEL

2017 Druva. All rights reserved.

 DRUVA INSYNC CLOUD: SECURITY
End-to-end Data Security
o TLS 1.2 in transit, 256-bit AES encryption
o DLP encryption on device
o Authentication and access control with AD/LDAP
o Single Sign-On with SAML integration
Cloud Security
o 256-bit AES encryption in storage
o 2-factor encryption: Druva does not have access to customer data
o Complete compartmentalization of customer dataSAS-70 certified AWS
infrastructure
o ISAE3402 Type 2 certification of Druvas cloud controls

2017 Druva. All rights reserved.

 KEY MANAGEMENT & DATA ENCRYPTION
Based on Digital Envelope Encryption
o Data Encryption Key is encrypted with
customer credentials and stored as a token Key Encryption Key

o Allows for customers full control of their data

o Does not require external key manager
Data Encryption Keys
o AES-256 Bit Key
o Unique Key Per Customer Instance
Data Encryption Key
o Only exists during the client session
Never leaves the system
Druva has no access to customer encryption
keys/data

2017 Druva. All rights reserved.

 ENCRYPTION IN THE CLOUD

Volatile Memory Space Object Blocks

Metadata Token Store

Amazon Amazon Amazon Amazon

EC2 DynamoDB RDS S3
Storage AES-256 AES-256
Node

2017 Druva. All rights reserved.

 CLOUD DATA ENCRYPTION KEY GENERATION
Key Encryption Key
Password
SHA256
(P1)

Random Salt
(S1) Admin Token
AES of (Salt+eKey+Password)

New Cloud Encryption Key AES 256

S1+eK1+P1 S1+eK1+P1
Instance (eK1) w/ SHA2 of P1

Password
(P1)
Stored Encrypted
in RDS
2017 Druva. All rights reserved.
 SUMMARY
Now that you have completed this module, you are able to:

Explain how Druva provides converged data protection

Understand Druvas cloud architecture
Describe Druvas security model

2017 Druva. All rights reserved.

THANK YOU