南宫NG·28

Solution Background
In the context of severe cybersecurity threats, ransomware attacks have occurred more frequently than ever before. In the past year, 129,395 ransomware attacks occurred globally, posing a severe threat to operational security across various industries worldwide. Ransomware typically gains root access to the operating system and then locks or deletes files, rendering core application data unavailable. The attackers then demand a "ransom" for data restoration, causing significant asset losses to the victims. The current data security protection system has formed a set of safeguards, but it is constrained by deployment models, such as insufficient security and long RPO (Recovery Point Objective), posing a risk of partial data loss in the face of ransomware attacks.
Building upon the current data security protection system, we aim to establish a fallback data protection solution that ensures safe and recoverable data even after a system is compromised by ransomware, thereby safeguarding customers' data assets.
For the protection of transactional structured data and unstructured data, comprehensive protection solutions based on replica data, disaster recovery data, and offline data are implemented in accordance with regulatory requirements, as detailed below:
Replica Data: Databases achieve multi-replica protection through local high availability (primary-secondary, dual-active) and同城双活 (同城 active-active deployment), ensuring RPO=0 and fast RTO (Recovery Time Objective) recovery.
Disaster Recovery Data: The databases of tier-5 applications in data centers achieve remote data protection through remote disaster recovery clusters, satisfying minute-level RPO protection and RTO recovery.
Offline Data: Both databases and files are protected offline through tape backups, but tape backups are inefficient, with an RPO of 24 hours and slow RTO recovery.
The current protection systems for replica data, disaster recovery data, and offline data can cover most data protection scenarios. However, due to the limitations of their deployment models, each solution inevitably has certain constraints, making it impossible to fully address data loss and rapid recovery after a system is compromised by ransomware.
High risk of collateral attack on replica data: Industry ransomware incident cases show that ransomware has strong lateral infection capabilities, and nodes with persistent long-term connections to attacked nodes are vulnerable to collateral attacks. Replica data, which ensures RPO=0 and maintains constant connections with local nodes, is highly susceptible to lateral propagation of ransomware once the local node is compromised, resulting in encryption of its data.
Non-universality of disaster recovery data: Firstly, disaster recovery data relies on remote disaster recovery data centers, which have high deployment requirements. Currently, only high-tier application databases in data centers have disaster recovery clusters, while lower-tier applications and branch offices lack disaster recovery environments. Secondly, due to limitations such as remote bandwidth, the RPO of remote disaster recovery environments is not zero, and there is also a risk of data loss.
Long RPO/RTO and supply chain risks for offline data: Firstly, tape backups are inefficient, with an RPO of 24 hours. Secondly, tape recovery requires a series of data integration processes, and tape read speeds are slow, resulting in long RTOs and inability to respond to rapid recovery after business lockouts. Thirdly, mature tape libraries and tapes in the industry are currently dominated by foreign products, posing supply chain risks.
Solution Overview
Information2 provides three ransomware protection solutions based on data replication technology: the basic CDP ransomware protection solution, the basic CDM ransomware protection solution, and the advanced black box ransomware protection solution (divided into file-level and database-level)
Ransomware Protection: CDP, CDM, and black box technologies provide different levels of protection for data. In particular, the TEE confidential environment and WORM (Write Once Read Many) file system of the black box allow data to be written but not modified, effectively preventing ransomware intrusion.
Data Recovery: CDP continuously monitors and captures written data, pushing it to the black box to create historical, recoverable microseconds-level time points. After a client failure, the required data can be quickly restored from this time point, complementing scheduled backups. Scheduled backups protect data security for the previous day, while CDP protects data security within the protection period, completing a closed loop of data protection.
CDP Ransomware Protection Basic Solution
Continuously captures data changes through data replication technology and stores them in a backup system in the form of logs. When data is compromised by ransomware or corrupted, it can be restored using CDP data.
RPO: Microsecond-level
RTO: Hour-level
CDM Ransomware Protection Basic Solution
Obtains data changes through data replication technology and saves the entire system in its original format as a replica. When the production system fails, it can be quickly mounted and restored without restoring the original system.
RPO: Second-level
RTO: Minute-level
Black Box Ransomware Protection Advanced Solution - File Level
Full data is packaged into black boxes daily, and incremental data is written into black boxes in real-time. During recovery, historical files can be retrieved and restored at microsecond-level granularity.
RPO: Second-level
RTO: Depends on the amount of data
Black Box Ransomware Protection Advanced Solution - Database Level
The database adopts quasi-real-time synchronization technology to pull online logs in real-time and write them into the black box.
RPO: Approximately 0 (second-level)
RTO: Minute-level; the target database can provide services immediately after applying logs.
CDP Basic Solution
CDP Overview
i2CDP continuously replicates continuously changing data to the target server while recording data changes in the form of logs. In the event of a system failure, it quickly locates the required recovery point in time based on the data change logs and restores the data to a point before the anomaly with one click, ensuring data security and business continuity. For instance, after being infected by ransomware, the system can be restored to any point in time before the infection with one click. This software is suitable for critical information systems across various industries, such as trading systems in banks and securities companies, enterprise ERP systems, campus one-card systems, hospital HIS systems, etc., providing continuous protection for files and databases within these systems.
CDP Protection and Recovery Process
CDP Protection Process
1.Configure CDP rules, specifying the directories or files to be protected, CDP data retention policies, etc.
2.After submitting the CDP rules, the client initiates an initial full synchronization for the initial data synchronization.
3.After the initial full data synchronization is completed, it automatically transitions to an incremental state, capturing incremental data in real-time and forming incremental time points for each incremental IO operation on the backup server.
CDP Recovery Process
1.Configure the CDP recovery task, selecting the desired recovery point in time, target server, and path.
2.The backup software automatically merges data based on the selected recovery point in time.
3.The backup server transfers the recovery data to the specified path on the target server.
CDP Data Tamper-resistance
The backup server provides an immutable storage solution at the kernel level, preventing ransomware from damaging CDP data and meeting data security and compliance requirements.
It supports tamper-resistant drivers that cannot be uninstalled casually; configurable security policies to restrict non-backup processes from accessing storage read/write; alerts when untrusted processes attempt to operate on backup directories and are denied; and configurable threat perception policies to record tampering and access processes and frequencies.
Solution Advantages
Byte-level Replication and Efficient Transmission
With bytes serving as the smallest unit for data capture, the volume of data that needs to be replicated is greatly reduced. The serialized transmission method is far more efficient than traditional backup transmission in scenarios with narrow bandwidth and remote transmission, and network speed limits can be set to ensure that bandwidth priority is given to production systems and business applications.
Flexible Protection Strategies
Flexibly set the time range and storage space required for data protection; automatically merge and delete historical data copies to strike a balance between continuous data protection duration and disk storage.
Data Protection for Various Applications and Databases
Apart from supporting real-time protection for unstructured data, it also supports real-time protection for databases such as Oracle, SQL Server, DB2, and ensures data consistency through byte-level replication technology.
True Point-in-Time Recovery (True CDP)
With precision down to one millionth of a second, data changes (including changes to actual data, owners, permissions, and other attributes) are recorded in log form, analyzed, and the changed portions are calculated and saved in the CDP data protection area. During recovery, specify the point in time and target location for rapid recovery, maintaining business continuity.
Unified Management with Graphical Interface
Intelligent installation wizards, flexible backup strategies; rich statistical information for easy viewing of backup results; supports custom alert settings with email notifications for abnormalities; supports automatic verification to check the recoverability and integrity of backup data; supports user permission management functions. Only one console is needed for centralized management of different databases.
Case Name: Shenzhen Overseas Chinese Hospital
Case Description:

Through i2CDP, data is restored to the state before the abnormal point with one-click based on the data change log during system failures, ensuring data security and business continuity while avoiding logical errors.
Case Value:

i2CDP helps establish a security protection barrier for the medical information system of the hospital user. When data is lost or infected by ransomware, data can be restored from the backup system to ensure the normal operation of the medical information system.
CDP can achieve real-time replication of incremental data for both unstructured and structured data based on byte replication technology, while supporting multiple data verification methods to ensure consistency between source and backup data.
Backup data supports data recovery at any point in time, avoiding data loss due to logical errors in applications or databases.
CDM Standard Solution
CDM Overview
i2CDM realizes real-time or scheduled backup of production environment operating systems, file systems, and database data to a backup server. Users can quickly generate multiple data copies from the backup data, which can be used for disaster recovery drills, development testing, and other purposes without affecting the operation of the production center. The data copies can be directly cleaned up after use without affecting the integrity of the backup data. Additionally, i2CDM supports using the cloud environment as the target platform for copy management, combining the elastic scalability of the cloud platform to provide more independent, fast, and economical data copy management services.
CDM Appliance Solution
i2CDM offers an all-in-one solution where the entire machine and application data of the production server are backed up to the target all-in-one machine through block replication technology, with multiple snapshot points retained according to the backup strategy. When restoration is needed, multiple copies can be cloned from snapshots on the target platform for data use. The copies barely occupy storage space, enabling disaster recovery drills and development testing without affecting the operation of the production center. The copies can be deleted after use. The CDM all-in-one machine is equipped with virtualization platform software, which can realize business emergency takeover and regular disaster recovery drills.
When business systems and data are tampered with by ransomware, i2CDM can quickly build virtual machines on the virtual platform inside the all-in-one machine through historical snapshot points to achieve business emergency takeover.
Without affecting the production system, users can conduct drills and validations on the copy data within the isolated network of the virtual platform to ensure the validity and correctness of the backup data. Additionally, the copy data can be used for development testing, data analysis, and other scenarios.
CDM Cloud Solution
The i2CloudCDM product provides cloud-based data copy management on cloud vendors' infrastructure, backing up production system data to cloud hosts and cloud storage through block replication technology. Through the API interfaces provided by the cloud platform, it can realize cloud-based emergency takeover and disaster recovery drills in an isolated VPC, and achieve minimal resource utilization in the cloud.
When business systems and data are tampered with by ransomware, i2CloudCDM can quickly build cloud hosts through historical snapshot points in the cloud to achieve business emergency takeover.
Without affecting the production system, users can conduct drills and validations on the copy data within the isolated VPC to ensure the validity and correctness of the backup data. Additionally, the copy data can be used for development testing, data analysis, and other scenarios.
Solution Advantages
Minimal Impact on Production Environment
Traditional backup products require obtaining data changes since the last backup, resulting in significant disk IO usage during the backup period. However, Information2 is always based on continuous real-time data replication technology, eliminating the need for backup time windows and therefore avoiding IO peaks, ensuring uninterrupted business operations in the production environment.
Excellent Network Transmission Performance
Whether in a LAN or WAN, the network transmission performance for replicated data is excellent among similar products, with good adaptability to different environments and requirements in terms of stability and transmission efficiency.
Strong Scalability and Protection of Existing Investments
It offers convenient scalability, providing not only real-time backup protection for databases or important files but also disaster recovery switchover protection for virtual machines, significantly reducing the need for additional investments. Moreover, when switching databases, there is no need to purchase additional database modules, saving future investments. When new nodes are added, there is no need to modify the existing structure; only the disaster recovery software needs to be installed on the new nodes.
Minute-level Business Recovery
The copy data is saved in snapshot form on the backup storage. When recovery is needed, copies can be quickly generated from historical snapshot points, and data services can be provided through the virtual platform or cloud platform.
Effective Storage Space Savings
Helps users effectively manage data copies, reducing storage space requirements by 80% to 90% and procurement costs by over 75%. Based on snapshot technology, production data copies are obtained through permanent incremental backup, improving data copy acquisition efficiency by 70% compared to traditional backup or data pump export methods. It provides efficient data copy storage management services, integrates multiple technologies, resolves the drawbacks of traditional solutions, significantly improves the speed of user development and testing data circulation, and reduces the workload of DBAs.
Application Scenarios
Data Agile Services & Ransomware Protection
Provide data copy support for development and testing environments: For massive data resources, generate test data within minutes and quickly deploy it into the test environment. Test data is based on virtual snapshot technology, significantly reducing the storage space occupied by test data. Snapshot cloning technology ensures that test data is readable and writable without altering the data source. It can also be used for ransomware protection.
Business Emergency Takeover
System downtime can result in lost customer revenue and reduced employee productivity. Use CDM to provide disaster recovery protection for the entire machine system's copy data. When the system fails, instead of restoring the original system, create a virtual machine using the copy data and restore the system to its latest state for external access.
Hybrid Cloud Disaster Recovery
Applications running in the local data center environment may face various unexpected situations. These situations can lead to extended downtime for critical applications, causing significant losses to your business. When applications within the private IDC cannot be restored in a short time, hybrid cloud disaster recovery services can help customers quickly launch applications on the remote disaster recovery cloud.
Customer Case Study
Case Name: Indonesia PAMA's Cloud-based CloudCDM Data Protection
Customer Pain Points

As a traditional energy and manufacturing enterprise, PAMA has been expanding its business scope and deepening its digital transformation. Consequently, it faces increasing security challenges such as cyberattacks, system scaling and upgrades, operational vulnerabilities, and natural disasters. The evolving hybrid IT architecture has exacerbated the difficulties of data backup and disaster recovery in heterogeneous environments. The nature of its industry demands high standards for business system and data security, as any unplanned business downtime or data damage can result in economic losses and reputational harm.
Case Description

PAMA adopted the CloudCDM software to transmit the application host images from its local data center to Huawei Cloud's Jakarta data center through encrypted transmission, enabling data backup on EVS hard disks in the cloud.
In the event of a failure in the local production environment, the CloudCDM platform can quickly restore and launch business hosts in the cloud, ensuring a swift switch of core businesses to Huawei Cloud for continuity.
Additionally, for its core ERP system, the Ellipse database cluster employs SQL semantic-level real-time replication technology to establish disaster recovery on Huawei Cloud, ensuring the integrity of the entire business system's cloud takeover and meeting the requirement for as short an RTO as possible.
Case Value

By utilizing a software-defined solution, the customer's challenges with data backup and disaster recovery from the local center to the cloud center were resolved, significantly enhancing the overall security of its digital systems.
Through CloudCDM's advantages in data extraction, backup strategies, and drill testing, the customer achieved a more agile cloud-based disaster recovery mechanism, greatly improving the TCO of backup and recovery system construction.
CloudCDM leverages Huawei Cloud's elastic cloud infrastructure resources and its ability to manage copies of massive data, facilitating easy elastic scaling of disaster recovery resources to safeguard more systems and data in the future.
The visual Oracle RAC disaster recovery tool greatly simplifies management and operational costs while ensuring synchronization efficiency and disaster recovery effectiveness.
Advanced Data Black Box Solution
Introduction to Data Black Box
The Data Black Box GaussStore provides a data black box protocol, utilizing parallel streaming replication algorithms, featuring high-security physical storage with one-time write, read-only data, and immutability, along with automatic elimination. Combined with the TEE (Trusted Execution Environment) confidential computing, it constructs a "secure environment."
GaussStore: It employs mutual authentication between the database and GaussStore based on pre-configured credentials. Without credentials, no network connection can be established for communication, preventing hackers from impersonating the database or GaussStore to infiltrate the link and tamper with or steal data.
TEE: It achieves hardware isolation based on the server hardware's resource security isolation capabilities, enabling isolation of buses, registers, and memory between the TEE and the HostOS. Only the TEE can access secure resources, and unauthorized software cannot access memory and data within the TEE environment.
PCIPC and PCIe devices (such as network cards) securely pass through to the TEE environment without interaction or forwarding at the host layer, enabling direct connection between data preservation and storage within the TEE, invisible to the host and without the need for secondary encryption to affect performance.
In terms of storage security, it provides WORM (Write Once Read Many) capabilities for data isolation protection, combined with the black box solution to achieve hardware-level data isolation. The network exposure surface is minimized, and process operations use a vault mode with a global WORM clock that users cannot modify.
WORM File System
Supports file access policy control and prevents command injection attacks.
Addresses security risks: Hacker intrusion into WORM configuration and command injection attacks.
Protective effects: Provides stronger access control than operating system privileges, ensures that files cannot be tampered with after writing, prevents command injection and other illegal intrusions, and allows for traceable auditing of all accesses/operations.
Independent WORM Clock
An internal WORM clock that users cannot modify.
Addresses security risks: Attackers modifying the system clock to disrupt the WORM read-only state.
Protective effects: Prevents attackers from expiring WORM files by modifying the clock or other methods to delete them.
FlashLink High-Performance Read-Write Technology
Technical challenge: Ensuring RPO=0 for the black box without slowing down production operations.
Key technologies: Intelligent multi-core technology, large block sequential write technology, multi-stream partitioning technology, and end-to-end I/O priority, ensuring stable low latency and high IOPS for the black box.
Technical effects: Enhances security while minimizing the impact on production performance and ensuring low latency.
Database Replication Combined with Black Box Solution
Intended scenario:
MySQL-like (ISQL, GoldenDB), Oracle without offsite disaster recovery clusters, such as MySQL-like and Oracle databases deployed at domestic and overseas institutions, and other related databases.
Data protection:
A new database is established in the primary cluster room as a playback node. After the initial deployment, full data synchronization is performed from the primary cluster to the playback node, followed by continuous synchronization of incremental logs to the black box for asynchronous playback and updating of the database state by the playback node.
Data protection process:
Adding a playback node
Deploy a new database in the primary cluster room as a playback node, perform full data synchronization with the primary cluster for the first time, and then disconnect this link to ensure data security
Writing incremental logs to the black box
The data replication platform interfaces with the black box, and incremental logs are asynchronously replicated and pushed to the black box via DRP with an RPO≈0.
Log playback
The playback node continuously pulls incremental logs from the black box for playback. Logs that have been pulled are deleted from the black box.
Data recovery process:
Log recovery
When the primary cluster is unavailable, the playback cluster pulls incremental logs from the black box for recovery (complementing missing logs) and forcibly switches to the primary database, achieving an RTO≤5 minutes.
Primary cluster restoration
The playback cluster synchronizes data back to the primary cluster through full synchronization or backup restoration, and a cutover is performed during a scheduled time window for switchover.
Solution Value
multi-node data concentration
Security Value:
Depth of Defense: Establishes depth of defense against data corruption at the backend of the TEE, enhancing system security capabilities in conjunction with Kunpeng computing to form an end-to-end environment.
Comprehensive Data Security System: Accumulated over years, it boasts a comprehensive data security capability representing the industry's top level (German BSI, CC, FIPS).
Separation of Storage and Computing Value:
High Data Availability: Separating computing nodes and storage nodes improves redundancy by retaining secure, complete, and usable data copies on storage nodes even when computing nodes are compromised.
High System Availability: Storage features rapid detection and isolation mechanisms for slow/faulty disks and slow I/O, preventing performance risks and business downtime caused by such issues.
High Architectural Reliability: Storage offers sub-health detection, secure snapshots, consistent snapshot groups, multi-tenancy, and multi-replica disaster recovery for high reliability.
10-Day Free Trial Disaster recovery is a task. Data management is our mission

Free Trial
Please complete the captcha code first

Captcha:

Privacy
When you register with partners on this website, this website will collect your relevant information and keep records. The personal information collected by this website includes but is not limited to: name, address, company, location, telephone number and e-mail address. The more and more accurate information you offer, the better we can provide you with relevant services.

LinkedIn

Email

Share

友情链接: