-
Task
-
Resolution: Unresolved
-
Major
-
None
-
None
-
Quality / Stability / Reliability
-
3
-
False
-
-
False
-
Not Selected
-
ToDo
-
-
-
Very Likely
-
0
-
None
-
Unset
-
Unknown
-
None
The Virtual Machine Data Protection (VMDP) feature implements a true Zero Trust model for VM data protection, shifting the responsibility and control of backup operations directly to the VM user.
Core Principles
- Zero Trust Architecture: The fundamental design principle is zero trust, ensuring administrators cannot restore or access the backup data. The VM user maintains complete ownership and control over the lifecycle of their data, including ownership of the data, the backup, and the encryption keys required for restoration.
- User Autonomy: The user is solely responsible for choosing what data is backed up and restored. This includes the critical capability to protect data accessible over network file systems, such as Ceph or NFS shares, which are typically excluded by standard OADP backups.
Implementation and Workflow
- Client Application: The feature provides a pre-built, statically linked OADP VMDP client. This client is a reworked version of the Copia CLI and is specifically engineered for VMDP operations.
- Client Access: The client can be easily and securely downloaded directly to the VM via an in-cluster HTTP service.
- Personal Repository: To ensure zero trust, the user must provide their own credentials to create and manage a personal, encrypted repository within the designated S3 storage backend.
- Simplified Backup: Backing up is streamlined to a single command, allowing users to protect any folders and files they can access. This includes local data and external network shares (Ceph/NFS).
- Efficiency: The client leverages Copia's deduplication technology. This ensures data is stored efficiently and subsequent backup runs, even after large file changes or copies, remain very fast as only new or changed data blocks are transmitted.
- Restoration Flexibility: Restoring files to a VM is a fast operation. The user has control over the restore location, allowing them to restore to a different folder or location, and can choose to restore from a specific, historical backup point.
- Architecture: Based on Zero Trust Architecture principles, meaning the VM user is fully responsible for backup and restore operations and owns their data and keys.
- Client: OADP provides a pre-built, statically linked VMDP client, which is a reworked version of the kopia CLI.
- Documentation: Expected to follow the style of the oadp-cli documentation.
1. Discover (Awareness and Introduction)
| Focus | Content Goal | Key VMDP Topics |
| Why VMDP? | Introduce the feature and address common user pain points related to internal VM data protection. | Headline Benefit: Secure, user-controlled data protection under a Zero Trust model. |
| Conceptual Overview | Briefly explain what VMDP is and its core difference from standard platform backups. | Emphasize that the VM user, not the administrator, owns the backup and the keys. |
| High-Level Features | List the key advantages to capture the user's interest. | Deduplication (Efficiency), single-command simplicity, and ability to protect Ceph/NFS shares. |
2. Learn (Prerequisites and Principles)
| Focus | Content Goal | Key VMDP Topics |
| Zero Trust Deep Dive | Detail the security architecture and the shift in data ownership/responsibility. | Core Principle: The user takes full responsibility. Explain why administrators cannot access or restore the data. |
| Prerequisites | Outline everything required before the user can begin, from both the administrative and VM perspective. | Cluster Admin setup (S3 backend enablement), VM network access, and the user's requirement for personal S3 credentials. |
| Client Mechanics | Introduce the tool the user will interact with. | Define the OADP VMDP Client as the reworked Copia CLI. Explain it is statically linked and downloaded via the in-cluster HTTP service. |
3. Try (Initial Setup and First Backup)
| Focus | Content Goal | Key VMDP Topics |
| Client Access & Setup | Provide the exact commands and steps for getting started. | Step-by-step guide for downloading the client to the VM (e.g., using curl). |
| Repository Creation | Guide the user through setting up their private, encrypted storage. | Detailed steps for using user-provided credentials to create and initialize the personal, encrypted repository in S3 storage. |
| First Backup Walkthrough | A simple, end-to-end example of protecting local data. | The specific single command example for running the first backup of a local folder (e.g., /home/user/app_data). |
4. Adopt (Advanced Usage and Security)
| Focus | Content Goal | Key VMDP Topics |
| Protecting External Data | Show the feature's unique capability to secure complex data sources. | Crucial Example: Specific command examples for backing up data on mounted network file systems like Ceph and NFS shares. |
| Backup Efficiency | Explain how subsequent backups work to build user confidence in performance. | Explain Copia's deduplication and why subsequent runs are very fast, only transferring changed blocks. |
| Restoration Workflow | Detail the process of retrieving data, focusing on user choice. | Step-by-step guide for restoring: basic restore, restoring to a different location, and selecting a specific backup point in time. |
5. Expand (Management and Maintenance)
| Focus | Content Goal | Key VMDP Topics |
| Repository Management | Instructions for managing the personal S3 repository over time. | Key commands for checking repository status, listing existing backups, and potentially removing old/unneeded backups (data lifecycle). |
| Troubleshooting | Provide solutions for common issues encountered by VM users. | Addressing client download failures, credential errors, S3 connectivity problems, and large file exclusions. |
| Integration/Scripting | Ideas for automating VMDP backups in a production environment. | Guidance on integrating the single-command backup into VM startup/shutdown scripts or cron jobs for scheduled protection. |
JTBD statement
"As a VM Application Owner, I want to perform encrypt and back up all custom configurations and network share data (e.g., Ceph or NFS) using my own S3 credentials, to achieve full, independent control and ownership of my data and encryption keys, preventing administrator access or reliance for fast restoration."
Personas
1. The Primary User (Application Owner)
This persona focuses on the core benefit of control and independence offered by the Zero Trust model.
- As a VM Application Owner, I want to perform encrypt and back up all custom configurations and critical network share data (like Ceph or NFS) using my own S3 credentials, to achieve full, independent control and ownership of my data and encryption keys, preventing administrator access or reliance for fast restoration.
2. The Efficiency-Focused User
This persona prioritizes operational speed and minimal resource usage.
- As a Production Engineer, I want to perform run subsequent data protection jobs using a single command, even after copying large amounts of files, to achieve complete my daily backups efficiently and extremely fast, leveraging deduplication so I don't waste time or storage space on redundant data.
3. The Security & Recovery Specialist
This persona focuses on the reliable, immediate, and unauthorized-access-free recovery process.
- As a Recovery Specialist, I want to perform quickly restore specific files or folders to a different location within the VM from a chosen backup point, to achieve ensure immediate business continuity and verify that files are recoverable only by authorized users, strictly adhering to Zero Trust recovery protocols.