Blog

Protect critical workloads with CenturyLink Cloud and Safehaven Disaster Recovery as a Service

IT teams spend a good deal of time thinking about disaster recovery – and rightly so.  Unexpected downtime is hugely expensive, from a loss of productivity, to an immediate loss of revenue, to long-term damage to the corporate brand.

For disaster recovery of virtual machines already in the public cloud, CenturyLink Cloud’s premium storage option offers a simple, elegant option for enterprises.  Just click a button, and you have an RTO of 8 hours, and RPO of 24 hours in the event of a declared disaster.

What about protecting on-premise VMs?  This is a perfect workload for public clouds like CenturyLink Cloud.  Traditional DR systems are simply too hard to get up and running.  Too often, these products:

  1. Take too long to deploy.  Many take months to plan, and then even more time to deploy.
  2. Add cost and complexity.  Enterprises often need to bring in consultants or additional resources to manage the effort.
  3. Increase CapEx. New hardware usually needs to be purchased and managed accordingly.
  4. Require burdensome testing procedures.  Once a DR solution is deployed, users are often forced to navigate long, labor intensive lead times to conduct DR tests throughout the year.

To help customers protect on-premise VMs, we’re excited to launch Safehaven for CenturyLink Cloud.  This solution offers much of the simplicity as CenturyLink’s cloud-to-cloud DR – including self-service and a point-and-click interface – with powerful customization options.  In addition, customers receive a “white-glove” on-boarding experience to ensure your configuration aligns with your DR strategy.  Here’s a high level overview of how Safehaven for CenturyLink Cloud works:

  1. Build the CenturyLink Cloud servers using our self-service interface.
  2. Install the Safehaven replication software in your Cloud and Production environments
  3. Configure Safehaven including settings for RPO requirements and server bring up sequencing
  4. Test your environment against your with failover and failback operations runbook

Upon disaster declaration initiate the failover sequence in the Safehaven Console and let the pre-configured API calls boot your Cloud VMs, and start your OS so you can resume application processing.

Once your production environment is restored, initiate a failback command that automatically pauses your CenturyLink Cloud VMs and starts data transfer back to your production site. SafeHaven provides full recovery orchestration and planning at the server group and data center levels. Users can be sure that multi-tiered applications involving multiple servers and data volumes will come up in the exact sequence you configured. In the case of controlled shut down events, SafeHaven can bring up a replica of your data center in the cloud without any data loss. 

The service shines through where traditional DR systems fall short, specifically when it comes to:

  1. Cost.  Safehaven is orders of magnitude less expensive compared for enterprises looking for recovery of private data centers in a multi-tenant cloud.
  2. On Demand Cloud Infrastructure. Configure and provision your VM and storage in minutes, and avoid long and expensive lead times to provision infrastructure. 
  3. Performance, specifically ultra-low recovery times. Frequently an entire data center can be restarted in the CenturyLink Cloud in a matter of minutes.
  4. Non-disruptive Testing. Users can run test to validate application–layer recovery without affecting production systems.
  5. Group Consistency & Recovery Plans. Users can develop and test automated run book recovery plans.
  6. Automated Failback. When disaster conditions are resolved, users can failback to their original production data centers in minutes and without data loss.
  7. Continuous Data Protection. Users can retain up to 2,048 checkpoints to protect against data corruption or loss.
  8. Versatility.  SafeHaven can be configured to protect both physical and virtual IT systems.
  9. Ease of use. The product UI is very intuitive and simple-to-use.

Let’s dive into a technical overview of the product to see exactly how it works.

draas

Core SafeHaven for CenturyLink Cloud replication software services include:

  1. Inter-site migration, failover, and failback
  2. Continuous data protection with up to 64 checkpoints for rollback in cases of server infection or data corruption
  3. Non-disruptive testing of recovery and migration plans

These features can be executed at the level of individual Servers, groups of servers or entire sites. How? A virtual appliance called a SafeHaven Replication Node or SRN is uploaded into the site that is to be protected.  SafeHaven then leverages local mirroring software already embedded within standard operating systems to replicate new writes from protected servers to the SRN.  The SRN buffers these changes and transmits them asynchronously to a protection VM in the CenturyLink Cloud that then writes the changes to disk.  When disasters occur, SafeHaven will boot the recovery VMs using the replica data images it has been maintaining in the cloud. Meanwhile, another SafeHaven virtual appliance called a Central management server transmits control traffic between the SRNs and the SafeHaven Management Console.

Disaster Recovery is a complex topic area and that there are many protection strategies to achieve the desired results. We created this service offering in response to customer feedback as yet another option for our customers to protect their production IT environments. We also recognize this solution is not a panacea for DR; rather it’s a solution oriented tool that may help you service certain production workloads in a cost effective, low investment model. And for those workloads that require a different protection technique we’ve got the depth of resources to help you realize your goals.

Heartbleed Vulnerability Update

A dangerous bug was identified in a popular SSL/TLS library that powers many of the web servers in the internet. This bug – called Heartbleed – allows attackers to retrieve data stored in a server’s memory and access sensitive information.

CenturyLink Cloud wants you to be aware of one impacted area which was identified through our comprehensive assessment: OpenVPN software. The Linux distribution used for OpenVPN does not yet have an updated, patched package available to remediate this vulnerability. We are actively pursuing other solutions and will have an update on this issue shortly. [Please see update and action items below]

As this issue is related to OpenVPN client software, we believe it is important to detail what type of communication between users/machines may be affected by this vulnerability.

     
  • Control Portal system is NOT affected, so there is no need to change your password to the web site.
  •  
  • Site to site VPN tunnels from customer premise equipment to CenturyLink Cloud datacenters are NOT affected.
  •  
  • Site to site VPN tunnels between customer servers in a particular CenturyLink Cloud data center to other customer servers in a remote CenturyLink Cloud  data center are NOT affected.
  •  
  • Software created VPN tunnels between customer client computer running OpenVPN typically used to manage/access customer servers in a CenturyLink Cloud datacenter IS affected. [Please see update below]
  •  
  • Customer deployed solutions relying on OpenSSL technology running in CenturyLink Cloud datacenters is LIKELY affected.  As the customer is responsible for configuration, deployment of these systems, it is the customer’s responsibility to remediate any affected systems. If you are running a web server in the CenturyLink Cloud and use OpenSSL to secure your website, test your website and remediate immediately.

Follow this post for continued updates. Please contact the NOC with any questions.

[2014-04-09 10:00AM PST – Initial post]

[2014-04-09 02:00PM PST – Solution identified, validated, and being rolled out to vulnerable OpenVPN servers]

[2014-04-09 07:15PM PST – All Control-deployed OpenVPN servers have been updated. All new OpenVPN servers leverage an updated template. Customers in UC1 and VA1 should also regenerate their VPN certificates as a precaution.]

Our First 140 Days as CenturyLink Cloud

Recent history has shown that after a cloud provider is acquired, the pace of innovation slows and there’s a loss of focus (and staff). If you don’t believe me, check out the release notes (if you can find them!) of some recently acquired cloud companies. It’s not pretty. I’m here to say that we’re different.

140 days ago, the acquisition of Tier 3 by CenturyLink was described as a "transformational deal for the industry." Instead of randomizing Engineering post-acquisition with unnecessary process, and haphazard integrations with legacy and redundant products, we’ve actually accelerated pace of development on our go-forward platform, CenturyLink Cloud. In the past four months, we’ve maintained our software release cadence, grown our team, expanded our data center footprint, actively integrated with our parent company, and solidified a game-changing vision that has retained and attracted a phenomenal set of customers.

We update our cloud platform every month with new, meaningful capabilities. Only a very small subset of cloud providers can make that claim. In the past 140 days, we’ve shipped over 1,200 features, enhancements, and fixes. This includes a new high performance server class, faster virtual machine provisioning, new reseller services, a major user interface redesign, a compelling monitoring/alerting service, a new RESTful API, and a pair of new data centers.

Our ambitious data center expansion is on track. In the past few weeks, we’ve lit up a pair of new data centers in the US. This gives customers access to world-class CenturyLink network, security, and management services in those locations. With 11 total data centers, the CenturyLink Cloud has a greater geographic breadth than all but two public cloud providers. That’s pretty awesome for our customers who want a highly distributed environment for running their portfolio of applications.

Our Engineering team has also grown as additional experienced developers have come on board and contributed in a major way. The Operations team continues to scale out as well while becoming even more efficient at managing infrastructure at scale.  Just as important, we’ve integrated with the broader CenturyLink teams and have a single, comprehensive vision for delivering multiple infrastructure options on a unified platform to a global customer base. Why should organizations compromise when trying to fit their needs into the cloud? With CenturyLink, customers can consume co-location, dedicated hardware, managed services, public infrastructure-as-a-service, and platform-as-a-service all with a single provider. And we’re working to integrate these options into a groundbreaking customer experience.

We aren’t close to being done disrupting this space. The next 140 days will be just as exciting. Try out our compelling platform, or join the team building the future of cloud and infrastructure.

New Cloud Nodes Online in Santa Clara & Sterling – An Important Milestone for CenturyLink Cloud

The CenturyLink Cloud team has brought two new data centers online.  Customers can now deploy virtual resources in Santa Clara, CA (UC1) and Sterling, VA (VA1) sites.  This brings our total count of federated data centers to 11 - six in the US, two in Canada, two in the UK, and one in mainland Europe.  Expect more investment in this footprint in the months to come.

There is something special about these new sites, our first new locations since the acquisition.

When CenturyLink acquired Tier 3, it was a big investment for the parent company.

The message to the market was clear: Cloud is CenturyLink’s growth engine for the future.  We’re investing in a cloud-first platform that can solve enterprise IT jobs better than any other provider.

How do we solve them better?

By offering a superior breadth of managed services and infrastructure…with unmatched integration between products.

These new locations are a major milestone towards this vision.  Three reasons why:

  1. Location & scale.  These are the largest CenturyLink Cloud data centers to date.  CenturyLink’s customer base is massive, and our new stack reflects the pent-up demand for public cloud.  Global scale for the enterprise is in our DNA; this is simply the latest example of our expertise at work.
  2. Advanced connectivity for customers in deployed in these locations.  Customers can start integrating their deployments in Santa Clara and Sterling with CenturyLink Cloud services today, via direct connect and IPSEC VPNs in some cases.  How does this help customers?
    • Performance.  Direct connects create ultra-low latency connections that bypass the public Internet.
    • Security.  The other is security – the HAN connection provides access to a rich set of network security add-ons for our public cloud.
    • Cost. Bandwidth charges go down too, since the public Internet is not used in these scenarios.
    • Convenience.  Customers can get all of this from a single provider.
  3. A complete set of public cloud services are available – even Hyperscale.  Our full product catalog is available in these locations, including Hyperscale, our new instance with 100% Flash storage.  Simply select “Santa Clara” or “Sterling” from the data center drop-down menu in the Control interface, and you’re up and running. 

There’s another reason to be excited as well – the integration of CenturyLink Cloud with the rest of the CenturyLink portfolio is happening as planned, and on-schedule.  Our cloud platform is a ‘first class citizen’ in the CenturyLink ecosystem.

The best part of all this, though?  We’re just getting started!

 

Introducing ElasticLINQ:  Making Elasticsearch queries easy with the power of LINQ

CenturyLink the Cloud Development Center contributes ElasticLINQ to the community

Today I’m pleased to announce that the developers of the CenturyLink Cloud Development Center are contributing ElasticLINQ to the community. ElasticLINQ is a tool for those who wish to find and retrieve documents from Elasticsearch and easily convert those documents into .NET classes.

ElasticLINQ will help developers ease the transition from relational databases to distributed NoSQL systems. Using the same query language for SQL and NoSQL makes the transition simpler. This code was created by .NET devs for .NET devs and today we’ve made it available on GitHub under the Apache 2 license.

Who might use it? Any company looking to write for or port software into a distributed cloud environment could benefit from these technologies.  A typical use case is devs who are using Elasticsearch as a full-featured search system for an existing NoSQL database (such as a document storage system like Couchbase).  They will use ElasticLINQ to give them LINQ syntax to query documents stored in Elasticsearch.

This is a familiar use case for our CenturyLink Cloud engineering team here in Seattle.  ElasticLINQ was one of the outputs of our efforts to transition from MS SQL Server. Our team uses Couchbase and Elasticsearch extensively – they are central to our cloud management portal.  Our documents are stored in Couchbase and replicated into Elasticsearch for later querying.

And of course, our engineering teams are not alone in making the shift to NoSQL platforms.  After prototyping the tool, we realized it would have broader applicability in the industry and invested in building it out.  We are pleased to offer ElasticLINQ to help accelerate this trend as we recognize these systems will play an increasingly important role in the enterprise.

One of the reasons I joined Tier 3 was the team’s strong commitment to open source —a commitment that was reinforced by Jared Wray at the time of our acquisition by CenturyLink. Open source is and will remain a powerful driver for our engineering team and this project is just one of many in a continuing series we’ll release this year.

Read the ‘Getting Started,’ try out the code and let us know what you think.

Jim Newkirk VP of Cloud Development