For one of our customers, we have recently deployed a NetApp AltaVault appliance to provide cloud backups.
AltaVault connects to a wide variety of cloud storage providers. When you back data up to the AltaVault on premises, data is encrypted as it is ingested. The AltaVault then manages automatic migration of the encrypted backup data to the cloud. The encryption keys remain on the on-premises appliance, so the cloud provider cannot access your data.
Over time, the backed up data is all moved to the cloud, with the appliance storing the most recent backups. Therefore long-term retention is in the cloud, but restores from recent backups are over the LAN.
AltaVault is also pretty agnostic about what drives the backup; it just offers storage via NAS protocols that you can use as a backup target.
In this instance, we are using CommVault to drive the backups, and sending the encrypted backup data to Amazon Glacier storage, which is ideal for this customer’s requirements as it is inexpensive, and the slower data access that Glacier offers is fine for archive backups, since restores from archived data are likely to be few and far between.
In this deployment we also have on-premise vault copies of data sets so the customer has pretty much dispensed with tape and the attendant costs of managing and securely storing tape media.