Acronis #CyberFit Cloud Tech Associate Cyber Infrastructure 2023 Handout

#CyberFit Academy
Cyber Protect Cloud

Cloud Tech Associate
Cyber Infrastructure
#CyberFit Academy
Hi, welcome to the Acronis #CyberFit Academy on demand e‐learning series!
The course that you are taking is Cloud Tech Associate Cyber Infrastructure.
This is an optional course that you are taking in the Cloud Tech Associate track.
Hope you will have a great time learning about the Acronis products.
and by the end of the course, you would know more about what it is that you are
selling.
So you will feel more comfortable to do it and be ready to talk to your customers
about it.
4
Meet your Instructor
Amos Dong
Partner Technology Evangelist
Amos is passionate in latest technology trends. He comes from a
Singapore solid technical IT infrastructure background. He has over 16 years
of experience in the IT industry. Holding multiple certifications
English and Chinese from Microsoft, Cisco, VMware, and Red Hat. His interests and
specializations include Windows Server, Active Directory,
Amos.Dong@acronis.com
Exchange Server, Hyper-V and VMware virtualization, Microsoft
365 and Google Workspace, Cisco Routing and Switching,
Network Security, and Linux Server.
#CyberFit Academy
Please allow me to introduce myself.

My name is Amos Dong.
I’m a Partner Technology Evangelist here at Acronis.
I’ve been with Acronis over two years now.
Looking forward to meet you in person whether in training or at trade shows.
We can talk more about the Acronis products that you like to know more.
5
Learning Objectives
• Understand ACI capabilities and software-

defined-storage
• Overview of ACI technology in backup
storage architecture, deployment options,
storage clusters, and networking concepts
• Licensing models of ACI
#CyberFit Academy
For our learning objectives,

After you have completed this course,
You should be able to understand ACI capabilities
and software defined storage
You should have an overview of ACI technology in backup storage architecture,
deployment options, storage clusters, and networking concepts.
Lastly, you should have a better understanding on the
Licensing models of ACI
6
Course Modules
1. Case Study
2. Overview
1. What is ACI?
2. ACI in Acronis Ecosystem
3. Deployment Options
4. Acronis Cyber Protect Cloud Back-end
Options
5. Licensing models
#CyberFit Academy
We have a bunch of course modules here.

We made each and every one of them very short.
So that you don’t have to take them all at once if you do not want to.
They should be in a very short bite size segments of 5 to 10 minutes each.
But you should be able to get through the entire package in a very reasonable
amount of time.
I will start of with a typical scenario of software defined storage storytelling,
Then we will go into the overview of ACI,
7
Course Modules (Continue)
3. Technology Fundamentals
1. Storage Cluster
• Failure Domains
• Data Distribution Models
• Disk Roles and Storage Tiers
2. Networking Concepts
• Understanding Traffic Types
• Private and Public Networks
#CyberFit Academy
Followed by ACI technology fundamentals on

storage cluster and networking concepts
8
Cyber Protect Cloud
Case Study
#CyberFit Academy
In this section, I will be sharing with you a case study of

How MSPs can reduce their cloud storage cost by
using Acronis Cyber Infrastructure for their backup storage
9
Meet Joseph
(MSP Business Owner)
Started with one office
Now has 6 branches across the country
Selling Acronis Cyber Protect Cloud with

Advanced Packs
#CyberFit Academy
Meet Joseph an MSP business owner.

His business started of with one office during COVID pandemic era
And now they have expanded to 6 branches across the country
Their primary business is into system integration for SMBs

They are mainly selling Acronis Cyber Protect Cloud managed backup as a service and
data protection to their customers
10
Challenges and Points of
Consideration
Data Storage Requirement

Increasing Daily
• Customers data storage keeps on growing

exponentially
• Almost doubling every month
• Looking for a more affordable storage
solution
• Minimize OpEx relying on cloud storage
#CyberFit Academy
As day goes by, their customers’ data storage utilization grows

It is almost doubling every month
Joseph is looking for a more affordable solution

for customers’ data storage requirement
Where they can minimize their operation expenditure
which is currently relying on Acronis Cloud storage
11
Challenges and Points of
Consideration
Need the Perfect Storage Solution

• Been researching for the perfect solution
• Most HCI appliances requires specific
vendor proprietary hardware
• High CapEx
• Targets mainly enterprises for VDI and
Datacenter Consolidation
#CyberFit Academy
Joseph has been researching for the perfect storage solution on his own
Most hyperconverged infrastructure appliances out there requires vender specific

proprietary hardware
Plus this would require a high capital expenditure
It targets mainly enterprises for virtual desktop infrastructure and datacenter

consolidation
12
Benefits
Acronis Cyber Infrastructure

 Hardware vendor neutral Hyperconverged
Infrastructure (HCI)
 Flexible license
 Reduce TCO
 Covers all storage types with a universal storage
solution
 Backup storage, S3, block storage, and NFS
#CyberFit Academy
After discussing his concerns with their Acronis Account Manager, Joseph came to
know of Acronis Cyber Infrastructure
It is a hardware neutral hyperconverged infrastructure.
It offers flexible licensing options
It helps to reduce his total cost of ownership
Plus it covers all storage types with a universal storage solution
It can support Acronis Cyber Protect Cloud backup storage, S3, block storage, and NFS
storage types
This is the perfect storage solution for him that can meet all his customers’ storage
requirements
13
Section Summary
One of the pain points for MSPs is their ever-

1 growing customer data storage requirements.
HCI appliances are very costly and requires vendor

2 specific hardware. They mainly target VDI and
Datacenters
By adopting Acronis Cyber Infrastructure, MSPs can

3 scale out cost efficient multipurpose storage
infrastructure for cyber protection
#CyberFit Academy
Okay now to quickly recap what we have learnt in this module.

One of the main pain points for MSPs are their ever growing customer data storage
requirement
Hyperconverged Infrastructure appliances are very costly and requires vendor specific
hardware
which mainly target Virtual Desktop Infrastructures and Datacenters
By adopting Acronis Cyber Infrastructure,
MSPs can scale out cost efficient multipurpose storage infrastructure for cyber
protection
14
Overview
#CyberFit Academy
In this section,
we will be going through the overview of Acronis Cyber Infrastructure.
15
Section 2 – Overview
Modules
1. What is ACI?
2. ACI in Acronis Ecosystem
3. Backup Storage Architecture
4. Deployment Options
5. Acronis Cyber Protect Cloud Back-end Options
6. Licensing Models
#CyberFit Academy
There are 6 modules that we will be covering in this section.

First, what is ACI?
Then using ACI in Acronis ecosystem
Followed by Backup Storage Architecture, deployment options, back end options
And finally licensing models
16
What is ACI?
#CyberFit Academy
In this module,
We will be covering What is ACI?
17
An integrated suite of software and
hardware technologies providing the
Advanced Security
Advanced Disaster
Advanced Backup
Advanced Email
Sync and Share

Cyber Protect
Advanced File
Cyber Notary
Management
foundation for Acronis Cyber
Cyber Files
Advanced
Recovery
Security
Acronis
Acronis
Acronis
Cloud
Cloud
Cloud
Protection services
 Hyper-convergence Acronis Cyber Protection services
 Easy-to-use Acronis Cyber Platform

 Security Acronis Cyber Infrastructure
 High availability Storage Compute Network
 Scalability
#CyberFit Academy
Acronis Cyber Infrastructure is a new generation hyperconverged infrastructure that

combines universal storage and high‐performance virtualization, designed for both service
providers and business customers.
Its flexible licensing reduces barriers to entry and makes it easier to balance costs with
revenue generation.
Acronis Cyber Infrastructure can be used as a scale‐out storage for all Acronis Cyber
Protection Solutions.
Additionally, it supports bare‐metal deployment and deployment in virtual environment —
VMware or public clouds such as Microsoft Azure, Google Cloud Platform, Amazon Web
Services (AWS).
For simplified management, different workloads can be run on the same cluster
Among the key features of ACI are:
Hyper‐convergence: A single infrastructure solution for all Acronis Cyber Protection services
Easy‐to‐use: Intuitive GUI allows for rapid deployment and easy management, saving time
for IT administrators
Security: Keep data safe, thanks to external traffic encryption, data‐at‐rest encryption, and
the built‐in firewall
High availability: Features a clustered architecture with no single point of failure
Scalability: Start small and expand as needed with pay‐as‐you‐go pricing
18
Cover all use-cases and scenarios with
one solution
 Reduce TCO
 Improve IT Productivity
 Deliver Innovative Cyber Protection
 Ensure Seamless Integration
 Eliminate Resource Silos
#CyberFit Academy
Acronis Cyber Infrastructure covers all use cases and scenarios with one solution
It helps you to
Reduce TCO
Shrink costs by working with industry‐standard hardware and pay‐as‐you‐go licensing
Improve IT Productivity
Leverage agile implementation, deployment, maintenance, and management with an
easy‐to‐use GUI and single sign on (OpenID)
Deliver Innovative Cyber Protection
Protect against component failures and data corruption with flexible erasure coding
and mirroring, and inbound firewall rules for node interfaces
Ensure Seamless Integration
Work optimally with Acronis cyber protection solutions to completely protect data on
any workload — anytime and anywhere
Eliminate Resource Silos
Offer software‐defined block, file, and object storage in a single IT infrastructure
solution
19
What is ACI?
Acronis Cyber Infrastructure is a Linux-
based OS with additional functionality
included
• Installed on bare-metal servers or

inside virtual machines
• Unites them into a single cluster,
which can be easily scaled by
adding disks or nodes
• Cluster is managed via a web-based
admin panel and the command line
• ACI’s OS is based on CentOS Linux
distribution
#CyberFit Academy
Acronis Cyber Infrastructure is a linux based operating system with

Additional functionality included
It can be installed on bare metal servers or inside virtual machines
It unites the servers or VMs into a single cluster
Which can be easily scaled by adding disks or nodes
This cluster is managed via a web based admin panel and also using command line.
Acronis Cyber Infrastructure’s operating system is based on CentOs linux distro
20
What is ACI? (Continue)
Acronis Cyber Infrastructure is
a Storage
STORAGE
• Storage system designed to
store data
• What kind of data is supported?
Everything:
 Databases
 Photos/Videos
 VM disks
 User files
 Whatever you want!
#CyberFit Academy
Acronis Cyber Infrastructure is also a storage system designed to store data
So what kind of data is supported?

From databases, photos, videos, Virtual Machine disks, user files
Basically everything that you think of to save and store
21
What is ACI? (Continue)
Acronis Cyber Infrastructure is a
Virtualization platform
 Includes a built-in hypervisor service
 Virtualization building and
management approach is based on
open-source technology –
OpenStack
 Virtual machines may run both
Windows and Linux Guest OSes
#CyberFit Academy
Acronis Cyber Infrastructure is also a virtualization platform.
It includes a built in hypervisor service
Virtualization building and management approach is based on open source

technology, OpenStack
Guest virtual machines can run both Windows and Linux operating systems
22
ACI Storage Cluster
Cluster is a number of servers (nodes) that are
sharing their storage capacity I am a
Cluster may consist of any number of nodes
Cluster
too!
I am a
Cluster!
#CyberFit Academy
As you can see here on this slide,

A group of servers are a cluster and
A standalone server can also be a cluster.
Acronis Cyber Infrastructure Storage Cluster combines

any number of servers or nodes that are sharing their storage capacity
This cluster may consist of any number of nodes
23
Section Summary
Acronis Cyber Infrastructure is a multi-tenant, hyper-

1 converged infrastructure solution for cyber
protection
Helps reduce the total cost of ownership (TCO) and
maximize productivity with a trusted IT infrastructure
2 solution that runs disaster recovery workloads and
stores backup data in an easy, efficient and secure
way
Acronis Cyber Infrastructure has been optimized to
3 work with Acronis Cyber Protect Cloud services to
ensure seamless operation
#CyberFit Academy
Acronis Cyber Infrastructure is a multi tenant, hyper converged infrastructure solution

for cyber protection
It helps to reduce total cost of ownership and

maximize productivity with a trusted IT infrastructure solution that
runs disaster recovery workloads and
stores backup data in an easy, efficient, and secure way
Acronis Cyber Infrastructure has been optimized to work with

Acronis Cyber Protect Cloud services to ensure seamless operation
24
ACI in Acronis Ecosystem
#CyberFit Academy
In this module,
We will be covering Acronis Cyber Infrastructure in Acronis Ecosystem
25
Integrated Platform
An integrated solution of cyber security, backup, disaster recovery,
management and automation built specifically for SPs
#CyberFit Academy
Before we continue further with the course,

I would like to provide a very brief overview of the Acronis Cyber Protect Cloud.
This will help you understand the structure of our training.
We begin with the fact that the system that you are looking at is one integrated
system,
not simply a series of products.
It provides cybersecurity, backup, disaster recovery management, and

automation tools that work in a fully integrated.
It supports a full line of physical, virtual, and cloud workloads to

ensure you can cover your customer's entire stack in one view.
This system is designed specifically for

service providers to provide solutions for security.
26
Integrated Platform
An integrated solution of cyber security, backup, disaster recovery,
management and automation built specifically for SPs
The Acronis Infrastructure
Acronis is the only company in the world that

delivers a purpose built network connected to
52 data centers for compute and storage needs.
Acronis Infrastructure
Acronis Storage Compute Network

Data Center
Technicians
Owner
#CyberFit Academy
And it is important to note that this entire multi‐tier,

multi‐tenant system resides on Acronis Cyber Infrastructure.
27
Acronis Cyber Infrastructure in
Acronis Data Centers
250+ petabytes 5,000,000

of data workloads
#CyberFit Academy
Acronis Cyber Infrastructure is being used in Acronis Cyber Cloud data centers
worldwide.
With over 250 petabytes of data stored and over 5 million workloads protected
globally.
This is the heart to all Acronis Cyber Protect Cloud’s operation.
28
Ensure compliance and a local presence
Choose from 49 data centers worldwide to store data – Acronis Hosted, Google
Cloud and Microsoft Azure
over 49
DATA CENTERS
Acronis Data Acronis SCS Google Data Azure Data
Centers Data Centers Centers Centers
#CyberFit Academy
Acronis has data centers all over the world and is adding more all the time.
To ensure compliance and having a local presence,

We have over 50 Acronis Cyber Cloud data centers worldwide to store your
customers’ data.
For locations that we don’t have our own Acronis Cyber Cloud data centers,
we are partnering with Google Cloud Platform and Microsoft Azure to serve you even
better.
29
ACI Use Cases: Acronis Solutions
How partners can use ACI in combination with other Acronis solution?
Infrastructure for Storage for Acronis Cyber
Backup storage
DR Cloud Files Cloud
 Aka. partner-owned storage, or  Allows using ACI as a back-end  S3-compatible storage for
simply partner storage: for Disaster Recovery service: storing File Sync & Share users
• secure and reliable storage for • compute resources for Cloud data:
Acronis Cyber Protect Cloud’s VMs’ creation and management • can be used instead of default
backups ACFC Acronis storage
• hot (high-performance) storage
• installed on customer’s premises for DR Cloud servers
#CyberFit Academy
Among some of the Acronis Cyber Infrastructure use cases for Acronis Cyber Protect
Cloud solutions are
First is backup storage,

Also known as partner owned storage.
It provides secure and reliable storage for Acronis Cyber Protect Cloud backups
It must be installed on customer’s premises.
Second is infrastructure for disaster recovery cloud

It allows using Acronis Cyber Infrastructure as a back end for disaster recovery service
It is used for compute resources for Cloud virtual machines creation and
management
It offer high performance storage for DR cloud servers
Lastly is storage for Acronis Cyber Files Cloud

It provides S3 compatible storage for storing file sync and share users data
It can be used instead of default Acronis Cyber Files Cloud storage
30
Section Summary
Acronis has been using Acronis Cyber Infrastructure

1 as the platform to run Acronis Cyber Protect Cloud
in our own data centers for more than seven years.
2 It stores 250+ PB of backed-up data from more than

5,000,000 servers, PCs and mobile devices.
Three main partner use cases for ACI – Backup

3 storage, Infrastructure for DR Cloud, and Storage for
Acronis Cyber Files Cloud.
#CyberFit Academy
Acronis has been using Acronis Cyber Infrastructure as the platform to

run Acronis Cyber Protect Cloud in our own data centers for more than eight years
It stores over 250 petabytes of backed up data from more than 5 million workload
devices
The three main use cases for Acronis Cyber Infrastructure are
Backup storage, Infrastructure for Disaster Recovery Cloud, and
Storage for Acronis Cyber Files Cloud
31
Backup Storage Architecture
#CyberFit Academy
In this module,
We will be covering Acronis Cyber Infrastructure Backup Storage Architecture
32
Backup Storage: Back-ends
Supported back-ends:
Local ACI cluster’s NFS share Public Cloud

storage
#CyberFit Academy
In a nutshell,
backup storage or Acronis Backup Gateway (ABGW) is a proxy service that
works with the data that was backed up using Acronis Cyber Protect cloud.
ABGW receives the back data and then forwards it to the storage backend.
The backup storage service supports three different types of backends.
They are the local disks of Acronis Cyber Infrastructure, remote NFS share, and public
cloud.
In order to be able to perform successful backups to cloud storage or to perform
recovery from cloud backups,
it's mandatory that the backup storage is up and running.
If the backup storage service is not available, it would not be possible to access cloud
backup.
===
In a nutshell, Backup storage (ABGW) is a proxy service, that receives data backed up
via Acronis Cyber Protect Cloud. Then ABGW sends data to its final destination (a.k.a.
ABGW’s back‐end).
33
Backup Storage: Local Storage

• Common keeping Acronis Cyber
Protect Cloud’s backups on ACI cluster Node 1 Node 2 Node 3
• Backups are stored on CS (chunk Backup Storage (ABGW)
server) disk
• ACI allows connect remote iSCSI
devices to nodes and perceive their
LUNs as storage disks
• Connect iSCSI devices to ACI nodes
and then assign disk roles to each
iSCSI disk
iSCSI
SAN
#CyberFit Academy
One of the most common cases is

when backup storage is using the ACI cluster itself as a storage form backups.
In this case,
the backup data has been distributed across all the disks with chunk server rolls.
In order to expand the clusters capacity,
it's just necessary to add more disks to the cluster nodes and
then assign chunk server roles to those disks.
It is also possible to connect the remote iSCSI device to
a particular ACI node and thus expand the capacity by
assigning chunk server roles to the remote iSCSI discs.
From the clusters perspective, it would look like yet another local disk.
===
The most common scenario is keeping Acronis Cyber Protect Cloud’s backups on ACI
cluster itself. In this case, backups are stored on CS (chunk server) disk
Acronis Cyber Infrastructure allows you to connect remote iSCSI devices to nodes and
perceive their LUNs as storage disks. Connect iSCSI devices to ACI nodes and then
assign disk roles to each iSCSI disk
34
Architecture: Local Storage
#CyberFit Academy
Here is the diagram described in the process of

cloud backup when backup storage is using ACI’s local disk as a backend.
35
Backup Storage: NFS
• Using Backup Storage with NFS back-end, backed
up data will go through ABGW, but is not kept on ACI Acronis Cyber Infrastructure
cluster
Backup Storage (ABGW)
• It is forwarded to external storage device with NFS
configured on it
• Local storage is used to keep non-critical service
information about backup archives
• Data redundancy has to be provided by the external
storage device
• Due to limitations of NFS protocol, Backup Storage
service can be running only on a single node
• Important: NFS here has nothing to do with NFS
service that can be configured on top of ACI.
“Backup Storage + NFS backend” means some NAS
standalone device with NFS configured
#CyberFit Academy
The second type of a backend full backup storage service is a remote NFS share.
In this setup,
the backup storage service receives the backup data and
then forward the 2 remote device over NFS protocol.
In this case,
the backup data is not kept on ACI.
The redundancy of the backup data is supposed to
be guaranteed by the external device where the NFS share was set up.
There is an important limitation when backup storage is using the NFS backend.
In this case,
the backup storage service can be set up only on top of a single node.
This is a limitation of the NFS protocol,
not the limitation of ACI.
Since backup storage will be running on top of just a single node and
becomes highly vulnerable for the possible hardware issue.
If the node with the backup storage service goes down,
the service will become unavailable and people will not be able to
perform backup and recovery operations.
An additional note here,
36
when we are saying backup storage with NFS backend,
it means that the NFS share will be configured on an external device,
not on ACI itself.
===
While using Backup Storage in combination with NFS back‐end, backed up data will go
through ABGW, but is not kept on ACI cluster. Rather it is forwarded to external
storage device with NFS configured on it
Local storage is used to keep non‐critical service information about backup archives
Data redundancy has to be provided by the external storage device
Due to limitations of NFS protocol, Backup Storage service can be running only on a
single node. In other words, no ABGW service redundancy available in this case
Important: NFS here has nothing to do with NFS service that can be configured on
top of ACI. When we say “Backup Storage + NFS backend” we always mean some
standalone device with NFS configured
36
Architecture: NFS
NFS
protocol
EXTERNAL
NFS SHARE
#CyberFit Academy
Here is the diagram that describes a process of cloud backup.

In case of using an NFS backend for the backup storage,
we can see that the backup data is flowing through the ACI cluster,
but its final destination is an external NFS share.
37
Backup Storage: Public Cloud
• Backup Storage service can be used in combination
with Public Cloud services: Google cloud, Amazon Acronis Cyber Infrastructure
AWS etc
Backup Storage (ABGW)
• Working with public clouds, Backup storage uses the
local storage as the staging area as well as to keep
service information
• It is vital that the local storage is persistent and
redundant so the data does not get lost
• Necessary to keep in mind ABGW service
redundancy: it should be running at least on two
nodes
Google Cloud
Microsoft Azure
Amazon AWS
#CyberFit Academy
The third backend type for backup storage service is public cloud.
Among the supported public cloud solutions are Google, Amazon, Microsoft, Azure,
and many others.
When using public cloud backend,
the back data is first temporary stored on ACI cluster and
then it has been forwarded to the public cloud storage
where it'll be kept permanently.
Since the data is first stored on ACI,
it is vital that the local storage is persistent and redundant so that the temporary data
does not get lost.
In other words,
your ACI cluster should not consist of just a single CS disk from the other side.
It is also important to remember that
we need to guarantee the redundancy of the backup storage service itself,
so it is supposed to be configured on multiple nodes to
ensure backup service high availability.
===
Backup Storage service can also be used in combination with Public Cloud services:
Google cloud, Amazon AWS etc. This option is useful when a person already has
38
Amazon/Google/Microsoft subscription
When working with public clouds, Backup storage uses the local storage as the
staging area as well as to keep service information. It means that the data to be
uploaded to a public cloud is first stored locally and only then sent to the destination
For this reason, it is vital that the local storage is persistent and redundant so the data
does not get lost. Thus configuring data redundancy on ACI level in such setup is
important as well
However, it’s still necessary to keep in mind ABGW service redundancy: it should be
running at least on two nodes
38
Architecture: Public Cloud
PUBLIC
CLOUD
#CyberFit Academy
Here is the diagram that illustrates the process of

cloud backup in case backup storage is using public cloud backend in
the way similar to the NFS backend.
The data is flowing through backup gateway,

but its final destination is the public cloud storage.
39
Section Summary
There are three(3) supported backup storage back-ends –

1 Local Storage, NFS Share, and Public Cloud
All three(3) backup storage architectures have similarities

– Acronis Cyber Protect Cloud > Internet > Backup
2 Gateway > [Local Storage| NFS Share| Public Cloud]
#CyberFit Academy
There are 3 different supported backup storage backends, which are

local storage, NFS share, and public cloud.
All 3 backup storage architecture have some similarities

They are using Acronis Cyber Protect Cloud connected to Internet,
Connected to Backup Gateway and
then to their respective backup storage backends.
40
Deployment Options
#CyberFit Academy
In this module,
We will be covering Acronis Cyber Infrastructure Deployment Options
41
Acronis Cyber Infrastructure: Two options
An integrated suite of software and hardware technologies
Software-only
• Run on the hardware of your choice
• Run on a third-party cloud of your choice
Pre-deployed hardware appliance

• Turn-key solution
• A five-node cluster
#CyberFit Academy
Acronis Cyber Infrastructure is easy to use, reliable, scalable, and

cost‐efficient software‐defined universal storage.
Acronis offers two delivery models for Acronis Cyber Infrastructure.
It can be provided to you as software,

which allows you to run it on the server hardware of your choice.
If you’re not interested in getting that hands‐on with a deployment,

it can also be provided as a turnkey solution,
on the pre‐installed Acronis Cyber Infrastructure hardware appliances.
The appliance has a very small data center footprint.
Each appliance is essentially a 5‐node server cluster in a box 3 rack units tall,
with Acronis Cyber Infrastructure installed in advance.
42
Understanding Storage Services
 Acronis Cyber Infrastructure allows
SERVICES
STORAGE
setting up different storage services
on top of it
 Data from different storage services is
stored across all available chunk
servers on the cluster
ROLES
DISK
 Storage service can be configured on
any cluster node, even the one that
PHYSICAL
does not have CS disks
DISKS
#CyberFit Academy
Before saving any data on your ACI cluster,

you must first set up a storage service.
Storage service is required for receiving the data that has been sent to ACI,
splitting the data into chunks, and
distributing those chunks across chunk server disks over all ACI nodes.
Acronis Cyber Infrastructure allows setting up to four different storage services.
Which are backup storage, block storage, S3 storage, and NFS storage.
The storage service that needs to be set up depends on
the type of data that you are planning to store on ACI.
For example, if you're planning to store Acronis Cyber Protect Cloud backups on ACI,
you need to set up backup storage service.
If you're planning to put some databases on our ACI cluster,
it makes more sense to set up block storage that
guarantees faster read write access to the data.
When setting up a storage service,
you need to choose on which ACI nodes this service will be running.
If the service is running on more than a single node,
it becomes highly available and more tolerant to the hardware failure
43
Disaster Recovery Infrastructure
Grow your business without complexity concerns
Acronis
 High-performance and high-availability
virtualization technology
 Single point of administration, monitoring, Virtualization
and control VM VM VM
 Highly available storage and compute

resources VM VM VM
 Software-defined network
Software-Defined Network
 Storage policies and redundancy options
per virtual machine (VM)
Software-Defined Storage
 Multi-tenant architecture
 Efficient resource management
Cluster nodes
 Fast and simple installation
 Easy integration with third-party
#CyberFit Academy
MSPs can use Acronis Cyber Infrastructure as their Disaster Recovery Infrastructure.
They can grow their business without complexity concerns.
Among the benefits of using ACI as their DR infrastructure includes:
High‐performance and high‐availability virtualization technology
Single point of administration, monitoring, and control for network, storage, and
virtual infrastructure
Highly available storage and compute resources that protect systems from node
failure
Software‐defined network for secure and isolated networking with VXLAN
encapsulation based on distributed virtual‐switching technology
Set storage policies and redundancy options per virtual machine (VM)
Multi‐tenant architecture ensures security by segregating consumption of system
resources by multiple users and requests
Efficient resource management so heavy demands on system components don’t
slowdown individual workloads
Fast and simple installation with no need for professional services
Easy integration with third‐party systems via open standard API
44
Archiving/ Secure Backup/ Cold Storage
Backup your data easily, efficiently and securely Other DC
Acronis
Virtualization
Acronis Cyber Protect and Software-Defined Network
Acronis Cyber Protect

Cloud
i
Backup Storage
Starting 21.12 release, Immutable
S3 Private/public
Storage with retention period is enabled
cloud services
by default. More information available iSCSI
here NFS
Google Cloud
Microsoft Azure
Backup and iSCSI Cluster nodes Amazon AWS
restore data SAN
#CyberFit Academy
Acronis Cyber Infrastructure can be used as a storage for the backups created with
Acronis Cyber Protect or Acronis Cyber Protect Cloud
Backup storage Service allows storing data at various destinations starting from the
local disks of ACI cluster itself and in remote NFS or public cloud storage. The back
data can be encrypted for additional security.
Plus it can be replicated to a different ACI I cluster using geo replication feature
===
• Service providers can use Acronis Cyber Infrastructure as а centralized backup
storage cluster to store clients’ backup data
• End users can leverage Acronis Cyber Infrastructure as a centralized backup storage
for local and offsite backups from remote offices and subsidiaries
• Uses industry‐standard hardware and manageable redundancy options
• Adds an additional layer of data protection with geo‐replication to another data
center
• Eliminates service interruptions because you can change or upgrade hosts or disks
on live production systems
• Encrypts data at rest
45
S3 Object Storage
Build your own Amazon S3-compatible storage cloud
 Works with Acronis Cyber Files Acronis  Provides active-active geo-
Cloud Cyber Infrastructure replication for S3 data between
data centers with full data
 Compatible with most S3 Virtualization consistency and collision
applications out of the box resolution
 Scales to billions of objects Software-Defined Network
 Offers the choice to build your

own storage off-premises, on- Software-Defined Storage
premises, or use hybrid cloud Backup Storage
customizable solution S3
iSCSI
NFS
S3-aware
applications Active-Active
Cluster nodes
S3 Geo-Replication
#CyberFit Academy
Let us also discussed some other storage services that can be set up on ACI.
Starting from S3 storage.
S3 stands for Simple Storage Solution.
S3 is the protocol developed by Amazon,
which is later adopted by other vendors.
Acronis Cyber Infrastructure allows setting up an S3 like storage which
the end users would be looking pretty much similar to
the way how they can work with Amazon S3.
ACI's S3 storage is compatible with all S3 aware applications.
Plus also ACI's S3 Storage can be used as
a background for Acronis Cyber Files Cloud Service
46
General Purpose/ File Storage
Affordable and fully manageable file shares via the NFS protocol
Acronis  Provides optimized file storage for
better performance, even for partial
Cyber Infrastructure file updates
Virtualization  Stores any type of corporate data
 Works via object storage and
Software-Defined Network scales to billions of entities
 Includes an organized file archive
• Corporate data to store older files
• Archive Backup Storage  Scales up and out so you can start
with a small system and grow as
• File sharing S3
your business grows
iSCSI
• Web hosting  Provides easy-to-use, automated,
NFS
cluster infrastructure management
 Supports all modern NFS
Cluster nodes standards, including NFS v4, and
NFS v4.1
#CyberFit Academy
ACI allows setting up a file share on top of itself, which is available over NFS protocol.
This type of storage perfectly fits the purpose of web hosting, file sharing, storing
archives, or corporate data.
In other words, the data that is not sensitive to the moderate performance.
ACI's NFS share currently supports only NFS version 4 and newer.
NFS version three or pNFS are not supported.
ACI's NFS share can be easily mounted on Linux or Mac.
For Windows the native client is not supported so far.
47
High Performance/ Hot Storage
Highly efficient, fast block storage for hot data
Acronis
 Offers highly available and secure Cyber Infrastructure
iSCSI access
 Ideal for storing critical/high Virtualization i Enable NVMe performance to
performance databases increase parallelism and throughput
Software-Defined Network of fast disk. More information here
 Stores Microsoft Hyper-V and
VMware vSphere data
 Includes SSD caching for best Backup Storage
performance S3  VMware
Block data vSphere
 Storage tiering and load iSCSI
balancing NFS  Hyper-V
 RDMA/InfiniBand usage provides  KVM
lower latency and decreases CPU Cluster nodes  Databases
load
#CyberFit Academy
The last storage service available in ACI is block storage.

Block Storage allows to export the capacity of ACI cluster over the iSCSI protocol.
Block Storage is optimized for that data that must be frequently accessed and edited.
Thus, it perfectly fits for the whole data, like virtual machines, desks, or database
files.
ACI's iSCSI targets can be attached to operating systems and
third party virtualization solutions such as HyperV or VMware is here.
For example, you can connect to ACI's block storage over iSCSI protocol
and in your operating system, the remote ACI's storage would look like another local
desk.
48
Storage Services: Tech
Representation
• When a service is configured, we can

define on which cluster nodes it will be
running simultaneously
• If the service is running on more than 1
node, this guarantees service’s high
availability
• In a nutshell, every storage service is just
yet another service running on ACI’s OS
#CyberFit Academy
When configuring a storage service, you are defining on which ACI node the service
will be running.
The more nodes you have with the same storage service, the more reliable the
service will become.
When speaking about the storage service reliability, you are not speaking about data
safety.
Storage service is something that works with the data, but storage service is not
equal to the data itself.
From a technical perspective, a storage service is yet another service that is running
on that ACI node where it was configured.
You can easily discover it by going to the common line of a particular storage node.
===
Please do not confuse storage service redundancy vs. data redundancy
49
Acronis Cyber Appliance
Optimal choice for secure storage for backups.
Comes with Acronis Cyber Infrastructure pre-

deployed on a cluster of five servers contained
in a single 3U chassis
1. Local backup storage for Acronis Cyber

Protect Cloud partners
Protect Cloud partners’ clients
Protect (on-premises) customers
#CyberFit Academy
Now let me introduce you to our ACI hardware appliance, Acronis Cyber Appliance.
This is in partnership with RNT Rausch which is a pioneer in the server and storage
industry.
Acronis Cyber Appliance is the optimal choice for secure storage for backups.
It comes with ACI pre deployed on a cluster of 5 servers contained in a single 3U
chassis.
Acronis Cyber Appliance can be used for local backup storage for
Acronis Cyber Protect Cloud and Acronis Cyber Protect (on‐premises).
50
Acronis Cyber Appliance: Specifications
Element Details
CPU 1 x 2.00GHz 16-core Intel processor
RAM 32GB
Network ports 2 x 10GbE RJ45; 2 x 10GbE SFP+
Storage 1 x SSD for OS; 1 x SSD for use as cache; 3 x HDD for data storage
#CyberFit Academy
Every Acronis Cyber Appliance comes with five server nodes installed in the chassis.
Each of the five nodes is separate hardware that runs independently of the other
nodes.
Individual nodes can be swapped out and replaced if needed.
Each server node in Acronis Cyber Appliance has its own
storage, network, memory, and CPU, as follows.
51
Section Summary
There are two(2) main deployment options – Software-

1 only and Acronis Cyber Appliance
For Software-only deployment option it has four(4) storage

types - Backup Storage (Acronis/Private/Public Cloud),
2 Object Storage (S3), Block Storage (iSCSI), and File
Storage (NFS)
Acronis Cyber Appliance is the optimal choice for secure

storage for backups. It is an easy-to-use data center for
3 block, file, and object storage. It comes with Acronis Cyber
Infrastructure pre-deployed on a cluster of five servers
contained in a single 3U chassis
#CyberFit Academy

There are 2 main deployment options for ACI, which are
software only and Acronis Cyber Appliance
For software only deployment option,
It supports 4 storage types, which are:
Backup Storage, Object Storage, Block Storage, and File Storage.
Acronis Cyber Appliance is the optimal choice for secure backup storage.
It is an easy‐to‐use data center for block, file, and object storage.
It comes with Acronis Cyber Infrastructure pre‐deployed on a
cluster of 5 servers contained in a single 3U chassis
52
Acronis Cyber Protect Cloud
Back-end Options
#CyberFit Academy
In this module,
We will be covering Acronis Cyber Protect Cloud Backend Options
53
Acronis-hosted Model
Cloud storage is located in the Acronis data centers. Acronis Cyber Infrastructure is installed
on physical servers, data is stored on them
Acronis Data Center
Acronis Cyber Protect Cloud Management Components

Acronis Cyber Infrastructure, used as a backup storage service
Acronis Cyber Infrastructure installed on physical servers to
backup data
Target
Audience Partners with no data center infrastructure, who want a turnkey solution from Acronis
#CyberFit Academy
First up, we have Acronis hosted model

The cloud storage is located in the Acronis data centers.
Acronis Cyber Infrastructure is installed on physical servers and data is stored on
them.
This is suitable for partners with no data center infrastructure and
Who want a turnkey solution from Acronis.
54
Hybrid model: Option 1
Cloud storage is located in the service provider’s data center. Acronis Cyber Infrastructure is
installed on physical servers, data is stored on them
Acronis Data Center Partner Data Center (On-Premise)
Acronis Cyber
Acronis Cyber Protect Cloud Infrastructure is installed Backup is stored on
Management Components on physical servers them
Target
Audience Partners with own data center, ready to invest in new physical servers or have unutilized ones
#CyberFit Academy
Next we have several hybrid models options.

For the first hybrid model option,
Cloud storage is located in the service provider’s data center.
Acronis Cyber Infrastructure is installed on physical servers and data is stored on
them.
This is suitable for partners with own data center and
are ready to invest in new physical servers or have unutilized ones.
55
Cloud storage is located in the service provider’s data center. Acronis Cyber Infrastructure is installed on
a virtual machine (VM) used as a gateway. Data is stored on a service provider’s third-party NFS or S3
storage
Acronis Data Center Partner Data Center (On-Premise)
Acronis Cyber Protect Cloud Acronis Cyber Infrastructure NFS or S3 for backup
Management Components is installed on VM storage
Target
Audience Partners with own data center and third-party NAS or object storage solution
#CyberFit Academy
For the second hybrid model option,

Cloud storage is located in the service provider’s data center.
Acronis Cyber Infrastructure is installed on virtual machine (VM) used as a gateway.
Data is stored on a service provider’s 3rd party NFS or S3 storage.
This is suitable for partners with own data center and

3rd party NAS or object storage solution.
56
Cloud storage is located in a public cloud (Azure and Amazon). Acronis Cyber Infrastructure is installed
on a virtual machine (VM) in the same cloud
Acronis Data Center Partner Data Center in Public Cloud
Acronis Cyber Infrastructure Backup is stored in

Acronis Cyber Protect Cloud is installed on a VM from a the third-party public cloud
Management Components template in the public cloud (e.g. Amazon and Google)
Target Partners with no data center infrastructure, who’d like to leverage their Azure or Amazon
Audience subscriptions
#CyberFit Academy
For the third hybrid model option,

Cloud storage is located in a public cloud such as Azure and Amazon.
Acronis Cyber Infrastructure is installed on virtual machine (VM) in the same cloud.
Data is stored on a service provider’s 3rd party public cloud.
This is suitable for partners with no data center infrastructure and

who would like to leverage their Azure or Amazon subscriptions.
57
Cloud storage is located in a public cloud (e.g. Wasabi). Acronis Cyber Infrastructure is
installed on a virtual machine (VM) used as gateway
Acronis Data Center Partner Data Center Third-party cloud
Acronis Cyber Protect Acronis Cyber Infrastructure Backup is stored in a third-

Cloud Management is installed on a VM party public cloud (e.g.
Components Wasabi)
Target Partners, using affordable third-party public cloud storage (third-party doesn’t have VM
Audience service)
#CyberFit Academy
For the forth hybrid model option,

Cloud storage is located in a public cloud such as Wasabi.
Acronis Cyber Infrastructure is installed on virtual machine (VM) used as a gateway.
Data is stored on a service provider’s 3rd party public cloud.
This is suitable for partners using affordable 3rd party public cloud storage where
the 3rd party public cloud doesn’t have VM service.
58
Section Summary
There are five(5) different Acronis Cyber Protect

1 Cloud back-end option models – Acronis-hosted
and Hybrid Options (1 to 4)
For Hybrid model option 1 and 2 the cloud storage is

2 located in the service provider’s data center
While Hybrid model option 3 and 4 the cloud

3 storage is located in a public cloud
#CyberFit Academy
There are 5 different Acronis Cyber Protect Cloud backend option models:
Which are Acronis hosted and hybrid options 1 to 4.
For hybrid model options 1 and 2,

The cloud storage is located in the service provider’s data center.
While Hybrid model options 3 and 4,

The cloud storage is located in a public cloud.
59
Licensing Models
#CyberFit Academy
In this module,
We will be covering Acronis Cyber Infrastructure Licensing Models
60
Licenses
Three licensing models: Trial, SPLA and License keys
• Trial allows saving up to 1 TB of data on the cluster. Trial
license has no expiration period
• License keys are time-limited and grant a certain storage

capacity. If a commercial license is already installed, a key
augments its expiration date and storage limit
• SPLA – Service Provider License Agreement. SPLA

implements a PayG model: it grants unlimited storage
capacity and customers are charged for their actual
usage of these resources. With SPLA, ACI automatically
sends reports to Acronis Cyber Cloud once every four
hours. If no reports have been received for two weeks,
the license expires
If a license expires, all write operations to the

storage cluster stop until a valid license is installed
#CyberFit Academy
Let's discuss the licensing models of Acronis Cyber Infrastructure.

There are three different licensing models how ACI can be licensed.
They are trial license, license key, and Service Provider License Agreement (SPLA).
Trial license is the one that is assigned to ACI automatically as soon as
you create an ACI cluster. The trial license allows to store up to 1 terabyte of data on
the cluster,
regardless of the data type. So it can be iSCSI data, backup storage data, NFS data, or
all of them combined.
Trial license has no time limit.
Therefore,
you can use it as long as your data doesn't go over one terabyte limit.
As soon as one terabyte limit is exceeded,
it would not be possible to put additional data to the ACI cluster.
Thus, you will have to either license it with SPLA or license key.
The second type of license is called license key or serial number.
Every license key has a certain period for validity.
61
In general,
it is one year plus also a certain threshold in terms of maximum data size that
can be stored on the cluster.
For example, 5, 10, or 20 terabytes.
Whenever the validity period has expired or the data total limit has exceeded,
the license needs to be switched with another one.
Otherwise, the cluster would not allow to place more data on it.
And the third type of license is SPLA or Service Provider License Agreement.
SPLA implements a Pay as you Go model.
In general,
SPLA is recommended to be used along with Acronis Cyber Protect Cloud Solution.
In SPLA licensing,
Acronis Cyber Infrastructure automatically sends and
reports to Acronis Cyber Protect Cloud once every four hours.
If no reports have been received for two weeks, the SPLA license automatically gets
expired
and the right operations to the cluster are suspended until
the point the cluster will be able to communicate with Acronis Cyber Protect Cloud
and report ACI's cluster or storage consumption again.
===
Trial allows saving up to 1 TB of data on the cluster. Trial license has no expiration
period
License keys are time‐limited (most commonly – 1 year long) and grant a certain
storage capacity. If a commercial license is already installed, a key augments its
expiration date and storage limit
SPLA – service provider license agreement. The SPLA implements a pay‐as‐you‐go
model: it grants unlimited storage capacity and customers are charged for their actual
usage of these resources. With an SPLA, Acronis Cyber Infrastructure automatically
sends reports to Acronis Cyber Cloud once every four hours. If no reports have been
received for two weeks, the license expires
If a license expires, all write operations to the storage cluster stop until
a valid license is installed.
61
Licensing Rules
Which license is required
Backup storage Non-backup storage usage

Public Cloud
Local cluster Compute Block
NFS share (S3, Azure, Swift NFS S3
disks storage storage
etc.)
License
Acronis Cyber Protect Cloud SPLA*/ License key SPLA*/ License key
key
Acronis Cyber Protect (on-
License key Trial** Trial** License key
prem)
* - SPLA is the recommended option for Acronis Cyber Protect Cloud

** - if cluster’s Logical space consumption < 1 TB, else License key is required
#CyberFit Academy
This table describes the type of license that

you should be choosing depending on the ACI's use case.
In case ACI is used as a backup storage for Acronis Cyber Protect Cloud's backups,
The recommended option is SPLA.
However, it is also technically possible to use the license key either
For Acronis Cyber Protect on‐premise version,
the only recommended option is to use the license key.
Regardless of what kind of product we're talking about,
either Acronis Cyber Protect Cloud or Acronis Cyber Protect on premise,
you can keep using the trial license.
In case you're not planning to store more than one terabyte of data on the cluster.
This pretty much falls into the scenario when
you are setting up a backup storage with public cloud or NFS backend.
In this case,
the data will not be stored on the ACI cluster itself,
but rather on the third party backend.
Most definitely, you will never go over the one terabyte limit.
Therefore, there is no need to license the cluster.
So the trial license will be pretty much sufficient.
62
Licensing Model and SKU for Service Providers
A service provider’s Acronis Cyber Infrastructure commitment is combined with their overall
cloud commitment. Billable usage is calculated monthly, based on total storage used by the
last day of the month
Using Acronis Cyber Infrastructure:
• Service providers will NOT be charged if Acronis Cyber Infrastructure is used for storing archives from
Acronis Cyber Protect Cloud
• Service providers will be charged if Acronis Cyber Infrastructure is used for any other type of
workload or if using a third-party backup solution
SKU Product name Description

Service Provider License Agreement (SPLA) — Refers to storage space that’s used for any type
SCVAMSENS
Acronis Cyber Infrastructure (per GB) of workload except backup
#CyberFit Academy
Service Provider’s Acronis Cyber Infrastructure commitment is combined with

Their overall cloud commitment.
Billable usage is calculated monthly,
Based on total storage used by the last day of the month.
Service Providers will not be charged if Acronis Cyber Infrastructure is used for
Storing archives from Acronis Cyber Protect Cloud.
Service Providers will be charged if Acronis Cyber Infrastructure is used for any other
type of workload or
If using a 3rd party backup solution,
Depending on the Gigabytes consumed
There is only 1 SKU for SPLA licensing model based on per GB consumption.
===
• Service providers will NOT be charged if Acronis Cyber Infrastructure is used for
storing archives from Acronis Cyber Protect Cloud. (This does not mean that the
Acronis Cyber Protect Cloud solution itself is free.)
• Service providers will be charged if Acronis Cyber Infrastructure is used for any
other type of workload
(e.g object data, file data, block data storage) or if using a third‐party backup
solution, depending on the GBs consumed
63
Licensing Model for On-premises Deployment
When used in on-premises deployment, Acronis Cyber Infrastructure is licensed by means of

subscriptions. Partners can choose between different subscription periods (1, 2, 3, 4 or 5
years)
Using Acronis Cyber Infrastructure (on-premises deployment):
• Partners are charged based on the chosen subscription period

• Subscription periods have scalable terabytes of storage, starting with 10 TB as a minimum subscription
• Maintenance and support as are included in the subscription price
• Recommended for fixed-term contracts
#CyberFit Academy
When used in on premises deployment,

Acronis Cyber Infrastructure is licensed by means of subscriptions.
Partners can choose between different subscription periods starting from 1 to 5
years.
Partners are charged based on the chosen subscription period.
Subscription periods have scalable terabytes of storage,
Starting with 10 TB as a minimum subscription.
Maintenance and support are included in the subscription price
This licensing model is recommended for fixed term contracts
.
64
SKUs for On-premises Deployment
SKU Product name Description
SCPBEBLOS11 Acronis Cyber Infrastructure Subscription License 10 TB, 1 Year Refers to one year subscription license with 10 TB included storage
SCPBEDLOS11 Acronis Cyber Infrastructure Subscription License 10 TB, 2 Year Refers to two years subscription license with 10 TB included storage
SCPBEILOS11 Acronis Cyber Infrastructure Subscription License 10 TB, 3 Year Refers to three years subscription license with 10 TB included storage
SCPBEKLOS11 Acronis Cyber Infrastructure Subscription License 10 TB, 4 Year Refers to four years subscription license with 10 TB included storage
SCPBEJLOS11 Acronis Cyber Infrastructure Subscription License 10 TB, 5 Year Refers to five year subscription license with 10 TB included storage
SCQBEBLOS11 Acronis Cyber Infrastructure Subscription License 50 TB, 1 Year Refers to one year subscription license with 50 TB included storage
SCQBEDLOS11 Acronis Cyber Infrastructure Subscription License 50 TB, 2 Year Refers to two years subscription license with 50 TB included storage
SCQBEILOS11 Acronis Cyber Infrastructure Subscription License 50 TB, 3 Year Refers to three years subscription license with 50 TB included storage
SCQBEKLOS11 Acronis Cyber Infrastructure Subscription License 50 TB, 4 Year Refers to four years subscription license with 50 TB included storage
SCQBEJLOS11 Acronis Cyber Infrastructure Subscription License 50 TB, 5 Year Refers to five years subscription license with 50 TB included storage
SCRBEBLOS11 Acronis Cyber Infrastructure Subscription License 100 TB, 1 Year Refers to one year subscription license with 100 TB included storage
SCRBEDLOS11 Acronis Cyber Infrastructure Subscription License 100 TB, 2 Year Refers to two years subscription license with 100 TB included storage
SCRBEILOS11 Acronis Cyber Infrastructure Subscription License 100 TB, 3 Year Refers to three years subscription license with 100 TB included storage
SCRBEKLOS11 Acronis Cyber Infrastructure Subscription License 100 TB, 4 Year Refers to four years subscription license with 100 TB included storage
SCRBEJLOS11 Acronis Cyber Infrastructure Subscription License 100 TB, 5 Year Refers to five years subscription license with 100 TB included storage
SCTBEBLOS11 Acronis Cyber Infrastructure Subscription License 500 TB, 1 Year Refers to one year subscription license with 500 TB included storage
SCTBEDLOS11 Acronis Cyber Infrastructure Subscription License 500 TB, 2 Year Refers to two years subscription license with 500 TB included storage
SCTBEILOS11 Acronis Cyber Infrastructure Subscription License 500 TB, 3 Year Refers to three years subscription license with 500 TB included storage
SCTBEKLOS11 Acronis Cyber Infrastructure Subscription License 500 TB, 4 Year Refers to four years subscription license with 500 TB included storage
SCTBEJLOS11 Acronis Cyber Infrastructure Subscription License 500 TB, 5 Year Refers to five years subscription license with 500 TB included storage
SCUBEBLOS11 Acronis Cyber Infrastructure Subscription License 1000 TB, 1 Year Refers to one year subscription license with 1000 TB included storage
SCUBEDLOS11 Acronis Cyber Infrastructure Subscription License 1000 TB, 2 Year Refers to two years subscription license with 1000 TB included storage
SCUBEILOS11 Acronis Cyber Infrastructure Subscription License 1000 TB, 3 Year Refers to three years subscription license with 1000 TB included storage
SCUBEKLOS11 Acronis Cyber Infrastructure Subscription License 1000 TB, 4 Year Refers to four years subscription license with 1000 TB included storage
SCUBEJLOS11 Acronis Cyber Infrastructure Subscription License 1000 TB, 5 Year Refers to five years subscription license with 1000 TB included storage
#CyberFit Academy
The table here shows all the SKUs for ACI on premises deployment.
65
Section Summary
There are three(3) different licensing models – Trial,

1 License Keys, and SPLA
For cluster logical space consumption greater than 1 TB,

2 license is required
SPLA is the recommend licensing model for Acronis Cyber

3 Protect Cloud storage
#CyberFit Academy

There are 3 different licensing models, which are
Trial, License Keys, and SPLA.
For cluster logical space consumption greater than 1 TB,
License is required.
SPLA is the recommended licensing model for Acronis Cyber Protect Cloud’s storage.
66
Technological Fundamentals
#CyberFit Academy
In this section,
we will be going through the Technological Fundamentals of Acronis Cyber
Infrastructure.
67
Section 3 - Technological Fundamentals
Modules
1. Storage Cluster
1. Failure Domains
2. Data Distribution Models
3. Disk Roles and Storage Tiers
2. Networking Concepts
1. Understanding Traffic Types
2. Private and Public Networks
#CyberFit Academy
There are 2 main modules that we will be covering in this section.
First, is storage cluster where we will discuss about

failure domains, data distribution models, disk roles, and storage tiers
Then followed by Networking concepts where we will discuss about

traffic types and private or public networks.
68
Storage Cluster
#CyberFit Academy
In this module,
We will be covering Acronis Cyber Infrastructure Storage Cluster
69
About Storage Cluster
The storage cluster The cluster space can be ACI is integrated with Geo-replication is available
provides the most used for: Acronis Cyber Protection for Backup Gateways set
efficient usage of the solutions for storing up on different storage
hardware with: backups in: backends:
• Erasure coding • iSCSI block • The cluster • A local storage

storage cluster
• Integrated SSD • Sending them to
caching • S3 object storage cloud services • NFS share
• Automatic load • File storage (NFS) • Storing them on • Public cloud
balancing NAS via the NFS
protocol
• RDMA/InfiniBand
support
#CyberFit Academy
The storage cluster provides the most efficient usage of the hardware with
erasure coding, integrated SSD caching, automatic load balancing, and
RDMA/InfiniBand support.
The cluster space can be used for:

• iSCSI block storage (hot data and virtual machines)
• S3 object storage (protected with geo‐replication or cross‐region replication
between datacenters)
• File storage (NFS)
In addition,
Acronis Cyber Infrastructure is integrated with Acronis Cyber Protection solutions for
storing backups in the cluster, sending them to cloud services
(like Google Cloud, Microsoft Azure, and AWS S3), or
storing them on NAS via the NFS protocol.
Geo‐replication is available for Backup Gateways set up on different storage

backends:
a local storage cluster, NFS share, or public cloud.
70
About Storage Cluster
Data storage policies can be
customized to meet various use
cases: each data volume can
have a specific:
• Redundancy mode
• Storage tier
The data can be encrypted with the
• Failure domain AES-256 standard.
#CyberFit Academy
Data storage policies can be customized to meet various use cases:

each data volume can have a specific redundancy mode, storage tier, and failure
domain.
Moreover, the data can be encrypted with the AES‐256 standard.
71
Failure Domains
#CyberFit Academy
In this module,
We will be covering Acronis Cyber Infrastructure Failure Domains
72
Failure Domains
• Define a scope (for example, a disk, a host or a Ouch!
rack) which can fail
• Disk failure domain, the cluster data will tolerate a failure But the data is
of a disk: the remaining disks will provide for the data
availability.
still OK!
• Host failure domain, the loss of an entire node would
not result in the loss of data availability
• The more nodes you have – the more reliable

and redundant you can configure your storage
cluster
• The maximum number of disks
(nodes/racks/etc.) that can be lost without
actually loosing useful data, can be chosen
while configuring a particular storage service
#CyberFit Academy
While the most important terms for understanding ACI is failure domain.
Failure domain defines the tolerance of ACI cluster to hardware failures.
When configuring failure domain,
we in fact define a scope of what actually we can lose without losing the data.
For example, if your failure domain is disk,
the cluster can survive a loss of a hard disk (HDD)
And what is most important,
the data that was previously stored on that hard disk will also be preserved.
Another example, if our failure domain is set to host.
The cluster can survive a loss of a node and still the data will be.
The more node you have in your cluster,
the more reliable failure domains become available.
Failure domain is configured during the setup of a storage service.
===
Click to proceed,
The idea behind failure domains is to define a scope (for example, a disk, a host or a
rack) which can fail, while its data will still be available.
If we choose the disk failure domain, the cluster data will tolerate a failure of a disk:
the remaining disks will provide for the data availability.
73
If we choose the host failure domain, the loss of an entire node would not result in
the loss of data availability
The more nodes you have – the more reliable and redundant you can configure your
storage cluster
The maximum number of disks (nodes/racks/etc.) that can be lost without actually
loosing useful data, can be chosen while configuring a particular storage service
73
Failure Domains (Continue)
Defines how tolerant your cluster is to failures
• Redundancy means that the data is stored

across different storage disks (or nodes) and
stays highly available even if some nodes fail.
Reliability level
• Storage cluster has a built-in data self-healing
mechanism. When a failed disk (or node) is
replaced by a healthy one, ACI will start the
process of retrieving the lost data.
• The following failure domains are available:
 Disk
 Host (node)
 Rack
 Row
 Room
#CyberFit Academy
Failure domain defines the way how the data will be distributed across ACI nodes.
ACI provides five different failure domains that are:
disk, host, rack, row, and room.
Failure domain guarantees that the data stays highly available and
is not lost in case of a hardware outage.
It is necessary to remember what the failure domain is.
For instance, if our failure domain is set to disk,
we can lose the disk and still the data will remain intact.
However, if the failure domain is set to disk while we actually lose one of ACI nodes,
that will be causing data loss due to failure domain breach.
Acronis Cyber Infrastructure also introduces the self‐healing mechanism.
That means that if the failure domain was not breached,
say you had a failure domain set to host and
you lost a single node of your cluster later on.
You can replace the node with the new wall and
the data that was previously stored on that node that
went down will be automatically repaired.
74
Data Distribution Models
#CyberFit Academy
In this module,
We will be covering Acronis Cyber Infrastructure Data Distribution Models
75
Data Redundancy
Key Knowledge
Acronis Cyber Infrastructure protects every piece of data by making it redundant

Copies of each piece of data are stored across different storage nodes – ensure data is available even if some
storage nodes are inaccessible
Automatically maintains a required number of copies within cluster and ensures all copies are up to date.
• If a storage node becomes inaccessible, copies from it are replaced by new ones that are distributed
among healthy storage nodes
• If a storage node becomes accessible again after downtime, the out-of-date copies on it are updated
Redundancy is achieved by methods:
• Replication
• Erasure Coding
Chosen method affects size of one piece of data and number of its copies maintained in the cluster
Replication offers better performance, while erasure coding leaves more storage space available for data
#CyberFit Academy
Acronis Cyber Infrastructure protects every piece of data by making it redundant.

It means that copies of each piece of data are stored across different storage nodes,
to ensure that the data is available even if some of the storage nodes are
inaccessible.
Acronis Cyber Infrastructure automatically maintains a required number of copies
within
the cluster and ensures that all the copies are up to date.
If a storage node becomes inaccessible,
copies from it are replaced by new ones that are distributed among healthy storage
nodes.
If a storage node becomes accessible again after downtime,
the out‐of‐date copies on it are updated.
The redundancy is achieved by one of two methods: replication or erasure coding.
The chosen method affects the size of one piece of data and
the number of its copies that will be maintained in the cluster.
In general, replication offers better performance,
while erasure coding leaves more storage space available for data
76
Data Distribution: Replication
• With replication, Acronis Cyber Infrastructure Replication
breaks incoming data into 256 MB pieces (data
chunks).
• Each chunk is replicated (copied) as many
times as is set in the storage policy. The replicas Data
are stored on different storage nodes if the
failure domain is host, so that each node has
only one replica of a given chunk.
• Used for Hot (high-performance) storage (e.g.
Block Storage, VMs virtual disks).
• Supported storage services: S3, Block storage,
NFS
CS (chunk server) disk
#CyberFit Academy
Acronis Cyber Infrastructure introduces two methods of

data distribution across the cluster disks and nodes.
The first method is called replication.
In replication, Acronis Cyber Infrastructure breaks the income in data into 256
Megabyte chunks.
Those chunks can be replicated across different storage nodes so that each node gets
just one replica.
Replication is used for the hot or high performance storage,
such as block storage or for store and virtual machine disks.
Replication is supported by the following ACI storage services, S3 block storage, and
NFS.
Take note that replication is not supported for backup storage.
.
77
Replication: Example #1
Failure domain: Disk

Redundancy: 3 replicas CS (chunk server)
256MB Additional disks
pieces replicas
Data
#CyberFit Academy
Now, let us review how replication works for different failure domains.
In the first example, you have an ACI cluster that consists of three nodes.
The failure domain would be disk,
and the redundancy scheme is to have three replicas.
So what happens when we try to put some data on ACI with a given configuration?
First of all, the income and data stream has been split into 256 megabyte pieces.
Once the data is split according to our redundancy scheme,
78
ACI automatically creates two more copies of every single data piece.
That is why the scheme is called three replicas.
We have three copies of every single data piece.
As soon as the replicas are created,

it is necessary to distribute databases across chunk server disks over the entire
cluster.
For example,
the databases can be distributed like this
or maybe like this,
or even probably like this.
As you can see,

every piece out of free replicas is being placed to a dedicated disk.
ACI will never put two or three replicas of the same kinds on a single Chunk Server
disk
because this puts the data in danger.
In other words on the picture, you will never find a CS disk that contains two squares
of the same color.
Alright, all the data is now on our ACI cluster.
Now, let us see how does the cluster ensure tolerance to the possible hardware
failures?
As you recall,
the clusters tolerance level to the hardware failures strongly depends on the failure
domain.
78
In this example, the failure domain is disk.
What it means for us is that ACI can survive a loss of several HDDs without affecting
the data's integrity.
But how many disks can we lose in case our redundancy scheme is three replicas?
If we have three copies of every data piece,

it means that as soon as we have at least one piece available,
still the data will remain intact.
So even if we lose two random HDDs, still the data will remain intact.
If it is not,
the redundancy scheme three replicas combined with
failure domain disk allow us to lose not more than two HDDs without
affecting the data stored on ACI.
However, disk failure domain does not protect us against a failure of entire node.
So, is there a way how to protect our data against an old failure?
Let us review this in the next example.
78
Replication: Example #2
Failure domain: Host

Redundancy: 3 replicas CS (chunk server)
256MB Additional disks
pieces replicas
Data
#CyberFit Academy
From the previous example,

disk failure domain could not protect us against a loss of entire node.
So the question is how to preserve the consistency of the data in case an entire node
goes down?
The answer is to use more reliable failure domain.
For example, host failure domain.
In this example,
we have the very same ACI cluster that consists of three node
However, the failure domain is now host.
and three replicas redundancy scheme.
79
Let us see what happens when some data is written to ACI with such configuration.
First, the incoming data stream has been split into 256 megabyte data pieces.
Then according to three replicas redundancy scheme,

two more copies of every single data piece are automatically generated by ACI.
As soon as the replicas are created,

it is time to distribute the databases across ACI chunk server disks.
However, as you can see,

this time every node receives just one copy of every single database.
As you can see,

this way our data becomes protected against a possible loss,
not only of a single node,
but even two nodes.
So if we sum up three replicas redundancy scheme

combined with host failure domain allows us to lose two nodes out of three without
affecting the data's integrity and consistency.
So in the two examples that we have reviewed,

disk failure domain allowed us to survive a loss of two HDDs without
effecting the data's integrity,
whereas the host failure domain allowed us to survive a loss of two nodes.
79
Data Distribution: Erasure Coding
Erasure coding 5+2
• Incoming data stream is split into fragments of a certain
size. Each fragment is not copied itself; instead, a certain M = 5, N = 2
number (M) of such fragments are grouped and a
certain number (N) of parity pieces are created for
redundancy
• All pieces distributed among M+N storage disk Data
(nodes/rows/rack/rooms) selected from all available
disks. Data can survive the failure of any N storage disks
(nodes/rows/etc.) without data loss
• Values of M and N are indicated in the names of erasure
coding redundancy modes. For example, in the 5+2
mode, the incoming data is split into 5 fragments, and 2
more parity pieces (same size) are added for
redundancy
• Used for Cold (moderate-performance) storage
(backups, NFS)
• Supported storage services: Backup Storage (ABGW),
S3, Block storage, NFS
CS (chunk server) disks
#CyberFit Academy
The second data distribution method is called Erasure Coding.
The Erasure Coding in common data stream is split into fragments of a certain size.
Then each fragment is not copy itself like in replication.
Instead, a certain number of such fragments are grouped and

a certain number of parity pieces are created for the purpose of redundancy.
The number of chunks the data will be split and

the number of parity chunks is defined by the erasure coding scheme.
All data chunks,

including the parity chunks are being distributed across the CS disks
across different nodes according to the failure domain.
There are several erasure coding schemes and

they are available based on the failure domain.
80
Each erasure coding scheme is represented by two values, M plus N.
For instance, five plus two scheme.
It means that the data will be divided into five chunks,

plus it'll also get two more parity chunks added,
making it seven chunks in total.
Then those seven chunks will be distributed across

different chunk server disks across
the entire ACI cluster.
Parity chunks are useful in case of hardware outage that might occur.
Using the purity chunks ACI is capable of restoring the lost data chunks.
In every erasure scheme,

the value after the plus sign indicates how many disks, hosts, racks, rooms, or rows
we can lose without actually losing the data.
A short example,
consider an ACI cluster that has failure domains set to disk and
erasure coding scheme three plus two.
In order to have three plus two erasure coding scheme available,

your ACI cluster need to have not less than five chunk server disks.
If you're not sure from where the value five come from,
just look at the scheme itself.
Three plus two, it'll be equal to five.
So the minimum number for our three plus two erasure coding scheme would be five
disks,
but the maximum number is not limited,
so that can be 10, 20, 50, and so on.
Erasure coding is more suitable for storing cold data such as

backups or data on an NFS share.
ACI storage services that support erasure coding are

backup storage, S3, block storage, and NFS.
80
===
With erasure coding (or just encoding), the incoming data stream is split into
fragments of a certain size. Then, each fragment is not copied itself; instead, a certain
number (M) of such fragments are grouped and a certain number (N) of parity pieces
are created for redundancy.
All pieces are distributed among M+N storage disk (nodes/rows/rack/rooms) selected
from all available disks). The data can survive the failure of any N storage disks
(nodes/rows/etc.) without data loss.
The values of M and N are indicated in the names of erasure coding redundancy
modes. For example, in the 5+2 mode, the incoming data is split into 5 fragments,
and 2 more parity pieces (same size) are added for redundancy
Used for Cold (moderate‐performance) storage (backups, NFS).
Supported storage services: Backup Storage (ABGW), S3, Block storage, NFS
80
Erasure Coding: Example #1
Failure domain: Disk

Redundancy: 3 + 2 CS (chunk server)
256MB Data Parity disks
pieces chunks chunks
Data
#CyberFit Academy
Now, let us review a couple of examples how erasure coding redundancy works.
The setup is as follows.
There is an ACI cluster that consists of two nodes.
The failure domain is disk and the redundancy scheme is erasure coding three
plus two.
When erasure coding is used,

whenever some data is being written to ACI cluster
first, the data has been split into 256 megabyte pieces.
81
<Click>
Then those big pieces are divided into a bunch of a smaller ones,
up to one megabyte in size.
We call those small pieces chunks.
<Click>
As soon as the spliting is done,
each group of data chunks automatically receives the so called parity chunks.
30 chunks are generated by ACI itself and

they're used for the purpose of restoring data
in case some data chunks are lost.
<Click>
The number of data chunks in group and
the number of parity chunks that will be automatically added
depends on the erasure coding scheme that is chosen.
In this example, the array recording is three plus two,

meaning that for every three data chunks,
two more parity chunks will be generated.
Once the data is split and the parity chunks are generated,
it is time to place the data on ACI's disks.
<Click>
<Click>
In this example, the failure domains disk,
that would mean that from every group of five chunks,
every ACI's disk would receive not more than just a single chunk.
Alright, now our data resides on ACI and let's discuss the redundancy aspect of this
configuration.
The failure domain in this example is disk,

meaning that we can lose the certain number of disks without affecting the data's
consistency.
So what's the total number of disk that we can afford losing?
81
It's very easy to answer this question
for any kind of a erasure coding scheme because
the answer for this question always comes after the plus value in the scheme's name.
In this example, the failure domain is disk and the scheme is three plus two.
The value that comes after plus sign is two and

that means that we can lose two disks without affecting the data's integrity.
Unfortunately, the disk failure domain does not protect us against a loss of entire
node.
As you can see,

the loss of a single node results into loss of three pieces out of five and
that is something that ACI is not capable of surviving with given configuration.
81
Erasure Coding: Example #2
Failure domain: Host

Redundancy: 3 + 1 CS (chunk server)
256MB Data Parity disks
pieces chunks chunks
Data
#CyberFit Academy
Let us review another example of erasure coding.
This time the cluster will consist of four nodes.
The failure domain would be host.
And the erausre coding scheme would be three plus one.
When some data is written to ACI, earsure

coding behaves the following way.
First when common data stream is split into 256 megabyte pieces.
82
Then every piece has been split into numerous one megabyte chunks.
Then according to the erasure coding scheme,

each group of data chunks should get the automatically generated parity chunks,
which purpose is an additional redundancy of data.
The redundancy scheme is erasure coding three plus one.
That means that for every three data chunks,

ACI will automatically generate one parity chunk.
So the three plus one scheme means three data chunks plus one parity chunk.
As soon as the data is split into chunks and the parity chunks are generated,
it is time to distribute them across ACI clusters chunk server disks.
In this example,
the failure domain is host and the erasure coding scheme is three plus one.
The value after the plus sign always indicates the total number of units that you can
lose.
In this case, the total number of hosts.
So in three plus one scheme,

you are a liable of losing one node without affecting the data's integrity.
Keeping that in mind, you now understand that the data chunks
should be distributed across the cluster in that way.
So that a loss of a single node would not result in the data outage.
This can be achieved if every node contains just a single chunk out of four.
So if we will lose one of ACI node and thus one of the data chunk.
Still there will be three more nodes left with three other data chunks,
and that would be absolutely sufficient for rebuilding the data.
82
Redundancy Modes
The following table illustrates data overhead of various redundancy modes
Redundancy mode Nodes required to How many nodes can fail Storage overhead, percent Raw space needed to
store data copies without data loss store 100 GB of data
1 replica (no redundancy) 1 0 0 100 GB
2 replicas 2 1 100 200 GB
3 replicas 3 2 200 300 GB
Encoding 1+0 (no redundancy) 1 0 0 100 GB
Encoding 1+1 2 1 100 200 GB
Encoding 1+2 3 2 200 300 GB
Encoding 3+1 4 1 33 133 GB
Encoding 3+2 5 2 67 167 GB
Encoding 5+2 7 2 40 140 GB
Encoding 7+2 9 2 29 129 GB
Encoding 17+3 20 3 18 118 GB
#CyberFit Academy
The following table illustrates data overhead of various redundancy modes
===
Acronis Cyber Infrastructure supports a number of modes for each redundancy

method. Only predefined redundancy modes are available in the admin panel. The
following table illustrates data overhead of various redundancy modes. The first three
lines are replication and the rest are erasure coding.
The numbers of nodes listed in the table indicate only the requirements of each
redundancy method but not the number of nodes needed for the Acronis Cyber
Infrastructure cluster. The minimum and recommended cluster configurations are
described in Quantity of servers.
Note: The 1+0, 1+1, 1+2, and 3+1 encoding modes are meant for small clusters that
have insufficient nodes for other erasure coding modes but will grow in the future. As
a redundancy type cannot be changed once chosen (from replication to erasure
coding or vice versa), this mode allows you to choose erasure coding even if your
cluster is smaller than recommended. Once the cluster has grown, more beneficial
83
redundancy modes can be chosen.
You select a data redundancy mode when configuring storage services and creating
storage volumes for virtual machines. No matter what redundancy mode you select,
it is highly recommended to be protected against a simultaneous failure of two
nodes, as that happens often in real‐life scenarios.
By default, all encoding modes, except 1+0, allow write operations when one storage
node or disk is inaccessible. When redundancy is 1, that is with the N+1 encoding
mode, and two inaccessible storage nodes, the data may become unavailable even
for reading and there is a high risk of data loss. Therefore, it is strongly recommended
to use the encoding modes N+2 or N+3.
83
Disk Roles and Storage Tiers
#CyberFit Academy
In this module,
We will be covering Acronis Cyber Infrastructure Disk Roles and Storage Tiers
84
Disk Roles
Each cluster’s disk should have a role assigned, different roles server different purposes
Chunk Server (CS) MDS Cache System
Storage Role Metadata Role Cache Role OS Disk
• Used for storing data • Contains an index of all • Increases chunks • The operating system of
• Data chunks are data stored on ACI read/write ACI. Each ACI node has
distributed based on cluster performance by a system disk
failure domain across • Tracks data chunks, creating write caches • This role is assigned to a
available chunks their versions and on selected disks disk during ACI’s
server, according to status • Designed to be used installation and cannot
their capacity and • Is highly available on solid-state drives be changed later
performance (minimum (SSDs) • May be additionally
recommended • Can be combined with assigned with Metadata
number of MDS disks MDS role on a single role
is 3) SSD
#CyberFit Academy
ACI is supposed to be installed on every server that

you want to include in ACI cluster.
During the process of installation of ACI on a particular node,
each disk of that node will automatically receive a respective disk role.
Let's review the disk roles that are available in ACI.
First, disk role is called Chunk Server or shortly CS role.
Chunk Server is assigned to those disks that will be used for storing data.
In general, the number of CS disks is largest compared to all the other disk roles.
Next role is metadata role or shortly MDS.
MDS is a library or an index of all the data that is stored on ACI.
MDS is responsible for tracking data chunks, their statuses and versions.
It is recommended that the ACI cluster contains not less than three MDS disks.
Next, disk role is a cache role.
This role is optional and it is designed specifically for SSD disks.
The purpose of a cache disk is to increase data chunks read and write performance by
creating write caches.
Cache role can be assigned to the very same disk that has MDS role.
And the last role is the OS disk or the disk that contains operating system of ACI.
Every ACI node would have the OS disk that's mandatory.
85
And this disk has been chosen at the point when you are configuring ACI installation.
You cannot change the OS disk afterwards.
The system disk can also be combined with the MDS role.
85
Storage Tiers
Key Knowledge
Tiers are disk groups that allow you to organize

storage workloads based on your criteria
For example,
→ You can use tiers to separate workloads
produced by different tenants
→ You can have a tier of fast SSDs for service
or virtual environment workloads and a tier
of high-capacity HDDs for backup storage
There are four(4) different tiers available:
• Tier 0
• Tier 1
• Tier 2
• Tier 3
#CyberFit Academy
In Acronis Cyber Infrastructure terminology,

tiers are disk groups that allow you to organize storage workloads based on your
criteria.
For example, you can use tiers to separate workloads produced by different tenants.
Or you can have a tier of fast SSDs for service or
virtual environment workloads and
a tier of high‐capacity HDDs for backup storage.
86
Storage Tiers (Continue)
Key Knowledge
When assigning disks to tiers, have in mind that faster storage drives should be assigned to higher tiers
→ tier 0 for backups and other cold data (CS without SSD cache);
→ tier 1 for virtual environments — a lot of cold data but fast random writes (CS with SSD cache)
→ tier 2 for hot data (CS on SSD), caches, specific disks, and such
This recommendation is related to how ACI works with storage space in the inter-tier data allocation mode
(disabled by default)
Automatic data migration between tiers works in the inter-tier data allocation mode
If a storage tier runs out of free space, ACI will attempt to temporarily use the space of the lower tiers down to
the lowest
#CyberFit Academy
When assigning disks to tiers (which you can do at any time),

have in mind that faster storage drives should be assigned to higher tiers.
For example, you can use tier 0 for backups and other cold data (CS without SSD
cache);
tier 1 for virtual environments—
a lot of cold data but fast random writes (CS with SSD cache);
and tier 2 for hot data (CS on SSD), caches, specific disks, and such.
This recommendation is related to how Acronis Cyber Infrastructure works with

storage space in the inter‐tier data allocation mode.
If a storage tier runs out of free space,

Acronis Cyber Infrastructure will attempt to temporarily use the space of the lower
tiers down to the lowest.
If the lowest tier also becomes full,

Acronis Cyber Infrastructure will attempt to use a higher one.
87
If you add more storage to the original tier later,
the data, temporarily stored elsewhere,
will be moved to the tier where it should have been stored originally.
For example, if you try to write data to tier 2 and it is full,

Acronis Cyber Infrastructure will attempt to write that data to tier 1,
then to tier 0.
If you add more storage to tier 2 later,

the aforementioned data, now stored on the tier 1 or 0,
will be moved back to tier 2,
where it was meant to be stored originally.
87
Storage Policies
Key Knowledge
Storage policy is defining how redundant a volume must be and where it needs to be located
Main components:
→ Tiers
→ Failure domains
→ Redundancy
Example: 3 nodes with number of storage nodes: Fast SSDs and high-capacity HDDs. Node 1 has only SSDs.
Nodes 2 and 3 have both SSDs and HDDs. Want to export storage space via iSCSI and S3, so need to define a
suitable storage policy for each workload
#CyberFit Academy
In Acronis Cyber Infrastructure,

the common unit of data is a volume.
When you create a volume,
you need to define its redundancy mode, tier, and failure domain.
These parameters make up a storage policy defining
how redundant a volume must be and where it needs to be located.
To better understand a storage policy,
let’s have a look at its main components (tiers, failure domains, and redundancy), for
a sample scenario.
For example, you have three nodes with a number of storage nodes:
fast SSDs and high‐capacity HDDs.
Node 1 has only SSDs; nodes 2 and 3 have both SSDs and HDDs.
You want to export storage space via iSCSI and S3,
so you need to define a suitable storage policy for each workload.
88
Storage Policies (Continue)
#CyberFit Academy
The first parameter, tier,

defines a group of disks united by criteria (drive type, as a rule) tailored to a specific
storage workload.
For this sample scenario,

you can group your SSD drives into tier 2, and HDD drives into tier 3.
You can assign a disk to a tier when creating a storage cluster or adding nodes to it.
Note that only nodes 2 and 3 have HDDs and will be used for tier 3.
The first node’s SSDs cannot be used for tier 3.
The second parameter, failure domain,

defines a scope within which a set of storage services can fail in a correlated manner.
The default failure domain is host.
Each data chunk is copied to different storage nodes,
89
just one copy per node.
If a node fails, the data is still accessible from the healthy nodes.
A disk can also be a failure domain,

though it is only relevant for one‐node clusters.
As you have three nodes in this scenario,

we recommend choosing the host failure domain.
The third parameter, redundancy,

should be configured to fit the available disks and tiers.
In our example, you have three nodes:

all of them have SSDs on tier 2.
So, if you select tier 2 in your storage policy,

you can use the three nodes for 1, 2, or 3 replicas.
But only two of your nodes have HDDs on tier 3.
So, if you select tier 3 in your storage policy,

you can only store 1 or 2 replicas on the two nodes.
In both cases, you can also use encoding,

but in this scenario, let’s stick to replication:
3 replicas for SSDs and 2 replicas for HDDs.
89
Section Summary
ACI storage cluster space can be used for - iSCSI

1 block storage, S3 object storage, File storage, and
Backup storage
Failure domains is used to define a scope which can
2 fail, while its data will still be available
ACI data redundancy is achieved by either one of

3 two(2) methods - Replication or Erasure Coding
#CyberFit Academy
ACI storage cluster space can be used for –

iSCSI block storage, S3 object storage, File storage, and Backup storage
Failure domains is used to define a scope (for example, a rack) which can fail,
while its data will still be available
ACI data redundancy is achieved by either one of two(2) methods, which are
Replication or Erasure Coding
90
Section Summary
There are four(4) disk roles available - Chunk Server,

4 MDS, Cache, and System
Storage Tiers are disk groups that allow you to

5 organize storage workloads based on your criteria
#CyberFit Academy
There are four(4) disk roles available, which are

Chunk Server, MDS, Cache, and System
Storage Tiers are disk groups that

allow you to organize storage workloads based on your criteria
91
Network Concept
#CyberFit Academy
In this module,
We will be covering Acronis Cyber Infrastructure Networking Concept
92
Understanding Traffic Types
#CyberFit Academy
Let us start by understanding the available traffic types in ACI
93
Traffic Types
Key Knowledge
To optimize networking
Assign different types of traffic to separate networks
• Firewall is configured on nodes connected to this network
• Specific ports are opened on node network interfaces
• Necessary iptables rules are set
For example,
→ nodes connected to a network with only the S3 public traffic type will accept incoming connections
only on ports 80 and 443
Three Traffic types
Exclusive
Traffic
Regular Types
Custom
#CyberFit Academy
To optimize networking in Acronis Cyber Infrastructure,

you can assign different types of traffic to separate networks.
Assigning a traffic type to a network means that

a firewall is configured on nodes connected to this network,
specific ports are opened on node network interfaces, and
the necessary iptables rules are set.
For example,
nodes connected to a network with only
the S3 public traffic type will accept incoming connections only
on ports 80 and 443.
94
Exclusive Traffic Types
Can be added only to ONE network
Exclusive traffic types
Can only be reassigned from ONE network to
ANOTHER and only ONE at a time 1. Internal management
Reassignment can be performed even if the 2. Storage
related services are already deployed
3. OSTOR private
For example,
→ If the initial network configuration is wrong but 4. Backup (ABGW) private
the storage cluster is already populated with
data and running critical services; 5. VM private
→ Or after adding a network card, which requires 6. Compute API
changing network settings, adding a new
network, and assigning traffic types to it 7. VM backups
#CyberFit Academy
Exclusivity means that such a traffic type can be added only to one network.
Exclusive traffic types can only be reassigned from

one network to another and only one at a time.
Reassignment can be performed even if the related services are already deployed.
This can be useful, for example,

if the initial network configuration is wrong but the storage cluster is already
populated with
data and running critical services;
or after adding a network card,
which requires changing network settings,
adding a new network, and assigning traffic types to it.
There are 7 exclusive traffic types,

Which are:
Internal management
Storage
95
OSTOR private
Backup (ABGW) private
VM private
Compute API, and
VM backups
===
Internal management
Internal cluster management and transfers of node monitoring data to the admin
panel.
Without this traffic type,
the administrator cannot control and monitor the cluster.
The cluster, however, continues working.
Uses any available port.
Storage
Internal transfers of data chunks, high availability service heartbeats, as well as data
self‐healing. This is the most critical traffic type that defines storage performance and
enables cluster high availability. Uses any available port.
OSTOR private
Internal data exchange between multiple S3/NFS services.
Internal management of and data exchange between multiple backup storage
services.
VM private
Network traffic between VMs in private virtual networks and VNC console traffic.
Virtual networks are implemented as VXLAN,
overlay networking fully isolated on L2.
Opens UDP port 4789 and TCP ports from 15900 to 16900.
Compute API
External access to standard OpenStack API endpoints.
Opens the following ports:
• TCP 5000—Identity API v3
• TCP 6080—noVNC Websocket Proxy
• TCP 8004—Orchestration Service API v1
• TCP 8041—Gnocchi API (billing metering service)
• TCP 8774—Compute API
• TCP 8776—Block Storage API v3
• TCP 8780—Placement API
• TCP 9292—Image Service API v2
• TCP 9313—Key Manager API v1
95
• TCP 9513—Container Infrastructure Management API (Kubernetes service)
• TCP 9696—Networking API v2
• TCP 9888—Octavia API v2 (load balancer service)
VM backups
External access to NBD endpoints.
Third‐party backup management systems can pull VM backups by using this traffic
type.
To be able to access backup agents installed in virtual machines,
assign this traffic type along with VM public.
Opens TCP ports from 49300 to 65535.
95
Regular Traffic Types
Regular traffic types traffic
types can be added to Regular Traffic Types
multiple networks 1. S3 public
You can add a regular traffic 2. iSCSI
type to multiple networks or
3. NFS
remove it from any network
4. Backup (ABGW) public
5. Admin panel
6. VM public
7. SSH
8. SNMP
9. Self-service panel
#CyberFit Academy
Regular traffic types traffic types can be added to multiple networks.

You can add a regular traffic type to multiple networks or remove it from any
network.
There are 9 regular traffic types,
Which are
S3 public
iSCSI
NFS
Backup (ABGW) public
Admin panel
VM public
SSH
SNMP
Self‐service panel
===
S3 public
External data exchange with the S3 access point. Uses TCP ports 80 and 443.
iSCSI
External data exchange with the iSCSI access point. Uses TCP port 3260.
96
NFS
External data exchange with the NFS access point. Uses TCP/UDP ports 111, 892, and
2049.
Backup (ABGW) public
External data exchange with Acronis Cyber Protect agents and Acronis Cyber Protect
Cloud.
Uses TCP ports 40440 and 44445.
Admin panel
External access to the admin panel. Uses TCP port 8888.
VM public
External data exchange between VMs and public networks (for example, the
Internet).
When a node network interface is assigned to a network with this traffic type,
an Open vSwitch bridge is created on that network interface.
SSH
Remote access to nodes via SSH. Uses TCP port 22.
SNMP
External access to storage cluster monitoring statistics via the SNMP protocol.
Opens UDP port 161.
Self‐service panel
External access to the self‐service panel. Opens TCP port 8800.
Internal management
Internal cluster management and transfers of node monitoring data to the admin
panel.
Without this traffic type, the administrator cannot control and monitor the cluster.
The cluster, however, continues working.
Storage
Internal transfers of data chunks, high availability service heartbeats, as well as data
self‐healing.
This is the most critical traffic type that defines storage performance and enables
cluster high availability.
OSTOR private
Internal data exchange between multiple S3/NFS services.
Internal management of and data exchange between multiple backup storage
services.
VM private
Network traffic between VMs in private virtual networks and VNC console traffic.
96
Virtual networks are implemented as VXLAN, overlay networking fully isolated on L2.
Opens UDP port 4789 and TCP ports from 15900 to 16900.
Compute API
External access to standard OpenStack API endpoints. Opens the following ports:
• TCP 5000—Identity API v3
• TCP 6080—noVNC Websocket Proxy
• TCP 8004—Orchestration Service API v1
• TCP 8041—Gnocchi API (billing metering service)
• TCP 8774—Compute API
• TCP 8776—Block Storage API v3
• TCP 8780—Placement API
• TCP 9292—Image Service API v2
• TCP 9313—Key Manager API v1
• TCP 9513—Container Infrastructure Management API (Kubernetes service)
• TCP 9696—Networking API v2
• TCP 9888—Octavia API v2 (load balancer service)
VM backups
External access to NBD endpoints.
Third‐party backup management systems can pull VM backups by using this traffic
type.
To be able to access backup agents installed in virtual machines, assign this traffic
type along with VM public.
Opens TCP ports from 49300 to 65535.
96
Custom Traffic Types
Custom traffic types are created
by system administrators to open
required TCP ports
You can create custom traffic
types, add them to multiple
networks, edit, and delete
#CyberFit Academy
Custom traffic types are created by system administrators to open required TCP ports.
You can create custom traffic types, add them to multiple networks, edit, and delete.
97
Inbound Firewall Rules
To prevent access from untrusted sources to the cluster,
configure inbound firewall rules on your nodes
To enable traffic filtering, configure allow and deny lists for a
network or a traffic type
By default, the lists are empty and all incoming traffic is
allowed
Can create access rules in them to configure access for
incoming traffic
Access rules in the allow list have higher priority than those in
the deny list
If have access rules for both networks and traffic types,
access lists configured for traffic types will have higher
priority than those of networks
Limitations: If create allow rules but leave the deny list empty,
all incoming traffic will still be allowed
#CyberFit Academy
To prevent access from untrusted sources to the cluster,

you can configure inbound firewall rules on your nodes.
To enable traffic filtering, you need to configure allow and
deny lists for a network or a traffic type.
By default, the lists are empty and all incoming traffic is allowed.
You can create access rules in them to configure access for incoming traffic.
Access rules in the allow list have higher priority than those in the deny list.
If you have access rules for both networks and traffic types,
access lists configured for traffic types will have higher priority than those of
networks.
Take note of the limitations here,
If you create allow rules but leave the deny list empty,
all incoming traffic will still be allowed.
98
Outbound Firewall Rules
Key Knowledge
To control outbound traffic from cluster nodes, configure outbound firewall rules for public networks by using
the vinfra tool
By default, ports used by system services are opened, to ensure non-disruptive cluster operation
Outbound traffic is always allowed in the subnet dedicated to internal communication between cluster nodes
As private network is not publicly exposed and does not communicate with any external endpoints, do not
need to restrict outbound traffic for it
A network is recognized as private if it is assigned any of these traffic types:
→ OSTOR private
→ Backup (ABGW) private
→ Internal management
→ Storage
#CyberFit Academy
To control outbound traffic from your cluster nodes,

you can configure outbound firewall rules for public networks by
using the vinfra tool.
By default, ports used by system services are opened,
to ensure non‐disruptive cluster operation.
Additionally, outbound traffic is always
allowed in the subnet dedicated to internal communication between cluster nodes.
As a private network is not publicly exposed and
does not communicate with any external endpoints,
you do not need to restrict outbound traffic for it.
A network is recognized as private if it is assigned any of these traffic types:
• OSTOR private
• Backup (ABGW) private
• Internal management
• Storage
99
Private and Public Networks
#CyberFit Academy
In this module,
We will be covering Acronis Cyber Infrastructure Private and Public Networks
100
Network Types
There are two networks created by default
• Private network for internal cluster communications
• Public network for accessing cluster from external
network
Each traffic type defines firewall rules (open
ports) and will be used for service configuration
For example:
→ “ABGW private” traffic types will configure
Backup Storage service to use specified
network for communication between nodes
included in Backup Storage
→ “ABGW” public traffic type will define from
what networks Backup Storage will receive
backups
→ Setting network configuration right form the
beginning is a good practice
#CyberFit Academy
There are two networks (Private and Public) created by default

Private network for internal cluster communications
Public network for accessing cluster from external network
Each traffic type defines firewall rules (open ports) and will be used for
service configuration
For example:
“ABGW private” traffic types will configure Backup Storage service to
use specified network for communication between nodes included in
Backup Storage
“ABGW” public traffic type will define from what networks Backup
Storage will receive backups
Setting network configuration right form the beginning is a good practice
101
Storage services and Networks
Storage Services High Availability Networks Ports
Acronis Backup Storage Yes Public, Internal 443, 8443, 44445

Multiple storage services can be set up on
the cluster to export Acronis Cyber Block Storage Yes Private, Internal 3260
Infrastructure’s data S3 Object Storage Yes Public, Internal 443, 80
Data that is available with one storage NFS Storage Yes Private, Internal 111, 2049
services will not be visible from other
storage services Local server S3 client
Data from different storage services will be

stored across all available chunk servers on
the cluster in accordance with Storage Local network Public network
Policy configured
For this reason, each server with a storage System
iSCSI
S3
Access
Acronis
Backup
target
service must be equipped with at least Point Gateway Cyber
Protection
two(2) network cards facing respective Agent
MDS MDS Acronis

networks: external and internal MDS MDS
Cyber
Cloud
Network time synchronization is required
CS CS CS CS
Private network
#CyberFit Academy
The data which is placed on ACI cluster is split into data chunks.
Those chunks are distributed across all the disks with chunks server roles and
over all the nodes that have chunks server disks respectively.
When the data is just being sent to ACI,
it is coming from the public network.
But once it is already split into data chunks,
the chunks are distributed across chunk server disks over
the internal or private network.
Chunk server disks can contain data that belongs to different storage services.
So that means that a single physical disk can contain both
data chunks that belong to backup storage and
data chunks that belong to S3 storage.
However, the backup storage service will only be
capable of accessing the chunks that
belong to backup storage
And respectively the S3 storage service will only be able to access those chunks that
belong to S3.
So in other words,
we can say that every storage service has exclusive access to its own data.
102
The diagram here shows how storage services and networks are interconnected
together.
The table here shows a summary of storage services and their ports.
For the complete list of network ports,
do refer to the documentation.
link here.
https://dl.acronis.com/u/software‐
defined/html/AcronisCyberInfrastructure_5_3_admins_guide_en‐US/#network‐
ports.html
102
Section Summary

1 you can assign different types of traffic to separate
networks
There are three(3) traffic types - Exclusive, Regular, and

2 Custom
Network type defines firewall rules (open ports) and will be

3 used for service configuration
There are two(2) default network types - Private and Public

4
#CyberFit Academy

you can assign different types of traffic to separate networks
There are three(3) traffic types, which are

Exclusive, Regular, and Custom
Network type defines firewall rules (open ports) and

will be used for service configuration
There are two(2) default network types, which are

Private and Public
103
Thank you for watching!
#CyberFit Academy
Well thank you for taking this course and

we look forward to having you in the next course!
.
105

Acronis #CyberFit Cloud Tech Associate Cyber Infrastructure 2023 Handout

Uploaded by

Document Information

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Acronis #CyberFit Cloud Tech Associate Cyber Infrastructure 2023 Handout

Uploaded by

Copyright:

Available Formats

#CyberFit Academy

Cyber Protect Cloud

Hi, welcome to the Acronis #CyberFit Academy on demand e‐learning series!

Please allow me to introduce myself.

• Understand ACI capabilities and software-

For our learning objectives,

We have a bunch of course modules here.

Followed by ACI technology fundamentals on

In this section, I will be sharing with you a case study of

Started with one office

Now has 6 branches across the country

Selling Acronis Cyber Protect Cloud with

Meet Joseph an MSP business owner.

Their primary business is into system integration for SMBs

Data Storage Requirement

• Customers data storage keeps on growing

As day goes by, their customers’ data storage utilization grows

Joseph is looking for a more affordable solution

Need the Perfect Storage Solution

Most hyperconverged infrastructure appliances out there requires vender specific

Plus this would require a high capital expenditure

It targets mainly enterprises for virtual desktop infrastructure and datacenter

Acronis Cyber Infrastructure

One of the pain points for MSPs is their ever-

HCI appliances are very costly and requires vendor

By adopting Acronis Cyber Infrastructure, MSPs can

Okay now to quickly recap what we have learnt in this module.

There are 6 modules that we will be covering in this section.

Sync and Share

 Hyper-convergence Acronis Cyber Protection services

 Easy-to-use Acronis Cyber Platform

Acronis Cyber Infrastructure is a new generation hyperconverged infrastructure that

• Installed on bare-metal servers or

Acronis Cyber Infrastructure is a linux based operating system with

Acronis Cyber Infrastructure is also a storage system designed to store data

So what kind of data is supported?

Acronis Cyber Infrastructure is also a virtualization platform.

It includes a built in hypervisor service

Virtualization building and management approach is based on open source

As you can see here on this slide,

Acronis Cyber Infrastructure Storage Cluster combines

This cluster may consist of any number of nodes

Acronis Cyber Infrastructure is a multi-tenant, hyper-

Okay now to quickly recap what we have learnt in this module.

Acronis Cyber Infrastructure is a multi tenant, hyper converged infrastructure solution

It helps to reduce total cost of ownership and

Acronis Cyber Infrastructure has been optimized to work with

Before we continue further with the course,

This will help you understand the structure of our training.

It provides cybersecurity, backup, disaster recovery management, and

It supports a full line of physical, virtual, and cloud workloads to

This system is designed specifically for

The Acronis Infrastructure

Acronis is the only company in the world that

Acronis Storage Compute Network

And it is important to note that this entire multi‐tier,

250+ petabytes 5,000,000

This is the heart to all Acronis Cyber Protect Cloud’s operation.

To ensure compliance and having a local presence,

First is backup storage,

Second is infrastructure for disaster recovery cloud

Lastly is storage for Acronis Cyber Files Cloud

Acronis has been using Acronis Cyber Infrastructure

2 It stores 250+ PB of backed-up data from more than