Comparing Cohesity's Fort Knox and Cloud Archive

Sep 3, 2024

Cohesity Data Solutions: Fort Knox vs. Cloud Archive

Speakers

  • Mike Nelson: Principal Technologist, Technical Advocacy Team, Cohesity
  • Nikita Omkar: Senior Product Marketing Manager, Cohesity

Introduction

  • Discussion on two Cohesity solutions: Fort Knox and Cloud Archive.
  • Both solutions create an off-site copy of data with different purposes.

Architectural Overview

Cloud Archive

  • Utilizes DataProtect in the primary data center.
  • Creates a replica of data in the cloud (AWS, Azure, Google Cloud, or managed service providers).
  • Offers choice of storage tiers (hot, cold, cool) for cost efficiency.
  • Management and security are the customer’s responsibility.

Fort Knox

  • Managed as a service by Cohesity, exclusively in AWS.
  • Focused on security with features for immutable, secure copies against threats like ransomware.
  • Cohesity handles management and security.

Use Case Considerations

  • Cloud Archive: Best for compliance or long-term retention.
  • Fort Knox: Targets protection against ransomware and internal threats.

Security Features

Fort Knox

  • Multi-layered defense strategy: Goes beyond zero trust.
  • Virtual Air Gap: Secure, intermittent network connections.
  • Management Isolation: Utilizes Cohesity Managed Key Management System (KMS).
  • Tamper Resistance: Features immutability, WORM, encryption, AWS Object Lock.
  • Access Control: Includes MFA, RBAC, token-based authentication, and quorum for critical actions.

Cloud Archive

  • Similar security features available but require manual configuration by the customer.

Operational Aspects

  • Cloud Archive: Offers customer control but requires management of cloud storage and security.
  • Fort Knox: Simplifies data protection by outsourcing management to Cohesity.

Cost and Ease of Use

  • Cloud Archive: Customer responsible for cloud storage and egress costs.
  • Fort Knox: Storage and egress costs included in SaaS subscription.

Deployment Strategy

  • 3-2-1 Approach:
    • 3 copies of data: 1 primary, 1 in the cloud, 1 in Fort Knox.
    • Provides robust protection against data loss and security incidents.

Conclusion

  • No absolute right or wrong choice; depends on specific use cases.
  • Cohesity offers a flexible approach with Fort Knox and Cloud Archive.
  • Both solutions can be used independently or together for comprehensive data protection.

Full transcript