Air Gaps

Oct 07, 2020

Are air gaps part of your disaster recovery strategy? Remember the 321 backup strategy? How about a 3211 backup strategy? That extra 1 is an air gap, and it’s possibly your last line of defence. Like when things have really gone south on you.

The air gap concept is simple; if your data is not accessible, then it can’t be compromised. In information technology terms, this is typically implemented as a duplicate of your production data on secondary storage that is offline and not connected to any network. This extra data copy is protected from attack and corruption as long as the air gap is maintained.

There are several forms of air gapping available to us:

Array-based air gap

This type of air-gap server includes purchasing two separate disk arrays and configuring replication between them. The replication process will be scheduled to run at a specific times and the network connection between both systems will only be open during that time frame.

Backup-based air gap

With this approach, your data is backed up and then replicated between a primary and secondary backup appliance. Like an array-based offering, the replication mechanism is opened and closed based on predefined schedules.

Object storage-based air gap

With this strategy, you rely on object storage replication to create the air gap. Like the others, the network connection between object storage may be opened and closed periodically to create the gap. However, some on-premises object storage systems and cloud offerings include a WORM option (write once read many) which can enforce retention and prevent data deletion/corruption, and this may be sufficient to remove the need to open and close the network connection. The benefit of this approach is the lower cost and massive scalability of object storage.

And, of course, the humble backup tape. Need I say more.

In summary, an air gap solution could be an important part of your DR strategy, as cyber- attacks become even more sophisticated over time. There are multiple ways to deliver an air gap solution of varying costs and complexity. Your more accessible online backups may provide faster restores and RTO, but an air gap should make a good last line of defence if all other options have failed.


Deano is part of vBridge's amazing infrastructure team, who are responsible for keeping the lights on, and making sure your IaaS experience is a happy and productive one.