Everpure has announced the availability of Everpure Data Stream, a new platform component based on the NVIDIA AI Data Platform reference design. It brings AI processing closer to enterprise data while addressing common challenges related to data preparation, governance, and scalability. The release expands the company’s broader strategy of delivering AI-ready data infrastructure for enterprise environments.

As organizations move from AI experimentation to production deployments, many face obstacles related to ingesting and preparing enterprise data, enforcing security and governance policies, and scaling infrastructure to support growing AI workloads. Everpure says Data Stream reduces data preparation timelines from months to minutes while maintaining stream-level access controls that keep data within enterprise boundaries. Its scale-out architecture also allows storage and compute resources to scale independently as AI requirements evolve.

According to Everpure CTO Robert Lee, organizations building AI platforms require flexible architectures that can support both rapid deployment and long-term scaling. He noted that enterprises need secure, high-performance data pipelines that accelerate data processing and reduce time-to-results.

Connecting Data Readiness to Production AI

Everpure positions Data Stream as part of a broader end-to-end AI data platform focused on preparing enterprise information for AI use. The company argues that AI-ready data requires classification, contextualization, governance, security, and scalable access before it can be effectively used for training, inference, or agentic AI applications.

A key component of this strategy is Everpure Data Intelligence, formerly known as 1touch. The platform discovers, classifies, and contextualizes enterprise data across SaaS applications, cloud services, on-premises infrastructure, and mainframe environments. It maps relationships between datasets into a data relationship graph, creating a metadata layer accessible via APIs and the Model Context Protocol (MCP).

The platform also applies attribute-based access controls and governance policies, enabling enterprises to maintain security and compliance requirements as AI models and agents interact directly with business data.

GPU-Accelerated Data Processing

Data Stream is built on the NVIDIA AI Data Platform reference architecture and is designed to simplify the conversion of unstructured enterprise data into AI-ready information. Rather than relying on manual ingestion and data preparation processes, the platform uses a GPU-accelerated pipeline spanning data ingestion through inference.

The goal is to reduce operational complexity while improving the speed at which organizations can deploy AI services and generate actionable results.

NVIDIA Vice President of Storage Technology Jason Hardy said modern AI infrastructure requires architectures that connect secure, governed enterprise data with accelerated computing resources. He noted that Everpure’s integration with the NVIDIA AI Data Platform is intended to help organizations move AI initiatives from proof-of-concept stages into production deployments.

Everpure also disclosed ongoing work on next-generation AI-native storage technologies based on NVIDIA Vera and the NVIDIA BlueField-4 STX storage processor. The effort is focused on bringing acceleration, security, and intelligent data services closer to enterprise datasets as agentic AI deployments continue to expand.

Scaling AI Infrastructure

To address storage bottlenecks that can limit AI training and inference performance, Everpure highlighted FlashBlade as the storage foundation for Data Stream deployments. The platform delivers low-latency data access and incorporates KV Cache Accelerator technology to improve memory efficiency during inference workloads.

Everpure’s Evergreen architecture allows organizations to scale from FlashBlade//S systems to FlashBlade//EXA deployments without disruptive migrations, supporting growth from smaller AI projects to large-scale AI factory environments. Portworx provides the container platform layer for deploying and managing AI pipelines across edge, core, and data center environments.

By combining data intelligence, data streaming, storage, and container orchestration within a unified architecture, Everpure aims to reduce infrastructure fragmentation and eliminate the need for separate AI data silos.

The announcement aligns with findings from a recent IDC Global AI Readiness Survey commissioned by Everpure, which reported that 94% of IT leaders view data quality as the primary factor influencing AI success. Everpure positions its integrated approach as a way for enterprises to maintain flexibility while adapting to rapidly changing AI requirements.

The post Everpure Launches Data Stream to Accelerate Enterprise AI Data Pipelines appeared first on StorageReview.com.

HPE has built a coordinated cyber resilience architecture around the Alletra Storage MP B10000. It extends the platform’s native security capabilities through an integrated stack that includes virtualization with Morpheus and VM Essentials, continuous data protection with Zerto, long-term backup retention with StoreOnce, and observability via vendor-agnostic security information and event management (SIEM) integration. Taken together, the architecture is designed to align directly with the NIST Cybersecurity Framework 2.0, with the B10000 serving as the operational center across every function of the framework. The whole design exists to answer the two questions a security practitioner will ultimately ask about any piece of infrastructure: Is it still under our control, and is the data on it still being protected?

Enterprise storage historically sits outside the broader security conversation. In most organizations, a chief information security officer who is worried about a misconfigured router in a branch office or an unpatched laptop on the corporate network pays little attention to the storage array in the data center. The array is behind layers of perimeter security, accessible to a small handful of administrators, and largely invisible to the broader IT organization. On paper, it is one of the safest assets in the building.

That assumption no longer holds. Modern ransomware operations have learned that the array is the highest-value target in the data center. Endpoints and servers can be reimaged. Primary storage is where the data actually lives, and an attacker who gains administrative control of the array can encrypt the data, delete the snapshots meant to recover it, and destroy the backups in a single coordinated motion. At that point, the organization is not dealing with an inconvenience; it is negotiating for its survival. The tools available to attackers, including AI-assisted variants that adapt faster than signature-based defenses can keep up with, are increasingly capable of reaching that target.

The stakes are no longer only operational. Regulators in the United States, the European Union, and the United Kingdom have moved infrastructure security from a best practice toward a legal obligation. Frameworks such as the EU’s Digital Operational Resilience Act and the NIS2 Directive require demonstrable controls for detection, recovery, and incident reporting, with accountability that extends to the executive level. The organizations carrying these obligations are exactly the ones running enterprise storage at scale: banks and financial services firms, hospitals and healthcare networks, utilities and critical infrastructure operators, government agencies, and the cloud and service providers that host all of the above. For them, failing to secure the infrastructure layer is not only a risk to the business but also a compliance failure with serious consequences.

The work of cyber resilience sits in the gap between storage and security teams that report to different leaders, measure success differently, and rarely share the operational language needed to coordinate during an incident. Storage administrators understand throughput, capacity, and recovery objectives. Security teams understand kill chains, attack vectors, and posture management. Most organizations discover the gap only after they have been forced to operate in it. The architecture HPE has assembled is designed to close that gap, and the sections that follow work through each NIST function to test how well it does, returning throughout to the two questions of control and protection.

Key Takeaways

• Full-stack resilience: HPE pairs the Alletra Storage MP B10000 with VM Essentials, Zerto, StoreOnce, and vendor-agnostic SIEM integration, mapping the coordinated stack to every NIST CSF 2.0 function.
• Fast block-level detection: The B10000’s built-in entropy-based ransomware engine, validated against 100+ strains, flagged a simulated encryption run in 4-5 minutes and auto-captured a forensic snapshot at the moment of detection.
• Immutability that survives admin compromise: Array-enforced Virtual Lock snapshots stay read-only through retention; even a compromised admin account can’t delete them, and any attempt becomes a logged, SIEM-visible event.
• Tiered recovery: Four tiers (Zerto for lowest RPO, VME snapshots, Virtual Lock promote, and StoreOnce Catalyst for long-term retention) were exercised in the lab, with clean restores from both Virtual Lock and Catalyst.
• Compliance-ready telemetry: Structured security syslog normalized to Elastic Common Schema feeds Elastic Security, CrowdStrike Falcon, or any modern SIEM, supporting DORA/NIS2 evidence and automated SOAR playbooks.

 Architecture Overview

To provide a practical demonstration environment rather than an oversized enterprise deployment, the HPE team built out a compact but functional recovery and backup stack in their Fort Collins lab. At the center of the environment is a three-node HPE VM Essentials (VME) cluster running on HPE ProLiant DL325 Gen 11 Servers, which provides the compute layer for the demo infrastructure. These hosts are interconnected through the local IP network, which also provides connectivity to the NAS layer used within the environment.

Running inside the VME cluster are the HPE Zerto virtual machines, configured similarly to how many organizations currently deploy Zerto in a traditional VMware environment. While the underlying infrastructure here uses HPE VME, the operational flow and recovery functionality remain familiar for administrators experienced with VMware-based disaster recovery workflows.

A WAN-connected secondary Zerto environment is available in the Bristol lab in the UK, with firewall rules and network paths in place to support replication from Fort Collins. The intent of this topology is multi-site recovery: continuous replication and disaster-recovery orchestration across geographically separated sites. This would allow workloads protected in Fort Collins to fail over to Bristol if the primary site became unavailable.

During this engagement, HPE ran Zerto replication locally in Fort Collins due to bandwidth and distance constraints, and because a second parallel VME cluster was not available to exercise the full cross-site flow. The Bristol leg is documented here as configured and available infrastructure, not as a cross-site failover performed in this session.

Storage connectivity in the environment is split between IP and Fibre Channel networking, depending on the workload. The FC SAN fabric connects the VME hosts directly to the HPE Alletra MP B10000 platform, providing shared access to enterprise storage across the cluster. The B10000 also presents Catalyst over Fibre Channel to the StoreOnce Virtual Storage Appliance (VSA), which is the path used for application-consistent backups between the array and the backup target. Virtual Lock snapshots play a central role in the ransomware resilience and immutability workflows on the platform and are exercised in detail in the Protect and Recover sections.

For backup infrastructure, HPE deployed a StoreOnce Gen5 VSA running on a single HPE server in the lab. The VSA exposes the same core StoreOnce functionality as the dedicated appliance. Deduplication, backup target presentation, replication behavior, and integration with the broader HPE data protection stack remain fundamentally the same whether deployed as a VSA or on dedicated hardware. The VSA is well-suited for labs, branch offices, testing environments, and smaller production use cases, making this compact demonstration practical to deploy.

The physical StoreOnce appliance carries an advantage that goes beyond scale and throughput, and it matters specifically in the ransomware context this paper examines. A VSA runs as a guest on a hypervisor. If an attacker compromises the virtualization layer, every workload on it, including a VSA backup target, is within reach. A physical StoreOnce appliance has no such dependency. It runs on dedicated hardware outside the hypervisor that an attacker would have to traverse, keeping the backup of last resort on infrastructure the attacker has not already breached. For production deployments where StoreOnce is the long-term retention tier in a cyber resilience design, the physical appliance is the stronger choice for exactly this reason.

Both the HPE Alletra MP system and the StoreOnce VSA were onboarded to HPE’s Data Services Cloud Console, providing centralized, cloud-based management and visibility across the environment. Through Data Services Cloud Console, the infrastructure can be monitored, managed, and integrated into broader HPE data services workflows from a single interface, tying together storage, backup, and recovery operations.

Govern: Implementing Your Strategy

HPE does not write your governance plan. Your organization, your insurer, and your legal team arrive at the policy. HPE provides the interfaces (APIs, CLIs, Data Services Cloud Console, and the published hardening guides) that let you implement that policy, evidence it, and audit against it.

That distinction matters because most storage vendors quietly assume the opposite. They ship opinionated defaults dressed up as best practices and treat configuration drift as a support problem rather than a governance signal. The B10000 inverts that posture. Every administrative action is logged. Every policy-relevant setting is exposed through the API. The security syslog stream is structured to feed the same SIEM where the rest of the organization’s governance evidence already lives. When an auditor asks who changed the password policy on a specific date, the answer sits in the same pane of glass as every other governed system in the estate.

Two governance disciplines deserve specific call-outs. The first is regulatory alignment. The B10000’s audit logging and SIEM integration architecture supports the operational controls required by the EU’s Digital Operational Resilience Act and the NIS2 Directive, covering detection, response, and recovery activities, incident reporting workflows, and the executive-oversight visibility expected of leadership. Centralizing the audit and security telemetry in the SIEM operationalizes those obligations. The controls the auditor expects to see are not bolted on. They are the same controls that the security operations center (SOC) already uses to operate the platform day-to-day.

The second is executive oversight. Regulatory frameworks increasingly require that leadership demonstrate timely, consolidated visibility into information and communication technology (ICT) risk. A storage array that hides its audit trail behind a vendor-only support portal cannot satisfy that requirement. One that streams audit and security events directly into the customer’s SIEM can. The B10000 was designed for the second pattern.

The platform provides several concrete capabilities. Documented hardening guides define the starting posture. Role-based access controls and dual-authorization mechanisms enforce separation of duties. Multi-factor authentication is built in. Defense Information Systems Agency Security Technical Implementation Guide (DISA STIG) hardening guidance is published for environments that require it. The security syslog stream turns every governance-relevant action into a queryable event. The plan is the customer’s. Instrumentation is the platform’s responsibility.

Identify: Trust in the Platform

Identify, in NIST CSF 2.0 framing, is about understanding what the organization has, where it came from, and what risks it carries. For a storage platform, that translates to supply chain integrity, secure development practices, and a verifiable starting posture.

HPE’s hardware and software supply chain is the foundation. Components are sourced through audited channels, firmware is signed, and platforms ship with tamper-evident packaging and seals that the receiving team can verify against shipment manifests. The supply chain assessment is a documented process that the HPE Cybersecurity Center of Excellence uses to verify that a B10000 leaving the factory in one week has the same provenance as a B10000 leaving in another week.

Secure development practices extend that chain into the software. The B10000 operating system undergoes structured penetration testing, including internal red-team exercises and third-party engagements, with findings fed back into the release cycle. Identify is not a one-time activity completed at install. It is the ongoing verification that the platform trusted on day one is still the platform present on day 400. The B10000 provides the artifacts (signed firmware, hash-verified downloads, hardening guides, secure development documentation, and the audit log stream) that enable that verification. What the security team does with those artifacts is, again, the security team’s decision.

Protect: Maintaining Posture

Protection on the B10000 rests on four mechanisms: immutable Virtual Lock snapshot scheduling, a deliberate separation between array snapshots and hypervisor snapshots, replication to a second site through both array-native Remote Copy and Zerto, and continuous drift detection through the audit log stream.

Immutable Virtual Lock snapshot scheduling

Virtual Lock snapshots are created on a schedule defined at the array and enforced directly by the B10000 storage platform. The snapshots remain immutable and read-only throughout their configured retention window, preventing modification or deletion until expiration. Administrative actions against protected snapshots are recorded in the audit log. They can be forwarded to external SIEM platforms, providing visibility into attempted policy violations, including deletion attempts against protected recovery points.

B10000 snapshots versus VME snapshots

Snapshots come from two places in this environment, and policy design depends on keeping them distinct.

B10000-scheduled snapshots are immutable and read-only and are governed by Virtual Lock retention. VME snapshots, taken by HPE Morpheus VM Essentials at the hypervisor tier, are mutable and read-write for VM-level operational workflows.

If an attacker gains access to the hypervisor, VME snapshots become accessible. Virtual Lock snapshots are not. The Virtual Lock schedule defines the retention floor. VME snapshots fill in the operational layer above it.

Replication: array-native and application-level

A Virtual Lock snapshot at the primary site does not protect against site-level events, and the architecture provides two distinct replication paths to address that. The first is native to the array: B10000 Remote Copy asynchronously replicates volumes to a second B10000 at another site, and, when combined with Virtual Lock snapshot schedules at the target, results in an immutable, physically separate vault that does not depend on the hypervisor or any application-layer software. The second is Zerto, operating at the application level with near-synchronous replication and continuous journal logging, providing the granular, low recovery point objective (RPO) recovery path described in the Recover section.

The two are complementary rather than redundant. Remote Copy preserves the array-enforced immutability guarantees across sites, while Zerto provides checkpoint granularity and orchestrated VM-level failover. In this engagement, the topology was configured to support Zerto replication from Fort Collins to HPE’s Bristol, UK, facility, but during the test session, the replication ran locally in Fort Collins due to bandwidth and parallel-cluster constraints. The Bristol leg is in place as an available topology and a follow-up activity, not as a demonstrated cross-site recovery.

Configuration drift detection

The hardening guide defines a baseline. The continuous audit log stream lets a SIEM verify, in near real time, that the baseline has not drifted. Password policy changes, lockout policy changes, new accounts, role elevations, schedule modifications, and replication target changes all surface as queryable events. The lab environment did not include a SIEM, so drift detection in this engagement was observed at the B10000 audit log level rather than in a centralized correlation tool. In a customer environment with a SIEM in place, the same audit events are fed to the SIEM via the syslog integration described in the Detect section.

Detect: Visibility and Early Warning

The B10000 ships with a built-in ransomware detection engine that monitors storage I/O patterns in real time and raises an alert when the statistical signature of large-scale encryption appears in writes to the array. The HPE Cybersecurity Center of Excellence has validated the engine against more than 100 leading ransomware strains.

Detection is enabled on a per-data-store basis from the VME side. When a data store is created or edited in VME against a B10000 storage server, the Ransomware Detection toggle is enabled by default for every volume provisioned in that data store, with per-volume customization available after creation. The capability requires B10000 OS version 10.5.0 or later. In the Fort Collins lab, the ftc-vme-mg1 data store was configured to connect to the FTC-AMP-5 B10000 over Fibre Channel, with ransomware detection enabled, which is the configuration used for the simulated ransomware run later in this section.

The B10000 also supports system-wide ransomware detection policies directly on the storage array, allowing administrators to define global detection sensitivity and automated snapshot retention behavior across protected volumes. As shown below, the Fort Collins environment had the array-level ransomware detection policy enabled with a low-confidence sensitivity profile and automatic snapshot retention configured. This provides an additional layer of protection beyond the per-data-store enablement in VME, ensuring the detection engine remains consistently enforced at the platform level regardless of how individual volumes are provisioned.

The detection logic for both is entropy-based. Random data, which is what encrypted data looks like at the block level, has high entropy. Legitimate workload data, even when compressed, has a structure the engine recognizes. The engine uses a CuSum entropy calculation to measure the disorder in incoming writes relative to an established baseline. The baseline is learned during a training window when a new volume is first protected and is then maintained by a rolling one-hour I/O profile, so that legitimate workload shifts do not generate false positives. When entropy departs from the baseline by a statistically significant margin, the engine flags the volume.

For the SOC, the key framing is that this is an encryption-detection engine serving as a last line of defense for the environment, not a replacement for endpoint protection. The endpoint is where ransomware should be caught first. The B10000 catches what the endpoint missed.

SIEM integration

The integration is deliberately vendor-agnostic. HPE’s role is to provide the groundwork and tools so the B10000 can feed audit and security log data into whatever SIEM an organization already runs, rather than steering customers toward a single HPE-preferred tool. Detection alerts and audit events are exported through the security syslog stream. The Fluentd-based aggregator HPE publishes on GitHub takes the raw syslog message, normalizes it to Elastic Common Schema, and tags the event with fields such as “event.kind: alert” and “event.severity: high” so the receiving platform’s existing rule engine picks it up without custom parsing. The important distinction is that this data is not merely compatible with modern SIEMs; it is active. It arrives structured to trigger automated alerts and downstream responses rather than sitting in a log archive waiting to be queried after the fact. Elastic Security and CrowdStrike Falcon Next-Gen SIEM are platforms HPE has explicitly validated, and the open syslog format means Microsoft Sentinel and other modern SIEMs can be onboarded with comparable effort.

Simulated ransomware on a Windows host

During remote testing against the HPE Fort Collins lab, a simulated ransomware workload was executed against a Windows host attached to a Virtual Lock-protected volume on the B10000. The simulation ran a controlled encryption script that produced the high-entropy write pattern characteristic of a ransomware encryption event, without using actual malware.

The B10000 detection engine raised the alert within four to five minutes of the encryption script beginning to write to the volume. The alert surfaced on the B10000 management console with the affected volume identified.

The four-to-five-minute window is short enough that immutable snapshots taken at or near the moment of detection capture a clean point-in-time before the attacker has finished traversing the volume. It is faster than most behavioral analytics running at the application layer because the B10000 sees writes at the block level as soon as they occur.

Respond: From Alert to Action

When the B10000 ransomware detection engine fires, the platform takes protective action on its own, before any external system is involved. At the moment of detection, the array captures an immutable snapshot of the affected volume and marks its status as degraded. This alert snapshot is not a clean recovery point and should not be used for restoration, as it may contain encrypted data. It is intended for forensic analysis, preserving the state of the volume at the time the attack was detected. Notably, the array does not cut off access to the volume. The data remains reachable, which is a deliberate design choice. The array raises the alarm and preserves the evidence. Still, it leaves the decision of how to proceed to the operators, who are better positioned to judge whether the event is a genuine attack or a false positive, such as a large, legitimate encryption or compression workload.

This autonomous behavior is the floor, not the ceiling, of the response capability. Because it runs directly on the array, it does not depend on a SIEM rule firing, a syslog stream remaining healthy, or an external automation tool being online. If every other layer fails, the moment-in-time snapshot still exists. That independence is the point: the response that matters most happens whether or not the rest of the stack is functioning.

Above that floor, the active SIEM integration described in the Detect section enables the orchestrated response. Because the B10000’s alerts arrive structured to trigger action rather than to be archived, a customer can build automated playbooks in the SIEM or security orchestration, automation, and response (SOAR) platform they already operate, whether that means extending snapshot retention on the affected volumes, isolating the host, opening an incident ticket, or notifying the response team. HPE provides the active, structured signal. The orchestration logic resides in the customer’s chosen tooling, keeping the response aligned with the runbooks and approval workflows the security team has already built.

One clarification matters here because the interface language can be layered. The B10000 alert offers an option to analyze the data, but the array itself does not scan for or identify specific malware. That option assumes the customer has their own scanning and forensic tooling to point at the affected data. The B10000’s job is detection and preservation, not remediation.

Recover: Tiered Restoration and Validation

Recovery is a tiered set of decisions: which recovery point, from which tier, restored to which environment, validated by which process. The architecture built in the Fort Collins lab supports a four-tier recovery model, where each tier exists because the others do not solve the same problem.

Tier 1: Zerto for continuous protection. Near-synchronous replication with continuous journal logging gives the lowest RPO in the stack. Granular restore lets the incident response team roll back a single VM or file to a checkpoint from moments before the encryption event. This is the tier to reach for when the alert fires quickly and the attacker’s window is narrow.

Tier 2: VME-native protection for daily VM-level restore. The HPE Morpheus VM Essentials snapshot stream provides operational recovery at the VM granularity. This is the tier that handles routine restore work and serves as the fallback if Tier 1 is unavailable.

Tier 3: B10000 immutable Virtual Lock snapshots for volume-level rollback. This is the tier that matters most for the ransomware case. Virtual Lock snapshots are protected against deletion and modification, and the promote operation is B10000-native, with no third-party ISV in the dependency chain.

Tier 4: StoreOnce Catalyst restore for long-term retention and cross-array recovery. Tiers 1 through 3 protect against events measured in hours or days. Tier 4 protects against events measured in weeks or months, in cases where the attacker established persistence long before the encryption fired, and when the only clean recovery point is older than any primary storage snapshot retention period. Catalyst stores are deduplicated, immutable, and can be replicated across StoreOnce systems or detached to Cloud Bank object storage. Catalyst Copy and Cloud Bank Detach together provide the “1” in the 3-2-1-1 model. This is also the tier where the physical-versus-VSA distinction noted in the architecture overview carries the most weight. As the last-resort recovery option, Tier 4 must be able to survive a hypervisor compromise. That is the argument for deploying StoreOnce on a dedicated physical appliance rather than as a VSA in production.

Closing Assessment

The two questions a security practitioner asks about a storage platform are whether the infrastructure remains under the organization’s control and whether the data remains protected. After working through the architecture in the Fort Collins lab, the B10000 answers both more completely than a storage array alone usually can, because the answer does not stop at the array.

The platform logs every administrative action, exposes every policy-relevant setting through its API, and streams the resulting audit and security telemetry to whatever SIEM the organization already runs. The governance plan remains the customer’s to write, but the instrumentation needed to implement it, evidence it, and prove it to an auditor is present and exposed rather than hidden behind a vendor portal. Immutable Virtual Lock snapshots mean that even a compromised administrator account cannot quietly destroy the recovery points, and any attempt to do so becomes a logged, queryable event.

In terms of protection, the detect-and-recover loop at the center of the architecture is the part that held up most convincingly. The B10000 flagged the simulated encryption workload within four to five minutes at the block level and captured a forensic snapshot at the moment of detection without waiting on an external system, and the affected volume was recovered cleanly from both a scheduled Virtual Lock snapshot promote and a StoreOnce Catalyst restore. That is the sequence that matters most during an incident, and it ran without a third-party product in the dependency chain.

What sets the architecture apart is not that the B10000 is dramatically more secure than competing arrays when considered in isolation. It is that HPE is one of the few vendors positioned to deliver storage, virtualization, replication, backup, and observability as a coordinated system, and to test that system as a whole against live ransomware in its own lab rather than validating each component in isolation. For an enterprise that owns the infrastructure but answers to a separate security team and an external regulator, that coordination is the difference between a collection of capable products and a resilience strategy that can be operated under pressure.

The architecture is also advancing quickly. HPE is on a steady release cadence across the stack, with tighter integration between VM Essentials and the B10000, ransomware detection expanding to additional data types beyond block volumes, and a published full-stack reference architecture, all on the near-term roadmap. The direction points toward more of the coordination handled natively by the platform and a clearer blueprint for assembling the kind of resilience design this paper examines.

For years, the storage array was treated as one of the safest assets in the building, largely because no one was paying attention to it. The case this architecture makes is that the array should be the opposite: not the overlooked box in the corner, but an active participant in detecting and surviving an attack, provided the organization does the work of turning the capabilities into a plan.

HPE B10000 Product Page

The post HPE Alletra Storage MP B10000 and NIST CSF 2.0: A Full-Stack Cyber Resilience Architecture appeared first on StorageReview.com.

Veeam Software has introduced new agentic AI capabilities within its Veeam DataAI Command Platform, addressing enterprise challenges related to privacy, compliance, and AI governance. The update adds three AI-driven agents designed to automate policy enforcement and provide continuous, evidence-based validation of compliance across complex data environments.

The announcement reflects a shift from manual, point-in-time compliance processes toward real-time governance aligned with the operational pace of AI systems. Veeam positions these agents as a way to address gaps in traditional privacy programs, which often rely on spreadsheets and disconnected workflows that cannot scale with modern AI-driven data usage.

Addressing Regulatory Complexity in the AI Era

Organizations are facing expanding regulatory requirements that extend beyond data protection into AI model behavior, consent management, and cross-border data flows. Frameworks such as GDPR, the EU AI Act, ePrivacy, and DORA pose significant financial and operational risks, with potential penalties of up to 7% of annual global revenue.

Cassandra Maldini, Head of Product Strategy for Privacy and AI Governance at Veeam, said compliance is no longer a point-in-time exercise and has to be continuous, evidence-based, and built directly into how organizations operate. The company added that AI agents now act on enterprise data at machine speed, generating compliance events faster than any human-operated program can track, which is why it is pushing automation and direct integration into operational workflows.

PrivacyOps Agents for Automated Governance

The new PrivacyOps agents are designed to reduce operational overhead and standardize governance processes across hybrid environments. Built on the DataAI Command Platform’s agent framework, the three agents target key areas where privacy teams typically face bottlenecks.

The Consent Agent serves as a full-stack consent compliance and remediation agent that manages the entire consent lifecycle, from banner creation and automated testing through continuous monitoring and auto-remediation. It captures user consent signals such as cookie preferences, marketing opt-outs, and revoked permissions for AI personalization, then propagates and enforces those signals across downstream systems. This includes analytics platforms, AI pipelines, advertising technologies, SaaS applications, and third-party ecosystems. Powered by Veeam’s regulatory database, it applies automated remediation when policies are violated and generates audit-ready evidence with jurisdiction-aware risk scoring.

The Data Subject Request Agent focuses on automating the intake and management of data subject rights requests. It generates compliant web forms tailored to an organization’s regulatory footprint and keeps them up to date as requirements change. This reduces the need for repeated legal and development cycles and is expected to cut deployment time for these forms by approximately half.

The Assessment Agent targets compliance documentation and reporting. It analyzes available evidence and generates responses for common regulatory requirements such as Data Protection Impact Assessments, EU AI Act conformity assessments, and vendor risk questionnaires. This reduces manual effort while improving consistency and accuracy in compliance reporting.

Unified Data and AI Trust Infrastructure

These agents are delivered through the Veeam DataAI Command Platform, which integrates data security, governance, compliance, privacy, and resilience into a single control plane. The platform is built on the DataAI Command Graph, an intelligence layer that connects to hundreds of data sources across cloud, SaaS, and on-premises environments.

A key component is the People Data Graph, which Veeam describes as the industry’s most advanced identity intelligence graph, unifying structured and unstructured personal data across hybrid multi-cloud environments. This enables real-time, jurisdiction-aware policy enforcement and produces audit-ready evidence of how intent and policy are applied. By operating on live, continuously updated context rather than point-in-time snapshots, the platform supports governance that can keep pace with the agentic era.

Availability

The Consent Agent is available immediately as part of the Veeam DataAI Command Platform. The Data Subject Request Agent and Assessment Agent are expected to be released in the third quarter of 2026.

The post Veeam Adds Three Agentic AI Agents to the DataAI Command Platform for Privacy and AI Governance appeared first on StorageReview.com.

Object First reported 118% year-over-year bookings growth in the first quarter of 2026, reflecting an increased enterprise focus on immutable backup storage as a core defense against ransomware and other destructive cyber events. The company continues to position immutable storage as a foundational element of modern data protection strategies, particularly for organizations standardizing on Veeam.

The company’s approach centers on purpose-built, immutable backup storage designed specifically for Veeam environments. By simplifying deployment and operations, Object First targets organizations that need reliable recovery when production systems are compromised. This model also aligns with regulatory and compliance requirements, including data sovereignty mandates that are increasingly shaping infrastructure decisions.

Regional and Enterprise Growth Trends

Object First saw strong geographic expansion in Q1. EMEA bookings grew 275% year over year, driven largely by regulatory pressure and data sovereignty requirements that favor on-premises control of backup data. The Americas region also posted solid growth, with bookings increasing 45% year over year.

Enterprise adoption accelerated during the quarter. Object First noted that six-figure-and-larger deals doubled compared to the same period last year. This indicates a broader penetration into larger organizations with more complex data protection requirements. Customer growth increased 115% globally, while the number of transacting partners rose 81%, signaling continued channel expansion.

Customer Demand and Channel Expansion

Customer wins in Q1 spanned multiple verticals, including public sector, financial services, healthcare, manufacturing, and gaming. Several healthcare deployments highlighted demand for secure, purpose-built backup infrastructure tailored for Veeam environments. In Europe, compliance-driven use cases remained prominent, including organizations selecting on-premises immutable storage to retain full control over sensitive data.

We have followed Object First for a while. View the video below for in-depth coverage from the launch of Object First latest backup appliance.

Channel activity also expanded. Object First added TD SYNNEX Germany as a distribution partner and elevated SVA System Vertrieb Alexander GmbH to Platinum Partner status, strengthening its position within the European Veeam ecosystem.

Industry Recognition

Ransomware continues to drive the adoption of immutable storage as a baseline requirement for cyber resilience. Object First leadership pointed to increasing demand for solutions that ensure recoverability under attack conditions, particularly in regions with strict data residency requirements. The company also emphasized the role of its partnership with Veeam in delivering integrated backup and recovery capabilities.

Additionally, Object First received several industry recognitions during the quarter. The company was named a 2026 Global InfoSec Award winner by Cyber Defense Magazine in the Hot Company Data Security category at RSAC. It also earned multiple CRN honors, including inclusion in the 2026 Partner Program Guide, the 2026 Cloud 100, and recognition of its executives in the 2026 Channel Chiefs list, underscoring its channel-first strategy and partner ecosystem investments.

The post Object First Reports Strong Q1 2026 Growth as Immutable Backup Gains Traction appeared first on StorageReview.com.

Backup and recovery infrastructure has always been the part of the data center that gets the most attention when something goes wrong, but that pattern has shifted. Ransomware has made backup the last line of defense rather than an insurance policy, and the operational expectations have shifted accordingly. Recovery times that were acceptable five years ago are now liabilities; backup data itself is a major target; and the teams running cyber resilience are smaller and less specialized than they used to be, even as the platforms they manage have grown more complex.

Dell’s response to this shift is PowerProtect One. The platform is built on products customers already know, and the introduction of PowerProtect One signals a sharper positioning: It is Dell’s answer to the historical trade-off between open ecosystems and integrated management. PowerProtect One is a unified cyber resilience platform that brings together management, orchestration, and secure protection storage into a single, intelligent experience.

Designed to protect business-critical data across any environment, PowerProtect One simplifies how organizations build and operate cyber resilience—without forcing them to abandon the heterogeneous ecosystems they already rely on. Built on the combined strengths of PowerProtect Data Manager and PowerProtect Data Domain, PowerProtect One delivers a single control plane that defines policies, governs assets, and handles operational workflows across the protected environment. We have written about Data Domain extensively over the past several years, and the broader Data Domain platform remains the most widely deployed purpose-built backup foundation in the market, with more than 15,000 active customers globally.

The platform also leans heavily on its AI Assistant, a capability that takes on more weight in the current operational climate than it might have a few years ago. Backup and recovery teams are smaller and increasingly staffed by generalists; the volume of repetitive monitoring and triage work has grown, and the windows for responding to ransomware activity or initiating recovery have tightened. The AI Assistant pulls real-time telemetry from across the platform, answers natural language queries about protection status, failed jobs, capacity, and system health, and surfaces clickable navigation links that take administrators directly from question to action. It connects to a customer-hosted LLM through a configurable API endpoint and runs against curated Dell product knowledge. This ensures the answers are grounded in both the live system state and Dell’s documentation, rather than in generic AI output.

In this analysis, we examine PowerProtect One as it lands at Dell Technologies World 2026, including the operational experience, the open ecosystem architecture that lets third-party backup tools work with the platform, the cyber resilience capabilities built around immutability and anomaly detection, and how the AI Assistant changes the path from question to answer. We also touch on what the platform will look like beyond launch, with Dell signaling support for other models within the Data Domain family.

Open Ecosystem and Storage Architecture

One of the clearest signals of how PowerProtect One operates as a unified cyber resilience platform is its approach to storage. Backup data lives in storage units that administrators create and manage directly from the unified interface, which is familiar to anyone who has worked with Data Domain. What is different is how the platform handles those storage units once they exist.

A storage unit on PowerProtect One can serve two distinct purposes. The first is internal use by the solution’s own protection policies, with backup jobs scheduled and orchestrated, and data landing in a storage unit dedicated to that policy. The second is more interesting. The same storage unit construct can be exposed externally through DD Boost, allowing third-party backup applications to write directly to PowerProtect One as a target. Commvault, HYCU, Veeam, and other DD Boost ecosystem partners can use the platform as backup storage without changing their own software stack, and the data is stored in the same protection storage with the same data reduction, compression, and retention lock options as Dell-orchestrated backups.

This is the practical mechanism behind Dell’s “open by design, integrated by experience” framing. Customers running mixed environments do not have to choose between keeping the backup tools their teams already know and consolidating onto a unified protection storage layer. They can do both at the same time. The platform also offers an unusually broad workload catalog through PowerProtect One itself, with native protection for VMware, Hyper-V, Nutanix AHV, Kubernetes, Oracle, SQL, Exchange, SAP HANA, file systems, NAS, and Storage Direct Protection for Dell PowerStore and Dell PowerMax. That depth of coverage matters because it lets the platform serve as a protective layer for nearly anything in the environment, without forcing a tooling decision on the workloads themselves.

Storage unit creation is straightforward in practice. Administrators define soft and hard quotas, set stream limits, enable retention lock when immutability is required, and apply workload-specific tuning where relevant. Both active and cloud tiers are supported, so data can remain local or extend to cloud object storage based on retention and access requirements. Storage units are not exclusively a Dell construct in this platform. The storage units are leveraged by PowerProtect One and third-party utilities separately, but as part of the shared storage layer.

Cyber Resilience by Design

Beyond Anomaly Detection and the operational workflows that surface it, PowerProtect One layers in the security and compliance capabilities that enterprise environments require. The platform supports FIPS 140/2 compliance for cryptographic operations, with all in-flight data encrypted and the option to enable encryption at rest for stored backup copies. Common Criteria readiness is part of the same compliance posture, and Dell runs the platform through ongoing security scans for malware, rootkit activity, OS vulnerabilities, container integrity, and web API flaws.

Access control extends across multiple authentication paths. Single sign-on integrations include Okta, Microsoft Entra ID, PingOne, and RSA SecurID. At the same time, multifactor authentication is supported via TOTP providers such as Google Authenticator, Microsoft Authenticator, Authy, Duo, and LastPass. Role-based access control limits administrative actions to the appropriate users, and audit logging captures activity across the platform for compliance reviews and forensic analysis.

Retention lock is the immutability mechanism most directly tied to ransomware defense. Once applied, backup data cannot be deleted or modified before the retention period expires, even by administrators with elevated privileges. The platform supports both governance and compliance modes, allowing organizations to align with regulatory requirements that demand stricter immutability controls. Combined with Anomaly Detection workflows that flag suspicious changes in backup data, retention lock provides PowerProtect One with the foundation to recover cleanly from ransomware events without relying on the compromised production environment.

PowerProtect One Management

Day 1: Deployment

Initial deployment of the PowerProtect One appliance is quick and guided. In our run, the system can be up and usable in under 10 minutes once the configuration is applied. The initial setup focuses on getting core services online rather than walking users through a long provisioning process.

Early configuration includes host networking, time settings, and iDRAC access for the underlying hardware. Dell includes a read-only iDRAC account, which we found useful in practice. It provides visibility into hardware health and alerts without introducing the risk of accidental changes or shutdowns, something that becomes more important in environments that manage a fleet of Dell systems.

On first login, the platform presents the user with a “Get Started” workflow. This walks through email notifications, AutoSupport, security settings, and licensing. While these can all be configured later, having them front-loaded at the start helps users avoid critical omissions and quickly get the appliance into a production-ready state.

Day 2: Operations

Unified Dashboard 

Day-to-day operations are centered around what Dell calls a Unified Dashboard. From here, PowerProtect One can manage numerous registered systems, giving administrators visibility into and control over all connected systems across the entire environment.

In practice, the dashboard surfaces the most important system information you’re likely to check first. Job activity is clearly displayed across all systems, including running, completed, and failed backups. System health is broken down into services, protection, storage, and security, which makes it easier to spot issues without digging through multiple menus.

Capacity is also easy to track, with active tier usage and available space presented up front. The dashboard also shows total protected assets, recent anomalies, and data reduction efficiency, which provide rich context on how the systems in an environment behave day to day.

Navigation uses a nested tree layout on the left side. In use, this keeps things predictable. When drilling into a specific system or alert, it takes only a few clicks to switch between views without losing your place.

Storage Unit Creation

Storage in PowerProtect One is built around storage units, which serve as the primary containers for backup data under different policies. Storage units are created directly from the Infrastructure tab and incur little overhead.

Each storage unit can be configured with soft and hard quotas, as well as stream limits, to control throughput. Retention lock is available and straightforward to apply, allowing backups to remain immutable for a defined period. In our testing, this was easy to enable and didn’t add complexity to the workflow.

There are also workload-specific optimizations, such as tuning for Oracle environments. Storage units can be used for internal backup jobs or exposed externally via integrations such as DD Boost. PowerProtect One supports active and cloud storage tiers, allowing data to be stored locally or extended to cloud storage as needed.

Policy Creation

Policy creation is handled under the Protection tab and follows a simple workflow. Once assets are added to the system, they can be assigned to a policy and given a defined backup objective.

By default, creating a policy also creates a new storage unit, though existing units can be selected if needed. Retention lock can be applied at this stage, ensuring that backups remain unchanged until the retention period expires.

Backup frequency and type are configurable, including synthetic full schedules and defined execution windows. Retention periods can be adjusted depending on requirements. Additional options such as replication, vaulting, cloud tiering, and archiving are available within the same policy configuration.

Once a policy is created, its progress can be monitored through the job view. In practice, this makes it easy to confirm that policies are running as expected without needing to jump between multiple sections of the interface.

Smart Scheduling

Scheduling is flexible without adding unnecessary complexity. Administrators can define when backups run, how often synthetic fulls occur, and how long data is retained, all through a straightforward, easy-to-adjust workflow.

Execution windows help avoid conflicts with production workloads, while optimization settings allow teams to favor performance or capacity depending on the use case. This flexibility also helps meet SLA requirements, in which backup jobs must be completed within specific timeframes. By tuning schedules and resource usage, administrators can better align backup operations with defined recovery objectives and business expectations.

Overall, the controls strike a balance between flexibility and simplicity, making it easy to adapt schedules without introducing unnecessary overhead.

Anomaly Detection

Anomaly Detection is built into the platform, adding an extra layer of visibility beyond standard job monitoring. When enabled, the system analyzes backup data for unusual patterns that could indicate corruption, misconfiguration, or potential ransomware activity.

Results are presented in a dedicated view where administrators can review flagged events, generate reports, and take action. This includes marking events as safe or isolating suspicious data. The system also allows for custom anomaly rules, helping reduce false positives and align more closely with the specific behavior of each environment.

For organizations, this moves backup from a passive safety net to a more active part of the security and operations strategy. Instead of only confirming that jobs completed successfully, teams gain insight into whether the data itself looks consistent and trustworthy. This can help catch issues earlier, reduce recovery risk, and provide additional confidence that backups will be usable when needed.

It’s particularly valuable in larger environments where manually validating backup integrity across systems isn’t practical. By surfacing potential issues proactively, Anomaly Detection helps reduce time to identify problems and supports faster, more informed decision-making when something looks off.

AI Assistant

PowerProtect One includes an AI Assistant that allows administrators to query the system using natural language. It connects to a customer-provided LLM and pulls real-time operational data.

Rather than replacing the interface, it acts as a shortcut into it. Queries like “show me failed backups” or “what systems are unprotected” return relevant results without requiring navigation through multiple menus. Beyond surfacing information, the assistant can guide users directly to the appropriate areas of the interface to take action, whether that’s reviewing a failed job, adjusting a policy, or creating a new configuration.

This becomes especially valuable in environments with multiple systems or large-scale deployments. Instead of manually drilling into each system to gather status or job data, administrators can query across the environment in a single step. It also lowers the barrier for generalists or teams without deep storage expertise, allowing them to interact with the platform more intuitively and reduce time spent searching for information.

Setup is simple, requiring a base URL, API key, and model selection. Once configured, it provides an additional layer of accessibility to the platform, helping streamline routine checks, troubleshooting, and day-to-day operations.

Day 3: Management

Capacity Monitoring

Capacity monitoring is always visible from the dashboard. It shows how much space is in use, how much remains, and how effective data reduction is over time.

In practice, this makes planning easier. You don’t need to dig through multiple views to understand where you stand; trends are easy to spot in the main interface.

Licensing

Out of the box, the appliance includes a temporary license that supports up to 24TB for 90 days. This provides ample room to deploy and validate the system before applying the purchased permanent license to the unit.

Licensing can be applied online or offline, depending on the organization’s requirements. Once installed, the system can be manually expanded to the new licensed capacity with a single click, without requiring extensive additional configuration. In testing, this process was straightforward and didn’t interrupt normal operations.

PowerProtect One Updates

Updates are handled through a simple workflow. The system can check for updates online directly from Dell or accept manually uploaded packages, and applying an update is a one-click process.

This keeps ongoing maintenance straightforward. In practice, it reduces the time and effort required to keep the system current, which is important in environments where updates often get delayed or forgotten due to complexity.

Key Takeaways

PowerProtect One represents a shift in how Dell delivers cyber resilience. The protection storage architecture, deduplication engine, broad workload catalog, and DD Boost ecosystem are all carried forward from the Data Manager and Data Domain foundation that Dell customers have been deploying for years. PowerProtect One consolidates these capabilities into a single, unified platform, tailored to address the operational challenges faced by cyber resilience teams today.

The approach matters as the long-standing balance between open ecosystems and integrated management has shaped organizational strategies for cyber resilience. PowerProtect One sets aside that tradeoff. Customers can keep the third-party backup tools their teams already know, expose PowerProtect One as a target for those tools via DD Boost, and gain unified management, AI-assisted operations, and platform-level cyber-resilience capabilities without changing the rest of the environment. The open ecosystem story is embedded in the product’s architecture.

PowerProtect One does not require organizations to rebuild their cyber resilience strategy. The backup applications, DD Boost integrations, protection storage architecture, and operational workflows that most Dell customers already rely on remain intact. What changes is the management model around them. Dell has consolidated backup software, protection storage, cyber-resilience tooling, and operational oversight into a single platform that is easier to deploy, manage, and scale.

That shift matters because backup infrastructure is now judged less by whether backups complete successfully and more by how quickly organizations can identify problems, validate recovery points, and restore clean data after an attack. PowerProtect One is designed around those operational realities. The platform keeps the flexibility of an open ecosystem while simplifying the day-to-day experience of managing protection infrastructure across increasingly large and complex environments.

Product Page – Dell PowerProtect One

The post Dell PowerProtect One: Open, Integrated, and Intelligent Cyber Resilience appeared first on StorageReview.com.

Infrastructure for cyber resilience occupies a position in the enterprise stack that primary storage does not. When a system fails, data becomes corrupted, or ransomware locks an organization out of its environment, recovery ultimately depends on the backup platform. That reality has sustained strong demand for purpose-built backup appliances even as cloud-based alternatives have expanded. According to IDC’s 4Q25 Purpose-Built Backup Appliance (PBBA) Tracker, Dell holds the top revenue position in the category, a standing built on the strength of the Dell PowerProtect Data Domain portfolio (based on the Intel^® Xeon^® processor) and its more than 15,000 active customer deployments worldwide.

We covered the Dell PowerProtect Data Domain DD9410 and DD9910, both utilizing the Intel Xeon Scalable processor, in depth when those systems launched, examining the Data-Less Head architecture, the DDOS software stack, the Hardware Root of Trust and Secure Boot chain, and the performance improvements over the prior Data Domain DD9400/DD9900 generation. The Dell PowerProtect Data Domain DD9910F All-Flash appliance builds on that same foundation without redesigning it. The software architecture, deduplication engine, Data Domain Boost (DD Boost) ecosystem, and security capabilities remain consistent across the family. What changes is the storage medium: the All-Flash appliance replaces spinning disk with flash across the entire appliance, targeting the workflows where that transition has the most direct operational impact.

The case for flash in a platform for cyber resilience differs from that in primary storage. Where flash changes the equation is in restore and replication throughput, and the speed of analytics-driven integrity validation in isolated cyber-recovery vaults. Those are the areas where enterprise recovery SLAs are tightening most aggressively, and they are the focus of this analysis.

We examine the All-Flash appliance, starting with the hardware build, including how Intel’s QAT enables hardware-accelerated compression, then turning to how flash concretely changes restore, replication, and cyber recovery workflows, how the appliance’s data reduction reduces storage footprint and TCO, and where the appliance sits within Dell’s current PowerProtect cyber resilience portfolio.

Inside the Data Domain DD9910F All-Flash Appliance

The PowerProtect Data Domain All-Flash appliance follows the architectural model introduced with the current PowerProtect Data Domain generation, pairing a 2U controller with external storage shelves. Dell refers to this design as a Data-Less Head architecture, in which the controller handles compute, metadata services, and system orchestration while backup data resides on externally attached storage. Separating the compute layer from the storage capacity layer allows the system to scale while maintaining consistent performance characteristics across the Data Domain portfolio.

The controller occupies a 2U chassis powered by dual 5th Gen Intel Xeon Scalable processors, which drive the Data Domain file system and inline deduplication engine. Large DDR5 memory pools support the platform’s metadata and data reduction workloads. Intel Quick Assist Technology (QAT) is integrated directly into the 5th Gen Xeon silicon, enabling hardware-accelerated compression within DDOS without consuming a PCIe slot or requiring a dedicated add-on card. By offloading compression to Intel QAT’s on-die accelerators, the Intel Xeon processor platform keeps cores available for deduplication metadata processing and data path operations that directly affect restore throughput and replication speed. It can incur increasingly high compute costs as throughput scales. PCIe Gen5 connectivity in the rear expansion slots provides the bandwidth headroom needed to support high-density networking configurations at the top end of the portfolio.

From the rear of the chassis, the system exposes the networking and expansion capabilities required for large enterprise backup environments. Multiple PCIe slots support high-bandwidth networking adapters, including configurations supporting 10GbE, 25GbE, and 100GbE connectivity. These options allow the appliance to scale network throughput depending on deployment requirements, while dedicated connectivity links the controller to the external storage shelves. Power is delivered through dual redundant power supplies configured to maintain operation if a single PSU fails.

Backup capacity for the All-Flash appliance is provided by the FS240 flash enclosure, a 2U storage shelf populated with enterprise SSDs. Each shelf provides high flash capacity in a form factor that is consistent with the controller chassis. The platform supports up to four FS240 shelves, allowing the system to scale from 272TB to 1.1PB of usable capacity depending on configuration. Each enclosure includes redundant power and cooling components consistent with enterprise availability expectations.

At a 544TB  configuration, the platform consists of the 2U controller and two 2U flash shelves, for a total footprint of 6U. An equivalent HDD-based Data Domain DD9910 deployment occupies roughly 10U of rack space. This difference helps explain Dell’s claims around improved rack efficiency and reduced power consumption with the all-flash design.

Flash Changes the Recovery Equation

Restore operations, replication throughput, and analytics-driven integrity validation in cyber recovery vaults all rely heavily on read performance and rapid access to deduplication metadata. These are the use cases where performance matters most in practice. The proprietary architecture of the All-Flash appliance for the file system, along with performance tuning, optimizes drive performance.

Dell cites up to 4x faster restore performance for the All-Flash appliance compared with the disk-based DD9910 when configured at equivalent capacity. This performance advantage is a system-level outcome, driven by both the flash storage tier and Intel Xeon scalable processor technology, which manages the metadata-intensive workload required by recovery operations.

Since both arrays share the same controller hardware, all gains are directly attainable in the all-flash configuration of the All-Flash appliance. In testing presented during the platform briefing, the restore workload consisted of multiple data streams and successive backup generations with realistic change rates applied between cycles.

In the test scenario shared by Dell and Intel, restore throughput climbs rapidly, then stabilizes at roughly 60 TB per hour and remains at that level throughout the restore operation. The HDD-based DD9910 exhibits a more gradual performance ramp and lower sustained throughput under equivalent workloads. The difference reflects how flash handles read-intensive operations compared with a spinning disk, particularly when a restore workload requires rapid access to many deduplicated data segments across the storage pool. Data Domain systems store unique data segments once and reference them through metadata pointers for subsequent backups. During a restore, the system must locate and reassemble those segments to reconstruct the requested dataset. Because this process involves numerous read operations and metadata lookups, lower-latency flash storage can significantly accelerate the reconstruction of large backup images.

Replication throughput also benefits from faster reads on the flash storage tier. Dell reports up to 2x faster replication for the All-Flash appliance compared with the DD9910 at similar capacity levels. Replication in Data Domain environments typically involves reading data from the source appliance and transferring it to a secondary system, often located at a disaster recovery site or within a cyber recovery vault.

Reducing replication time carries operational implications beyond raw throughput. In cyber recovery architectures, backup data is replicated into an isolated vault environment designed to protect against ransomware. The vault is exposed to production systems only during tightly controlled replication windows. Shorter replication windows reduce the period during which the vault must be accessible to the production environment, narrowing the potential exposure window.

Dell also reports improvements in analytics-driven validation workloads performed within cyber recovery vaults. Using CyberSense analytics in internal testing, the company cites up to 2.8x faster analytics performance on the All-Flash appliance compared with the disk-based DD9910.

CyberSense analytics workflows scan backup data to verify integrity and detect potential signs of corruption or ransomware activity before recovery operations begin. Because the validation process involves scanning large volumes of backup data, the improved read performance of flash media reduces the time required to confirm that a recovery point is clean before initiating a restore.

Power, Space, and the Operational Case for Flash

Performance improvements are the most visible benefit of replacing disks with flash in a cyber resilience platform. Still, the efficiency gains carry independent weight for enterprise buyers managing infrastructure at scale. The Dell internal testing comparing the Intel-powered DD9910F against the disk-based, Intel-powered DD9910 at equivalent capacity indicates up to 80% lower power consumption and a 40% reduction in rack space. In isolation, those figures read as spec sheet claims. Across a multi-site data protection deployment, they translate into a different kind of conversation.

A large enterprise running Data Domain appliances at a primary site, a disaster recovery site, and an isolated cyber recovery vault operates three distinct infrastructure footprints. Power and cooling costs at each of those locations are real line items, and rack density affects what fits in a given facility without additional build-out. The shift from roughly 10U to 6U per fully configured system, combined with significantly lower power draw, changes the infrastructure math for organizations that are either constrained on data center capacity or actively managing energy costs as part of their total cost of ownership calculations.

The cyber recovery vault use case is worth calling out specifically. Vault infrastructure is, by design, isolated and purpose-built, often deployed in a dedicated cage or colocation environment, where power and space are billed directly. Reducing the physical and power footprint of vault infrastructure without sacrificing recovery performance is a meaningful operational benefit in that context, and one that compounds as retention requirements grow and vault capacity scales over time.

Data Reduction and Effective Capacity

While the introduction of flash changes the performance profile of the All-Flash appliance, the underlying efficiency model remains rooted in the Data Domain deduplication engine. Dell now cites data reduction ratios of up to 75:1 for the current Intel Xeon-based PowerProtect Data Domain generation, extending the platform’s long-standing focus on capacity efficiency.

This figure is not purely theoretical. In testing conducted by Prowess Consulting using a representative VMware backup workload, the Data Domain All-Flash appliance achieved approximately 75:1 data reduction, while competing systems required up to 3.8× more physical capacity to protect the same dataset. Over time, as additional backup copies accumulated and redundancy increased, the effective reduction ratio continued to improve, reaching 78:1 after seven days and exceeding 100:1 after two weeks in that test environment.

The behavior reflects how deduplication operates in backup environments. Initial backup copies contain a higher proportion of unique data, while subsequent backups introduce incremental changes that can be efficiently deduplicated against existing data sets. As a result, effective data reduction improves over time as retention periods extend.

From a practical standpoint, this reduction capability is central to how the All-Flash appliance balances flash economics with large-scale backup requirements. While the All-Flash appliance’s raw usable capacity ranges from 272TB to 1.1PB, the disk-based Data Domain DD9910 scales to higher raw capacity levels, up to 2.1PB. Effective capacity in both cases can be significantly higher depending on data characteristics, change rates, and retention policies. Dell positions this efficiency as a key factor in reducing overall infrastructure footprint, power consumption, and long-term storage costs.

Management and the Data Domain System Manager Interface

Management of the All-Flash appliance is handled through the Data Domain System Manager, the same web-based interface used across the Data Domain family. DDOS 8.7 runs identically across the portfolio, so the management experience carries over without retraining, and the All-Flash appliance drops into existing workflows without introducing a new operational model.

 

The dashboard surfaces what administrators reach for most often without requiring navigation: filesystem capacity, used and available space, compression factor, last write time, active alerts, and licensed services status.

Real-time performance charts are one click away, covering CPU utilization, DD Boost throughput, active connections, filesystem operations, and network activity. In active environments receiving backup and replication traffic simultaneously, those charts give administrators an immediate read on whether the platform is performing within expected parameters.

The Data Management section organizes the operational details below the dashboard. The filesystem view covers capacity, usage, and compression at the system level, while M-trees provide a granular layer. Every backup policy from each connected application creates a unique M tree, logically separating workloads within the system. Per-M tree views show space utilization, daily write patterns, and pre- and post-compression breakdowns over configurable time windows, which matter when diagnosing whether a specific workload is compressing as expected or consuming capacity faster than anticipated.

Replication, protocols, hardware, and administration each have dedicated sections in a layout consistent with prior Data Domain generations. The Replication section consolidates pair status, sync state, and job health across connected systems, with both scheduled and on-demand replication managed from the same screen. Protocol configuration covers DD Boost, CIFS, NFS, and VTL in a single section, with DD Boost serving as the primary path for enterprise backup applications and exposing active connections, client lists, plugin versions, and authentication settings in a single view.

The interface reflects a platform designed for use by people who are not exclusively backup specialists. The backup administrator role has contracted meaningfully over the past decade as infrastructure teams consolidate and generalists take on broader responsibilities. The DD System Manager has been refined to remain accessible in that environment, with logical structure, clear real-time reporting, and short paths from alert to diagnosis.

Where the Data Domain All-Flash Appliance Fits in the PowerProtect Portfolio

The current Data Domain lineup spans five hardware models. The Data Domain DD3410 serves small and medium businesses and the Data Domain DD6410 serves medium businesses. At the same time, the Data Domain DD9410 and DD9910 address larger environments, where capacity and throughput requirements scale accordingly. The All-Flash appliance and the All-Flash Ready Node bring flash into the portfolio at different points and for different deployment scenarios.

The All-Flash appliance targets large enterprise environments where recovery SLAs are aggressive, and the operational cost of slow restores or extended replication windows is measurable. It sits alongside the disk-based Data Domain DD9910 rather than replacing it, with the two systems sharing the same software stack and integration ecosystem while differing primarily in storage medium and the performance and efficiency characteristics that follow from that choice. Organizations with large retention requirements and cost-sensitive capacity economics will likely continue to find the Data Domain DD9910 a better fit. Those prioritizing restore speed, vault analytics performance, and power and space efficiency at the high end of the portfolio have a direct path to the All-Flash appliance.

The All-Flash Ready Node is a separate product category for organizations building software-defined or hyperconverged environments, in which Data Domain capabilities are delivered through a customer-supplied server platform rather than a purpose-built appliance. It is not a like-for-like alternative to the DD9910F.

For most large enterprise evaluations, the practical decision point is between the Data Domain DD9910, which uses Intel Xeon Scalable processors, and the All-Flash appliance at an equivalent capacity. The all-flash model carries a higher acquisition cost. Still, Dell positions the reductions in power, cooling, and rack space as meaningful offsets when evaluated against the total cost of ownership over a multi-year deployment.

Conclusion

The Intel-powered Dell PowerProtect Data Domain All-Flash appliance makes a clear case for where flash belongs in data protection. Backup ingestion is largely sequential and throughput-bound, and flash does not fundamentally change that equation. Recovery is where flash matters, and the All-Flash appliance applies it precisely there: up to 4x faster restores, up to 2x faster replication, and up to 2.8x faster CyberSense analytics versus the disk-based DD9910 at equivalent capacity. Each of those translates into a concrete operational outcome, shorter recovery windows, narrower cyber vault exposure periods, and faster integrity validation before data returns to production.

The efficiency story is the second half of the argument. A 6U all-flash footprint replacing roughly 10U of disk-based infrastructure, combined with up to 80% lower power consumption, changes the math for organizations running data protection across primary, DR, and cyber vault sites. In vault deployments specifically, where power and rack space are billed directly, and isolation requirements make every rack unit count, those reductions compound into deep operational savings over a multi-year deployment. The data reduction engine reinforces the economics from the other direction, with effective ratios reaching 75:1 and continuing to improve as retention increases.

What makes the All-Flash appliance work well is that none of this comes at the cost of operational continuity. The architecture has defined Data Domain for years. The DDOS software stack, the DD Boost ecosystem, the security model, and the System Manager interface all carry over unchanged. For the more than 15,000 organizations already running Data Domain, the All-Flash appliance is an easy decision for mission-critical workloads.

For enterprise environments evaluating where flash fits in their data protection strategy, the All-Flash appliance answers that question directly. Dell did not redesign Data Domain to accommodate flash. It applied flash where the architecture benefits most, delivered measurable gains in the workflows where recovery SLAs are tightening fastest, and held the operational model steady.

Dell Technologies Cyber Resilience

This content was produced in partnership with Dell Technologies and Intel. All analyses and conclusions are based on StorageReview’s independent evaluation.

---

Intel^® Xeon^® is a trademark of Intel^® Corporation or its subsidiaries

The post Dell PowerProtect Data Domain All-Flash Appliance: The Intel Powered All-Flash Foundation for Cyber Resilience appeared first on StorageReview.com.

At VeeamON 2026 in New York City, Veeam Software announced Veeam Intelligent ResOps, a new resilience capability designed to unify data context with recovery operations. The offering targets environments where AI-driven activity and automation are accelerating change across enterprise data, requiring more precise visibility and response than traditional backup workflows provide.

Intelligent ResOps is the first resilience service built on the Veeam DataAI Command Platform. It extends Veeam’s existing data protection stack by linking backup and recovery operations with contextual intelligence about data, identity, and AI activity. The goal is to enable targeted recovery actions rather than broad rollbacks, reducing operational disruption and recovery time.

DataAI Command Graph Provides Context Layer

At the core of Intelligent ResOps is the DataAI Command Graph, which functions as a unified intelligence layer across production and backup environments. The graph continuously maps relationships between data, users, permissions, AI agents, activity, and protection status.

This model allows teams to understand what data exists, how it is being accessed or modified, and what is at risk. By correlating this information with the protection state, organizations can move from reactive recovery to context-driven decision-making before, during, and after incidents.

Veeam positions this as a shift away from isolated backup metadata toward a connected system of record that incorporates identity and AI activity alongside traditional data protection signals.

Designed for AI-Driven Change Environments

The release reflects growing enterprise exposure to AI agents and assistants capable of quickly processing large volumes of data. In these environments, small errors or malicious actions can propagate rapidly across datasets.

Intelligent ResOps addresses this by correlating changes with their origin, including user and AI agent activity, and identifying whether impacted data is sensitive, regulated, or redundant. This enables more precise remediation and reduces the risk of restoring unwanted or compromised data.

The company frames the solution as a move toward proactive, measurable resilience operations, in which context is required to assess impact and execute recovery accurately.

Key Capabilities

Intelligent ResOps introduces several functional areas that extend Veeam’s core platform:

• Contextual intelligence classifies data based on sensitivity, regulatory status, business value, and ROT. This informs prioritization during backup and recovery operations.
• Context-aware backup and recovery workflows allow teams to restore only the affected data sets rather than performing full environment rollbacks.
• Data lifecycle intelligence highlights redundant or obsolete data, identifies retention risks, and surfaces policy misalignment that can increase storage overhead and compliance exposure.
• AI visibility and control provide insight into agent activity, including the ability to investigate and roll back unintended changes through integrated tooling.
• A built-in intelligence agent enables natural-language queries of the environment, allowing operators to retrieve insights into data, activity, and protection state without manual analysis.

These capabilities are delivered as an extension to existing Veeam resilience solutions rather than a standalone product.

Microsoft 365 as Initial Workload

Microsoft 365 is the first supported workload for Intelligent ResOps, reflecting its role as a primary repository for enterprise SaaS data. Veeam reports protection coverage for 25 million Microsoft 365 users and is extending that footprint with context-aware recovery capabilities.

The integration spans SharePoint, OneDrive, Teams, and Exchange, providing unified visibility across production and backup environments. Organizations can identify sensitive and redundant data, track user and Copilot activity, and execute targeted recovery operations.

The Microsoft 365 implementation is delivered as an add-on to Veeam Data Cloud for Microsoft 365.

DataAI Command Platform Overview

Intelligent ResOps is part of the broader Veeam DataAI Command Platform, which consolidates data, identity, access, and AI activity into a single operational layer. The platform is structured around five components:

• DataAI Command Graph for unified context and relationships
• DataAI Security for threat visibility and protection alignment
• DataAI Governance for policy enforcement
• DataAI Compliance and Privacy for regulatory alignment
• DataAI Resilience for backup and recovery operations

This architecture is intended to provide a consistent control plane across production and backup data, including visibility into AI agents and models interacting with enterprise datasets.

Availability

General availability is planned for Q3 2026, with Microsoft 365 as the initial supported workload.

The post Veeam Introduces Intelligent ResOps to Add Context-Aware Recovery on DataAI Command Platform appeared first on StorageReview.com.

NetApp announced a set of data management updates for Red Hat OpenShift to improve backup predictability, disaster recovery, and operational scalability across on-premises and cloud-based virtualized environments. The release focuses on OpenShift Virtualization deployments, where growing VM counts and larger datasets can make traditional full-disk backup approaches increasingly inefficient.

The announcement addresses a practical challenge in enterprise virtualization. As OpenShift-based VM environments scale, backup products that rely on scanning entire virtual disks can lengthen backup windows, complicate recovery planning, and increase storage and compute overhead. NetApp is positioning its latest OpenShift integrations around block-level change tracking, automation, and cloud consistency to reduce operational friction.

NetApp tied the launch to broader virtualization growth, citing Red Hat research showing that virtualization remains a core platform for infrastructure modernization and application innovation. According to Red Hat’s State of Virtualization Report, 90% of organizations agree that virtualization supports innovation. Combined with the report’s finding that 71% of organizations have over half of their IT infrastructure virtualized, this trend is driving enterprises to expand their virtualized environments to manage the growing volumes of data fueling the AI era. In that context, the company is targeting organizations consolidating VM and container operations under OpenShift while trying to maintain predictable recovery point and recovery time objectives.

A key update is expanded support in NetApp Backup and Recovery for Red Hat OpenShift and OpenShift Virtualization. The service uses incremental-forever backups with Change Block Tracking, protecting only changed blocks rather than repeatedly scanning full VM disks. NetApp said this approach preserves storage efficiency, avoids data rehydration during backup jobs, and lowers compute overhead. The update also adds more automation for VM-granular protection and recovery, along with resource transformation capabilities intended to speed recovery workflows.

NetApp also introduced public preview support for NetApp Disaster Recovery with Red Hat OpenShift and OpenShift Virtualization. This extends the company’s protection story beyond backup into orchestrated disaster recovery for Kubernetes-based virtual machines running on ONTAP storage. The DR-as-a-service offering is designed to provide guided failover and failback workflows, giving OpenShift administrators a simpler way to protect virtualized workloads without having to build more complex DR processes from scratch.

On the cloud side, Google Cloud NetApp Volumes and the Trident CSI driver for Red Hat OpenShift Virtualization are now generally available with certified support for Red Hat OpenShift Dedicated on Google Cloud. This provides organizations with a supported path to run both VMs and containers in Google Cloud while using NetApp-backed storage services, which may be relevant for customers standardizing hybrid cloud operations or shifting some virtualization capacity off-premises.

NetApp also updated Trident, its Kubernetes storage orchestrator, adding a new parallelism capability for Amazon FSx for NetApp ONTAP and Google Cloud NetApp Volumes environments. Instead of processing storage operations serially in the controller, Trident can now execute them concurrently, which should improve scalability and reduce storage-side bottlenecks in larger deployments.

In comments accompanying the release, NetApp said the goal is to make backup and recovery behavior more predictable as OpenShift VM environments scale. Red Hat framed the joint work as a response to the scale and complexity challenges of modern virtualized infrastructure, particularly in data protection and disaster recovery in hybrid cloud environments.

From a product standpoint, the update is less about introducing a new platform and more about tightening the operational layer around OpenShift Virtualization. For enterprises evaluating OpenShift as a destination for both container and traditional VM workloads, the practical value lies in more efficient backup mechanisms, more automated recovery workflows, and broader support for hybrid and public cloud deployment models.

The post NetApp Expands OpenShift Data Management With Faster VM Backup, DR, and Cloud Scale Support appeared first on StorageReview.com.

At VeeamON 2026 in New York City, Veeam Software introduced a set of coordinated announcements that extend its data resilience strategy into the emerging operational realities of AI. The company unveiled the Veeam DataAI Command Platform, previewed Veeam Data Platform v13.1 alongside a new DataAI Resilience Module, and launched a Data and AI Trust Maturity Model to help enterprises benchmark governance and operational readiness.

Together, these updates position Veeam to address a growing gap between the rapid adoption of AI and the ability to secure, govern, and recover the data those systems depend on.

A New Control Plane for Data, AI, and Identity

The Veeam DataAI Command Platform is a new architectural layer that unifies data protection, security, governance, and compliance for environments where autonomous AI agents operate at scale. The platform builds on Veeam’s acquisition of Securiti AI, integrating data security posture management with Veeam’s existing resilience stack.

At its core is the DataAI Command Graph, an intelligence layer that maps relationships across data, identities, and access controls spanning cloud, SaaS, and on-premises environments. Unlike traditional inventory approaches, the graph operates at a granular level, identifying specific sensitive data elements, access paths, and changes that introduce risk. It also correlates production and backup data, enabling more context-aware recovery and governance workflows.

The platform brings together several functional domains. DataAI Security provides unified visibility into data and AI risk posture. DataAI Governance enforces controls at the data layer rather than relying on agent-level policies, limiting exposure from both sanctioned and unsanctioned AI agents. DataAI Compliance aligns data operations with major regulatory frameworks and produces audit-ready evidence. DataAI Privacy enforces policies in real time based on identity and jurisdiction. DataAI Precision Resilience extends Veeam’s recovery capabilities with more targeted remediation, allowing organizations to correct specific data issues without full system rollback.

Veeam frames this platform as a response to a structural shift in enterprise IT, in which the security boundary moves from infrastructure to the data itself as AI agents increasingly access and act on it.

Advancing the Core Platform with v13.1

In parallel, Veeam previewed Veeam Data Platform v13.1, which introduces more than 70 enhancements focused on modernization, security, and recovery performance. A key theme is workload portability across hypervisors, including support for environments such as OpenShift Virtualization, enabling organizations to move workloads without extensive replatforming.

Identity resilience is another focus area, with enhancements such as Active Directory Forest Recovery to improve recovery from identity-based attacks. Security capabilities expand to include broader malware detection, support for post-quantum cryptography, and deeper integration into security ecosystems.

The release also targets cost and operational efficiency. New capabilities for NAS archiving and long-term retention aim to reduce storage costs, while expanded threat detection extends scanning coverage across AWS, Azure, NAS systems, and Microsoft 365 environments. These updates are designed to improve both detection and recovery timelines across hybrid and multi-cloud estates.

DataAI Resilience Module Introduces Unified Operations

The new DataAI Resilience Module, delivered through the DataAI Command Platform, provides a centralized operational layer for managing data resilience. It introduces a single interface for visibility into protection status, operational health, and readiness across environments.

Global search and inventory capabilities allow operators to quickly determine whether specific workloads are protected and to initiate recovery actions ranging from file-level restores to full-site recovery or clean-room operations. The module also emphasizes operational consistency, reducing configuration drift and simplifying ongoing management tasks.

Built-in AI agents automate routine operations, including log analysis, ticketing workflows, and capacity planning. These capabilities aim to reduce operational overhead while improving responsiveness in large-scale environments.

Addressing the AI Trust Gap

Complementing the platform and product updates, Veeam introduced its Data and AI Trust Maturity Model, a framework designed to help organizations assess how effectively they govern and operationalize AI. The model is based on research across 300 senior business and technology leaders and highlights a widening gap between AI adoption and operational readiness.

The findings indicate that AI is already embedded in many enterprise workflows, yet governance and auditability lag. While most organizations express confidence in scaling AI, a significant portion cannot produce audit-ready evidence to validate that confidence. Operational challenges, including skills gaps, integration complexity, and regulatory uncertainty, are emerging as primary barriers to scaling AI initiatives.

The maturity model evaluates organizations across 12 dimensions and five stages of progression, focusing on how controls perform under real-world conditions. It organizes readiness into four pillars: visibility into data and AI systems, enforcement of security and access controls, resilience through backup and recovery, and data readiness to support AI development.

The associated assessment provides scored benchmarks, peer comparisons, and prioritized recommendations, giving organizations a structured path from experimental AI use to production-scale, accountable deployments.

Availability

Veeam Data Platform v13.1 and the DataAI Resilience Module are expected to reach general availability in early Q3 2026 through Veeam’s partner ecosystem. The DataAI Command Platform and the Data and AI Trust Maturity Model are available as part of Veeam’s broader strategy to integrate data protection, security, and AI governance into a unified operational framework.

The post Veeam Expands Data Resilience Portfolio with DataAI Command Platform, v13.1 Updates, and AI Trust Framework appeared first on StorageReview.com.

Object First announced general availability of Fleet Manager, a cloud-based management service designed to simplify operations across distributed Ootbi backup storage deployments for Veeam environments. The service is included at no additional cost for customers with active support contracts and is targeted at enterprises and service providers managing multi-site backup infrastructure.

More on Object First:

• Deep Dive video on Object First’s Latest Appliances
• Inside Object First: How Simple, Immutable Backup Scales From Edge to Enterprise

As backup environments scale across locations and tenants, operational complexity and visibility gaps increase. Object First cites that the majority of ransomware attacks now target backup data, making centralized oversight and immutability critical to recovery readiness. Fleet Manager addresses this by aggregating telemetry from Ootbi clusters into a single management interface without accessing or modifying backup data. The platform follows a zero-trust design and aligns with CISA’s secure-by-design principles, ensuring that backup data remains immutable even from privileged administrators.

Fleet Manager provides a centralized view of distributed backup infrastructure, enabling administrators to monitor cluster health, storage utilization, and system status across environments. Integrated alerting surfaces issues, such as anomalies detected by Object First’s honeypot capabilities, enabling faster responses to potential threats or operational issues.

The service also introduces secure remote access via a cloud-based control plane, requiring no additional hardware or software deployment. This reduces management overhead while maintaining strict separation between management telemetry and protected backup data.

For service providers and enterprises operating multi-tenant environments, Fleet Manager adds visibility across customer deployments. Administrators can monitor multiple clusters simultaneously, identify outages or capacity constraints, and track potential security events from a unified interface.

With Fleet Manager, Object First extends its Ootbi platform beyond immutable backup storage to include centralized fleet operations, addressing the growing need for visibility and control in distributed, ransomware-resilient backup architectures.

The post Object First Fleet Manager for Distributed Ootbi Backup Environments is Generally Available appeared first on StorageReview.com.

Scality has announced ARTESCA+ Veeam HA, an updated version of its unified software appliance that combines the Veeam Data Platform with Scality ARTESCA object storage on a single system. The release extends the original single-node design into a multi-node, highly available architecture, positioning the platform as a turnkey backup and recovery solution for mid-size enterprises.

At the core of the update is native integration with the Veeam Software Appliance and its built-in high availability capabilities. Scality delivers what it calls triple-high availability across the application, database, and storage layers. This includes high availability for the Veeam Data Platform, resilience for the Veeam configuration database, and distributed storage availability through ARTESCA. All components run on the same hardware platform, eliminating the need for external plugins or additional infrastructure.

The combined system is designed to operate without a single point of failure. If a node becomes unavailable, workloads continue to run without interruption. The architecture scales from 50TB to 10PB, allowing the platform to address mid-market requirements while extending to larger enterprise deployments.

Focus on Backup Resilience and Attack Surface Reduction

The announcement reflects the growing focus on backup infrastructure as a primary target for ransomware. With the majority of attacks now targeting backup repositories, the ability to maintain clean, immutable copies of data has become critical for recovery operations.

ARTESCA is positioned as a backup-centric object storage platform, with S3 Object Lock enforcing immutability at the storage layer. Once data is written in compliance mode, it cannot be altered or deleted during the defined retention period. This applies across users and administrators, effectively preventing tampering or encryption by attackers.

The platform also incorporates a zero-trust security model, requiring authentication for all access and limiting exposure across the stack. Scality’s CORE5 framework extends this approach across multiple layers of the architecture, from API interactions through underlying infrastructure, to reduce potential entry points.

A key architectural decision is the co-location of Veeam and ARTESCA on the same appliance. By keeping all communication internal, the design removes external data paths and prevents exposure of access credentials. A predefined firewall and least-privilege access model further reduce the attack surface. The result is a tightly integrated system that minimizes configuration overhead and reduces operational risk.

Metric/Field	Tower S	Tower L	2U Rack S	2U Rack M	2U Rack L	2u Rack XL	24 LFF Expandable
Overview
Form factor	Tower / 1U Rack	Tower / 1U Rack	2U Rack	2U Rack	2U Rack	2U Rack	2U Rack
Storage Configuration
HDD	4x 8TB	4x 16TB	12x 8TB	12x 12TB	12x 16TB	12x 24TB	12-24x 24TB
Source data	10TB	20TB	40TB	60TB	80TB	120TB	240TB
Usable capacity	21.1TB	42.2TB	73.7TB	110.5TB	147.4TB	221TB	442TB
Virtualization
Qty VMs	40	80	160	240	320	480	960

High-Availability Multi-Server Options

Metric/Field	3 Server 12 LFF Chassis	3 Server 24 LFF Chassis	6 Server 24 LFF Chassis
Overview
Form Factor	3 Server 12 LFF Chassis	3 Server 24 LFF Chassis	6 Server 24 LFF Chassis
Storage Configuration
HDD
Source data	170TB	340TB	470TB	720TB	1,150TB	1,700TB
Usable capacity	251TB	502TB	670TB	1,006TB	1,617TB	2,426TB
Virtualization
Qty VMs	500	1,000	1,500	2,500	4,000	6,000

Simplified Deployment with Built-In High Availability

The unified appliance approach is intended to simplify deployment and ongoing operations. Integration between backup software and storage is preconfigured, reducing the need for manual setup and lowering the likelihood of misconfiguration. Automation across deployment and lifecycle management further supports consistency in production environments.

Michael Cade, EMEA Field CTO at Veeam, noted that Scality ARTESCA+ Veeam’s integrated high-availability features facilitate the adoption of immutable backups by simplifying deployment, streamlining daily operations, and incorporating safeguards to ensure continuous protection and availability of backups even if a component fails.

Thomas Danan, Senior Product Director at Scality’s ARTESCA, highlighted that running Veeam and ARTESCA together on the same platform reduces external attack vectors, creating a deployment that’s simple, more secure, and highly available. He added that the integrated solution features triple high availability, CORE5 security, and a $100,000 cyber guarantee, bringing enterprise-level cyber resilience to mid-sized organizations.

Availability

ARTESCA+ Veeam HA is available through Scality’s global channel network and supports deployment on standard x86 platforms from vendors including Supermicro, HPE, Lenovo, Cisco, and Dell. The offering includes Scality’s $100,000 cyber guarantee, which applies to customers using ARTESCA with immutable storage protections.

The post Scality Introduces ARTESCA+ Veeam HA with Integrated Triple High Availability appeared first on StorageReview.com.

Dell Technologies has announced several updates to its PowerProtect portfolio, focusing on management simplicity, integrated artificial intelligence, and expanded hardware options for mid-sized environments. These enhancements target the growing complexity of distributed workloads across on-premises, edge, and cloud infrastructure.

PowerProtect Data Manager Evolution

The latest iteration of PowerProtect Data Manager introduces a unified dashboard that centralizes visibility across distributed systems. This interface consolidates monitoring into a single view to reduce operational overhead and provide a clearer picture of protection status across the enterprise.

Dell is also integrating a new AI Assistant directly into the Data Manager UI. This tool provides contextual guidance and intelligent navigation to assist administrators in troubleshooting and optimizing configurations. By offering proactive recommendations, the assistant aims to accelerate problem resolution and simplify compliance auditing processes.

Advanced Anomaly Detection and Security

Security capabilities within Data Manager now include expanded anomaly detection for Dell PowerStore snapshots. This feature is designed to identify potential ransomware threats early in the data lifecycle. All anomaly signals from workloads, storage, and protection policies are now aggregated on a dedicated landing page in the UI, enabling faster response to irregularities.

To meet evolving regulatory requirements and NIST standards, the PowerProtect Data Domain Operating System now supports TLS 1.3. This update ensures that the underlying infrastructure remains compliant with modern security protocols and encrypted communication standards.

PowerProtect Data Domain DD3410 Appliance

The PowerProtect Data Domain DD3410 is now available, targeting medium-sized businesses and remote office/branch office (ROBO) locations. Occupying a 2U footprint, the appliance scales from 8TB to 40TB of usable capacity. It is designed for low power and cooling requirements while maintaining the security features found in larger Data Domain models.

 

The DD3410 supports both traditional and modern workloads and integrates natively with PowerStore for streamlined backup and recovery. Furthermore, the appliance is now supported as a vault target within the PowerProtect Cyber Recovery ecosystem, bringing enterprise-grade vaulting to smaller sites.

Storage Efficiency and Cyber Recovery

Data Domain continues to lead in storage efficiency, with real-world telemetry from Data Manager users indicating data reduction ratios as high as 75:1. This level of deduplication significantly lowers the total cost of ownership by reducing the physical storage footprint required for long-term retention.

For organizations deploying Cyber Recovery and CyberSense, Dell has introduced Cyber Recovery Essentials. This offering provides pre-validated reference architectures and standardized configurations to accelerate deployment. Additionally, the portfolio now includes enhanced analytics support for Oracle RAC with ASM, broadening the scope of protected database environments.

The post Dell Technologies Enhances PowerProtect Portfolio for Improved Cyber Resilience appeared first on StorageReview.com.

Veeam has launched the Veeam Intelligence MCP Server, designed to bring backup, recovery, malware, and compliance information into broader enterprise IT operations. The server is built to give teams a single conversational interface for day-to-day operations, planned infrastructure changes, and incident response, with customer control over deployment, data exposure, and integration with AI clients.

Veeam states that the server is designed for environments where operational signals cover backup solutions, monitoring tools, ticketing systems, security platforms, and other systems. Veeam says it is designed to reduce the manual work of checking multiple consoles, correlating alerts across platforms, and moving information between teams during an outage or investigation. Instead of requiring staff to work through separate interfaces, the system is designed to make Veeam Intelligence available within broader operational workflows through the Model Context Protocol, or MCP.

Through MCP, the server enables organizations to integrate Veeam’s data protection and recovery with information from external systems into a single workflow. That includes the ability to compare Veeam’s protection, recovery, malware, and compliance signals with events from IT service management platforms, cloud environments, security products, storage systems, and monitoring tools. The goal is to make it easier for operators to ask natural-language questions, investigate issues that span multiple systems, and get a consolidated operational view without switching between separate products.

In its current form, the server focuses on read-only access, cross-system visibility, and investigation workflows. No destructive or configuration-changing actions are enabled by default. Queries are described as authenticated, authorized, and fully auditable, with a separation between present-day intelligence features and any future action-based capabilities. It is deployed locally as a Docker container and is fully operated and governed by the customer or their service provider.

Veeam also says customers can choose which MCP-compatible AI clients to use, including local or self-hosted large language models such as ChatGPT and Claude, depending on their own security and data sovereignty requirements.

Use Cases

Veeam highlights morning health checks, pre-change validation, ransomware triage, and root cause analysis as use cases for the server. These scenarios focus on giving teams a prioritized view of health and recoverability; confirming that backup jobs, repositories, and configuration backups are resilient to upcoming changes; correlating malware events with affected workloads and clean restore points; and consolidating information such as session histories, repository health, and proxy states when jobs fail.

It will launch with support for Veeam Backup & Replication, Veeam ONE, and Veeam Service Provider Console. The server is open source and available on GitHub.

The post Veeam Releases Open-Source MCP Server for Backup and Recovery Intelligence appeared first on StorageReview.com.

As organizations reevaluate their virtualization strategies, ensuring that proven backup and recovery tools remain compatible with new platforms has become a top priority. Veeam Data Platform now delivers agentless, image-based backup support for HPE Morpheus VM Essentials Software, allowing enterprises to adopt HPE’s KVM-based virtualization (HVM) stack without disrupting established data protection workflows. The integration extends the long-standing partnership between Veeam and Hewlett Packard Enterprise while helping IT teams maintain consistent resiliency standards during infrastructure transitions.

Addressing Modern Virtualization Challenges

The current IT landscape is defined by escalating virtualization costs, rapid data growth, and persistent ransomware threats, all while staffing levels remain flat. Organizations are constantly looking to reduce reliance on vendors while maintaining operational stability across critical virtual machine workloads. HPE Morpheus VM Essentials addresses these needs by offering a streamlined, KVM-based virtualization platform that can operate as a standalone deployment or as part of broader HPE Private Cloud solutions. By providing native host-based protection, Veeam allows customers to leverage familiar backup and recovery features without the overhead of installing and managing agents on each VM.

Technical Capabilities of the HVM Integration

The integration is facilitated through the HPE Morpheus plug-in for Veeam Backup & Replication version 13.0.1 or later. By interacting directly with the HVM hypervisor and the HPE Morpheus control plane, Veeam captures image-level backups that remain compatible even if a customer scales to the more advanced HPE Morpheus Enterprise control plane. This purpose-built architecture supports several high-performance features designed for enterprise efficiency.

Changed Block Tracking (CBT) accelerates incremental daily backups by significantly reducing read I/O on source volumes. The platform also supports full VM restores to VME from backups taken on other supported hypervisors, enabling seamless cross-hypervisor recovery. For application consistency, the solution includes VSS integration and provides granular recovery for Microsoft Exchange, SQL Server, Active Directory, and Oracle. Transport flexibility is maintained through NBD and HotAdd modes, while datastore support extends to GFS2 and NFS, with integration via the HPE Alletra Storage MP plug-in.

For organizations moving toward cloud-native architectures, Veeam Kasten can be deployed to extend protection to HPE Morpheus Kubernetes services, ensuring a unified protection strategy as infrastructure evolves.

Enhancing Cyber Resilience and Business Outcomes

The technical integration between Veeam and HPE is designed to deliver specific operational outcomes, such as shorter backup windows and minimal impact on production. Application-aware image protection ensures that restored VMs are immediately usable, which reduces troubleshooting time during service recovery. From a security perspective, combining image-based backups with encryption and verification supports the 3-2-1-1-0 principle. This model emphasizes three copies of data on two different media types, with one off-site copy, one immutable copy, and zero verified errors.

This layered immutability is a critical component in defending against modern ransomware. By aligning HPE’s private cloud infrastructure and HVM hypervisor with the Veeam Data Platform, the two companies provide a validated foundation for hypervisor migration. Organizations deploying HPE Morpheus VM Essentials can now maintain proven backup and portability standards from the initial stages of deployment.

The post Veeam Announces General Availability of Agentless Backup for HPE Morpheus VM Essentials appeared first on StorageReview.com.

HPE introduced the Alletra Storage MP X10000 platform in late November 2024 as the first disaggregated, all-flash, scale-out storage system designed to unify modern workloads under a single architecture. The design centers on a common hardware foundation managed entirely through the GreenLake (formerly HPE GreenLake) cloud platform, delivering high-performance object storage, flexible scaling, and integrated data intelligence services. In August 2025, HPE expanded the platform with the data protection accelerator node (DPAN). This addition created a dedicated path for high-speed backup and rapid restore operations by combining StoreOnce Catalyst with the X10000’s native S3 interface. Together, these components form the data protection solution we are evaluating in this report.

Key Takeaways

• Flash-First NVMe Architecture: X10000 delivers all-flash, scale-out object storage that brings primary-storage-class performance to backup and recovery workflows.
• Up to 300 TB/Hour Ingest Per DPAN: In testing, a single DPAN sustained up to 83.83 GB/s (300+ TB/hour), with throughput scaling predictably as additional nodes are added.
• Bottlenecks Shift Upstream: DPAN removes target-side constraints, exposing limits in backup software orchestration, networking, and client-write performance.
• Catalyst-Driven Data Reduction Pipeline: Source-side deduplication and compression using StoreOnce Catalyst reduce network load and extend effective storage capacity by up to 60:1.
• Built for Modern Workloads: The DPAN and X10000 architecture prepare backup infrastructure for high-concurrency environments, large databases, and AI-scale data growth.

The core job of the data protection accelerator node is straightforward. It performs deduplication, encryption, and data movement from backup software to the X10000 at speeds that traditional backup hardware cannot match. Catalyst plays the key role here. Catalyst is HPE’s data reduction and data movement protocol that integrates with several enterprise backup platforms. It identifies duplicate segments at the source and sends only clean, encrypted data to the DPAN. This reduces network load and allows the X10000 to ingest backup streams at very high speeds. HPE’s public claims include up to 1.2 PB of ingest performance per hour in a 4-node DPAN configuration, up to 22 times faster restores than older systems, and up to 60:1 data reduction. These numbers promise meaningful relief for organizations that face backup window constraints and slow recovery times.

Where this platform becomes interesting is in how dramatically it diverges from the legacy blueprint for data protection infrastructure. Traditional backup hardware has long been anchored in HDD-based systems with controller bottlenecks and rehydration cycles that limit performance. The DPAN and X10000 approach turns that model on its head. Instead of a slow, capacity-driven target, HPE delivers an all-flash, horizontally scaled, analytics-grade storage platform as the foundation for data protection. This elevates backup and recovery performance to the same level of responsiveness as primary storage architectures. In practical terms, this changes how backup windows look and, more importantly, what recovery timelines are possible with a modern backup infrastructure.

The X10000 runs a log-structured, flash-optimized key-value engine that maintains predictable latency even as concurrency increases. It uses NVMe SSDs throughout the cluster and links nodes via a disaggregated shared-everything model, delivering linear performance growth as hardware is added. The data protection accelerator node completes the picture by pairing the Catalyst engine with an encrypted, high-speed data path into the X10000 over 100 GbE. This design avoids the controller bottlenecks, rehydration penalties, and mechanical disk limitations that define traditional backup appliances. The result is a target that behaves more like a high-performance primary storage platform than a simple capacity tier.

There are clear business benefits when performance moves into this range. Shorter backup windows reduce operational risk and enable the protection of larger datasets without increasing the hardware footprint. Faster restore performance reduces downtime and improves resilience under tight RTO requirements. Data reduction lowers effective storage costs and extends the cluster’s useful life before expansion is necessary. Cloud-based management through GreenLake also reduces the operational burden on administrators, who would otherwise manage several independent platforms. Taken together, these strengths position the X10000 with the DPAN as a modern and scalable foundation for organizations that have outgrown traditional backup targets.

For this analysis, we partnered with Commvault, a major ISV supporting Catalyst-based workflows. Commvault already integrates source-side deduplication and high-speed data streaming, which closely aligns with HPE’s recommended configuration. HPE also supports other enterprise backup platforms, so the architectural and performance characteristics described here apply across a broader ecosystem of data protection partners.

Building a High-Speed Engine for Data Protection

With the high-level platform story established, we can examine in more detail how the X10000 and the data protection accelerator node are built and how they work together. The X10000 brings a flash-based, scale-out object layer designed for wide parallelism, while the accelerator node supplies the compute path for dedupe, encryption, and high-speed data movement. Understanding how these components are constructed, how data flows between them, and how performance increases with additional nodes provides the technical foundation for the performance results.

Data Protection Accelerator Node Capabilities in Practice

At scale, the Data Protection Accelerator Node behaves less like a traditional backup appliance and more like a high-throughput data movement engine. A single accelerator node can sustain approximately 300 TB/hour of backup ingest. As additional nodes are introduced, performance scales linearly. A four-node DPAN configuration can deliver up to 1.2 PB per hour, providing a clear and predictable path to higher throughput as backup environments grow.

Scalability in the data protection accelerator node is achieved through a modular design built on the HPE StoreOnce Gen5 platform. Each data protection accelerator node is a self-contained system that incorporates four dual-port 25 GbE NICs (eight 25 GbE ports total), aggregated via LACP into a 200 GbE logical network path, along with eight SSDs in RAID 6, providing 92 TB of usable cache for data management operations.

Backup ingest and processing are distributed across nodes, allowing performance and capacity to scale horizontally as additional accelerator nodes are added. With support for up to 10 active accelerator nodes (plus up to two optional high-availability nodes), the platform increases aggregate ingest bandwidth and effective backup capacity in a linear fashion, avoiding centralized bottlenecks and enabling predictable scaling as backup demands grow.

Specification	HPE Alletra Storage MP X10000 DPAN
Node Configuration
Form Factor	2U
Minimum Nodes	0
Maximum Nodes	10 active (+2 optional HA)
Storage & Caching
SSDs	8
Usable Cache (Data Management)	92 TB
Max Usable Backup Storage per Node	2 PB
Max Effective Backup Storage per Node	120 PB
Networking – 25 GbE Ports	8

Source-Side Deduplication and Data Reduction Pipeline

A defining characteristic of the architecture is its reliance on inline, source-side deduplication using HPE StoreOnce Catalyst. Deduplication is performed before data is transmitted to the accelerator node, using fine-grained 4 KB chunk sizes. This approach minimizes data movement across the network and maximizes space efficiency, particularly in environments with high levels of redundancy across backup sets.

Once duplicate segments are eliminated, the remaining data is compressed before transmission. This further reduces network utilization and ensures that only optimized data enters the accelerator pipeline. The accelerator node does not store backup payloads locally. Instead, it maintains metadata and catalog information required to track deduplicated objects and restore relationships. All backup data is streamed directly and continuously to the X10000 using its native S3 interface.

This design avoids the need for rehydration stages, staging disks, or secondary landing zones. The X10000 receives deduplicated, compressed, and encrypted data in a form that can be written efficiently to its flash-based object store.

Secure, Native S3 Storage Target

Using native S3 as the storage target is central to the system’s flexibility. Because the accelerator node writes directly to the X10000 over S3, the platform integrates cleanly with modern backup software without proprietary storage protocols or translation layers. Data arrives encrypted and optimized, allowing the X10000 to focus on durable, parallel object placement across NVMe flash.

Real-world Catalyst data reduction ratios of up to 60:1 significantly extend storage capacity and reduce the frequency of expansion events. This level of reduction directly impacts the total cost of ownership, particularly for long-retention backup datasets that would otherwise require substantial raw capacity. For Commvault’s direct S3 backup to the X10000, the ratio is typically 6:1 to 7:1.

Supporting Best-Practice Data Protection Models

Beyond raw performance, the architecture aligns well with established data protection best practices. The system supports a 3-2-1-1-0 copy model in which primary data resides on production storage, backup data is stored on the X10000, and an additional copy is replicated to public cloud storage using HPE Cloud Bank Storage. HPE’s 3-2-1-1-0 support is achieved by enabling fast backup to flash, a secure off-site copy, and an immutable copy for ransomware recovery. This ensures resilience against both local failures and site-wide outages.

The design naturally supports the “two different media types” principle by separating primary storage from the flash-based object storage used for backups, with the public cloud serving as an additional medium. Storing one copy off-site in the cloud provides geographic isolation and strengthens disaster recovery and ransomware protection strategies without introducing operational complexity.

Backup Software Ecosystem Support

The Data Protection Accelerator Node integrates with multiple enterprise backup platforms that support Catalyst-based workflows. Commvault and Cohesity NetBackup are fully supported, and support for Veeam expands the platform’s applicability across a wide range of enterprise environments. Because deduplication and data movement are handled by the accelerator node rather than by the backup application alone, these integrations deliver consistent performance regardless of the software layer in use.

Scaling Backup Performance by Design

Taken together, these elements explain why adding data protection accelerator nodes directly boosts backup performance. Each node contributes additional compute capacity, network bandwidth, and deduplication throughput to a specific X10000 cluster. There is no shared global accelerator pool and no hidden contention between clusters. Scaling is explicit, local, and predictable.

Putting the DPAN to Work (3-Server Backup and Restore Validation)

The data protection accelerator node fundamentally changes the performance profile of backup and restore workflows. Rather than being constrained by the target storage subsystem, organizations implementing the accelerator node often discover that throughput is now limited by upstream components: the backup application’s orchestration overhead, source server capacity, or network infrastructure. This is similar to how the transition to NVMe flash in primary storage exposed bottlenecks in legacy network fabrics.

This validation effort focused on characterizing real-world DPAN behavior under enterprise workloads, with particular emphasis on understanding where performance boundaries shift as the backup target is no longer the constraint.

Testing Configuration

For the three-server configuration, we used a focused test design to isolate and validate the performance characteristics of a single DPAN under parallel load. In our backup and restore test, we used eight Commvault Media Gateway VMs on each host. The backup throughput was slightly impacted by the additional gateways due to the ESXi memory ceiling. However, there was noticeable improvement in the restore performance.

Component	Configuration
Backup Hosts	3 (HPE DL380 Gen11, ESXi hosts with NVMe storage, each with 48 VMs and 8 Commvault Media Gateways)
Commvault Host	1 (HPE DL380 Gen 11) Dual Xeon Gold 6430 (64 Cores total), 512GB RAM, 8TB storage (Commvault 11.40.26)
Data Protection Accelerator	1 (HPE 7720 DPA) Dual Xeon Gold 6538Y+ (64 cores total) 1.5TB RAM, 92TB NVMe bonded 200GbE
VMs	144 VMs total across the 3 backup hosts (190GB each, 27.36 TB total dataset)
Storage	4 server 8-node HPE Alletra Storage MP X10000 + (4x JBOF configuration), each with 2x disk controllers per JBOF
Networking Fabric	200 GbE network fabric (2x NVIDIA SN4600c Mellanox, bonded 8x 25GbE per DPA) + 2x Backend Switches (NVMeoF) (Aruba CX 8325)

This single-DPAN configuration enabled clear characterization of throughput and system behavior, demonstrating the contribution of each DPAN to the overall architecture.

Backup Performance

With three backup servers feeding a single DPAN, the system demonstrated how the accelerator node eliminates the target as a performance bottleneck.

In this test, the environment sustained 17.54 GB/s of aggregate backup throughput while protecting 144 virtual machines concurrently. The full 27.36 TB dataset was completed in just 26 minutes, yielding an effective backup rate of approximately 63.1 TB per hour, or 0.063 PB/hr. At this point, throughput was no longer constrained by the HPE Alletra MP X10000 object storage layer but by the backup servers’ and network fabric’s ability to generate and sustain parallel streams.

When projected to a larger configuration with 30 backup servers connected to a single DPAN, the projected aggregate throughput reaches 175.38 GB/s, corresponding to a theoretical maximum of roughly 0.63 PB per hour.

Metric	Result
Sustained Throughput	17.54 GB/s
Effective Throughput	63.1 TB/hour
VMs Backed Up Concurrently	144
Total Dataset	27.36 TB
Total Backup Window	26 minutes
Extrapolated Capacity (30 servers, 1 DPA)
Aggregate Throughput	175.38 GB/s
Theoretical Maximum	0.63 PB/hour

*Extrapolated figures are based on a 3 x 10 ESXi server, 1 DPAN configuration scaling estimate.

Restore Performance

Restore operations similarly demonstrated that the DPAN eliminates target-side constraints, with performance now bounded by client infrastructure.

During testing, the environment sustained 4.90 GB/s of aggregate restore throughput while restoring 144 virtual machines concurrently. A total of 27.36 TB was recovered in just 93 minutes, translating to an effective restore rate of approximately 17.64 TB per hour. This demonstrates the DPAN’s ability to parallelize read operations at scale while maintaining consistent throughput across a heavily concurrent workload.

It is also important to note that Commvault required approximately one hour of pre-restore preparation time before data movement. This orchestration overhead materially impacts total restore duration and is reflected in the reported metrics.

In a larger deployment of 30 servers protected by 1 DPAN, the projected aggregate throughput is approximately 49.03 GB/s, equating to roughly 0.18 PB/hr of sustained read capability per accelerator node.

Metric	Result
Sustained Throughput	4.90 GB/s
Effective Throughput	17.64 TB/hour
VMs Restored Concurrently	144
Total Dataset	27.36 TB
Total Restore Window	93 minutes
Extrapolated Capacity (30 servers, 1 DPA)
Aggregate Throughput	49.03 GB/s
Per DPAN Sustained Read Capability	0.18 PB/hour

*Extrapolated figures are based on a 3 x 10 ESXi server, 1 DPAN configuration scaling estimate.

The restore performance highlights that once DPAN is deployed, restore speed becomes heavily constrained by client-side factors: network capacity, storage write speed, and the restore targets’ ability to absorb data. The DPA can deliver significantly more throughput than most client environments currently consume.

Pushing Single-DPAN Limits: The “Hero Configuration”

To identify the upper performance boundary of a single DPA node, HPE scaled beyond the three-server baseline configuration to what they termed the “hero configuration”: seven backup servers protecting 336 VMs totaling approximately 65 TB.

 

Seven-Server Hero Configuration Results:
Across seven backup servers, the system delivered 83.83 GB/s of aggregate throughput while protecting 336 virtual machines concurrently. The total 65.38 TB dataset was completed in just 13 minutes, translating to an effective backup rate of approximately 301.7 TB/hr, or 0.301 PB/hr. At this level of concurrency, the environment operated as a highly parallelized ingest pipeline, with performance driven primarily by available client compute, media processing capacity, and fabric bandwidth rather than by target-side constraints.

Metric	Result
Sustained Throughput	83.83 GB/s
Effective Throughput	0.301 PB/hour
VMs Backed Up Concurrently	336
Total Dataset	65.38 TB
Total Backup Window	13 minutes

This configuration showed that, even with more than twice as many backup servers, the single DPAN had not reached its performance ceiling. HPE was unable to find the maximum throughput limit of a single DPA because the backup application reached its orchestration capacity first. The constraint was no longer the target storage system or even the DPA itself, but rather the backup application’s ability to manage job scheduling, data movement coordination, and metadata operations at this scale.

Validated four-node testing sustained approximately 1.2 PB/hour of aggregate ingest throughput while confirming linear scaling characteristics across active nodes. With support for up to 10 accelerator nodes per cluster, the architecture operates in the multi-petabyte-per-hour class and is designed to scale beyond 2.5 PB/hour as configurations expand. In our testing, upstream orchestration and network infrastructure became limiting factors before the accelerator nodes reached saturation, underscoring the architectural headroom available within the design.

Oracle RMAN Database Backup: Direct-to-Storage vs. DPAN

To demonstrate the DPAN’s impact on large-scale database backup workflows, HPE also conducted a comparative test using a 100TB Oracle database workload. This test directly compared backup performance when writing to the X10000 storage array alone versus leveraging the DPAN architecture.

Test Configuration:

The table below outlines the detailed testing configuration of the Oracle backup validation environment. This setup was designed to evaluate large-scale Oracle RAC protection using NetBackup 11 with HPE Alletra storage platforms and a DPAN.

Component	Configuration
NetBackup Media Servers	3x HPE DL380 Gen10+ NetBackup (Version 11.0.0.1)
Oracle RAC 19c Cluster	2x HPE DL380 Gen10+ (4x 32x Gb FC per host)
Source Array	Single Alletra 6050 (hosting Oracle database) (4x 32x Gb FC per host)
Backup Target	2x Alletra Storage MP X10000 (3-node configuration 2+1 node config) + (2x JBOF configuration) each with 2x disk controllers per JBOF
Data Protection Accelerator	Single node (DPAN for configuration only)
Network	Single 100GbE (HPE Aruba CX8325)
Workload	100TB Oracle database

Test Results:
The table below shows the results of the same 100TB full Oracle database backup executed under two conditions:

• Direct-to-X10000 (S3 target without DPAN)
• Accelerated backup with a single DPAN in the data path

In both scenarios, the identical Oracle workload and dataset were protected. The only architectural change was the introduction of the Data Protection Accelerator Node (DPAN) bonded 200GbE into the networking fabric, allowing for a direct performance comparison.

Metric	Direct-to-X10K (without DPAN)	Accelerated With Single DPAN
Sustained Throughput	6.46 GB/s	11.57 GB/s
Effective Throughput	23.3 TB/hour	41.7 TB/hour
Total Backup Window	4.3 hours	2.4 hours
Database Backed Up	100TB	100TB

Performance Impact:

• 1.79x throughput improvement (11.57 GB/s vs. 6.46 GB/s)
• 44% reduction in backup window (2.4 hours vs. 4.3 hours)

This test validates that the DPAN delivers measurable acceleration even for structured database workloads, nearly doubling throughput and cutting backup windows in half. The improvement demonstrates how the accelerator node’s deduplication and compression processing offloads are performed in the source environment and the target storage array, enabling faster data protection cycles for mission-critical database systems.

Turning Performance Into Real-World Outcomes

The most important takeaway from this testing is not just the throughput numbers; it is where the bottlenecks moved. Across every validation scenario, the X10000 and data protection accelerator node removed the traditional target-side ceiling that has defined backup infrastructure for decades. In the three-server validation, ingest performance quickly shifted upstream into media server orchestration and client data generation limits. In the seven-server configuration, even at more than 0.30 PB per hour, the DPAN had not reached its maximum. The constraint became the backup application’s ability to coordinate jobs at scale.

Restore testing followed the same pattern. Once the DPAN eliminated target-side friction, restore performance was governed by client-side write speeds, network bandwidth, and orchestration overhead. In practice, the backup appliance was no longer the bottleneck. The surrounding infrastructure was, and this shift is significant.

Traditional HDD-based backup systems were architected around landing zones, controller chokepoints, and rehydration workflows. Performance was tuned to match those limitations. In contrast, the DPAN and X10000 combination introduces primary-storage-class ingest and restore behavior into backup workflows. That changes where design pressure is applied within the data center.

Network fabrics must sustain higher concurrency. Media servers must coordinate more streams. Client systems must absorb restore traffic at speeds they may not have been designed for. Even SSD write performance on protected servers becomes a consideration during large-scale restores.

Perhaps most importantly, backup applications themselves were not originally engineered for this level of throughput. As demonstrated in testing, orchestration overhead can become the limiting factor before the DPAN or X10000 reaches saturation. That reality highlights a broader industry challenge. Backup software stacks must evolve to fully exploit modern storage performance.

HPE, however, has positioned the DPAN as a purpose-built acceleration layer that bridges that gap today. By offloading deduplication, encryption, and high-speed data movement into a dedicated compute node and pairing it with a flash-native object backend, HPE has created a platform that pushes backup and recovery performance into territory historically reserved for primary storage systems.

The result is not incremental improvement. It is a redistribution of stress across the data protection infrastructure stack. And that redistribution is exactly what modern backup environments require as datasets grow and recovery expectations tighten.

A New Standard for Backup Infrastructure

The HPE Data Protection Accelerator Node represents a structural shift in how backup infrastructure is designed. By pairing StoreOnce Catalyst’s source-side deduplication with a high-speed encrypted data path into the flash-native X10000 object platform, DPAN creates a dedicated acceleration layer that separates data movement and reduction from storage durability. That architectural clarity is what enables its performance characteristics.

Catalyst ensures that only optimized data traverses the network and enters the object layer. The X10000 focuses on durable, parallel object placement across NVMe flash. DPAN focuses on compute-intensive tasks, such as deduplication and encryption. Each layer performs its role without compromise. The result is a backup architecture built around throughput and concurrency rather than containment. What makes this particularly relevant is not just how it performs today but what it enables tomorrow.

Modern infrastructure is evolving toward higher concurrency, denser virtualization, AI-driven analytics pipelines, and increasingly aggressive recovery objectives. These environments generate larger datasets at higher velocity and require faster recovery when issues arise. Backup systems can no longer operate as slow secondary tiers that quietly trail production performance. They must keep pace.

HPE’s Alletra Storage MP X10000 with DPAN prepares backup and recovery for that future. It provides a scalable acceleration model that aligns with flash-native infrastructure trends and object-based storage strategies. As enterprises modernize their primary storage and compute stacks, DPAN ensures the data protection layer does not become the weak link.

HPE has taken a decisive position in this space. With the X10000 and DPAN, the company has delivered a platform that elevates backup and recovery into the same performance conversation as primary storage. For organizations facing shrinking backup windows, expanding data footprints, and more demanding recovery objectives, this architecture offers both immediate gains and long-term alignment with enterprise infrastructure trends.

Learn More from HPE

The post HPE Alletra Storage MP X10000 with the Data Protection Accelerator Node: Backup without the Bottleneck appeared first on StorageReview.com.

NVIDIA is partnering with Akamai, Forescout, Palo Alto Networks, Siemens, and Xage Security to accelerate computing and AI in operational technology (OT) and industrial control system (ICS) environments. The goal is to improve real-time threat detection and response for critical infrastructure. These partnerships use a distributed setup in which security is enforced at the edge and managed by centralized AI.

Today, OT and ICS environments in energy, manufacturing, and transportation rely more on enterprise networks and cloud connectivity. While this supports automation and analysis, it also increases the risk of cyberattacks. Unlike IT environments, OT systems manage physical processes, so cyber incidents can directly affect safety and operations. Many older systems were designed for durability rather than modern threats. This creates a gap between advanced attacks and current defenses.

Distributed Zero-Trust and Edge Enforcement

Forescout and NVIDIA are working together to make zero trust a reality for OT by identifying assets without requiring software agents. Forescout provides real-time risk analysis and network segmentation to restrict lateral movement without disrupting operations. By using NVIDIA BlueField DPUs for security services, protection remains hardware-isolated from essential processes, so security checks do not hinder system performance.

Siemens and Palo Alto Networks are also integrating security into industrial automation. Traditional security tools often slow processes, which can be problematic in high-availability automation. At S4x26, Siemens will showcase an AI-ready Industrial Automation Data Center. It combines virtualized compute with a cybersecurity setup that meets IEC 62443 standards. Offloading Palo Alto Networks Prisma AIRS AI Runtime Security to NVIDIA BlueField DPUs enables deep packet inspection and infrastructure-level anomaly monitoring. This keeps latency low while still monitoring industrial traffic.

Agentless Segmentation and Energy Infrastructure Protection

Akamai Technologies has expanded its Guardicore Platform to NVIDIA BlueField, enabling agentless segmentation. This lets operators secure devices and workloads in safe zones without installing agents on older or safety-certified hardware. Segmentation occurs at full network speed within the DPU, enabling rapid threat containment and ensuring that urgent workloads in data centers or edge locations run smoothly.

Xage Security is working with NVIDIA to protect the energy infrastructure that supports large-scale AI projects. Xage offers a distributed, identity-based security platform that safeguards a significant portion of the U.S. midstream pipeline. At S4x26, Xage will demonstrate how to embed zero-trust enforcement directly into energy and AI environments using NVIDIA BlueField. This integration enables the management of third-party access and secures AI operations at scale while maintaining reliability.

A Unified OT Cybersecurity Architecture

A clear cybersecurity architecture is emerging from these collaborations. Security services run on NVIDIA BlueField DPUs near operational systems, enabling hardware-isolated inspection and enforcement. OT data generated at the edge is sent to centralized AI centers for pattern analysis and anomaly detection across multiple sites.

This model enables local security actions at the edge while sharing central insights. The coordinated defense enhances visibility and speeds up response times across distributed environments. By moving security functions to the DPU, organizations can ensure consistent performance and protect uptime while establishing a new standard for resilience in critical infrastructure.

NVIDIA and its partners will demonstrate these accelerated computing and AI solutions at S4x26 in Miami from February 24 to 26.

The post NVIDIA Partners With Cybersecurity Leaders to Secure OT and ICS Infrastructure appeared first on StorageReview.com.

Microsoft said the bug meant that its Copilot AI chatbot was reading and summarizing paying customers' confidential emails, bypassing data-protection policies.