4. API as a premium
– Our API is only available in the Super Deluxe Platinum Enterprise Premium edition
API as a side project to address specific large customers
– Customer X requires automation of feature Y, so add a shim
API for a specific acquisition
– The portfolio contains a few products that came with an API
API as a bolt-on
– The “YOLO” approach with a bolt-on proxy
8. Data Center
Protection
Cloud
Protection
Data
Assurance
Disaster
Recovery
Data
Governance
Eliminate tape back-
ups, tighten RPO and
RTO, archive for long
term retention and
orchestrate recovery
of workloads on-
premises
Centralize
orchestration and
automation for in-
cloud backup,
archival and restores
across multiple
clouds
Proactively identify
suspicious and
anomalous activity.
Quickly rollback and
restore service in the
event of a
ransomware attack
Automatically
discover non-
compliant sensitive
data to reduce risk
exposure, costly
audits and regulatory
fines
Leverage cloud as a
DR site in the event
of a failure to ensure
uninterrupted service
and business
continuity
10. Started with REST since GraphQL was
still closed source at Facebook (and
very new)
Adopted GraphQL for our Polaris SaaS
product.
– Much easier to iterate / develop against.
– Dramatically less requests needed (often
single query).
– Strongly typed model for the win!
https://crystallize.com/comics/rest-vs-graphql
12. Use predictable, resource, and action-oriented URLs
Use HTTP status codes for handling errors and responses
Allow sophisticated authentication mechanisms (such as API Keys).
Support versioning
Aim to be understood by standard HTTP clients
Create a maintainable spec that supports all our use cases
14. There were no API versions
Breaking changes were normal
Standards for model, params, enums, etc. did not exist
The product surface area was rapidly expanding
15. Things we heard from Engineering:
– The API is just for the product to consume; no one else uses them.
– GraphQL is self-documenting and strongly-typed, so no docs are needed.
– Let’s just make another endpoint for Resource X.
17. Place major integration points
(parents) at root level of the API
Add child items to each parent
Leverage HTTP methods to
simplify workflows
Ugly: POST to “/add_node” and
“/remove_node/{id}”
Pretty: POST to “/node” and DELETE to
“/node/{id}”
Use Boolean field naming
conventions
Start with ‘has’, ‘is’ or ‘should’ to make it clear that it is a
Boolean field
Examples: ‘hasRootAccess’, ‘isAdmin’ and
‘shouldDoSomething’
18. Create a consistent and deterministic
experience when dealing with a huge
surface area of integration points: Hypervisors
Cloud
Native
Services
Legacy
Services
File
Servers
Virtual
Appliances
19. Introduced a version into the path*
Establish a specific version control process
and model
Use “/internal” to develop new endpoints, but
make available to end-users
Use “/v1”, “/v2”, “/vn” to publish stable
endpoints
*not applicable in GraphQL
20. No incentives for versioning
Over 95% of the API resided in
Internal
24. Dramatic speed improvements for the GUI
As more objects are added, REST continues to fall behind
Simple to query all objects and use cursor / pagination
More flexibility with our returned values
Stress tested load times
95th percentile load times with GraphQL: 3.256 seconds
95th percentile load times with REST: 6.619 seconds
25. Added GraphQL to our on-premises
product.
– Reporting
– Dashboards
– Various other components
Constructed a SaaS platform with
GraphQL as the standard API
– Started from scratch
– Using what we learned
– Lots of tweaking
26. Schema tools (Voyager, GraphiQL) for visualization
Internal construction of new SDKs
Existing auth methods (e.g. tokens) are valid globally
Base platform will continue with REST and GraphQL
SaaS platform will remain entirely GraphQL
Using GitHub private repos for development
27. Schema is in flux
There are no versions
Documentation holy wars
User education
29. DevOps & Developers
– “Give me API docs, I’ll build
my own integration”
Python
Golang
Ansible
Terraform
Systems Administrators
– Script common tasks
PowerShell
Python
Enterprise Architects
– “Can X integrate with Y?”
30. Things we hear from IT Ops:
– There’s no need to learn an API; they are for developers only
– SDKs and Tools are abstraction layers; just focus on that
– The product should do everything and never require API usage.
31. Too focused on the technology
Not enough focus on the hygiene
Lots of questions from our customers
General fear of GitHub and coding
More was needed
39. Increased collaboration with engineering and support
Create incentives to document and polish the API
Make documentation a top priority
Educate internal stakeholders on API usage
Bring (more) operators into the SDK build process
Use cases, UX, testing, feedback
Over the years, Rubrik has evolved to become an end-to-end data management platform.
Managing an increasingly diverse data estate is only one of the dilemmas our customers are trying to resolve. More often than not, our customers begin to adopt Rubrik when they face more pressure to support companywide objectives around digitalization, application and legacy modernization. Since data and management of data is a key aspect of that journey, a lot of our customers take us along that journey.
Customer example:
Frost Bank’s journey with us is a great demonstration of the Rubrik journey.
Founded in 1868, Frost Bank is one of the 50 largest U.S. banks by asset size and has 130+ branch locations across the state of Texas. Their previous solution (TSM, Networker, Data Domain, NetApp, IBM Spectrum Protect) required complex backup management, necessitating 4 full-time headcounts devoted to managing it. They had poor recovery times and had difficulty scaling backups and meeting compliance requirements. Upgrades were painful and unreliable when finished, so much so that staff avoided them as a whole. They began looking for a solution purpose-built for VMware, which led them to Rubrik.
They began using Rubrik to protect their virtualized environment of 4,000+ VMs and 4.3 PB across Frost Bank’s core banking, insurance, and advisory systems. What attracted them to Rubrik was just how simple it was to create and maintain backup policies but in addition, they were drawn to Rubrik for its instant restores via Live Mount and on-demand compliance reporting.
Rubrik’s immutability gave Frost Bank the confidence that their data is always secure. All the data they backup through Rubrik is encrypted, ensuring that their data is protected at all times in case of ransomware or a cyberattack. With ransomware attacks increasingly targeting banks, Rubrik’s immutable backups ensure that Frost Bank will be able to recover instantly from ransomware with zero data loss.
Along with combating potential ransomware attacks, Rubrik allowed Frost Bank to simplify compliance reporting. Before Rubrik, demonstrating compliance with backup and retention requirements presented a challenge. Frost Bank’s old solution forced them to take screenshots every quarter and work with internal audit departments, but with Rubrik, they can generate compliance reports on demand and simplify and accelerate PCI compliance with visibility.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Other benefits for Frost Bank include:
Reduced daily management time by 8x
Improved RPOs by 3x
Reduced RTOs from hours to minutes
Reduced costs by 30%
API-first Architecture: “Rubrik gives us a lot of flexibility to automate our workflows end-to-end. If we want to deploy a new tool in the future, we know that Rubrik’s APIs will make it easy to integrate."
Native integration with Pure Storage FlashBlades:“We were one of the first customers to deploy Pure’s FlashBlades, and Rubrik’s seamless integration with Pure was a major selling point. With Rubrik and Pure we get insanely fast restores and incredible support when we need it.”
Scale-Out Architecture: “It was a nightmare to try to scale our previous solution. With Rubrik we just add another appliance when we need one, and we’re good to go.”
Significant Cost Savings: “Our old solution was expensive and required frequent refreshes. It would have cost us a lot more to do a lot less with our previous vendor.”
Rubrik also delivers a SaaS framework to capture descriptive metadata about all your applications and data across multi and hybrid cloud applications and normalizes it into a universal data graph. This universal data graph describes your data, so you can easily search and understand it, track how the data has changed and who has access to it, no matter where it resides. By using this sophisticated metadata framework, you can simplify and speed data integration, quickening delivery of trusted data to the point of need. You eliminate silos, make the use of data more pervasive ad self-serving to a wider set of users and reduce the operational complexity that comes with the distribution of data.
Using this rich metadata and Rubrik APIs, Rubrik delivers a variety of purpose-built data management solutions-as-a-service that extend the value of your data across a variety of different data management use cases for centralized management to simplify management of your Rubrik deployment, ML-based ransomware detection and recovery, protection of your cloud workloads like O365, AWS and Azure environments, failover and failback by using Cloud as a DR site to improve resilience and data classification to reduce exposure of sensitive data and demonstrate compliance.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
GPS:
We offer centralized management for your global, distributed Rubrik environment. Your IT teams are now enabled with a comprehensive view of your physical, virtual, and cloud topologies while making management tasks simple and intuitive.
Radar:
Rubrik enables you to increase your resiliency against ransomware by making it faster and easier to recover from an attack. We use machine learning to continuously scan the entire environment to provide insights on how your data has changed over time and be alerted of any anomalous or suspicious activity. After analyzing the point of attack, you can minimize disruption and accelerate recovery by replacing manual recoveries with just a few clicks for minimal business disruption.
O365:
Rubrik brings the power of datacenter protection to the cloud, without having to move your data. For both office 365 and cloud-native protection, Rubrik ensures you can maintain control of where your data is stored. For Office365, all data remains in your Azure subscription, including emails, calendar items, etc. Rubrik orchestrates Azure resources to complete data management tasks, such as backup, search, and recovery, as needed.
Cloud-App Protection:
For protecting your apps in the cloud, Rubrik can also be deployed as a software instance in the cloud and scale protection in-line with cloud service consumption. This allows you to protect cloud-native applications (such as Windows and Linux-based applications, SQL databases) and store backup data in cloud storage.
AppFlows:
Rubrik also enables using cloud as a DR site with orchestration for failover/failback, testing, and cloud migration. You can radically simplify disaster recovery and your IT team can eliminate multiple point solutions, management complexity, and unnecessary costs with a unified approach.
Sonar:
Lastly, to protect you against the evolving regulatory requirements and the need for data privacy, we have built a solution that applies machine learning to discover, classify, and report on sensitive data and easily identify potential violations of compliance policies. We have built-in compliance templates that can instantly applied to facilitate and accelerate compliance with applicable privacy laws such as GDPR, CCPA and more.
This kind of metadata driven insights, that connects distributed data sources enables better business outcomes, improved service levels and ensures business continuity.