Introduction
This article provides information on how Redstor maintains data sovereignty in the various regions we support. As we are rapidly expanding our capability and regional presence, this article is regularly updated with information as it becomes available. Please check back regularly for the latest information.
- To read more about data security at Redstor, see Article 989.
- To read more about how we ensure data immutability, see Article 1420.
Page contents:
Storage regions
Redstor currently has data storage facilities in the following locations:
- Australia – New South Wales, Victoria
- Far East – Hong Kong
- France – Paris
- Germany – Berlin, Frankfurt
- South Africa – Cape Town, Johannesburg
- UK – Reading, Slough
- US – Arizona, Illinois, Texas, Virginia
Processing regions
For some of our services (see below), Redstor processes data regionally to ensure optimal performance and maintain data sovereignty. Our processing locations currently include:
- CH – Zurich
- EU – The Netherlands
- UK – Cardiff, London
- US – Virginia
- ZA – Johannesburg
Maintaining data sovereignty
Data sovereignty is maintained in different ways for the various Redstor services. See below for information regarding each service.
SaaS applications
When it comes to the backup of SaaS applications like Microsoft 365 and Google Workspace, there are two things that happen to the data: processing and storage. Processing refers to the backup and recovery of the data as initiated through a user-defined schedule, while storage refers to the physical location of the servers where the backed-up data is hosted. The flow of SaaS data as it is backed up is therefore as follows:
Data is transmitted securely over TLS 1.2, processed in the processing region, and stored in the storage location. Data is never stored at rest in the processing region.
Redstor assists customers in complying with the necessary regulations by supporting region-based data processing and storage, thus enabling data sovereignty. Data processing and data storage can be done in the same or different regions. For customers who run their own Storage Platforms and therefore store their data themselves, only the data processing side is relevant.
By allowing SaaS data processing to occur on a regional basis, Redstor can maintain end-to-end data sovereignty even for customers with a multi-geographic tenancy. In other words, each account is processed and stored in its sovereign territory. This applies to all supported regions.
The diagrams below provide a simplified explanation of the steps for SaaS data processing and storage with Redstor.
Microsoft 365
Other SaaS applications
For customers who run their own Storage Platforms, the process is the same except that the locale of the Storage Pool can be assigned by the customer.
Machines
The storage location for a machine backup (ESE) account is determined by the Redstor Storage Platform based on the region and group where the account is created. For example, data from an account created in a UK Storage Pool will only be stored in our UK data centres.
Azure VM Pro
During the backup of Azure Virtual Machines, data is read from the storage location, transmitted securely over TLS 1.2 and processed in the processing region. Data is never stored at rest in the processing region. The storage region for an account is determined by the Redstor Storage Platform using information received from the Azure VM Pro agent. The storage region will be within the same geographical region as the source data.
Cloud infrastructure
Data is never stored at rest in the processing region. The storage region for an account is determined by the Redstor Storage Platform and will be within the same geographical region as the source data.
When it comes to the backup of Azure cloud infrastructure (such as Blob Storage), we support batch processing of Azure data in all regions. Since Redstor processes all Azure data in its region of origin, the customer is not liable for any egress charges.
With the backup of Amazon cloud infrastructure (such as EC2), the data remains in the customer's subscription.
Malware detection
Malware detection requires data to be scanned for suspicious data using Redstor’s proprietary machine learning model. During malware detection, data is read from the storage location, transmitted securely over TLS 1.2 and processed in the processing region. Source data is never stored at rest is the processing region. For malware detection, we support processing of data in all regions (CH, EU, UK, US, ZA).
Comments
2 comments
Hi,
Can you confirm this works for Microsoft 365 Multi-Geo customers who have users data homed in multiple geographic locations?
https://docs.microsoft.com/en-us/microsoft-365/enterprise/microsoft-365-multi-geo
Hi Bruce,
Yes, this is exactly what we designed it for.
Thanks for reaching out, and have a great day!
Article is closed for comments.