Integration of centrally-managed backups

END-TO-END DESIGN
CONTENT STRATEGY
SAAS UX
Jan 2024 - 2025
Table of Contents

Overview

Background
Google Cloud Backup and DR Service (GCBDR) is a centrally-managed backup and recovery product for security, compliance, and data protection use cases. It was established follwing the acquisition of Actifio.

I joined the team during a major shift in the product strategy: simplifying the setup and monitoring experience, directly integrating with other Google Cloud products, and improving security through isolated backup storage (Backup Vault)

Role
UX Designer, Backup and DR team

I partnered with UX designers, UX research, UX Writers, Product, and Engineering across two product teams (Backup and DR, Compute Engine)

Key contributions
Research: Requirements gathering, user personas & journeys, high-fidelity prototypes

Design: I worked with my UX Lead and drove the end-to-end experience of how users discover, use, and manage GCBDR backups within GCE

Context

Enterprises running in the Cloud need to protect critical business data, especially in disaster scenarios (i.e. outages, cyber attacks, catastrophic user errors) to prevent significant business disruption or data loss. Google Cloud Backup and DR (GCBDR) is a fully-managed service that provides secure backup storage and centralized backup management, making it easy for enterprises to protect and restore data across all of their Cloud services in one place.

The current product experience requires configuration and management of backup policies in the GCBDR interface, and applying backup policies to Cloud services in a separate interface. This disjointed workflow serves Admin users who manage backup policies across their organization. However, not all enterprises have dedicated admin users. Some have application development teams who are responsible for managing services and also protecting them with backups. For both type of users, navigating multiple interfaces to configure and apply backups creates unnecessary operational overhead.

Current workflow for protecing a VM with GCBDR backup policies

This prompted our team to directly integrate GCBDR within other services. The first integration was with Compute Engine, Google Cloud's most widely used infrastructure service for provisioning and managing virtual machines (VMs).

Since launch, we've observed reduced time to back up VMs from minimizing cross-interface workflows and 89% YoY overall growth of GCBDR, primarily from net-new users.

Challenge

Compute Engine already offered built-in, "native" backup options that current users were using. We needed to seamlessly integrate GCBDR backups into this existing workflow and help users make informed decisions between backup options, without adding cognitive load or disrupting their main tasks.

Solution

I designed an data protection experience within the Compute Engine workflow that helps users differentiate between backup options and simplifies setup by providing default configurations. Since this was the first integration project, the solution had horizontally scale for future GCBDR integrations.

Research signals

My UXR team conducted research to understand how application developer users think about backups and protecting their data, from a mix of with enterprises with dedicated backup admins and enterprises without dedicated backup admins.

After analyzing key research insights, I mapped them to design considerations to inform the UX approach and prioritize solution requirements.

Key insights
  • Many users are currently using “native” backup features (i.e. Compute Engine snapshots)
  • Data protection needs can vary based on different use cases
  • Operational overhead from managing and monitoring backups across services
Design considerations
  • GCBDR's value-add should be clear when positioned alongside native backups
  • Users need guidance on which backup options is best for their use cases.
  • There is a need for centralized backup management and advanced backup capabilities

UX Approach

I worked with UX and product leads across GCBDR and Compute Engine to establish design principles for this integration. Through extensive cross-team collaboration over multiple discussions, we were able to define the following principles that balanced user and business needs, while being scalable across future GCBDR integration projects.

  • Express backups as a unified portfolio: Position GCBDR as the centralized backup solution across Google Cloud
  • Always recommend the most secure protection: Selecting GCBDR’s comprehensive backup option with recommended settings by default

These principles informed solutions to the design challenges that we faced throughout this project:

Differentiating backup options

When testing initial designs with users, we found that the value-add of GCBDR was unclear. We were emphasizing the wrong thing for users in the context of Compute Engine. We iterated on the content framing to highlight the backup mechanism and guidance on when to use which option. This also allowed us to reinforce platform-wide backup terminology that sets GCBDR apart, such as "Backup Plan" and "Immutable backups".

User interface for creating a backup plan with region selection set to us-east4, options to choose backup vault location type between regional and multi-regional, a tooltip explaining prerequisite selection, and a dropdown listing compatible multi-region backup vaults.
v1: Emphasis on what is being protected
Backup vault details page showing vault name compute-prod-vault, creation and update timestamps on October 29, 2024, description as vault to store production Compute instances, status active, new Location type metadata set to Multi-region, location in US data centers, stored bytes zero, minimum backup retention one day, retention lock unlocked, and access restricted to current organization.
v2: Emphasis on the backup mechanism and use case

Simplifying setup requirements

We found that users were struggling to complete the task of back up a Compute Engine VM with GCBDR due to a high learning curve of setting up backup policies and backup storage. There are three prerequisites that need to be set up before backing up VMs with GCBDR: a backup plan, backup vault, and backup rules.

In the GCBDR interface, there is a guided multi-step approach that provided a step-by-step walkthrough for configuring these things. In the Compute Engine interface, which is primarily used by application developers who are not experts in setting up backup configurations, we wanted to remove the friction that comes with setting up GCBDR so that the users can focus on their task at hand.

We proposed adding default configurations based on common backup requirements that customers informed us of during testing. For example, most customers take backups daily and store them from 7 days, so our default configuration contained those settings. Providing defaults greatly simplified the configuration process, while maintaining transparency about what users are getting when they use GCBDR.

User interface for creating a backup plan with region selection set to us-east4, options to choose backup vault location type between regional and multi-regional, a tooltip explaining prerequisite selection, and a dropdown listing compatible multi-region backup vaults.
Before: When GCBDR is selected, users have to add a backup plan
Backup vault details page showing vault name compute-prod-vault, creation and update timestamps on October 29, 2024, description as vault to store production Compute instances, status active, new Location type metadata set to Multi-region, location in US data centers, stored bytes zero, minimum backup retention one day, retention lock unlocked, and access restricted to current organization.
After: When GCBDR is selected, a default backup plan is created and selected

Designing for technical constraints

Manual product enablement

Engineering surfaced a major technical constraint where users must manually enable GCBDR before using it. This meant that selected GCBDR by default when creating a VM in Compute Engine was not possible until after enablement of GCBDR. This additional friction posed a high UX risk to user discoverability and enablement of GCBDR.

We had to pivot our design approach, and explored in-line product enablement to allow users to enable GCBDR directly within the VM creation flow in Compute Engine. While this added an extra step, it was better than the alternative of requiring users to leave Compute Engine, navigate to GCBDR to enable the product, and go back to Compute Engine while losing their VM configuration inputs.

We opted to disable the backup plan selection, showing the product enablement in a tooltip upon hover to provide transparency. This maintains the in-context guidance to help users differentiate between backup options. The show-on-hover functionality also supports a seamless workflow for users who do not need GCBDR for their use case.

User interface for creating a backup plan with region selection set to us-east4, options to choose backup vault location type between regional and multi-regional, a tooltip explaining prerequisite selection, and a dropdown listing compatible multi-region backup vaults.
When GCBDR is not enabled, backup plans are unavailable
Backup vault details page showing vault name compute-prod-vault, creation and update timestamps on October 29, 2024, description as vault to store production Compute instances, status active, new Location type metadata set to Multi-region, location in US data centers, stored bytes zero, minimum backup retention one day, retention lock unlocked, and access restricted to current organization.
In-line GCBDR enablement
Backup vault details page showing vault name compute-prod-vault, creation and update timestamps on October 29, 2024, description as vault to store production Compute instances, status active, new Location type metadata set to Multi-region, location in US data centers, stored bytes zero, minimum backup retention one day, retention lock unlocked, and access restricted to current organization.
After GCBDR is enabled, it is selected by default.

Final Design & Rationale

After Product and Engineering partners signed off on the initial design proposals, we turned these concepts into detailed designs. Given the complexity of designing between multiple interfaces, there were a number of errors and edge cases that we had to account for in the final design. For instance, since there are several prerequisites before a user can successfully back up their Compute Engine VMs using GCBDR, we had to design for error states at each step of the journey.

User flow: Creating a VM

Edge case: When GCBDR is not activated

Comparison of Google Cloud Storage (GCS) and Google Cloud Backup and DR (GCBDR) user interfaces for creating, reading, updating, and deleting buckets and backup vaults.
Creating a Compute Engine VM with a backup plan, before GCBDR activation
Interface for creating a backup vault with page sections to name the vault, choose geographic data storage location, set minimum enforced retention with an option to lock retention, and define access restrictions.
In-context GCBDR activation

Golden path: Creating a VM with GCBDR backups configured by default

Concept design wireframe showing a list of three backup vaults with details such as name, description, created date, status, location, stored bytes, minimum enforced retention, and access restriction, along with a related actions section suggesting to create a backup plan.
Creating a Compute Engine VM with a backup plan, after GCBDR activation
Backup vault details page showing backup vault metadata such as creation time and vault location. Further down the page has a Permissions section explaining backup vault permissions and service agent permissions.
Creating a Compute Engine VM with a backup plan, and changing the selected backup plan
User flow: Editing settings for existing VMs
Edit a VM configuration

See the demo below for the end-to-end prototype:

Impact

GCBDR and Compute Engine's platform integration launched for General Availability in under 1 year, and became a key driver in overall GCBDR adoption:

  • Compute Engine VMs using GCBDR backup plans increased significantly, with the majority coming from net-new customers.
  • GCBDR saw 89% year-over-year growth following this integration.
  • Time to back up VMs was greatly reduced by eliminating interaction with multiple interfaces. Users could now protect VMs directly from their workflow in Compute Engine.

The design principles established for this integration scaled to subsequent GCBDR integrations with other services, supporting platform-wide consistency and a unified design language for backups in Google Cloud.

Takeaways

  • Get alignment on the broader goal early on in the design process, especially with cross-product collaborations. Because the GCBDR and GCE teams had multiple discussions during project kickoff to converge overall product and UX strategy, we saved a lot of time during the design process and didn't have to revisit too many key decisions that shaped the final designs.
  • Establishing scalable design principles for a horizontal product is key. Besides the benefit of maintaining a consistent design language across all integration projects, having scalable design principles can also help other service teams looking to collaborate with GCBDR to understand the product and how to integrate with it.
  • Default configurations can significantly simplify complex workflows. By defaulting users to GCBDR's backup plans with pre-configured default settings and resources, we support a seamless experience for users do not need customizations and prefer "out-of-the-box" configurations.
🔒 Secure and isolated backup storageSimplifying data management at scale🔒 Data residency for cloud complianceCommunity forum for immigration advocates

Let's chat 👋