Untitled Document
FALLING THROUGH THE SAFETY NET
From STORAGE Magazine
Vol 5 No 01 - January/February 2005
With the focus increasingly on compliance and the appropriate storage of
proliferating data, is enough attention being paid to the backup and restore
sequence? Ray Smyth reviews its place within a comprehensive storage strategy.
With so much attention being paid to compliance and security, is your
organisation truly safe in its basic, day-to-day operations? A recent survey by
Star asserts that the DIY approach to backup is blamed for one in four firms
experiencing permanent data loss.
The burgeoning remit for storage is causing an inevitable blurring of the lines
between activities embracing backup, disaster recovery and business continuity,
and the new pressures, including compliance. With such a tough focus on
improving corporate governance, is data backup being overlooked? In fact, it’s
not about backup of data, as that is only half the story. It is about backup and
recovery.
Taking care of data has come a long way. For many years, lobbing a tape in a
streamer was the last thing the IT manager did before leaving for home. In the
morning, the tape would be safely placed in a box in the back of the company car
and the job was done. In general, no effort was made to verify the backup and a
trial restore was not even thought of; it was very much a
‘going-through-the-motions’ exercise.
The data backup requirements of any organisation are determined solely by its
needs; they are not restricted by the availability of technology or indeed
driven by it. The choice is such that the precise solution your organisation
requires can be built. Great! Well only if you REALLY understand the data needs
of your organisation. Andy Maurice of Iron Mountain says that “using a service
like their electronic vaulting can provide an organisation with access to the
best advice, articulated in the right business solution”.
Among the choices to be made is the media type and this will depend upon your
needs. Disks, in my view, offer a very attractive option. The price is falling
as SATA takes hold and it is very easy to scale available storage with a SATA
RAID, for example. Tape, however, offers something not currently available with
disk – the ability to physically take data off site to a secure vault. Don’t
ignore the security risk here, though. Inevitably, these are complimentary
technology options. In considering the choices, it is just as important to
consider the time to backup, as it is the recovery time objective.
As Jason Phippen of Brightstore points out, “something like 91 per cent of
recovered data was created in the last 24 hours”. By spending some time
reflecting on that, and allowing it to drive your backup and recover strategy,
business alignment can be quickly achieved. As Phippen stresses, “the objective
is to recover”.
The bank that backed up everything reinforces this; they had more than 800 tapes
to search for one piece of data. This could take an unrealistic amount of time
and certainly will not offer good service.
In the PDP (pre data proliferation) era of the last century, there was not much
need to consider what to back up; the answer was everything. Today, as data is
created at unprecedented levels, it would be folly to continue this. FOCUS; what
are you trying to achieve? You want to be able to recover a system or part of a
system after it fails. Your archiving and legislative requirements should be met
within your compliance strategy, not backup. As an example, if you are backing
up a transactional system, such as a CRM solution, you can improve recovery time
through an incremental backup strategy. That is, against a backed-up base line
or snapshot (perhaps every minute) of the changes you make. This means that,
post an outage, you might restore just the last fifteen minutes of changes. Such
a technique will not only reduce operational impact, but prevents duplicate data
being stored, with the attendant benefits. It also provides an infinite backup
window, as ‘live’ backup will not impact user performance.
In contrast with, for example, end user data, an equally intelligent approach
can be applied. This is even more important when considering that some of this
data may be held and created remotely. Again, the incremental approach allows
two cells in a spreadsheet to be uploaded to a backup destination, as opposed to
the entire workbook.
Brightstore’s Phippen adds that “a high volume of data is common” and
consequently advocates the single-instance storage of such data which saves
space, time and money.
In examining the requirements of your organisation, you must consider security.
Two obvious areas are access and infection prevention. Modern backup solutions
allow for data to be encrypted to backup, thus almost rendering the data useless
to a would-be thief. In addition, operational process should ensure that all
data is scanned and cleaned prior to backup. Who wants to introduce a nasty
virus as part of a recovery exercise?
Modern storage solutions demand a comprehensive and high-function management
solution. It is only management by exception that is going to work. It should
ideally be capable of at least providing management data to your storage or
network management solution, to indicate errors and policy breaches that require
attention. If you take one step farther, backup is a service provided by IT to
all lines of business, so what if the FD wants to be assured that the
department’s month end has been successfully backed up?
In considering backup in a modern business environment, a reliable service may
be more of an overhead that can be realistically justified. A modern approach to
outsourcing may help, as it can satisfy all the objectives of security, restore
time, integrity, etc. Such an approach cannot be executed as abdication,
however. If anything, the need for a detailed strategy is more important, as it
will be your single most important tool in managing your supplier.
Iron Mountain’s Electronic Vaulting (a disk-based service) is one such offering.
“With 60 per cent of operational data being stored on a desktop or laptop
architecture,” says Andy Maurice, “you cannot apply traditional methods of
backup – this is an area of immense risk.”
This service operates on the incremental approach mentioned earlier. If, for
example, there was a server crash, the service provider could restore the data
of the last 15 minutes quite quickly, assuming the server can be restored to
operation. This raises another important point on operational hardware; if the
call centre CRM system is served from a single server, then it may be advisable
to mirror it and back up from the mirror. This provides two platforms to which
restores may be targeted, reducing the impact of hardware failure and expanding
backup options.
Maurice points out that they help clients establish their backup strategy as
part of their pre-sales service, which is vital to an acceptable outcome.
One further benefit of this service – and, I’m sure, more conventional solutions
- is the ability of an end user to restore their own data easily, effectively,
remotely and independent of scarce IT personnel. That sinking feeling of
clicking ‘delete’ can now be a thing of the past with a modern backup solution.
As you might imagine, Iron Mountain makes great play of its security measures
and, for example, provides byte-level encryption, if required. The data is
stored in a modern, highly secure data centre.
Deciding exactly what it is you call what you do is probably a semantic you need
not worry about. Start with data as an asset – an information asset. You must
fully understand the value of each data class to your organisation and its
lifecycle. If loss of access to your call centre will cost you millions in
downtime, any response must be that of disaster recovery and business
continuity. You need to look at your data and assess the cost of loss or
unavailability, and respond accordingly. Your strategy needs to protect your
business and its stakeholders.
With the definition of data broadening in line with IP convergence (another
proliferation driver), what should you back up? Well, put simply, that which
your business cannot do without. But don’t forget about the non-data class of
data, such as voice, video, image and sound. You probably don’t want to back up
your staff’s MP3 files, but, if you are a hospital, you will want to back up CT
images. Similarly, an IP-enabled call centre recording client calls will need to
store and quickly retrieve calls accurately.
Sean Jackson of Backbone stresses the importance of selecting a solution that
fits into your network architecture “and compliments it”. He also invites users
to “back up more data with less technology”. Jackson also warns of large
suppliers ‘giving away’ backup solutions - “they may back up, but will you get
the solution and support your business needs?”, he asks. In considering an
incremental approach to backup, you must also prevent the backup of the same
data 20 times!
As part of a balanced strategy, you should schedule full and partial trial
restores. Not many people do this, as they are afraid of bringing the system
down. This is dereliction of duty. You have to know that your backups work and
will allow your business to continue to function in the face of the most
gruelling challenges.
Backup is not a necessary evil; neither should it be a knee-jerk reaction. It is
but one component of a modern IT system and it is time to look at it in a new
light. As Frederic Renard, of the French company Arkeia, points out: “Your
backup solution must be robust enough to scale, smart enough to optimise use of
available bandwidth, CPU, disk and tape and able to cope with ‘bare metal’
disaster - server down.”
If, operationally, backup has been the poor relation, the purchase by Quantum of
the tape division of Seagate (Certance) and EMC’s acquisition of backup company
Dantz would suggest the market is awakening.
In a nutshell, you must be certain that you can protect your organisation’s data
assets and offer a realistic recovery service for all types of data failure and
recovery.
Author Ray Smyth is from TBN ADVANTAGE, which mentors organisations to create
leadership advantage in their IT, business services and customer management
functions. He can be contacted at:
RaySmyth@LeBiz.co.uk
|