Five ways to improve data protection and
backup with less tape.
STRATEGY #1: REPLICATE
Replication provides a live mirror image of whatever is being backed
up. When a server, storage unit, or SAN fails, its mirror copy kicks
in and takes over. Synchronous replication provides immediate
restoration of data and applications and near-zero data loss for
physical errors. Semisynchronous replication lets you preset values
for how many I/O operations or for how long the replicated site can be
out of sync with the source. Asynchronous replication lets you
schedule data transfers at regular intervals, such as every minute or
hour.
The downside of synchronous replication is that it requires a lot of
bandwidth, especially for server-to-server replication. If you have a
low bandwidth connection, then synchronous replication isn't an
optionÑthe link is too slow to keep pace with the changes that must be
tracked. Synchronous replication is also, generally speaking, the most
expensive way to back up. Asynchronous replication is easier on the
budget and network, but it provides a longer recovery point objective,
performing more like traditional scheduled backup.
There are many replication options out there, depending on what you
need to replicate. NSI Software, Software Pursuits, Veritas Software,
and XOsoft make replication software for Windows servers. A number of
vendors, including Topio, Kashya, and FalconStor, have built SAN
replication products around Cisco Systems' Storage Services Module and
SANTap protocol for MDS 9000 switches. EMC provides replication
software for Clariion, Symmetrix, SANs, and Exchange and SQL servers.
HP's StorageWorks Data Replication Manager works with almost all types
of servers. IBM offers database replication as well as mirroring for
its Enterprise Storage Servers. Hitachi Data Systems' TrueCopy Remote
Replication Software works with EMC and IBM, as well as Hitachi
storage systems with the TagmaStore Universal Storage Platform.
EqualLogic provides replication with its IP SANs. Signiant offers
replication software that's OEMed by software vendors such as Adaptec
and Pillar Data Systems. InMage Systems provides block- and file-level
replication software suited to databases and e-mail servers. Network
Appliance's SnapMirror software mirrors data to network filers.
Riverbed Technology's Steelhead appliance is intended to replicate
large data repositories over a WAN.
STRATEGY #2: PROTECT DATA CONTINUOUSLY
Pure Continuous Data Protection (CDP) backs up all protected data
whenever a change is made, capturing and time-stamping every
transaction. It creates an electronic journal of complete storage
snapshots, with one snapshot for every instant in time that data
modification occurs. Some solutions also catalog file changes to
create a journal or index of the various versions.
CDP offers the ability to set and achieve recovery point objectives.
If a virus brings a server down at 11:00 a.m. and the recovery point
objective is 30 minutes, the administrator should be able to set the
CDP server's clock back to 10:30 a.m. and all should proceed normally
from that point.
At Baptist Memorial Health Care, a recent crash of the Oracle
financial system tested the organization's Revivio CDP appliance.
Weiss, the systems manager, rolled the system back to 10 minutes
before the crash, when he could be certain all the data was validated.
The application was recovered and running again in 10 minutes. "It
saved our financial system," he says.
On the downside, CDP isn't widely available yet. Many vendors claim to
have it when what they're actually doing is supporting Microsoft's
Volume Shadow Copy Service (VSS), which can take up to 64 snapshots of
Windows Server file volumes, but no more than one per hour. This isn't
truly continuous, although it beats the standard backup of once a day.
Another negative is cost: Legitimate CDP products add an expensive
step to backup. They don't replace your existing backup
infrastructure; they merely augment it with short-term snapshots that
eventually get sent to backup.
This is a small market with massive potential. Revivio's CDP appliance
protects direct-attached or SAN-attached storage systems. LiveVault
also offers true CDP for backing up databases and files among
different branches. IBM recently introduced CDP for Files for its
Tivoli Storage Manager; it doesn't yet cover databases or e-mail, but
IBM says it eventually will. XOsoft offers CDP for Microsoft Exchange
and SQL, as well as Oracle databases.
In the ersatz CDP category, Microsoft began shipping its System Center
Data Protection Manager (DPM) for Windows Server this year. The
product can perform up to eight backups a day of Windows file servers
using VSS. (Microsoft says next year this product will back up
Exchange, SQL, SharePoint, and Vista.) Symantec's Continuous
Protection Server, part of Backup Exec 10d, similarly supports VSS, as
does EMC's latest version of RepliStor. HP's Data Protection Storage
Servers are appliances composed of Microsoft DPM on a ProLiant server.
STRATEGY #3: MIGRATE GENTLY TO DISK
If you're reluctant to dispense with tape backup altogether, you might
want to consider an alternative that keeps some tape in the process or
mimics tape, yet offers the recovery speed and ease of use of disk.
Disk-to-Disk-to-Tape (D2D2T) is a transitional step away from tape.
Data is initially copied to a disk storage system and then
periodically copied again to tape. A virtual tape library is a disk
array and server running an application that makes the disk array look
like a tape library to the backup software. This minimizes the impact
on the existing backup infrastructure. Another take on this is plain
old disk backupÑswapping tape drives for duplicate hard drives. In all
these cases, the fact that disks and drives have become more
affordable is making the shift to disk from tape possible.
D2D2T provides short-term, fast disk-based restores of files and a
reduced backup window, while allowing you to continue using your tape
equipment for disaster recovery and archiving.
Virtual tape libraries are an efficient way to back data up to disk.
They allow defragmentation and file system management in the backup
and restore process. With virtual tape libraries, there's no learning
curve for the end user or storage managerÑthese libraries look and
feel like your old tape libraries. Communications product manufacturer
Optelecom shifted from tape drives to a virtual tape library from
Sepaton to reduce its backup windows, which shrank from 48 hours to
six hours. This enabled employees to access the ERP system on
weekends, whereas before that system was unavailable throughout its
weekend backup.
The downside is that migrating to disk adds complexity and cost to the
backup process. "There's nothing technically daunting about going to
disk as your primary means of recovery," says Gartner analyst Ray
Paquet. "What's daunting is justifying this to your CFO." Entry-level
D2D2T systems start at around $6,000 per terabyte. While a tape
library typically costs $1 to $4 per gigabyte, a virtual tape library
costs around $10 to $22 per gigabyte. Tony Gaeta, director of IT at
Optelecom, says his company has seen a return on its virtual tape
library investment based on performance, network availability, and
less wear and tear on the former tape drives, which were expensive to
repair.
Another drawback is that tape withdrawal can be harder than it sounds.
"I don't see tape being completely replaced anytime soon," says Eric
Gil, storage and power system engineer at reseller CDW. "It's good for
offsite removal, it's portable, and if WAN links go down, tape is more
stable." And disk drives fail. "It's not a question of, 'Is a drive
going to fail?' but 'When is it going to fail?'" he says. When he
sells customers disk-based backup, they usually still want their final
backup to be to a tape archive.
Almost all backup and storage vendors have begun to offer a disk
alternative or augmentation. Vendors that provide D2D2T include
Symantec, Computer Associates, HP, and Yosemite Technologies.
Providers of virtual tape libraries include Sepaton (the company's
name is "no tapes" spelled backward), EMC, and Copan Systems.
STRATEGY #4: CONSIDER GETTING A MAID
A MAID is a massive array of idle disks. This is the newest, least
available, yet most talked about backup medium today. In this
strategy, you back data up to a huge box of SATA drives and then shut
them off until they need to be accessed. Copan (whose Revolution 200T
can take on the "personality" of a virtual tape library) and Exavio
are two providers of MAIDs.
The beauty of MAID is it's cheap at around $3,500 per terabyteÑabout
the same price as tape (hard disk storage is typically twice as
expensive as tape). It's said to improve the mean time between failure
of SATA drives, which tends to be shorter than SCSI drives. Because
the MAID drives aren't spinning most of the time, they break down less
often and live longer than always-spinning disks. MAID also consumes
less power and requires less cooling than non-idle disk arrays. Used
with virtual tape library software, it provides a high-capacity,
high-performance backup that doesn't have the physical issues of tape.
One negative of MAID is longer retrieval times. The idle disks require
time to spin up, adding about 10 seconds to data access times versus
traditional RAID arrays. Also, MAID enclosures are very large and
heavy. For instance, one Copan MAID product puts 894 disks in a
10-square-foot footprint and weighs around 2,000 pounds. If a raised
floor wasn't built to handle that, it will need special supports. The
units are just short of impossible to move. The rack and drives ship
separately, and an engineer arrives to assemble it. Finally, some
drive manufacturers warn that when drives are idle, it's hard to tell
whether they're working properly.
STRATEGY #5: ENCRYPT DATA BEFORE OR DURING BACKUP
This year we all read the stories about companies that had backup
tapes stolen or lost while in transit to an offsite storage facility.
One example is CitiFinancial, which fell victim to this when a UPS
courier lost a shipment containing data on 3.9 million customers. Bank
of America, Polo Ralph Lauren, and Time Warner suffered similar public
relations nightmares as a result of losing private data stored on
tapes, exposing customers and employees to genuine risks. A good way
to prevent such fiascos is encryptionÑeither encrypt data as you back
it up to tape or disk, or send encrypted data electronically to
offsite storage. According to the Enterprise Strategy Group, only 7
percent of companies encrypt some backup data, and 60 percent never
encrypt their backup data. But interest and activity in encryption of
backup data is growing rapidly.
Encrypting tapes lets you continue your usual method of offsite
archiving without the security risksÑif thieves seize your tapes, they
won't be able to read them. It's a legal protection as well: State
privacy breach laws stipulate that if customer data is encrypted, you
don't have to disclose a break-in or theft.
Encrypting backup data and electronically transmitting it to another
locationÑeither your own or a service provider'sÑhas the added benefit
of relieving staff of having to deal with tapes and eliminates the
need for couriers to pick up and deliver them. Retrieval of
electronically transmitted data is quicker and easier than tape
provided you have a WAN connection.
Tim Burch, vice president of technology services at NASA Federal
Credit Union, recently began encrypting backup data and sending it to
another credit union branch that acts as a disaster recovery hotsite,
using software from EVault and the 128-bit Blowfish algorithm. The
tapes themselves weren't encrypted previously, but the credit union
transported them in locked metal boxes to its storage facility.
National Credit Union Administration guidelines call for encryption of
electronic member information for added assurance. Slowness hasn't
been a problem, says Burch, because EVault doesn't perform a full
backup every night; it does an initial full or "seed" backup, then
only backs up data changes thereafter (about 10GB a night) so there
are no bandwidth issues.
Despite the benefits, many companies don't encrypt customer data
because it's an added expense and potentially time-consuming step in
the backup process. It requires an offsite storage location to send
the data to, and many companies are reluctant to relinquish control of
their data to a service provider.
Among encryption providers, NeoScale Systems makes encryption
appliances, and EVault, Unitrends, and Recall provide encrypted online
backup solutions. Some backup software packages also offer encryption.
These five strategies aren't mutually exclusive. For instance, you can
do replication (strategy #1) or use a virtual tape library (strategy
#3) with a MAID (strategy #4). A best practice is to come up with an
intelligently blended combination, rather than relying solely on one.
In the future, look for backup strategies that incorporate Wide Area
File Services (WAFS) and holographic storage.
Senior Technology Editor Penny Lunt Crosman can be reached at plunt@cmp.com.
|