modernizing data protection in 2015cdn.ttgtmedia.com/searchdatabackup/downloads/qso... ·...
TRANSCRIPT
Modernizing Data Protection in 2015
Learn about the challenges associated with data protection and disaster recovery and the new technologies available to address
these issues.
Page 1 of 16
Protection and Recovery
Requirements
Page 2
Continuous Data Protection
Page 5
How to Protect Endpoint
Data
Page 9
Considerations for Backup
as a Service
Page 11
Take your Current Backup
and Recovery to the Cloud
Page 12
We have never been more dependent on our data than we are today, period.
Just as important, we are dependent on all of our data -- regardless of where
it resides. It wasn't that many years ago that a vast majority of our business
data was all conveniently stored within the data center, where full-time
backup administrators ensured its protection. Those days are over. While a
significant amount of data still resides within the data center, platforms are
diversifying and data is starting to live outside the traditional purview of IT.
21st-CENTURY DATA PROTECTION
For storage professionals who might still be wary of putting their primary data
storage in the cloud, the following expert tips explain why it's becoming a
more acceptable practice. Find out how cloud technologies have been
evolving and which types of data are most appropriate to store there.
Modernizing Data Center Protection
Part one of our three-part series on modernizing backup and disaster
recovery takes a look at how data center protection is evolving today
to include snapshots and replication.
While mobile and cloud platforms are relatively new, data centers have been
under the watchful eye of IT professionals for decades; so why is backup not
solved yet? There are at least two primary reasons that even data center
data protection continues to challenge IT:
Changes in workload recovery requirements and workload protection
mechanisms.
The sheer amount of production and protection storage required.
Page 2 of 16
Protection and Recovery
Requirements
Page 2
Continuous Data Protection
Page 5
How to Protect Endpoint
Data
Page 9
Considerations for Backup
as a Service
Page 11
Take your Current Backup
and Recovery to the Cloud
Page 12
Part one of our three-part series on modernizing data protection and disaster
recovery takes a look at how data center backup and DR are evolving today.
Protection and recovery requirements are changing
As the platforms that host our production resources change, the protection
methods must change with them. As one notable example, with the mass
adoption of virtualization, many of the traditional methods for backing up
server data have either evolved or been replaced or supplemented. Whereas
each production server used to have its own agent, the ideal scenario for
most environments today is to utilize virtualization host-centric data
protection mechanisms, which provide hypervisor-specific APIs to enable
whole (virtual) machine backups, while still offering granular restore
capabilities. In addition, as production data continues to migrate from
traditional data center servers to either mobile devices or cloud platforms, the
protection and recovery requirements have to evolve accordingly.
Because of the increasing dependencies on data, the tolerance against
downtime/data-inaccessibility of any kind is increasingly tight. But in order to
gain a broader range of recovery agility, one must often use a broader range
of protection mechanisms, including snapshots and replication, in addition to
traditional backups.
Data growth is forcing changes in protection and recovery
The other primary driver -- beyond the desire to improve recovery agility and
production-evolution -- is simply the necessity to change because the status
quo is unsustainable with today's data growth. Enterprise Strategy Group
research indicates that primary storage is growing by nearly 40% annually,
but overall IT spending and storage-specific spending are growing at
nowhere close to that rate. IT professionals are being forced to store data
Page 3 of 16
Protection and Recovery
Requirements
Page 2
Continuous Data Protection
Page 5
How to Protect Endpoint
Data
Page 9
Considerations for Backup
as a Service
Page 11
Take your Current Backup
and Recovery to the Cloud
Page 12
more effectively, while also increasing the types of protection and recovery
capabilities. At first glance, those two trends might appear contradictory; but,
in fact, the synergies between them are driving the most exciting parts of how
IT is evolving from a backup mentality to a data protection strategy --
including not only backups, but snapshots and replication, as well.
Snapshots
While not necessarily new, the use of snapshots has evolved over the past
few years. By reverting to a snapshot within primary storage, users can
recover to a previous, albeit somewhat recent, point in time much faster than
restoring from any backup on secondary storage. And, because of the very
granular nature of snapshots, whereby disk blocks that aren't changed do not
incur any storage consumption, snapshots can also partially address
storage-scale issues related to multiple near-term copies held within a
backup server's secondary storage pool.
Those capabilities aren't new, but the extended management and flexible
usability of snapshots is -- and that is making all the difference. In the past,
snapshots (as a storage-centric technology) were managed solely by the
storage administrator and typically without coordination with the upper-level
applications or backup applications. Today, many storage array
manufacturers have developed extensions so that snapshots of common
business applications can be done in a more coordinated fashion; thereby
ensuring a more application-consistent recovery. In addition, the usability of
snapshots has evolved to enable granular file- or object-level restores that
can be invoked by the snapshot management UI, an application/platform UI
(e.g., database or compute-hypervisor), or from within the backup
application. By integrating the management (invocation schedules for snaps
and restores) and monitoring (health-awareness of the underlying storage),
snapshots are now a much more holistic aspect of an overall data protection
strategy.
Page 4 of 16
Protection and Recovery
Requirements
Page 2
Continuous Data Protection
Page 5
How to Protect Endpoint
Data
Page 9
Considerations for Backup
as a Service
Page 11
Take your Current Backup
and Recovery to the Cloud
Page 12
Replication
While snapshots provide a complement to backups through rapidly restorable
versions within the primary storage, replication creates yet another copy of
the data -- most often on tertiary storage. This provides a survivable copy of
data at a geographically separate location, typically as part of a business
continuity or disaster recovery scenario.
It is essential to understand the mechanisms that are facilitating replication,
which will affect the efficiency of the replication itself, as well as the usability
of the data. Replication can be achieved at multiple levels within an
infrastructure stack.
Application-centric replication (e.g., SQL database mirroring) is
accomplished between the primary application engine and one or more
partner application engines. It provides an immediately usable secondary
instance of the data, since the entire stack (OS, platform and storage) exists
under each application engine. Efficiency will vary by platform, but each
platform must be managed separately -- through separate UIs, with separate
strategies, often by separate individuals (e.g., database administrators).
OS/platform-centric replication encompasses a variety of technologies,
including file-system centric replication (e.g., Windows Distributed File
System/DFS), virtual-machine replication as facilitated between hypervisors,
or third-party block- and file-centric replication offerings. Most of these
products are designed to replicate data as part of enabling a high availability
scenario. It is notable that resuming functionality may not be transparent to
the users in many cases, but the switchover window is often negligible.
Storage-centric replication is the product that typically impacts CPU
(application/server) the least, since the storage array does the work, which is
Page 5 of 16
Protection and Recovery
Requirements
Page 2
Continuous Data Protection
Page 5
How to Protect Endpoint
Data
Page 9
Considerations for Backup
as a Service
Page 11
Take your Current Backup
and Recovery to the Cloud
Page 12
often an external appliance with other advanced capabilities beyond
replication. While storage-based replication achieves the same "data
survivability" goals of other tiers of replication, the secondary instance of the
data isn't necessarily for geographically separate scenarios. Some
environments will replicate a second copy within the original or nearby site,
so that the higher stack (application, OS, VM) has twin copies of data to
access with transparent/synchronous capabilities. In other environments, the
storage copies will be at separate facilities, but will require the second
infrastructure stack to be recreated (in-advance or upon-crisis) before the
secondary storage copy can be mounted and utilized.
Continuous data protection (CDP) and near-CDP. CDP products often
combine some of the aspects of the other replication mechanisms:
application-integration, multi-platform management and highly granular
replication. Storage Networking Industry Association purists would also
suggest that along with truly continuous replication, CDP products should
also offer granular recovery to any of the infinite previous points of time using
journal-like behaviors, while near-CDP products provide the near-continuous
(seconds or less latency) without the infinite/granular restore option.
By combining the agility of snapshots, the durability of replicas, and the
flexibility of backups, you have what you'll need to truly modernize the
protection of your data center.
Page 6 of 16
Protection and Recovery
Requirements
Page 2
Continuous Data Protection
Page 5
How to Protect Endpoint
Data
Page 9
Considerations for Backup
as a Service
Page 11
Take your Current Backup
and Recovery to the Cloud
Page 12
Dealing with Endpoint Data Protection Issues
Part two of our three-part series on modernizing backup and disaster
recovery takes a look at endpoint data protection issues and what's
available today to address them.
Perhaps one of the least-expected IT revolutions is the decentralization of
data among endpoint devices. After decades of IT delivering consolidated
infrastructure platforms (servers), data is becoming increasingly distributed
as end users demand increasing flexibility in the devices that they use in their
workplace. "Endpoint" should not be confused with "BYOD," as today's
endpoint devices include not only bring your own device (self-purchased)
units, but also a myriad of corporately issued devices, each of which has its
own data protection issues.
Challenges with legacy endpoint mechanisms
Historically, some IT organizations attempted to treat the "B" in BYOD as
"buy" your own device, implying choice, but then the device was heavily
managed like corporately issued devices. But why would an individual
purchase a device with their own money, just so that IT can then put agents
and other management tools on it? (They wouldn't.) Today, regardless of
who purchased the device and whether the device is used solely for work or
for supporting work and personal life, these devices hold corporate data and
should therefore be protected, period.
The challenge is that traditional endpoint protection mechanisms often use
architectures that aren't that different from the server-centric mechanisms
that have been in use in the data center. Those legacy approaches often
require traditional software-distribution vehicles, heavy
authentication/network methods, etc. -- none of which are conducive to the
Page 7 of 16
Protection and Recovery
Requirements
Page 2
Continuous Data Protection
Page 5
How to Protect Endpoint
Data
Page 9
Considerations for Backup
as a Service
Page 11
Take your Current Backup
and Recovery to the Cloud
Page 12
modern and relatively disconnected devices of today. Other legacy
approaches try to force the users to behave differently than they intuitively
would or follow other IT (not customer-centric) directives:
"If you put your data in this directory, we will protect it. Otherwise we
won't."
"Bring your new BYOD to the IT department and we will return it next
week, with new stuff on it."
"Bring your new BYOD to work, configure a VPN, log on with your
corporate credentials, and run this script."
None of these have proven effective because, while companies have
focused on the "B" of "Bring/Buy," some IT organizations have lost sight of
the "YO" for "your own" device. Any product that attempts to change user
behavior for how the personally owned device was intended to be operated
(as a loosely connected, Internet-centric, consumer experience) will almost
assuredly fail.
You must protect the data -- but maybe not the device
If the data is corporate data, it is the IT department's responsibility to protect
the data. That being said, not all devices require protection, as there is a
difference between "consumption" and "creation" devices. Here's a look at
the data protection issues involved with each type of device.
Consumption devices utilize data that exists in other locations, often on
server/service platforms that are more easily backed up by IT professionals.
An extreme example would be an e-reader, whose book and music library
exists in a cloud service. Because there is no unique data on that device,
there arguably isn't the need to back it up -- only secure it from unauthorized
Page 8 of 16
Protection and Recovery
Requirements
Page 2
Continuous Data Protection
Page 5
How to Protect Endpoint
Data
Page 9
Considerations for Backup
as a Service
Page 11
Take your Current Backup
and Recovery to the Cloud
Page 12
access or data/device loss. A less extreme example is a consumer tablet.
Data on these devices consists of:
Email -- which exists not only on the device, but also on the email
server/service.
Files -- which are often replicated using an online file
sharing/synchronization (OFS) service, such as Dropbox, while a
copy more capable of being backed up likely resides on a desktop or
other corporate-managed platform.
Multimedia -- which is accessed from a central repository.
Arguably, the only data that may not be natively stored elsewhere is the
configuration of the user experience and optional applications (e.g.,
games/apps) -- and some tablet OS manufacturers provide native backup
tools for those configuration elements, as well. The result is that if a
consumption device is broken, lost or compromised, one can:
Purchase a new/similar device, perhaps newer than the original.
Receive the UI experience/configuration from the OS vendor's cloud
storage, if possible.
Reconfigure the email, file and multimedia client applications, which
are sometimes retained in the configuration above.
Resynchronize data to the new device.
Note the word "resynchronize" rather than "restore." For a consumer, that
may be adequate -- but not for a corporate employee, because
resynchronizing only addresses the most recent/current version of the data; it
isn't a backup. If the data has errors or deletions, those human-caused
issues will replicate to the other server/service instances. Backups ensure
usability by providing access to previous versions of the data and are
therefore still required, even with synchronization technologies. With a
Page 9 of 16
Protection and Recovery
Requirements
Page 2
Continuous Data Protection
Page 5
How to Protect Endpoint
Data
Page 9
Considerations for Backup
as a Service
Page 11
Take your Current Backup
and Recovery to the Cloud
Page 12
consumption device, the other copy or copies of the data on a corporate
server, in the cloud, or on another device are more easily protected by the IT
team.
Creation devices, on the other hand, have the ability and user-friendly form
factor to create unique data that may not exist on any other server/service.
As such, they should be backed up with the same tenacity with which any
other corporate IT asset should be protected, while recognizing that many of
the same OS-centric and file-synchronization protection mechanisms will
likely exist on those platforms, as well. Therefore, IT should focus on
ensuring the addition of corporate-backup assurance of the corporate data,
not on trying to make the endpoint device conform to legacy procedures.
How to protect endpoint data successfully
There are two equally important mandates to ensure successful endpoint
data backup, not including the security-related best practices of device
encryption, remote wipe, etc.:
Lightweight delivery -- The data protection application must be
lightweight (i.e., consumer app-like) and not force changes in the
users' behavior. Burdensome installation/configuration or procedural
changes that are counterintuitive will ensure that the data is not
protected well enough.
Highly-visible management -- IT has to have the visibility to ensure
that backups are happening and that access is part of the recovery
solution instead of being part of the backup problem. It is this second
requirement that defines the difference between consumer endpoint
offerings and corporate/enterprise-credible products.
Page 10 of 16
Protection and Recovery
Requirements
Page 2
Continuous Data Protection
Page 5
How to Protect Endpoint
Data
Page 9
Considerations for Backup
as a Service
Page 11
Take your Current Backup
and Recovery to the Cloud
Page 12
The right combination of these two mandates will enable IT to ensure
corporate compliance for data protection with the same retention mandates
as corporate servers, while users are unimpeded by the backup. This brings
up one last consideration: understanding the privacy considerations of
backing up data that is mixed with both corporate data and private data.
Users leveraging a consumer product to back up their corporate-plus-private
data will have the only backup copies -- which means that when the user
leaves, their BYOD and the backups will leave the company with them. This
undesirable scenario leaves the former employee with corporate data and
the former employer with nothing.
If IT uses a product that backs up corporate data and private data, it could
result in the company having access to private data that IT shouldn't have.
For example, if an employee volunteers with a youth organization, the
company should not have access to private information about the kids. But
an inflexible, all-encompassing backup product will capture all data on the
machine, resulting in privacy challenges and corporate liability.
Thus, a third key to success is flexibility of protection selection, so that both
the employer and the employee have the data that they need -- without any
data that they shouldn't.
How Cloud and Virtualization are Changing Disaster Recovery
It is impossible to have an IT modernization discussion that doesn't include
the cloud, but the details beyond that will vary greatly:
Page 11 of 16
Protection and Recovery
Requirements
Page 2
Continuous Data Protection
Page 5
How to Protect Endpoint
Data
Page 9
Considerations for Backup
as a Service
Page 11
Take your Current Backup
and Recovery to the Cloud
Page 12
Some will replace their legacy backup product with a backup service.
Some should supplement their current backup product with cloud
storage.
Some ought to add a cloud-based DR capability to their on-premises
backup product.
Some are wrestling with how to protect the primary production
workloads that have moved to the cloud.
Here's a look at each of these four cloud and virtualization issues that impact
data protection and disaster recovery in more detail, starting with replacing
legacy backups with a backup service. Then, we'll take a closer look at
augmenting your existing backup product with cloud storage. Because some
of you will choose to add a cloud-based disaster recovery capability to your
on-premises backup product, we'll look at some things that merit
consideration. Finally, we'll investigate how you can protect your chief
production workloads that have moved to the cloud.
Considerations for backup as a service
For organizations that are struggling with their legacy backup product, where
any kind of upgrade is likely to be a significant replacement, backup as a
service (BaaS) may be a good option. BaaS products enable a fresh start for
data backup that changes the architecture of the backup product, the agent
technologies and the economic model through with backups are achieved.
BaaS products can also provide a different kind of agility, because the data is
natively accessible or restorable from the cloud provider.
To be clear, BaaS is just like many other "as a service" offerings, in that they
are a cloud-based delivery of an IT function. The economics are different, the
management experience is different, and the underlying infrastructure is
designed to be delivered at enterprise-class scale by service providers,
Page 12 of 16
Protection and Recovery
Requirements
Page 2
Continuous Data Protection
Page 5
How to Protect Endpoint
Data
Page 9
Considerations for Backup
as a Service
Page 11
Take your Current Backup
and Recovery to the Cloud
Page 12
instead of a centralized IT department. But at its core, it is still just another
backup product, with agent technologies on production platforms, backup
schedules and restore jobs. As such, BaaS won't fix infrastructure issues or
unwieldy production servers that are hard to back up, or drastically change
the administration time devoted to backup jobs or restore requests. This can
be challenging when it comes to DR in the cloud.
Taking your current backup and recovery product to the cloud
For organizations whose current backup and recovery product has the
modern platform capabilities that the organization needs and is performing at
least adequately, BaaS may not be the best answer. Instead, most
contemporary backup products have the ability to leverage cloud-based
storage, as a supplement to the on-premises deployment. In so doing:
While all of that sounds good and easy, it can come with tradeoffs in that the
means by which the data is replicated from the backup server to the cloud
repository can vary greatly and will dramatically affect the agility and
recovery options from the cloud copy. And, again, when it comes to cloud-
based disaster recovery, you'll want to consider both the pluses and
minuses.
Most organizations should plan on a hybrid or D2D2C architecture
It is extremely difficult if not impossible for organizations of most sizes to
maintain the service-level agreements that users and business owners have
come to expect from recovery times and backup performance. Because of
this, it is strongly recommended that most cloud-enabled backup and
recovery products be "D2D2C" configurations -- from production disk to
local backup disks (D2D) before going to the cloud (2C). That said, D2D2C
can take several permutations:
Page 13 of 16
Protection and Recovery
Requirements
Page 2
Continuous Data Protection
Page 5
How to Protect Endpoint
Data
Page 9
Considerations for Backup
as a Service
Page 11
Take your Current Backup
and Recovery to the Cloud
Page 12
BaaS products with an intermediate caching product on-site before
going to the BaaS repositories.
On-premises backup hardware replicating to a similar storage array at
a service provider.
On-premises backup software replicating to another software instance
at a service provider.
On-premises backup software writing to a cloud storage repository as
a tertiary tier.
The method of replication and the type of cloud repository will directly affect
the immediate usability of the cloud copy of the data, but some enable easier
extensibility of existing backup software and/or hardware.
Cloud is not likely a tape killer. While other innovative IT technologies are
usurping some usage of tape, one should not necessarily assume that
D2D2C is an adequate replacement for D2D2T (tape), primarily due to most
cloud providers' inability or unwillingness to retain data for five, 10 or 15
years. Most cloud providers utilize disk as their repository, and therefore
don't have a cost-effective way to store data for that length of time.
Cloud and virtualization = disaster recovery. While not entirely accurate,
the key idea is that virtualization (which makes production servers more
portable) and cloud infrastructure (which provides an economical secondary
location) can enable enterprises of all sizes to achieve rudimentary disaster
recovery. This is especially true for midsize organizations that previously
didn't have a secondary venue to use for BC/DR, while enterprises often
have other options.
Page 14 of 16
Protection and Recovery
Requirements
Page 2
Continuous Data Protection
Page 5
How to Protect Endpoint
Data
Page 9
Considerations for Backup
as a Service
Page 11
Take your Current Backup
and Recovery to the Cloud
Page 12
Backing up SaaS
While most of this material presumed that the production servers were
traditional on-premises resources, many of those workloads are starting to
move to the cloud, including email platforms, CRM systems like Salesforce,
and file sharing. Unfortunately, many SaaS products have not yet developed
the APIs to enable traditional third-party backup developers to extend their
enterprise backup coverage for the SaaS platforms. Historically, these APIs
come as the platforms grow in mainstream use -- but seldom soon enough.
Without those APIs, traditional backup developers have typically been slow
to add those SaaS offerings to their coverage areas. Because of that, it is not
uncommon for new backup products to come from startup companies. For
example, when VMware hypervisors were gaining initial popularity, it wasn't
the traditional physical server vendors that first mastered VM backups --
instead, Veeam, PHD and Quest brought the first products to market. Later,
when the APIs were released by VMware, the legacy products raced to
embrace the capability and catch up to the early disruptors. It is likely that
that pattern will repeat itself as early innovators are delivering new
approaches for protecting SaaS products like Salesforce (CRM),
Office365/Google Docs (file) and email services.
Any way that you look at it, the cloud will likely be part of every data
protection and disaster recovery strategy, but whether backing up to the
cloud or from the cloud, the approaches will vary dramatically.
Page 15 of 16
Protection and Recovery
Requirements
Page 2
Continuous Data Protection
Page 5
How to Protect Endpoint
Data
Page 9
Considerations for Backup
as a Service
Page 11
Take your Current Backup
and Recovery to the Cloud
Page 12
Free resources for technology professionals TechTarget publishes targeted technology media that address your need for
information and resources for researching products, developing strategy and
making cost-effective purchase decisions. Our network of technology-specific
Web sites gives you access to industry experts, independent content and
analysis and the Web’s largest library of vendor-provided white papers,
webcasts, podcasts, videos, virtual trade shows, research reports and more
—drawing on the rich R&D resources of technology providers to address
market trends, challenges and solutions. Our live events and virtual seminars
give you access to vendor neutral, expert commentary and advice on the
issues and challenges you face daily. Our social community IT Knowledge
Exchange allows you to share real world information in real time with peers
and experts.
What makes TechTarget unique? TechTarget is squarely focused on the enterprise IT space. Our team of
editors and network of industry experts provide the richest, most relevant
content to IT professionals and management. We leverage the immediacy of
the Web, the networking and face-to-face opportunities of events and virtual
events, and the ability to interact with peers—all to create compelling and
actionable information for enterprise IT professionals across all industries
and markets.
Related TechTarget Websites