Among DR/BC customers many plan to rely only on near real time replication and frequent snapshots as an appropriate (and only) solution for protecting data. And, while the near-real-time replication and frequent snapshots are essential to any disaster recovery and business continuity (DR/BC) solution for ensuring data is saved frequently, they work best as part of a larger data protection strategy – one that takes into account the value of the data and its role in the operations and recovery of a business.
Replication solutions provide a timely means of moving data from a primary site to a secondary or back-up site. In order for replication to be near-real-time, a business will need to be prepared for it to consume significant bandwidth and, for synchronous solutions, very low latency. In many cases, like-to-like hardware solutions must be in place. Replication is essential for any disaster recovery solution, but it does not completely solve the problem at hand; replication also frequently features several less desirable traits.
Replication solutions can be subject to link failures or network issues which can impact the data movement and therefore create an issue when recovery time objectives (RTO) and recovery point objectives (RPO) are critical. It is also possible for a corrupt source file to simply replicate and create a corrupt secondary file. In addition, replication requires the secondary site have sufficient space for both the replicated files as well as the entire file system and its production elements; that space can become expensive.
Snapshots are not backups. They are contingent on the original data at a particular moment in time. Snapshots are a nice component to a data protection strategy, and may, at times, fulfill a back-up purpose, but they are dependent on the original media (SAN) to be functioning, which is not always the case in a disaster recovery or business continuity solution. Snapshots, by definition, are partially composed of the original data set, and as such must remain on the original array. Therefore, they do not provide any added security from a physical or facilities failure.
While backups might not be the most sophisticated technology component in the data center, it does provide a significant role in the data protection strategy. Back-up software manages the point in time capture of selected critical data or the complete data repository. The primary purpose of backups is to allow the data center manager to capture the status of the data around events (i.e. maintenance windows or pre-upgrades), time and calendar (daily, weekly, and monthly), and generational (son, father, grandfather…).
Backups, unlike most replication and snapshot technologies, can be recovered to different devices or file systems, using different media, and storage devices. Backups also have the unique advantage of being easily carried with the user on the way out the door.
Back-up software can also provide a good view of the current state of back-up and recoverability of data. Many of the back-up solutions can provide a dashboard and Web-based tools to help CIOs identify where holes exist in an organization’s back-up operations. Many back-up solutions can also manage the snapshot and replication capabilities along with restoration.
While replication and snapshot technologies are getting easier to manage, they don’t come close to the usability and the ease of use nature of most back-up software. During a recovery or disaster situation, having software that is intuitive and provides insight in the complete status of the data and recovery is a valuable asset. A replication and snapshot back-up solution requires a number of technology skills to be available and coordinated to become effective.
The rule of thumb for backups is simple: 3-2-1.
Three copies of the data on two different media types (disk, tape, SAN, VTL) with at least one copy stored offsite from the primary source. Effective business continuity solutions also take into account the locations of each in relation to the primary and secondary location as well as each location’s associated risks.
Best practices for DR/BC call for the rotation or removal of media from any back-up application on a routine basis to ensure continual functionality and the implementation of a regularly scheduled back-up routine. Many organizations will continually backup to the same tape or device, increasing the risk and impact of single point of failure to your organization. In addition, setting up a scheduled back-up strategy not only makes the process automatic, but it helps businesses and organizations perform the (usually) time-sensitive full backup during the weekends or other typically slow periods while updating or adding to the backup on an ongoing or incremental basis during the week only as needed. The incremental and differential back-up strategy will cover most organizations backup needs.
Data Protection Strategies
In addition to maintaining a routine back-up plan, every organization should regularly review its data to determine its value. As organizations determine their business continuity strategies, the recovery of the business is usually stratified (Tier 1, Tier 2, etc.) and the data associated with these recovery tiers should be reviewed. Part of this inventory and review is the RTO/RPO, the location of the data, the location and frequency of backups, and data elements necessary to fully recover the application or the business function.
Based on the data’s value to business, the organization’s IT department may seek to employ a number of overlapping data protection strategies in order to ensure this data is available when it is needed. These include many of the concepts presented here, but each serves to provide a different protection:
The First Four Hours: Snapshots
Routine array-based snapshots are appropriate solutions for rapid recovery of critical data. A snapshot captures the point in time status of the data and stores it for later recovery. However, data corruption can be transferred to a snapshot, so snapshots cannot be the only solution.
The First 24 Hours: Replication
From zero to 24 hours, replication solutions should consist of moving data from the source location to the target or backup location. This replication may be continuous or scheduled to occur on a routine basis. Software will keep track of the changed blocks or the files transferred since the last replication event and pick up where it left off. But, like snapshots, corrupt data will be replicated as well, so replication must rely on other technologies for a complete recovery.
To maintain data from periods of 24 hours (or longer), organizations should implement a formal back-up system that will record all data at a specific point in time. A copy of that backup should be kept both in-house and on a facility- and device-independent source. When storing data, it is important to keep in mind the recovery time. In many cases, recovery from tapes delivered from a third-party vault may not be fast enough to meet a business’s RTO objectives; the off-site backup is simply for transfer to a localized server in the event of an emergency. Also, backups should be tested routinely and storage devices must be handled properly.
Continuous: Dashboard Applications
Consider the deployment of dashboard or similar applications to help you monitor your level of data protection. Mid- to large-size organizations can have hundreds of backups, snapshots, and replication elements moving continuously and simultaneously. Relying on busy technicians to monitor and keep all of these elements successfully working is difficult and will, more often than not, ultimately fail. Software that calls your attention to back-up failures and the currency of your data replication is critical for sustaining long-term business operations.
At regular intervals – two to four times each year – all DR/BC strategies should be tested and re-evaluated to ensure the strategy implemented is still the best solution. With the use of a variety of evaluation methods, including tabletop exercises, internal and external audits, and DR exercises that test data protection strategies (along with BC goals and assumptions), an organization is exponentially more likely to maintain continuity of service, even when most at risk of losing it.
Payroll, office, email, and sales automation all are increasingly cloud based. When considering whether to use a public or a private cloud, an organization must determine its risks and the benefits. It is the CIO’s responsibility to ask questions and find out the extent of the preparation and responsibility to your organizations data and security. Ask, for example, about the last time the data center of choice about the last time they asked for a copy of data protection strategy for a third party or whether or not they participate in business continuity planning or disaster recovery testing?
Storing critical data in the cloud brings some interesting challenges to the enterprise as well. The organization’s data may be stored on a shared drive with other organizations – perhaps even competitors – so CIOs question the extent to which other businesses have access to their data.
Rely on a Combination of Technologies
There is an old saying in IT: there are two types of computer users, those whom have lost data and those who will. Today’s business environment of low-cost disks, robust software, and high-performance drives enable companies of all sizes to proactively protect themselves from data loss and threats to business. The appropriate combination of these solutions is an effective way to apply the right solutions to protect data based on its value to the organization. Relying solely on snapshots and/or replication solutions is leaving data unprotected.
The best solutions are simple and straightforward. As complexity builds, so does the degree of difficulty in fully recovering data in the time needed. Backups provide the lowest risk and simplest means to recover data in a secondary location. Add snapshots and replication to help round out your data protection strategies and increase the likelihood of a successful recovery.
Raymond Tuchman is president and managing partner of Experis Data Centers and has more than 25 years of experience in the information technology industry.
Dave Maxfield is a partner at Experis Data Centers and brings with him more than 25 years of senior management and executive experience in the telecommunications, satellite systems, and IT industries.