Emergency service

• Article 24 of 26
• M-iD, October 2005
• View a PDF of the original article ~ 1.2MB

Page 1 | Page 2 | Page 3 | Page 4 | Page 5 | All 5 Pages

More than two-fifths of businesses that suffer a significant data loss never re-open and another one-third close within two years. Data backup - and recovery - is not simply a tedious chore, but could be a business life-saver in the event of an emergency.

Furthermore, legislation and industry regulations are also demanding that many organisations make and keep back-ups of their data.

But at the same time, making back-ups has never been more challenging, with the increasing volumes of data information managers are having to contend with. Some companies may even need transaction-by-transaction back-up, instant off-site back-up for disaster recovery as well as on-site replication for continuity in case of a server failure.

Step-by-step

The first step for any organisation in devising a back-up strategy is to find out what data it has, where it is kept and to identify the particular data that it absolutely cannot afford to lose. Steve Mackey, a European director at storage company ADIC, says that organisations need to determine their back-up strategies starting with their main business objectives and then work downwards.

"Businesses need to decide how long they can go without a particular piece of data or how much downtime they can afford to cope with after a disaster. IT then has to implement solutions for those goals," he says.

Who will be involved depends on the organisation's size, says Correy Voo, head of business technology solutions at telecoms giant BT. "In a large enterprise, there may be several groups that will have an input: IT, group risk, group compliance and, more recently, dedicated information security teams. For smaller companies, it'll be the guy who runs IT and the finance director," says Voo.

Organisations will also need to examine compliance requirements to see if there are any rules that apply to backed-up data. The Data Protection Act, for instance, does not distinguish between live and backed-up data. If the organisation does not have in-house legal expertise, it can check with industry bodies, forums or consultants what rules apply to it.

Once-a-day?

It should then decide how often its data needs to be backed up. Doing this not only helps ensure the organisation recovers from any data losses with few adverse effects, it can reduce the costs of back-up, the time it takes, its effects on operational systems and the amount of storage required.

Says BT's Voo: "Be pragmatic. Back up what you need to and don't back up everything. If possible, back up only the incremental changes. Not all data needs to be backed up constantly and if it doesn't change, you don't need to back it up." Given that in a full back-up, for every terabyte of data backed up, a further six or seven terabytes of storage may be needed (one terabyte per day with another terabyte for weekly backups), a full back-up can be very expensive.

This can only be done with the appropriate back-up or information management software. A content or document management system, for example, can help determine how often particular files need backing up. It can also provide administrators with the ability to analyse data usage, since it can keep an audit trail of how often files are amended.

The savings here can be large: as much as four-fifths of an organisation's data may be relatively static and so only requires infrequent back-ups. For example, old documents that are only occasionally accessed only need to be back-up once.

Content-addressed storage systems, such EMC's Centera, can be a boon in determining which files need to be backed up, since a file's name changes automatically whenever it is modified in such systems.

Technology needs

The organisation can then decide what technology it needs. Until recently, tape was the principle medium for back-ups on the grounds of cost. While it still remains the most affordable for smaller organisations, in the last few years price cuts have made disk-to-disk back-up systems more affordable for many medium-sized organisations.

Disk systems offer many advantages over tape, the biggest being speed - both for backing up and for restoring data. This has made 'continuous replication' a possibility: instead of having a scheduled back-up time for specific data, it is possible to duplicate data to a separate system whenever it changes. Continuous replication can work over a network and at a distance, making it applicable to failover, disaster recovery and data-loss back-up strategies.

It can also be of particular use for backing up email systems, something tape systems find hard to do. Systems from vendors such as Cryoserver use continuous replication to store all incoming and outgoing emails.

Paul Grossman, CEO of Cryoserver, says that organisations will often need to store certain emails for compliance reasons. "But since the average email user only uses half a gigabyte of email storage a year, you might as well back up everything."

One of Cryoserver's drawbacks is that it can affect the performance of email systems by as much as 20% or 30%, Grossman admits. However, this is as much a problem of continuous replication as Cryoserver's, since it will commonly affect directed attached storage in this way.

The solution is to use storage area networks (SANs), since that effectively takes the bottleneck away from the server. Kevin Perrett, storage architect for storage vendor FalconStor, says that it is possible to put together an iSCSI based SAN for £3,000-4,000.

"Essentially, all you need is a big bunch of disks and an iSCSI server," he claims. Using iSCSI rather than fibre channel connectivity technology reduces costs since existing network specialists already have the necessary skills. "One of the biggest mistakes we see people make is in the actual management of back-ups. Organisations don't accurately account for the amount of work and physical labour involved in controlling back-up systems," warns BT's Voo.

Using a storage area network also prevents another common problem with back-ups: use of network bandwidth. Since the storage area network provides a separate network, data no longer swamps the network and so the organisation no longer has to compress all its back-up operations into periods when few staff are using the network.

Continuous replication can be used for disaster recovery and business continuity as well. By having a separate site or separate system that is a duplicate of the main system, the business can continue operating even in the event of system failure or something calamitous affecting the main site. 'Metro storage area networks', which use leased lines to connect disk systems within the same system, are also becoming more viable options for organisations that want to the ability to recover from localised problems.

However, if there is a high data churn, the bandwidth necessary for continuous replication is unlikely to be within any but a handful of organisations' budgets, according to ADIC's Steve Mackey.

"Metro's not for data replication. There are quite a lot of links available, but if you look at the bandwidth, it's not up to continuous replication, even asynchronous replication, so you have to rely on tape," he says. This is especially true for long-distance replication, with back-up sites 50 kilometres or more away from the main site - necessary to avoid the worst disasters. Hurricane Katrina, for instance, affected an area larger than the size of Great Britain.

Organisations should pick a subset of their data to back up continuously and then use other means to create back-ups of less vital data. An offsite continuous backup is still affordable in many instances, with companies such as BT, Iron Mountain, DataFort and PC World Business offering schemes that even relatively small organisations can afford.

BT's Voo highlights aggregated services for groups of small businesses, starting at £2 per month, per gigabyte for a fully managed service with inclusive bandwidth of between 128 Kilobits per second (Kbps) and 256Kbps. If that is too expensive, the old fallback of tapes stored offsite is always available, although it is by no means the best, the most secure or the most foolproof option.

Records management

Most notably absent in most back-up strategies is a way to ensure back-ups fit within established records management processes and procedures.

If a tape contains a back-up of a record with a specific retention period, that back-up needs to be deleted at the same time as the record. This will involve restoring the tape, deleting the record, then re-archiving its content - a challenging problem for most organisations.

One consideration for a long-term back-up strategy is to try to ensure records with the same retention period are stored on the same media, so that they can be deleted in bulk. An alternative is to use disks for long-term storage, but hard drive storage is still more expensive to buy, requires far greater physical space and typically has a shorter life span than tape.

Problematically, back-up systems do not integrate well with records management systems. The equivalent to single sign-on for security is not available to ensure that access, audit logs and retention periods of back-up systems can be managed from the records management console. So some degree of duplication of systems and processes will be inevitable and will need to be managed accordingly.

Ensuring that only authorised people can access back-ups is important and can be achieved through physical security or through use of encryption. Companies such as Decru provide appliances that encrypt and decrypt information at network boundaries and on storage systems. Then, while it is possible for someone to 'unarchive' data from back-up, it is impossible for them to read it without a key - something that also prevents the common problem of the IT staff being able to access the organisation's most important information.

Restoration

A further vital part of any back-up plan is to ensure that it's actually possible to restore the data from back-up. Many organisations have thought their data was safe, only to find that in the event of an actual disaster, back-ups were missing, damaged, obsolete or had never even been made.

"Imagine customers retaining back-ups for several years," says Voo. "Often, physically retrieving and recovering from those back-ups is quite difficult. One customer even changed [back-up] architecture and didn't account for the old back-ups - the applications didn't even exist any more."

Voo suggests checking long-term back-ups at least once every quarter, particularly for anything kept for retention or legal purposes. With tapes, this may amount to just checking that they are still viable, but a full restore provides far greater peace of mind.

Once an organisation has developed a comprehensive back-up strategy, it needs to examine it at regular intervals to see if it needs to make any changes. Static back-up strategies will often fail to take account of changing data usage. Quarterly or half-yearly checks are sufficient for most organisations, but larger organisations will benefit from continuous checks, after each operation if necessary.

Developing an effective back-up strategy can be a difficult job that requires considerable effort by an organisation. Doing it badly can cost the organisation and if disaster strikes, even result in its demise. Doing it well will not only safeguard the organisation, it will also save it money.

Page 1 | Page 2 | Page 3 | Page 4 | Page 5 | All 5 Pages