Acronis022707

Total Data Protection For Small and Medium Sized Businesses March 2006 by Farid Neema Peripheral Concepts, Inc. Total Data Protection For Small and Medium Sized Businesses Total Data Protection for SMB's The explosion of corporate data in a distributed environment and the advent of tighter regulations have contributed to putting tremendous pressure on corporations to protect and access their data. Typically, IT departments have tried to protect data by using high availability devices with redundant systems, backing up data regularly to tape, and using data replication techniques. Increasingly, more sophisticated methods of ensuring the integrity and availability of important corporate data are being used. Data protection is a multi step workflow of interconnected processes that extend far beyond simple onsite backup to encompass continuous backup and fast restoration, onsite and off site storage, archiving, and disaster protection and recovery. If your data protection solution does not address the complete protection lifecycle, your company risks the unacceptable exposure of only partial protection that could easily result in the loss of irreplaceable data and costly downtime. Protecting data is ranked highest among the IT managers storage challenges as shown in Figure 1. TABLE 1. THE COST OF DOWNTIME $1M in lost revenue per hour on average Source: IT Performance Engineering & Measurement Strategies: Quantifying Performance Loss, Meta Group Within data protection concerns, IT managers rank recovery problems at the top of their data protection concerns. Asked about the most significant data protection related problems for which they are ready to spend money to get them resolved, the three problems that come way ahead of many others (Figure 2), are: Improving time to restore backed up data Faster recovery from system failure Easier recovery from disaster 2 Current data protection and recovery tools available to small and medium sized businesses (SMBs) offer only piecemeal solutions that are not only expensive to deploy, but in many cases fail to live up to today's business requirements. The need for a new, innovative and cost effective recovery management solution is both acute and pressing. As a result, new recovery management technologies are coming to market. This paper provides an overview of the challenges and current practices in data protection, exposes some of the more problematic approaches in traditional solutions, discusses the fundamental elements and operation of recent backup and disaster recovery techniques, and offers a list of criteria for selecting the system that fits your needs Backup Backup is essentially copying live data so that it can be restored in the event of a crash or a failure causing the loss or the corruption of the primary data that usually resides on disk. Backup is a fundamental basic component of business continuance All backup techniques involve creating a copy of the data to be protected. The fundamental requirements for backup are that the process ensures the integrity of the data, allows rapid and simple recovery, and causes minimal disruption to the system processing. But there are other attributes that differentiate backup systems. They include: Protection of important files continuously and in real time Minimal backup windows Point in time based recovery with the ability to roll back to arbitrary versions Options to set high and low priority files Multiple backup/replication targets Protection of file servers and transient connected endpoints Retention of data files for predefined lengths of time 3 Total Data Protection For Small and Medium Sized Businesses Figure 3 indicates the attributes of the "perfect backup" The basic parameters that define the completeness of a backup process are: The backup time window The Recovery Point Objective (RPO), which determines the periodicity of backup The restoration time Backup window The backup window defines the length of time the data is inaccessible due to the backup process. In the past, backups were typically performed at night or on the weekend. While this is still in use for much enterprise data, for most critical applications, a backup window of any length is no longer an option. End users' surveys show that the backup window is still very much of a concern and needs to be reduced at more than half of the sites. Two methods to minimize the backup window of traditional backup are to increase backup speed and to minimize the amount of data to back up. Recent, more efficient techniques enable transparent generation of a snapshot or point in time copy of the data can be either maintained as a separate mirror or used as the source of a point in time backup to tape, or both. To minimize the amount of data backed up, systems allow incremental or differential backups. An incremental backup takes an image backup at set times of the disk sectors that have changed since the last backup, which can be either a full or another incremental image. In the event of a crash, the user restores the original image and overlays the image with the disk sector changes copied as increments. This is more efficient in data storage usage and backup time window, but is much less efficient in restoration time. A differential backup takes an image of the disk sectors that have been modified since the last full disk image. This simplifies restoration process since restoring deals with only one differential backup and one full backup, but backups might involve more data. Incremental images provide greater granularity, since they can go back to a more precise point in time than a differential image, which takes you back to the most recent full image. 4 Cost of Traditional Backup In the past, data protection meant tape backups. Some online protection could be obtained by using RAID to keep data intact and available in the event of a hard drive failure. Most system administrators relied on copying file based data to tape and then moving some of those tapes offsite. Terabyte size databases required hundreds or even thousands of tapes to keep track of. This is still the most common form of data protection in large enterprises, but only part of a whole suite of techniques available for safeguarding data. Keeping track of the location of all these tapes and recycling expired media is a complex administrative task. Other management capabilities include monitoring and reporting successful and failed backups, equipment status, media availability, performance, and resource utilization. A typical large enterprise will back up hundreds of items every day. The administrator needs to ensure that all relevant data is being backed up. Centralized backup management offers a number of tools that greatly facilitates the administrative tasks, but the cost of traditional file based backup and recovery remains one of the highest costs of managing storage. Recent developments in backup and recovery processes include disk to disk backup and snapshots. The Shift from Tapes to Disks Disk to tape backup/recovery has been the dominant method of data protection for a number of reasons, including low cost media and ease of moving tapes off site for disaster protection and archiving. Tape presents two major problems it is not reliable and, presenting sequential access, cannot lend itself to fast data restores. We found that 45% of the respondents experience over 10% unsuccessful backups at first attempt, to which one should add an equal number of unsuccessful restores. This can represent a daily problem for some installations. With higher capacity disk drive systems decreasing in price and increasing in capacity and resiliency, the lure of faster recovery times has led to a shift in sentiment among IT Managers. The number of sites using disks for part of their backup doubled in 2005. For the first time ever, more than one half of the surveyed managers would consider the possibility of a tapeless IT operation in the long run. This aspiration for "getting rid" of tapes is even more pronounced in very large IT operations. In 2006, there will be more data backed up on disk than on tape, and disk should gain 4% share every year for the next three years. Factors driving this shift to disk include: Faster data recovery Ease of use and a rapid return on investment (ROI) for small and medium sized companies Compliance to regulations The development of a number of disk hungry tools that greatly simplify data management, to include snapshot, continuous data protection, storage tiering, hierarchical storage management (HSM), information lifecycle management (ILM), all backed up by increasingly robust virtualization techniques. Snapshot And Point In Time Backup A point in time copy actually creates a separate, physical copy of the disk, while a snapshot is a logical representation that gives the appearance of creating another copy. Point in time copy is a simple solution, but one that requires a lot of extra disk capacity. Standard practices require that several point in time copies be maintained throughout the day, enabling operations to retrieve an uncorrupted version of the database very close to the point at which the problem occurs. Snapshot capable controllers configure a new volume but point to the same location as the original. No data is moved, no additional capacity required, and the copy is "created" within seconds. Additional capacity is required when the volume is updated. Before updates are allowed, the snapshot saves the old data blocks retaining its original content. Because backups using snapshots are quick and less resource intensive to create than mirrors, it is possible to make frequent backups and therefore ensure quicker, full restores. 5 Total Data Protection For Small and Medium Sized Businesses At the extreme end of the spectrum is a continuous backup, or continuous data protection (CDP), where data is backed up in real time whenever any change is made. Continuous backup establishes a journal in which changes to a set of data are recorded with time stamps. The current version of the data can be processed back to any instant in time. In this way, the effect of a logical error can be undone. If the current data is not available because of a physical error, a full backup can be processed with updates from the continuous backup journal, creating a new up to date version of the data. Protecting Workstations and Laptops Although most companies have implemented solutions for protecting the enterprise data, data residing in workstations and laptops is notoriously under protected, even though it amounts to a large percentage of all corporate data some estimates put it at 60% of all corporate data. The reason is that processes have been time consuming and complex for an average user, and cost of centralized management prohibitive. Recent techniques have gone a long way to making backup and disaster protection of workstations and laptops an affordable reality. Disaster Protection / Recovery Business continuity is the ability of a business to continue to operate in the face of disaster. Protecting data and the access to it is a primary component of business continuity strategies. After a disaster, it is less important that the hardware systems survive, so long as critical data does. If the data is still intact, new hardware can be purchased, applications reloaded, operations restored and the business return to normal. Levels of business continuance depend on recovery objectives and carry very different levels of investment. How Important is Disaster Protection? There are many reasons why a corporation might lose important data. Broadly, they can be broken into the following categories: Natural disasters: Floods, earthquakes, hurricanes, and terrorists Security breaches: When an intruder breaches the network, server, or storage defenses of a company Accidental data loss: End users delete, overwrite, and misplace critical files or e mails, a backup tape is overwritten, power is lost System failure: a hard drive crash, software bugs, failed software updates and installations, data corruption, viruses, power outages There are several reasons for spending money, time, and effort on disaster protection. The single, most important reason is fear of financial loss loss not only from lost sales, but also loss from a potential law suit due to your inability to access data required by a court order or government agency. Another driver is the recent wave of regulations that define what information must be retained, for how long, under what conditions, and demand that privacy of the information be ensured. A third driver is loss of productivity, as employees are idle or able to work only in a reduced capacity waiting for systems to be restored after a failure. Cost of Downtime Downtime costs vary from industry to industry, based on dependency upon technology and typical labor costs. Half of the surveyed sites estimate their business to be at great risk within the first hours of interruption (Figure 4). E commerce and financial institutions accrue an average of nearly $6 million in losses for every hour of downtime, based on lost revenue and employee. Small and medium sized businesses lose $18,000 per hour of downtime (Figure 5). In fact, according to the U.S. Bureau of Labor Statistics, 4 out of 5 companies that experience a significant data loss will be out of business within 5 years. 6 RTO and RPO Two metrics characterize disaster recovery plans: recovery time objective (RTO) and recovery point objective (RPO). RTO is the time required to recover data after downtime; RPO is the maximum time window of data loss the business can afford for the application. They help determine what kind of technology you need, The optimal data protection solution differ widely according to the criticality of data, the application, and the organization budget. Most surveyed sites measure RPO and RTO for critical applications in hours, some in minutes. The latter obviously needs a mirroring and protection solution that works in real time. If you measure RPO and RTO in days, you can just do a single backup overnight. It is not cost effective for every single application to have guaranteed five nines uptime. Figure 6 shows the relationship between recovery speed, cost and applications. IT operations are definitely moving towards having multiple levels of data protection The population aiming at RTO and RPO of less than 20 minutes has doubled since 2004 and represents 37% of the surveyed population for RTO and 42% for RPO. 7 Total Data Protection For Small and Medium Sized Businesses Traditional Disaster Protection Disaster protection strategies are designed to protect businesses against the catastrophic destruction of their computing facilities. The usual approach is to create duplicate facilities at remote sites. Sometimes the primary systems are duplicated; in other cases, smaller systems may be set up to execute only the most critical business applications. Backing data up at a remote site provides an increased level of protection. Volume replication often is used to perform mirroring across separate hosts. The crux of recovering from disasters is the ability to access, or recover the backup copies of crucial data and to restore these backups to backup systems that will take over the operation of critical applications. When executing a disaster recovery plan, data is restored to a backup system. This new system could have a different configuration than the original one, so the recovery process is more complex than a simple data restoration to the original system. Also, because the backup system typically has a different configuration than the original system, elaborate coordination with applications is necessary. The better solutions incorporate a re synchronize function as part of the replication services to help IT administrators transfer data back to the primary site for normal operations. To handle these diverse set of failures, IT systems must be able to access and recover something as small as a singular email or file to something as large as the data center for an entire site. It must be able to recover data to a consistent state when the data is linked to active applications which are continually accessed by end users. It is also important that a business should have the ability to recover its data to any point in time in the past, to a point prior to a failure, without missing any critical information. Ideally, the ability to restore an image to dissimilar hardware should be a function of the disaster recovery software to minimize the amount of time required to reconfigure the backup servers. Disaster Recovery Most discussions about disaster recovery end at the notion of having systems available during a disaster. However, the real challenge is actually the process of restoring all the systems at the primary site, or new primary site, back to normal afterwards. 8 For the majority of sites, the principal means of disaster recovery remains tape. Data retrieval from disaster has remained largely unchanged through decades of use, although advancements have occurred in the tape storage industry. To recover data, the correct tape cartridge has to be located, the correct section of the tape located, and the data retrieved, uploaded and reintegrated. Most large organizations can only make full copies of their most vital data once a week. In the time between, they typically make copies of the changes to data. However, having to reintegrate that incremental data is extremely time consuming, difficult and subject to data loss. Surveys show that most large enterprises have a disaster recovery process in place though whether or not it has actually been tested, or how often it is updated or reviewed, is another question entirely. A disaster recovery plan that has been written but never tested is essentially worthless. Midrange, and especially smaller companies, are less likely to have a written and tested disaster protection process. Disaster Protection for SMB's Historically, protecting against a disaster was seen as a huge task facing IT managers. Consequently, only large corporations could afford it. With new technologies the implementation costs may be a lot lower and take much less effort and time. Essential components for cost effective disaster protection include virtualization, bare metal recovery, hardware duplication on off the shelf standard equipment, and leveraging lower cost networks, Virtualization The opportunity to really change how DR is done has emerged as a result of developments in the world of storage virtualization, particularly from storage virtualization products that rely on a commodity hardware platform and operating system as their foundation. These virtualization solutions leverage native networking capabilities and the ability to mirror to/from any storage attached to the storage network. The benefits of using virtual machines in a data center are numerous. Instead of being confined to one operating system on each physical computer, companies can leverage virtual server technology to deploy multiple environments on the same server. Companies can use virtual servers to eliminate costs of managing and upgrading legacy hardware by migrating older applications onto virtual machines running on new, reliable hardware. They can also consolidate low use departmental servers onto a single physical server to decrease management complexity. Test and development groups have long used virtual machines to simplify the creation of realistic test environments, but the introduction of a number of recently announced products has also made a broader utilization of virtualization practical for such application as server consolidation and legacy application support. To meet disaster recovery requirements for production systems, administrators must design and implement protection strategies that afford these virtual machines the same safeguards as traditional servers. Simply backing up a host server can be insufficient to ensure that data within virtual machines is recoverable. Newer products provide a comprehensive, reliable, data recovery solution that backs up both a host server and all individual virtual machines on that server Virtualization provides major cost and management benefits for corporate data centers. With advances in hardware speed (example, 64 bit processors), multi processor servers and the accompanying increase in CPU power, servers will increasingly be capable of supporting larger number of virtual machines. Bare Metal Recovery Bare metal backup allows restoration of critical data in a matter of minutes by automating processes that would otherwise require manual reconfiguration of hard disks and installation of operating systems. By using automation, procedures are more likely to be predictable and simple. The user will not require as much training, and therefore, the recovery will be more reliable and less time consuming. 9 Total Data Protection For Small and Medium Sized Businesses Dissimilar hardware Restoration To protect against hardware failure and still allow for automated system recovery, many organizations purchase duplicate hardware for the most critical computers. Maintaining duplicate hardware for an entire site is so cost prohibitive that only the most critical IT operations can justify it. Besides, it is even difficult to guarantee that the same model can be available some time after the initial purchase, which implies that purchases must be done at the time of the original system acquisition. The ability to save and restore servers on any system provides a great flexibility and constitutes a significant savings. You can now recover a single processor computer to a multi processor computer. You can recover from expensive Fibre Channel or SCSI drives to ATA or SATA storage. Leveraging IP networks Remote copy allows a second storage system to act as a hot backup or to be placed out of harm's way and available for the disaster recovery site to use. Remote copy systems used to be expensive. The telecommunications needed to support them present the IT manager with a high recurring expense rated high among the impediments to acquiring efficient data protection. The costs involved with remote copy have tended to relegate its use to high end applications and very large companies. Nowadays, storage can be distributed on the Internet or an Ethernet network, with many clients or servers able to access many storage units. These remote copy, disk based backup, and distributed data stores are much easier to implement and manage. Selection Criteria As discussed above, achieving a quick recovery is by far the most important data protection challenge facing the IT manager. Other problems raised are reliability, backup window, and cost. Most of these concerns are also among the major impediments to acquiring the data protection that the manager needs (Figure 7), with, in addition, fear from additional management complexity and staff shortage. The best way to measure the value of a product is assess its features in the context of these characteristics. 10 Recovery Time The issue for users is not backup, but how quickly they can recover and be up and running. Once again fast recovery from disaster is given the highest rating among the selection criteria that guide the choice of IT managers for a business continuance solution, as seen in Figure 8. Recovery related questions must include: Is disk based backup and point in time recovery available? Can the system file critical files locally on disk? Can critical files be quickly recovered and work resumed while the rest of the system is restored? Does the system allow differential backups? Can backup and recovery be initiated from a remote location? Can the recovery be executed onto dissimilar hardware? Reliability Tape based backup processes are not reliable. Reliability problems are primarily attributed to manual interventions, media, libraries and software. The management of a large number of tapes leads to confusion. What needs to be checked is: Is disk involved, and is the level of redundancy adequate? Is the backup system automated? Are cross platform backups consolidated for consistent procedure and policy Is any data management software included, such as SRM, HSM, DLM or ILM Can the system consistently backup virtual servers and vitual machines on a server? Backup Window Backup window is raised as a problem by more than half of the surveyed IT managers. Full backups can last days, and need to be scheduled during week ends. 11 Total Data Protection For Small and Medium Sized Businesses Is snapshot technology available or CDP used? Does the system enable a reduction of the number of full backups? Can open files be backed up? Can the system avoid duplication of redundant data? Does it compress or compact data? Can backups be selective? Cost The real cost of storage is not in the hardware and software, but primarily in the labor involved in managing storage and in the productivity loss. Therefore, the Total Cost of Ownership (TCO) needs to be taken into account, to include productivity gains due to increased performance, simplified management, better utilization of resources and increased data availability. Questions to be addressed include: What is the total cost of ownership (TCO), how much of the operating cost can it save, and what is the return on investment (ROI)? Does the system include a suite of offerings, such as virtualization, to maximize storage utilization? Does the system cover all aspects of data protection compatible with your RTO and RPO (backup, recovery, replication, archiving) or can it integrate with a number of other vendors products? Is the system capable of dissimilar hardware restoration using off the shelf standard equipment? Can the basic system cost efficiently expand to cover your desktop, departmental and enterprise needs? Management Complexity Managing storage is one of the most important costs in administering a networked IT operation. The first important criterion in manageability is the ability to manage all storage components and servers from a centralized point or from any point distributed on the network. Management can automate the creation and distribution of critical information, consolidate management of geographically distributed heterogeneous storage solutions, and measure and communicate outcomes. Also, consolidation of data services makes it easier for IT administrators to manage their data than to operate via number of piece meal solutions. The extent to which a data protection solution can integrate and automate some or all of these steps will determine its position in the hierarchy of product classes. Can open files be backed up and replicated transparently? Can the system create real time automated backup and recovery points? Does the system provide analytical reporting with statistical data? Is bare metal recovery available and how long does the recovery process take? Is the system fast enough and can it support next generation hardware and software? Staff Involvement Backup and recovery is a time consuming, tedious chore. Backup ties up hours of an IT professional's time, and still more time in the morning reviewing logs and troubleshooting. Recovery is yet much more time consuming, as it is not predictable and causes the most disruption. Check for the system to: Take minimal time to install Have centralized management Offer a single system interface Allow automated backup and client file restoration Allow unattended remote server restoration 12 Conclusion Traditional data protection solutions have long been missing the necessary tools to help IT manage backup and recover data, and match results to Service Level Agreements (SLA) and compliance regulations. Next generation data protection has the ability to enable small and medium sized businesses to implement backup/recovery and disaster protection solutions required in today's business environment. This level of protection was previously available only to those who could afford to spend top dollars on proprietary storage solutions. Now, cost efficient data protection systems offer business continuity through advanced network efficient replication with integrated snapshots and bare metal disaster recovery. These systems enable total protection based on quick recovery by making the entire process: Faster Simpler Reliable Efficient snapshot, point in time restoration and bare metal disaster recovery user friendly Web enabled, policy based management fault tolerant disk configurations with minimum impact on LAN and WAN traffic low initial investment and low total cost of ownership with user's ability to restore files Inexpensive Pro active Note: The references and figures are from a series of recent Virtualization and DP reports based on extensive end user surveys, published by Peripheral Concepts, Inc. (www.periconcepts.com) Reprinted with Permission To find out more about Acronis True Image products: Call +1 877 669 9749 E mail sales@acronis.com For OEM inquiries: Call +1 650 875 7593 E mail oem@acronis.com Copyright © 2000 2005 Acronis, Inc. All rights reserved. “Acronis”, "Acronis Compute with Confidence", “Secure Zone”, “Recovery Manager”, “Snap Restore” and the Acronis logo are trademarks of Acronis, Inc. Windows is a registered trademark of Microsoft Corp. Linux is a registered trademark of Linus Torvalds. All other names mentioned are trademarks, registered trademarks or service marks of their respective owners. Printed in USA. 13