Strategic Info Management: Virtually Extend Your Data Center

Too often, distributed enterprises with servers in branch and remote offices skimp on protecting these outlying devices. If a server isn't tucked away in the central data center, backups are hit-or-miss, as is a disaster-recovery plan. And management? Forget it. These facts are not lost on IT--68 percent of attendees at a Gartner conference said they are unhappy with their backup strategies for remote servers. But fewer than half had a plan to improve the situation.

Far be it from us to throw stones, but treating branch-office servers--and the critical customer data they contain--as second-class citizens is foolish. These devices lead dangerous lives. In addition to the risks faced by their coddled data-center kin, like hard-drive failure or users accidentally deleting data, remote-office servers are prone to theft and mishaps like catastrophic coffee spills and collisions with vacuum cleaners.

You can extend glass-house-level protection even to devices tucked into a corner behind the potted plants, without breaking the bank. Pricing for managed backup services, for example, has declined by as much as 80 percent since 2004, according to Gartner, while security and the range of vendor choices has expanded, with innovative new offerings aimed at remote offices. Snapshot technology can make quick file restores a reality, and thin clients and WAFS (wide area file services) have roles to play in reducing costs and bandwidth usage.

The Root of Some EvilAlthough we don't buy disk vendors' assertions that tape is obsolete in the data center, if there's one place it should be declared dead, it's the remote office. The cost of both bandwidth and disk space have fallen significantly over the past few years, so there's just no reason to put up with the unreliability of tape backup systems in the field.

DATA CENTER
Immersion Center

NEWS | REVIEWS | BLOGS | FORUMS TUTORIALS | STRATEGY | MORE

The reality is, tapes won't always get changed. If the backup system rejects a tape because of writing errors, the alert may go unheeded. "Off-site storage" is likely to mean a box in the office manager's hall closet. And perhaps worst of all from a compliance standpoint, when a server--and the backup tapes neatly stacked on top of it--are stolen, your data goes with it. Few workgroup-scale backup systems encrypt data on tape--with the notable exception of CA's BrightStor ARCserve--so tapes stolen or lost in transit represent an exposure that could require a time-consuming data analysis to determine if you must notify customers and/or employees that personal information may have been released.

If Not Tape, What?

One alternative to tape is outsourced backups. In fact, most of the conversations we had with IT pros for this article eventually turned to Internet-based services like Iron Mountain's Connected.

This market has grown up, while prices have plummeted. You can now find a huge variety of services, ranging from applications you install on users' laptops that use Google mailboxes for backup, to enterprise-oriented services like EVault and LiveVault, the Editor's Choice in our most recent review of online remote backup providers (see "Space for Rent").Costs, which are based on the amount of data you store, range from less than $2 per GB per year to $25 per GB per month. You could find that the three-year cost of storing the data for a five- to 10-person remote office is less than the cost of a tape drive and backup software. Factor in media and labor costs and an outsourced service could be a real bargain.

When it comes to outsourcing backup, network managers typically worry about restore times and a loss of control--your valuable data is in someone else's data center, and who knows who's accessing it? If the backup provider goes belly-up, will you be able to retrieve your data? They may cost a bit more, but online backup services associated with or owned by a company with a reputation of trustworthiness can help alleviate these concerns. LiveVault and Connected, for laptops and desktops, are both owned by Iron Mountain, and SunGard also provides vaulting services.

Some backup services, including Evault, LiveVault and ProSoftnet's IBackup, encrypt data both in transit across the Internet and at rest on their servers. Only you can restore your data, by entering an encryption key. The downside is that you must secure and safeguard this key.Regarding restore times, plan to get users back to work fast by restoring the few files they need immediately from the Internet. In the event of a server failure, most online backup vendors will ship an appliance overnight so you don't need to suck tens of gigabytes across the Internet. Providers like U.S. Data Trust and EVault go one step further, giving you the option of installing an appliance at your site that caches backup data on the way to their data centers.

Remote-Office-Ready

Still not sold? A new class of backup applications are designed and marketed specifically for remote-office data protection. Asigra's Televaulting, Signiant's Mobilize for Remote Data Protection and Symantec's NetBackup Pure Disk Remote Office Edition resemble the software used by online backup providers, but with some key improvements.

A conventional backup program will identify changed files using operating system metadata, like the archive bit and last modified date, and back up just those files when making an incremental backup. These new remote backup programs take it up a notch. They divide the file into blocks, calculate a checksum or hash for each block, compare the hashes to the equivalent block on the copy in the backup vault and transfer only changed blocks across the Internet.

Avamar Technologies' Axiom and Symantec's NetBackup Pure Disk extend the technique of identifying unique blocks beyond the file to the whole set of protected data. When they identify a file to be backed up, they calculate block hashes and compare them to a local cache to see if that block has been backed up before. If it has, they send metadata to the central vault to tell it that the block with that hash signature is also part of the new file. Obviously, the size of this cache record can become a limiting factor in large environments, but few remote offices have that much data.

This technique reduces both the amount of disk needed to store your backup data and the bandwidth consumed. Because there's generally a lot of data duplication across branch offices, if only because each has the same software install points, keeping just one copy can cut volume dramatically. Both programs are smart enough to keep one copy of a set of data even if it exists in multiple files, in different places, with different file names.

Both Pure Disk and Axion are disk-to-disk solutions that have scalable, grid-style data-storage models, where you can add more servers and storage at the central vault site while managing storage as a single pool. Both also can replicate vaulted data for an extra level of protection.

Pure Disk stores data in a proprietary backup file format. Users can restore data through a self-service Web interface or by mounting a CIFS (Common Internet File System) share. Today, Pure Disk protects file data on Windows, Unix or Linux hosts; it cannot yet integrate with NetBackup, but Symantec promises integration in a future version that will make it easier to spool data off to tape.Axion stores its data in Avamar's proprietary cluster file system, but users can mount read-only CIFS or NFS (Network File System) shares to restore or move data to tape for archival storage. Avamar has the lead over Pure Disk in application support, with agents for Oracle, SQL Server, DB2 and Exchange databases, in addition to file-system support on Windows, Linux and Network Appliance filers.

Thin Is In?

That old-timer knee-jerk reaction, "If you folks can't back up your server, you don't get to have one!" is looking good again, and not because we're advocating a return to the centralized IT environment of the 1970s.

Today's thin clients based on terminal servers and Citrix Presentation Server can let remote users run all but the most media-rich applications over relatively low-bandwidth connections, eliminating the need for servers--and even PCs--at some remote offices.

However, thin clients are not a universal option. While they may work well for users who generally stay on site and need basic applications, thin won't cut it for sales representatives, insurance adjusters and other laptop-toting road warriors who must take their data with them. In addition, if the WAN connection drops and users lose access to the servers at the home office, they're at a standstill.A better option might be to use WAFS to store data on servers back in the data center and let users in the field access it as if it were still on a server in the break room. WAFS works by using an appliance or server running WAFS software at each end of the WAN link. The unit at the remote site looks like a server to users' workstations but holds only cached copies of their data. The unit in the data center coordinates changes so users see files as they're updated, even if the updates are by users at other sites. We typically see at least a tenfold performance improvement over accessing the server across the WAN.

Network equipment vendors including Cisco, F5 Networks, Juniper Networks and Packeteer are snatching up WAFS vendors at a dizzying pace lately, but a few independents, including Avail Solutions and market leader Riverbed Technology, are still around. Costs range from about $2,000 per site for an Avail software solution to well into five figures for a high-end Riverbed Steelhead appliance that can handle traffic at 800 Mbps (see "Smart Steelhead Pounds Home Data" ).

Other products, including the Tacit technology now owned by Packeteer, can also cache and accelerate applications. See more on WAFS in "Being There".

Freeze Frame

A system that lets users access their most critical files right away, even if the main server is down, will address the single-file-restore problem. IT groups that don't wish to give end users access to restoration features can make this a helpdesk function.The solution for single-file restores may be a lot closer than you think, in the form of snapshot technology. Although we've long used array-based snapshots in the data center to protect mission-critical applications, like Oracle databases, the technology has moved down the food chain to the point that even midrange NAS devices and Windows Server 2003 support snapshots. Windows Server 2003's Volume Shadow Copy for Shared Folders even lets users restore previous versions of their files through Explorer on their XP workstations.

Server-based snapshot schemes are dependent on the system being up and the original disk being available, so they're useless for disaster recovery. But if you make single-file restores fast and local, and accept that overnight might be the best you can do for a full-server restore, you can extend data protection to even those remote offices where a cable modem or DSL line is all the budget will bear.

If snapshots address the single-file-restore problem, we still need to get data off-site for disaster recovery. Asynchronous replication software like NSI Software's Double-Take or XOSoft's WANSync will copy data to headquarters, but they don't preserve multiple file versions, so you still must do local backups, even if just to maintain data for e-discovery. Although most asynchronous replication products can handle many-to-one replication, a ratio of 2-to-5 to 1 is optimal. Bandwidth aside, if you needed to back up 30 branch offices, you might need 10 servers in the data center to accept the data.

Howard Marks is founder and chief scientist at Networks Are Our Lives, a network design and consulting firm in Hoboken, N.J. Write to him at [email protected].

Face it: We're going to continue to store data at remote offices. In the past we've relied on a single process--the nightly backup to tape--to protect against data loss. But is there a better strategy? We say yes.First, ditch the tape. Unless you're using a backup application that lets you manage all your remote offices from a single console--and you actually pay attention to that console--weeks or months could go by without a good backup. We can't count the number of systems we've seen that were set up to e-mail the mother ship when there was a problem, but the problem was big enough to stop that e-mail. Backup is one of those areas where "no news is good news" just doesn't cut it.

Bottom line, there's no excuse for old-fashioned tape backup at the remote office. Whether you outsource to an online provider, replace the servers in the remote office with a WAFS (wide area file services) appliance while keeping your primary data in the data center, or upgrade to modern backup applications like Avamar's Axion or Symantec's Pure Disk, you'll sleep soundly knowing your data is protected.