Today's Data Protection Challenge

Data protection today faces a different set of challenges than the solutions of the past. At one time, online production operations ran during first shift; batch update and reporting operations ran during second shift; and backup and maintenance operations ran during third shift. However, as more applications share the same body of data for different purposes and from locations scattered across time zones, off-hours is becoming a vestige of the past. Yesterday's data protection approaches can only partially solve today's problems and will not solve tomorrow's problems.

Today's backup window is quickly disappearing, a symptom of a business environment that demands greater data availability. New approaches must be adopted that do not contend with production workloads for resources and are not bound by narrow backup windows.

Furthermore, the volume of data requiring protection continues to grow while recovery demands become more aggressive. Growth in the amount of data requiring protection is driven by two factors: 1. the volume of data continues to grow 30 to 60 percent per year for most large enterprises, and 2. new regulations require companies to retain more data for longer periods of time.

The 'Do Nothing' Option

A comprehensive data protection solution requires planning, and could require staffing and budgetary resources. However, in order to evolve and meet demands, IT cannot ignore these new requirements.

It is true that not all disruptive events have severe, immediate consequences, but frequent small losses and excess IT costs will drain company profits over time. IT administrators can recognize a need for an update data protection solution by looking for a few symptoms that might signal data protection problems, including

· Excessive data recovery incidents caused by operational mishaps
· Excessive time elapses before recovery can begin
· Compounding of data recovery problems due to operational mistakes
· Resolution of data protection problems drag on for weeks to months
· Root-cause analysis takes too long or is not done at all
· Testing of data recovery procedures known or perceived to be a potential disaster
· Patch levels are far out-of-date or data protection products are out-of-date by more than two release levels
· Backup jobs frequently delayed until the next available backup window
· Inadequate or nonexistent recovery for database severs, file servers, and mail servers
· Difficult to recover data protection infrastructure in a disaster

Anatomy of a Comprehensive Data Protection Solution

Data protection has both technical and non-technical aspects and should include people, process, and technology products and services. Although technical aspects are of major importance, people and processes are of equal importance. The technical aspects of data protection refer to solution design, implementation, and operational tasks. People and process refer to planning, best practices, and ongoing testing. A comprehensive data protection solution combines technology and services into a cost-effective solution with the following benefits:

· Reduces the amount of application downtime caused by data emergencies
· Meets recovery objectives that support even the most critical data
· Cost-effectively backs up and retains massive amounts of non-critical data
· Raises backup and recovery success rates well above industry standards
· Mitigates constraints imposed by tight or disappearing backup windows
· Proactively prepares for operational mishaps and disastrous events
· Minimizes the gap between the current environment and a state-of-the-art environment
· Mitigates the attrition/loss of skilled data protection professionals
· Makes the overall cost of disaster recovery and replication more affordable
· Minimizes and manages IT operational risks

The technology goal is to design, implement, and maintain a state-of-the-art data protection environment. There are a number of considerations for administrators who are creating a strategy for comprehensive data protection, including the following:

· Recovery window: Does the solution protect data in a manner that enables recovery within a time window specified by the recovery time objective (RTO) and with no more data loss than specified by the recovery point objective (RPO)? The solution might employ various combinations of replication and backup to this end.
· Comprehensive data support: Does the solution support recovery of all classes of data (e.g., database, flat files, and email)? Recovery should mean restoring data to its normal operational state and verifying success.
· Cost effectiveness for data classes: Does the solution employ the most cost-effective protection methodology for each class of data without compromising recovery objectives? For example, flat files with very relaxed recovery objectives should be handled differently than mission-critical databases.
· Server recovery: Does the solution recover database servers, file servers, and mail servers to an operational state? Recovery is only deemed successful when data can be safely accessed by applications through a data server.
· Automated recovery: Does the strategy include automated recovery, but still leave critical recovery decisions to IT staff? Automation reduces the incidence of operational mishaps and prevents problems from compounding during stressful recovery situations.
· Planning for conflicts: A good data protection plan will take into consideration possible contention with applications for server, network, and storage resources. The potential that backup jobs might disrupt production workloads forces backup operations to be performed during off-hour backup windows. Avoiding or eliminating backup windows increases backup success rates and provides flexibility in backup schedules.
· Tape drive use: Administrators should use tape media and tape drives efficiently to contain costs. Costs associated with tapes are a major factor in a backup solution.
· Effective retrieval: Administrators should implement a strategy to reduce time to retrieve backup media from offline storage. Delays associated with retrieving backup media can add many hours to end-to-end recovery time.
· Network and replication use: IT should use the replication network wisely to contain network costs. Studies and experience have shown that the network is a major cost factor in employing a replication solution.
· Staffing considerations: A good data protection plan will require no more than a skeletal onsite staff for data protection operations. Eliminating the need for a large staff at production locations saves onsite staffing costs, leverages offsite services for multiple production locations, mitigates the impact of a local area disaster, and increases outsourcing opportunities.

Conclusion

There is no single technical approach that delivers both aggressive recovery and meets low cost objectives. Any comprehensive solution must be a combination of a number of strategies-each addressing part of the total data protection problem. When budgeting for a data protection strategy, administrators should note that the cost of the solution should include the people, the technology, as well as the costs imposed by the technology on the underlying IT infrastructure such as servers, storage, and networks.

IT organizations should consider the future of data protection and how they will adapt their current strategy to meet today's data protection demands and tomorrow's requirements. Ignoring data protection problems can have severe consequences for any organization and a comprehensive approach including a combination of people, process, and technology will help any organization prepare for anything from a small incident to a major disaster.

Bob Baird is senior solutions architect with Symantec's Global Services organization. He has 40 years of experience as an architect and consultant with IBM, HP, and Symantec.
www.symantec.com