October 2008

An increasing number of organizations have to manage and protect massive amounts of data that is created and accessible via the Web — data that's subject to loss due to natural disasters, technology failures, or simple human error. In addition, organizations are being held accountable for their data and are expected to be prepared for events that might jeopardize the data. Protecting Web-based data therefore is a critical component of business continuity and compliance strategies.

The following questions were posed by AMD to Laura DuBois, program director of IDC's Storage Software practice, on behalf of AMD's enterprise customers.

Q.    What are the most pressing challenges facing businesses with respect to data protection?

A.    Companies are faced with planning for the unforeseen and with ensuring the availability of Web-based data for business continuity and compliance reasons. As organizations continue to be held accountable for their data — due to regulatory and legal requirements — employing disaster preparedness and minimizing cost of downtime to ensure operational viability are critical elements of understanding how much risk they can tolerate.

A disaster recovery plan will depend on how data intensive the business is and what the company's appetite for risk is. Therefore, the first challenge lies in understanding the business relevance of each application or data set, its expected availability, and most important, its recovery requirements.

While protecting against simple human error with backup policies and procedures is relatively well understood, the need to include data at remote or branch offices requires more complex technology. Since bandwidth limitations make backup across a WAN difficult, many companies are looking for new solutions in this area.

At the other end of the spectrum, recovering data after a major disaster or site failure presents more challenges. There, especially, companies have to implement solutions that are consistent with business-specific recovery time objectives (RTOs) and recovery point objectives (RPOs). To do that, they must understand which applications are most critical, as well as the costs and benefits of implementing a disaster recovery solution.

Of course, complicating it all is the fact that companies may not have space for multiple data copies, given the exponential growth in the amount of data. In addition to the associated space constraints, managing multiple point products in a heterogeneous infrastructure makes everything more complex and costly.

The growth of data has pushed many midsize businesses to take a closer look at doing more storage migration to lower-cost devices such as SATA-type disk drives. As a result, we're seeing businesses look for more cost-efficient ways to protect their data and leverage their existing infrastructure. They're looking at software solutions that can reduce the amount of storage required either through deduplication, or single-instance storage, or through archiving information in a way that saves the companies space and management costs.

Q.    How can companies optimize data protection and expedite recovery?

A.    Organizations need to enhance traditional backup with technologies that protect data that was changed or created between backup points, reducing the data availability gap at recovery time. Organizations should also look for solutions that offer heterogeneous platform coverage and the ability to replicate popular applications while maintaining the data in a consistent state. Backup and replication are converging, and organizations should seek solutions that reflect this convergence. Similarly, a single-platform approach can enable policy management in a holistic fashion.

Understanding RPO and RTO requirements is an essential first step. In some applications, such as highly transactional applications, no data loss is acceptable because lost data is lost business. Organizations may be able to trade downtime against data loss, accepting longer RTOs if necessary. However, for applications, recovery time is essential, and organizations may choose solutions that involve failover to a remote site to which data has been replicated. This is especially true for companies doing business in areas prone to natural disasters, such as hurricanes or tornadoes, where the primary site not only may fail but also may be completely lost in the disaster.

Replication needs to be part of an organization's data management strategy — not just a data protection implementation. The idea is that customers need to not view replication as simply a point product but rather view the recovery needs as they relate to the overall business. Implement software not as a Band-Aid but rather as a way to align with business objectives.

Until recently, storage system vendors played a dominant role in disaster recovery by offering data replication capabilities, often at a cost that was affordable only to very large enterprises or for data considered mission critical. But that's changing. A growing number of vendors are offering alternative disaster recovery solutions that can be implemented at a considerable cost savings, making disaster recovery much more affordable to small and large organizations alike.

Q.    How can companies maintain business continuity in the event of a sitewide disaster, such as a flood or fire?

A.    Depending upon objectives, a number of solutions are available. Backup and restore systems that involve a remote site may fulfill the requirements around recovery from a sitewide disaster. Depending on RTOs and RPOs, a full copy of the data set can be restored from a backup copy.

However, if the recovery must be achieved in a time unsupported by the backup and restore system to close the previously mentioned data availability gap, replication becomes the technology of choice. Continuous or near continuous replication ensures that data written on the primary site is automatically replicated to a secondary site; replication copies data on a continuous basis from a primary system to a secondary system. At the time of a failure, the copy can be used for recovery by reversing replication and resynchronizing the systems or by redirecting services to the secondary system until the primary system has been rebuilt or replaced.

All this can be very complicated as organizations try to understand how things such as bandwidth will affect their recovery times, for example, or how to plan for data replication under different workload scenarios. That's why planning is essential in order to make the right investments.
Maintaining a second data site is costly, but it may be the only reasonable approach in some situations. In some cases, organizations can use existing remote sites as the data recovery site to minimize incremental investment. And new technologies, such as server virtualization, may make it easier to consolidate hardware and free up resources for a replication solution.

A growing number of vendors are offering alternatives to expensive array-based storage replication with the goal of making disaster recovery initiatives more affordable to medium-sized and small businesses. One such method is host-based (e.g., server-based) replication. Host-based replication is less costly in general than its array-based counterpart. In addition, host-based replication is generally transparent to the application and replicates the data from the user's production site to an offsite location by using existing server resources.

Although the host-based approach draws on the server's processor and sometimes other server resources, it also has advantages, including support for most open-system operating systems and the ability to operate on any storage. For organizations with data dispersed across geographic locations, host-based solutions offering byte-level replication deliver a cost-effective alternative to array-based, block-level solutions.

Q.    How can companies optimize their environments for better protection, management, and compliance?

A.    The process of determining your protection level and employing the right technology is based on the type of information your organization manages and how that information is being used. Then match the right level of availability and recoverability to the application. It becomes the responsibility of the IT department to understand how business workflow ties into the business application, and then how the application is supported. Otherwise, IT won't be able to map the system to the application.

Organizations should look for solutions that integrate data protection, replication, and archiving in order to facilitate life-cycle management and compliance. They should also demand that solutions with these critical components allow management from a single console to maximize operational efficiency. A convergence of technologies has been taking place in the past couple of years. Solutions that combine replication and snapshots with file-level visibility and recoverability, for example, deliver local data protection with the ability to quickly recover the full system in case of local or remote failure.

To avoid effects on performance, organizations should look for features such as the ability to perform backup from replica images rather than from production data. To prevent the spread of viruses or possible corruption and ensure reliable recovery, organizations should look for solutions that deliver application-consistent recovery points. Finally, organizations should seek solutions that support heterogeneous platforms (e.g., Windows, Linux, and Unix) and enable simplified management from a single console.

Many of these offerings have been labeled as continuous or near continuous data protection (CDP or near CDP). Some traditional data protection and replication vendors are beginning to integrate these technologies into their offerings, delivering a more robust way to protect data and ensure business continuity. This integration of CDP solutions with traditional backup and recovery products offers customers flexibility in meeting restore requirements, whether they are related to a mere single file recovery or an all-out site recovery following a natural disaster. Solution component integration and ease of use are critical for organizations when recovery time is measured not in minutes or hours but in dollars.

ABOUT THIS ANALYST
Laura DuBois serves as program director for IDC's Storage Software practice. The Storage Software program covers areas such as storage and device management, storage replication, data protection and recovery, storage infrastructure, file systems, and archiving software segments. Ms. DuBois is responsible for the research, consulting, and client relationships, and she oversees IDC's team of storage software analysts.


ABOUT THIS PUBLICATION
This publication was produced by IDC Go-to-Market Services. The opinion, analysis, and research results presented herein are drawn from more detailed research and analysis independently conducted and published by IDC, unless specific vendor sponsorship is noted. IDC Go-to-Market Services makes IDC content available in a wide range of formats for distribution by various companies. A license to distribute IDC content does not imply endorsement of or opinion about the licensee.

COPYRIGHT AND RESTRICTIONS
Any IDC information or reference to IDC that is to be used in advertising, press releases, or promotional materials requires prior written approval from IDC. For permission requests, contact the GMS information line at 508-988-7610 or gms@idc.com.  Translation and/or localization of this document requires an additional license from IDC.

For more information on IDC, visit www.idc.com. For more information on IDC GMS, visit www.idc.com/gms.  Global Headquarters: 5 Speen Street Framingham, MA 01701 USA P.508.872.8200 F.508.935.4015 www.idc.com