This weekend I had an interesting conversation with my Dad. We were discussing backup. My dad basically runs IT for the State of Maine. The State of Maine uses CommVault backup software. So I posed the question to him, “What would it take for you to rip out CommVault and replace it with another solution. He thought about it for a moment and replied “I wouldn’t”. His answer came down to a couple of reasons.
First was the expense. It’s not just about buying the new software, it would be training people to run the new software and it would be about throwing away the massive investment they have in their existing product as well as converting all the years of backup takes created with one software to the new software. This is one of the biggest things vendors forget when trying to sell a customer on their backup software.
Second was the fact that, feature for feature, the top 5 traditional backup software products are not really that different from one another. Sure, I do agree that some products have features that others don’t, and others products have features that work better than others, but in reality, the delta is so small and the workarounds are so simple it doesn’t really matter. Unless your replacing traditional backup software with an evolutionary source based data deduplication software (which is only applicable for some environments) there is no advantage to switching software.
The challenge is if Data Protection is still one of the biggest and most expensive pain points within IT, how do the problems get resolved if replacing the software controlling it all is too costly to change?
It’s time to start asking new questions about how to solve the problem. In the backup ecosystem there are a few things IT has to juggle in order to maintain equilibrium. First there is data growth. As data continues to grow, it gets more challenging to complete backups in the time available. Second is availability, this is where the terms RPO and RTO (recovery time, recovery point objectives) come into play. How quickly can I get my data back, and how old is it (how much data have I lost) when I do get it back. Third is corporate governance. Keeping the business out of jail, or from losing a law suit, is a key role of data protection and when done properly can actually help with backup.
So when trying to balance all of this, where does one start? It starts with one key concept, What is the value of the data to the business at any given point in time? Based on this, IT can begin to develop a very effective data protection strategy while keeping the cost of doing so in check.
There are two things that must happen in the development of this strategy. First IT needs to answer the data value question. This can ONLY be done by having conversations with lines of business managers to understand a few key metrics. Metrics such as:
1) How much does it cost the business to be down?
2) How much does it cost when data is lost?
3) Does the company need to adhere to any regulatory requirements?
There are many other questions, that need to be answered but these are a few of what IT needs to be thinking about. Next, IT needs to establish some goals. These goals need to be realistic given the budget and they need to align to the value of the data. In other words, apply the right technology to the right data based on its value to achieve balance. These goals should take into consideration:
1) How do I ensure the fastest recoverability reasonable for a given data set?
2) How do I move as little data as possible (moving data is expensive)?
3) How do I recover as little data as necessary (smaller amounts of data being recovered = faster recoveries)?
4) How do I ensure I store data on the lowest cost medium practical to meet my SLAs?
5) How do I delete data at the right time?
These are very lofty goals. Keep in mind, unless your company is in the business of providing data protection services, your company doesn’t make any money backing data up. Backup is an insurance policy. The trick is to balance the costs of protecting that information with the value of the information.
Where does IT start? Start with the goals. If RPOs/RTOs are the challenge, try leveraging space efficient snapshots to have data local and more point in time copies for faster, “newer” recoverable data. If backups need to be faster to help close the backup window, backup to disk, then copy that data to tape. If that disk is too expensive, deduplicate the data. To move as little data as possible and recover as little data as possible, leverage real-time compression on your primary storage. By compressing data as much as 5x, AND ensuring that the compression solution works with existing data protection processes, there will be a significant reduction in the amount of data that needs to be moved and stored in the backups giving back a great deal of time in the backup window. Next, think about archiving technologies. Most data retention practices have a schema similar to 14 dailies, 4 weeklies, 11 monthlies and depending on the yearly retention practice X number of yearly’s. A proper archiving technology can take the multiple copies of data being stored in the “yearly” data set and reduce it significantly. By taking that data out of the backup flow, again, the costs of disk and tape storage go down and moving less data gives back time in the backup window. Also, setting the proper archiving policies will identify when to delete data which saves on storage costs, both the medium and the footprint (tapes at an offsite facility).
At the end of the day, there are a number of solutions available to customers that can have a profound impact on your business without having to rip out your existing backup software that don’t cost a lot of money and won’t impact the existing investment. I encourage data protection professionals to work with vendors who take a more consultative approach in helping to solve the data protection problem. Work with a vendor that has a very large install base who has implemented a number of data protection solutions and can draw on a wealth of use cases and best practices collected over time. Solving the data protection challenge is not easy, to solve it properly, you need to properly align the value of your data to the technology used to protect it and most of all it takes a good deal of experience reach out to the pros.