Electronic vaulting can save time and money while ensuring data protection.
By Chuck Holland and Christopher W. Midgley
Despite their best intentions, Windows NT/2000 professionals routinely ignore disaster recovery planning. Blame it on the expense, the inconvenience, or a lack of resources, but disaster recovery is a nightmare for most Windows sites. Unlike large enterprises, smaller resource-constrained organizations typically see disaster recovery planning as an impossible dream.
However, the Internet is changing business practices, making 24x7 operations standard. Companies store customer orders in the e-mail database, collect customer profiles on their Web servers, and make inventory available online. Critically dependent on their data, businesses are at high risk to even the shortest loss of data availability. Disaster recovery is now an operational imperative that can be supported by new technologies. New bandwidth offerings combined with Internet-based data centers and data replication technologies make protecting data easier and more affordable than ever before.
As a result of these technology and economic shifts, disaster recovery technologies are poised to become a new business standard for Windows NT/2000 sites. No longer too expensive or inconvenient, disaster recovery planning is emerging as a must-have technology that breaks the nightmare of backup-and-restore cycles. To appropriately protect their business data in the new economy, Windows NT/2000 professionals must understand the technologies that support disaster recovery planning today, as well as the steps necessary to implement a sound backup and recovery strategy.
The cost and effort involved in performing routine backup of system data in connection with an effective disaster recovery strategy was a long, distasteful but necessary function for small- and medium-sized businesses. Backing up data to tape was inconvenient, especially as backup windows began to shrink with round-the-clock system availability. Trucking tapes off-site was costly, and engaging a dependable recovery solution-hot site, cold site, or replacement equipment on-site-was a significant expense. In the event of a major disaster, getting personnel to the appropriate system location was a logistical and budget nightmare. In the end, most companies took their chances and hoped for the best-often with disastrous results.
Three technologies are changing the face of disaster recovery planning: bigger bandwidth, Internet data centers, and byte-level replication technologies. A carefully executed plan using these three technologies can help companies implement a combined backup-and-disaster recovery strategy that is affordable and easy to manage. Additionally, new services are emerging to automate disaster recovery functions and make disaster recovery planning a staple in the management of Windows NT/2000 sites.
Better bandwidth offerings create a bigger pipeline for businesses' data to travel during the backup and recovery processes. These bandwidth technologies deliver high-speed, fat pipes at low cost. For example, for as little as $500 per month, DSL connectivity can protect tens of gigabytes of data during a byte-level backup process. Compared with the high cost of dedicated telecom lines, DSL offers tremendous savings to some sites and an entirely new backup opportunity to others unable to afford the higher-cost alternative.
The second key technology is the availability of Internet data centers. Using fat pipes and powerful servers, Internet data centers provide dot.com companies and application service providers (ASPs) with the security and redundancy to host 24x7 mission-critical applications. These service providers can also sell small volumes of server space to small- and medium-sized companies, making the service affordable for those without big IT budgets. Managed service providers standardizing on Windows NT/2000 servers can offer server space in Internet data centers on a rental basis for Web sites, ASP services, and real-time archives of critical company databases. These organizations provide full management of the servers, including backup and recovery.
Service providers can now extend disaster recovery to companies by backing up their local data over the Internet and storing it at the data center. This service eliminates the company's need for IT staff time to manage tapes and backups. If the site needs to copy or restore data back to its primary systems, the process executes over the Internet with no need for physical tape transfer. Storing data at an Internet data center also offers companies the physical isolation necessary for effective disaster recovery planning. If the business experiences a disaster that makes its own site unavailable, the Internet data center can deliver the data to an alternate site where processing can resume.
The final key technical change is the emergence of new replication technologies available for Windows NT/2000 sites. In both operating systems, the Windows File Filter API notifies the system when a byte in an application's stored data has been changed. Replication products take advantage of this API by replicating only changed data at the byte level. Instead of reproducing and transporting entire files for every backup, these replication technologies copy and move only changed data, reducing the processing load and the network impact that traditionally accompanies backup operations.
Further, these replication technologies function in real-time, backing up data around the clock. No backup window is required to execute data replication, which means that systems can operate without planned downtime. Because they are only updating changed bytes, the replication technologies can send the data continuously. This feature allows sites to have current replicated data stored in support of 24x7 systems operations.
The combination of these three technologies allows Windows NT/2000 professionals to combine their backup and disaster recovery planning practices into a unified electronic vaulting strategy that addresses both the need to replicate and store current data and the ability to restore data and applications in case of a disaster. Electronic vaulting replaces the multi-day practice of trucking backup tapes to safe centers and bringing them back to restore data in case of disaster. The backup process moves to the Internet data center, where both current data and histories can be maintained in a safe and remote environment. In effect, electronic vaulting can deliver the backup and recovery protection that data-centric businesses need without breaking the budget or increasing headcount.
There are two ways to implement an electronic vaulting strategy in Windows NT/2000 sites. Electronic vaulting services can be purchased as a package from service providers, or enterprises can build their own electronic vaulting operations.
When purchased from a service provider, electronic vaulting pumps changed data across the Internet to an Internet data center. The data center updates current copies of the stored data or applications and stores the new versions for safekeeping. In case of an inadvertent data deletion, corruption, or larger disaster, current or historic copies of the data can be downloaded back to the Windows NT/2000 site across the Internet. In the event of a site disaster, companies can prearrange to use a high-speed link to an alternate site, where all company systems can be recovered overnight.
Windows professionals with the expertise and desire to keep the backup and recovery processes in house can develop their own electronic vaulting strategy. In this case, data is replicated to either a remote site of the organization or to servers placed at a rented location, such as an Internet data center or a disaster recovery hot site. This strategy ensures that data is always available and current in at least two physical locations. Data updates and recoveries can transmit across private networks or across the Internet utilizing Virtual Private Network (VPN) technology, which adds encryption and security, thereby creating a private connection over public networks.
Choosing an electronic vaulting service
The emergence of electronic vaulting services delivers an affordable, Internet-based method of uploading changed data and copying or restoring data to the system in case of a disaster. Internet-based electronic vaulting providers usually offer one of three types of service:
- Vendors offer server space accessed across the Internet, which the buyer can use to store critical data and access it at will. In this scenario, the buyer is responsible for the actual replication and recovery.
- Vendors sell the service of copying and uploading data, and the vendor archives the data on a frequency specified by the buyer.
- Vendors provide an automatic service for continuous replication of data to the Internet data center, providing a full range of recovery services from individual file recovery to full disaster recovery to alternate locations.
As with most Internet-based services, companies can choose electronic vaulting options that range from no cost to high cost. Vendors recently began offering free Internet-based storage space, but these services are designed for individual users rather than businesses. Vendors that execute replication or restore services at the user's request are a low-cost alternative, but the responsibility for requesting services remains with the user.
Other services automatically perform continuous replication and updating without any user intervention. Although these services are more expensive than the other options, for some sites they are the most cost-effective due to reduced management overhead. Continuous replication services provide full coverage of all data, automatically and continually, removing the responsibility for scheduling backups and tape management from the user organization.
Using electronic vaulting services often requires no additional communications capabilities at the user site. Because continuous replication technologies isolate byte-level changes, they transfer only small amounts of data. In most cases, the system overhead required by real-time replication is less than 3% of the total processing potential, and network usage is reduced to a fraction of that required by traditional backups or full-file archiving.
For example, a site with a 30GB database can easily support continuous replication using DSL bandwidth. After an initial full copy, the technology replicates and transfers only changed bytes and allows regular processing to continue unaffected. Traditional backup services send an entire copy of the file or database for each scheduled backup, which could take days over the Internet. Even local backups of a large database require an overnight window of several hours or more, when all other processing is stopped in deference to the backup operation. In contrast, current replication technology offers the benefits of speed, currency, and transparency while delivering offsite disaster recovery protection.
Another benefit of electronic vaulting is the lack of training and intervention required to execute reliable backups and simple recoveries. Where traditional backup technologies required training operators to insert tapes, execute backups, monitor and record volumes, and ship tapes to safe centers, online replication technologies seamlessly upload changed data with no manual intervention.
In addition, data being sent to the electronic vaulting service via a DSL line does not interfere with data being received by the site's servers. DSL allows data moving upstream and data being downloaded to transmit simultaneously. A company using a small or medium-sized connection could send replicated data to the electronic vaulting service while users were viewing Internet pages without users noticing any delay in the download.
Addressing security concerns
When evaluating an electronic vaulting service provider, users should consider two basic questions: How secure is the remote data copy, and how much data history do you want to store? Experts say that maintaining current data is critical, but storing previous versions is important in case today's data becomes corrupted and the site needs to roll back to an earlier version of the data.
The issue of continuous replication raises a security concern: How safe is it to use electronic vaulting services? As with any Internet access or any vendor-provided service, security breaches are possible, but are generally avoidable with good planning. Users can take several steps to ensure the security of their data.
The first step is to ensure that the servers used to store a business's data are physically located outside of the buyer's region, to prevent a widespread disaster from preventing restoration of data. The service bureau can be located nearby, but data should be stored in a geographically distant location.
To avoid security breaches posed by continuous replication technologies, experts advise that you carefully choose an experienced VPN provider. VPN technology converts public networks such as the Internet to private networks that can be accessed only by authorized parties. For example, your VPN provider should offer encryption techniques, electronic keys, password protection, and electronic certificates to guarantee the authenticity of sites sending or receiving data.
The Internet data centers used by electronic vaulting services to store data should also be adequately secured. Most are equipped with diesel generators in case of their own power outage, redundant cooling systems, on-site security guards, fire suppression systems, and earthquake-safe facilities. Many also have geographically remote sites to which data is replicated.
Self-service electronic vaulting
The final option for users interested in electronic vaulting is a do-it-yourself strategy employing data replication and a backup product. This option allows the site that owns the data to maintain control over the replication and restore processes.
There are several options for those who choose a do-it-yourself electronic vaulting strategy. Businesses that have remote sites can designate a branch location to host the electronic vaulting service. Companies can also rent space in a geographically distant location. Or they can rent server space from Internet data centers and implement the replication technologies at their own sites.
Each of these options allows organizations to replicate data in real time over their intranet or the Internet, saving the cost of physical tape transport, training of personnel, and lost productive system time. The remote vaulting site takes responsibility for backing up the replica, managing tapes, and performing restores. To relieve this burden, "lights out" products perform backups and keep months of history in tape libraries automatically and without user intervention.
Administrators can monitor the operation remotely and recover data over the Internet. If the site has been compromised by the disaster, the "lights out" site can serve as the recovery location. Alternate possibilities include another corporate branch site, a site provided by a disaster recovery vendor, or a site contracted through a service organization.
Organizations interested in a do-it-yourself electronic vaulting strategy should focus on the key steps needed to create an effective solution:
- Replicate data as currently as possible
- Remove data to a safe, geographically distant location
- Archive data frequently, preserving histories in case current data is corrupted
- Create a "plan B:" Designate an alternate site in case a regional disaster impedes your ability to recover data at your local site
Now that disaster protection technologies have caught up with the Internet, and Internet-related disaster recovery services are emerging, companies can no longer justify remaining unprotected. The risks grow higher each year that a data disaster will cripple or wipe out an unprotected business; even a minor loss can cost millions of dollars. The new generation of disaster recovery planning services is easy to use, simple to cost-justify, and hard to ignore, in light of its value versus the potential for loss.
Chuck Holland is co-founder, and Christopher W. Midgley is the chief technology officer, at LiveVault Corp., in Marlborough, MA. www.netint.com.