New Year's resolution: Do more with less

Storage resource management software, SANs, efficient data protection, and security should be high on your list.

By James Staten

Many IT budgets are set in the fourth quarter, but now is the time that most managers sit down and evaluate needs versus spending and put together executable plans that will help meet corporate goals. IT executives in every industry are looking at 2003 and struggling with the paradigm of having equal or fewer resources and more information to manage and protect. The industry consensus is that there will be even less money to buy additional equipment than there was in 2002, and many IT executives are not even considering adding more personnel this year. To compound this issue, the average information growth (across all industries) is estimated at 1.3¥ to 2¥ that of 2002, and there is additional pressure to build more security into systems, protecting what many corporations feel is their most valuable resource: data.

This article outlines four key storage strategies to focus on this year that will enable you to make more-efficient use of your current resources, more informed investment choices for needed technology, and security plans that enable maximized protection of mission-critical data.

Know what you have

The first question a CIO should ask is, "What storage resources do I currently have, and am I efficiently using them?" Chances are there is a more efficient way to use what you already own. According to the META Group consulting firm, IT departments are only utilizing 20% to 40%, on average, of the storage allocated to Windows NT hosts, while utilization of Unix storage isn't much better—at an average of 40% to 60%. Putting these numbers in perspective, META states that any utilization rate under 60% is highly inefficient.

With your current resources, it is highly likely you can improve utilization of what you already have and put off additional expenditures for the time being. Storage resource management (SRM) software can provide the information you will need to track utilization rates, where storage resources are being allocated, and how they are being used. Essentially, SRM tools provide you with a scorecard that will help you determine your utilization rate.

Maximize what you have

So how do you improve your utilization? Most storage resources are directly attached to a single host and cannot be shared. This may be the first place to start.

Once you have a basic understanding of the resources available throughout your storage environment, you will want to better use those resources. The first way to do this is through consolidation, which allows storage devices to be shared by more than one server (i.e., by linking multiple servers and storage devices in a storage area network [SAN]). This allows applications that require more than their share of storage resources to automatically roll over to another box that is under-utilized by its primary server—eliminating in many cases the need to purchase an additional box. This can be accomplished in a SAN environment and is often referred to as storage pooling.

Know your data

The next strategy to meet your 2003 goals of doing more with less is to prioritize your data to ensure you are fully protecting mission-critical information but not wasting resources protecting data that is not critical to your day-to-day business. Determining what information you need to keep readily accessible vs. what only needs to be stored for maintenance purposes is a mostly manual process as every business values the data associated with particular applications differently. The most effective way to do this is by associating quality of service (QoS) rankings to data and applications.

You should divide your data into four primary levels of QoS:

  • Level 1—Information that needs instant recovery because your company will start to lose money the second it is unavailable or lost.
  • Level 2—Data that could be recovered in a matter of hours without significant financial impact.
  • Level 3—Data that could be recovered within a day.
  • Level 4—Information that does not need timely recovery and may not need to be readily available, but must be maintained (for regulatory or other reasons).

Administrators can use SRM software to determine what information falls into what QoS category. SRM tools provide decision-making information such as how old the data is, when it was last used, and with what application the data is associated.

By instituting a QoS hierarchical storage management environment, you will see increased return on investment from your storage investments due to the removal of non-mission-critical data from expensive systems, which allows your current resources to become less cluttered.

With the knowledge of what information is critical and where it resides in your environment, you now need to ensure your Level 1 and Level 2 data is protected. By establishing the four levels of QoS, you have created an efficient infrastructure that you can protect accordingly. For example, you will want to invest heavily in protecting QoS Level 1 data, but will invest significantly less time and resources to protect QoS Level 4 data.

Currently available solutions that address data security include data continuance platforms that provide

  • Fail-over capability in each host. In case one host bus adapter (HBA) fails, the system will automatically default to another HBA;
  • Synchronous replication, which provides mirroring capabilities in the same array (host-based mirroring tools can also do this between different arrays); and
  • Distance replication, which mirrors copies to a secondary data facility.

Once you are prepared by having remote backup sites, mirrored disks of your mission-critical data, and other things put in place by the QoS, there is still one last issue to address: protecting your data from security breaches.

Ensuring data security

We often think that because most corporate data is behind a firewall, it is safe. However, most security breaches are perpetrated by people already inside the firewall: your own employees. Storage provides no inherent protection and depends solely on firewalls. The biggest risk today in storage is access to storage management tools that could be used to delete volumes, copy directories, change access rights, etc. Two types of security initiatives are in use now to protect storage administration tools:

  • Base-encrypted security—One user name, one password. The main shortcoming with base-encrypted security is that many IT environments currently employ more than one storage administrator, and each may only need access to a limited set of features. Additionally, with just one password it's difficult to trace where a breach in security occurred; and
  • Role-based security—Password allows rights only specific to a job. For example, the CIO would have rights to the entire storage environment and a technician would only be able to manage a specific area of the storage environment. Most vendors are adopting this type of security.

This year, consortiums such as the Storage Networking Industry Association (SNIA) will be more focused on security. SNIA is currently in discussions with government third-party encryption providers about addressing security issues in storage units without affecting performance or allowing products to become cost-prohibitive.

In conclusion, to start this challenging year on the right foot and begin making executable plans that meet increased storage demand with only the rare addition of resources, you should begin by looking to SRM tools for guidance regarding what you currently own, how it is being used, and what could be streamlined. And make sure your SRM software and other administration tools employ the level of security you require.

Storage administrators, as well as IT executives, will have to gain a better understanding of their utilization and make every effort to optimize the storage environment, both on a systems end and a management end, to meet the stringent spending patterns that 2003 brings. By leveraging SRM to better understand and more efficiently use current resources, you will enable the cost savings required to meet tight budget restrictions, as well as decrease your total cost of ownership. Your spending choices in 2003 will also be made with more ease and will be more-strategic purchases.

James Staten is director of software strategy and data continuance marketing, network storage, at Sun Microsystems (www.sunmicrosystems.com) in Santa Clara, CA.

This article was originally published on January 01, 2003