Five Data Storage Trends To Watch

Five Data Storage Trends to Watch
an
Storage eBook
Contents
This content was adapted from Internet.coms Enterprise IT Planet, ServerWatch, and Datamation Web sites. Contributors: Drew Robb, Larry Barrett, Jeffrey Kaplan, Paul Rubens, Jeff Vance, and Jennifer Schiff.
2 4
Deduplication
Virtualization Security
6 8
Cloud Computing
Backup and Recovery for Virtual Environments
10
10
Holistic Data Protection Policies
Deduplication
By Drew Robb
eduplication can help your organization reduce its data storage needs and the associated costs. To take advantage of the best deduplication has to offer, make sure youre taking the right approach. There are several approaches to deduplication. The first choice is between source-based and target-based. Sourcebased deduplication happens at the client, where the data resides. Target based, on the other hand, happens in or via a device the data is fed from the source to a target. In addition, there are a couple of types of target-based deduplication to choose from inline or post processing. Inline means the dedupe process is interjected directly between the source and the backup target. Post-processing prefers an indirect approach where deduplication is not happening constantly online, but it is contained within specific periods. And then, of course, many vendor options are available. So which is best and which types might be better suited for specific situations? Like most things, one type doesnt fit all. Some vendors, of course, advocate the kind of deduplication they offer. Others appear to be taking a neutral stance by investing in all aspects of the technology. EMC, for example, actually offers the gamut source-based via its Avamar acquisition, inline via its Data Domain acquisi-
tion, and post-processing via a partnership with Quantum (note that Quantum also offers inline). Source-based is effective when you are seeking to maximize the efficiency of dedupe or when you must dedupe before you transport data over the network, said Mark Sorensen, senior vice president of the Enterprise Storage Division in EMCs Storage Software Group. To his mind, source-based is ideal for data centers running VMware, remote offices, and NAS; whereas target-based is more appropriate for SANbased backup. Why? Sorensen said deduplication ratios are better in source-based, but it is far more CPU-intensive. Therefore, if you interject source-based deduplication while attempting to backup a SAN, you may inhibit performance. Using target-based, he said, would exert less of a burden on the SAN, although the deduplication ratios may not be as good. He also recommended target-based for databases where typical returns arent as good from dedupe as from other applications. Alternatively, if bandwidth is heavily constrained, Sorensen recommended deduplication be accomplished at source, as this would then require far less data to be transported across the network.
Back to Contents
Five Data Storage Trends to Watch, an Internet.com Storage eBook. 2010, Internet.com, a division of QuinStreet, Inc.
You have to implement what is appropriate for a specific customer, said Sorenson.
Source-Based Competition
According to storage analyst Greg Schulz of Storage IO Group, the world of backup has been changing rapidly in the past year or two due to the influence of dedupe. While target-based approaches dominated initially, as popularized by early pioneer Data Domain, source-based has been gaining ground. As well as Avamar, source-based products are now available on the market or announced from the likes of Symantec, Assigar, Atempo, IBM Tivoli, and CommVault. Target has been the preferred approach up to now, said Schulz. But source-based software is shifting the landscape so customers can do source, target (immediate or deferred).
He equates all this to how organizations use RAID in different ways in different scenarios as they jockey their data protection needs with performance necessities. Schulz rule of thumb is to use source-based for backup of remote sites and target-based dedupe for main site backups. When users are interviewed, it becomes apparent that all will be revealed once they are tested on the ground. One user found Data Domain to offer far better deduplication and offsite replication compared to Quantum-based in a bake-off. Another tested both and came out heavily in favor of Quantum. It all depends, then, on how the various products and approaches play with the existing application mix, hardware architecture, and backup processes. The selection process has to be aligned to individual requirements, said Schulz.
Back to Contents
Virtualization Security
By Larry Barrett
T consulting services and equipment provider CDW served up some statistics in January that indicate that while enterprise customers recognize the inherent financial and energy savings derived from virtualization, theyre still a bit gun-shy when it comes to virtualizing their most critical applications and data repositories. CDWs Server Virtualization Life Cycle Report is an extensive examination and survey of just how mature the virtualization market has become or not in the past decade. A total of 387 information technology executives and companies took part in the survey, with results that revealed both their appreciation for the benefits that virtualization software can deliver and their apprehension to commit their most vital data runs to a technology thats still viewed as a work in progress. Server virtualization was one of the most important data center developments of the past decade, with organizations embracing it enthusiastically for its benefits in cost, IT productivity, business agility, and resilience, said Scott Severson, director of CDWs server and storage solutions group. What we found in this study, consistent with what we see in our customers experiences, is that most adopters have captured the low-hanging fruit and are building their trust in virtualization platforms as they consider how to capture more of virtualizations promise.
To wit: Organizations with more than 100 employees have implemented virtualization software and processes at some level but still only 37 percent of their data and applications are running on virtualized servers. And while 54 percent of these companies have completed their virtualization deployments, respondents said concerns about the security of virtualized environments preventing in-house IT honchos from abandoning their physical servers entirely in favor of software applications that can reduce their overall datacenter footprints by as much as 90 percent. A full 17 percent of the 387 IT executives surveyed said security was the main reason they havent transitioned much of their business-critical applications to virtualized servers, while another 17 percent said their hardware still doesnt support virtualization applications. More telling, 62 percent confessed that despite all the well-documented benefits of virtualization particularly the reduction in energy consumption, the ease of configuring and managing servers, and the freeing of cash to pursue other IT projects they still have a ton of applications that they dont feel comfortable running on virtual servers because of the criticality of the data and applications functions.
Back to Contents
This somewhat schizophrenic outlook is reflected by the fact that 89 percent of those surveyed said they employ a virtualization first strategy a requirement that network users first prove a new application doesnt work in a virtual environment before the company will buy a dedicated server to support it. Also, 99 percent of those queried said they give their CTO a passing grade in their adoption and implementation of virtualization technology, and 85 percent said they believe their IT departments are appropriately staffed and trained to manage a virtualized server environment. However, for some enterprise IT managers, its still not enough. Anything drastically related to secure information, I havent been comfortable with total changeover of payroll and other similar applications just yet, one respondent said.
Despite the apprehension, 95 percent of businesses that have implemented virtualization believe they are saving significant money as a result, and 94 percent are measuring their success in terms of IT productivity, business agility, and reductions in IT energy consumption. IT organizations continue to face immense cost pressures and productivity demands from their internal clients, Severson added. Based upon the successes and benefits they have already seen from server virtualization, we expect continued, steady expansion of virtualized environments as user trust builds and the software vendor community adapts to serve customer demand.
Back to Contents
Cloud Computing
By Jeffrey Kaplan
ore than a year ago, I suggested that it was time for IT decision-makers and their staffs take a look at Software-as-a-Service (SaaS) and cloud computing alternatives to traditional on-premise applications and systems. The time to consider these alternatives is over. Those who dont make the move in 2010, will not only be left behind, but will risk losing their jobs as well. All the arguments I made for considering SaaS and cloud computing in 2008 have only become stronger. The economy is still in disarray with plenty of uncertainty about what the new normal will bring. Competitive pressures continue to intensify as barriers to entry in nearly every industry fall. Although gas prices have receded to more reasonable levels, concerns about our carbon footprint and the costs associated with powering corporate data centers are still high. And, the nature of the workplace has forever changed, moving beyond the four walls of a traditional office to the neighborhood Starbucks, spare bedroom, or someplace further away. Add to these ongoing trends a new generation of workers who have been reared on the Web, communicate via text, and socialize via online communities. Even older workers are becoming more tech-savvy and interested in selecting their own mobile devices along with more intuitive and easy-to-use end-user application.
The Apple iPhone has become a status symbol and Googles Android is building buzz. Everyone is using Facebook in their personal lives, which also spills over into their work lives or is it the other way around? Whether you like it or not, corporate end-users as well as executives have become comfortable using the Web and new technologies to satisfy their day-to-day needs. And they are doing Google searches to answer their tech questions rather than call IT. Was Nicholas Carr right, Does IT Really Matter? A couple of years ago, cloud computing was considered a crazy idea by many IT professionals who could not conceive of moving parts of their data center operations or any of their business applications to the Web. Today, it is becoming the norm. Even Gartner proclaimed last October that cloud computing would be the top strategic technology in 2010. Is it really such a big leap to leverage external, third-party resources to augment your inhouse capabilities? IT organizations have been doing this for years, whether it is has been independent software developers or managed hosting companies. When you strip away all the hype, SaaS and cloud computing offer even greater benefits with less risks.
Back to Contents
SaaS vendors often offer free trials that permit you to try them before you subscribe to their services. You can adopt SaaS apps in an incremental fashion to make sure you like the way they work before rolling them out to an entire organization. Infrastructure-as-a-Service (IaaS) cloud computing vendors offer greater elasticity than traditional hosting services, which permits you to turn up processing or storage resources more quickly and shut them down equally as fast when you no longer need them perfect for test and development requirements, or spikes in business cycles. Moving to the cloud means lower capital investments, less procurement delays, and fewer under-utilized systems and software licenses.
Since the time I first suggested in this space that readers should consider SaaS and cloud computing, the vendors and solutions have only gotten better. The solutions have been tested by some of the largest corporations in the world and vendors business processes have become more mature to meet these challenges. No one is suggesting that organizations will move their entire IT operation to the clouds. Instead, we will continue to live in a hybrid world composed of a mix of on-premise and on-demand resources that will continuously be adjusted to meet evolving operational requirements and take advantage of rapidly evolving cloud-based alternatives. If youre still uncomfortable moving your apps, data, or a portion of your computing requirements to a cloud vendor you can still benefit from the growing success of this market trend. Examine and emulate how the leading cloud vendors are delivering their solutions and services in your own IT operations. Adopting their best practices of standardization, simplification, automation, and agility will make your IT organization more effective. It will also ensure that it remains competitive with the performance levels being set by todays cloud computing leaders.
Lingering Cloud Concerns

Not everything about todays SaaS and cloud alternatives is rosy, however. Salesforce.coms service outage problems reminded us that these online solutions are still susceptible to disruptions. But what in-house data center or IT operation hasnt had its own system failure or application availability issues? Security remains a legitimate concern whenever youre relying on the Web to perform a business function. However, most of todays major security breaches are caused by hackers penetrating corporate data centers or employees losing laptops, not cloud vendors being compromised.
Back to Contents
Backup and Recovery for Virtual Environments

By Paul Rubens
ow does running a virtual environment change the way you need to think about backup and recovery? Its a deceptively simple question, but one that is important to ask if you are thinking of using virtualization to run any significant workloads. Thats because efficient and effective backup and recovery operations are extremely important, and there is no getting around the fact that a virtual environment presents special challenges. For example: the phenomenon of virtual machine sprawl can make it hard to keep track of virtual machines and ensure that the necessary machines are backed up. Some conventional backup methods, when used in a virtual environment, can place huge strains on physical host resources. Although virtualization is meant to introduce a level of hardware abstraction, making it easier to recover servers to new physical hosts, its still necessary to ensure processor compatibility between production and disaster recovery machines to be sure recovered virtual machines will run correctly. In theory you can back up virtual machines in a way that is far simpler than is possible with conventional servers simply shut down or suspend the virtual machine before making a copy of a single file. An offline backup like this provides a full system image that you could use for disas-
ter recovery, and it provides some granularity: you could mount the image to recover individual files. One disadvantage of this approach is that a virtual machine has to be stopped for an offline backup, but a more significant objection is that there are better ways to carry out backups that integrate with existing backup and recovery practices. A common approach is to use agent-based backups, with each virtual machine on a physical host running its own file-level and application-specific backup agents just like (non-virtualized) physical servers. This is a very effective way to obtain application-consistent virtual machine backups, especially as you are likely to be familiar with the procedures involved, and because it provides you with granular access to application-specific resources such as an individual users Microsoft Exchange mailbox. But there are drawbacks to an agent-based approach in a virtual environment that you need to take into account. For example, when two or more virtual machines reside on a single physical host they are forced to share the processor and I/O resources of that physical host. This in itself is not a problem, but when agent-initiated backup operations occur they use up large amounts of processor and I/O resources.
Back to Contents
When multiple virtual machines try to run workloads and perform backup operations at the same time on a single physical host the impact on performance of this intense CPU and I/O resource use can be very significant indeed. To mitigate these problems backup windows have to be increased, and the density of virtual machines running on each physical host has to be limited. An alternative solution that avoids this problem is a serverless backup. This uses a backup proxy server running a backup proxy agent to take data snapshots, and since the backup proxy rather than the virtual machine host controls the backup, no virtual machine or hypervisor resources are used during the backup. This type of image-based backup provides you with the possibility for bare metal recovery of hosts, but the snapshots may be crash-consistent (that is, they may store the state of a server as if it had just crashed, with data in open files lost or corrupted). In order to produce application-consistent snapshots, you would need a dedicated LUN for each of your virtual machines so that each virtual machine could be quiesced before a snapshot of the LUN was taken. A more sophisticated serverless backup approach, called consolidated backup, allows you to back up servers centrally. Systems such as VMWare Consolidated Backup (VCB) ensure that running virtual machines are quiesced before they are snapshotted by the backup proxy, providing you with backup images that are application-consistent. Backup solution vendors are able to take advantage of consolidated backup to offer a variety of virtualizationspecific features. For example, with Symantecs NetBackup solution you can recover individual files from VMWare and Microsoft Hyper-V backups directly, without having to mount the backup image first. It also includes incremental snapshot capabilities to reduce storage requirements and I/O resource usage.
Large numbers of snapshots necessarily create huge amounts of data that must be moved around and ultimately stored, and since many of your virtual machines are likely to run the same operating systems (and often the same applications too) backup solutions such as NetBackup include data deduplication to reduce your network and storage requirements and associated costs significantly. An added benefit of using a solution such as NetBackup is that the software can assist in discovering virtual machines running on your infrastructure, helping to control virtual machine sprawl while also ensuring that active VMs are backed up. Key points:
Use backup agents where necessary for application consistency or for an additional layer of protection, but be aware of the performance impact they have on your physical hosts Use serverless backup systems with VCB (or equivalents) and third-party backup software to produce both system images and file system data without using the resources of the physical hosts being backed up Use data duplication to reduce network and storage requirements Ensure any virtual machine backups are compatible with existing disaster recovery automation software
Back to Contents
Holistic Data Protection Policies

By Jeff Vance and Jennifer Schiff
egardless of the size of your business or the industry where it conducts business, there is sensitive data that it stores that it needs to protect. By now everyone in IT (and even beyond) is familiar with the data breaches at retailers like TJX, numerous banks, credit card operations, and government and nonprofit agencies. According to the Identity Theft Resource Center, there were 656 known data breaches in 2008 that exposed nearly 35.7 million records. Such breaches are costly in terms of bad publicity and real dollars. In some cases sensitive data is targeted by criminals who are well-schooled in breaching networks. In other cases data is lost because of ignorance or carelessness on behalf of employees who put sensitive data on a laptop, for example, which is then stolen. Its likely the thief is more interested in the hardware than the data that resides on it,
but thats little consolation to those whose personal information is now at large. There is big business in the storing and securing of sensitive information, especially with regard to businesses and data that are subject to the increasing number of government and industry compliance regulations. There are software- and hardware-based tools that can prevent the most notorious data breaches, but before IT managers go shopping for solutions their underlying data protection policies need to be reviewed (or established if they dont exist) so employees can help protect what hardware and software cannot.
Five Steps Every Organization Should Take

The what, where, and how of protecting sensitive data seems like common sense, but the word youll see recurring in the following list is policy. IT organizations develop plans for upgrades, migrations, and dozens of other tasks; protecting sensitive data should be no different. Start with a plan.
1. Identify the five or six pieces or types of data that would cause
serious problems if it left the organizations. Examples include social security numbers, customer credit card numbers, sales records, and intellectual property.
2. Figure out where sensitive data is stored within your organization. Older companies will often find that sensitive data is all over the place, even on employees desktops.
3. Once you know where that data is, establish polices for how it
is created, stored, accessed, shared, and secured.
4. Monitor and enforce data protection policies on e-mail, Webmail, IM, and other methods of communications.
5. Create and enforce policies for data stored on endpoints and

removable storage.
10
Back to Contents
Policies are important because they help IT govern data that leaves the servers and databases that are (hopefully) secured by trained professionals. A holistic data protection policy covers how you protect data throughout the organization: on servers, in databases, and on endpoints like PCs and laptops. Its the computer users who are not technology professionals that offer the most risk. In essence, anything that finds its way onto the PC desktop and other endpoints exists in the data equivalent of the Wild West. Most application servers and databases are fairly well protected, but few if any rules govern how data on the desktop is manipulated, replicated, and stored. Once data migrates to the desktop, it can be burned onto CD-ROMs, copied onto USB drives or MP3 players, and e-mailed to anyone, anywhere. Many organizations have woken up to one risk e-mail but even there security is still more about outsiders (spam and phishing scams) than insider risks. Technology, of course, plays a role in keeping your data safe. But every technology solution has its drawbacks. Whole disk encryption software, for example, can run early in the start-up process on most PCs without any action required by the computer user. But even if the whole disk encryption software works perfectly, if its stored on a hard drive sector that goes bad, the computer is useless until the hard disk is replaced. Its also limited to when the computer is turned off (or possibly hibernating). If someone swipes a laptop while its sleeping, they can access the sensitive files. When a computer with whole disk encryption needs to be accessed by tech support, for example, then youre making the sensitive data on that system available to another person. External hard drives are a popular way to keep sensitive data off of the PC, and there are encrypted hard drives that will protect the data from curious eyes. But external hard drives, encrypted or not, can be lost or stolen more easily than a laptop in many cases.
That brings us back to policies. Effective data protection policies cover technology and behavior. It might be part of your policy that all sitting information is encrypted, for example. Security expert Adam Levin, chairman and co-founder of Identity Theft 911, has his own criteria for a good data protection policy. It involves just five things:
1. Instituting good security and privacy policies for collecting,

using, and storing sensitive information
2. Using strong encryption when storing information on computers and laptops
3. Limiting who has access to sensitive information 4. Safely purging old or outdated sensitive information 5. Having an incident response plan in case a breach occurs
In addition to the above, Levin also suggests that organizations have firewalls, anti-spyware, and antivirus protection in place and kept up to date; refrain from using wireless networking technologies (Wi-Fi); and truncate data so that sensitive information is not used where it is not needed. But the most important thing, he reiterates, is to make sure you have secure, encrypted ways of obtaining and storing sensitive information and employ encryption protocols and encrypt all sitting data. A truly holistic policy should also cover the transport of data, such as who can put sensitive data on a laptop, how that data must be secured (passwords, encryption, etc.), and how the hardware itself must be secured. As with any corporate policy, your data protection policy should be communicated in writing to everyone in the organization. It should be signed and kept on file. And of course, it goes almost without saying that the policy needs to be enforced at every level, including audits and penetration tests for the network, servers, and databases. End users need education, reminders of the policy, and they need to understand the consequences if they dont follow the policy.
11
Back to Contents

Five Data Storage Trends To Watch

Încărcat de

Informații document

Descriere originală:

Titlu original

Drepturi de autor

Formate disponibile

Partajați acest document

Partajați sau inserați document

Opțiuni de partajare

Vi se pare util acest document?

Este necorespunzător acest conținut?

Drepturi de autor:

Formate disponibile

Five Data Storage Trends To Watch

Încărcat de

Drepturi de autor:

Formate disponibile

Five Data Storage Trends to Watch

Backup and Recovery for Virtual Environments

Holistic Data Protection Policies