Datacenter Security

Updated: April 30, 2009

Data minders have more options than ever to shield themselves from human error, system crashes and natural disasters . Tape was once the backup mainstay, but dropping prices for disk technology have given rise to a number of disk-based protection approaches. In addition, more organizations can consider remote replication as part of a data-security scheme, given the availability of IP-based solutions.

The task for IT shops, consultants say, is to align applications and data with the most cost-effective means for keeping them safe.

"With the technology out there today, you can tier your protection strategy," said Josh Howard, a storage specialist at solution provider CDW Corp.

Critical Path

Before those tiers can be explored, organizations need to take stock of what they have and ask some fundamental business questions. What are the most critical applications and data? What is the cost of losing data? The answers to those questions will help determine how best to spend data-protection dollars. Unfortunately, the answers aren't always at the tip of customers' tongues.

"How long can you afford to be down?" asked Todd Oseth, chairman and CEO of Sanz Inc., a storage consultant. "Many [companies] don't know how to answer that question."

Oseth said that companies have been duplicating their data for years without "a good economic reason" for doing so. A data-protection project, he said, should start with classifying data and determining "what information needs to be handled in what way."

The classification need not be overly complex. Oseth suggested three categories: a top tier for data of high importance, a second tier for data of middling importance, and a third tier for not-so-important data.

IT managers may enlist automated tools to help with the classification process. Products in this space include Arkivio Inc.'s auto-stor, EMC Corp .'s Infoscape, and Kazeon Systems Inc.'s IS1200-FRM appliance.

Protection Options

Once data is classified according to its value, the customer can go about selecting the optimum protection plan.

A high-value information asset, such as customer information housed in a database, will get tier-one protection. Howard said that treatment will typically involve local data replication. This can be accomplished through periodic "snapshots" of data, which organizations "roll back to a certain point in time" with respect to data, Howard said.

Snapshots, a feature of many disk-array products, are maintained locally so customers don't have to restore from an off-site storage location across a WAN link. Snapshots may be taken at various intervals, hourly or every few minutes, for example.

Solutions that back up every write — as opposed to periodic snapshots —- are sometimes referred to as CDP (continuous data protection) solutions. CDP logs changes to data and lets the end user roll back to any given point in time, noted Randall White, a senior consultant with GlassHouse Technologies Inc., a storage services firm.

The criticality of data determines the granularity, or recover-point objective, of the backups. Another metric, the recovery-time objective, sets the organization's goal for how fast data should be restored. The recovery-time objective dictates such decisions as whether disk or tape should be used, as the latter has a slower recovery speed.

Local snapshots and backups, however, fail to address disaster recovery. Companies can, and do, create backup tapes and move then to a secure off-site facility. But the most critical data — particularly data with stringent recover-point and time objectives — may rate a disk-to-disk remote replication solution. The idea with replication is to create a mirror image of production data at a remote site.

Replication comes in two forms: synchronous and asynchronous. Synchronous mirroring provides the greatest assurance that production and mirrored data remain consistent, due to the technology's two-phase- commit approach. Synchronous replication, however, encounters latency issues as distance increases.

The synchronous option carries with it a "distinct distance limitation" of about 30 miles or so, Howard said.

That 30-mile limit may work for some disaster-recovery needs but may not suit an organization that wants its data safely away from a fault line or a hurricane-prone region. For those cases, asynchronous replication may be used. The approach, which lacks the latency issues of two-phase commit, may be deployed across greater distances.

White estimated that 80 percent of remote replication is asynchronous but noted that some clients aim to push the envelope on the range of synchronous mirroring. Some New York City area financial firms have adopted a hybrid strategy, in which they replicate synchronously a short distance away and then replicate asynchronously across a greater distance, he added.

Safety for Less

Some solutions provide less expensive protection alternative for data of lesser importance or for organizations that can't afford the higher-end products.

Data in the middle tier of importance might, for instance, reside on a Serial ATA disk that is lower performing — but also less costly —- than a high-end 15,000 rpm Fibre Channel disk, consultants said. Archival data may end up on the cheaper disk technology or tape.

Organizations, of course, can also adjust the rigor of backup policies to reflect the importance of data. Howard said that customers are probably not going to treat their end-user home directory the same way the deal with mission-critical data. In that case, the recovery-point objective may be satisfied by a nightly backup.

Finally, the increased use of IP in storage networking has opened remote replication to a wider audience. High-end replication schemes may relay on SONET or Dense Wavelength Division Multiplexing, but consultants noted a rise in the use of IP among midsized companies. The ability to tap existing infrastructure puts replication within their reach.

The growing market share of NAS (network-attached storage) appliances has also contributed to the growth of IP-based replication, according to White. NAS products' replication features are typically based on IP, he said.

In summary, data-protection choices abound. The task for IT managers: classify data, determine recovery objectives and select the solutions that best fit the data tier.

Related Categories
Featured Research
  • Securing Enterprise Information Technology

    In the 1980s and 1990s, business applications and data were largely confined within and protected by a Local Area Network (LAN). The 2000s introduced a significant change. Download this white paper now to learn why the shift to the cloud is changing how companies think about and manage their IT infrastructure. more

  • Office365 Adoption eGuide

    Microsoft moved to the cloud in 2014, and, as a result, Office 365 is taking off. Now, Okta customers are connecting to Office 365 in increasing numbers. This eGuide explains why IT departments should plan and deploy solutions around identity and mobility management in concert with their Office 365 roll out to get maximum user adoption. more

  • Okta Directory Integration

    For most companies, Active Directory (AD) or Lightweight Directory Access Protocol (LDAP) play a central role in coordinating identity and access management policies. When on-premise applications are integrated to Active Directory or LDAP, users get the best possible experience. That's why Okta's cloud-based identity and access management service provides a highly useful single integration point. more

  • Top 8 Identity and Access Management Challenges with Your SaaS Applications

    With more and more businesses adopting Software-as-a-Service (SaaS) applications, enterprise IT is fundamentally changing. This whitepaper presents the eight biggest Identity and Access Management (IAM) challenges associated with adopting and deploying cloud and SaaS applications, and discusses best practices for addressing each of them. more

  • Better BYOD with Pulse Secure and MDM Partners

    Learn how Pulse Secure and leading MDM product partners are transforming the way employees and IT benefit from the productivity and flexibility of BYOD — without compromising security or increasing management complexity. more