Transcript
Issue 2
Information Management: Because Prevention is better than Cure 3 Is traditional backup good enough? 5 Gartner Research Disk, Tape, or Cloud: Selecting a Data Protection Technology 15 CIO Perspective - Parvinder Singh 16 Where should the backup go? 18 What’s good about cloud based backups? 19 CIO Perspective – Sunil Sirohi 20 Protecting Desktops & Laptops 21 Protecting the Application Servers 37 About Ace Data
Featuring research from
NOTE FROM THE EDITOR’S DESK: Data is exploding all around in all sectors may it be healthcare, telecom, media etc. Size of applications and number of new application being developed and used is also growing very rapidly. Mankind’s dependence on IT has gone so high that even a child today knows how to use his father’s laptop. Loss of information is as good as a disaster for an organization. Ace Data considered this as a key area and has been working with its esteemed customers over a decade now to help them protect their information so that any accidental disaster can be overcome with respect of their data. Apart from data loss, application availability is an equally important aspect. Even a slight downtime can cost heavily in terms of loss of reputation, loss of customer, loss of business etc. It is therefore important to implement the best possible technologies to keep applications running 24x7. Ace Data is continuously innovating itself to meet the growing customer demands and implementing latest technology offerings. In this newsletter we have captured the various aspects of protecting not only from backup point of view but also the application protection and their best practices.
Ace Data is associated with the best in the business, ranging from certified engineers, to analysts and technicians with extensive experience in handling complex technical challenges, who place their collective skills at your disposal. The team comes up with customized, cost-effective and future-proof solutions every time so that you can relax with ease and perform to the best of your ability. Continuing on its journey of continuous innovation and commitment to provide best of the breed solutions, Ace Data is pleased to announce launching its services in backup
space through a cloud-based model. The model offers agentless backup of a wide range of operating systems and online databases apart from the backup of unstructured data in the form of desktops and laptops. Local and global deduplication, compression and 256-bit in-flight & at-rest encryption make it cloud ready.
This offers our enterprises to move on from the capex model to opex model and pay for the amount of data protected.
From compliance and security point of view, the solution is compliant with Sarbanes Oxley, SOX, HIPPA, HITECH & Basel II standards and is certified with FIPS 140(2) security organization.
Team Ace Data will continue to venture into ever changing and growing market space to ensure that it lives true to its “feel relaxed” mission for all its customers. I would like to thank my team members Dinesh Sakhuja, Gurmeet Singh, Sahil Gupta, Atul Mahajan, Pravesh Upadhyay, Punit Gupta, Varun Sharma and Ravinder Kashyap who have helped contribute their real work experiences in this newsletter.
This is a 24x7 cloud based backup solution that helps our customer protect their data automatically to a remote site as a backup even if the replication based disaster recovery seems out of budgets or other limitations. We do also offer recovering your physical servers virtually for a quicker response back to market in event of a site failure.
From strategy to support, Ace Data Devices works closely with you to maximize the value of your IT investments and that of your quality time.
Anuj Mediratta
Founder and Director Technology, Ace Data Devices Pvt. Ltd.
Information Management: Because Prevention is better than Cure is published by Ace Data. Editorial supplied by Ace Data is independent of Gartner analysis. All Gartner research is © 2012 by Gartner, Inc. All rights reserved. All Gartner materials are used with Gartner’s permission. The use or publication of Gartner research does not indicate Gartner’s endorsement of Ace Data’s products and/or strategies. Reproduction or distribution of this publication in any form without prior written permission is forbidden. The information contained herein has been obtained from sources believed to be reliable. Gartner disclaims all warranties as to the accuracy, completeness or adequacy of such information. Gartner shall have no liability for errors, omissions or inadequacies in the information contained herein or for interpretations thereof. The opinions expressed herein are subject to change without notice. Although Gartner research may include a discussion of related legal issues, Gartner does not provide legal advice or services and its research should not be construed or used as such. Gartner is a public company, and its shareholders may include firms and funds that have financial interests in entities covered in Gartner research. Gartner’s Board of Directors may include senior managers of these firms or funds. Gartner research is produced independently by its research organization without input or influence from these firms, funds or their managers. For further information on the independence and integrity of Gartner research, see “Guiding Principles on Independence and Objectivity” on its website, http://www.gartner.com/technology/about/ ombudsman/omb_guide2.jsp.
2
3
Is traditional backup good enough? In this section, we will be discussing the challenges of the traditional backup approaches that are making it difficult to live with them for long. The current backup applications and the traditional approach of taking backups have been posing many challenges. The top challenges include the cost, capability and complexities of the currently deployed backup systems. The traditional IT deployments have been small. Even for file sharing, there have been a few users and small amount of data so backing them up was not very difficult. Times have changed now and IT has grown manifold. Even on a file server, there are thousands of users and TBs of file data. Applications have grown in their size. A typical mid size ERP has backend databases which can start with around 50-100 GB just as table structures for the basic modules. Rising SLA and reducing backup windows have been posing additional challenges. For many organizations that work round the clock with different users logging in different time zones, there are very less low-usage times/day for critical files and applications. The number of applications has increased. Even communication systems like emails and BlackBerry devices have become top-tier applications. Critical data is no longer residing only in the corporate data center. Branch offices also have important data especially on the desktops and laptops of the users. Data is becoming decentralized as organizations are getting geographically dispersed. Compliance and Regulatory systems are also demanding retaining data for longer periods and organizations need to ensure data availability for several years based on the industry they are working in. With all these coming in, the traditional approach of backing up needs modernization. IT cannot rely on once a day, long backup window traditional backups.
File servers can apply a different approach. File server data can be easily archived to a low cost storage and backups restricted only to online data. This reduces the volume of daily backups tremendously as you would find a large amount of files not accessed for over a year residing on the primary storage and getting backed up every week.
Some snapshot applications require additional scripting to take a consistent snapshot. Recently this has been taken good care by integrating them with Microsoft Volume Shadow Copy Service and storage system software add-on modules. This gives a complete application consistent snapshot copy.
On top of this, a CDP approach can help backup changes as and when they happen. Scanning a large file system for changes every time a backup is run takes long time and some good amount of resources.
If a full copy snapshot or clone has been taken and there is a failure, application can be instantly mounted on the snapshot volume and production services can be quickly resumed.
Snapshots are becoming another popular approach of backing up the data. For enterprise workloads, snapshots work well on storage array based snapshot tools. A major advantage of snapshots over backup software is that snapshots scale out very well irrespective of the volume of data that needs to be protected. For large applications, this can be very valuable because the snapshot duration does not increase significantly with the increase in size of data. Snapshots are generally incremental.
Another approach of protecting data is taking application centric approach. In other sections of this newsletter, we will discuss those approaches as well for common databases and platforms.
An advantage of array based snapshot includes the fact that it moves away the processing load of snapshot creation to the array and the application server resources do not need to work for this. Snapshots can be coupled with replicating them to a different storage to mitigate the risk of array failure. If combined with space saving technologies like compression and deduplication, replication needs less bandwidth.
Replication technology can synchronously replicate data from a primary location to a secondary location. They are dependent on the bandwidth made available to them for the replication job and the distance between the two locations. If bandwidth and distance are a constraint, IT can rely on asynchronous replication which can provide a slightly older data may be 30 minutes old but instantly so that the production services are up and running as soon as possible.
If managing replication along with snapshots does not suite the budgets, IT should consider putting a second level of protection on snapshots by taking tape based backups of these snapshots. A tape based backup copy of the snapshot ensures that if the array fails or the snapshot software goes corrupt, data can be recovered back from the tapes. In a way you are using snapshots for tape based backups by offloading the backup window load form the production application servers.
Replication is another technology that does not need a backup application to work with and can provide an instant copy of your production data at a remote location. How instant and how far is what you have to choose from?
In a synchronous mode, a change of data in the primary database is immediately replicated to the secondary database. Acknowledgement goes back to the primary application only once received from the secondary application. This needs a well sized bandwidth and is generally supported for a shorter distance.
3
In an asynchronous mode, replication is done periodically considering the RPO-RTO requirement. This is ideally from 30 minutes to 4 hours. This means logs of changes will be maintained at primary and after every 30 minutes, these changes will be replicated to the secondary. At any time, the secondary will have no more than 30 minutes old data. Caution needs to be taken to calculate the bandwidth requirements here as well to ensure that every replication job is able to replicate changes of last 30 minutes within 15-20 minutes before starting again. Some solutions do offer semi-synchronous mode, which offers replication in a very short time like 3-5 seconds reducing the difference between the primary and secondary database to a few seconds only. There are multiple options available in protecting data through replication like host based, storage based and appliance based. Each approach has its own place in the market based on the requirements.
4
A host based solution is good for a small requirement especially when your data is on a local disk i.e. too small to have an external storage and too critical to be available with low RTO & RPO. It binds you though since the licensing is operating system dependent and it utilizes your system resources in terms of memory and compute power. A storage based replication avoids the utilization of host resources and allows you to replicate data from source storage to target storage using the storage resources. It moves away from OS based licensing as well and moves on to have same model or same family storage at both locations. Though this is a technical limitation, even if this limitation is not there, it is preferable to have same model or same family storages at both ends to ensure smooth integration of the overall environment. An appliance based replication is where the data is copied and replicated while being saved to the external storage on the
fly. FC Switches or an external appliance is configured to monitor what is being return on the volumes to be replicated. While the data travels from host HBA to storage, it gets copied, compressed and replicated to the remote location freeing off both the host as well as the storage from replication worries. In all three options, asynchronous, synchronous and semi-synchronous approaches are available and all three maintain a log at source to keep track of changes that happen during a bandwidth outage. Redundant bandwidth is recommended so that there is minimum delay in transmitting in event of a bandwidth failure. Log size needs to be planned accordingly. Source: ACE DATA
5
Disk, Tape, or Cloud: Selecting a Data Protection Technology The selection of a backup storage technology profoundly affects a data protection environment’s capabilities. The selection process requires consideration of many factors that include ease of use, retention time, and recovery speeds. Deciding on a particular technology can be straightforward with unlimited budgets, but for those organizations living within constraints, picking a “good enough” storage technology is all that is necessary. In this decision point, Research Director Gene Ruth helps organizations decide which storage technologies are “good enough” to meet their data protection requirements without breaking the bank.
Decision Point What storage technology should an enterprise IT organization use to save backup data: disk, tape, or cloud storage services?
Decision Context Corporate users expect their data to be unconditionally safe and care little for the complexities of protecting it. This expectation creates a daunting challenge for IT organizations as they deal with a tidal wave of data and create schemes to protect it. Meeting the challenge requires IT organizations to not only protect data, but also make data loss events invisible to their users and processes by minimizing application disruptions. As IT organizations deliver data and make data loss events invisible, they are under constant pressure to minimize the cost of IT compute and storage infrastructure. To keep costs low, organizations must balance the infrastructure costs and operational expenses to meet customer expectations against the intangible costs of data loss. Minimizing costs requires striking a balance between “goodenough” protection and budgetary constraints when mapping data protection policies to implementations. The evolving data center complicates protection implementations and compels organizations to assess their data protection environments on a regular basis. With the advent and wide acceptance of server virtualization and, more recently, cloud
technologies, the traditional backup methods are inefficient at best and are often unable to meet backup windows and recovery time expectations. For example, with hypervisors that are capable of standing up a server instance in seconds, a backup protection implementation that takes hours to recover data for that instance will simply not do. In addition, organizations must improve flexibility, particularly as they move to self-service internal clouds where the backup implementation should automate appropriate data protection policies to a newly created virtual machine (VM). Governmental and corporate regulations also challenge IT organizations to manage data effectively. Meticulous data management mitigates the growing risk of legal consequences due to data loss. Organizations must be keenly aware of governmental regulations – Health Insurance Portability and Accountability Act (HIPAA), Securities and Exchange Commission (SEC), Sarbanes-Oxley Act (SOX), Payment Card Industry Data Security Standard (PCI-DSS), Directive 2006/43/EC, and Basel II – to avoid consequences that go beyond the inconvenience of losing, for example, someone’s medical record or financial data. All the aforementioned factors drive IT organizations to devise data protection environments and carefully select the storage technologies that those environments depend on. The effort is technically complex and requires input from the entire enterprise to get it right.
• “Storage Resources”: This template describes the basic hardware elements that a data protection environment uses. • “Storage-Only Connectivity,” “Hybrid Storage Network,” and “Unified Storage Connectivity”: These templates describe the connectivity found in a storage environment.
Related Decisions This decision shares explicit dependencies with the following Decision Point document: • “Data Center Availability”: This Decision Point provides guidance for determining the appropriate level of system availability and recovery for IT applications, data, and services in the data center. Defining these requirements directly affects the specific requirements for a data protection implementation.
Evaluation Criteria Although no technology can be all things to all situations, organizations must evaluate their criteria in a manner that minimizes the number of unique storage technologies that a data protection solution intends to implement. Less is better if data protection requirements are met. “Good enough” can be the baseline for any technology or infrastructure decision with considerations factored in for system growth and anticipated capabilities. It is possible that, to meet a range of data protection requirements, multiple storage mediums will be necessary.
This decision point pertains to architectural components described in the following architectural template documents:
Before following this data protection technology decision process, IT organizations should consider and define their requirements, constraints, and principles to guide their storage technology selection:
• “Storage Ecosystem”: This template provides an overview of a storage environment and all the elements that compose it.
• Requirements: Important considerations that influence the design of a data protection environment and underlying storage technology.
• “Storage Services”: This template describes the basic services that a storage environment provides including backup, archive, snapshot, and replication.
• Constraints: Important limitations that restrict the design of a data protection environment and the selection of the underlying storage technology.
Architectural Context
5
• Principles: IT organization and architectural values that are critical for guiding the selection of a data protection storage technology.
Requirements Requirements are goals that should be achieved as a result of making and implementing the technology selection decision discussed in this document. The requirements listed in this section can significantly influence the selection of a storage technology for data protection. They are, however, not all inclusive of every consideration necessary to fully define a data protection environment that includes not just storage technology, but also software applications, interconnect technologies, and operating procedures. For further research and recommendations on designing a complete data protection environment, organizations should refer to the research documents list in the Recommended Reading section. The following requirements will influence the data protection storage technology selection: • Data loss threats: Determine the conditions, events, and threats that can lead to data loss. Data loss threats can come from a number of sources – some well understood and expected (e.g., hardware failure) and some not (e.g., weather-related events or labor disputes that affect staffing). Understanding the nominal threats can help moderate a data protection environment and thus avoid costly implementations (e.g., synchronous replication) that only protect data from events that fall into the “acceptable risk” category. The scope of a threat determines whether it is a localized event (e.g., file deletion or corruption) or has a more comprehensive scope that affects the operations of a business entity (e.g., site loss due to flooding). For the purposes of this document, “routine data protection” applies to the first case and “disaster protection and recovery” applies to the second case. Depending on the threat scenario, all three technologies (i.e., disk, tape, and cloud) can offer support
6
for both localized transient failures and more impactful “disasters” such as a site loss, but each technology has unique tradeoffs. The applicability of each of the technologies will depend on a collection of factors that the technology selection flowcharts address in this Decision Point. • Acceptable period of disruption and consequent recovery time: For each class of application, data, or business unit, determine the acceptable period for losing data availability. Depending on the purpose of data or an application, loss of access can be extremely disruptive and expensive to an organization. The British Standards Institution (BSI) business continuity (BC) specification BS 25999 and the International Organization for Standardization (ISO) 27k series standards for information security help organizations define the maximum tolerable period of disruption and consider impacts across an organization. Whether an organization adheres to or certifies to the specifications notwithstanding, the specifications can help organizations assess their tolerance to system outages. As the acceptable disruption time lengthens, organizations can progressively move from disk, to cloud, to tape to meet their requirement. • Recovery point objective (RPO) and granularity: On a dataset basis, define the acceptable age of the most recent backup and the granularity of available previous backups. RPO values can have wide ranges, from minutes to days, depending on the use cases and business processes supported by the data in question. Longer RPO times (e.g., days) are consistent with tape technology, and short RPO times (e.g., less than 24 hours) are consistent with disk and cloud technologies. • Recovery time objective (RTO) and granularity: On a dataset basis, define how long a recovery action should take and how granular it should be. The RTO and RPO will often closely align and thus depend on similar storage technology. In some cases, however, compliance with corporate or governmental regulations may require frequent data capture
(short RPO values) consistent with disk technology and also allow for long RTOs consistent with tape recovery operations. • Compliance and information governance requirements: As part of defining the protection policies, organizations must consider a variety of compliance requirements that include: • Retention life cycle management: Define how many copies and versions of a dataset that must exist in a data protection storage environment. Failure to do so can quickly lead to a bloated storage environment that wastes precious storage space, increases backup application licensing fees, exposes an organization to added liability, and creates excessive e-discovery times. Data that undergoes frequent life cycle changes favors storage on disk while less active – and longer retention – data is more compatible with tape technologies. • Data privacy concerns: Maintain security/privacy consistency between the primary dataset and its backup copies. This requires defining acceptable data destruction procedures and may require data-in-transit or dataat-rest encryption. Linear Tape-Open (LTO)-5 tape technology, for example, features native data encryption while most disk or cloud storage requires additional equipment or software for encryption. • Deletion: The deletion of primary data does not necessarily imply the deletion of the same data in all backup sets distributed across a variety of storage equipment. In some cases, simply marking a backup file defunct in a backup catalog system may be adequate. For stringent requirements, deletion of the primary and all related backup datasets may be necessary to satisfy security concerns. Such an activity can be cumbersome for tape because tapes are loaded, read, and reconstituted after a file deletion. Alternatively, disk (and
7
cloud) technologies offer transaction capabilities consistent with file deletion activities and are thus more suitable in complex environments. • Data eradication: Some backup data can require a vigorous destruction procedure to avoid leakage of sensitive data. In those cases, extremely sensitive data, whether on primary or backup storage, requires either logical or physical shredding. Data shredding can involve finding all copies of the data, overwriting the data, destroying an encryption key or, in extreme cases, the actual physical destruction of media. Data eradication on tape and disk technologies is possible through magnetic means but with varying degrees of destructiveness to the media. Cloud storage requires faith that a service vendor properly eradicates sensitive data. • E-discovery: Litigations or corporate investigations can require the organization to have search capability to find critical data that may be in primary or backup data. Organizations should assess search requirements and determine the appropriate capabilities that a backup application must offer. For example, a search requirement may include the ability to scan all storage devices, identify individual data objects, and identify access authority for the search object. Active data manipulation favors the random access capability of disk and cloud storage; tape can be impractical for search and data retrieval activities due to its streaming nature. A failure to address this issue can lead to costly and complex discovery exercises and possible legal exposures (e.g., Federal Rules of Civil Procedure and contempt of court judgments for delays in data recovery). • Audit readiness: Organizations should plan for potential data audits and specify the reporting capabilities of a backup environment necessary to satisfy an audit. For example, a corporate directive may require certification that
backup jobs complete successfully. Users can either require audit capability from their chosen backup application or use a third-party solution to report on backup job status and thus satisfy the requirement. Although tape technology can be otherwise suitable, from a media-handling and search capability point of view, disk technology offers a better choice.
Constraints Constraints are facts, forces, or situations which cannot easily be changed and which rule out certain alternatives or make them difficult or expensive. The constraints listed in this section can significantly affect the selection of a storage technology. They are, however, not all inclusive of every consideration necessary for fully defining a data protection environment that includes not just storage technology, but also software applications, interconnect technologies, and operating procedures. For further research and recommendations on designing a complete data protection environment, organizations should refer the research documents list in the Recommended Reading section. Evaluate the following constraints to determine their applicability in a data protection environment and to assess whether they preclude the use of certain storage technologies: • Data center and intra-data center topology: The necessity to support multiple locations, whether they are branch-office or data-center scale, constrains IT organizations in a number of dimensions. Effectively selecting a data protection technology requires organizations to identify constraints on the feasibility of transferring data between locations, organizational cooperation, physical storage costs, staffing, and geographies. A branch office, for example, can have limited or no staff, which forces an organization to avoid “hands-on” operations that are associated with tapes. Similarly, coordinating data protection resources across data centers requires skilled operators to ensure
operating effectiveness under disaster recovery stress conditions. From a cost perspective, long-term retention using tape may offer a low-cost solution in cases where replication technologies are out of reach and multiple data centers and branch offices are continuously adding data to the storage pool. • Data repository locations: Depending on the global reach of an IT organization, the location of data repositories can be highly constrained by geography. In addition to the difficulties of transferring (or physically moving) data over distance, compliance mandates can constrain backup data within a country or region. For example, global organizations that have branch offices or data centers across national boundaries must be careful not to allow constrained data to move across national borders. More commonly, an IT organization already will have established data protection repositories that constrain data movement (physically or logically) to certain locations for preservation in case of a disaster scenario or to meet any applicable regulatory requirements. • Recovery consistency: Recovery consistency is important when two or more datasets (or their copies) are interdependent and must be synchronized. Applications often depend on more than one interdependent dataset (e.g., email or databases) that must be consistent from an RPO and recovery consistency perspective. Thus, a backup application must coordinate interdependent data backup onto equivalently capable storage technology. For example, maintaining consistency in a tape environment requires related datasets to be in close proximity on a tape cartridge to minimize recovery time. Disk or cloud storage technology is less sensitive to proximity due to their random accessibility that is relatively independent of the data’s physical location. • Budget and investment commitments: Limited budgets and/or existing IT investments in equipment, applications, and procedures can constrain the choice
7
of storage technologies. What would be an otherwise reasonable storage selection can be trumped by budgetary limitations or a conscious decision to derive more return from existing investments. For example, when extending the life of an existing infrastructure investment, organizations must carefully consider the consequence of staying with (or choosing) a subpar data protection storage technology and the risks that such a choice would expose an organization to. • Staffing and skill sets: The lack of staff or skills sets can severely constrain the choice of storage technology. For example, in a branch office environment, having no “IT” staff can eliminate tape as a medium because of tape’s handling requirements. Likewise, in a data center setting, a lack of skilled operators to manage a diskbased replication technology for disaster recovery can limit a storage technology choice to tape, which does not require as much sophistication to manage (i.e., no replication facilities). • Executive mandates and organizational boundaries: Business executives may establish broad guidelines that constrain a storage technology choice. Guidelines may include a siloed IT organization, shared resources across business units, or IT outsourcing partnerships. For example, an organization may decide to silo its IT operations by business unit, and thus limit choices for cross data center disaster protection. Isolated data centers may thus be forced to meet the organization’s disaster protection requirements by using cloud storage resources, a co-location facility, or a tape storage depot rather than replicating data to other data center locations. • Compliance mandates: Compliance mandates from the many regulations that a business unit may be subject to can severely constrain data access to authorized users, establish lengthy retention times, or force frequent deletion of sensitive data. Meeting compliance mandates also adds the extra dimension of satisfying audits and the implication of data searches and reporting mechanisms 8
that might be necessary. For example, long retention times (e.g., years) will favor tape while frequent deletion can favor disk technology, particularly if there is also a need for data eradication, which requires extraordinary measures to scrub data off of the storage medium.
Principles Principles are statements of an enterprise’s values and policies for defining and implementing IT architecture. They provide the linkage between business, organizational, and technology strategies and serve to communicate expectations between line and technology management. In preparation for using the Decision Process, readers should create a “statement of data protection principles” to guide the creation of protection requirements and consequent storage technology selections. Without clearly defining its principles, an organization may find itself vacillating between options while competing groups apply their own – and often unstated – principles to solve a data protection challenge. Gartner recommends documenting at least the following principles to clarify the goals, constraints, and direction of the IT organization in regard to a data protection storage technology selection: • Single or multi-use capabilities: Organizations must decide whether the resulting data protection infrastructure should be multiple-purpose and should include not just backup, but also archive capabilities. The decision to design a multiuse system is rooted in organizational structures, budgetary constraints, and the demands and scale of use cases that fall outside of a backup-only system. It is common, for example, for organizations to use a backup environment to also serve as an archive system by saving backup datasets for extended periods and infrequent access. Although this approach is acceptable for simple archive, it can be inadequate for demanding archive file management. A mixed system may lack, for example, the performance or reliability
to meet eDiscovery or compliance audit demands for both data retrieval times and restrictions on data changes or access. Organizationally mixing an archive system with backup can be problematic due to conflicting requirements regarding data preservation. The backup team will focus on immediate data protection and fast recovery while an archivist will focus on long-term dataset preservation, accessibility, data integrity, search-ability, and compliance. Demanding archive environments are thus often unsuitable for dual-use environments and require their own, but often-complementary, set of equipment and applications to achieve their functionality. • Budget vs. equipment capabilities: An organization must agree whether a backup infrastructure should have “good enough” or best-in-class capability. A decision in either direction requires coming to terms with budget constraints, tolerance for marginal capabilities, and compute-data infrastructure growth expectations that could overwhelm a minimally capable backup environment. For example, in a “good enough” implementation, updating a backup environment to track primary data functionality (e.g., increases in performance) can tax an organization’s capabilities and lead to discontinuities in backup performance due to frequent upgrades. Alternatively, a best-in-class implementation can result in difficult-tojustify investments for equipment and software. • Data growth-rate expectations: Organizations must either agree that the data protection environment will support a predicted growth rate or design a system agile enough to handle uncertainty in growth rates. A backup environment built to sustain a known data growth rate will be less costly than an agile backup environment, but it can be difficult to retrofit should the growth rates exceed expectations. Examples of design choices vary from a fixed size disk-
9
to-disk system for the predicted growth rate to a cloud storage environment for an unpredictable growth rate. • Data governance methodology: Organizations must determine whether an authoritative source for making data governance decisions is necessary. A data governance body can explicitly define the “value” of data and its governing principles. For example, data governance may allow/disallow outsourcing of storage for specific classes of data. Once data governance is defined, IT organizations can map data to the appropriate backup environments. For most organizations, the business process owners are in the best position to make data governance decisions and define data protection requirements. In lieu of that, IT organizations should define default protection capabilities for ungoverned data and – on a best-effort basis – make the business aware of those capabilities. • Technology maturity: Organizations must decide whether to favor long-proven technology or rely on leading-edge technologies. Using leading-edge technologies can result in efficient data protection environments, but they also put IT organizations at risk for unexpected difficulties that range from equipment bugs to vendor support issues. For example, a conservative approach will eliminate cloud storage technologies because of the technology’s relative newness in the market and lack of proven and credible vendors. Alternatively, building a protection environment on tape technology may appear less risky, but it can still expose an organization to the well-known difficulties of tape such as failed tape loads. • Granularity of capabilities: Organizations must determine whether they intend a one-size-fits-all implementation or are willing to offer levels of backup service that are tailored to specific data types and applications.An organization can choose, after determining the specific RTO, RPO, and retention times per dataset, to create
a single policy environment. Although establishing such a policy can undercut some data protection requirements, it can lead to a simplified and less expensive environment. Incrementally adding backup granularity will better meet individual data protection requirements at the cost of a more complex environment from an operations, backup-application, and equipment perspective. Creating a limited number (and different tiers) of backup policies and capabilities to map data types to can help keep costs in check while still meeting (or exceeding) defined backup requirements. * Operational paradigm: Organizations must determine the staff and training that they want to apply to the backup environment. The less staff and training, the more likely it is for an organization to stay away from high operator-interaction backup environments. For example, although a tape backup environment can offer low storage costs, it requires operators to manage tape (e.g., loading libraries and moving tape to off-site storage) to keep the system operating. For branchoffice environments, this can be too large a burden. Alternatively, disk or cloud environments allow less operator interaction and afford the potential for remote operations. Skilled operators are necessary, however, but they can be consolidated to a single location when supporting multiple branch-office locations. Unfortunately, more automation often implies higher cost for software licenses and deep integration with a single vendor’s product.
Alternatives Modern backup systems offer a choice of three different storage media – tape, disk, or cloud: • Disk storage: Disk storage systems offer high data-transfer rates, typically the fastest input/output (I/O) transaction rate capability, and high capacities, but at a cost commensurate with the performance. Disk storage systems come in several
different configurations that range from individual hard disks, to redundant array of independent disks (RAID) systems, to highly available deduplication appliances that run virtual tape library (VTL) or network-attached storage (NAS) protocols. The capacity for disk systems can range from terabytes to petabytes with data-rate performance of more than 5 TB/hr for the largest deduplicating backup systems. Enterprise disk storage – intended for backup applications – also typically offers replication functionality for site-to-site data movement and the ability to transfer data directly to tape. Expect future capabilities that will allow a backup disk system to transfer data to and from a cloud storage service. • Tape storage: Modern tape storage can provide high streaming rates and the highest capacity at the lowest cost and power usage, but it requires physical handling and is inappropriate for transactional workloads. Tape storage can be a single tape drive (e.g., LTO-5 is capable of storing 3TB per cartridge) up to sophisticated multirack automated libraries capable of robotically handling thousands of tape cartridges. The tape technology may be vendor specific (e.g., IBM TS1140 has 4TB capacity at 650 MB/ sec) or industry standard (e.g., LTO-5). The highest performing (and highest cost) tape is vendor specific (e.g., IBM TS1140) and requires aligning purchases with a single vendor. Although tape is traditionally tied to streaming workloads, recently, both file system and replication capabilities have become available and extend tape’s usefulness in archive, content storage, and disaster recovery use cases. • Cloud storage: Cloud storage offers a novel alternative to tape and disk technologies for data storage. Although several considerations are necessary before using cloud storage (see Recommended Reading), cloud storage offers an opportunity to consolidate backup data off site, thus reducing capital expenditures (for equipment) and offering built-in disaster recovery capabilities – assuming a trusted cloud storage service provider. Cloud storage services can be 9
public and shared by many customers or built as internal or private clouds specific only to the organization. In either case, cloud storage offers a bottomless data capacity, but it does require additional efforts to boast performance for data movement. As cloud storage evolves, performance enhancement capabilities are becoming available that range from “overnight” equipment delivery for seeding large datasets, to dedicated WAN connectivity for high-speed data transfers, to cloud gateways to buffer and thus mask slow cloud data transfers. Additionally, when cloud storage combines with cloud compute services, it can deliver “backup or recovery” as a service that offers not just data preservation, but also compute infrastructure to recover faulted local compute capabilities. Other technologies such as optical disk and flexible magnetic media do exist, but their availability in the market is limited, and they are rarely used due to limited capability.
for handling enterprise workloads and expectations. Customers must be cautious when they contemplate using public cloud services because of the rapid pace of the marketplace and the frequent entrance and exit of vendors. • Clustered storage systems gain market share: Clustered storage environments, offered by the major vendors, provide highly scalable and resilient environments for servicing a wide range of workloads. As the scale-out offerings continue to gain acceptance in enterprise environments and prove their reliability, organizations are increasingly using them as the target for data protection activities. When paired
FIGURE 1 Technology Selection Process Flowchart
Future Developments Organizations should consider these developments regarding storage technologies when they plan a data protection environment: • Deduplication no longer novel: Deduplication has quickly moved from a novel capability to mainstream status due to its strong ROI and competent implementation by many vendors. The leading backup application vendors all support deduplication as a software process and complement the native capabilities of data deduplication appliances. Unfortunately, customers should not expect standardized deduplication algorithms or engines and must align with a single vendor when implementing deduplication in a data protection environment. • Cloud technologies continue to evolve: Gartner predicts increasing acceptance of cloud technologies as customers refine their demands and cloud service vendors improve offerings and earn credibility Source: Gartner (July 2011)
10
with off-site (and like) equipment for disaster recovery, scale-out systems can provide a complete solution for a data protection environment. • Tape continues to provide value: Tape is not dead. It continues to evolve its capacity, performance, and reliability in demanding environments. For long-term retention, tape is still unbeatable, and with the recent addition of a tape file system and replication capabilities, tape will play a role in enterprise data protection and archive environments for some time to come.
11
Decision Tool This decision point guides organization in their selection of an appropriate technology (or technologies) to store backup data. A technology selection can be a complex endeavor and may require more than one technology. Having a methodology to make the technology decision will ensure that organizations consider the many factors inherent in the decision and will provide a documented, justifiable, and repeatable method on which to base the decision.
Decision Process Follow the process flow diagram in Figure 1 to select an appropriate storage technology within a branch office or data center for routine data protection and/or to provide disaster protection. The process requires an organization to follow these steps: 1. Define data protection principles, requirements, and constraints: Organizations should pay particular attention to the following issues: • Define a “statement of backup principles” using the items discussed in the Principles section:
Data governance methodology or minimal staffing principles can significantly affect the approach and technology an organization uses for a data protection environment. For example, a limited staff will push organizations to select automated disk systems that require little-to-no physical interaction. Budget tradeoffs versus equipment capabilities can have the opposite effect and push a solution toward tape technology because of its low storage costs in situations not dependent on fast recovery times. In addition, deciding to implement a multiuse system that serves both backup and archive purposes may require compromising requirements for alignment with a storage technology.
• If the system is for both archive and backup, then blend data archive requirements with data protection requirements. Adding in archive capabilities can dramatically extend requirements to include searchability, retention times measured in years, and a data governance regime far more extensive than a backup requirement alone. A blended environment will affect the RTO, RPO, and any special data handling or search requirements. Blended environments require organizations to create an information life cycle management (ILM) plan to identify important data and determine data protection, archive, and continuity requirements. Requirements will include business, compliance, and risk assessments; retention times; recovery expectations; data governance; and criticality to the business. Archive considerations include compatibility of the retention/recovery time and granularity of archive data with the RTO and RPO of the backup data. If archive users require retrieval times incompatible with the backup storage technology, then organizations must create a separate system for archive or modify the backup storage technology to satisfy the archive requirements: • If the archive data must meet governance requirements such as authorization, data immutability, and access logging, additional measures such as cataloging, write-onceread-many (WORM) functions, and data availability are necessary and can alter the storage technology choice. For example, archive/ backup software may require disk technology to enforce logical WORM capabilities. • Define the shortest and longest retention- and recovery-time policies with granularity in terms of datasets and protected storage equipment:
• In many cases, a data protection environment requires both short recovery times to handle file versioning rollbacks and longerterm recovery times to handle the catastrophic failure of a storage array. Depending on the time intervals, it is possible that a tape technology is best suited for longterm storage and a disk system is more suitable for short (e.g., snapshot) retention time storage to allow version rollbacks of files; thus, both technologies may be necessary in a data protection environment. • Define allowable staffing and monetary resource constraints: • When minimal staff is available, the data protection technology must operate autonomously and allow for management from remote administrators. Compared with manual operations, autonomous operations require greater investment in equipment and software to operate effectively. For example, tape technology requires operator interaction to manage, label, and move tape to physical storage. Alternatively, disk and cloud storage technologies operate without any direct physical interaction but require sophisticated (and sometimes costly) applications and hardware to be reliable. 2. Determine the topology for the environment: The environment can include branch offices and/or data centers that coordinate backup and disaster recovery processes. Organizations should consider the following when defining topologies and location interactions: • The expected workloads, applications, and data generation affect the scale of a physical location and influences staffing requirements. For example, a branch office may have limited or no IT staff and moderate data dependencies. Data centers usually have significant staff and maintain the vital data assets
11
for an organization as well as provide IT services to branch offices. Branch offices may have a stand-alone environment or depend on a data center for data retention and disaster recovery. 3. Bucketize requirements, and apply each protection requirement to the technology selection flowcharts in Figure 2 and Figure 3: More than one protection requirement is possible. For example, data protection may require long-term retention with daily recovery points as well as frequent file versioning (e.g., hourly) but with a limited retention time (e.g., week): • Minimize the data protection policies to remove complexity from the environment: • Organizations facing a plethora of data protection and disaster recovery requirements should “bucketize” requirements as much as possible to simplify technology choices. With some forethought, an IT organization may be able to map multiple data protection requirements into categories consistent with the capabilities of disk, tape, or cloud technologies – or all three. This step requires evaluation of several “deal breaker” decisions to make a final selection of a storage technology. The flowcharts address server backup only and assume that the primary data resides on locally attached storage (e.g., direct-attached storage [DAS]) or a shared storage system that is either NAS or on a storage area network (SAN). Apply each “bucketized” data protection requirement to the technology selection flowcharts. The flowcharts divide into separate selection processes for routine data protection and disaster protection and may result in the selection of multiple storage technologies: • Routine data protection: Routine data protection addresses local data loss events that can be both physical and logical. An example of a physical event would be a failed disk or RAID 12
set within an otherwise operational disk array or file server. Logical events include inadvertent file deletions, corrupted files, or unintentional data changes. The recovery expectation usually depends on locally stored data and can be granular to the file level. The minimum expectation is that the data protection storage technology can adequately serve the allowed backup window, stores data on premises, and has recovery times similar to the RPOs. • Disaster protection: Disaster protection extends routine data protection by guarding against failure events of broader scope. Failure events can include the complete failure of a disk array, file server, or compute infrastructure and extend to the entire loss of a location due to natural disasters such as flooding or hurricane. Often, the recovery point and recovery time in a disaster scenario is relaxed from routine data protection and extends into 24-hour RPO and multiday recovery times. Additionally, there is an expectation that critical data is stored in an off-site repository presumably out of the reach of the expected disaster scenario. The minimum expectation is for the disaster recovery environment to extend the routine data protection environment, have staff available, store data off-site, and can recover data to alternative IT infrastructure in the event of a site loss. The technology selection flowcharts (Figure 2 and Figure 3) simplify the storage technology choice by consolidating related decision processes into major “deal breaker” decisions. For example, the “Is cloud storage OK?” decision consolidates an examination of an organization’s tolerance to cloud storage technology issues such as data privacy, performance, and cost structures. Likewise, the “Are daily backups acceptable?” decision requires an organization to consider RPO times and whether a 24-hour cycle will be good enough to satisfy their requirements. The deal breaker decisions in the technology selection flowchart are:
Are daily backups acceptable? This is a key decision because short RTO and RPO (less than 24 hours) preclude tape from all but the smallest environments. In addition, apart from the demands of RPO times, the ability to fit a backup job in the allowed window is inherent in the acceptability of daily backups – if sufficient window is not available, then daily backups are not acceptable. A protection regime that requires both short (e.g., hourly) and long RTO/RPO times may lead to a solution that uses multiple technologies to satisfy a range of requirements. For example, a branch office may require daily long-term retention and frequent snapshots, thus warranting both disk and tape technologies. Is cloud OK? Determining the acceptability of cloud storage depends on numerous factors that include concerns about data privacy, performance, and vendor credibility. In some cases, an organization may determine that public storage clouds are not acceptable and instead decide to build its own private internal cloud infrastructure. Some important issues to consider include: • Is storing data off-site acceptable from a security, liability, and accessibility perspective? • Is the operational paradigm of cloud storage acceptable? • Is the performance – both bandwidth and latency – acceptable? • Is the cost structure of cloud storage compatible with the organizational budgetary process. • Is the cloud storage provider selection acceptable in terms capabilities and geographic locations? • Can cloud storage meet anticipated RTO and RPO requirements with and without acceleration devices such as cloud
13
storage gateways? For example, cloud storage is not suitable for synchronous or frequent (e.g., sub-hour) replication.
• Manual tape recovery process in case data recovery is necessary • Key management for tape encryption
Is tape management OK? Whether tape management is acceptable depends on factors that include:
• Data eradication when many copies of a file exist across tape cartridges
to a recovery location, and then restore the data it contains back into a system. Disk systems can significantly lower recovery times by replacing the physical transportation of data with its transfer over high-speed network protocols or recovery from a standby alternative location. Organizations should also consider that:
Is 72-hour recovery OK? • Tolerance to tape failures and subsequent recovery actions • Availability of trained staff to handle cartridges • Availability and integrity of off-site storage for tape cartridges
Meeting less than 72-hour recovery times can preclude the acceptability of tape when staff is not immediately available and/ or tape cartridges are stored at an off-site location. The 72-hour recovery accounts for the cycle time to request a tape cartridge(s) from a physical storage facility, transport it
• Long retention and recovery times favor tape solutions when considering the cost per gigabyte (GB). • Long recovery times can be incompatible with eDiscovery data recovery requirements. Self-service recovery OK?
FIGURE 2 Routine Data Protection Technology Selection Flowchart
Systems that offer self-service either by a user or a lightly trained administrator must be highly automated and require little-to-no physical interaction to operate. Branch office environments are often candidates for a selfservice capability due to the scarcity of IT staff and demand for fast file recovery by users in the branch. Self-service environments let users recover files, file systems, or OS images without the aid of a designated administrator or support staff. Consider the following when assessing whether self-service is appropriate: • Tape-based systems require informed personnel to manage and load tapes on demand to support recovery operations. • Disk and cloud-based environments have the potential for self-service because no direct physical intervention is necessary. Self-service requires user-friendly software tools and processes that require little-tono training. • eDiscovery may require self-service for non-IT organizations such as a legal department responding to litigation. RTO/RPO in hours or minutes?
Source: Gartner (July 2011)
For RTO/RPO times that are less than 24 hours, disk or cloud-based environments are most suitable due to their random access and availability capabilities:
13
FIGURE 3 Disaster Protection Technology Selection Flowchart
Acronym Key and Glossary Terms BSI
British Standards Institution
CDP
Continuous data protection
DAS
direct-attached storage
GB
gigabyte
HIPAA
Health Insurance Portability and Accountability Act
I/O
input/output
ILM
information life cycle management
ISO
International Organization for Standardization
LTO
Linear Tape-Open
MB
megabyte
NAS
network-attached storage
PCI-DSS Payment Card Industry Data Security Standard
Source: Gartner (July 2011)
RAID
redundant array of independent disks
RPO
recovery point objective
RTO
recovery time objective
SAN
storage area network
SEC
Securities and Exchange Commission
SOX
Sarbanes-Oxley Act
TB
terabyte
VTL
virtual tape library
WORM write-once-read-many • Aggressive or synchronous RTO/RPO times require disk-based technologies that use replication technologies to meet demanding data transaction rates and latencies. • eDiscovery activities require high search speeds, random access, and data recovery to support regulatory activities.
14
• Cloud storage can be suitable for limited data sizes but may require dedicated bandwidth and/or gateway equipment to optimize backup and restore windows. Source: Burton IT1 Research, G00214510, Gene Ruth, 8 August 2011
CIO Perspective With Parvinder Singh, Corporate Vice President, Head IT Services & Technical Control Unit at Max New York Life Based on your experience, what are the top 5 challenges organizations face when dealing with backup? Data Backup is one of the critical pillars of IT services in today’s business environment. Needless to say that failure in this can lead to disasters of sorts in an organization. At the same time, data backup comes with a few inherent challenges to manage. Among others, following are the five most critical challenges organizations are facing: 1: Backup time: First and foremost, the rapid data growth, both structured and unstructured, is challenging the organizations. This growth in data directly impacts the time taken to complete the backup. If reducing data backup window is crossing the threshold limit and sometimes you end up either leaving production impact or killing the backup itself. 2: Impact on production during data backup: A typical enterprise business run 24/7 and you have to find time to take data backup. Because of high storage resource requirement by backup, at times it adversely impacts production and it becomes slow. Organizations may need to size the backup properly so that it doesn’t impact production. 3: Owner of data being backed up: We take data backup for almost all business systems barring a few. One doesn’t know who is the owner of that data. It is essential for businesses to fix ownership of the data. 4: Data restoration: This is yet another challenges to IT organizations. At times the media on which the data is backed up can go faulty therefore creating restoration issues. 5: Data security: After taking backup, one of the most important aspects is to sufficiently ensure its security. This includes physical safety such as fireproof lockers and then logical safety such as encryption of data to prevent its misuse.
There’s a lot of talk about migrating to the cloud for backup needs. What are the pros and cons of backing up in the cloud? In very plain words, data is the lifeline of any business and ensuring that it is safe hand is the first priority of the IT Services department. When it comes to cloud, some apprehensions like data security and regulatory compliance do cross our minds. But I strongly believe that if both these aspects are taken care of, IT organizations will explore the possibilities of cloud-based backup. Data should be available when it is required. Business should not suffer because of its non-availability. If, by any chance, data gets corrupt no service provider will own this, which may result in to business loss.
How have backup technologies and processes evolved in the past decade? What should organizations invest into to make sure they are ready for increasing backup demands? A vast variety of new technologies are now available for data backup and recovery. Also, these backup technologies are evolving very fast. Once should clearly define the requirement upfront. We need to answer the following questions before choosing a technology or solution: - What is data the backup windows available? - How important or critical is restoration time of backup? Do we want an immediate restoration or you can wait for the next business day? - Is data backup encryption critical for your type of business? - Is size of the data very big? - Is data (which is to be backed up) growing rapidly? - How will the legacy data be backed up or do you need support for the legacy data backup solution? Source: ACE DATA
15
Where should the backup go? A user expects his data to be always available and remain safe. No user wants to get into a situation of data loss and recreating his data even if it was a small presentation or a financial report created out of MS Excel. IT organizations are under constant pressure to minimize the cost of IT compute and storage infrastructure. To keep the costs low, organizations must balance the infrastructure costs and operational expenses to meet the customer expectations against the intangible cost of data loss. There needs to be a striking balance between data protection and the budgetary constraints when mapping data protection policies to the implementations. The speed of IT deployments is becoming fast with newer technologies coming in and therefore the speed of recovering data should also be increased to keep pace with new deployments. New age hypervisors help setup a server in a few seconds while traditional backup technologies take hours to get the data restored. In this section, we will be discussing the pros and cons of choosing the backup destination while going with the traditional backup approach since the choice of destination gives different options of better RPORTO, commercials, compliance and scalability. These three choices are using tapes, disks or cloud based backup implementations. A combination of a few can also be very helpful. Let us begin with the tape technology. Tapes are not dead and will never die. The new technologies are helping change the role of tapes in our backup ecosystem. LTO-5 is capable of backing large amount of data on a single tape but that can only help in believing that there is less cost of media and management involved until you need the data back. This is because recovering that large volume of data from a single tape. Tapes are not a good option for end user backups as well. With their sequential read-write access, they are very slow when they backup small chunks of data. This comes true even while protecting the file servers. Many IT organizations can afford a daily full backup of their databases being larger files but backing up smaller files from file servers takes hours and even days to complete if it a larger file server and they end up with a weekly full option only as a 1-2 TB of file server on a tape still goes to 2-3 days and is good only on weekends. Recovering the entire file server is a pain if required. A tape is still good for the organizations that can afford a daily backup. The decision to reduce this to less than 24 hours and continue using tapes can be made only by smaller organizations. If data size is small, you can have multiple versions a day to reduce the impact of data loss on a primary failure. As the setup grows, you can grow with the no. of drives or a tape library but this also brings in more of management of both the backup operations as well as media handling. You cannot be backing up throughout the day with the traditional approach.
16
All said, the life of media and the media handling capabilities of an organization can sometimes ruin all the effort made in backing up the data. Disks came up as a good alternate for tape as the primary backup device. Supported at the backend with RAID protection brought in additional protection over the life of media. Disks can be picked up from a low cost DAS or an existing storage and offer good connectivity for backups as well. Disks storage systems offer very high data-transfer rates, typically fastest I/O rate and highest capacities. They also come in a wide range of options to choose from: low cost external disks, RAID protected JBODs, NAS or SAN attached intelligent storage and Virtual tape libraries. This additionally offers the enterprises to choose from a variety based on their RPO-RTO requirements and budgets. Initial adoption was easy for enterprises by adding an additional low cost shelf to their existing enterprise storage. Deduplication i.e. the capability to eliminate common or repeated data getting backed up is no more a premium feature. Any backup application is expected to have this as one of their basic features if they offer disk based backups. Deduplication reduces the backup windows considerably and is a good choice for large data size like large file servers or even databases. Two good things that became popular when disk came up as a backup device option were end-user backups i.e. desktops and laptops and Continuous Data Protection or CDP. Tapes were not a good option for backing up desktops and laptops owing to its slow nature in writing small files. With disk as primary backup device, better technologies are getting developed towards backing up the unstructured data of desktops and laptops. CDP can also help in a great deal depending on the way it is implemented. Products are available that help backing up data instantly as it is created especially a file server or mailing applications. The option of choice is to take a full deduplicated backup of the data for once and enable CDP. Every change is a file, a new file or a new email will be backed up instantly without the need to wait for the next backup schedule. CDP does need some quick network resources and buffers to support its capability of backing up instantly. CDP is a good alternate to a synchronous replication for small setups and standalone servers if integrated with a backup application. A large enterprise with enterprise storages may afford to use synchronous replication on their storages. Retention is another key area while using disk based backups. Organizations need to define & maintain a proper retention policy to ensure they are able to meet their investment on disk-based backups and archive the older backups to tapes.
For compliance reasons to keep an off-site copy of backups, disk based backups have been complemented with the option to stage the backups to tapes for off-site movement while primary backup on disk eliminate long backup windows. VTL gives an emulation of tape while using RAID protected disks at the backend and offer good deduplication. They also do staging to physical tapes for off-site movement. Two key areas of choosing a VTL are when you don’t have a deduplication supported backup software or you don’t want to load your servers with deduplication work and when you have the bandwidth available to directly replicated VTL to VTL between two locations rather than shipping tapes out. Cloud is the next big thing in the IT industry. With organizations leveraging their ways to utilize the benefits of this new concept, backup vendors have also developed their applications to offer backups on cloud. On the outset itself, Cloud based backups act as good option for first level of disaster recovery for any size of organization. Not everyone can go for synchronous or even asynchronous replication to get to a disaster recovery site. A cloud based backup takes your data away from your data center for any type of backup set you create. This ensures that if the primary site goes off, you data is still safe with your service provider. Recovery time would depend on the bandwidth available and the time it takes you to set your applications back. A good service provider can also provide you with the capability of recovering in the virtual environment creating a virtual data center for you till the time the physical data center becomes operational again. Organizations should look for a service provider who can protect the end point devices as well i.e. desktop, laptops and smartphones. This eliminates the need for the IT to evaluate multiple products and solutions and then manage multiple technologies. This will also be beneficial for organizations with large setups so that they are using consistent technology across all data centers and small offices. A good service provider will also provide backup monitoring and management eliminating the need to have dedicated skilled staff for each data center and small office.
Two major concerns to move to a cloud based backup service are performance and security. Performance of the backups is dependent on the bandwidth available as backup data has to move to the cloud. Features like disk based deduplicated backups are the base premise of a cloud based solution. Care is to be taken while doing the initial seeding to get the initial large volume of data to the cloud which should be an integral part of the solution. Recovery times would vary based on the available bandwidth. Security is another big concern for cloud based backups. IT needs to ensure that the service provider is encrypting the data as it moves to the public network. Service provider should support the highest levels of encryption and data privacy conforming to the global standards like HIPPA, SOX, Basel II, FIPS etc. The backup solution should also have a clearly defined data destruction methodology. The service provider should be faithful enough to ensure deletion of old backups ensuring that their integrity is not lost. Retention policies play an important role for cloud services as well since IT pays for the backups stored and retained. They need to be careful about what they need to retain as per their organizational requirements. Service providers and solutions are available that can archives your old backup sets that are to be retained for compliance needs reducing your cost of retention. Cloud backups eliminate the need of tape management, backup management and maintaining skilled staff for backup management. They can provide good backup lifecycle management from taking the backup to archiving and deleting the backup sets when they cross their retention limits. Disk and Cloud based approaches also eliminate the risk of loss of backups due to media life and offer additional RAID and hot spare protections. If bandwidth and security concerns are taken care of, Cloud is a good option as IT pays for it uses instead of buying a complete solution and paying upfront without using it to its full capacity. Cloud is also scalable since IT would need to pay on the additional usage leaving the expansion worries to the service provider. Source: ACE DATA
17
What’s good about Cloud based backups? There are a lot of concerns about the benefits of sending data off-site for backups. Key concerns include the cost of bandwidth and the security of data. Both these concerns can be taken care of if a good solution supporting local deduplication, compression and high level encryption solution is used for the cloud backups. These ensure you utilize minimum bandwidth and keep your data encrypted upto AES 256 level with FIPS certifications. The benefits on the other side are also strong enough to allow making it worth to invest extra money on bandwidth. The benefits of adopting cloud backups include: 1. In the cloud, there is no capital investment in hardware or software. Why spend time worrying about devices that are not relevant to your business growth and keep upgrading them as data grows? 2. Disaster-proof: In the unfortunate case that your business sustains fire, water, or weather-related damage, hardware loss could be extensive, including servers, network equipment, and the external USB drive relied on to recover data and sustain business function. Cloud can help in anytime, anyplace recovery without the need to look for media or wait for site repairs. 3. A good service provider can publish your servers and applications on cloud along with data to give you a virtual site till you wait for the physical site to be up and ready in event of a site disaster. 4. Accessible: A cloud uses a secure login allowing you to restore data from any location, at any time. 5. Secure: Unlike USB hard drives or old media cartridges, cloud service provider can guarantee your critical business data will never be lost or stolen due to malicious activities outside of your control. 6. Scalable: There are no size restrictions. You grow as you backup more data and you pay only for what you store instead of holding large investments while buying a solution for three years growth.
18
7. Automated: Clouds do not require manual intervention on your part. This enables you to invest your concentration where it matters most: growing your business. 8. Simple: Cloud backups automate the real-time, continuous backup of your critical data and managed by your service provider. 9. Secure: Most external USB drives are not encrypted, and if lost or stolen, they place your business at risk. Cloud backup solutions are compliant to a large number of compliance standards like SOX, Sarbanes Oxley, HIPPA, HITECH etc. Cloud based backups solutions should be secure and should follow FIPS Security certifications. 10. Recoverable: Why backup if you can’t be assured that your data is restorable at any time. Unlike USB hard drives, cloud backups allow for sophisticated file versioning and retention policies which will satisfy recovery point objectives for any type of scenario and any size business. Cloud service providers run automated process in the background, scans the entire storage to ensure data integrity. This ensures that the data is always recoverable in case of a disaster. When you’re shopping for a backup solution, please inquire from your vendor to ensure that the functionality they provide will restore your data, not just during a Disaster Recovery (DR) drill but in the event of an actual disaster (accidently deleted file, damaged hard drive, machine loss or lost site). On the surface, cloud solutions may appear to be more expensive than simply purchasing an external USB hard drive and investing your time backing up your own data. However, by factoring in the critical nature of the business files you rely on, the advantages of a managed, secure, scalable and reliable backup service make cloud services an indisputable choice. The reality is that the cost of a properly managed, fully compliant backup is worth far more than its cost. Source: ACE DATA
CIO Perspective With Sunil Sirohi, Vice President, NIIT, Information Resources, NIIT Based on your experience, what are the top 5 challenges that organizations face when dealing with backup? Growth in business transactions, volume of data, and number of people has added to already existing challenges of data backup, which is a very critical function to data protection. Among others, I feel following are the key challenges facing the CIOs: 1. Increasing Size of the Data: There is no way this can stop. It is directly linked with the growth in business. 2. Decreasing Back-up Window: One of the biggest problems plaguing backup administrators is the volume of data that must be backed up each day is steadily increasing, but the amount of time allotted for the daily backup remains constant or perhaps decreasing. 3. Legal/Compliance Requirement: Pressing needs to comply with regulatory compliance issues presented by legislation such as the Sarbanes Oxley Act and the Health Insurance Portability and Accountability Act (HIPPA) have driven the IT shops to keep data for a very long time and implement back up solution. 4. Data Lifecycle Management: These days companies need a strict policy-based approach to managing the flow of an information system’s data throughout its life cycle: from creation and initial storage to the time when it becomes obsolete and is deleted.
There’s a lot being discussed about migrating to the cloud for backup. What are the pros and cons of backing up in the cloud? Yes, it is true that in a cloud backup environment the backup data is not on premise, which is also the case when as per process backup is kept off-site. The accessibility or inaccessibility of an off-site backup can possibly be the same both the cases and one can argue more on this. However, I would prefer to ride the cloud. Migrating to the cloud for backup needs is a good option. To exercise it, one should do a due diligence on the provider. Further, bind it with stringent SLAs to mitigate risks. Cloud brings in elasticity, pay as one uses, high availability, no upfront capex investment which all very positive for an organization. It takes away the worry of buying/upgrading to newer backup software. Similarly, it gives respite from investing in tapes, storage space, office site process. With cloud solution, someone else is worrying about it. For all this to happen, you should be ready to have redundant and highly available telecom infrastructure.
How have backup technologies and processes evolved in the past decade? What should organizations invest into to make sure they are ready for increasing backup demands? There have been fast-paced changes in the backup technologies and there are multiple solutions that are currently available. For an organization to meet the ever-increasing backup demands, it must have a backup strategy in place. Classify data (mission critical/not, recent or not, production data or QA or development) and based on that appropriately invest in the backup solution. Source: ACE DATA
5. Process Compliance: As government and industry-specific regulations around data privacy, accessibility, and retention continue to evolve, IT has to enable business with compliant backup and recovery processes.
19
Protecting Desktops and Laptops While many people believe that there key business lies in database and servers, it is important to understand that it all starts form the desktop. The data created on a desktop/laptop by the intelligent user is in those files known only to him. We have seen people creating a few XLS data files and then a lot of reports and graphs derived out of them. This need a lot of effort to make those report templates and recreating them would be more difficult.
We do have solutions available that can backup smartphones and Android based handheld devices also automatically scheduled to be backed up on cloud. Apart from the backups, commonly known best practices for desktop/ laptop protection include: 1. Anti-Virus software.
There is the potential that files may be lost or corrupted due to hardware and/or software failures, and/or human errors (e.g., unintentionally deleting the file), and having another copy of your files prior to such catastrophe will alleviate the burden of recreating the lost or corrupted files to their original form. There are numerous software solutions that will back up everything on your machine. A low cost way is to just copy your files on CDs or external disks as a backup. This sounds simple and cost-effective. Practically, this is not as simple as it looks. People do it for a couple of times but not regularly. Recovering back needs the same effort again and what if you don’t remember where is the external device now. If this device is lost, you actually end up exposing your data to the person who gets this disk since this is just a copy in the same format, no encryption. Smart technologies are available now that need a centralized repository to control the backups. Automated agents and even agentless technologies can filer in the type of data to be backed up ex. Only MS office files and emails to ensure non-relevant data do not get backed up. The scheduling can also be automatic so the user does not need to worry about his data backups.
2. Anti-spam and anti-malware softwares. 3. Built in firewall services. 4. Regular updates on anti-virus and operating system patches. 5. Strong login passwords. 6. Don’t leave system unattended if not locked when you are not around. 7. Physical security. 8. Don’t save passwords in the applications. Enter them everytime you want to login. From the organization point of view, data protection softwares are available to ensure even your employees cannot send organization sensitive data to their personal IDs or competitors etc. Even use of USB Devices and printers can be restricted.
These enterprise solutions also offer AES256 bit encryption and file level deduplication to ensure repeated data is not backed up daily. User can have a control over his recoveries. Select what you want to recover, which version you want to recover and get it backup.
Ideally, every organization should use encryption softwares so that even if the laptop is lost no one can just logon and access data. The thief may use the laptop by formatting disks but atleast does not access your critical data.
If the backup application runs on a public IP, travelling mobile users can be safe backing up on internet. The laptops especially can be backed up on Cloud based optimized solution that ensure your data availability round the clock anywhere you want it. The interface is user friendly that any user can recover his data form where ever he wants to.
Not to forget though that when you dispose your equipment, you should sanitize the disk and destroy all data.
20
Source: ACE DATA
21
Protecting the Application Servers Protecting the Application Servers Backups are the first step towards ensuring that you if managed properly you would be safe in event of a data loss. As discussed in other sections as well, backups protect our data only and also help us in maintaining the older versions of the data. What is also a key area for business today is protecting the applications and databases and be operational with near zero downtime? One simple method of doing this is to go for cloud based backups which ensures that if there is a site failure, the backups are available at the remote site. For some applications like file servers and MS Exchange, continuous data protection helps keeping the cloud version as latest version. In the subsequent sections, we have made an attempt to go in-depth of how to protect these applications both from within the scope of backups and also from the application point of view. How can the native application utilities and additional third party utilities help to protect applications and databases recover back to immediate version. We have highlighted the key considerations and best practices for majorly known applications and databases.
Protecting File Servers Like any other application or database, file server volumes are also growing tremendously. Organizations have grown and keeping centralized file data for all employees brings in the need for large file server. This automatically raises the concerns for keeping them secure and protected all the time. Some of them are discussed below: • Backup: Windows natively provides a backup utility for backing up local data on tapes or disk type backup device. For an enterprise using a file server, backups are generally taken centrally from a backup server concept. Third party applications provide a good mechanism for backing up a file server, however the traditional approach has a tremendous load on backing up a file server. The way the backup technologies work it takes long time to backup small files and therefore you will find file server backups taking over
the weekends for one full cycle of a couple of TB of backups. To overcome such challenges, the new approach of using deduplication helps a lot. Though it needs to scan the data but the amount of data travelling and therefore consuming media is reduced. Why this is relevant is because as per our experience 80-90% of a file server data does not change or gets accessed regularly but on every weekly full cycle it gets backed up and consumes large amount of media with actually duplicate backups. Another new approach that organizations can use for backing up the large file servers is a CDP approach. While VSS has been helping backing up files in use or what is traditionally known as open files, CDP acts as a real time backup, backing up the content the moment the user saves a file while working on it. For a large enterprise, this can create a slight overhead in terms of network usage but you get the best protection here. For NAS based file servers, NDMP backups are preferred and deduplication works there as well. Additionally, if the backup device is made local to the NAS by virtue of direct connection or FC SAN Switch connectivity, the backups speed up. • Replication: As again the backups protect only from local failures until you go for cloud based backups which offer deduplication and CDP also. To otherwise protect from site failure, replication or a DR site is the alternative. It works on the concept of the primary site and the secondary site. If the primary site goes down the secondary site can be brought up in no time and resume the services from secondary site. The main concern in the replication scenario is the connection between the primary site and the remote site and the sync time between both the sites. Bandwidth is the key concern in this scenario. • Clustering: Clustering of the servers is another feature with the Microsoft windows servers. Delivering a great
quality application with a rich feature set isn’t enough in all cases—increasingly; it must also meet high availability criteria. A cluster connects two servers together so that they appear as a single server to users. Connecting servers in a cluster allows for workload sharing, enables a single point of operation/management, and provides a path for scaling to meet increased demand. Thus, clustering gives you the ability to produce high availability applications. File Server functionality has potential security risks because it supports the transfer of unencrypted, clear-text files over a network. The File Server does not support encryption of any kind. Although the actual files themselves may be encrypted, the File Server will not encrypt or decrypt the files. Any unencrypted files will be sent through the network in clear text. File and directory names will always be in clear text as well. Due to these security risks, File Server is not designed to be used on a public network, and Microsoft strongly recommends that you use this functionality only on a private network. Microsoft also recommends that you do not share sensitive directories on your file server device. Best Practices for File server security • Do not share sensitive directories on your file server device • Enable a firewall on your network device • Use authentication • Create an exclusion list for sensitive folders and directories Default Registry Settings: You should be aware of the registry settings that impact security. If a value has security implications you will find a Security Note in the registry settings documentation. For file servers that must maintain high availability, restrict physical access to only designated individuals. In addition, consider to what extent you need to restrict physical access to network hardware. The details of how you implement physical security depend on your physical facilities and your 21
organization’s structure and policies. Even if the physical server is in a secure room, the file server might still be accessible through remote administration tools. Therefore, implement methods for restricting access to remote administration of file servers, and ensure that remote administration tools do not weaken your organization’s security model. For example, remote administration tools do not always use strong authentication protocols, such as Kerberos V5, to authenticate users across the network. You might be able to implement weaker protocols, such as NTLM, depending on the remote management tool you use and the operating system that is running on the host you are administering. In addition, certain remote administration tools might transmit unencrypted data (plaintext) across the network. This makes your data vulnerable to network sniffers. Virus Protection for File Servers: To protect file servers from viruses, plan to take the following precautions: • Use File server compatible antivirus software, and regularly update virus signature files. • Back up files regularly so that damage is minimized if a virus attack does occur. • With clustered file servers, you must use an antivirus program that is cluster aware. If it is not, failover might not occur correctly. If your organization does not have clusteraware antivirus software, you can install antivirus software on a non clustered server and use that server to periodically scan the drives that are mapped to the clustered file server. • For FRS-replicated content, you must use antivirus programs that are FRS compatible and that do not change the security descriptor of files. When you plan access to shared folders, determine the type of permissions to use, who needs access to the folders, and the level of access that users require. You can also disable administrative shares and hide shared folders.
22
Permissions define the type of access granted to a user or group for a file or folder. Windows Server 2003 offers two types of permissions: • NTFS permissions restrict local and remote access to files and folders on NTFS volumes. When you create a new folder, it inherits permissions from its parent folder. When you create a file in a folder, the file inherits permissions from the parent folder. • Share permissions restrict remote access to shared folders, but share permissions do not restrict access to users who log on to the server locally. Share permissions are available on both FAT and NTFS volumes. To increase security and prevent users from browsing through shared folders that are not relevant to their jobs, assign permissions only to groups that require access to the shared folders. To reduce administrative overhead when assigning permissions, do the following: • Assign permissions to groups rather than to users. • Place users in global groups or universal groups, nest these groups within domain local groups, and then assign the domain local groups permissions to the folder. You do not need to deny permissions for specific groups. When permission to perform an operation is not explicitly granted, it is implicitly denied. For example, if you allow the Marketing group, and only the Marketing group, permission to access a shared folder, users who are not members of the Marketing group are implicitly denied access. The operating system does not allow users who are not members of the Marketing group to access the folder. Assign the most restrictive permissions that still allow users to perform required tasks. The permissions that are associated with folders on NTFS volumes are Read, Write, List Folder Contents, Read & Execute, Modify and Full Control.
Administrative Shares: Windows Server 2003 creates shared folders, known as administrative shares, by default when you start a server or when you stop and then start the Server service. These folders are shared for administrative purposes, and they allow users and applications with the appropriate administrative rights to gain access to the system remotely. For example, some backup software applications use these shares to remotely connect to systems to back up data. Administrative shares have default share permissions that restrict access to members of only a few security groups. Each share name is appended with a dollar sign ($), which hides the share from users who browse the server. One type of administrative share is the root folder of every volume (C$, D$, and so on). You can disable these administrative shares temporarily or permanently. Encrypted File Storage: Windows 2000, Windows XP, and Windows Server 2003 support storing files that are encrypted using EFS. However, remote decryption is a potential security risk, because files are decrypted before transmission on the local server, and they are transmitted unencrypted over the network in plaintext. Therefore, before you allow encrypted files to be stored on file servers, decide whether the risk associated with transmitting unencrypted files over the network is acceptable. You can greatly reduce or eliminate this risk by enabling Internet Protocol security (IPSec) policies, which encrypts data that is transmitted between servers, or by using Web Distributed Authoring and Versioning (WebDAV) folders. WebDAV folders have many advantages compared to shared folders, so you should use them whenever possible for remote storage of encrypted files. WebDAV folders require less administrative effort and provide greater security than shared folders. WebDAV folders can also securely store and deliver files that are encrypted with EFS over the Internet by means of Hypertext Transfer Protocol (HTTP). Before users can encrypt files that reside on a remote file server, you must designate the
23
file server as trusted for delegation. Doing so allows all users with files on that server to encrypt their files. If you allow users to store encrypted files on file servers, review the following issues: • Users can encrypt files on remote NTFS volumes only when both the user’s computer and the file server are members of the same Windows Server 2003 forest. (This restriction does not apply to WebDAV folders.) • Users must have Write or Modify permissions to encrypt or decrypt a file. • Users cannot encrypt files that are compressed. If users encrypt a compressed file or folder, the file or folder is uncompressed. DFS and FRS Security: When planning to secure DFS namespaces and content replicated by FRS, follow these guidelines: • Use NTFS permissions to secure DFS targets. If you are using FRS to replicate DFS link target information, any permission changes you make on one member of the replica set replicate to other members. If you are not using FRS for automatic replication, you must set the permissions on targets and manually propagate any changes that occur. • When setting NTFS permissions, always use the path of the physical folder (\\ servername\sharename) instead of navigating through the DFS namespace to set permissions. This is especially important when you have multiple link targets for a given link. Setting permissions on a folder by using its DFS path can cause the folder to inherit permissions from its parent folder in the namespace. In addition, if there are multiple link targets, only one of them gets its permissions updated when you use the DFS path. • If you plan to use share permissions, note that FRS does not replicate share permissions; therefore, you must plan to implement identical share permissions
for each shared folder in a replica set. If you do not, users might have inconsistent access to shared folders across the network. • To prevent the spread of viruses in read-only FRS-replicated content, give the appropriate groups the NTFS Read & Execute permission, create a group for administrators who update content, and assign that group the NTFS Modify permission. Do not grant permissions to the Everyone group • For FRS-replicated content, you must use antivirus programs that are FRS compatible and that do not change the security descriptor of files. • You must have permissions on the DFS configuration object in Active Directory to add and delete roots to a domain-based DFS namespace. • You can create DFS link targets that point to shared folders containing data that is encrypted by using EFS. However, you cannot use FRS to replicate those files among multiple link targets. • Do not enable the RestrictAnonymous registry value on DFS root servers. Doing so restricts anonymous access and causes DFS referral failures. This registry value is also part of the HiSecWeb security template, which is designed to help secure Internet Information Services (IIS) at the operating system level. Cluster Security: When planning to secure clustered file servers, follow these guidelines: • After you create a folder by using Windows Explorer, verify that the Cluster service account has the Read permission on the folder so that you can share the folder properly by using Cluster Administrator. (Do not share the folder by using Windows Explorer.) • Use Cluster Administrator to set share permissions. If you change file share permissions using Windows Explorer or My Computer, instead of using
Permissions on the Parameters tab in Cluster Administrator, the permissions are lost when the resource is taken offline.
Protecting Microsoft SQL databases Microsoft SQL Server is Microsoft’s relational database acting as a backend database for various applications hosted either on the same server or a different application server accessed on the network. Based on the database workloads, different editions can be used for the same. Though a large size ERP deployment will see more of DB2 and Oracle implementations, Microsoft SQL is being used in a large number of SMB customers and even enterprises for their smaller applications. There are two phases to a DBMS protection strategy: 1. Data Protection - Ensure you have a second copy of the data 2. Data Availability - Prepare the redundant data and application to be brought on-line in case the primary becomes unavailable. Typically, SQL databases are protected using the traditional backup approaches. An enterprise having a backup application can schedule SQL server as a part of the backup scenario. For smaller setups, SQL has its own native backup utility which can help backing up the database regularly with a limitation of the backup device to be connected directly to the SQL server. As a general practice the data protection strategy will depend on the RPO & RTO requirements of the enterprise. A typical backup gives a longer RPO which can be further shortened by either shortening the backup frequency or using a replication strategy. Microsoft SQL supports the following replication strategies: 1. Snapshot Replication. 2. Transactional Replication
23
3. Merged Replication In any replication scenario, there are two main components: • Publishers have data to offer to other servers typically called the source database. • Subscribers are database servers that wish to receive updates from the publisher when the database is modified typically called the destination database. 1. .Snapshot replication: In this replication process, the publisher simply takes a snapshot of the entire replicated database and shares it with the subscribers. Of course, this is a very time and resourceintensive process. For this reason, most administrators don’t use snapshot replication on a recurring basis for databases that change frequently. There are two scenarios where snapshot replication is commonly used. First, it is used for databases that rarely change. Second, it is used to set a baseline to establish replication between systems while future updates are propagated using transactional or merge replication. 2. Transactional replication: This replication offers a more flexible solution for databases that change on a regular basis. With transactional replication, the replication agent monitors the publisher for changes to the database and transmits those changes to the subscribers. This transmission can take place immediately or on a periodic basis. 3. Merge replication: This process allows the publisher and subscriber to independently make changes to the database. Both entities can work without an active network connection. When they are reconnected, the merge replication agent checks for changes on both sets of data and modifies each database accordingly. If changes conflict with each other, it uses a predefined conflict resolution algorithm to determine the appropriate data. Merge replication is commonly used by laptop users and others who cannot be constantly connected to the publisher. 24
Most third party applications use the transactional replication method to replicate the database. MS-SQL’s built-in replication feature is designed to publish periodically updated, read only copies of selected data.
server but will have two nodes working in it. Hence, when one fails, the other takes over the operation from the failed server instantly and the user will not even know any difference while working on it during failover.
MS-SQL replicates the data through ‘log shipping’. This technique creates a baseline copy of the database. Once the baseline is established, Microsoft SQL Server periodically sends a log of recent transactions. These transactions can be applied to the copy of the database to bring it up-to-date. This updated copy of the database can then be used to replace the failed production system if needed.
Active/Passive Cluster: In an Active/Passive SQL Server there will be two physical servers and one will be working and the other does not operate until there is any problem in the first one. Once the working cluster SQL server fails, the other server takes over from it and starts functioning as regular SQL server without disturbing the workflow.
Key benefits of log shipping include: 1. Reliability if configured properly. 2. No need for investing in expensive hardware and software. 3. Easy to maintain. 4. Though performed manually, the failover time can be as short as around 15 minutes. 5. Standby server can be used as production server for other databases. One needs to be careful since an improper configuration can lead to slight data loss. Also log shipping tracks data changes only, not schema, security, or other DB changes. To ensure data and application availability, clusters can be established between two SQL servers. The main advantage of clustering SQL Server is that even if SQL Server fails on one cluster, the other cluster will immediately take over the operation and you will not be forced to stop the operations of your business. Types of SQL Cluster: Active/Active Cluster: In an Active/Active SQL Server, you will be running the server in both the nodes and every server will act as independent SQL Server. It is basically one physical cluster SQL
When comparing these two cluster SQL servers on performance, the active/passive is always a superior solution. However, it is high on the cost factor because you will need to have two separate physical servers at the same time.
Virtual Data Recovery (VDR) using Cloud Based Backup This scenario is helpful in case of a Total Disaster. Suppose if there is a Natural Disaster due to which whole of the infrastructure is affected and we can’t access our data and we do have the backup of our database (Cloud Backup Scenario) at some remote site. Then we can publish the database/Complete database Server on a Virtual Machine and make it accessible over the WAN. Then the administrators can redirect their SQL Clients Connections on the SQL Server on public IP. This way the customers can resume their business. The recovery of the backed up data in case of a disaster will be as follows:1. A template of desired server will be deployed on the VMware Infrastructure. 2. Data will be restored on the VM. 3. VM will be published on the WAN for Access Cloud based backup are always a good solutions because we have our backed up data at remote site. Also it serves the function of the DR. The proper security mechanism
25
(Encryption) prevents data leakage and breaching up to a large extent.
• Provides comprehensive reporting, auditing, and message trace capabilities
Protecting Microsoft Exchange Server
The database corruption can be handled using multiple strategies. Backup and recovery is one such strategy.
Exchange server protection includes the protection of 1. Businesses’ inbound and outbound email from spam, viruses, phishing scams, and email policy violations. 2. Databases from corruption. 3. Server from hardware/software failure. Microsoft provides online internet-based services that protect your businesses’ inbound and outbound email from spam, viruses, phishing scams, and email policy violations. The unique Forefront Online Protection for Exchange architecture provides the following components, each of which includes several key features: • Multi-engine, heuristics-enabled antivirus and multi-layered antispam helps eliminate threats before they reach the corporate firewall • Helps ensure business policy compliance using Regular Expressions based pattern matching • The add-on Exchange Hosted Encryption (EHE) service provides you with a convenient, easy-to-use identity based encryption solution • Provides flexible transport layer security (TLS) options at no additional cost to help secure business communication • The optional Directory Synchronization Tool helps synchronize your organization’s Active Directory users and their safe senders • Helps ensure that no email is lost or bounced in the network by automatically queuing email for up to five days in case your servers are unavailable
SUPPORTED BACKUP TECHNOLOGY Microsoft Exchange Server 2010 features a new, unified platform for high availability and site resilience that makes deploying redundant, highly available mailbox databases quicker and easier. But even the most extreme forms of redundancy and fault tolerance can’t protect you against every possible failure or disaster. Ensuring there’s sufficient protection for the critical data in your Exchange organization is a necessary operational task for all organizations. As part of your data protection planning, it’s important that you understand the ways in which data can be protected, and to determine of those ways, which best suits your organization’s needs. Data protection planning is a complex process that relies on many decisions that you make during the planning phase of your deployment. Microsoft Exchange Server 2007 and Exchange Server 2003 include two different options for data backup and recovery: Extensible Storage Engine (ESE) streaming backup APIs and support for the Volume Shadow Copy Service (VSS) backup APIs. Exchange 2010 no longer supports the ESE streaming APIs for backup and restore of program files or data. Instead, Exchange 2010 supports only VSS-based backups. Exchange 2010 includes a plug-in for Windows Server Backup that enables you to make VSS-based backups of Exchange data. You can use Windows Server Backup to back up and restore your Exchange databases. To back up and restore Exchange 2010, you must use an Exchange-aware application that supports the VSS writer for Exchange 2010, such as Windows Server Backup (with the VSS plug-in), Microsoft System Center Data Protection Manager, or a third-party Exchange-aware VSS-based application. Be aware of these limitations when using VSS for backup and restore of Exchange data:
• The VSS plug-in that ships with Exchange 2010 can be used to back up volumes containing active mailbox database copies or standalone (non-replicated) mailbox databases only. It can’t be used to back up volumes containing passive mailbox database copies. To back up passive mailbox database copies, you need either Microsoft System Center Data Protection Manager or a third-party Exchange-aware VSS-based application. • Passive mailbox database copies are backed up using a separate VSS writer in the Microsoft Exchange Replication service. The Microsoft Exchange Replication service VSS Writer doesn’t support restores. Although you can back up a passive mailbox database copy using Microsoft System Center Data Protection Manager or a third-party Exchange-aware VSS-based application, you can’t perform a VSS restore directly to a passive mailbox database copy. However, you can perform a VSS restore to an alternate location, suspend replication to the passive copy, and then copy the database and log files from the alternate location to the location of the passive database copy in the file system. A recovery database is an Exchange 2010 feature that replaces the recovery storage group (RSG) found in previous versions of Exchange. A recovery database is a special kind of mailbox database that allows you to mount a restored mailbox database and extract data from the restored database as part of a recovery operation. You can use the Restore-Mailbox cmdlet to extract data from a recovery database. After extraction, the data can be exported to a folder or merged into an existing mailbox. Recovery databases enable you to recover data from a backup or copy of a database without disturbing user access to current data. Database portability is a feature that enables an Exchange 2010 mailbox database to be moved to and mounted on any other Exchange 2010 Mailbox server in the same organization. By using database portability, reliability is improved by removing several error-prone, manual steps from the recovery
25
processes. In addition, database portability reduces the overall recovery times for various failure scenarios. Dial tone portability is a feature that provides a limited business continuity solution for failures that affect a mailbox database, a server, or an entire site. Dial tone portability enables a user to have a temporary mailbox for sending and receiving e-mail while the original mailbox is being restored or repaired. The temporary mailbox can be on the same Exchange 2010 Mailbox server or on any other Exchange 2010 Mailbox server in your organization. This allows an alternative server to host the mailboxes of users who were previously on a server that’s no longer available. Clients that support Autodiscover, such as Microsoft Outlook 2010 or Office Outlook 2007, are automatically redirected to the new server without having to manually update the user’s desktop profile. After the user’s original mailbox data has been restored, an administrator can merge a user’s recovered mailbox and the user’s dial tone mailbox into a single, up-to-date mailbox. A backup creates a point-in-time copy of your data. Backups are typically used for the following scenarios, • Disaster recovery – In the event of a hardware or software failure, multiple database copies in a database availability group (DAG) enable high availability with fast failover with no data loss. This eliminates the end-user downtime and resulting lost productivity that’s a significant cost of recovering from a past point-intime backup to disk or tape. DAGs can be extended to multiple sites and can provide resilience against datacenter failures. • Recovery of accidentally deleted items – Historically, in a situation where a user deleted items that later needed to be recovered, it involved finding the backup media on which the data that needed to be recovered was stored, and then somehow obtaining the desired items and providing them to the user. With the new Recoverable Items Folder in Exchange 2010 and the Hold Policy that can be applied
26
to it, it’s possible to retain all deleted and modified data for a specified period of time, so recovery of these items is easier and faster. This reduces the burden on Exchange administrators and the IT help desk by enabling end users to recover accidentally deleted items themselves, thereby reducing the complexity and administrative costs associated with single item recovery. • Long-term data storage – Sometimes, backups also serve an archival purpose, and typically tape is used to preserve point-in-time snapshots of data for extended periods of time as governed by compliance requirements. The new archiving, multiple-mailbox search, and message retention features in Exchange 2010 provide a mechanism to efficiently preserve data in an end-user accessible manner for extended periods of time. This eliminates expensive restores from tape, and increases end-user productivity by enabling rich clients such as Microsoft Outlook and Outlook Web App access to older data. • Point-in-time database snapshot – If a past point-in-time copy of mailbox data is a requirement for your organization, Exchange provides the ability to create a lagged copy in a DAG environment. This can be useful in the rare event that there’s a logical corruption that replicates across the databases in the DAG, resulting in a need to return to a previous point in time. It may also be useful if an administrator accidentally deletes mailboxes or user data. Recovery from a lagged copy can be faster than restoring from a backup because lagged copies don’t require a time-consuming copy process from the backup server to the Exchange server. This can significantly lower total cost of ownership by reducing end-user downtime. Exchange 2010 also promotes backup-less exchange concept.
The concept behind ‘backup-less’ Exchange A backup is nothing more than a point-intime copy of your data. It is this deceptively simple definition that led to the idea of running Exchange 2010 without backups. Some say running Exchange 2010 without backups is safe because of the way database availability groups (DAGs) work. A single DAG can contain up to 16 mailbox servers and an individual mailbox database can be replicated to any combination of mailbox servers within the DAG. The argument against backing up Exchange 2010 boils down to how many copies of data you really need. If you already have 16 replicas of a mailbox database, do you really need a seventeenth copy as backup? Important Exchange backup considerations While the argument against backing up Exchange 2010 in environments with DAGs sounds logical, there are a number of important factors to consider before ditching your backup system. • DAG size: While you can include up to 16 mailbox servers in a DAG, you can also create very small groups. Therefore, you must consider the size of your DAG before abandoning backups. Microsoft recommends that you only consider going without a backup if you have three or more mailbox servers in your DAG. • Transaction logs: Typically, when you back up an Exchange mailbox server, the contents of transaction logs are committed to the database as part of the backup process. If you never perform a backup, the transaction logs accumulate until the volume runs out of disk space. Because of this, organizations that do not back up Exchange 2010 must enable circular logging to prevent log file accumulation. • Offsite storage: It’s easy to think of a backup-less Exchange organization in the same way as a disk-based backup
27
solution because database contents are replicated to other servers. However, organizations that depend on disk-based backups usually adopt a diskto-disk-to-tape solution where the diskbased backups are periodically copied to tape and stored offsite. If the data center burns down, the backups remain safe. If you’re considering operating Exchange without backups, it’s smart to place a few DAG members in a remote data center. That way, your data remains protected even if something happens to your primary data center. • Point-in-time recovery: The biggest disadvantage to running Exchange 2010 without backups is that you lose the option of accurate point-in-time recoveries. For example, imagine that your entire company became infected with a virus. In this situation, you could restore a backup that was made prior to the infection, rather than trying to remove every infected message from your mailbox database. This is simple with a traditional backup, but isn’t practical if you go without. It is possible to perform a point-in-time recovery without a backup. Microsoft does let you create lagged database copies that log files are not immediately replayed on. That way, if you need to revert to a particular point in time, you can activate a lagged copy. As you can see, it’s perfectly feasible to run Exchange 2010 without traditional backups in certain situations. Compliance still needs backups as backups so just add deduplication and CDP to your Exchange backups if you still need traditional backups.
Recovering from Hardware Failures Almost all of the configuration settings for Mailbox, Client Access, Hub Transport, and Unified Messaging server roles are stored in Active Directory. As with previous versions of Exchange, Exchange 2010 includes a Setup parameter for recovering lost servers. This parameter, /m:RecoverServer, is used to rebuild and re-create a lost server by using
the settings and configuration information stored in Active Directory.
6. Make recovery time proportional to the amount of data recovered
Protecting Oracle databases
7. Have a single centralized repository of metadata for all the existing databases in the organization
There are three scenarios of losing a database: 1. A server/storage or database failure: RMAN provides granular recovery to quickly recover from these local failures. 2. Database Logical Corruption: Flashback database. 3. High Availability: Oracle Real Application Clusters (RAC). 4. Site failures: Data Guard. Recovery Manager (RMAN) Recovery Manager (RMAN) is an Oracle utility that can back up, restore, and recover database files. The product is a feature of the Oracle database server and does not require separate installation. Recovery Manager is a client/server application that uses database server sessions to perform backup and recovery. It stores metadata about its operations in the control file of the target database and, optionally, in a recovery catalog schema in an Oracle database. RMAN can be invoked as a commandline executable from the operating system prompt or use some RMAN features through the Enterprise Manager GUI.
RMAN (Recovery Manager) helps the integration between the backup application and Oracle APIs for taking an online backup. RMAN works even independent of any third party application. However, for ease of administration and scheduling third party software add their features over and above the basic RMAN. RMAN needs scripts to be run to execute a backup job. Once started, it sends data to its libnora.so file which in turn sends it the corresponding file of the integrated backup application. RMAN supports granular backup and recovery thereby you can backup a full database or its selected components like datafiles, tablespaces, controlfiles, archive logs etc. Similarly based on the data loss, you can recover either the entire database or its selected component to get your database up and running again.
4. Utilize all available media hardware
Flashback Database The Flashback Database feature provides fast recovery from logical data corruption and user errors. By allowing you to flash back in time, previous versions of business information that might have been erroneously changed or deleted can be accessed once again. This was introduced in Oracle 9i and made simpler in Oracle 10g. Flashback Database is faster than traditional point-in-time recovery. The traditional recovery methods use backups and redo log files; Flashback Database is implemented using a new type of log file called the Flashback Database log. The Oracle database server periodically logs before images of data blocks in the Flashback Database logs. The data block images are used to quickly back out changes to the database during Flashback Database.
5. Make backups proportional to the size of transactional changes, not to the size of database
Flashback Database reduces the time required to recover the database to a point in time. The time to restore a database is
Most production database systems impose stringent requirements on backup and recovery. RMAN facilitates the following tasks: 1. Manage the complexity of backup and recovery operations 2. Minimize the possibility of human error 3. Make backups scalable and reliable
27
proportional to the number of changes that need to be backed out, not the size of the database.
transparency is the key technology that provides the fast, efficient scaling of Oracle9i Real Application Clusters.
This feature:
RAC and Data Guard together provide the benefits of both system-level, site-level, and data-level protection, resulting in high levels of availability and disaster recovery without loss of data. RAC addresses system failures by providing rapid and automatic recovery from failures, such as node failures and instance crashes. It also provides increased scalability for applications. Data Guard addresses site failures and data protection through transactionally consistent primary and standby databases that do not share disks, enabling recovery from site disasters and data corruption.
1. Eliminates the need to restore a backup and roll forward changes up to the time of the error or corruption. Instead, Flashback Database can roll back an Oracle database to a previous point-in-time, without restoring datafiles. 2. Provides an alternative to delaying the application of redo to protect against user errors or logical corruptions. Therefore, standby databases can be more closely synchronized with the primary database, thus reducing failover and switchover times. 3. Avoids the need to completely re-create the original primary database after a failover. The failed primary database can be flashed back to a point in time before the failover and converted to be a standby database for the new primary database. Oracle RAC: RAC enables multiple independent servers that are linked by an interconnect to share access to an Oracle database, providing high availability, scalability, and redundancy during failures. Oracle RAC relies on clustered hardware and permits multiple instances to share a single database. RAC offers high availability with Transparent Application Failover (TAF) in which active sessions on a failed node or instance can be automatically failed over to surviving instances on other nodes. RAC also provides scalability. The workload can be spread among all nodes, while maintaining constant response times. Based on Oracle’s Cache Fusion architecture, Oracle9i Real Application Clusters enables sharing of frequently accessed data across all the servers in a cluster. When a remote cache server a query request, the block is transferred across the high-speed cluster interconnect from one node’s cache to another. This “fusing of the caches” happens automatically and is transparent to the application. This
28
Oracle DataGuard: To ensure high availability, data protection, and disaster recovery for enterprise data, Oracle provides another utility Oracle Data Guard. Data Guard provides a comprehensive set of services that create, maintain, manage, and monitor one or more standby databases to enable production Oracle databases to survive disasters and data corruptions. Data Guard maintains these standby databases as transactionally consistent copies of the production database. Then, if the production database becomes unavailable because of a planned or an unplanned outage, Data Guard can switch any standby database to the production role, minimizing the downtime associated with the outage. Data Guard can be used with traditional backup, restoration, and cluster techniques to provide a high level of data protection and data availability. With Data Guard, administrators can optionally improve production database performance by offloading resource-intensive backup and reporting operations to standby systems i.e. instead of adding backup and reporting load on production database, administrators can run backups and reports on standby systems. A Data Guard configuration consists of one production database and one or more standby databases. The databases in a Data Guard configuration are connected by Oracle Net and may be dispersed geographically.
There are no restrictions on where the databases are located, provided they can communicate with each other. For example, you can have a standby database on the same system as the production database, along with two standby databases on other systems at remote locations. You can manage primary and standby databases using the SQL commandline interfaces or the Data Guard broker interfaces, including a command-line interface (DGMGRL) and a graphical user interface that is integrated in Oracle Enterprise Manager. Figure below shows a typical Data Guard configuration that contains a primary database that transmits redo data to a standby database. The standby database is remotely located from the primary database for disaster recovery and backup operations. You can configure the standby database at the same location as the primary database. However, for disaster recovery purposes, Oracle recommends you configure standby databases at remote locations. The redo data transmitted from the primary database is written on the standby system into standby redo log files, if configured, and then archived into archived redo log files. Log apply services automatically apply the redo data on the standby database to maintain consistency with the primary database. It also allows read-only access to the data. The main difference between physical and logical standby databases is the manner in which log apply services apply the archived redo data: For physical standby databases, Data Guard uses Redo Apply technology, which applies redo data on the standby database using standard recovery techniques of an Oracle database, as shown in Figure below For logical standby databases, Data Guard uses SQL Apply technology, which first transforms the received redo data into SQL statements and then executes the generated SQL statements on the logical standby database, as shown in Figure below
29
Multiple protection modes are available when using the Data Guard. In some situations, a business cannot afford to lose data. In other situations, the availability of the database may be more important than the loss of data. Some applications require maximum database performance and can tolerate some small amount of data loss. The following descriptions summarize the three distinct modes of data protection Maximum protection This protection mode ensures that no data loss will occur if the primary database fails. To provide this level of protection, the redo data needed to recover each transaction must be written to both the local online redo log and to the standby redo log on at least one standby database before the transaction commits. To ensure data loss cannot occur, the primary database shuts down if a fault prevents it from writing its redo stream to the standby redo log of at least one transactionally consistent standby database. Maximum availability This protection mode provides the highest level of data protection that is possible without compromising the availability of the primary database. Like maximum protection mode, a transaction will not commit until the redo needed to recover that transaction is written to the local online redo log and to the standby redo log of at least one transactionally consistent standby database. Unlike maximum protection mode, the primary database does not shut down if a fault prevents it from writing its redo stream to a remote standby redo log. Instead, the primary database operates in maximum performance mode until the fault is corrected, and all gaps in redo log files are resolved. When all gaps are resolved, the primary database automatically resumes operating in maximum availability mode. This mode ensures that no data loss will occur if the primary database fails, but only if a second fault does not prevent a complete set of redo data from being sent from the primary database to at least one standby database. Maximum performance This protection mode (the default) provides the highest level of data protection that is possible without affecting the performance of the primary database. This is accomplished by allowing
a transaction to commit as soon as the redo data needed to recover that transaction is written to the local online redo log. The primary database’s redo data stream is also written to at least one standby database, but that redo stream is written asynchronously with respect to the transactions that create the redo data. When network links with sufficient bandwidth are used, this mode provides a level of data protection that approaches that of maximum availability mode with minimal impact on primary database performance. The maximum protection and maximum availability modes require that standby redo log files are configured on at least one standby database in the configuration. All three protection modes require that specific log transport attributes be specified on the LOG_ARCHIVE_DEST_n initialization parameter to send redo data to at least one standby database.
Summary of Data Guard Benefits Data Guard offers these benefits: Disaster recovery, data protection, and high availability Data Guard provides an efficient and comprehensive disaster recovery and high availability solution. Easy-to-manage switchover and failover capabilities allow role reversals between primary and standby databases, minimizing the downtime of the primary database for planned and unplanned outages. Complete data protection Data Guard can ensure no data loss, even in the face of unforeseen disasters. A standby database provides a safeguard against data corruption and user errors. Storage level physical corruptions on the primary database do not propagate to the standby database. Similarly, logical corruptions or user errors that cause the primary database to be permanently damaged can be resolved. Finally, the redo data is validated when it is applied to the standby database.
Efficient use of system resources The standby database tables that are updated with redo data received from the primary database can be used for other tasks such as backups, reporting, summations, and queries, thereby reducing the primary database workload necessary to perform these tasks, saving valuable CPU and I/O cycles. With a logical standby database, users can perform normal data manipulation on tables in schemas that are not updated from the primary database. A logical standby database can remain open while the tables are updated from the primary database, and the tables are simultaneously available for read-only access. Finally, additional indexes and materialized views can be created on the maintained tables for better query performance and to suit specific business requirements. Flexibility in data protection to balance availability against performance requirements Oracle Data Guard offers maximum protection, maximum availability, and maximum performance modes to help enterprises balance data availability against system performance requirements. Automatic gap detection and resolution If connectivity is lost between the primary and one or more standby databases (for example, due to network problems), redo data being generated on the primary database cannot be sent to those standby databases. Once a connection is reestablished, the missing archived redo log files (referred to as a gap) are automatically detected by Data Guard, which then automatically transmits the missing archived redo log files to the standby databases. The standby databases are synchronized with the primary database, without manual intervention by the DBA. Centralized and simple management The Data Guard broker provides a graphical user interface and a command-line interface to automate management and operational tasks across multiple databases in a 29
Data Guard configuration. The broker also monitors all of the systems within a single Data Guard configuration. Integration with Oracle Database Data Guard is a feature of Oracle Database Enterprise Edition and does not require separate installation. Automatic role transitions When fast-start failover is enabled, the Data Guard broker automatically fails over to a synchronized standby site in the event of a disaster at the primary site, requiring no intervention by the DBA. In addition, applications are automatically notified of the role transition.
Protecting Sharepoint Farms Security Prospects While Deploying the Share Point Server: The modular nature of SharePoint means your deployment typically requires individual SharePoint servers. Thus if we want our share point server to be secure, we must configure these individual servers to be secure. Securing SQL server: Data in Share Point lists and libraries are stored in the underlying database server, so first of all securing database server is important. 1. Install Sharepoint server and SQl server on different hardwares, if not possible use virtual server to save costs. 2. Installing sharepoint and SQL on same server then the server is having large attack surface, to minimize the attack area recommendation is to install SQl server and SharePoint server on different servers. 3. It is also good idea to disable the unused components and services. To do this we can use SQL server surface area tools. This tools is available under start>ALL Programs>Microsoft SQL server 2005>Configuration Tools Menu. 4. Authentication Mode: SQL Server can be configured using either windows mode
30
or mixed mode. From security point of view we must configure SQL server using Windows mode. Windows mode is more secure than then the mixed mode because it uses the Kerberos security protocol during the authentication process. Moreover, Windows authentication uses domain user accounts, so any password policies you have established within your Active Directory remain in effect. Service Accounts: 1. Administrators generally use a single service account and use it throughout the sharepoint installation process, the resulting SharePoint server is functional, but approach is risky from security point of view. The Problem is that whenever you use a service account is gains right to perform some particular tasks. Using one single account for entire installation process will give excessive rights to this account. Someone could then run code on a SharePoint server that exploits these excessive rights and gain control over the server. 2. It is also advisable to create a special user account solely for the purpose of installing SharePoint and SQL server. Also make this user a member of the local Administrator’s group on each of your SharePoint servers. You must also make the account a member of the SQL Server Logins group, which will let the account log into your SQL Server instance. 3. Finally, you’ll need to assign the account the SQL Server Database Creator and SQL Server Security Administrator roles on your SQL Server. These roles give the accounts permission to create and modify databases and manage the SQL Server’s security. These special permissions are the basis of the recommendation to use a dedicated user account. 4. Besides creating an account specifically for the SharePoint installation process, you’ll have to create a few other service accounts:
• Database Access Account. This is the account SharePoint will use to communicate with the SQL Server database. • SharePoint Search Service Account. The SharePoint Search Service will use this account to write content index files to the index server, and to replicate the index information to any query servers that exist in the farm. • Content Access Account. This account is used to crawl content within a specific Shared Service Provider. In some cases, you may need to create multiple content access accounts so that multiple content sources can be crawled individually. • Application Pool Service Account. Worker processes within IIS use this account. Web applications within the pool must have a way of accessing SharePoint content databases, and the Application Pool Identity account facilitates this process. • SQL Server Service Account. SQL Server also requires a service account, and you should use a dedicated account for this purpose. Encrypting Traffic One element that is sometimes overlooked is Public Key Infrastructure (PKI).You need to have PKI in place before deploying SharePoint so you can properly encrypt SharePoint traffic. HTTP traffic between SharePoint servers and end users needs to be SSL-encrypted (using HTTPS). Likewise, traffic between SharePoint servers should be encrypted using IPSec. Both types of encryption are dependent on certificates and on an underlying PKI infrastructure. These security best practices are by no means comprehensive. They are, however, a good starting point you can use to ensure that your SharePoint installation is as secure as possible.
31
BACKUP OF SHAREPOINT SERVER After deploying the SharePoint server with best recommended practices, it is also advisable to perform the daily backup for SharePoint server. All third party applications available support backup of sharepoint components like Content, index, customizations, configurations, database servers, binary files and IIS configuration. The most important component of this is the SQL database server and in another section in the newsletter we have covered the SQL database backups as well. Replication of SharePoint Server Replication is another way of protecting data against disasters and human interferences. By using Replication techniques data from the production site can be generated/replicated to some other place (secondary site). Data from the production site is replicated to the secondary site and in case of disasters when primary site goes down users are connected to secondary site in hardly anytime. Replication can be performed either at server level or storage level. Clustering /High Availability
Redundancy With In a Farm: SharePoint Server 2010 supports running server roles on redundant computers (that is, scaling out) within a farm to increase capacity and to provide basic availability. The capacity that you require determines both the number of servers and the size of the servers in a farm. After you have met your base capacity requirements, you may want to add more servers to increase overall availability.
Protecting DB2 databases For DB2 data protection we can use 2 strategies: • Backup • Replication Backup of DB2 Database DB2 provides means for recovering data to its current state or to an earlier state. The units of data that can be recovered are table spaces, indexes, index spaces, partitions, data sets, and the entire system. For Backup & Recovery you should develop procedures to:
Hardware Redundancy: Hardware component fault tolerance is the redundancy of hardware components and infrastructure systems such as power supplies at the server level. When planning for hardware component fault tolerance, consider the following:
• Create a point of consistency
• Complete redundancy of every component within a server may be impossible or impractical. Use additional servers for additional redundancy.
• Recover the DB2 catalog and directory and your data
• Ensure that servers have multiple power supplies connected to different power sources for maximum redundancy.
• Recover from a hardware or power failure
In any system, we recommend that you work with hardware vendors to obtain fault-tolerant hardware that is appropriate for the system, including redundant array of independent disks (RAID) arrays.
• Recover from a disaster off-site
• Recover system and data objects to a point of consistency • Back up the DB2 catalog and directory and your data
• Recover from out-of-space conditions
• Recover from a z/OS component failure
The principal tools for DB2 recovery are the QUIESCE, REPORT, COPY, RECOVER, MERGECOPY, BACKUP SYSTEM, and RESTORE SYSTEM utilities.
Several third party backup applications are available that support online backup and recovery of DB2 databases. DB2 Replication The native DB2 replication solution has four components: Administration Capture Apply Alert Monitor The four components communicate via relational tables, called control tables.The control tables are created and populated using the Replication Center. The Capture, Apply, and Alert Monitor programs read and update information in the control tables. Administration The Replication Center is a graphical user interface used to define replication sources and map sources to targets. It is also used to manage and monitor the Capture and Apply processes on local and remote systems. The Replication Center runs on Windows and UNIX/Linux systems and must have connectivity to both the source and target servers. The DB2 V8 Administration Client for Windows and UNIX includes the Replication Center. Capture Changes to DB2 source tables are captured by a Capture program running at the source server. The DB2 source server can be DB2 for z/OS and OS/390 Versions 6,7 and 8, DB2 for iSeries on OS/400 V5R2, or DB2 for Windows and UNIX Version 8. Changes to Informix source tables are captured by triggers created automatically when the replication source is defined. Data can be filtered by column during the Capture process. The captured changes are stored in a table local to the source table and are automatically deleted after they have been applied. Apply Captured changes are applied to target tables by Apply programs. The Apply program can run on any server and must have connectivity to both the source and the target servers. Data can be filtered by
31
Several third party backup applications are available that support online backup and recovery of DB2 databases. DB2 Replication The native DB2 replication solution has four components: Administration Capture Apply Alert Monitor The four components communicate via relational tables, called control tables.The control tables are created and populated using the Replication Center. The Capture, Apply, and Alert Monitor programs read and update information in the control tables. Administration The Replication Center is a graphical user interface used to define replication sources and map sources to targets. It is also used to manage and monitor the Capture and Apply processes on local and remote systems. The Replication Center runs on Windows and UNIX/Linux systems and must have connectivity to both the source and target servers. The DB2 V8 Administration Client for Windows and UNIX includes the Replication Center. Capture Changes to DB2 source tables are captured by a Capture program running at the source server. The DB2 source server can be DB2 for z/OS and OS/390 Versions 6,7 and 8, DB2 for iSeries on OS/400 V5R2, or DB2 for Windows and UNIX Version 8. Changes to Informix source tables are captured by triggers created automatically when the replication source is defined. Data can be filtered by column during the Capture process. The captured changes are stored in a table local to the source table and are automatically deleted after they have been applied. Apply Captured changes are applied to target tables by Apply programs. The Apply program can run on any server and must have connectivity to both the source and the target servers. Data can be filtered by
32
column, filtered by row, joined with other data (using views), and transformed with SQL expressions during the Apply process. Bidirectional replication, including peer-topeer is supported only for the DB2 family. Alert Monitor The Replication Alert Monitor is included with DB2 V8 for Windows and UNIX, and with DB2 Data Propagator for z/OS and OS/390. It can be used to monitor replication on those platforms as well as replication on iSeries. The Alert Monitor has its own set of control tables, defined with the Replication Center. Replication administrators define thresholds and events through the Replication Center for Capture and Apply servers. You can also define users or groups of users to receive e-mail notification when an alert occurs. The server where the monitor runs is called the Monitor Server. A monitor server can monitor one or more local and/or remote servers. The Alert Monitor does not monitor the Capture triggers on non-DB2 source servers.
Protection for SAP database servers SAP backups protect SAP system data and integrates with the database-specific utilities of IBM DB2, Oracle, and SAP BR* Tools, which are a set of database administration functions incorporated into SAP for Oracle databases. This improves the availability of SAP database servers and reduces administration workload with automated data protection features designed specifically for SAP environments. Traditional third party applications integrate with SAP backup and recovery utilities BRBACKUP, BRARCHIVE, BRRESTORE and BRRECOVER, and apply SAP backup and recovery procedures. Data Protection for SAP is optimized for SAP databases and therefore provides efficient management of large data volumes.
SAP for Oracle integration with SAP Backup applications operate as a transparent link between Oracle and BR*Tools and backup application. SAP provides two adapters: backint This executable file is called directly by SAP and is used to perform full database backups
(online and offline) and back ups of control and redo log files. orasbt.dll| This shared media management library is dynamically linked by Oracle RMAN. When a backup is performed using this shared library, SAP communicates through Oracle RMAN instead of Data Protection for SAP. Incremental backups are also available when using RMAN with this shared library. Both adapters share the init.utl profile file. This file contains information that describes how to perform backups and restores and can be customized for the SAP environment. Both adapters communicate with the third party backup application server through an API. BACKINT interface SAP provides BACKINT interface to perform full online and offline backups of Oracle databases, control files, and redo log files. The BACKINT interface communicates directly with SAP. The BR*Tools record the status of the Oracle data file backups and logfile backups by using tables contained within the Oracle database and system data. This information enables SAP to automatically restore the correct data files and their specific database transaction log files (redo log files), if necessary. The data files reside in the Oracle database (Oracle Instance). Backup applications receive data through the BACKINT interface and save them to the backup device. A backup operation proceeds in the following order: 1. The BR*Tools utility BRBACKUP informs Oracle which data is to be backed up. It then places the database in the proper ‘online or offline backup state. 2. BRBACKUP calls Data Protection for SAP through the BACKINT interface with a list of all files to be backed up. 3. Data Protection for SAP reads all requested files from the database and reports back to BRBACKUP. BRBACKUP adds these files to the repository that contains all processed backups.
33
4. BACKINT saves the data to the backup device through the backup application.
• creates a unique timestamp to identify the backup
5. The BR*Tools update the file repository with status information about the files.
• loads Data Protection for SAP dynamically as a shared library
The SAP database administration provides four tools (referred to as the BR*Tools) for Oracle databases:
• reads the data from the database containers
Manager accesses Data Protection for SAP to determine if the log images are available on the backup application. If available, Data Protection for SAP retrieves the data from the backup application and sends them as blocks to the DB2 Log Manager which writes the log files to the file system. The log files are then applied to the database using DB2 processes.
• reads the DB2 configuration files • BRBACKUP: Provides online or offline partial or full backups of tablespaces. • BRARCHIVE: Provides back ups of archived redo log files. • BRRESTORE: Provides system-guided restore of Oracle backups. • BRRECOVER: Provides recover capabilities. Some people choose to backup SAP on Oracle using Oracle RMAN. This might be a good practice only for the Oracle database, it does not backup the SAP configurations and components.
SAP for DB2 integration with SAP Backup applications integrate well with DB2 APIs to provide online DB2 database backups. Most applications help protect the DB2 database and the application configuration can be backed up separately. DB2 command line processor The DB2 Command Line Processor (CLP) interprets commands for the DB2 database and passes control to a DB2 Server Process. In the case of Data Protection for SAP® for DB2, the “LOAD ” option instructs DB2 to invoke the Data Protection for SAP shared library. This process launches the backup or restores operation, dynamically loads the library, and communicates with Data Protection for SAP through the Vendor API. For starting a backup or restore, the DB2 CLP communicates with the DB2 Server Process and provides information to the Server Process for processing the database. The DB2 BACKUP DATABASE command performs this DB2 Server process:
Backup objects and types of failures • creates data blocks containing the backup image and passes these blocks to the data mover part of Data Protection for SAP The Data Protection for SAP shared library sends the data to the backup device through the backup application. At the end of the backup process, the DB2 Server process logs the backup in the Recovery History File. DB2 Backup Object Manager Utility Backup objects, such as database or table space backups and DB2 log files, can be managed with the DB2 Backup Object Manager. Information about Backup Object Manager commands and options is provided. The Backup Object Manager is designed to handle DB2 log files archived with Data Protection for SAP, the SAP® tool BRARCHIVE. No special Backup Object Manager customization or configuration is necessary. Data Protection for SAP for DB2 is loaded dynamically by the DB2 Log Manager as a shared library on UNIX or Linux, or as a dynamic link library (DLL) on Windows, and runs as part of the DB2 engine. When a log file is ready to be archived (online/ offline retained), the DB2 Log Manager starts the archive process by passing the file as blocks to Data Protection for SAP. The data is then sent to the backup device through the backup application server. When a database roll forward recovery is issued, the DB2 Log Manager first checks if the corresponding log files are located either in the log path or in an overflow log path as specified in the DB2 roll forward command invocation. If the log files are not found at one of these locations, the DB2 Log
Corrupt database In case of a corrupted database (caused by user errors or transaction failures), the database can be restored to a specific point in time. Restoring only the database and configuration files should be sufficient for a specific point in time operation. As a result, a backup image of the database and the corresponding DB2 log files are required. Hardware failure In the event of a storage hardware failure, the database is typically restored to the most recent point in time. Thus, the most recent database image and DB2 log files are restored. However, the database executable files, SAP system data, and user data might also need to be restored in the event of a hardware failure. In order to protect the system against the loss of SAP executable files, user data, or even operating system data, use the backup application backuparchive client incremental backup feature. You can use the client to define an includeexclude list of files that to be backed up during incremental backup operation. Disaster recovery For a complete disaster recovery operation, all operating system data must be restored along with the database image, DB2 log files, database executable files, SAP system data, and user data. To help prevent a complete loss of the operating system, use operating system utilities (such as mksysb for AIX®) to perform system backups. Such backups should be performed after installing, updating, or upgrading the operating system. This will allow you to start your system from the backup medium. A configured TCP/IP environment and the backup application Backup-Archive client installation should be
33
included in a base backup in order to be able to restore all data. Since there is no provision for backing up online DB2 log files that are required for disaster recovery, place the DB2 log directory on a mirrored disk.
Protecting Citrix Virtualized Servers There are several ways of protecting virtual machines (VMs) running on Citrix XenServer. These include: Agent Based Backup An agent based backup is the traditional way of performing file and full-system backups. In this scenario, a backup agent is installed in the VM guest operating system. A backup job or policy is defined in the backup software, and during the defined backup window the agent starts copying files to the desired backup server/backup medium. This solution offers simple file-level restore functionality, and many backup vendors have tailored their solutions to the backup needs of specific applications. For example, some vendors have engineered their backup agents for complex applications like Microsoft Exchange or SQL Server. Although this method is proven to be very reliable, by default it does not benefit from any of the advanced features offered by an enterprise level virtualization platform. An implementation like this is the same as for a physical server environment. It also puts additional load on the storage where the virtual servers are created especially if multiple servers need to backup at the same time. Backend Storage Replication When using Citrix XenServer with a shared Storage Repository (SR), it is possible to use storage replication mechanism on the storage backend. Most NAS and SAN storage vendors offer solutions which can replicate data from one storage array to another, at the volume or LUN level. Third-party technologies for data replication are also widely available. Using backend storage replication to an agent or snapshot-based VM backups is a best practice.
34
Storage replication can be done to a storage array at a different location, this approach provides both backup and disaster recovery for virtual machines. Citrix XenServer has built-in functionality to export VM metadata which can be stored on the Storage Repository and replicated by the storage backend at the LUN or volume level. Storage Replication is an out-of-band solution, and has no awareness of the VM state. As a result, there is a possibility of data inconsistency. Because this solution replicates the whole VM, file-level restoration is more complicated. Manual Snapshots - XenCenter XenServer includes disk snapshot capability for all Storage Repository types. XenCenter has been designed with a simple GUI to quickly and easily create a snapshot a virtual machine for backup purposes. Creating manual snapshots from XenCenter to backup a VM is mainly intended for ad-hoc backups of VMs. For example, before applying a Hotfix or service pack, a snapshot of the virtual machine can be taken so there is a mechanism of rolling back to a stable configuration. Snapshots created from XenCenter do not quiesce virtual machine disks. Restoring files in this solution requires restoration of the full VM and manual file retrieval after this. Restoring the VM can be done from XenCenter, by creating a new VM from the snapshot. Scripted Snapshots through XenAPI XenServer VM snapshots can also be made from either the XenServer (remote) CLI or through a XenServer API call. Snapshots created in this way can use the Citrix VSS provider for Windows VMs, which results in an application-consistent snapshot. Creating snapshots this way can be scripted and automated, which makes it possible to schedule a daily backup of the VMs in the environment. Although the snapshot creation is initiated from either the CLI or
through an API call, the snapshot shows up in the VM’s snapshot list in XenCenter. This can simplify the process of performing a full VM restoration. File-based restoration still requires the VM to be restored and manual file retrieval. Enhanced Backup Enablement with Third Party Backup Products XenServer includes features to combine snapshot functionality with a third party backup solution. This has benefit from both the speed and size requirement of the XenServer snapshot functionality, while still protecting investments in existing third party backup solutions. This is a great approach for customers wanting to continue to leverage the benefits of the applicationlevel awareness provided by agent-based solutions. The specific interaction between the backup software and the XenServer environment varies, depending on the specific implementation of the third party backup solution. The snapshot can be either initiated from the backup software through a XenServer API call, or the snapshot can be initiated by the backup agent software in the VM via the VSS framework.
Protecting Hyper-V Virtualized Server Protecting Hyper-v with Data protection manager: Overview: Data Protection Manager 2010 (DPM 2010) is part of the System Center family of management products from Microsoft. It delivers unified data protection for Windows servers such as SQL Server, Exchange, SharePoint, Virtualization and file servers – as well as Windows desktops and laptops. • New in 2010 is the ability for roaming laptops to get centrally managed policies around desktop protection. Your laptop data will be protected whether you are connected to the corporate network or travelling.
35
• DPM 2010 also provides native site-to-site replication for Disaster Recovery to either another DPM 2010 server or an off-site cloud provider. • Centrally managed System State and Bare Metal Recovery are also new in DPM 2010. DPM 2010 seamlessly uses disk, tape, and cloud-based repositories to deliver an easy-to-use and best-of-breed backup and recovery solution for Windows environments from Microsoft. Windows customers of all sizes can rely on Microsoft to provide a scalable and manageable protection solution that is cost-effective, secure, and reliable. Benefits: Benefits of Data Protection Manager 2010 (DPM 2010) include: • Unmatched Exchange, SQL, & SharePoint Functionality • DPM 2010 offers integrated support for advanced Exchange and SQL cluster configurations, shorter SQL backup windows without the need for compression, as well as advanced SharePoint data protection options. Zero Data Loss Restores for Applications: DPM 2010 enables lossless recovery of Exchange, SQL, and SharePoint servers without the need for constant replication or synchronization by seamlessly integrating a point in time database restore with the existing application logs. Host Based Virtual Server Backups: DPM 2010 includes support for host based backup of Windows Virtual Server guests. Using a single host based DPM 2010 agent to provide application consistent backups of any and all guests residing on a host. DPM 2010 can protect any operating system or application via this mechanism as long as they are running on a Windows host server. Recover Files In Minutes Instead of Hours A typical file recovery from tape takes hours and can be costly. The typical medium datacenter may have 10 to 20 or more recoveries
per month. DPM 2010 enables the same recoveries in minutes, saving money for the business and time for IT administrators. Additionally, faster recovery keeps information workers productive because they spend less downtime waiting for their files to be recovered. Eliminate the Back-Up Window of Your Production Servers Massive growth in storage capabilities has increased the time needed to backup file servers. Businesses also face the requirement for 24/7 uptime and the difficulty finding a non-disruptive time to perform a backup. Because DPM 2010 moves only the byte-level changes of the file servers it backs up, it effectively eliminates the downtime required to back up your file servers. Customers never have to plan for such “backup windows” again. Enable Users to Perform Their Own Recoveries Recovery and backup processes generally involve multiple administrators, each having unique expertise, adding to the data management total cost of ownership. Corporations collectively spend billions of dollars annually on recovering lost data. DPM 2010 solves these problems by enabling selfservice user recovery, which lets you access and retrieve files directly within Microsoft Windows (versions XP through Windows 7) and Microsoft Office (versions 2007 through 2010)applications without administrator intervention, thereby lowering administrator costs and increasing productivity. Seamless media integration DPM 2010 features seamless integration between disk and tape media. This includes an intelligent user interface that abstracts the operator from the need to separately manage disk and tape media, an integrated restore experience for both disk and tape, and rich media management functionality. Storage Efficiency Patented filter technology reduces the volume of full backups by as much as 90 percent in typical organizations, saving disk space and reducing full backup time from hours to
minutes. VSS point in time snapshots further reduce the disk volume required, while Express full backup images increase number of available restore points which can be captured. Remove Tapes from Branch Offices & Centralize Backups at the Datacenter: Today, the primary way to protect remote servers is for branch office staff to back up data to expensive removable media, such as data tape cartridges, and then manually transport the media to an offsite storage facility. Tape restores within this configuration can be expensive and slow. DPM deploys agents on the remote file servers to send the data back to the central data center where it can be more securely backed up by one IT administrator. Advanced Functionality at Low Cost Because DPM 2010 is part of the Windows Server System, it contains tools that are already in your server software, such as Microsoft Management Console (MMC) and Windows Explorer. IT administrators are already familiar with these tools, which reduces training costs. Along with the comprehensive report functionality included with the product, DPM 2010 can also upload all of its reports and alerts to the Microsoft Operations Manager console. For Hyper-v Security: You should secure your virtualization server using the same measures you would take to safeguard any server running Windows Server 2008. Additionally, you should use a few extra measures to help secure the virtual machines, configuration files, and data. For more information about how to secure Windows Server 2008 workloads, see the Windows Server 2008 Security Guide. You should secure the virtual machines running on the virtualization server according to your procedures for securing that kind of server or workload. There is nothing special or different you need to do to secure the virtual machine just because it is a virtual machine. For example, if your policies and procedures require that you run antivirus
35
software, run it on the virtual machine. If you have a policy requirement to segment the physical server to a particular network, follow the policy for the virtual machine as well.
3. Use the security level of your virtual machines to determine the security level of your management operating system.
Following are the Best practice for the security of the Hyper-V:
4. Do not give virtual machine administrators permissions on the management operating system.
1. Use a Server Core installation of Windows Server 2008 for the management operating system.
5. Ensure that virtual machines are fully updated before they are deployed in a production environment.
2. Do not run any applications in the management operating system – run all applications on virtual machines.
36
6. Ensure integration services are installed on virtual machines. 7. Use a dedicated network adapter for the management operating system of the virtualization server. 8. Use BitLocker Drive Encryption to protect resources. 9. Disable virtualization BIOS settings when they are not required. Source: Ace Data
About Ace Data OUR STIMULATING PERFORMERS Neeraj was among the first IT professionals to recognize the importance of information and data protection. Says he: “Data loss is worse than losing machinery through fire. You can always replace the machinery, but it’s almost impossible to replace data collected over the years.” Anuj is the technical ace of the partnership. The two bring complementary skills to the table. Together, they have propelled Ace Data Devices to the pinnacle of their business. Says Anuj: “What sets us apart from others is that we’re specialists. We’re single minded in our focus, that is, end-to-end solutions in business critical data storage and backup technologies. Others dabble in this space; we own it.” So sit back and relax because now data troubles will take a backseat forever so that you can take a better life forward. As the ace drivers, Neeraj and Anuj bring their complementary skills to the table. Together, they have propelled Ace Data Devices to the pinnacle of their business.
GIVE YOU CALM We make your data work for you. Each practice spans solutions made up of hardware and software from multiple storage innovators, along with a comprehensive suite of professional and support services like: BACKUP AND RECOVERY
Ace Data offers a suite of solutions and professional services that address local and remote backup, as well as disaster recovery.
STORAGE CONSOLIDATION
At Ace Data the consolidation solutions are tailor-made keeping in mind the exact configuration and requirements.
ARCHIVAL MANAGEMENT
The Ace Data archival solutions enable you to manage the growth of structured and unstructured data through policy-based archiving and discovery capabilities.
CONTENT MANAGEMENT
Ace Data provides intricate content management solution and is capable of ‘trumping’ a challenge of any complexity.
IMPLEMENTATION AND INTEGRATION SERVICES
Ace Data is equipped with knowledge and experience that helps them study and analyze customer’s needs and prepare a good price-performance solution.
RELAX: YOUR DATA ADMINISTRATION IS IN SAFE HANDS With their information management solutions, ensuing work pressure is taken care of efficiently. No wonder then discerning customers prefer Ace Data for the management and safety of all their important data. Ace Data is capable of designing a tailormade solution of global standard, in the shortest possible time. Ace Data’s fully transparent and process driven approach and execution speeds up the entire process, leaving nothing to chance thus, ensuring you absolute peace of mind. At Ace Data, from drawing board to management and support, it’s a seamless series of action. Every assignment we undertake goes through a certain process - our quality experts examine the business environment, identify need / concern areas, plan and design options, supervise implementation and work out the management and support services thereafter. The SAP driven organization ensures transparency, effective reporting, time management and service deployment. You get services of engineers who are almost obsessed with data. They keep upgrading their skills and keep abreast with global advances at the Ace library and laboratory. The aim is to deliver solutions in the most efficient manner. Implementation follows detailed planning and documentation. Engineers arrive at each site armed with their bible: a step-by-step flowchart. Team Ace - certified engineers, analysts and technicians with extensive experience in handling complex technical challenges, place their collective skills at your disposal. The team comes up with a customized solution, cost-effective and future proof.
37
