There's a big difference between backup and business continuity. Any-point-in-time technologies can extend data protection so that application use is protected as well.
By Jeff Boles
Today's businesses carry a thread that stretches back to the beginning of the historical record -- every business still revolves around some valuable resource. For modern businesses, that valuable resource is digital information. But when it comes to protecting that information, the digital era has brought with it exposure to more threats from more directions than ever before. These threats can come from employees, bad software, faulty hardware and numerous other sources. A business risks not only a potential loss of information, but also the loss of "use" of the associated information system, which is an irrecoverable loss of time.
Most veteran data storage managers have painful tales of the consequences of loss of use. It may start with something as simple as a transactional messaging system that loses messages into the ether during an outage. And dropped messages can mean loss of revenue, loss of customers, lost deals or bids, or legal exposure from a failure to meet compliance requirements.
Protecting use, not just data
So it's a full blown head-scratcher that we have such little ability to protect our use of information without turning to complex solutions that involve many layers of infrastructure and application integration. It's equally perplexing that protecting use is addressed by an entirely separate market from the solutions that protect data. Data protection represents one of the biggest slices of the data storage market, yet it's often isolated from products designed to protect use -- solutions that more often than not involve multiple technologies such as primary storage with snapshots, replication technology, application synchronization tools, failover and failback solutions, and others.
The consequences of the separation are fairly steep. Many organizations end up with a false sense of protection; those that see the shortcomings of a pure data protection strategy often have no better alternative than to pursue massive, complex distributed disaster recovery (DR) projects. The cost implications associated with this disconnect with business requirements are astounding. DR infrastructures aren't only expensive to implement, they're equally expensive to maintain. The alternatives may involve many complex IT components that are difficult to maintain, including host agent replication solutions, redundant storage arrays, redundant servers, replication licenses, WAN optimization devices and so forth. So organizations buy into more complexity than they would prefer because failing to have good use protection might put them out of business.
For most businesses, backup is a daily operation that's about capturing a copy of important data at a daily point in time (PIT). Whether using full backups, or some combination of fulls, incrementals and differentials, backup has always captured a frozen PIT and then sat idle until the next backup window. This periodic cramming of data through a backup infrastructure has created an enormous industry that's constantly innovating with new technologies like data deduplication and virtual tape libraries (VTLs).
So what should you do? By leveraging various combinations of often overlooked backup technologies, companies can better align their data protection with application requirements. Behind this service-oriented alignment of data protection is the concept of business-vital applications and the premise that these applications should be more deeply protected with a higher priority, speed and frequency.
Any-point-in-time (APIT) technologies are at the core of this approach. APIT apps can granularly capture data as it changes in real-time, effectively allowing retrieval of data from any historic point in time. APIT technology coupled with application intelligence can be used to reconstruct immediately usable data, which allows nearly immediate recovery in the event of a system or data loss.
First-generation APIT technology didn't go beyond pure data protection, but that's changing. Nearly every data protection vendor has snapped up or built its own APIT technology, with some now moving beyond data protection to APIT use protection. Granted, there isn't a seamless failover as with active-active clustering approaches, but for many systems this invisible-to-the-user, nearly instantaneous recovery more than meets requirements.
The capabilities needed for a better approach to data protection -- one that encompasses protecting use -- include:
1. Built on any-point-in-time fundamentals. Not just the latest point in time, but the ability to roll back to any point in time, on top of an optimized data store that only captures the data that has changed
2. Built for instantaneous access. Instantaneous access to a protection repository without copy or restore operations is a fundamental prerequisite for use protection
3. Data protection integrated. Use protection must be integrated with backup tools and processes, ideally looking like little more than yet another tier of backup, within a single management toolset
4. Protected data that can be moved. A use protection system should also be data movement enabled, allowing businesses to replicate data beyond the confines of one location
Rethink data protection processes
There are many ways use protection can alter data protection practices for the better. A look at a few opportunities will shed a little light on the possibilities.
Do away with recovery point objective (RPO) and recovery time objective (RTO). Use protection can turn backup into a continuous operation that does away with the limitations of backup windows, while making protected data and applications immediately usable. Moreover, data behind well-integrated solutions can be easily moved from a capture repository into traditional disk- or tape-based backup systems. The benefits of this approach, especially for virtual server environments, shouldn't be overlooked.
Next-generation bare metal. Bare-metal recovery technologies have long been a must-have technology. But APIT technologies combined with server virtualization can make complex image builds, specialized agents and driver management a thing of the past. Instant recovery from an APIT repository, replicated anywhere and combined with the abstracted, vanilla configuration of virtual servers means a server can be recovered to any hardware anywhere with the click of a button.
Applications everywhere. Data on disk is easy to move, but data is particularly easy to move when it's free from needless redundancies and captured as a relatively low bandwidth stream. Use-protection systems can capture data across distances, or in multiple locations, and enable a wide range of consolidation and heightened availability approaches. Multiple small offices could be protected by a single system in a branch office, with the branch office protected by the data center. Small office systems could failover to a spare server at the branch office, and branch-office systems could switch to data center systems as needed.
Vendors are responding
There are many data protection vendors today -- such as BakBone Software Inc., CA, CommVault Systems Inc., EMC Corp., Hewlett-Packard Co., IBM, Symantec Corp. and others -- with an assortment of protection technologies, including APIT technologies.
Organizations should make "use protection" and dynamic recovery capabilities priorities. We focus our data protection efforts on mission-critical data, and a solution that protects use is the only suitable approach to complement those efforts. Companies will be able to keep key apps operating under the worst conditions without the overhead of protection excess.
BIO: Jeff Boles is a senior analyst at Taneja Group. He can be reached at firstname.lastname@example.org.