New backup strategies

In the final installment of his series on disk-based data protection, W. Curtis Preston describes how options such as snapshots, replication, continuous data protection and data reduction backup can improve the backup process.

This Content Component encountered an error
This article can also be found in the Premium Editorial Download: Storage magazine: Exploring new options for disk-based backup:

Veritas' NetBackup 6.0 works better with disk
Veritas Software Corp.'s NetBackup 6.0 addresses a number of manageability limitations with its disk storage units (DSUs), Veritas' term for disk-as-disk backup targets. NetBackup 6.0 users will now be able to configure the size of each DSU, point backups to a group of DSUs, and have those backups failover to other DSUs based on a choice of usage algorithms. Disk-staging storage units (DSSUs) will be able to perform multiple, simultaneous de-staging processes.

It gets a lot more interesting, however, when a Network Appliance Inc. NearStore device is used as a NetBackup DSU. With a NetBackup 6.0 master/media server, NearStore will perform data reduction techniques on the incoming NetBackup data stream, significantly reducing the amount of actual disk it will take to store full and incremental backups, thus reducing the effective per-gigabyte cost of the total solution. The next version of NetBackup will present backups as NFS- and CIFS-mountable snapshots, allowing a user to browse through their backed up files without using the NetBackup GUI or bothering NetBackup administrators. While this is a great feature, storage administrators should consider its security implications before a company-wide implementation.

If you have a centralized data center with a four-hour recovery time objective (RTO), a 24-hour recovery point objective (RPO), a 24-hour synchronicity requirement and an eight-hour backup window, you can stop reading now. But if your backup requirements include remote, unattended data centers, a five-minute RTO, a 15-minute RPO or a non-existent backup window, keep reading.

This article is the final installment of a three-part series on disk-based data protection. The first two parts covered how to use disk to enhance traditional backup systems. The focus now turns to disk-based data protection options that could replace one or more parts of a backup system. The options include snapshots, replication, continuous data protection (CDP) and data reduction backup (DRB). These technologies will reduce backup and restore times, and help meet requirements such as RTO, RPO, backup window and synchronicity.

RTO--how long it takes to recover a system--can range from zero seconds to several days or even weeks. Each piece of information serves a business function, so the question is how long the business can live without that function. If the business can't live without it for one second, then the RTO is zero.

RPO is determined by how much data a business can afford to lose. If the business can lose three days' worth of a set of data, then the RPO is three days. If the data is real-time transactions essential to the business, the RPO is zero for that application.

There can also be an RPO for a group of machines. If several systems are related to each other, they may need to be recovered to the same point in time. This is the synchronicity requirement; to meet it, all related systems have to be backed up at exactly the same time.

Pros and cons of alternative backup methods

Setting RPO, RTO requirements
All RPO, RTO and synchronicity requirements must be business-centric. Before deciding what these requirements are, you should first analyze and prioritize the business functions, and assign each computer system the recovery priority of the business function it serves. Next, decide on an RTO and RPO for each system and type of disaster--from the loss of a disk to the loss of a metropolitan area. Some systems will have the same requirements for all types of disasters; others may have tougher requirements for specific types of disasters.

Once you've determined an RTO and RPO for each system and disaster type, the final step is to determine how long it will take to back up the system and how much the backup will impact the production system.

Everything should start with RTO and RPO, although very few people do it that way. Most people go right to the backup window. Instead, you should concentrate on meeting your RTO and RPO requirements and the backup window will almost always fall right in line. The reverse isn't necessarily true, however. There are many things that will shrink your backup window but not help your recovery objectives. If your requirements are impossible to meet with a traditional backup system, the following technologies are worth considering.

Snapshots. The most common type of snapshot is a virtual copy of an original volume or file system. The reliance on the original volume is why snapshots must be backed up to provide recovery from physical failures (see Match snaps to apps). Snapshot functionality resides in a number of places, including advanced file systems, volume managers, enterprise arrays, NAS filers and backup software.

Snapshots can help you to meet aggressive backup requirements. For example, some snapshots can meet an RTO of a few seconds by simply changing a pointer. An aggressive RPO can be achieved by creating several snapshots per day and, because snapshots can be created in seconds, you can also meet stringent backup window requirements. For instance, it's possible to create a stable, virtual backup of a multiterabyte database in seconds--reducing the impact on the application to potentially nothing--which leaves hours to perform a backup of that snapshot. The next section discusses how replication is a great way to do that. Finally, creating synchronized snapshots on multiple systems is also fairly easy.

Adaptec switches from tape to disk
Kelly Overgaard, systems manager at Adaptec Inc., was fed up with tape. "Our old system was at capacity, and something was always breaking," he says. "When we looked at disk-based solutions, our goal was to completely get rid of tape--especially for remote sites."

Adaptec chose an Avamar Technologies Inc. Axion system that uses "commonality factoring" to identify duplicate blocks of data throughout its enterprise and to transmit only the new, unique blocks of data each time it backs up. This allows Adaptec to back up and recover smaller remote offices directly to its central data center. Larger offices, or those with shorter recovery time objectives, can be backed up to a local target device at the remote site, which then replicates to a second device in its central data center. This flexibility to use (or not use) a local recovery device let Adaptec deploy this solution to several sites.

Overgaard says that because the commonality factoring is performed on the client, it requires slightly more CPU than traditional backup, but "no one has mentioned any ill effects." He considers himself a happy customer, but says he's unsure if the system will be able to back up Adaptec's large databases.

In addition, Overgaard doesn't believe he can afford to store his firm's backups with long-term retention on the Axion system, so he also performs a monthly full tape backup of Axion clients using Adaptec's previous tape system, and then sends that offsite for several years. Avamar says he'll soon be able to make such tape backups by simply exporting the appropriate data directly from the Axion system.

There's a growing list of APIs that allow different vendors' products to interface with snapshots; the network data management protocol (NDMP) and Microsoft Corp.'s Volume Shadow Copy Service (VSS) are examples. NDMP lets backup products create a snapshot, and catalog and restore from its contents. VSS allows storage vendors with snapshot capability to have the files in those snapshots listed in and restored from the Previous Versions tab in Windows Server 2003. Hopefully, this capability will be added to workstation versions of Windows and more NAS vendors will support VSS.

Another interesting development is the creation of database agents that work with snapshots. The database agent communicates with the database so that the database believes it's being backed up, when all that's really happening is the creation of a snapshot. Recoveries can be incredibly fast when the process is controlled by the database application.

Replication. Replication is the practice of continually copying from a source system to a target system all files or blocks that have changed on the source system. Replication used to be what companies implemented after everything was completely backed up and redundant, which meant that few used replication. However, many people are now using replication as their first line of defense for providing backup and disaster recovery.

Replication by itself is not a good backup strategy; it copies everything, including viruses and file deletions. Therefore, a replication-based backup system must be able to provide a history by either occasionally backing up the replicated destination or through the use of snapshots. It's usually preferable to make a snapshot on the source and replicate that snapshot to the destination. That way, you can prepare database applications for backup, take a snapshot and then have that snapshot replicated.

When used with snapshots, replication allows for tiny backup windows. The snapshot takes just seconds to create, and replication is the quickest way to back up that snapshot to another device. You can also cascade replication to provide multiple copies, such as an onsite and offsite copy. If you want to provide a tape copy of the replicated snapshot, just back up one of the destination devices. But replication software doesn't usually provide recovery features. The RTO, RPO and synchronicity requirements that you'll be able to meet will be based on how you're performing snapshots or backups, and how quickly they'll be able to recover.

A tale of two divisions
First American Trust Federal Savings Bank, Santa Ana, CA, handles up to $2 billion worth of wire transfers each day. The bank was recently asked by the Securities and Exchange Commission (SEC) to restore one year's worth of Microsoft Exchange e-mail data--a significant request.

One division used Network Appliance (NetApp) Inc.'s unified storage solution, SnapManager for Exchange, and Single Mailbox Recovery software, while another division used traditional backup and tape. The results from the two divisions couldn't have been more different. "The SEC request made the need for using nearline storage to easily recover and access e-mail undisputable," says Henry Jenkins, chief technology officer at First American (above). "Our disk-based solution rose to the occasion, but damaged tapes and botched backups made restoring from tape excruciating for our sister division."

It took the bank only a few days to restore roughly 360GB of e-mail using the combination of hardware and software from NetApp. In contrast, it took several months for one IT bank staffer to restore a lesser quantity of e-mail from tape.

First American also uses offsite replication of critical SQL Server databases, Exchange e-mail and flat-file data that's used to perform routine wire services. All of this critical data creates only 200MB of changed data blocks per day, which are then asynchronously replicated to a remote system located at a disaster recovery (DR) site approximately 100 miles away. The DR system has an RPO of four hours in the event of a site failure.

"SnapMirror software saves us time by not having to replay logs, and data at the remote site is, on average, less than 15 minutes behind," says Jenkins. "Every year for the past three years, we've done a disaster recovery test and every year it's just a matter of bringing up the warm servers," he adds.

DRB systems. DRB systems were designed to answer the following questions: If only a few bytes in a file change, why back up the entire file? If the same file resides in two places on the same system, why back it up twice? Why not store a reference to the second file? And why waste server and network resources by backing up the same file across multiple systems?

By backing up a file once, and then backing up only the changed bytes, backup windows are substantially reduced. Tape copies of disk-based backups can usually be created at any time, depending on your requirements. Some DRB products can meet aggressive RTO requirements by restoring only the blocks that have changed since the file was last backed up. The RPO and synchronicity abilities of DRB products are based on how often you back up, but it's common to back up hourly.

The biggest advantage to DRB products is that, from the user adoption perspective, they're the closest to what users know. Their interfaces are similar and they often have database agents like traditional backup software. They're also able to back up faster and more often, and use much less bandwidth. CDP. A CDP system is basically an asynchronous, replication-based backup system. The software runs continuously on the client to be backed up, and each time a file changes, the new bytes are sent to the backup server within seconds or minutes. But unlike replication, a CDP system can roll back to any changes at any time.

CDP products transfer data to the backup server in different ways. Some transfer changed blocks immediately, while others collect changed blocks and send them every few minutes. They also differ in how they do recoveries. Some products are able to restore only the blocks that have changed from a particular point in time, while other programs operate in a more traditional manner by recovering the entire file or file system. Obviously, the first method accommodates more aggressive RTOs and RPOs than the second method. Also, CDP products can meet any type of synchronicity requirement because they can recover one, 10 or 100 systems to any synchronized point in time.

Another difference in CDP products is that some are database-centric and work only with a particular database, such as Microsoft Exchange or SQL Server. Remember that, unlike traditional backup products, file-based CDP products aren't going to provide interfaces for your database applications. These CDP products copy blocks to the backup destination in the same order they're changed on the client. Restarting your database causes it to go into the same mode that it would go into if the server were to crash. It examines the data files, figures out what's inconsistent, rolls backward or forward any necessary transactions or blocks, and then the database is up. If the CDP product puts the blocks back in the exact order in which they were changed, then the database should be able to recover from any point in time. Some products can even present a logical unit number or volume to your database that it can mount and test before you do the recovery.

Of course, your database vendor may have a different opinion about CDP: If you're not using their supported backup method, they may not be helpful if something goes wrong. Discuss the support issue with your database vendor, and include your DBA in the discussion.

Replicating data every 15 minutes
Alexander Dubose Jones and Townsend LLP, a small appellate law firm with offices in Houston and Austin, Texas, moved from tape to LiveVault Corp.'s InSync (LiveVault service), a continuous data protection product. Vicki McArthur, the firm's administrator (above), says they had previously relied on daily tape backup as well as on a seven-day offsite tape rotation. The firm experienced all of the challenges traditionally found in tape environments, but recoveries concerned McArthur the most. Nightly backups don't work well with the nature of the legal industry, where files often require last-minute changes. Under a traditional backup system, files created in the morning wouldn't get backed up until that night, and wouldn't be sent offsite until at least the next day. "We faced the possibility of losing an entire day's worth of work or worse," says McArthur.

LiveVault makes a backup of files as soon as they're saved, and then replicates them to a remote site within a few minutes, where all previous versions of any file are accessible at any time. Because only changed bytes are sent, very little bandwidth is required. And since data is replicated every 15 minutes, McArthur believes that "the amount of data loss due to user error is reduced to minutes, possibly less."

Aggressive requirements
You should only consider switching backup products if your current backup product can't meet your requirements (see Pros and cons of alternative backup methods). There are a number of requirements that might prompt you to consider alternatives, such as:

  • Remote office data protection
  • Backing up large databases
  • An application with an RPO of zero

The most common area where backup requirements are difficult to meet is the remote office. Traditional backup schemes can't meet remote office RTO/RPO requirements. There's either too much data or not enough bandwidth to support a reasonable RTO or backup window. Any CDP product can provide backup and recovery of a remote office; most offer two methods. If long RTOs are acceptable, remote sites can back up directly to your central office. In the case of a disaster, just copy the data from the central data center to a disk or tape and send it to the remote site. If this meets RTO requirements, it's the least-expensive option. For tighter RTO requirements, install a backup device at the remote office. The remote office systems can back up to it, and it can then replicate the data to the central site. This provides local recovery and disaster recovery without touching a tape.

CDP products are also superior to traditional backup methods when backing up very large databases. There isn't enough time or horsepower available to transfer several terabytes of data to tape every day. A CDP product could continually back up a database throughout the day, with no noticeable backup window or application impact. Depending on the product, a stringent RTO and short RPO could also be met. Also, some products provide a disk-based copy that can be used in a disaster situation while the real volume is being recovered.

Finally, some database applications require a zero RPO. Most databases can meet such a requirement if they're configured correctly, and if the transaction log is backed up throughout the day. If your database supports that kind of functionality, it's probably best to stick with it. If not, try one of these newer methods.

This was first published in June 2005

Dig deeper on Storage Resources

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

SearchSolidStateStorage

SearchVirtualStorage

SearchCloudStorage

SearchDisasterRecovery

SearchDataBackup

Close