When i started working in the IT industry 17 years ago, storage lived in the bowels of IT and was considered a system peripheral. When contemplating storage, storage managers based their purchases on three generic characteristics: price, performance and reliability. It didn't matter what system, application or business process the storage box supported. Users tended to defer to popular system providers, procure basic storage functionality and operate all storage with the same familiar recipe.
Times have changed. In keeping with the objective of bringing IT closer to the business, the storage industry has responded with a number of new products designed with application-specific functionality. For example, Ixos Software, San Mateo, CA, and KVS Inc., Arlington, TX, offer e-mail archiving tools to help companies deliver storage QoS and comply with data retention regulations.
FilesX, in Southborough, MA, provides an appliance for Microsoft Exchange that permits granular application recovery. Content-addressable storage systems from Permabit, Cambridge, MA, and Reference Information Systems/Archivas, in Waltham, MA, accommodate Web applications that store, secure and access billions of unstructured objects. If you still don't believe that storage is moving closer to applications, consider this: In 2003, EMC purchased Documentum and VMware; Veritas added Jareva and Precise. These acquisitions are proof positive that storage vendors are bent on climbing the technology stack.
IT and business meet in the middle
Application-specific storage systems didn't arise by accident. After years of watching customers try to make square storage pegs fit into round holes, industry vendors and startups alike began designing storage solutions to fit into application environments.
While these new storage solutions offer improved ROI, they also present an interesting challenge. It seems that IT has spent the last 10 years on standardizing storage equipment and tasks--not implementing specific application solutions. This includes tasks such as getting rid of the oddball devices, winnowing down the number of vendors and choosing standard devices with standard configurations.
Standardization has become IT gospel--the only way to improve operations, increase reliability and maximize discounts. Once again, IT managers find themselves with a paradox. How can storage managers add application-specific storage systems to improve productivity and ensure compliance in certain application domains, while continuing to reap the benefits of standardization across IT? The answer to this question is driven by a full assessment of business requirements on one hand, and IT operations on the other.
First off, let's consider the business side. To better understand application and strategic needs, storage managers should start by enlisting the help of business managers. Ask them to communicate their short-term needs and long-term strategies. Remember to keep the discussion at a business level. In other words, don't let business managers tell you that they need the ability to restore data within minutes. Instead, ask for a definition of the business rationale. Is this requirement driven by fears of lost revenue? Might customer service suffer if the systems are down? Are there specific jobs that just can't get done if it takes a full day to get back online? The more specific the requirements, the easier it will be to build a business case for budgets and planning. This will also help IT managers define and prioritize application environments of particular concern.
Before moving on to the IT side of the house, storage managers should also make sure to visit the chief compliance officer. Executives are already well aware of legislations such as California SB1386, Gramm-Leach-Bliley, HIPAA and Sarbanes-Oxley, but what else is coming? For example, California senator Dianne Feinstein is proposing several federal bills that will enhance consumer privacy regulations and give federal laws precedent over the states. Storage managers don't need to be experts in congressional activity, but when it comes to planning for new requirements, they ought to be aware of potential issues coming down the pike.
Once a business assessment is completed, take the time to review what you've learned. You should have a clear understanding of how business needs will drive your data and storage management procedures. You should also have a priority list of IT requirements to support these business objectives. Finally, you should understand the implications of existing and pending regulations on business and IT operations. Schedule a meeting with all of the business managers and compliance officers you've met with to communicate your strategy and ensure that everyone is on the same page.
The process puzzle
After flushing out business and regulatory requirements, it's time for storage managers to look in the mirror and examine operating processes and procedures. This seems straightforward, but it may take a bit of detective work to figure out how IT and business processes map together. Functional storage operations tasks are often done piecemeal, without regard for the business process they support. IT sleuths will need to put the puzzle together to gain a comprehensive view. Storage executives should give this assignment to project managers who know their way around the IT organization. Give them ample time because it may take a while to look under every rock.
By now, storage executives have all of the research they need to move forward. Make a list of all the business processes from the highest to lowest priority. Map these to the supporting storage processes. Make sure to note whether the storage processes are both manual and time-consuming or streamlined and efficient. The high-priority business processes supported by manual and time-consuming operations are prime candidates for application-specific storage. Based on this, put together an ROI study to see where and how the company can increase efficiencies by implementing some of these new storage tools. Put together a brief report on the entire study and then team up with business managers to discuss these findings with the CFO.
Let's assume you've done a bang-up job and the financial managers agree to fund your application-specific storage efforts. What's next? Don't abandon your standardization philosophy just yet. Schedule a meeting with your preferred storage vendor to share your requirements. Be careful here. This shouldn't be viewed as an opportunity to play a few rounds of golf and turn over a purchase order. You must tell your vendors that your two objectives are to select application-specific storage technologies to support the business and to stick as close to IT standards as possible. Your storage vendor should in turn provide an overview of its product portfolio and strategic road map. Remember, you aren't just looking for products; you are looking for a comprehensive offering that features common management and administration tools and can be supported by your existing personnel.
Give your current vendors first crack at your business, but don't simply default to them. Keep in mind that application-specific storage products are a new breed and it's just as likely that a startup has the right solution. (See "Reconsidering startups," in the February 2004 issue of Storage.) Invite several vendors to bid on your business, check references and speak to the smartest people you can find on each product. Try to map new solutions as closely to storage standards as possible.
One last note to consider: Don't forget to think through the security ramifications of application-specific storage before proceeding. A device that can provide instant restores is great, but what if bad guys can easily attack this device and delete or modify data? Certainly, companies would rather sweat through an eight-hour system reload than instantly restore corrupted data.
Application-specific storage already offers substantial ROI for many enterprises; but then again, so do IT standards. The key is to embrace solutions that produce business value without much disruption. A patient and prudent approach is the best method. Make sure that you work with the business and IT folks to understand the operations requirements before you address the highest-priority issues. This is a sure-fire way to produce results while keeping business and IT executives smiling.