HIERARCHICAL STORAGE MIGRATION (HSM)
HSM is another method of data management/data protection that has been available for customers to use and is a separate function from tradition backup, but it does augment backup. With a properly implemented HSM product that works with the backup solution, you can greatly reduce the amount of data that must be managed and protected by the backup application. This is accomplished by the HSM product managing the file system and by migrating off at least one copy of inactive data to secondary storage. This makes more disk space available to the file system and also reduces the amount of data that will be backed up by the backup application. It is very important if implementing an HSM solution to ensure that the backup product and the HSM product work together so that the backup product will not cause migrated files to be recalled.
A properly implemented HSM application in conjunction with a backup application will reduce the amount of time required to do full backups and also have a similar effect on the full restore of a system. If the backup application knows that the data has been migrated and therefore only backs up the placeholder, then on a full restore only the placeholders need to be restored. The active files, normally the ones you are most concerned with, will be fully restored and restored faster as the restore does not have to worry with the migrated inactive data. Retrieving migrated data objects from nearline or offline storage when an application does access them can be more time consuming than accessing directly from online storage. HSM is thus essentially a trade-off between the benefits of migrating inactive data objects from online storage and the potentially longer response time to retrieve the objects when they are accessed. HSM software packages implement elaborate user-definable policies to give storage administrators control over which data objects may be migrated and the conditions under which they are moved.
There are several benefits of using an HSM solution. As previously stated, every system has some amount of inactive data. If you can determine what the realistic online requirements are for this data, then you can develop an HSM strategy to migrate the appropriate data to nearline or offline storage. This results in the following benefits:
- reduced requirements for online storage;
- reduced file system management;
- reduced costs of backup media;
- reduced management costs.
HSM solutions have not been widely accepted or implemented. This is mostly due to the complexity of the solutions. Most of these applications actually integrate with the operating system and actively manage the file systems. This increases the complexity of implementing the solution. It also tends to make people more nervous about implementing an HSM product. This is probably one of the least understood product of the traditional data protection and management products.
DISASTER RECOVERY
Another key ingredient of the traditional data protection scheme is DR. In the past, this was mostly dependent on a collection of backup tapes that were stored either at a remote location or with a vaulting vendor. In many instances, there was no formal planning or testing of the DR plan and procedures. As you might expect, many of these plans did not work as desired. Recently, more emphasis has been given to DR and more people are not only making formal plans but also conducting regular DR tests to ensure that they can accomplish the required service levels. We have always said that until your DR plan is tested and demonstrated to do what is needed, you do not have a plan at all.
As stated earlier in this chapter, do not succumb to the temptation to concentrate too much on the raw data and forget about the overall production environment that uses the data. If the critical data exists within a database environment, the data itself will not do you much good without the database also being recovered. The database is of only marginal value if all the input comes from another front-end application. As you put together a DR plan, you should always try to remember the big picture. Too often people concentrate on just recovering specific pieces without considering all the interdependences. By developing the BIA mentioned earlier you can avoid a lot of the potential pitfalls. One of the interesting results of gathering the proper data necessary to do the BIA can be a change in the overall way you architect backup and recovery for your enterprise. An example of this is a customer who discovered they were retaining too much data for too long a period of time due to lack of a business analysis of the data looking at both it’s immediate value, the effects time had on the value of the data, and the potential liability of keeping too much data around too long. After doing the BIA the customer reworked their retention policy and actually experienced a sizeable cost savings by putting cartridges back into circulation.
The BIA is basically a methodology that helps to identify the impact of losing access to a particular system or application to your organization. This actually is a process that is primarily information-gathering. In the end, you will take away several key components for each of the business units you have worked with, some of which we have listed here:
- Determine the criticality a particular system or application has to the organization.
- Learn how quickly the system or application must be recovered in order to minimize the company’s risk of exposure.
- Determine how current the data must be at the time of recovery.
This information is essential to your DR and backup plans, as it describes the business requirements for backup and recovery. If you base your architecture on this information and use it as the basis for your DR plan, your probability of success is much greater. Another by-product of the BIA and the DR plan is developing a much better working relationship between the business units, application owners and the IT staff.
With the growing emphasis on DR and high availability, we begin seeing the mingling of data protection and data management techniques. Users started clustering local applications and replicating data both locally and remotely. We will discuss these in detail in a later chapter. RTO and RPO requirements are two key elements to consider when making the decision on which technique to use for DR.
As history has shown us, there are many different kinds of disasters, and a proper DR plan should address them. The requirements can be very different for the different scenarios. There is an excellent book that can be very helpful in preparing a good DR plan. It is The Resilient Enterprise: Recovering Enterprise Information Services from Disasters from VERITAS Software publishing.
ENCRYPTION
There is a rapidly growing requirement that all data that is moved offsite be encrypted. The data protection application vendors are hurriedly working on updating the existing encryption solutions to allow for more selective use. The entire subject of encryption is detailed in Chapter 6, but we can highlight some of the requirements and options that are currently available:
- Client-side encryption.
- Media server encryption.
- Encryption appliance.
Client side encryption With client-side encryption, all of the data that is moved from the client is encrypted before being sent off the client. This involves using the client central processing unit (CPU) to actually perform the encryption. This can have a performance impact on the client, depending on how much of the CPU is available and therefore can have an impact on the backup performance.
Media server encryption This method of encryption allows you to encrypt only backups that are being sent off-site or just those being created by the vault process. This still uses a CPU to perform the encryption, but now it is the media server CPU that is being used. The basic work of the media server is that of a data mover and generally there is not as high a demand on its CPU. You also have more control on when this is being done so you can pick a more idle time. The downside here is that the data is moving across the network from the client without being encrypted.
Encryption appliance This method involves purchasing a specialized hardware appliance that is installed in the data stream. This appliance can encrypt data as it passes through. It removes the CPU load of the other two methods, but does require the purchase of the special hardware with its own software/firmware.
As we will see in Chapter 6, the process of encrypting the data is only a piece of the puzzle. Generally when you elect to encrypt data there are keys involved that must be managed. Without the proper keys the data becomes very secure. No one can read it, not even the owner. The key management is different for each of the options.
MANAGEMENT AND REPORTING
In the traditional backup and recovery data protection scheme, there is generally a silo approach to management with each group doing its own management and reporting. This duty usually falls on the administrators, not the people who actually need the information. This just becomes another task for administrators who have plenty of other responsibilities. In many cases, they do not actually know the SLAs that they are reporting on.
Reports are typically generated by scraping the application logs and presenting either the raw data or some basic compilation of the data being collected. The resulting reports often do not have enough details or the correct details to facilitate the type of management that is truly required to ensure that all the SLAs are being met. The fact that we often have the wrong people trying to manage the data protection scheme with inadequate reporting has made overall data protection too often not properly implemented and managed.
This is further compounded by the fact that reports concerning storage are generally done by the storage administrators, reports concerning systems by the system administrators and reports about the network by the network administrators. It is very difficult for any one person or group to know exactly how well the enterprise is being managed and protected with this widely diverse method of management and reporting.
Service Level Management Increasingly, storage services, including backup and recovery, are offered to business unit ‘customers’ based on established service levels. The business units are then charged back based on their consumption of the resource, bringing a measure of accountability into IT resource consumption. Service levels can generally be established into a small number of narrowly defined offerings, based upon the metrics by which a business unit has recoverability. The metrics are not communicated in IT terms, such as server platform, tape or disk technology, SAN/NAS and so on, but rather in simple terms that quantify the expectations for data recovery. For example, one could establish a simple four-tier hierarchy, which offers platinum, gold, silver and bronze services.
By establishing clear SLAs and monitoring delivery against these commitments, the operation can be properly funded by more responsible business unit owners. Also, the underlying technology infrastructure can be better managed and upgraded as needed to allow the storage group to deliver on its commitments to the business units.
SUMMARY
As we have seen, historically data protection has been accomplished by traditional backup and recovery with some mingling of HMS solutions. This was coupled with DR schemes that were also mostly based on the same backup and recovery techniques and included a vaulting process. The silo approach to reporting did little to assist in moving beyond this methodology. We are starting to see service levels also becoming a part of the management process.
In the following chapters, we will see the move that has already started to augment these traditional data protection techniques with the more traditional data management tools. In later chapters, we will follow some of the more advanced integration of these tools and techniques and then look beyond these to the totally new approaches being developed to meet the data protection needs of today and tomorrow.
Click Here to Purchase this Book