The Need for New Thinking about Backup/Recovery
Don't develop your backup plan based on what your DR software can do. Band-Aid fixes won't help -- we need to think about what and how you back up in a whole new way.
by Kelly Lipp
When was the last time you actually felt good about your backup solution? Do you even have a backup "solution" or do you have a hodgepodge of technologies masquerading as a solution? Do you find yourself wondering if it is possible to actually solve the backup, archive, and disaster recovery problem once and for all?
As the amount of data in your data center increases and the length of time you are required to keep it (in order to remain in compliance) becomes longer, your task gets even harder. Add to that the proliferation of mission-critical data beyond the data center in remote offices and the general diversification of what backup means and you may have the perfect storm. Simply put, your existing "solution" could be in trouble. If backup costs are a problem now, just imagine what they will look like in another year or two.
Most of us are used to the annual "How do I fix the backup system this year?" conundrum. Usually, we do what we did last year. Read the trade magazines in search of the latest in technological advances, attempt to determine if one or more of them might help, and get ready to apply another Band-Aid. By now, though, your backup solution may require a more thorough tune-up if not an out-and-out replacement.
Remember, if you always do what you have always done, you will always get the same result. If your desire is to gain control of your backup solution, it is probably time for a new game plan. Since most backup solutions today are based on technology that is at least 40 years old, your foundation may be faulty. Trying to build on that foundation is prone to problems. Sure, by adding a Band-Aid you may see some temporary relief, but you will end up facing your same old problems.
The reason these quick fixes do not work for any length of time is because they simply mask the underlying problem. That problem is the traditional full/incremental backup approach that most backup software vendors employ. Many vendors try to mask this problem themselves using synthetic full backups or some other similar technology. Ancillary vendors providing data deduplication or virtual tape technology work on the back end trying to address this same problem. Neither of these software or hardware fixes address the real problem. To have a significant and long-lasting impact, we must change this.
Another problem with most approaches to backup today is the "solution before problem" method. Since we are used to full/incremental backups, all of our problems are viewed in this light. I will call this the "hammer and nail" problem; if all you have is a hammer, everything starts looking like a nail.
Again, we need to change this. We need to move to a more application-centric approach to data protection. Our approach should be about getting an application up and running after a failure. The inability to use data is the problem. Start there and work backward to the backup product rather than working from the backup product forward.
A stepwise approach is helpful.
Step 1: Start to think about data protection differently
Think about it in terms of business applications rather than in traditional backup terms. This is probably the hardest thing to do. We are used to considering all backup problems in the context of what we think our backup "solution" can do. That is not the way to look at backup problems.
There are two basic considerations in a backup/data recovery plan: recovery time objectives and recovery point objectives (RTO and RPO). How quickly and from how far in the past do you need to be able to restore a particular application. In addition, there are two scenarios to consider: data loss within the data center and a data center loss. The second is traditionally called disaster recovery (DR) though both scenarios can be disastrous. Losing one application is straightforward: You need to recover it right now. Losing all of your applications requires an additional prioritization step: Which application is most important, second most important, and so on? The focus should be on how to recover an application in the non-DR scenario. If we can do that, we can probably figure out how to do it in the DR scenario. These two functions are completely different and should be treated as such.
Step 2: Classify your applications and data
All are not created equally, although our current technology acts as though it is. That technology cannot easily do it otherwise.
Some data requires rapid restoration, and active data storage protection (such as snapshots) should be used. Even if you are using snapshot technology at the storage level, you almost certainly require a DR copy on your backup system. Other types of data may have longer RTOs and can use less expensive backup technology as their first line of defense. Knowing which is which is essential. By recognizing that a mix of more expensive storage and less expensive backup solutions is possible, your overall costs can actually be reduced.
Once you have classified your data, you can create an RTO and an RPO for each class. You will not have many different types of data -- perhaps half a dozen or slightly more. Each class of data has a distinct RTO/RPO pair for a normal recovery and one for a disaster recovery.
This step is the key. By classifying your data, you can begin to assign value to it. Instead of applying the highest value to all of the data to meet the needs of the most valuable data, you can segment and save backup costs on some, if not most, of your data. When you boil it down, the amount of data requiring the highest cost of protection is usually relatively small.
Step 3: Assign the correct protection strategy to each class of data
For those classes with short RTO and high value, active storage protection may be warranted. In some cases, you can forego that option in favor of high-performance, disk-based backup solutions, which may be less expensive. Finally, for those classes with relatively long RTOs, tape-based backup solutions are probably adequate.
The key is that a mix of data protection options will provide much more flexibility at different cost points. By assigning the correct value to your data, you can begin to evaluate the options for protecting it.
Step 4: Evaluate solutions that provide a mix of strategies to address your RTO/RPO combinations
These solutions should be very flexible and allow you to easily move applications from one class of protection to another as your needs change. In addition, it should be very easy to add more capacity to each class and to integrate new technology that might emerge that offers better cost and performance metrics.
A well-designed backup solution will have a mix of storage technologies and capabilities, such as high-performance disk for data ingestion, high-capacity disk for longer-term storage with easy restore, and tape for objects with long-term retention requirements and moderate RTOs.
In addition, backup and DR should be separate functions. Most products use one set of tapes or data to provide both functions while doing neither well. You do not perform DR often. Having your backup tapes offsite is a huge impediment to rapid restores.
Break your old habits and stop thinking about backup in terms of the products and start thinking about backup in terms of your applications and business objectives. There are solutions available that work this way. Being "stuck" because of backup software does not make sense.
Stop the backup Band-Aid approach to solving the problem. This has not taken you anywhere in the past and will not get you anywhere in the future. It is time to stop the madness.
Gaining control of your backup costs is about changing the paradigm. Thinking about backup as more strategic and valuable to your business can start you on the right path.
Kelly Lipp is the chief technology officer of STORServer, Inc., a company founded in 2000 to provide data backup solutions for the mid-market. STORServer offers a complete suite of appliances, software, and services that solve today's backup, archive and disaster recovery challenges. You can contact the author at firstname.lastname@example.org.