Data security as a service

For all their differences, SMBs and ROBOs (remote offices/branch offices) have one unavoidable headache in common: designing a robust backup and recovery system at a justifiable cost.

When backing up network assets, larger, centralized organizations typically employ expansive -- and expensive -- automated tape systems. Although such backups may go to disk first for performance reasons, almost all end up on tape. An off-site vault provider then maintains copies of backup tapes in case of disaster. To meet recovery requirements for important applications, some large-scale enterprises tap more advanced methods, such as replication or CDP (continuous data protection).

SMBs and ROBOs rarely have the luxury, however, of duplicating big-time backup schemes on a small scale. Typically, they lack the administrative and operational expertise, the capital for tape hardware, or the money to pay an off-site vault company month after month. The unfortunate result is that many small offices do not back up their data at all -- or they use an inexpensive system fraught with design flaws and operational challenges, such as a single tape drive that performs a full backup every night. Those tapes typically stay on site and in many cases sit inside the backup server, allowing a single break-in or fire to destroy everything. Worse, lack of oversight may mean that backups are routinely falling under the radar -- until a failed attempt at restoring them gets somebody fired.

SMBs and ROBOs know they need backups that work. They just can't perform them affordably and reliably. What's needed is the equivalent of an AOL for backups -- click OK, pick a screen name, and make backups happen. But the relatively slow connections typical of SMBs and ROBOs mean that conventional backup schemes, in which one change to a huge file results in that entire file being backed up, must be replaced by more intelligent, incremental schemes.

Backup on a human scale

Vendors such as Asigra, Avamar, Connected, EVault, and LiveVault offer products and services that enable administrators to perform advanced incremental backups with point-and-click ease. All allow you to load their software onto your environment, which you then back up to a remote vaulting service via the Internet. And they all encrypt the data for security reasons.

Administrators can select individual drives and directories as well as certain file types to include or exclude. Most offerings support auto-discovery, allowing you to back up all drives on the system automatically, without having to update the software every time you add a new drive or file system. LiveVault and Connected enable you to manage their products via the Web, whereas the other products are managed by software loaded onto your environment, such as a Windows workstation. Some also have Java consoles that can be installed on other platforms.

In most cases, you need to install an agent on each machine that is to be backed up. With Asigra's software, however, you select one system in your environment to be the "ds-client," which then communicates automatically with all systems in your environment using a variety of protocols, including SSH, CIFS, or NFS. It even performs hot backups of databases using this approach. Asigra doesn't charge for its ds-client or database agents; it bills only for the amount of data you're protecting.

Asigra also provides the broadest platform support, as its agentless model not only supports major Unix platforms but any platform that can export an NFS or CIFS share. Second in terms of platform support is EVault, followed by LiveVault and Connected. Most products and services provide flexible backup scheduling, allowing customers to perform backups every hour, every minute, and so on. CDP -- in which a file is backed up automatically as soon as it is created or changed -- is currently offered only by LiveVault, although Asigra says it has plans to support CDP in the future.

A new backup paradigm

Backup services add a remote wrinkle to a familiar architecture: There are clients to be backed up, a remote recovery server, an optional tape archive, and optional local recovery server. Client software is installed on the systems to be backed up, allowing backups to either the local or remote recovery server. If stored locally, backups are automatically replicated to the remote recovery server, which may be owned by a BSP (backup server provider) or by a large enterprise that wants to maintain the process.

Companies usually start out by backing up directly to a BSP, minimizing the capital outlay -- no servers to buy or maintain. The charges are based solely on the number of gigabytes stored per month at the BSP. The downside, however, is that all data is remote. Small files can be restored remotely; large restores, however, require the BSP to cut a CD, tape, or portable disk and ship back it to the customer.

A more sophisticated backup methodology involves obtaining a local recovery server -- which can provide quick restores of large systems -- and then replicating backed-up data to a BSP for disaster purposes. This model gives the customer exactly the same level of data protection that an enterprise datacenter does, but for a fraction of the cost. The local-recovery-server option is available from Asigra, Avamar, EVault, and LiveVault and ranges in cost from free (Asigra) to tens of thousands of dollars, depending on vendor and data volume.

Companies with considerable backup volumes may eventually grow disenchanted with per-gigabyte monthly fees. Such companies should consider purchasing a remote recovery server from their BSP and managing it themselves. Even a small business can do this by putting the server at a collocation facility. All of the vendors covered here offer this option.

Make or break decisions

Remote backup providers have gone to great lengths to develop features that minimize bandwidth and capacity demands. Take LiveVault's delta restore feature. The software knows which blocks of a file have changed since the time you asked to restore it, so it only needs to send those blocks back to the client to reassemble the file. That can save a lot of bandwidth when your file is corrupted and not deleted.

Because you're paying for what you're storing, it's also important to consider what each backup offering does to eliminate redundant data. The solutions from Asigra, Avamar, and Connected, eliminate redundant files in the vault. If you have the same spreadsheet on three different systems, for example, these products ensure it is stored in the vault only once. If you have a high amount of redundancy in your environment, this can save a lot of money.

Another significant data point is the number of protected terabytes -- that is, the total size of the customer data protected by the solution. In this area, Asigra is the clear winner; it claims its BSPs protect more than three petabytes. That makes Asigra the best-kept secret in data protection, probably because its software is usually rebranded.

The final word on these products comes from those who use them. When he first looked at his Avamar system, Steve Merkel of Data393 says he was certain he was "seeing things". He had been performing virtual, full backups every night on 65GB of data but noticed only 0.05 percent of the data was going across the wire. In the end, however, his "six-month testing cycle" proved what he was seeing was correct.

"Everyone would be doing backups like this" if they knew how easy and cost-effective it is, adds Tim Hannibal, who works at VaultLogix, an Asigra customer and service provider.

Such offerings show that you don't need to buy a $US20,000 tape library and sign a large contract with an off-site vault vendor to have automated backups. You just need to install some software, pay a monthly fee to a BSP, and worry about something else for a change.

About five petabytes of data are being backed up by electronic vaulting services today. Although that number just scratches the surface of all the data out there, it also represents millions of happy customers and untold thousands of successful restores. Based on the evidence, a sizable portion of low-volume remote backups are most likely working better than those in big data centres.

E-mail archiving: a special case

Small, dispersed offices aren't alone in demanding special backup treatment. Mail servers in organizations large and small need practical, efficient solutions that simplify archiving and retrieving e-mail from cumbersome Microsoft Exchange and Lotus Notes/Domino mail stores.

The myth is that solutions such as EMC EmailXtender, iLumin Assentor Enterprise, or Symantec/Veritas Enterprise Vault -- or hosted services offered by the likes of NaviSite, Sentinare, and Zantaz -- need only be implemented by financial trading firms. In truth, any company with an e-mail server or two should consider an e-mail archiving system, thanks to the increasing popularity of electronic discovery requests during lawsuits. For example, judges have ordered companies to present every e-mail between two parties in the past five years -- and in one case, all messages sent to customers containing the words "promise and guarantee" or the phrase "I swear."

The problem with such requests is that they're not impossible. All you have to do is restore every full and incremental backup of Exchange for the past five years, search for the appropriate phrases, drag and drop the messages into a folder, and then export that folder into a PST file. The judge doesn't care how much this costs you or how long it takes -- just do it.

If you had an e-mail archiving system, you would simply run the search that the judges ask for, and it would automatically create the appropriate export file for you. Something that would have taken months of time and hundreds of thousands of dollars now takes five minutes and costs nothing.

Also consider the problem of large e-mail servers and multiple e-mail servers. At some point, almost every company feels its Exchange server contains too much "old data" and implements e-mail quotas. All quotas do, though, is create other problems. Users still want access to old e-mail, so they create an offline archive; the biggest disk hogs often store that offline archive on the file server because they still want it backed up.

This storage method actually exacerbates the problem it was meant to solve because offline archives can't provide the single-instance store features that e-mail servers can. Instead, the 50MB attachment you wanted deleted from the e-mail server now resides on 10 users' offline archives -- which may actually be stored on the file server. Another pitfall: nonsavvy users sometimes accidentally create an offline archive of important e-mail on a laptop, resulting in important intellectual property not being backed up at all.

E-mail archiving systems solve the space problem by pulling out old e-mails, large attachments, and redundant messages among multiple e-mail servers, storing them instead in an instantly accessible location. The e-mails and attachments appear to still be in the e-mail server, but they are actually stored somewhere else. This speeds up e-mail server backups and restores, saves space, and eliminates redundancy across the environment, often bringing tremendous ROI to the IT department as soon as the e-mail archiving system is implemented.

Join the newsletter!


Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

More about AOLDeltaEMC CorporationGigabyteHISILuminLiveVaultMicrosoftNaviSitePromiseSymantecVeritasVeritasVIAZantaz

Show Comments