 |
|
|
|
|
|
In my last article, I explored cloud data backup services. This article will not cover these technologies, since these options were previously covered. In addition, cloud-based backup strategies aren't the best options for remote- or branch-offices environments, due to the relatively large amounts of data, corporate data protection requirements, business availability requirements or other concerns. Thus, another set of alternatives is needed to accommodate the needs of ROBO environments.
DATA PROTECTION STRATEGIES FOR REMOTE OFFICES AND BRANCH OFFICES
Formulating a ROBO data protection strategy
Remote-office data protection technologies
Choosing ROBO technologies
ROBO data protection considerations
Remote offices with no data centers
Data protection for remote offices with data centers
Data protection for remote offices with limited data centers
Formulating a ROBO data protection strategy
There is never one right answer for every situation, but to formulate a remote-office/branch-office data protection strategy that meets business needs cost effectively, several questions must first be answered.
As always, one size does not fit all, and you should evaluate the needs of each remote location to find the best solution for their particular requirements and environment. The answer to these questions will help determine what type of solution is most appropriate. Often a solution for a large enterprise with hundreds of branch offices, each with several hundred people, won't be appropriate for an enterprise with one or two remote offices with 20 to 50 people. Each has unique requirements that must be considered prior to creating an optimal solution.
Over the past several years, tape storage infrastructures have increasingly become economical only with large amounts of data, or for environments that must move a significant amount of data off site for disaster recovery purposes. While tape easily accommodates the ability to move data off site, the large fixed costs along with the costs associated with media handling, loss of data and other issues have made tape-based systems less appealing for many reasons.
One of the most common and worst protocols for use across a WAN is the Common Internet File System (CIFS) protocol. The CIFS protocol is used by Microsoft networks and network-attached storage (NAS) devices. Accessing a file using CIFS requires many commands, each of which incurs a delay due to the latency of the network. This protocol was designed for local networks, where delays are minimal. In this scenario, WAN acceleration products are able to improve performance for CIFS by an order of magnitude, and can often improve the performance of other common protocols significantly as well.
|
||||
|
|
|||
|
||||
WAN acceleration is designed to speed data transmissions across distances and works well in some environments. Using remote-access technologies such as Windows Terminal Server (available on Windows Server 2003 and 2008), Citrix Application Server or other similar technologies is also an option that continues to gain popularity.
One technology that works well in conjunction with other products is the use of data deduplication products. Data deduplication and virtual tape libraries are often used together, but may also be a standalone product, or coupled with a secondary storage system.
Another technology that should be considered an essential part of any solution is data backup security. Ensuring data security typically requires encryption, but not always. Data should be protected during transit (data in-flight protection) at a minimum. Additionally, best practices, corporate policies and regulatory requirements may dictate that data is encrypted while stored as well, known as "data at rest protection."
Technology |
When to deploy |
Remote access |
|
WAN optimization |
|
Backup data locally at ROBO |
|
Backup data to central site |
|
Hybrid approach |
|
ROBO data protection considerations
After business requirements are understood, the next consideration should be an evaluation of the existing infrastructure at remote-office/branch-office locations. Some of the questions that should be answered include: What WAN connectivity is already in place? Is there an existing data backup infrastructure? If so, is it integrated with central data protection policies? How will business application availability, service levels be achieved and monitored?
All of these questions should be answered before designing a proposed solution. One key piece of data protection is the software or appliance used to ensure data protection policies are implemented. Historically, this role was provided by software backup applications. When using remote-access or WAN acceleration solutions, policy-based data protection will typically occur at the corporate data centers. For data protection at remote-office/branch-office locations, it is important that the data protection policies meet local and corporate business needs and requirements.
Remote offices with no data centers
Both remote-access and WAN optimization technologies are most appropriate when data will reside in a central location, with remote offices accessing the data over a WAN. In this scenario, protecting data at local branch offices is not necessary, since all data resides at a remote or central location. This option is often one of the easiest and lowest cost options available, which explains the popularity of these solutions.
Remote network (WAN) bandwidth and distance from the primary site are considerations for both of these technologies. High bandwidth is not required, although moderate bandwidth is. Often more important than the network bandwidth is the delay or latency of the network. A DSL connection, common with many small offices, may suffice for a few people but will typically not support more than 10 users with either of these technologies. A DSL network has higher latency than other WAN connections, and typically limits upload speeds, which limits the total capacity.
WAN optimization works well when accessing data that is relatively small; a few megabytes may be accessed at reasonable speeds. However, for large data sets, or applications that are sensitive to delays, WAN acceleration will not provide sufficient improvements for this option to work well. Additionally, solutions using these WAN optimization often require a relatively high initial expenditures compared to some of the other options explored.
Remote-access software, such as Citrix XenApp and Microsoft RDP (available with Windows Terminal Server) are two of the most prevalent and most powerful options available. Both support hosting Windows applications remotely, with Citrix also supporting Unix and Linux applications. Access to applications is supported over both LAN and WAN connections. Only the visual interface of the application is transmitted, rather than the actual data. As a result, this option works well for applications that require high transaction processing and are intolerant of data delays, such as Oracle, SAP, SQL Server and other similar applications. Additionally, there is a reduced risk of data loss or theft, since the actual data is not transmitted to remote sites or computers, only an image of the data. With this technology, corporations are able to establish policies that restrict the transfer of data outside of corporate servers.
Data protection for remote offices with data centers
For remote offices that have a data center with a dedicated IT staff, a more traditional approach to data protection may work well. To determine whether a tape-based system, virtual tape library or a disk-based data backup target is the best option, several issues must be evaluated. It is imperative to meet the business service-level requirements, while also meeting any corporate requirements for disaster recovery. Many remote offices with small data centers also have local data that is unique to that location. Thus, all the corporate requirements for off-site data storage, encrypted data protection and other requirements come into play. In the past, these environments relied on local tape backup solutions with off-site storage. There are a number of problems with tape-only solutions for remote-office/branch-office environments. Often, it is difficult to meet the recovery time objective (RTO) and recovery point objective (RPO) levels with tape only, and the data protection, encryption and tape rotation issues can lead to high labor and cost overhead.
Two approaches that are well suited for ROBO environments are virtual tape library and disk-based backup devices. To provide disaster recovery, both of these methods must include replication. To work well with limited WAN connections, data deduplication is also an important aspect of these products. By reducing the amount of data transferred, the bandwidth required to support a remote-office/branch-office site is significantly reduced. Both VTLs and disk-based backup targets designed for remote-office/branch-office deployments typically include replication, data security for transmission along with data deduplication. In practice, there is little difference between a virtual tape library and a disk-based backup target, other than how the backup application interacts with these devices. VTLs emulate tape, and are often a better option for remote-office/branch-office environments that are currently using a tape infrastructure. For new deployments, using disk-based backup targets is often a better fit, requiring less local administration and less investment.
|
||||
|
|
|||
|
||||
About the author: Russ Fellows is a Senior Analyst with the Evaluator Group. He is responsible for leading research and analysis of product and market trends for NAS, virtual tape libraries and storage security.
This was first published in June 2009