Data protection strategies for remote and branch offices

Many large corporations have many smaller remote offices or branch offices (ROBOs) that create and use data. Learn the best strategy for your ROBO data protection.

By Russ Fellows

Russ Fellows, SearchDataBackup contributor

The majority of businesses do not belong to the Fortune 2000 club, yet most have data protection and data security requirements that are just as critical. Additionally, many large corporations have many smaller remote offices or branch offices (ROBOs) that create and use data. Any company with remote offices or branch offices requires solutions that can support corporate data protection and business service levels with distributed data centers.

In my last article, I explored cloud data backup services. This article will not cover these technologies, since these options were previously covered. In addition, cloud-based backup strategies aren't the best options for remote- or branch-offices environments, due to the relatively large amounts of data, corporate data protection requirements, business availability requirements or other concerns. Thus, another set of alternatives is needed to accommodate the needs of ROBO environments.



Formulating a ROBO data protection strategy 
Remote-office data protection technologies 
Choosing ROBO technologies 
ROBO data protection considerations
Remote offices with no data centers
Data protection for remote offices with data centers
Data protection for remote offices with limited data centers

Formulating a ROBO data protection strategy

There is never one right answer for every situation, but to formulate a remote-office/branch-office data protection strategy that meets business needs cost effectively, several questions must first be answered.

  1. How many total sites are involved?
  2. What are the business application requirements?
  3. How much data resides at remote sites?
  4. What type (if any) of administrative expertise exists at remote locations?
  5. What's the existing infrastructure?
  6. What type of data connections are in place between remote offices?
  7. What is the budget?

As always, one size does not fit all, and you should evaluate the needs of each remote location to find the best solution for their particular requirements and environment. The answer to these questions will help determine what type of solution is most appropriate. Often a solution for a large enterprise with hundreds of branch offices, each with several hundred people, won't be appropriate for an enterprise with one or two remote offices with 20 to 50 people. Each has unique requirements that must be considered prior to creating an optimal solution.

Remote-office data protection technologies

Over the past several years, tape storage infrastructures have increasingly become economical only with large amounts of data, or for environments that must move a significant amount of data off site for disaster recovery purposes. While tape easily accommodates the ability to move data off site, the large fixed costs along with the costs associated with media handling, loss of data and other issues have made tape-based systems less appealing for many reasons.

One of the most common and worst protocols for use across a WAN is the Common Internet File System (CIFS) protocol. The CIFS protocol is used by Microsoft networks and network-attached storage (NAS) devices. Accessing a file using CIFS requires many commands, each of which incurs a delay due to the latency of the network. This protocol was designed for local networks, where delays are minimal. In this scenario, WAN acceleration products are able to improve performance for CIFS by an order of magnitude, and can often improve the performance of other common protocols significantly as well.

Data protection products for ROBOs: Download our chart
Download our chart "A sampling of data protection products for ROBOs." This chart is a high-level overview of companies and technology components that may be used to create a data protection solution for an enterprise with remote or branch offices. This chart is not an exhaustive list of vendors and technologies, but rather provides a starting point for considering which vendors offer products in specific categories for ROBO data protection.

An option that is not always evaluated is reducing or eliminating the need to protect data at remote or branch offices entirely. By using WAN acceleration or remote-access technologies, all data can be maintained and protected at a central location, thus eliminating the need for data protection at ROBO locations. This option works well for small sites with limited on-site IT expertise, or a limited amount of data.

WAN acceleration is designed to speed data transmissions across distances and works well in some environments. Using remote-access technologies such as Windows Terminal Server (available on Windows Server 2003 and 2008), Citrix Application Server or other similar technologies is also an option that continues to gain popularity.

One technology that works well in conjunction with other products is the use of data deduplication products. Data deduplication and virtual tape libraries are often used together, but may also be a standalone product, or coupled with a secondary storage system.

Another technology that should be considered an essential part of any solution is data backup security. Ensuring data security typically requires encryption, but not always. Data should be protected during transit (data in-flight protection) at a minimum. Additionally, best practices, corporate policies and regulatory requirements may dictate that data is encrypted while stored as well, known as "data at rest protection."

Choosing ROBO technologies


After understanding the business requirements, and answering the questions listed above, it is possible to develop a strategy for protecting data. The strategy should be optimized for your environment and the application requirements. An overall strategy may encompass using several technologies. The table below "Choosing ROBO data protection technologies" provides an overview of when particular data protection technology approaches are most appropriate.

There are several alternatives available for protecting data in ROBO environments, which at a high level may be characterized as follows:

Table 1: Choosing ROBO data protection technologies


When to deploy

Remote access

  • Limited IT at ROBO
  • Centralized database applications
  • Large amounts of data
  • Environments with moderate network connectivity (T1)

WAN optimization

  • Limited IT at ROBO
  • Applications require access to file data
  • Moderate amounts of data
  • Environments with moderate network connectivity (T1)

Backup data locally at ROBO

  • On-site IT at ROBO
  • Large amount of data
  • Data used at ROBO sites is not used at central location
  • Limited network connectivity (slow DSL or less)

Backup data to central site

  • Limited IT at ROBO
  • Moderate amounts of data (typically less than 10 TB can be protected daily)
  • Network connectivity sufficient for amount of data protection (T1 = 625 MB / hour)

Hybrid approach

  • Multiple applications and/or data sizes
  • Large workforce at ROBO sites with diverse needs

ROBO data protection considerations

After business requirements are understood, the next consideration should be an evaluation of the existing infrastructure at remote-office/branch-office locations. Some of the questions that should be answered include: What WAN connectivity is already in place? Is there an existing data backup infrastructure? If so, is it integrated with central data protection policies? How will business application availability, service levels be achieved and monitored?

All of these questions should be answered before designing a proposed solution. One key piece of data protection is the software or appliance used to ensure data protection policies are implemented. Historically, this role was provided by software backup applications. When using remote-access or WAN acceleration solutions, policy-based data protection will typically occur at the corporate data centers. For data protection at remote-office/branch-office locations, it is important that the data protection policies meet local and corporate business needs and requirements.

Remote offices with no data centers

Both remote-access and WAN optimization technologies are most appropriate when data will reside in a central location, with remote offices accessing the data over a WAN. In this scenario, protecting data at local branch offices is not necessary, since all data resides at a remote or central location. This option is often one of the easiest and lowest cost options available, which explains the popularity of these solutions.

Remote network (WAN) bandwidth and distance from the primary site are considerations for both of these technologies. High bandwidth is not required, although moderate bandwidth is. Often more important than the network bandwidth is the delay or latency of the network. A DSL connection, common with many small offices, may suffice for a few people but will typically not support more than 10 users with either of these technologies. A DSL network has higher latency than other WAN connections, and typically limits upload speeds, which limits the total capacity.

WAN optimization works well when accessing data that is relatively small; a few megabytes may be accessed at reasonable speeds. However, for large data sets, or applications that are sensitive to delays, WAN acceleration will not provide sufficient improvements for this option to work well. Additionally, solutions using these WAN optimization often require a relatively high initial expenditures compared to some of the other options explored.

Remote-access software, such as Citrix XenApp and Microsoft RDP (available with Windows Terminal Server) are two of the most prevalent and most powerful options available. Both support hosting Windows applications remotely, with Citrix also supporting Unix and Linux applications. Access to applications is supported over both LAN and WAN connections. Only the visual interface of the application is transmitted, rather than the actual data. As a result, this option works well for applications that require high transaction processing and are intolerant of data delays, such as Oracle, SAP, SQL Server and other similar applications. Additionally, there is a reduced risk of data loss or theft, since the actual data is not transmitted to remote sites or computers, only an image of the data. With this technology, corporations are able to establish policies that restrict the transfer of data outside of corporate servers.

Data protection for remote offices with data centers

For remote offices that have a data center with a dedicated IT staff, a more traditional approach to data protection may work well. To determine whether a tape-based system, virtual tape library or a disk-based data backup target is the best option, several issues must be evaluated. It is imperative to meet the business service-level requirements, while also meeting any corporate requirements for disaster recovery. Many remote offices with small data centers also have local data that is unique to that location. Thus, all the corporate requirements for off-site data storage, encrypted data protection and other requirements come into play. In the past, these environments relied on local tape backup solutions with off-site storage. There are a number of problems with tape-only solutions for remote-office/branch-office environments. Often, it is difficult to meet the recovery time objective (RTO) and recovery point objective (RPO) levels with tape only, and the data protection, encryption and tape rotation issues can lead to high labor and cost overhead.

Two approaches that are well suited for ROBO environments are virtual tape library and disk-based backup devices. To provide disaster recovery, both of these methods must include replication. To work well with limited WAN connections, data deduplication is also an important aspect of these products. By reducing the amount of data transferred, the bandwidth required to support a remote-office/branch-office site is significantly reduced. Both VTLs and disk-based backup targets designed for remote-office/branch-office deployments typically include replication, data security for transmission along with data deduplication. In practice, there is little difference between a virtual tape library and a disk-based backup target, other than how the backup application interacts with these devices. VTLs emulate tape, and are often a better option for remote-office/branch-office environments that are currently using a tape infrastructure. For new deployments, using disk-based backup targets is often a better fit, requiring less local administration and less investment.

Remote offices with limited data centers

A remote office with a limited data center may require elements of both larger and smaller remote-office/branch-office solutions. This environment may have a single person dedicated to IT and require a small data center. In these cases, it may be appropriate to design a solution that incorporates aspects of the other two alternatives, on a per application or workgroup basis. For example, one group may primarily use an SAP application, and another workgroup may create and edit local CAD drawings. In this case, deploying remote access for the group using SAP may be the best option to overcome network delays for this latency sensitive application. To support the local CAD application, backing up data to a disk target, which is then replicated to the primary data center, may be the best option.

More on remote office/branch office data protection
A tutorial on remote data backup technology

The pros and cons of cloud backup technologies

Indianapolis Colts hand off data backups to Venyu

Symantec launches Managed Backup Services for NetBackup customers

As outlined, companies with remote and branch offices should first determine their business needs and understand their infrastructure by answering the initial set of seven questions. With these items well understood, it is then possible to explore the variety of technologies available and formulate a ROBO data protection strategy. With the advent of data deduplication, remote connectivity, WAN acceleration, VTLs, disk backup targets and remote replication technologies, there have never been more options available. With a ROBO strategy and set of technologies identified, it is possible to create a solution that implements the strategy. By following this outline, an IT staff coupled with advisory services from independent organizations will be able to create remote office and branch office data protection solutions that meet the identified requirements, effectively and affordably.


About the author: Russ Fellows is a Senior Analyst with the Evaluator Group. He is responsible for leading research and analysis of product and market trends for NAS, virtual tape libraries and storage security.

Dig Deeper on Remote data protection