E-vaulting, at its core, is the process of creating a backup or replicating important business data. The copy can be made on site, but it is typically sent off site. There's nothing new about e-vaulting; enterprise IT departments have been shipping backup tapes and replicating data to remote disk arrays and virtual tape libraries (VTL) for years. For example, shipping a tape to a vault in Atlanta, replicating an Oracle database to a secondary disk array in the data center, or transferring nightly backups to a colocation in Minneapolis might all be termed "e-vaulting." More recently, however, e-vaulting has grown to mean remote backups and replication for small and midsized businesses (SMB)/small and midsized enterprises (SME) using third-party services. This article examines e-vaulting, highlights the major considerations and roadblocks in implementation, examines the impact of e-vaulting on real-life users and looks ahead at future trends.
The goals of e-vaulting
Analysts agree that e-vaulting is all about protecting data -- usually off site for disaster recovery purposes -- but it's a difficult term to explain precisely because the definition varies depending on whom you talk to. "E-vaulting is basically a technique or a mechanism that transfers your data to offsite storage," says Greg Schulz, founder and senior analyst at the StorageIO Group in Stillwater, Minn. "It can be a technique, technology, product or service."
In fact, there is no technological difference between e-vaulting and more well-defined data protection schemes, like remote backup or remote replication. "E-vaulting is a marketing positioning term, which perhaps sounds better than remote replication," says Phil Goodwin, president of Diogenes Analytical Laboratories in Erie, Colo. "I am not aware of any significant 'secret sauce' associated with any e-vaulting solutions that are out there." The idea is the same; connect remotely to an offsite storage repository and periodically update that data.
While e-vaulting doesn't bring anything new to enterprise backups, the emergence of third-party e-vaulting services offer an appealing alternative to SMBs. For example, providers like Asigra Inc., EVault, AmeriVault Corp. and Iron Mountain Inc. offer ready-made storage facilities that charge users based on backup volumes. Users can leverage the safety of remote backups while eliminating the capital investment, personnel costs and management overhead of a separate location.
E-vaulting implementation issues
E-vaulting and remote replication rely on adequate bandwidth. There has to be enough bandwidth to move the necessary amount of data within an available time period. Some remote backups cache locally and then pass data to the remote location as time and bandwidth permit. It is also possible to use techniques like incremental backups, delta differential (a.k.a. block or file differencing), data compression and even data deduplication in order to reduce the overall data volume that must be transferred between sites. These tactics help to lower bandwidth requirements and mitigate costs, but it's important to remember that backups are made to be recovered. "People may be able to replicate remotely using a relatively low-bandwidth WAN because they're moving small amounts of data, updated data and so on," Goodwin says. "But when it comes time to restore an entire system, bandwidth will become a bottleneck."
It's not always necessary to back up or replicate all corporate data remotely, and many users employ e-vaulting only for their most valuable data. This can lower bandwidth requirements further and reduce replication costs. "It's substantially cheaper to store that data encrypted on tape for offsite storage rather than storing it on an array through an e-vault," Goodwin says, noting a particular concern for e-vaulting users who pay a monthly fee based on the amount of storage that they use. Vault the data that you will need to recovery rapidly to keep your business running.
Just as a bank vault provides controlled access and security for safety deposit boxes, e-vault implementations are often evaluated for security features. "E-vaulting implies a certain amount of security is associated with that site, both in terms of having a hardened data center and physical security to get to the data," Goodwin says. "But that's certainly not a hard and fast rule." Encryption is a principal element of security, and data should be encrypted while in flight and at rest on the remote storage system (regardless of who owns the remote site). This renders the data unreadable without a corresponding key but also entails key management to ensure that only authorized personnel can actually read the stored data. Third-party e-vaulting providers should never possess a key or back door into user data. Physical security is another consideration that is often overlooked. A remote site should restrict server and disk array access to key employees only.
Don't overlook the importance of infrastructure and configuration. Companies that replicate their own data typically consider the impact of changes to their data center or IT infrastructure, but using an outside e-vaulting provider can result in a communication gap. Your e-vaulting provider can generally advise you on any setup or configuration changes that might be needed to accommodate new storage arrays, databases and other changes; helping to ensure uninterrupted backup or replication. Be sure to keep your e-vaulting provider updated with your most current contact information so that any warning or alert emails go to the correct recipient.
Finally, be sure to implement periodic checks to ensure that your data is actually available and recoverable. An annual or semiannual recovery drill is an excellent way to test the recovery process and keep an outside service provider on its toes. "You don't want to wake up one morning and discover that it [backup] has been out of control for six months," Goodwin says.
The impact of e-vaulting
Although the definition of e-vaulting can vary depending on whom you speak with, it's having a clear impact on SMBs. Larger enterprises can vault their own data onsite or send the data to a backup data center located hundreds or even thousands of miles away. But smaller enterprises typically lack the IT staff and capital budget to implement their own e-vaulting architecture. Service providers, like Iron Mountain, EVault, AmeriVault and others are filling this void -- offering third-party e-vaulting services that are meeting the backup needs of SMB/SME users.
For First Citizens National Bank in Dyersburg, Tenn., the challenge is to protect over 3 terabytes (TB) of vital banking information across one data center and 17 local branches. Beyond ordinary threats like fire, the nearby New Madrid fault poses a serious earthquake danger to the entire region, forcing the bank to consider more robust and reliable alternatives to its traditional off-site tape backups. "We wanted to get our data to a different part of the country quickly," says Jeff Tippett, information services technical support network administrator. EVault emerged as a preferred service provider, meeting the need for a distant repository in Atlanta Ga., more than 400 miles from Dyersburg and well outside of the New Madrid fault zone.
Tippett notes that disasters like Hurricane Katrina have really changed the way that businesses deal with backups and disaster recovery. "Banks are now looking at their backups with a better view," he says. "Before [Katrina] a bank would never send their data out to an external source -- especially over the Internet." Today, however, remote backup and replication processes are easily secured with encryption standards, like AES 128 or AES 256, which protect the data in flight and at rest with the service provider. Encryption is also managed with a single key owned by the user, meaning that only the bank can decrypt and use its data again. Tippett is completely confident that this approach meets regulatory and compliance requirements.
According to Tippett, EVault required no upgrades to the bank's IT infrastructure, though a second T1 line was added for greater bandwidth. Once the EVault software was installed and several minor firewall configuration issues were ironed out, the service was up and running. The initial upload or data copy can take significant time, but subsequent backups can be dramatically shorter because only changes are saved across the Internet. For First Citizens, an initial upload of 4.5 GB took about three hours, while a typical nightly update (about 7 MB of changed data) took less than five minutes. The bank is still adding to its backup data set, but Tippett is happy with the initial performance results and almost negligible management overhead needed to manage the offsite backup process.
Limited IT staff and resources can also enhance the appeal of third-party e-vaulting -- freeing precious time to tackle more pressing IT tasks and management. This was the problem for Asha Joshi, IT manager at the investment firm of Cooke & Bieler LP. Even with only 100 GB of storage between offices in Philadelphia, Pa., and Charlotte, N.C., it was difficult to juggle nightly backups along with desktop support, disaster recovery planning, server maintenance, and other IT responsibilities. "It was getting cumbersome to have either tape backup or disk arrays and maintain them," Joshi says. "I was sending tape backups off site but that wasn't enough -- we had to do something more."
The answer for Joshi was to outsource the company backups to Iron Mountain through a WAN link, achieving more efficient and more reliable backups through a provider with proven history in the disaster recovery business. "Our management didn't want to go with an unknown provider," Joshi says. "And they [Iron Mountain] have facilities that backup to another backup facility, so that was really reassuring."
Iron Mountain's e-vaulting process provided the ease and flexibility that Joshi needed. Iron Mountain provided the backup software, along with a network attached storage (NAS) storage device. Backups are first generated locally to the NAS device and then transferred across the WAN as time and bandwidth permit. This keeps a local backup for quick restores and allows remote backups to be accomplished across the company's current T1 line. AES-256 encryption keeps data secure in-flight and at rest at the remote location. The user has the only key, so data is inaccessible to anyone other than the customer.
The initial installation and setup was spread out over about one week, but once the software was properly configured to communicate through the corporate firewall and establish contact with the remote location, it was just a matter of defining a backup set and scheduling. Ongoing management is virtually negligible. "I do make sure that everything is working OK, and if something does stop working, I get an email from Iron Mountain," Joshi says. "It [e-vaulting] is a great solution if you don't have enough manpower, if you're a small company or if you're trying to save on maintenance expenses."
The future of e-vaulting
Data replication and backups between remote sites should continue to be an important practice for the enterprise -- it eliminates tapes and speeds the backup and restoration processes. But analysts see significant potential for third-party e-vaulting services that enable SMBs to ensure timely backups while minimizing complexity. "I see that as a huge growth opportunity both at the enterprise down into the midmarket," Schulz says, noting an even bigger impact on the SMB and suggesting that Internet service providers (ISP) may eventually offer critical file backup services for their small office and home office (SOHO) users. Even further out, analysts see the eventual rise of value-added services, such as electronic discovery to complement e-vaulting services. ***