Enterprise Strategy Group
Published: 15 Sep 2003
|Eight key questions|
Those are accurate pictures of data center storage requirements, but what about all those remote offices out there? Large companies have dozens of domestic remote offices, and perhaps some overseas. However small or far-flung, the data in these offices can be critical. Increasingly that data is also subject to retention and privacy laws and regulations that mean your traditional "hear no evil, see no evil" relationship with branch offices will no longer cut it.
Remote office storage is humbler than its enterprise cousins. We're not looking at independent direct-attached storage (DAS), let alone network-attached storage (NAS) or a storage area network (SAN). Remote office storage is likely to live within Intel-based servers. Depending on its size, each remote office may have from one to three servers, generally performing tasks such as file serving and e-mail, although some run specific business applications.
More to the point, many remote offices have no IT staff. Desktop management and help desk tasks are either handled by central IT or farmed out to a local outsourcer. Day-to-day storage tasks are usually handled as an afterthought by a local operations, facilities or administrative person. These folks get basic training on backup: how to install a tape, run a few commands and remove the tape when the job is completed. Perhaps they've been told how to label and store the tape--perhaps not.
Vital data unprotected
Here's the newsflash: Those backup tapes are mission-critical, and contain user data, transaction records and customer information. What's more, some of the data in remote offices could fall under the auspices of regulations such as Gramm-Leach-Bliley or the HIPAA. Without proper policies, companies can unknowingly get out of synch with regulatory compliance.
Each remote office requires tape drives, tapes and some type of tape storage process. How much does this cost each year? If you're like most companies--not that much. At your current level of spending, you're buying poor processes that put critical data at risk. What would happen if one of these offices burned to the ground and IT had to restore systems from tape? Pretty scary.
Clearly, something should be done.The key is to plan a short- and long-term strategy. The first priority is to improve operations and close security vulnerabilities. The strategic objective should be to find an appropriate technical solution that best eliminates remote office costs, operational overhead and security risks.
For the short-term, start by understanding the outlines of the problem (see "Eight key questions" on this page). You'll want to assign this mission to a detail-oriented IT project manager who can create a spreadsheet for record keeping and reports for management analysis. Next, build a project plan and priority list. Look for remote office data that meets one or more of these criteria:
- Is it part of a regulatory compliance effort?
- Does it contain a significant amount of intellectual property?
- Does it house a number of senior executives?
Data at these sites must be protected as soon as possible. Aside from these examples, find sites that have experienced operational problems with data management in the past. Were there ever problems with file or system restores at any of the remote offices? How much central IT support was required? Who did what?
Once this research and prioritization is completed, you'll have a good idea of what's out there, past problems and where to start. The next step is to develop a solution. Start by developing and implementing a technology configuration and operating process.
Standard backup configurations are pretty straightforward. Define a common tape backup software product, tape technology and tape manufacturer. This is where your earlier site audit research will come in handy. Look through your list of remote site equipment and determine which operating systems you'll need to support. You probably have a mix of Windows and leading Unix servers, but are there others? You may have a sprinkling of Linux boxes. You also may have some oddball systems running DG-UX, Digital Unix or a NetWare NLM. Choose a backup software product that supports as many of these operating environments as possible. (Note: Because these one-off systems will be difficult to backup, consider whether to migrate off these platforms).
As for tape drive and manufacturer, select a common technology with the performance and capacity to address your needs. Modern superdrives such as DLT or LTO should work. Plan a three-year migration strategy to populate your remote offices with this standard configuration, starting with high-priority sites. Even though remote offices may have their own budgets, procure all equipment through central IT purchasing to get the best discounts.
In conjunction with a standard technology configuration, you'll want to develop a standard operating procedure for backup as well. Create a training class for everyone who does the backups. Make your process specific to the functionality in the backup software you select. Develop standard policies and procedures for full and incremental backups, tape management and off-site rotation. To assess progress and day-to-day management, make sure to create some standard reports that all of the remote sites can share with central IT. Don't forget to assign an IT person to manage this process.
A final short-term detail is to ensure that all servers and storage media are secure. Remote office security is notoriously poor, so you'll want to get the chief security officer and staff members to help here. Move all systems to secure, locked areas with restricted, auditable access systems. Change the default settings on the servers. Restrict access to these servers to a select few IT personnel and encrypt all password files and network transmissions.
With a short-term plan in place, you can now form a strategic long-term plan. Start with a cost/benefit analysis to see if centralized backup makes financial sense. Add the cost of all equipment, staff, tape media and storage facilities for remote backup, and then compare it to the additional centralized staff, bandwidth and technology you'll need to do centralized backup. As bandwidth prices decreases, this ought to be more attractive.
Explore some emerging technologies that have the potential to ease this transition. IP-based storage technologies such as iSCSI may make it possible to centralize all storage. Have your storage engineers check out solutions from companies such as Cisco Systems Inc., CNT and Nishan Systems. Another option is to leave the physical storage distributed, but centralize backups. Most backup products don't deal well with a WAN, so you'll need additional software--evaluate options from companies such as CommVault Systems, NSI Software and Signiant.
Finally, data at risk should be an immediate call for IT action. Smart managers won't use this problem as an excuse for implementing new technology, but they will take a pragmatic approach that includes a short- and long-term strategy. The immediate goal should be to protect vulnerable data. Over the longer term, the objective should be to let the network do the work, consolidate the data and let central IT use its time-tested operations to offer the highest levels of protection.