Storage Decisions: How to set up a data protection SLA

Setting up a data protection service-level agreement is a two-step process. First data protection is aligned with the business, then the data protection methods are chosen.

CHICAGO -- Data protection was a hot topic at Storage Decisions Tuesday, with storage administrators flocking to sessions for tips to help make their storage tasks less complicated.

In one session, Brian Greenberg, a data protection services manager and architect for a financial services company, told the audience how to set up a data protection service-level agreement (SLA). Greenberg said a data protection SLA for an internal customer and external customer would be different than a storage SLA, but could be a subset of one. He said that a good SLA defines "what needs to be protected and how long."

More on data protection
IBM acquires Diligent for data deduplication, VTL 

How to evaluate software-based data deduplication products  

How to evaluate policy manager software
Greenberg laid out a two-step process to setting up the SLA. The first step involves aligning data protection with the business, and requires administrators to determine issues, such as the cost of data protection, who the data owners are, what the data is and where it lives, what the recovery time objective (RTO) and recovery point objective (RPO) are, encryption requirements and retention periods of data.

The second step involves data protection methods. Greenberg said data protection requirements must be driven by legal and business needs. "Shape the technology around business processes, not the other way around," he said.

In the data protection step, administrators need to determine which data protection architectures they need to meet their business requirements, and what the cost of that will be. This includes determining levels of risk – for example, the issuse of whether data on VTLs and deduplication devices must be replicated offline.

Greenberg advised his audience to build in enough time to recover internally from any outage to be able to get their customers back in time to meet customers' SLAs.

Meanwhile, Henry Johnson, a senior team leader at a Fortune 500 healthcare services organization, talked about "negotiating the backup and recovery maze."

Johnson offered tips for better backup and recovery, including caveats on disk backup technologies such as virtual tape libraries (VTLs) and data deduplication. "With VTLs, what happens when multiple drives fail?" he asked. "You can survive with one failure, but with two failures, you'll be looking for a job."

Johnson also said he is a fan of data deduplication, but "there's no free lunch. You'll have to pay the cost of maintaining the disk. Some dedupe systems will have multiple islands. Will cost come down? I don't think so."

Greenberg and Johnson, and probably most of those who attended their sessions, agreed that the need to learn about new disk technologies, and data backup and retention policies while dealing with the traditional tape and backup software processes has changed the life of backup administrators.

"Data protection is becoming far more complicated," Greenberg said. "Data protection has become a true discipline and profession. Data protection engineers need to know more than how to operate NetBackup."

Dig Deeper on Remote data protection