By Shea Stewart, Solution Architect at Scalar.
As a storage administrator, backup administrator, or some Canadian variant (beer fridge manager?), one of your responsibilities is to ensure that your product (i.e. “company” data) is available, accessible, and secured.
While there is (a LOT) more to this job, the basic requirements can be complicated in an environment of any size. You likely have multiple roles to perform, and fulfilling the above data protection management responsibilities can become increasingly difficult as your data footprint grows each day.
The following are some concepts or tools that may assist with your day-to-day operations and free up time to work on the fun items on your to-do list.
1. Have the business define its data.
Talk to your application and data owners often about their requirements and the services you can provide. Share the responsibility of protecting their data.
The data does not belong to you, but there is an application or business owner that is affected if the data is not accessible. Ask them for their input on the value and usefulness of the data that you protect for them. They should provide guidance on both of the retention requirements of the application, i.e. how quickly they need the data back (RTO), and from what point in time (RPO). They should also be able to guide you on the security requirements of the data copies, as well as any compliance requirements that you need to be readily verified and tested.
2. It’s all about (secure) recoverability.
Leverage new tools or built-in functionality that continuously ensure security, reduce restore time, and enable self-service as much as possible.
Backup time matters to you, recovery time matters to your clients and end-users.
- Can you offer a self-service tool?
Many storage systems can integrate VSS or hardware based snapshots with Windows file services so that end-users can perform their own restore. Other tools (i.e. CommVault Simpana Edge, Symantec NetBackup Opscenter, EMC Networker, etc.) provide the ability for users to access a self-service portal to initiate their own restores, while ensuring data security and detailed event logging.
- Can you offer application-level recovery that reduces the recovery time?
With the widespread deployment of virtualization, it has become very easy to take a snapshot or copy a whole virtual machine as a complete backup. Traditional restore from this process, however, was a challenge and involved collaboration between the storage and virtualization teams. Some platforms (i.e. CommVault, Symantec, EMC, NetApp) enable single file or application level recovery and automate all of the steps in-between. If your current toolset does not provide the granular level of restore that you desire, consider layering an application agent that will enable this functionality and reduce restore times.
- Can you ensure that recoverable data is secure?
Unstructured data is still widely used in many small and large businesses today, and while it is not your job to review every security ACL in the environment, you will need to assist your business to ensure that production and backup data is only available to the appropriate individuals. There are tools that exist (i.e. Varonis DatAdvantage, CommVault SRM, etc.) that can provide regular audits of the environment and automate reporting for application owners to review on a regular basis.
3. There’s more than just recoverability.
Leverage your backup data on disk to offload primary storage resources and provide insight into multiple types of data for the business.
While data protection is about recoverability, it is now increasingly being used to provide additional value to the business. Data that has been backed up to disk can be used to offload production storage resources for items such as:
- Rapid cloning for testing and development purposes
- Content indexing for enterprise search, legal hold, and self-service recovery
- Identification of data eligible for archive during the next pass
- Report generation for capacity planning, content classification across multiple data types, and security verification
4. Your data is distributed, your management tools should not be.
Look for areas to consolidate backup tools or centralize discovery and reporting on all protected assets within the environment. This will reduce risk and simplify day-to-day operations.
In many environments it is common to see multiple data protection tools in action:
- Snapshot management tools (NetApp SnapManager, EMC RecoverPoint / TimeFinder, etc.),
- Application-specific backup tools (Veeam, AvePoint, Avamar, etc.), and
- One or more backup applications (Symantec BackupExec/NetBackup, EMC Networker, CommVault Simpana, etc.).
While some tools may best suited for a particular application or environment, it is complicated to oversee multiple tools in an environment and opportunities for consolidation should be reviewed. Applications such as Symantec NetBackup or CommVault Simpana provide some level of hardware snapshot integration and can help centralize reporting and catalogue management for multiple tools in the environment. And if consolidation at that level is not enough, or the environment also operates more than one backup suite, tools such as EMC Data Protection Advisor can provide centralized reporting, discovery, and management of multiple environments.
5. Discover… regularly.
Whether using one tool or many, ensure that frequent discovery scans of the environment are run to identify digital assets with missing or misappropriated protection policies. Send an automated weekly report to application owners if possible, and review the content often.
Data protection is often the last thought when a new server or service needs to be turned up within an environment. Many tools, such as CommVault Simpana or EMC Data Protection Advisor, provide the capability to run regular scheduled scans of the environment to identify assets that may be missing a data protection policy. Even VMware Site Recovery Manager automatically determines whether a replicated virtual machine has been assigned to a protection group or not. Once the discovery has been run, you can then decide to create a ‘catch all’ protection policy, or alert on the event so that the asset can be reviewed and protected appropriately.
6. Test… regularly.
Set aside the time and do it. Enough said.
Scalar provides assessment services related to data protection and information lifecycle management; Scalar is also a close partner with the vendors mentioned and can assist clients in evaluating the appropriate tools to optimize security, performance, and control of end-user data. Contact us to learn more!