Backing up: save the data, save the day
All hardware fails – and backup is seen as boring and unreliable. That combination is the perfect opportunity for you to provide a service that provides business continuity and ongoing revenue. But how do you design the right backup system?
Ever since we’ve had business computers, there have been warnings about the failure of computer systems, data loss and the impact on companies and their business. But after all this time the message still falls on deaf ears. Users and even IT staff seem to treat backup as an optional extra, and not an option they want.
With the rise in natural disasters, increasing threats to data and equipment and even terrorism, systems need to be protected. In addition, the increasing amounts of compliance legislation mean even smaller businesses have to pay more attention to what they do with data. Losing it is not an option and protecting it can be good for your business as well as your clients.
See the Windows Server 2008 tools described in this feature in action:
Click here to see Greg Shields walk you through Event Subscriptions in Windows Server 2008
Click here to see Ian Murphy walk you through creating a replication service using PlateSpin Forge
It’s not just carelessness; there are rational reasons why people think so poorly of backing up. Their own perceptions, the failure of successive generations of technologies to deliver a simple solution, ineffective business processes - these all contribute to the problem. The perception is that backup is boring, thankless, time consuming and a job for the most junior member of an operations team because no-one else wants it. Understand how customers think about backup and you’ll find it easier to sell them the right service. It’s in your own interest to persist: better to have a customer quibble about the cost of backing up than cancel your contract for losing data.
Where’s the money?
There are several ways to make money out of backup. The most common is hardware and software sales to customers. The more clients they have, the more licenses they will need. As their primary storage grows, you upsell the backup capacity to protect their systems. It would be easy to think that there is no way to make money without discounting heavily. The problem with discounting is that it often means there is little profit in the deal and there is always someone else willing to discount more just to acquire your client. Spend the time to build a system that you can customise to different customer needs and that needs the minimum of work on their behalf and you’ll have a service that will keep them with you.
The hardware involved in backup doesn’t have to be owned by the customer. If you are doing replication of key data off site, that could be hardware owned by you and sold as a service. Alternatively, you could lease access to the hardware to the customer. Good candidates for this are large tape libraries that can support a number of customers but which would be too expensive for a single customer. Disk-based systems don’t have to be sold fully populated. The key is to get the enclosure installed and then populate as the client’s needs grow. This future-proofs the relationship and provides a basis for future expansion.
The first time you do a full backup of the entire IT estate, it is likely that there won’t be enough tapes, tape drives and even disk storage on site, but they may not ever need as much hardware again. Lease or rent capacity to the client in order to get this baseline backup completed.
Software licenses can be a sticking point. Not just in terms of the acquisition costs but also in the way that software companies sell them. Using the built-in backup utilities that come with operating systems can lower costs but does require planning and having scripts written.
Beyond the hardware and software, think about the services you can offer; after all, making money is about selling services. Offering the customer a backup service means taking a problem out of their hands. You can do a full service solution where you are responsible for handling and managing the entire backup system. This includes designing an architecture, creating the processes and ensuring that the backup takes place. It will also include a regular set of restores so that you can prove the efficacy of the backups.
Alternatively you might offer a backup monitoring service. This would mean checking daily backup logs and resolving any issues that have been recorded, responding to alarms and ensuring that tapes and other media are available and changed as necessary.
Another option is to build your own remote backup storage solution and sell access to customers. Provisioning enough storage for either of these scenarios means using hosting space, installing hardware and having redundant Internet connections with enough bandwidth to both back up and restore client machines.
This can mean an expensive outlay in hardware, networks and rack space. The key is to make sure you can recoup the money. Selling disk space to customers is not enough; it should be supported by a service. You also need to prevent too much money being tied up in equipment waiting for customers to buy into the solution. One solution is to use thin provisioning to get the most out of your storage.
Thin provisioning ensures that applications only use the space that they need. In a lot of storage architectures, blocks of data are reserved for applications to grow into.
This is often overestimated and a lot of storage space is subsequently wasted. To get around this, thin provisioning allows the application to believe that it has a lot of storage space but only allocates that space as the application begins to use it.
Whenever you build your own storage service, remember that you have to pay for it up front. Customers will pay for what they use. Sell access based on either a guaranteed amount of space, an estimated usage or as an on-demand usage. With all of these offer thresholds so that the customer can go above the agreement to a given amount of storage before incurring penalties.
If you don’t have the expertise – or the desire – to physically build a storage setup yourself, you can become as a reseller for companies that do provide these services. You can still manage the process for your clients but you also get commission from the storage provider as well.
Building a solution
There are several steps to building a backup solution: you need to design a backup architecture, create the right processes, select the right hardware and software and then train the users. If you outsource all or part of the problem you can’t ignore these steps so any architecture and process need to be studied before being accepted.
What are you backing up? Desktops, laptops, computers used by home users, servers, applications, storage arrays, mobile devices such as phones or PDAs? All of these present their own challenges, require a carefully thought-out strategy and need to be understood in terms of the type, importance and quantity of data.
You also need to know if you are backing up images of operating systems, applications and data rather than just the data. In some cases you may find you need to do complete machine images on a monthly basis and then do weekly and daily backups in between.
Create a flexible backup schedule that not only takes into account the different kinds of devices you are backing up but which can deal with problems such as a device missing a scheduled backup. As well as automated processes, consider an ‘on-demand’ option to allow the user to make their own backup if they have just finished a particularly important document.
The most common schedule uses a weekly full backup with daily incremental backups. This process ensures that the most you have to restore are the changes that were recorded over no more than six nights. This schedule is often used for servers.
Backing up desktop computers is slightly different. Rising electricity prices mean you do not want desktop computers left on all night waiting to be backed up. If you use Wake on LAN (WoL) technology, the computers can be hibernated or left in very low power sleep mode until their backup time. The network then wakes up the computer, does the backup and then puts the computer back to sleep.
An alternative way to handle this is to link backups to the patch process. Updating a computer with any software or security patches when the machine shows as not being used makes good use of dead time. Link this to daily backups so that the backup occurs before the patches take place and you reduce the risk of losing data because of a patch.
Users who work from home are a slightly more complicated problem, but not much. As they will require access to the company network to collect email or find files that they are working on, you can use that connection for backup and patching. To avoid backing up non-business data provide the user with an external drive which is backed up over the Internet to office-based systems or direct to a remote backup service. As the computers are usually connected to an always-on connection the backup can be run any time the remote computer is turned on, as long as it doesn’t interfere with the user’s work.
Laptop and mobile users bring their own complications. They are often only connecting for short periods of time and over a variety of networks including 3G, Wi-Fi, hotel connections, home broadband and even elsewhere in the office. Setting a backup schedule here is not easy. Full backups should only happen when the user is connected to a high-speed connection; even incremental backups might not be viable if the connection is over a slow network such as GPRS. As with desktop computers, use the patch process to upload backups and download patches. If there isn’t one, this is an opportunity to develop a solution that manages both security patching and backups.
Backing up mobile devices such as phones and PDAs is no real challenge if you’re already managing them. When they synchronise to a local host, ensure that any data is backed up. When that local computer – desktop, home, laptop – next does its own backup, this data is also backed up.
Dealing with file state
Storage arrays hold vast amounts of data, although only a limited amount of data changes regularly. HP estimates that less than 10% of all files are changed every day and even then, the changes can be as little as 10% of the physical data inside the files. This presents a challenge. Using Continuous Data Protection to a remote site is the most secure solution but it should be backed up with its own backup process.
Applications are another special backup challenge. Some may hold all their data in such as way that it is seen as a single object to the file system. When the application is running, that would lock the data and prevent it from being backed up. There are three approaches to this. The first is to use agents that are application aware; these understand how the application works and still back up files, even if they are marked as open and locked by the file system. The second is to use a block level backup that ignores the problem of file system locks. This is less intrusive as it doesn’t need an agent installed for each application.
The third approach is to use snapshots. These take an image of the application data at predetermined intervals; if there is a problem you can roll the snapshot back. This manages open files and if you use the snapshot technology from the database vendor, it will also understand the state of the databases and any transactions.
Backing up servers means dealing with open files or finding another approach. If you can keep servers at the same patch and management level, the only difference between them will be the applications that you have installed. This allows you to make two decisions – back up or replace on demand. Either you take full and incremental backups or you back up applications and data, meaning that if the server fails there is no backup image. Instead you set up a new server and install the applications on it. This second option is something virtualisation vendors promote but it doesn’t work for everyone. Server naming and other configuration issues are a problem. Instead, consider keeping virtual images of the servers that you can ‘copy back’ and then update the applications over the top of the images.
However you do it, backup takes a lot of effort and planning to get right. You need to take into account myriad data sources and knit them together into a single, working solution. Most customers either don’t want to do this or devolve it to the person with the least authority who is unable to create and implement any effective processes at all.
Taking this problem away from customers either by just managing backups or by providing a complete backup solution with software, hardware and online services is becoming big business. Two years ago storage services didn’t exist; today there are dozens of vendors in the UK alone. Where’s there’s muck there’s brass – but where there’s data there’s gold.
-- click image to enlarge --
1. Mobile devices back up to (2) the computer whenever connected. The computer backs up to an external drive (3). The challenge is to ignore the operating system files in the backup. Educate users to store all data into a given location; alternatively, supply them with a virtual machine image for work. Using image technology to just back up changes to the master image uses much less drive space. Schedule backups of a full image monthly, a full backup weekly and image block level changes daily.
3. The drive holds the last full image and all intermediate backups, allowing local restore of the computer; this drive also backs up daily over (4) ADSL to (5) backup server, using a block-based solution that only backs up what has changed. Ensure the external drive is encrypted.
4. As ADSL is always on, copying the data to the backup server can be done at any time. If the external drive is a network device you can connect to it when the user is asleep or out, giving you the widest possible backup window. If using consumer ADSL, assume 50:1 contention and 256Kbps- 1Mpbs upstream. With business ADSL, assume 20:1 connection and approx 1Mbps upstream. For extra security supply users with ADSL modems that support SSL VPN or deploy SSL VPN on their site as this reduces the problems of VPN clients and synchronisation
-- click image to enlarge --
1. Users back up devices to their PCs and their PCs back up to the (2) branch office server, which must be encrypted.
2. The branch office server is doing continuous data protection to an offsite server (3). CDP ensures that only blocks that changed are replicated and they are replicated as they change; this is ideal as the server will also contain branch office applications that don’t need backing up every time. As with SoHo scenarios, you could have a secondary onsite server where complete images are taken on a weekly basis and held for local restore in an emergency.
4. This solution will support a number of offices simultaneously but the connection (5) to the backup server will need to be carefully sized. Remember other traffic that will be going over the connection and consider alternatives to ADSL; SDSL provides a good two way circuit and several operators are now offering this.
-- click image to enlarge --
This model is very similar to that of the SoHo user.
1. Devices back up to the laptop (2), the laptop backs up to an external drive (3), and the external drive backs up to the (5) server; alternatively you could sync changes to laptop when the user connects to the office network.
4. Always validate the connection before starting; a slow connection will leave the backup in an indeterminate state so do a link test to ensure the connection is Wi-Fi or LAN rather than GPRS or 3G. Everything should be fully encrypted in case of loss or theft. Use virtual machines for business-critical data; it’s easier to backup changes to a VM and easier to copy a VM to the external drive.