Continuous data protection – hype versus reality
With all of the hype surrounding continuous data protection (CDP), it is sometimes hard to separate the ‘buzz’ from the ‘benefits’. For organisations focused on solving real-world problems, understanding the distinction is paramount to making the right choices for safeguarding their electronic assets. There is some uncertainty in the market over what defines CDP. The Storage Networking Industry Association (SNIA) defines CDP as “a methodology that continuously captures or tracks data modifications and stores changes independent of the primary data, enabling recovery from any point in the past. CDP systems may be block, file or application-based and can provide fine granularity of restorable objects to infinitely variable recovery points”. This is generally interpreted to mean that to be a CDP solution, a product must capture data changes continuously, store these changes in a location separate from the primary storage and provide arbitrary and infinite recovery points for the data. The promise of being able to track every change and instantly recover to any point in time is undoubtedly appealing to companies. But there are major obstacles in the way of achieving this. Evidence for this is that true-CDP solutions have not been as popular as many industry analysts expected. Companies are voting with their budgets and, currently, most are voting against true-CDP, alternatively opting for near-CDP solutions or backup and recovery solutions that integrate CDP-like capabilities. While solutions based on the strictest definitions of CDP may eventually gain momentum in the market as the enabling technology comes down in price, the majority of businesses don't have a recovery point objective (RPO) that requires, and justifies, this type of CDP. There is clearly a need for something that provides better recoverability than tape but is simple and affordable enough to deploy across the enterprise, not just on a few systems. Another issue affecting take up of CDP is that it has traditionally taken a very narrow approach to business continuity. Solutions have mainly focused on file-level recovery and not application data like that created by Microsoft Exchange Server or Microsoft SQL Server. The focus has been almost entirely on recovering the data, neglecting the importance of protecting and recovering the application. If the first line of defence in a disaster recovery solution is protecting the data, the second is undoubtedly protecting the application. By itself, the data provides a means for recovery but providing a real-time copy of the data and availability of the application associated with it, enables a recovery time objective (RTO) significantly better than that provided by solutions like tape backup or CDP. CDP provides no provision for RTO and focuses solely on RPO, which is only half of the challenge. While true-CDP solutions have not gained widespread traction, the promise of CDP, despite its problems, thrives. It does so in the form known as near-CDP. Many traditional backup vendors have differentiated themselves from their competitors by integrating CDP capabilities into existing solutions rather than attacking the concept head-on. These solutions provide many, but not infinite, points of recovery. This satisfies most customers’ RPO goals far more readily than relying on retrieval from tape-based solutions by providing snapshot copies of important data for recovery purposes. Though near-CDP promises to be an easy way to augment the backup solutions that customers use today, it still doesn’t account for the complete recovery of a company’s business critical systems. To the end-user, recovery isn’t complete until they are able to resume their work where they left off. This means not only restoring a previous version of the data but also the operating systems and applications and all the other aspects that are required to give users access to that information. I believe the future of CDP lies in hybrid solutions that incorporate an overall recovery management strategy combining data replication and protection, application availability and point-in-time recovery. Alternatives exist today that provide this unified approach to recovery. In these solutions, asynchronous file-based replication is combined with application availability and snapshot technologies to fulfil at least the spirit, if not the definition, of CDP. In terms of data protection, real-time replication provides for the continuous capture of changes to protected data and the storage of those changes separate from the production data. If needed, a company can recover to this real-time copy of the data in the event of a major disaster. Because these solutions are typically based on byte-level replication, including features such as compression and bandwidth throttling, they are more efficient at moving data across long distances when compared to the data movement technologies employed by purebred CDP solutions. For recovery from unwanted changes such as those caused by human error, viruses, or corruption, disk-based snapshot capabilities allow rollback to multiple (albeit not infinite) copies of the protected data. Disk-based snapshots are usually difference-based (copy on write technology) and consume less storage space. Their periodic nature also further reduces storage requirements when compared to keeping infinitely accessible copies of data changes. A combination of data replication and disk-based snapshots ensure that the RPO goals for a company’s data can be met. Where these solutions truly exceed the promise of CDP is their ability to ensure RTO goals as well as RPO goals. By continuously monitoring the availability of the production systems and failing over to a secondary system in the event of an outage, they provide an RTO of minutes rather than hours or days. Most true-CDP solutions today do not provide any high availability for the applications creating the data and instead leave recovery to the IT administrator who is most likely using a complex, manual, time consuming process. Evaluating the options The first recommendation I make is to assess and rank each of the business systems within your organisation and assign the appropriate level of protection to them. Not all systems require the same levels of protection; in fact, some may not need protection at all. Successful plans account for this and are able to restore systems defined as business-critical as rapidly as possible while making the most of limited resources. The challenge for most companies in prioritizing these systems and choosing the right solution is simply a matter of quantifying the value of the data the solutions protect and calculating the return on investment (ROI). Summary Ian Masters is UK sales and marketing director, Double-Take Software.
•Date: 18th May 2007• Region: UK/World •Type: Article •Topic: IT continuity |
