232 a7d01


Published on

  • Be the first to comment

  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

232 a7d01

  1. 1. College of virtualization: Lessons in integrating data protection software Sponsored by Dell VMware Speaker: Tom Nolle, President, CIMI Corporation Moderated by Kate GerwigKaren Guglielmo: Hello, and welcome to a SearchStorage.com presentation, ‘CollegeOf Virtualization - Lessons For Integrating Data Protection Software’. This presentationis being brought to you by Dell and VMware. For more information on Dell andVMware, you can click on their logo in the lower portion of your screen. My name isKaren Guglielmo, and I will be your moderator today. Joining me today is Laura DiDio,a Hi-Tech Analyst and Consultant, a professional writer and a former reporter. She is aprincipal at Information Technology Intelligence Corp., a company she founded. Beforewe begin the presentation, I would like to review a few housekeeping items with you.First, the slides in the presentation will be pushed to your screen automatically. If youhave any questions throughout the presentation, you can type them in the ‘Ask AQuestion’ area located on the right-hand side of your screen and they will be addressedfollowing the event. If you have any difficulty viewing or reading the slides, click on the‘Enlarge Slide’ button located in the bottom portion of your screen, and finally, if youexperience any technical difficulties with this presentation, click on the ‘Help’ button inthe lower right corner of your screen. With that said, I am now going to turn things overto Laura DiDio to begin today’s presentation. Laura. Agenda •Overview: Data protection software •Getting Started: General Advice • Business & Technology Considerations •Deployment • Configurations & what to buy •Conclusions & Recommendations Copyright © 2009 ITIC All Rights Reserved
  2. 2. Laura DiDio: Thanks, Karen, and welcome everyone. It is a pleasure to have you herewith us. We are going to dive right in and get started because this is a hot topic and wehave a ton of information and data to help you with. Okay, so our agenda, we are goingto give you an overview of data protection software. We are going to give you somegeneral advice, business and technology considerations and some, you know, deploymentconsiderations, configurations, what to buy, what to do, and then we will give you ourconclusions and recommendations and we will wrap up with Karen doing some Q and A. Overview: Data Protection • Effective, efficient Data Protection is a core, fundamental network component • SMBs using virtualization will face additional challenges in managing and protecting data • Data protection ties into DR Strategy • Virtualization generates lots of data • Organizations must be able restore and recover data quickly • Absence of data protection will compromise the entire network and potentially put your business at increased risk for litigation Copyright © 2009 ITIC All Rights ReservedOkay, so data protection. Okay, this is a no-brainer, as we see on the slide. Efficient,effective data protection is a core fundamental network component. Now, SMBs that usevirtualization, and that is many of you, especially on the server side but in your head weare expecting a lot of you are also going to implement VDI, Virtual Desktop,virtualization and also application virtualization as time goes on. You are going to facespecific additional challenges in managing and protecting your data and as we will see,your data protection strategy is going to tie into your disaster recovery strategy and alsoyour virtualization strategy. One reason for that, virtualization generates a lot of datawhen you are actually looking at things. So, there is going to be in some ways more foryou to manage at once. Clearly, organizations have to be able to restore and recover dataquickly and they have to make sure it is protected. The absence of data protection, wedon’t have to tell any of you, will compromise your entire network and especiallybecause you are SMBs who are even more risk averse than your enterprise counterparts, areally bad hack could potentially put your business at increased risk for litigation or evenput you out of business.
  3. 3. Data Protection: Getting Started •Thoroughly review existing infrastructure & data protection • Start with a pristine network • Fix what’s broken • Regularly upgrade data protection equipment and software • Make a data protection/security plan, stick to it and enforce it!!! Copyright © 2009 ITIC All Rights ReservedNow, as we turn to the next slide, getting started with data protection, once again, youhave to start at the beginning and that means you want a pristine network environment oras pristine as it can be. That means you have got to start by thoroughly reviewing yourexisting infrastructure, locating what are the weak points, are there any open doors, openports, backdoors, what type of hardware do you have, server hardware, do you needruggedized server hardware, how is your encryption. So do you have the latest upgrades?You need to fix what is broken or what is old and outmoded, and you should be regularlyupgrading your data protection equipment and software. There was a famous German19th century military strategist who said that military secrets are the most fleeting of all.In the 21st century computing environment, what I would say is security and dataprotection is one of the most fleeting of all, because as soon as you have one thing fixedthere is a hack to exploit something. There are always new and improved ways to crackinto and compromise the security and data protection of your network. So you have tostay on your toes with this and it is a question of months, not years. You need to make adata protection and security plan, stick to it and enforce it and by enforcing it that meanswith all of your users and you need to disseminate what your security and data protectionplan is, what the rules are, and what the penalties are for violation.
  4. 4. Have you determined the cost of one hour of downtime for critical or mission-critical processes? Copyright © 2009 ITIC All Rights Reserved Do you have defined benchmarks to measure component, system or infrastructure performance? Copyright © 2009 ITIC All Rights ReservedSo, as we turn to the next slide, the next few slides we are going to show you are basedon the realities of what is happening now. This is survey data from ITIC over the last sixmonths. We asked folks, have you been able to determine the cost of one hour ofdowntime? Okay, now you will notice only one third of companies said yes. That is thebad thing. So you have 51% who say no, and 14% who are unsure. So guess what? Themajority of people don’t know what damage can be brought. That is bad. You have toknow what the consequences are and if you don’t know how much downtime costs, thereis probably a lot of other things you don’t know either. When we look, we ask people, doyou have defined benchmarks to measure performance? Now security, actually this is abetter one, almost 40% said yes, but almost 50% said, you know, no. Again, bad numberthere. We asked people what happens when something goes down, what factors do you
  5. 5. include in the cost? Once again, you can see productivity lost, but you look for all ofthese things and this is all tight security and data protection. If your security iscompromised, if your data is unprotected, guess what? All of these things are going tohappen. You are going to have dissatisfied customers, damage to your reputation. Youare going to have regulatory exposure. You will lose, almost certainly lose revenue.There is going to be an upstream and downstream impact from, everyone from the Clevel executive to your endusers, to your business partners, to your suppliers, to yourcustomers. So, there is also the risk of SLA penalties, risk of litigation, the cost for whathappens for lost productivity for your employees, all sorts of things. If yes, which factors are included in calculation of downtime cost (select all that apply)? Copyright © 2009 ITIC All Rights ReservedNext slide, we asked people how many tier 2 outages, that is midlevel, 30 minutes to fourhours has the firm experienced within the last 12 months? Now, this is always diceybecause people talk about these things a little bit, you know, differently, but 44% said 1to 3 outages. We also had 28%, nearly one, you know, one third said we did not haveany. That is not necessarily a number I believe in, but 15%, as you could see, we got,said that they had 3 to 6 outages and then 5% said 5 to 10 outages. We had other peoplewho were unsure and then only 3% owned up to having more than 10 tier 2 outages, butany outage is going to cost you money. Again, so...these numbers, a lot of people are justguesstimating or they are not owning up to it, but still, you can see that this is prettyprevalent. The tier 2 outage by the way is going to involve your network administrators,having to do remediation, getting involved, so it is going to be time, it is going to beproductivity loss on the enduser side, it might mean your clients cannot get access todata, business suppliers, partners, etc.
  6. 6. How many Tier 2 outages (30 min. to 4 hrs.) has your firm experienced within the last 12 months? Copyright © 2009 ITIC All Rights ReservedBut it is not the worst thing that can happen, as you can see from the next slide. Weasked what about the most severe tier 3 outages? That is four hours plus and you may ormay not have data loss, but you probably have some data loss. We had two thirds ofpeople said, no we have not had any, 66%, we have not had any tier 3 outages. Again,that is not necessarily a number I believe because a lot of people want to keep quiet aboutit. But as you can see, the remaining one third do have outages and this is going to besignificant in terms of the business operation, the cost, the remediation, the potentialdamage to your reputation. So, the only good outage is not to have an outage. How many Tier 3 outages (4+ hrs. w/data loss) has your firm experienced within the last 12 months? Copyright © 2009 ITIC All Rights Reserved
  7. 7. If your firm was unprepared to respond to the Tier 2 or Tier 3 incident, what changed afterward? Copyright © 2009 ITIC All Rights ReservedWe also asked people to say, how prepared are you to address these outages when theyoccur and as you can see, 41% or 2 out of 5 businesses said they are prepared. Then51%, the majority said, we are somewhat prepared. We have some plans in place butthere was also some confusion. This is getting closer to the truth and then 5% basicallysaid they were unprepared, caught off-guard and really had to scramble, and 3% said thatthey were totally caught off-guard and they were unable to respond in an effective timelymanner. So, you could imagine if you were in that 8% category minority, how damagingthat could be, especially since you folks are smaller businesses. It is going to reallyimpact you more. So you don’t want to be in a position where you are reacting to datalosses, network outages because you don’t have a data protection plan. Then we alsoasked, well okay, if you were in that, if you are unprepared or only somewhat preparedfor data losses after one of these incidents, what changed? Now, 42%, again 2 out of 5businesses that is, basically said they learned their lesson, but they are still working onbeing proactive. But 22% said nothing changed, it was business as usual. We had 10%who really became proactive and said we learned our lesson, we established service levelagreements and we made a future response plan. And then you had a 2% minority thatsaid, look we just played the blame game, pointed fingers and we have not done anythingconstructive. So, this is an object lesson here for those of you who are in our College ofVirtualization, for what happens when you get out to the real world, you don’t want to bein those slices where you are being reactive rather than proactive and have not doneanything constructive.
  8. 8. How certain are you that the SLA commitments you expect from others align with the IT services expectations your clients have of you? Copyright © 2009 ITIC All Rights ReservedAnother question we asked and this plays right into data protection, security, etc. Weasked people do you require SLAs from your IT vendors, your hardware, your OS, yourapplication, your storage, your network virtualization vendors because if you don’t, youshould, and what we saw here is that only 17% absolutely say they do all of it. Now, youcan see from these, the smaller globe here, the pie chart, it is a higher percentage, 56%from enterprises, with more than 3000 users, so clearly the SMBs are lagging behindhere. And we see 23% said we are not requiring anything beyond standard warrantee.Again, you should require SLAs. It does not matter whether you have 10 people in yourorganization or 500. You should require service level agreements and basic minimummetrics and standards for performance from your vendors. Again that should be a stapleof any data protection plan.
  9. 9. How certain are you that the SLA commitments you expect from others align with the IT services expectations your clients have of you? Copyright © 2009 ITIC All Rights ReservedAnd this one here, this is scary. How certain are you that the SLA commitments youexpect from others align with the IT services’ expectations your clients have of you?And again, only 2 out of 5 businesses were reasonably sure. You see that the largest sliceof this pie, okay, by 58% is either uncertain, you know, or excuse me you only have 12%that are certain that they align. You have to make sure again data protection is 50%technology, but it is 50% policy and human due diligence and that is what these slidestalk about here. So, you can get all of your best hardware from Dell, your bestvirtualization and security software from VMware, but it is not going to mean a thing ifyou are not putting policies and practices in place to protect your data. It would be akinto buy the most expensive security or alarm system for your home and then going out andleaving the windows open and the doors unlocked and not arming the security system.So, half of this is going to be up to you.
  10. 10. Data Protection: Best Practices • Check for compliance • Virtualized environments contain more data – if there a 6 VMs on a single server you will see > 1 Tbytes of data if it fails • Virtualized data protection failures will take down multiple servers! • Ensure adequate bandwidth • Check carrier routes • Determine whether you’re protecting the data at the hypervisor or OS level • Ensure that you have the latest versions, patches • Standardize the environment as much as possible Copyright © 2009 ITIC All Rights ReservedSo turning now to the data protection best practices, the first thing you have to do is takea look, are you in compliance? Okay, with all of your licensing agreement, are you incompliance with regulatory issues for security and that is going to have pretty bigimplications for those of you who are in the SMB space, you might be in a doctor’s officeor a dentist’s office, what have you, where medical records are kept. You have got toprotect that data, if it gets out, wow! You know what happens. It could just be businessrecords. It does not have to be medical records. It could be anything but you need toprotect and preserve your data. In a virtualized environment and many of you now, as thecost of virtualization and hardware has come down so much, you are virtualizing, youknow, your server and increasingly your application environment. Virtualization is agreat thing. You can consolidate space, you can consolidate application, cutdown onyour manpower hours, utility costs, you name it, but you have to be aware that virtualizedenvironment will contain more data. So, for example, if you have six virtual machines ona virtual server, on some level, as the network administrator, you will see six machines,however, if you connect...once you connect to the host server, what you are going to seeis probably 1.5 terabytes of data. So, if that fails, if the virtualized environment fails, sixservers are going to be taken down. So, data protection is crucial because now muchmore of your infrastructure is going to be contained under a single physical host server.So, you are going to have a single point of failure even though you might...yourapplications are in isolated containers. Okay, and if you have got locally attachedstorage, it is going to be another big single point of failure. If it is SAN attached storage,you will lose access to the data. So, from the business standpoint, the data would still beinaccessible. Okay, so you need a comprehensive, cost effective solution that willmanage both your physical and virtual servers alike and that is one of the things that weare seeing with VMware’s, vSphere, the latest version vSphere 4.
  11. 11. Conclusions & Recommendations •Data Protection is a MUST!!! •Business & technology planning are symbiotic • Formulate a data protection plan and adhere to it!!! •Keep Records – Organizations should document everything: costs, manpower, remediation efforts; fallout (e.g. lost business) from a disaster •Budget accordingly •Upgrade infrastructure as needed •Adhere to the three “Cs”: Communicate, Collaborate & Cooperate • Enforce SLAs! Copyright © 2009 ITIC All Rights ReservedNow, your virtualized data protection failures will take down multiple servers, again, soyou don’t want that to happen. You want to be proactive not reactive. You have toensure adequate bandwidth. Again, all the data in the world contained in thesevirtualized environments won’t be any good if you cannot transmit it if the pipes are too,you know, not adequate, they are too small. So check your bandwidth. You also want tocheck your carrier routes. Okay. Access in and out of the server, you might think thatyou have enough redundancy, but you want to make sure that the carriers are notsubletting the same lease lines. So there has been many an instance where it is on thesame line and that line, that one trunk line goes down and you are still out. The otherthing you need to do is determine whether or not you are going to protect your data at thehypervisor or the OS level. Okay that has implications as well. You also want to ensurethat you have the latest versions and patches updated. You need to standardize theenvironment as much as possible that will cutdown on the amount of time you arespending doing remediation work and it will cutdown on your management time as well.Standardized environment can really cut your time to recover from a data loss or a hackby about on average one third, but standardizing the environment helps because you arenot running hither and yon and a lot of times we find that the data is compromisedbecause you have not applied a patch or you have got different versions and the versionsare not interoperating together and that can cause disruption to the operation, you know,to the network operation.As we turn to the next slide, finally the conclusions and recommendations. You knowthis, data protection is a must. Your business and technology planning are symbiotic.Again, cannot overstate this, 50% of your data protection strategy will depend on thetechnology. So you need good, strong underlying technology from your virtualizationvendors like VMware, from your hardware vendors like Dell, but the onus is also on theC level executive, the IT department, and the endusers to strictly adhere to best practices.You have to formulate a data protection plan, you must adhere to it. I cannot tell you
  12. 12. how many times I have been in consulting situations with some of the top Fortune 100firms and they are four revs behind on their antivirus software. They have a dataprotection plan that is four years old, they have not looked at it, they have not setpenalties or, you know, disseminated and distributed the computer data protection policyand rules. You have to have rules in place, you have to enforce them, your endusers haveto know what they can and cannot do and what the penalties will be for infringing on therules. You also need to keep very, very good records. You have to documenteverything. That means if you have had some data protection losses, how much did itcost? How much is it costing you to buy the software, do you have adequate dataprotection software and hardware in place, what is the costing to your manpower, whatabout the remediation efforts, what has been the consequence or fallout from lostbusiness, if you have had a disaster or a hack? Budget accordingly. This is one areawhere you do not want to skip. You need to also keep the entire infrastructure upgradedas needed and once again you have to adhere to the three Cs, which is Communicate,Collaborate and Cooperate, both internally and externally that means with your hardware,software, virtualization providers. Ask them to help you out with best practices.Companies like VMware now have an incredible array of tools, documentations, whitepapers, that are available for free to assist you, so there is really, you know, no reason tobe behind the eight ball even if your organization is on a very, very tight budget and onceagain, finally, you want to enforce those SLAs, service level agreements. You are payingfor all this equipment, so you and your vendors should be in sync and agree upon SLAmetrics that are most appropriate for your business and if it is not there, then you need torethink that policy and perhaps move on to another vendor. So, with that, I will turn itover to Karen for the Q and A. Getting Started: General Advice •Know what’s on your network •Adhere to the Three “Cs”: Communicate, Collaborate & Cooperate •Perform a thorough inventory and assessment of your current environment •Identify & Replace outmoded hardware •Standardize the application environment •Check and upgrade storage, bandwidth as necessary •Security, security, security! •Review Licenses •Review SLAs •Construct Operational Level Agreements (OLAs) Copyright © 2009 ITIC All Rights ReservedKaren Guglielmo: Great! Thank your Laura for your presentation. I would like to takethis time to remind everyone again that you are participating in a SearchStorage.compresentation on ‘Lessons For Integrating Data Protection Software’. Today’s
  13. 13. presentation is being brought to you by Dell and VMware. If you would like moreinformation on Dell and VMware, you can click on their logo in the lower portion of yourscreen. And now, we are moving on to the moderator Q and A portion of today’spresentation. I am going to be asking Laura a couple of questions related to today’stopic. So, let us get started. First, let me ask you, how is using data protection softwaredifferent in a virtual environment? Deployment Best Practices •Determine how you’re going to segment the virtualized & cloud infrastructure •Mix & Match: you can deploy Web servers and other classes of servers in the same physical host •Keep Production Applications separate for security purposes! •Adjust your network architecture/infrastructure to deal with virtualized & private cloud environments •Virtual infrastructure should have its own network • It should not share with Email/messagging •For the Virtualized/Private Cloud buy the most robust hardware configuration the budget will allow Copyright © 2009 ITIC All Rights ReservedLaura DiDio: Well, it is different because, as we noted, virtualization is wonderful for alot of things, consolidation, for saving money, for saving time, but you have to really beon guard because all of your, you know, data, you are going to have multiple instances ofapplication and data contained in a single physical server. So that can potentially be asingle point of failure, if you have not put the proper data protection controls andconfiguration in place. So that is a scary thought. You know, you don’t want to take adirect hit. So you really need to make sure that you have the proper hardware, propersoftware and the proper data protection in that virtual environment.
  14. 14. Deployment Best Practices, contd. •Public Clouds: Due Diligence is a must! •Determine what tier of service you need •Ask for References •Ask Questions: • What hardware do they use? • How many paths in and out of the cloud • What is the guaranteed response time • Where are the hosts physically located • What about security – physical and what are the country policies if the host provider is outside of the U.S.? • How are they segregating the services? SMBs will operate much differently than an Amazon.com type business Copyright © 2009 ITIC All Rights ReservedKaren Guglielmo: Okay. So how is data protection linked to your disaster recoverystrategy?Laura DiDio: They are inextricably linked. I mean it is a real symbiotic relationship.So, for example, if you have protected your data but you don’t have a disaster recoveryplan in place and the worst happens, if you cannot recover from a disaster, then the bestdata protection in the world, your data will still be safe but you are not able to access it.So, the two have to go hand in hand, you have to protect the data to make sure it is notcompromised and it is not lost in the event of a disaster and the in the wake of a disasteryou have to make sure that you can recover quickly so you can get your users back upand running and able to access the data. So overall, it is, you know, its data protection,its disaster recovery, and it is business continuity. That is the Triumvirate that peoplehave to live by.
  15. 15. Conclusions & Recommendations •Make a Business Plan based on the technology needs •Construct a three-year technology plan •Purchase the most robust hardware your budget will allow •Make a security plan •Adhere to SLA and OLA agreement •Engage virtualization vendors & cloud providers •Make use of tools & documentation available from vendors like Dell, VMware and others •Make sure your cloud providers are meeting their SLA agreements with your organization Copyright © 2009 ITIC All Rights ReservedKaren Guglielmo: Okay, and finally, what would you say is the most common mistakethat people make in respect to data protection?Laura DiDio: The most common mistake is the human error and that is they don’t havea policy in place, they have an...or they have got an old policy, they have not dusted itoff. Things are really changing fast in security, data protection, managing the data, soyou have to constantly be upgrading this policy and again, I understand the focus of manyusers, especially those people in the SMB space where you might have an IT departmentthat might be anywhere from one or two people up to maybe 10 people rather than dozensor hundreds of IT managers. There is an incredible burden placed on these people andthe emphasis oftentimes is on just keeping the network up and running on a daily basis,even if that means, you know, doing patch jobs here and there. But you have to make thetime and spend the money on data protection and that means you have got to get thatnetwork protected to the extent it should be in 2010 and going forward because thehackers are not standing still, there are...you are always going to find errors in softwarethat require a patch or some type of remediation or a fix. So you really want to stay ontop of this and once again if you are an overburdened IT manager or if you are in ourCollege of Virtualization right now and you are coming out and you are going to go towork for an SMB, get to know your vendors. The vendors have a lot of tools at theirdisposal. There are many free tools for self- assessment. There are many white papersout there and documentation with best practices and how to, so engage them, also askthem, what do I need? Is this the appropriate configuration for me in terms of myhardware, how should I be configuring my virtualization environment so that it isoptimized for disaster recovery and data protection.Karen Guglielmo: Okay. I am sorry, go ahead. You are going to wrap up?Laura DiDio: No, so, I was just going to say, so that basically is the human element. Itis equally as important as the technology if not more so.
  16. 16. Karen Guglielmo: Okay, and that does conclude today’s presentation on, ‘College ofVirtualization - Lessons For Integrating Data Protection Software’. If you would like toreview today’s material at a later date, an archived version of this event will be madeavailable in our SearchStorage.com webcast library. I would like to again thank LauraDiDio for taking time to be a part of today’s presentation, and I would also like to thankDell and VMware for sponsoring this event. And as always, thank you for taking thetime out to join us today. This is Karen Guglielmo, wishing you all a great day.