New Strategies Needed to Ensure Simpler, More Efficient Data Protection for Complex Enterprise Environments
New Strategies Needed to Ensure Simpler, More EfficientData Protection for Complex Enterprise EnvironmentsTranscript of a BrieﬁngsDirect podcast on new solutions to growing need for more reliable andless cumbersome data backup in increasingly data-intensive environments.Listen to the podcast. Find it on iTunes. Sponsor: Quest SoftwareDana Gardner: Hi, this is Dana Gardner, Principal Analyst at Interarbor Solutions, and youre listening to BrieﬁngsDirect. Today, we present a sponsored podcast discussion on enterprise backup, why it’s broken, and how to ﬁx it. Well examine some major areas where the backup of enterprise information and data protection are fragmented, complex, and inefﬁcient. And then, well delve into some new approaches that help simplify the data-protection process, keep costs in check, and improve recoveryconﬁdence. [Disclosure: Quest Software is a sponsor of BrieﬁngsDirect podcasts.]Here to share insights on how data protection became such a mess and how new techniques arebeing adopted to gain comprehensive and standard control over the data lifecycle is JohnMaxwell. He is the Vice President of Product Management for Data Protection at QuestSoftware, now part of Dell.Welcome back to the show, John.John Maxwell: Hey, Dana. It’s great to be here.Gardner: Were also here with George Crump. He is the Founder and Lead Analyst at StorageSwitzerland, an analyst ﬁrm focused on the storage market. Welcome, George.George Crump: Hey. Thanks for having me.Gardner: John, let’s start with you. How did we get here? Why is it that something seemingly asstraightforward as backup has become so fragmented and disorganized?Maxwell: Dana, I think it’s a perfect storm, to use an overused cliché. If you look back 20 years ago, we had heterogeneous environments, but they were much simpler. There were NetWare and UNIX, and there was this new thing called Windows. Virtualization didn’t even really exist. We backed up data to tape, and a lot of data was in terabytes, not petabytes. Flash forward to 2012, and there’s more heterogeneity than ever. You have stalwart databases like Microsoft SQL Server and Oracle, but then you have new apps being built on MySQL. You now have virtualization, and, in fact,
were at the point this year where were surpassing the 50 percent mark on the number of serversworldwide that are virtualized.Now were even starting to see people running multiple hypervisors, so it’s not even just onevirtualization platform anymore either. So the environment has gotten bigger, much bigger thanwe ever thought it could or would. We have numerous customers today that have data measuredin petabytes, and we have a lot more applications to deal with.And last, but not least, we now have more data that’s deemed mission critical, and by missioncritical, I mean data that has to be recovered in less than an hour. Surveys 10 years ago showedthat in a typical IT environment, 10 percent of the data was mission critical. Today, surveys showthat it’s 50 percent and more.Gardner: George, did John leave anything out? From your perspective, why else is it a littledifferent now?Crump: A couple of things. I would dovetail into what he just mentioned about missioncriticality. There are deﬁnitely more platforms, and that’s a challenge, but the expectation of theuser is just higher. The term I use for it is IT is getting "Facebooked."High expectationsIve had many IT guys say to me, "One of the common responses I get from my users is, My Facebook account is never down." So there is this really high expectation on availability, returning data, and things of that nature that probably isn’t really fair, but it’s reality. One of the reasons that more data is getting classiﬁed as mission critical is just that the expectation that everything will be around forever is much higher. The other thing that we forget sometimes is that the backup process, especially a network backup, probably unlike any other, stresses every single component inthe infrastructure. Youre pulling data off of a local storage device on a server, it’s going throughthat server CPU and memory, it’s going down a network card, down a network cable, to a switch,to another card, into some sort of storage device, be it disk or tape.So there are 15 things that happen in a backup and all 15 things have to go ﬂawlessly. If onething is broken, the backup fails, and, of course, it’s the IT guy’s fault. It’s just a complexenvironment, and I don’t know of another process that pushes on all aspects of the environmentin one fell swoop like backup does.Gardner: So the stakes are higher, the expectations are higher, the scale and volume andheterogeneity are all increased. What does this mean, John, for those that are tasked withmanaging this or trying to get a handle on it as a process, rather than a technology-by-technology
approach, really looking at this at that life cycle? Has this now gone from being a technicalproblem to a management or process problem?Maxwell: Its both, because there are two issues here. One, you expect todays storageadministrator, or sysadmin, to be a database administrator (DBA), a VMware administrator, aUNIX sysadmin, and a Windows admin. That’s a lot of responsibility, but that’s the fact.A lot of people think that they are going to have as deep level of knowledge on how to recover aWindows server as they would an Oracle database. That’s just not the case, and its the samething from a product perspective, from a technology perspective.Is there really such thing as a backup product, the Swiss Army knife, that does the best ofeverything? Probably not, because being the best of everything means different things todifferent accounts. It means one thing for the small to medium-size business (SMB), and it couldmean something altogether different for the enterprise.Weve now gotten into a situation where we have the typical IT environment using multiplebackup products that, in most cases, have nothing in common. They have a lot of hands in thepot trying to manage data protection and restore data, and it has become a tangled mess.Gardner: Before we dive a little bit deeper into some of these major areas, Id like to just visitanother issue that’s very top of mind for many organizations, and that’s security, compliance, andbusiness continuity types of issues, risk mitigation issues. George Crump, how important is thatto consider, when you look at taking more of a comprehensive or a holistic view of this backupand data-protection issue?Disclosure lawsCrump: Its a really critical issue, and there are two ramiﬁcations. Probably the one that strikesfear in the heart of every CEO on the planet is all the disclosure laws that exist now that say that,when you lose a customer’s data, you have to let him know. Unfortunately, probably the onlyeffective way to do that is to let everybody know.Im sure everybody listening to this podcast has gotten more than one letter already this yearsaying their Social Security number has been exposed or this has been exposed, things like that. Ican think of three or four Ive already gotten this year.So there is the downside of legally having to admit you made a mistake, and then there is thelegal requirements of retaining information in case of a lawsuit. The traditional thing was that if Igot a discovery motion ﬁled against me, I needed to be able to pull this information back, andthat was one motivator. But the bigger motivator is having to disclose that we did lose data.
And theres a new one coming in. Were hearing about big data, analytics, and things like that. Allof that is based on being able to access old information in some form, pull it back fromsomething, and be able to analyze it.That is leading many, many organizations to not delete anything. If you dont delete anything,how do you store it? A disk-only type of solution forever, as an example, is a pretty expensivesolution. I know disk has gotten a lot cheaper, but forever, that’s a really long time to keep thelights on, so to speak.Gardner: Lets look at this a bit more from the problem-solution perspective. John, youvegotten a little bit into this notion that we have multiple platforms, we have operating systems,hypervisors, application types, even appliances. Whats the problem here and how do we start todevelop a solution approach to it?Maxwell: The problem is we need to step back, take inventory of what weve got, and choose theright solution to solve the problem at hand, whether youre an SMB or an enterprise.But the biggest thing we have to address is, with the amount and complexity of the data, how canwe make sysadmins, storage administrators, and DBAs productive, and how can we get them allon the same page? Why do each one of these roles in IT have to use different products?George and I were talking earlier. One of the things that he brought up was that in a lot ofcompanies, data is getting backed up over and over by the DBA, the VMware administrator, andthe storage administrator, which is really inefﬁcient. We have to look at a holistic approach, andthat may not be one-size-ﬁts-all. It may be choosing the right solutions, yet providing a centeredmeans for administration, reporting, monitoring, etc.Gardner: George, youve been around for a while in this business, as have I, and there is a littlebit of a déjà vu here, where were bringing a system-of-record approach to a set of disparatetechnologies that were, at one time, best of breed and necessary, but are increasingly part of amore solution or process beneﬁt.So we understand the maturation process, but is there anything different and speciﬁc aboutbackup that makes this even harder to move from that point solution, best of breed mentality, intomore of a comprehensive process standardization approach?Demands and requirementsCrump: It really ties into what John said. Every line of business is going to have its owndemands and requirements. To expect not even a backup administrator, but an Oracleadministrator that’s managing an Oracle database for a line of business, to understand thenuances of that business and how they want to keep things is a lot to ask.
To tie into what John said, when backup is broken, the default survival mechanism is to throweverything out, buy the latest enterprise solution, put the stake in the ground, and forceeverybody to centralize on that one item. That works to a degree, but in every project weve beeninvolved with, there are always three or four exceptions. That means it really didn’t work. Youdidnt really centralize.Then there are covert operations of backups happening, where people are backing up data andnot telling anybody, because they still dont trust the enterprise application. Eventually,something new comes out. The most immediate example is virtualization, which spawned thebirth of several different virtualized speciﬁc applications. So bringing all that back in againbecomes very difﬁcult.I agree with John. What you need to do is give the users the tools they want. Users are toosophisticated now for you to say, "This is where we are going to back it up and youve got to livewith it." Theyre just not going to put up with that anymore. It wont work.So give them the tools that they want. Centralize the process, but not the actual software. I thinkthats really the way to go.Gardner: So we recognize that one size ﬁts all probably isn’t going to apply here. Were going tohave multiple point solutions. That means integration at some level or multiple levels. Thatbrings us to our next major topic. How do we integrate well without compounding thecomplexity and the problems set? John?Maxwell: Weve been working on this now for almost two years here at Quest, and now at Dell,and we are launching, literally in a matter of weeks, something called NetVault XA. “XA” standsfor Extended Architecture. We have a portfolio of very rich products that span the SMBs and theenterprise, with focus on virtual backup, heterogeneous backup, instantaneous snapshots anddeep application recovery, and we’re keenly interested in leveraging those technologies for theDBAs and sysadmins in ways that make their lives easier and make sure they are moreproductive.NetVault XA solves some really big issues. First of all, it uniﬁes the user experience acrossproducts, and by user, I mean the sysadmin, the DBA, and the storage administrator, acrossproducts. The initial release of NetVault XA will support both our vRanger and NetVault Backup,as well as our NetVault SmartDisk product, and next year, well be adding even more of ourproducts under NetVault XA as well.So now weve provided a common means of administration. We have one UI. You don’t have tolearn something different. Everyone can work on the same product, yet based on your login ID,you will have access to different things, whether its data or capabilities, such as restoring anOracle or SQL Server database, or restoring a virtual machine (VM).Thats a common UI. A lot of vendors right now have a lot of solutions, but they look like theyrefrom three, four, or ﬁve different companies. We want to provide a singular user experience, butthats just really the icing on the cake with NetVault XA.
If we go down a little deeper into NetVault XA, once it’s is installed, learning alongside vRanger,NetVault, or both, its going to self identify that vRanger or NetVault environment, and its goingto allow you to manage it the way that you have already set about from that ability.New approachWere really delivering a new approach here, one we think is going to be unique in theindustry. Thats the ability to logically group data and applications within lines of business.You gave an example earlier of Oracle. Oracle is not an application. Oracle is a platform forapplications, and sometimes applications span databases, ﬁle systems, and multiple servers. Youneed to be looking at that from a holistic level, meaning what makes up application A, whatmakes up application B, C, D, etc.?Then, what are the service levels for those applications? How mission critical are they? Are theyin that 50 percent of data that weve seen from surveys, or are they data that we restored from aweek ago? It wouldn’t matter, but then, again, its having one tool that everyone can use. So younow have a whole different user experience and youre taking up a whole different approach todata protection.Gardner: This is really interesting. Ive seen a demo of this and I was very impressed. One ofthe things that jumped out at me was the fact that youre not just throwing a GUI overlay on avariety of products and calling it integration.There really seems to be a drilling down into these technologies and surfacing information tosuch a degree that it strikes me as similar to what IT service management (ITSM) did formanaging IT systems at a higher level. Were now bringing that to a discrete portion backup andrecovery. Does that sound about right, George, or did I overstate it?Crump: No, thats dead-on. The beneﬁts of that type of architecture are going to be substantial.Imagine if you are the vRanger programmer, when all this started. Instead of having to write halfof the backend, you could just plug into a framework that already existed and then focus most ofyour attention on the particular application or environment that you are going to protect.You can be releasing the equivalent of vRanger 6 on vRanger 1, because you wouldn’t have to gowrite this backend that already existed. Also, if you think about it, you end up with a much morereliable software product, because now youre building on a library class that will have been welltested and proven.Say you want to implement deduplication in a new version of the product or a new product.Instead of having to rewrite your own deduplication engine, just leverage the engine thatsalready there.
Gardner: John, it sounds a little bit like were getting the best of both worlds, that is to say theability to support a lot of point solutions, allowing the tools that the particular overseer of thattechnology wants to use, but bringing this now into the realm of policy.Its something you can apply rules to, that you can bring into concert with other IT managementapproaches or tasks, and then gain better visibility into what is actually going on and then tweak.So amplify for me why this is standardization, but not at the cost of losing that Swiss Army knifeapproach to the right tool for the right problem?One common meansMaxwell: First of all, by having one common means, whether youre a DBA, a sysadmin, aVMware administrator, or a storage administrator, this way you are all on the same page. Youcan have people all buying into one way of doing things, so we dont have this data being backedup two or three times.But the other thing that you get, and this is a big issue now, is protecting multiple sites. When wetalk about multiple sites, people sometimes say, "You mean multiple data centers. What about allthose remote ofﬁce branch ofﬁces?" That right now is a big issue that we see customers runninginto.The beauty of NetVault XA is I can now have various solutions implemented, whether itsvRanger running remotely or NetVault in a branch ofﬁce, and I can be managing it. I can manageall aspects of it to make sure that those backups are running properly, or make sure replication isworking properly. It could be halfway around the country or halfway around the world, and thisway we have consistency.Speaking of reporting, as you said earlier, what about a dashboard for management? One of ourearly users of NetVault XA is a large multinational company with 18 data centers and 250,000servers. They have had to dedicate people to write service-level reports for their backups. Now,with NetVault XA, they can literally give their IT management, meaning their CIO and theirCTOs, login IDs to NetVault XA, and they can see a dashboard that’s been color coded.It can say, "Well, everything is green, so everything is protected," whether its the Linux servers,Oracle databases, Exchange email, whatever the case. So by being able to reduce that level ofcomplexity into a single pane of glass -- I know its a cliché, but it really is -- its really verypowerful for large organizations and small.Even if you have two or three locations and youre only 500 employees, wouldn’t it be nice tohave the ability to look at your backups, your replicas, and your snapshots, whether theyre in thedata center or in branch ofﬁces, and whether youre a sysadmin, DBA, storage administrator, tobe using one common interface and one common set of rules to all basically all get on the sameplane?
Gardner: Lets revisit the issue that George was talking about, eDiscovery, making sure thatnothing falls through the cracks, because with Murphy’s Law rampant, thats going to be thething that somebody is going to do eDiscovery on. It seems to me youre gaining someconﬁdence, some sense of guarantees, that whatever service-level agreements (SLAs) andcompliance regulatory issues are there, you can start to check these off and gain some automatedassurance.Help me better understand John why the NetVault XA has, for lack of a better word, some sort ofa conﬁdence beneﬁt to it?Maxwell: Well, the thing is that not only have we built things into NetVault XA, where its goingto do auto discovery of how you have vRanger and NetVault set up and other products down theroad, but its going to give you some visibility into your environment, like how many VMs areout there? Are all those VMs getting protected?I was just at VMworld Barcelona a couple of weeks ago, and VMware has made it incrediblysimple now to provision VMs and the associated storage. Youve got people powering up andpowering down VMs at will. How do you know that youre protecting them?Dispersed operationsAlso at an event this week in Europe, I ran into a user in an emerging country in EasternEurope, and they have over 1,000 servers, most of which are not being protected. Its a verydispersed operation, and people can implement servers here and there, and they dont know whathalf the stuff is.So its having a means to take an inventory and ensure that the servers are being maintained, thateverything is being protected, because next to your employees, your data is the most importantasset that you have.Data is everywhere now. It’s in mobile devices. It certainly could be in cloud-based apps. Thatsone of the things that we didn’t talk about. At Quest we use seven software-as-a-service (SaaS)-based applications, meaning theyre big parts, whether its Salesforce.com or our helpdesksystems, or even Ofﬁce 365. This is mission-critical corporate data that doesn’t run in our owndata center. How am I protecting that? Am I even cognizant of it?The cloud has made things even more interesting, just as virtualization has made it moreinteresting over the past couple of years. With NetVault XA, we give you that one single pane ofglass with which you can report, analyze, and manage all of your data.Gardner: Do we have any instances where we have had users, beta customers perhaps, puttingthis to use, and do we have any metrics of success? What are they getting from it? Its great tohave conﬁdence, its great to have a single view, but are they reducing expenses? Do they have areal measurement of how their complexity has been reduced? What are the tangibles, John?
Maxwell: Well, one of the tangibles is the example of the customer that has 18 data centers,because they have a ﬁnite-sized group that manage the backups. That team is not going to grow.So if they have to have two or three people in that team just working on writing reports, goingout and looking manually at data, and creating their own custom reports, thats not a good use oftheir time.Now, those people can do things that they should be doing, which is going out and making surethat data is being protected, going out and testing disaster recovery (DR) plans, and so forth.Some people were tasked with jobs that aren’t very much fun, and that’s now all been automated.Now they can get down to brass tacks, which is ensuring that, for an enterprise with a quartermillion servers, everything is protected and its protected the way that people think they aregoing to be protected, meaning the service levels they have in place can be met.We also have to remember that NetVault XA brings many beneﬁts to our Ranger customer baseas well. We have accounts with maybe one home ofﬁce and maybe two or three remote labs orremote sales ofﬁces. Weve talked to a couple of vRanger customers who now implementvRanger remotely. In these shops, there is no storage administrator. Its the sysadmin, theVMware administrator, or the Windows administrator. So they didn’t have the luxury like the bigaccounts to have people do that.Now, this person can focus on ensuring that operating systems are maintained, working with endusers. A lot of the tasks they were previously forced to do took up a lot of their time. Now, withNetVault XA, they can very quickly look at everything, give that health check that everything isokay, and control multiple locations of vRanger from one central console.Mobile devicesGardner: Just to be clear John, this console is something you can view as a web interface, andIm assuming therefore also through mobile devices. Im going to guess that at some point, therewill perhaps be even a more native application for some of the prominent mobile platforms.Maxwell: It’s funny that you mentioned that. This is an HTML5-based application. So its verynew, very fresh, and very graphical. If you look at the UI, it was designed with tablets andlaptops in mind. Its gotten to where you can do controls with your thumbs, assuming yourerunning this on a tablet.In-house, and with early support customers, you can log into this remotely via laptops, or tabletcomputing. We even have some people using them on mobile phones, even though were notquite there yet. Im talking about the form factor of how the screens light up, but we willdeﬁnitely be going that way. So a sysadmin or storage administrator can have at their ﬁngertipsthe status of what’s going on in the data-protection environment.
Whats nice is because this is a thin client, a web UI, you can deﬁne user IDs not only for thesysadmins and DBAs and storage administrators, but like I said earlier, IT management.So if your boss, or your boss’ boss, wants to dial in and see the health of things, how much datayou’re protecting, how much data is being replicated, what data is being protected up in thecloud, which is on-prem, all of that sort of stuff, they can now have a dashboard approach toseeing it all. That’s going to make everyone more productive, and its going to give them a bettersense that this data is being protected, and they can sleep at night.Gardner: George, we spoke earlier about these natural waves of maturation that have occurredthroughout the history of IT. As you look at the landscape for data protection, backup, or storage,how impactful is this in that general maturation process? Is Quest, with its NetVault XA, taking ababy step here, or is this something that gets us a bit more into a fuller, mature outcome, when itcomes to the process of data lifecycle?Crump: Actually, it does two things. Number one, from the process perspective, it allows thereto actually be a process. Its nice to talk about backup process and have a process for protectionand a process to recover, but if you don’t have a way to manage and see all of your dataprotection assets, its really just a lot of talk.You cant run a process like we are talking about in today’s data center with virtualization andthings like that off of an Excel spreadsheet. Its just not going to work. Its nowhere near dynamicenough. So number one, it enables the fact of having a conversation about process.Number two, it brings ﬂexibility. Because the only other way you could have had thatconversation about process, as I said before, would be to throw everything out, pick oneapplication, and suffer the consequences, which would be not ideal support for every singleplatform.To sum it up, its really an enabler to creating a real data-protection process or workﬂow.Gardner: Okay. Were going to have to wrap it up pretty soon, but weve mentioned mobileaccess, and cloud. I wonder if theres anything else coming down the trend pike, if you will, thatwill make this even more important.The economyI come back to our economy. Were still not growing as fast as many people would like, andtherefore companies are not just able to grow their top line. They have to look to increase theirbottom line through efﬁciency and deduplication, ﬁnding redundancy, cutting down on storage,cutting down energy cost, simplifying, or centralizing data centers into a larger but more efﬁcientand therefore fewer facilities, etc.
Is there anything here, and I will open this up to both John and George, that we can look to in thefuture that strikes some of these issues around efﬁciency and productivity, or perhaps there areother trends that will make having a process approach to a data lifecycle and backup andrecovery even more important?Maxwell: Dana, you hit on something thats really near and dear to my heart, which is datadeduplication. We have a very broad strategy. We offer our own software-based dedupe. Wesupport every major hardware based dedupe appliance out there, and were now adding supportfor Dell’s DR Series, DR4000 dedupe appliances. But were still very much committed to tape,and were building initiatives based on storing data in the cloud and backing up, replicating,failover, and so forth.One of the things that we built into NetVault XA thats separate from the policy management andonline monitoring is that we now have historical data. This is going to give you the ability to dosome capacity management and capacity planning and see what the utilization is.How much storage are your backups taking? Whats the most optimum number of generations?Where are you keeping that data? Is some data being kept too long? Is some data not being keptlong enough?By offering a broad strategy that says we support a plethora of backup targets, whether its tape,special-purpose backup appliances, software-based dedupe, or even the cloud, were givingcustomers ﬂexibility, because they have unique needs and they have different needs, based onservice levels or budgets. We want to make them ﬂexible, because, going back to our originaldiscussion, one size doesn’t ﬁt all.Gardner: I think we can sum that up as just being more intelligent, being more empowered, andhaving the visibility into your data. Anything else, George, that we should consider as we thinkabout the future, when it comes to these issues on backup and recovery and data integrity?Crump: Just to tie in with what John said, we need ﬂexibility that doesn’t add complexity.Almost everything weve done so far in the environment up to now, has added ﬂexibility, butalso, for every ounce of ﬂexibility, it feels like we have added two ounces of complexity, and itssomething we just cant afford to deal with. So thats really the key thing.Looking forward, at least on the horizon, I dont see a big shift, something like virtualization thatwe need to be overly concerned with. What I do see is the virtual environment becoming moreand more challenging, as we stack more and more VMs on it. The amount of I/O and the amountof data protection process that will surround every host is going to continue to increase. So thetime is now to really get the bull by the horns and institute a process that will scale with thebusiness long-term.Gardner: Well, great. Weve been enjoying a conversation, and you have been listening to asponsored BrieﬁngsDirect podcast on new approaches that help simplify the data-protectionprocess and help keep cost in check, while also improving recovery conﬁdence. Weve seen how
solving data protection complexity and availability can greatly help enterprises gain acomprehensive and standardized control approach to their data and that data’s lifecycle.So I would like to thank our guests, John Maxwell, Vice President of Product Management forData Protection at Quest. Thanks, John.Maxwell: Thank you, Dana.Gardner: And also George Crump. He is the Lead Analyst at Storage Switzerland. Thank you,George.Crump: Thanks for having me.Gardner: This is Dana Gardner, Principal Analyst at Interarbor Solutions. Thanks to you, ouraudience, for listening, and do come back next time. Listen to the podcast. Find it on iTunes. Sponsor: Quest SoftwareTranscript of a BrieﬁngsDirect podcast on new solutions to growing need for more reliable andless cumbersome data backup in increasingly data-intensive environments. Copyright InterarborSolutions, LLC, 2005-2012. All rights reserved.You may also be interested in: • New Levels of Automation and Precision Needed to Optimize Backup and Recovery in Virtualized Environments • Ocean Observatories Initiative: Cloud and Big Data come together to give scientists unprecedented access to essential climate insights • Case Study: Strategic Approach to Disaster Recovery and Data Lifecycle Management Pays Off for Australias SAI Global • Columbia Sportswear extends deep server virtualization to improved ERP operations, disaster recovery efﬁciencies • Virtualization Simpliﬁes Disaster Recovery for Insurance Broker Myron Steves While Delivering Efﬁciency and Agility Gains Too