| These questions are being asked with far more urgency since the tragedy of September 11. While the questions, as you shall see, are often difficult to answer, what’s clear is that organizations large and small need to prepare comprehensive disaster-preparation strategies. This article focuses on just one area of disaster preparedness: data backup.
The first step in designing such a strategy requires that you answer two questions:
 Downtime: How quickly must you recover the information before your business experiences serious setbacks?
Cost: How much are you willing to pay to implement a data-backup plan?
To answer the downtime question, you must address, among other things, issues such as how well your organization can tolerate missed sales opportunities, delayed cash receipts, decreased employee productivity, lost purchase discounts and possible loss of customers, investors and trading partners. Faster recovery times equal lower downtime costs. However, strategies that speed recovery also can be expensive. While this article cannot cover all aspects of each strategy, it will summarize the major techniques.
The practice of storing the backed-up data in a secure place, called vaulting, assumes that an organization’s computer files are copied regularly on some type of removable medium, such as magnetic tape, CD or hard disk, and then delivered to an off-site location for safekeeping. The timing and extent of backups can vary (from continuous real time to once a day or once a week), depending on the organization’s needs.
Renting a bank’s safe-deposit box is about the most costly way to store backups, ranging from $15 to $100 a month, depending on the amount of space needed. At the low end of the cost spectrum is to have at least two employees bring separate copies of the data home every night.
Performing backups, if done manually, is slow and tedious. However, there is software on the market that does the task effortlessly. The least expensive tool, which is built into the Windows operating system, copies data from your hard disk, compresses it and then stores it on another medium. The utility also makes it easy to restore the data from the archived copy.
If you require more functionality, consider buying specialized software such as SmartSync Pro ( www.smsync.com ), Retrospect ( www.betterbackup.com ) or NovaStor ( www.novastor.com ). The purchase price of backup-recovery software ranges from around $35 to $1,000, depending on its sophistication. Key features to look for in backup-recovery software include the ability to handle various media such as tapes, disks and rewritable CDs, to automatically schedule full and incremental backups, to report backup activities, to verify archived data, to support multiple file types and specific needs such as SQL databases and Exchange Server and the ability to track archived files and selectively restore them.
If you need to back up less than 650 megabytes (Mb), you can use a rewritable CD drive (CR-RW) such as the Yamaha CRW 2100SZ internal SCSI drive ( www.yamaha.com ), which costs around $300. If you need to store up to 20 gigabytes (Gb), consider a removable hard drive such as the Peerless drive from Iomega ( www.iomega.com ), which sells for approximately $400. And if your needs exceed 20 Gb, you will probably need to go to tape, such as the ADR50 (50 Gb) internal SCSI digital tape drive offered by OnStream ( www.onstream.com ), which carries a price tag of about $900.
An effective alternative to physical vaulting is electronic vaulting. For instance, a small business can electronically transmit mission-critical data over the Internet to the home computer of a key employee using software applications such as Altiris Carbon Copy ( www.altiris.com ), LapLink ( www.laplink.com ) or PC AnyWhere ( www.symantec.com ), each of which costs less than $200. This option won’t work for larger organizations, either because their data sets are too large to fit on a typical home computer or because the transmit time of large files would be too long. However, highly compressing the data could partially overcome that obstacle.
A related strategy is to use the services of a business that provides storage space on its computers. The data would be delivered to the vendor via the Internet. We’ll discuss this subject in more detail later.
Many forward-thinking organizations store more than just data. They’ll also safeguard copies of mission-critical software such as operating systems and applications. So if a disaster knocks out their computers, recovery efforts would include reinstalling their entire system on other computers.
A more expensive strategy than vaulting involves investing in redundant computer hardware—so if one component fails, a backup device kicks in to keep the system running. The most vulnerable components are power supplies and those with moving parts, such as disk drives.
One way to minimize the threat of catastrophic disk failure is to use a technology known as redundant array of independent disks (RAID). There are many kinds of RAID systems, all designed to provide various levels of error recovery and fault tolerance. Each has trade-offs based on performance, degree of fault tolerance, design complexity and cost.
One RAID choice is disk mirroring—a process in which data are simultaneously duplicated on one or more disks within the same system. The only additional hardware you need to set up a mirroring system is an additional disk drive that is the same size as your current drive. A typical 60-Gb drive, for example, costs about $200. For additional protection you also might consider buying a separate disk controller card for the new drive for around $80. The dual disk drive/controller card option results in a special type of mirroring protection called disk duplexing.
Another choice is disk striping; while there are many variations of striping, the most common is to set up an array of at least three and usually five disk drives. Disk striping does not store redundant data across the disk array; rather, it uses a system of parity checks—or hash totals—to rebuild lost data should one drive in the array fail. If you are running Windows NT Server, Windows 2000 Server or Novell NetWare, your computer is capable of handling disk mirroring and striping.
You should be aware that using software such as Windows or Novell to evoke RAID usually degrades your system’s performance because it imposes extra tasks on your primary computer. To get around that problem many organizations add a separate controller card to run a RAID system, relieving your computer of that extra burden. Such cards cost from $250 to $2,500, depending on your configuration. For a small business, a good starter card is the Adaptec SCSI RAID 2100S ( www.adaptec.com ), which can handle up to 15 disk drives configured as mirroring or striping; the card costs around $450.
If you’re running your business on a single computer, it’s easy to add a RAID configuration. However, if your business runs on two or more networked computers, a network administrator will be needed to maintain the system.
Another way to avoid the time and expense associated with recovering from a disaster is to form a seamless network cluster in which several networks are linked. One of the nice things about a network cluster is that it’s scalable—that is, it can grow with your organization. While there are many clustering configurations, this article will discuss two of the most popular: network attached storage (NAS) and storage area networks (SAN).
NAS offers solid backup-recovery protection for small to midsize organizations. It uses a storage device, called a NAS appliance, which is installed on a local area network (LAN) and shared by multiple users including network computers. Such an appliance is designed exclusively to store data and handle file input-output operations. Many NAS appliances are fault-tolerant—that is, they incorporate RAID technology and redundant components. Since they shoulder the extra load imposed on the system, they improve the system’s performance.
As illustrated in exhibit 1, below, one or more NAS appliances can be placed anywhere in a local area network (LAN) at any time. Such appliances should be installed by computer-savvy technicians.
| Exhibit 1: Network Attached Storage (NAS) |
 |
Leading NAS vendors include Hewlett-Packard ( www.hp.com ), Maxtor ( www.maxtor.com ) and Quantum ( www.quantum.com ). Prices range from $500 to $6,000, depending on features such as storage capacity, speed and fault-tolerance capability.
If an organization needs to protect a wider area than a LAN, a storage area network (SAN) may be a better choice. Also, a SAN, which is scalable, can handle very high levels of throughput and is therefore well suited for large organizations. In essence, a SAN represents a dedicated network of storage devices and computers. As shown in exhibit 2, below, a SAN also can incorporate the NAS architecture; as a result, it can realize the best of both worlds.
| Exhibit 2: Server Area Network (SAN) Configuration |
 |
Leading SAN vendors include EMC2 ( www.emc.com ), Tivoli ( www.tivoli.com ), Comdisco ( www.comdisco.com ) and StorageTek ( www.storagetek.com ). Depending on capacity and sophistication, prices range from $6,000 to $20,000; that’s in addition to the cost of extra hardware. To learn more about SANs, visit the Web site of the Storage Networking Industry Association at www.snia.org . For organizations’ backup-recovery options, see “Alternative Backup Strategies” on page 69.
Some organizations might want to outsource their data-backup chores. There are several terms used in the industry to describe such vendors; to avoid confusion this article refers to the family of third-party outsourcing vendors as backup-recovery service providers (BRSP). As a minimum, a BRSP can offer just-off-site electronic storage, leaving responsibility for actual backup and recovery to the client. The client can manually or automatically trigger full and incremental backups, sending the data over the Internet to the BRSP. Depending on the amount of data being sent and the transfer time available, bandwidth requirements can be reasonable and affordable. However, in the event of a failure, the client—not the provider—must retrieve and restore its own data.
At the next higher level, a BRSP can offer real-time mirroring of data coupled with complete restoration services. Depending on the client’s activity level, real-time replication can demand very high bandwidth requirements, which can be expensive. On the plus side, however, client data are safely stored at an off-site location, backed up to the latest keystroke and restored by professionals with experience in rebuilding data.
At the highest level, a BRSP can maintain real-time replicated copies of data and the client’s operating system and applications. Additionally, a BRSP typically contracts to have sufficient server space available so that, in the event of an emergency, the client can run its business operations on the BRSP’s server until it can restore its own computers. Thus, in the event of catastrophic failure, the client would be up and running in seconds. Naturally, the client pays considerably more for such a service.
The number of BRSPs is growing. The larger ones include Comdisco ( www.comdisco.com ), LiveVault ( www.livevault.com ), NovaStor ( www.novastor.com ), Virtual Backup ( www.virtualbackup.com ), Galaxy Stor ( www.galaxystor.com ) and Backup Security Management ( www.backupsecuritymanagement.com ). Prices range from $5 per month for 100 Mb of storage to several thousand dollars a year for the very highest level of protection.
All the backup-recovery strategies discussed so far assume company data are located in easily identifiable and accessible places. However, increasingly more data are being stored on personal desktops, laptops and personal digital assistants, thereby diffusing important information into disparate isolated pockets. Thus, it is vital that a backup-recovery strategy encompasses ways to track, save and protect such scattered data. There are three basic users of data to consider: the central office worker, remote office staff member and the traveler.
Central office users should frequently back up to local storage devices such as a CD, Zip or tape drives as well as to a network. Remote office users should also back up data to local storage devices in addition to sending data over a leased line or the Internet to the home office. Another option is for remote office users to electronically store their backup data using a BRSP.
Traveling users should back up frequently because laptops take a beating on the road and are highly susceptible to loss. While travelers could back up on local devices, for some this is a burden because of the extra traveling weight and bulk and the difficulty of juggling the media. All things considered, one of the best for these “road warriors” is to electronically store their data using a BSRP. One vendor offering backup-recovery services specifically designed for travelers is AvantGo ( www.avantgo.com ).
As should be obvious by now, there is no one easy answer to the question, “Which strategy is best for me?” And while the issues are complex, there is no doubt that they have to be addressed because the price of doing nothing—failure of a business—is just too high.
| Alternative Backup Strategies
| |