220 likes | 315 Views
Stand and Deliver Data Protection SLA’s Strategies for developing Data Protection Service Level Agreements. Presented by Brian J. Greenberg http://briangreenberg.net bjg@acm.org. Overview. Data growth rates are huge and it’s only going to increase.
E N D
Stand and DeliverData Protection SLA’sStrategies for developing Data Protection Service Level Agreements Presented by Brian J. Greenberg http://briangreenberg.net bjg@acm.org
Overview • Data growth rates are huge and it’s only going to increase. • As data grows, protecting it becomes increasingly more important. • Occurrences of Data Protection SLAs are on a upswing.1 1 Storage Magazine, February 2008 (http://searchstorage.techtarget.com/magazineFeature/0,296894,sid5_gci1299125,00.html)
What I Assume You Know • The nature of data protection in a backup environment. • Off-line/near-line, snapshots in time, removable media, implications of legal holds, etc. • At least one backup application. • NetWorker, NetBackup, TSM, etc. • Your data • Or you know someone who knows your data, or someone who knows someone who knows your data…
By The End Of The Session, You’ll Know The Following: • What is a SLA. • Data Protection SLAs v. Storage SLAs • The business case for a SLA. • A two phased approach to a SLA. • A SLA for your own DP environment.
What is a Data Protection Service Level Agreement? A data protection service level agreement is concerned with the agreed upon, measurable services of protecting a customers data according to the requirements laid out in the agreement. • Should not be confused with a Storage SLA, however, may be a subset of one. • For the purposes of this presentation, DP SLAs are concerned with data that’s managed by a backup application. This will be different from organization to organization.
What is Data Protection? Data Protection consists of the processes and methods used to maintain the availability and integrity of data over time. • It’s not just doing a backup anymore. • Data growth rates are necessitating increased attention to protection. • Data protection has become a true discipline and profession.
What Is Data Protection (continued) • It is not the latest copy of data.(a.k.a., not part of continuous nor semi-continuous data protection.) • A backup is: • A snapshot in time of a set of data. • A way to maintain data integrity over time. • An inexpensive way to keep data for long periods of time. • An inexpensive way to keep a copy of data off-site and off-line.
The History Of Data Protection • Historically, DP has been viewed by I.T. and Businesses alike as an afterthought, and at best, a forgotten insurance policy. • DP has never been an important discipline, not even offered in school. • DP in general has a bad reputation. • Over the years, this perception has injured the practice of data protection, the reputation of data protection professionals and the technologies that are employed by the practice.
Why Bother With A DP SLA? A data protection SLA illuminates the practice of data protection to the business for the businesses sake. • Employing a SLA, engages a contractual agreement of services, something the business can understand. • Begins with making a business case for protecting data through understanding the business impact of data loss.
The Business Case For A DP SLA Having a data protection SLA makes the practice of protecting data a shared responsibly. • An SLA sets a level of what is to be protected, how quickly it must be recovered and how long the data needs to be retained for. • The business ‘declares’ the business requirements for protection (and compliance). • Disaster Recovery & Business Continuance Plans will have most of this information already -- If you’re lucky. • Will usually be supplemented with continuance technologies such as replication and snapshots.
The Data Protection Business Alignment Process Backup Policy Billing Department Host(s) Path(s) Schedule(s) Retention Identify PointPeople Produce Alignment Report Copies Off Site Off-Line Encrypted Etc… Produce Current SL Report Data Gathering Assessment Review current backup policies and SL with business. Legal Requirements Business Driven Off-Site Specifications Encryption Requirements Number of copies, etc.. Assess business requirements for Service Level Compile business requirements for Service Level and determine Technical, Architectural & Process changes.
Step 1: Business Alignment It's important to be business driven when designing your data protection architecture. If you're technology driven you'll find yourself trying to fit your business processes around someone else's technology when it needs to be the other way around. • Know the current costs of data protection in your environment. • Based on what you can anticipate of your customers requirements, estimate any changes in cost. This will be the sanity check.
Business Alignment (Continued) • Herding the cats… a.k.a. Identify the data owners. • Records Manager or Compliance Officer • Technical contact/owner • Data owner • All data protection requirements must be legal/business driven. • What is the data? • Where is the data?
Business Alignment (Continued) • Are there Data Dependencies or Consistency Groups? • Recovery objectives (Archive v. Backup) • Recovery Time Objective (RTO) • Recovery Point Objective (RPO) • How many copies are required? • How many copies must be off-line?
Business Alignment (Continued) • What are the physical location requirements for each copy? • Do any copies need to be off-site? • What does off-site mean in your organization? • Are there encryption requirements, especially of off-line copies? • What is the retention period of the data?
Service Level Assessment Form • This form is an example of what yours may look like, however, yours will most likely be more extensive pertaining to the specific requirements of your business and how you do data protection.
Step 2: Data Protection Methods • Once the assessment is complete and signed off in the preliminary requirements, you can then determine what architectures (how much money) will accommodate the requirements and be sustainable. • This ($) may require a re-leveling of expectations from the businesses.
Considerations Of Methods • Virtual Tape Libraries and other disk based backup targets including De-Duplication. • Not off-line. • May need to be replicated, still not off-line. • May not fulfill the off-site requirements. • Can be vulnerable in a rolling disaster. • Not cost effective for data retained for longer than one year, maybe less.
Considerations Of Methods (Continued) • Encryption for removable media • Still very young in the industry. • Requires a excellent, reliable, protected key management system. • May lock you into a technology for decades. • Risky for long term retention data and even more challenging to manage. • Could to be integrated into media conversion projects for sustainability.
Data Protection For Your Data Protection System • Whatever your most aggressive SLA is for your customers, you’ll most likely need to match or exceed it for your Data Protection Environment. • Take care of your backup catalog/index/database.
FOR MORE INFORMATION • http://searchstorage.techtarget.com • http://snia.org I’ll be available at the Ask-the-Expert booth today from 1:30 PM to 2:30 PM. Brian J. Greenberg http://briangreenberg.net bjg@acm.org