Data security as a service

Thanks to backup service providers, small offices can afford the ironclad efficiency of a datacenter backup

For all their differences, SMBs and ROBOs (remote offices/branch offices) have one unavoidable headache in common: designing a robust backup and recovery system at a justifiable cost.

When backing up network assets, larger, centralized organizations typically employ expansive -- and expensive -- automated tape systems. Although such backups may go to disk first for performance reasons, almost all end up on tape. An off-site vault provider then maintains copies of backup tapes in case of disaster. To meet recovery requirements for important applications, some large-scale enterprises tap more advanced methods, such as replication or CDP (continuous data protection).

SMBs and ROBOs rarely have the luxury, however, of duplicating big-time backup schemes on a small scale. Typically, they lack the administrative and operational expertise, the capital for tape hardware, or the money to pay an off-site vault company month after month. The unfortunate result is that many small offices do not back up their data at all -- or they use an inexpensive system fraught with design flaws and operational challenges, such as a single tape drive that performs a full backup every night. Those tapes typically stay on site and in many cases sit inside the backup server, allowing a single break-in or fire to destroy everything. Worse, lack of oversight may mean that backups  are routinely falling under the radar -- until a failed attempt at restoring them gets somebody fired.

SMBs and ROBOs know they need backups that work. They just can’t perform them affordably and reliably. What’s needed is the equivalent of an AOL for backups -- click OK, pick a screen name, and make backups happen. But the relatively slow connections typical of SMBs and ROBOs mean that conventional backup schemes, in which one change to a huge file results in that entire file being backed up, must be replaced by more intelligent, incremental schemes.

Backup on a Human Scale
Vendors such as Asigra, Avamar, Connected, EVault, and LiveVault offer products and services that enable administrators to perform advanced incremental backups with point-and-click ease. All allow you to load their software onto your environment, which you then back up to a remote vaulting service via the Internet. And they all encrypt the data for security reasons.

Administrators can select individual drives and directories as well as certain file types to include or exclude. Most offerings support auto-discovery, allowing you to back up all drives on the system automatically, without having to update the software every time you add a new drive or file system. LiveVault and Connected enable you to manage their products via the Web, whereas the other products are managed by software loaded onto your environment, such as a Windows workstation. Some also have Java consoles that can be installed on other platforms.

In most cases, you need to install an agent on each machine that is to be backed up. With Asigra’s software, however, you select one system in your environment to be the “ds-client,” which then communicates automatically with all systems in your environment using a variety of protocols, including SSH, CIFS, or NFS. It even performs hot backups of databases using this approach. Asigra doesn’t charge for its ds-client or database agents; it bills only for the amount of data you’re protecting.

Asigra also provides the broadest platform support, as its agentless model not only supports major Unix platforms but any platform that can export an NFS or CIFS share. Second in terms of platform support is EVault, followed by LiveVault and Connected. Most products and services provide flexible backup scheduling, allowing customers to perform backups every hour, every minute, and so on. CDP -- in which a file is backed up automatically as soon as it is created or changed -- is currently offered only by LiveVault, although Asigra says it has plans to support CDP in the future.

Click for larger view.

A New Backup Paradigm
Backup services add a remote wrinkle to a familiar architecture: There are clients to be backed up, a remote recovery server, an optional tape archive, and optional local recovery server. Client software is installed on the systems to be backed up, allowing backups to either the local or remote recovery server. If stored locally, backups are automatically replicated to the remote recovery server, which may be owned by a BSP (backup server provider) or by a large enterprise that wants to maintain the process.

Companies usually start out by backing up directly to a BSP, minimizing the capital outlay -- no servers to buy or maintain. The charges are based solely on the number of gigabytes stored per month at the BSP. The downside, however, is that all data is remote. Small files can be restored remotely; large restores, however, require the BSP to cut a CD, tape, or portable disk and ship back it to the customer.

A more sophisticated backup methodology involves obtaining a local recovery server -- which can provide quick restores of large systems -- and then replicating backed-up data to a BSP for disaster purposes. This model gives the customer exactly the same level of data protection that an enterprise datacenter does, but for a fraction of the cost. The local-recovery-server option is available from Asigra, Avamar, EVault, and LiveVault and ranges in cost from free (Asigra) to tens of thousands of dollars, depending on vendor and data volume.

Companies with considerable backup volumes may eventually grow disenchanted with per-gigabyte monthly fees. Such companies should consider purchasing a remote recovery server from their BSP and managing it themselves. Even a small business can do this by putting the server at a collocation facility. All of the vendors covered here offer this option.

Make or Break Decisions
Remote backup providers have gone to great lengths to develop features that minimize bandwidth and capacity demands. Take LiveVault’s delta restore feature. The software knows which blocks of a file have changed since the time you asked to restore it, so it only needs to send those blocks back to the client to reassemble the file. That can save a lot of bandwidth when your file is corrupted and not deleted.

Because you’re paying for what you’re storing, it’s also important to consider what each backup offering does to eliminate redundant data. The solutions from Asigra, Avamar, and Connected, eliminate redundant files in the vault. If you have the same spreadsheet on three different systems, for example, these products ensure it is stored in the vault only once. If you have a high amount of redundancy in your environment, this can save a lot of money.

Another significant data point is the number of protected terabytes -- that is, the total size of the customer data protected by the solution. In this area, Asigra is the clear winner; it claims its BSPs protect more than 3 petabytes. That makes Asigra the best-kept secret in data protection, probably because its software is usually rebranded.

The final word on these products comes from those who use them. When he first looked at his Avamar system, Steve Merkel of Data393 says he was certain he was “seeing things.” He had been performing virtual, full backups every night on 65GB of data but noticed only 0.05 percent of the data was going across the wire. In the end, however, his “six-month testing cycle” proved what he was seeing was correct.

“Everyone would be doing backups like this” if they knew how easy and cost-effective it is, adds Tim Hannibal, who works at VaultLogix, an Asigra customer and service provider.

Such offerings show that you don’t need to buy a $20,000 tape library and sign a large contract with an off-site vault vendor to have automated backups. You just need to install some software, pay a monthly fee to a BSP, and go worry about something else for a change.

About 5 petabytes of data are being backed up by electronic vaulting services today. Although that number just scratches the surface of all the data out there, it also represents millions of happy customers and untold thousands of successful restores. Based on the evidence, a sizable portion of low-volume remote backups are very likely working better than those in big datacenters.

Click for larger view.