The Forrester Blog For Infrastructure & Operations Professionals
Home About This Blog Forrester Research Join Our Research Panel Forrester Blogs

High availability

July 24, 2009

Cloud DR Services Are Real

Stephanie Balaouras

There is a lot of hype surrounding cloud and I'm usually not one to join the hype but in the case of cloud-based backup and disaster recovery services (I'm trying to use the IT service continuity but it hasn't caught on yet), these service are available today and they address major pain points in IT operations and organizations of all sizes can leverage these services, not just small and medium businesses.

Storage-as-a-Service is relatively new. Today the main value proposition is as a cloud target for on-premise deployments of backup and archiving software. If you have a need to retain data for extended periods of time (1 year plus in most cases) tape is still the more cost effective option given it's low capital acquisition cost and removability. If you have long term data retention needs and you want to eliminate tape, that's where a cloud storage target comes in. Electronically vault that data to a storage-as-service provider who can store that data at cents per GB. You just can't beat the economies of scale these providers are able to achieve.

If you're a small business and you don't have the staff to implement and manage a backup solution or if you're an enterprise and you're looking for a PC backup or a remote office backup solution, I think it's worthwhile to compare the three year total cost of ownership of an on-premise solution versus backup-as-a-service.

If you lack a recovery data center or if you're looking for more a cost-effective solution for your Windows and Linux x86 server farms, I recommend that you evaluate new virtual recovery services. And for anyone who is about to renew their DR services contract, you should evaluate these new services before you resign for another three years of tape-based recovery to oversubscribed, shared IT hardware. These services fill the gap between DR services that rely on replication to dedicated IT hardware which are far too expensive for most organization and tape-based recovery to shared IT hardware, which while affordable, do not meet the recovery time and recovery point requirements of organizations from small to large and acoross industries.

And of course, if you're focused on the availability and recovery of email in particular, well there is a laundry list of service providers that focus cloud-based services for email from including continuity of service, recovery, archiving and if you wanted to, just move your email to the cloud period.

These services already have a toehold in the US but in order to expand into Canada and to Europe, these service providers are busily opening up data centers in these regions. In Canada and the EU, data privacy laws restrict the transfer of data containing personally identifiable information out of region or to a country that doesn't meet the standard of its own privacy laws.

Perhaps I'm too bullish on these services, perhaps organizations still have security concerns with cloud-based services but I think evey IT operations professional must now seriously consider these services when evaluating any backup or DR offering.

By Stephanie Balaouras

Check out Stephanie's research

You should follow me on Twittersmall here

Posted by Stephanie Balaouras at 04:10 PM in Core systems, Emerging technologies, High availability, Next-gen data center, Stephanie Balaouras, Storage, ZDNet | | Comments (0) | TrackBack (0)

July 01, 2009

How Do We Measure High Availability?

Stephanie Balaouras

Over the past 2 months, I've seen an increase in the number of end user inquiries regarding high availability and almost more importantly, how to measure high availability (HA). HA means something different depending on whom you're talking with so it's worth a quick definition. I define HA as:

Focused on the technology and processes to prevent application/service outages at the primary site or in a specific IT system domain.

This is in contrast to disaster recovery or IT service continuity (ITSC) which is about preventing or responding to outages of the entire site.

Why so many inquiries about HA recently? I believe that due to our increasing reliance on IT as well as the 24X7 operating environment that companies of all sizes and industries are becoming more and more sensitive to application and system downtime. The interest in measurement is driven by the need to continuously improve upon IT services and justify IT investments to senior management, especially now.

So where to start? First, focus on the entire IT service, not just the individual infrastructure components. Availability is the result of the aggregation of all the availability factors of all architectural components supporting the IT service. Most components (networks, servers, storage, operating systems etc.) spec to 99.95% or 4.4 hours of downtime per year (based on 24X7).  However, the combined service or IT system availability would fall below the 99.95% availability. Given the increasing reliability of all the components, most IT organizations do measure availability at 99.9% or above.

However, 99.9% availability is misleading, and it's misleading how some IT organizations report it. Is this for unplanned downtime or does it include planned downtime? Raw availability includes unplanned and planned downtime while adjusted availability includes only unplanned. Organizations often keep track of both. Also, when did the outages/disruptions to the services occur? Consider the difference between:

    • 1 PM to 5 PM M-F and
    • Weekly outages of 30 minto 60 min at 4 AM local time or on the weekend

    • In many cases, timing and duration are more important than total downtime/outage. Is the 99.9% availability based on 24 X 7 hours of operations or business hours? If you were down 4 minutes last month, was it during business hours or over the weekend?

    It's not as widely adopted as say incident management, but there is an ITIL availability management process. In ITIL v3, the suggested key performance indicators for availability management are:

    • Availability of IT services compared to agreed upon service-level agreements
    • Duration of disruptions to IT services
    • Number of disruptions to IT services
    • Number of infrastructure components with availability monitoring

    Developing and agreeing upon the SLAs is going to be the toughest part but I think these KPIs are good starting point toward metrics that matter to the business. And while your organization is unlikely to spend huge sums of money on propietary fault-tolerant systems or high-end clustering solutions, there are cost-effective solutions that will provide a rapid restart of IT systems or leverage virtualization technologies. The HA discussion is no longer and all or nothing discussing, it's a discussion about providing a range of offerings that provide the required level of availability at a cost justified by the risk and cost of downtime.

    Automating and measuring HA and ITSC will be a major focus of my research over the next several quarters. I'm very interested to hear from companies how they're approaching this today. What's working, what's not working?

    By Stephanie Balaouras

    Check out Stephanie's research

    Posted by Stephanie Balaouras at 10:11 AM in High availability, Stephanie Balaouras | | Comments (1) | TrackBack (0)

    April 29, 2009

    Swine Flu? What It Means For IT Professionals

    Stephanie The US Center for Disease Control (CDC) has confirmed 64 cases of swine flu in the United States and as other countries including Canada (6), New Zealand (3), the United Kingdom (2), Israel (2), Spain (2), and now Germany have confirmed cases, the World Health Organization has raised the worldwide pandemic threat level to Phase 4. This means health officials have confirmed that the disease can spread person-to-person and has the potential to cause "community-level" outbreaks. The CDC recommends avoiding travel to Mexico and if you get sick, to stay home from work. Large numbers of employees out sick will impact the business (revenue) and cost your company a lot of money in productivity loss (you still pay employees their salary when they're out).

    Stopping the spread of the disease and treating those infected is obviously a health issue, but the swine flu outbreak does have implications for IT professionals in both the short term and the long term. First, if you haven't done so already, you need find a copy of the bird flu business continuity plan (BCP) that your company developed in 2006 and call a walk through exercise immediately. And if your responsibility is IT disaster recovery and not necessarily business continuity, don't wait around for someone else to dust of the plan and call the exercise - this is too important to wait. Call your CIO, CISO, COO, and CEO and tell them it needs to be done now. There's a good chance that the plan is out of date and that it hasn't been exercised in a long time.

    A plan walk through is no substitute for a more thorough exercise but its a good place to start. This will help you:

    • Validate the currency of the plan and the procedures.
    • Validate team member roles and responsibilities.
    • Understand what technology and services you currently have in place.

    After the plan walk through, you will need to conduct a more thorough exercise that will validate team member competence, confirm the time it takes to execute each activity, and validate the technology you have in place to support the plan including:

    • Automated communication and notification solutions for crisis and emergency communication.
    • Remote access procedures to ensure that the greatest number of employees can effectively work from if there is a "community-level" outbreak and more travel restrictions.

    As you dust off the plan, update it, and exercise it, you've also got to make sure that you roll out a training and awareness program so that employees know what to expect in terms of communication from senior management, where to go for information, and what to do when and if you invoke your pandemic BCP. As IT, this might not be your responsibility, but you need to raise the issue during exercises.

    What swine flu has done is reminded us all of the necessity to plan for threat scenarios that affect people more than they do data centers and other physical corporate facilities. Alternate work area facilities, mobile recovery units, and other workforce recovery strategies aren't effective when people are home sick or there are travel bans in place. In these scenarios your workforce recovery strategy must rely on remote access solutions or virtual workforce solutions.

    In a recent joint Forrester and Disaster Recovery Journal survey, we asked 285 BC/DR decision makers if their company had strategies for workforce recovery in their BCPs, 68% said yes. This means that 32% of you out there have a lot of work to do. Of the 68% that have strategies in place, 86% use remote access procedures as part of their strategy;

    Workforce Recovery

    Remote access or virtual workforce solutions can be as simple as VPN procedures for employees with laptops or remote desktop solutions like Citrix GoToMyPC or LogMeIn or more advanced solutions like desktop virtualization or application virtualization. Bottom line, you want employees to be able to access their data and applications so long as they can get to a computer with Internet access.

    You also have to think about your own employees: how will you run IT operations if key employees are out sick or can't get to work? There's a lot you can do remotely, but not everything. You have to ask yourself: how many employees have we cross-trained for other job functions? Can your storage administrators run backups? Could your server admins allocate storage or debug a storage network problem? Cross-training in critical functions is another part of workforce recovery or, I should say, workforce continuity.

    I have an upcoming report that looks at the human side of business continuity and disaster recovery planning. I'm interested to hear how the swine flu has changed your priorities and how senior management has asked IT to help in the response.

    By Stephanie Balaouras

    Check out Stephanie's research

    Posted by Stephanie Balaouras at 09:34 AM in High availability, Stephanie Balaouras | | Comments (2) | TrackBack (0)

    June 30, 2008

    Clockss Ticking On Digital Preservation

    Jomaitland Not a moment too soon, libraries, universities, and publishers across the globe have flicked the switch on a collaborative digital archiving project that promises to preserve important scholarly content forever.


    Graft: Organ and Cell Transplantation, a journal from SAGE Publications, just went out of print and has moved years of its online content to the community managed Controlled LOCKSS archive. The archive uses the Lots of Copies Keep Stuff Safe open-source technology developed by Stanford University and is geographically dispersed across nodes at universities from Edinburgh to Virginia.


    It’s a long-term global archiving project that will serve the joint library and publisher communities in the event of a natural disaster and make orphaned or abandoned works readily available to the general public, for free.


    CLOCKSS sheds some light on how businesses might start to think about preserving important intellectual property, maintaining authenticity of records, and managing long-term archives. For IT infrastructure and Ops professionals tasked with building and managing long-term archives and plagued with vendor lock-in, high upfront cost,s and ongoing maintenance fees, this open-architecture offers a glimpse of how to build a massively scalable, online archive, without these headaches.


    By Jo Maitland

    Posted by Rachel Batiancila at 11:28 AM in High availability, News and Events | | Comments (0) | TrackBack (0)

    June 24, 2008

    Can You Trust Historical Weather Data To Assess Risk Any Longer?

    Stephanie_2 The severe flooding across the Midwest has caused at least 24 deaths and while there are no exact estimates, the damages are expected to be in the billions of dollars. This is the second time in the last 15 years there has been a supposed “100 year flood” of the Mississippi River. The flooding has caused inestimable financial and emotional losses for residents, and some might not return to the area. Those businesses that do not directly rely on the Mississippi for their operations and the surrounding area – like shipping and farming -- need to decide if they’ll re-build in the flood plains of the Mississippi. The answer is likely no.

    According to a recently published report by the US National Oceanic and Atmospheric Administration (NOAA), “droughts, heavy downpours, excessive heat, and intense hurricanes are likely to become more commonplace as humans continue to increase the atmospheric concentrations of heat-trapping greenhouse gases.” The report also indicated that there have been statistically significant increases in heavy precipitation (the heaviest 5%) and very heavy precipitation (the heaviest 1%) in the last three decades of the 20th century.

    Standard 100 year historical data is becoming less helpful when it comes to assessing the risk of a particularly geography for the location of your corporate headquarters or new data center. Instead, businesses should take the last 100 years into account but pay special attention to the last 30-50 years of data and also assume the frequency of these events will increase.

    By Stephanie Balaouras

    Check out Stephanie's research.

    Posted by Chris Silva at 06:43 PM in High availability, Stephanie Balaouras | | Comments (0) | TrackBack (0)

    May 20, 2008

    Can Great Bay Software Help Redefine NAC?

    Rob NAC is an ever evolving topic in its definition and understanding. For me, NAC remains a curiosity. Our clients crave deploying it, but remain stymied by its ever evolving nature. NAC today is about enforcement, policy, and posture. Adding to the mix of these features is better identity for your users and asset management for your non-computing network attached end points. This last issue is actually becoming a real sore point as more IP enabled devices start to show up on your network. IT managers are brainstorming ways to track, monitor and manage end point devices such as printers, faxes, IP phones, badge readers, HVAC systems, wireless access points, etc. Yet most NAC solutions today don’t adequately extend access control to these non-computing endpoints. In fact, many just require you create a white-list and allow these devices to bypass any authentication and access control framework. 

    Role based identity management is crucial for a well rounded NAC solution, but we’d argue no system is complete without asset tracking and comprehensive endpoint profiling. Enter Great Bay Software, which is addressing these issues and partnering with infrastructure-based NAC vendors such as Cisco and Juniper. If you have deployed NAC from any of these vendors — or even thinking of jumping on NAC bandwagon — then Great Bay Software is an operational lifesaver. Its Beacon Endpoint Profiler enables discovery of network attached endpoints and it includes information about the type and location of the endpoint. As Beacon crawls the network it will actually build a central repository of non-computing endpoints. This “fingerprinting” claims to be extremely accurate and will discover, classify, and allow you to extend policy to all the devices listed above — which can be upwards of 50% of the IP-enabled nodes on your network!. Moreover, Beacon handles all non-EAP devices prior to implementing strong authentication, which means a smooth onramp to port-based security such as 802.1x.

    With the release of Sponsored Guest Access solution, Great Bay Software is also entering into the guest user access market. Its SGA solution will enable management, monitoring, and configuration of guest clients, which is a much needed feature for today’s NAC solution. Overall, Great Bay Software may not be the most glamorous technology, but we think it will become a de factor standard for successful, large-scale NAC deployments. Yep, we truly believe it’s that important.

    By Robert Whiteley

    Check out Robert's research

    Posted by Walid Saleh at 04:53 PM in High availability, Robert Whiteley | | Comments (0) | TrackBack (0)

    May 12, 2008

    VMware Advances DR Preparedness

    Stephanie

    On May 12th, 2008 VMware announced that nine storage replication vendors have tested and certified their technology with VMware’s long awaited Site Recovery Manager (SRM) offering. SRM is an important step forward in DR (DR) preparedness because it automates the process of restarting virtual machines (VM) at an alternate data center. Of course, your data and your VM configuration files must be present at the alternate site, hence the necessary integration with replication vendors. SRM not only automates the restart of VMs at an alternate data center, it can automate other aspects of DR. For example, it can shutdown other VMs before it recovers others. You can also integrate scripts for other tasks and insert checkpoints where a manual procedure is required. This is useful if you are using the redundant infrastructure at the alternate data center for other workloads such as application development and testing (a very common scenario). When you recover an application to an alternate site, especially if your redundant infrastructure supports other workloads, you have to think about how you will repurpose between secondary and production workloads.  You also have to think about the entire ecosystem, such as network and storage settings, not just simply recovering a VM.

    Essentially, VMware wants you to replace manual DR runbook with the automated recovery plans in SRM. It might not completely replace your DR runbook but it can automate enough of it. So much so that DR service providers such as SunGard are productizing new service offerings based on SRM.

    Automating more aspects of the DR process is critical to improving DR preparedness. Companies make enormous investments in technology to facilitate DR but they rarely test their capabilities. According to Forrester survey data, 23% of enterprises never conduct a full DR test and only 40% conduct a full DR test once a year. SRM can help companies conduct more frequent tests because automation can reduce the time to execute a test as well as the risk. Forrester believes that frequent testing is the only way to truly prepare for DR.

    SRM isn’t free but it’s not exorbitant. It can be purchased a la carte or bundled with other VMware software. The bottom line is that companies are already using server virtualization to improve DR, they’re just doing it manually. In fact, it’s now the number one motivator for virtualization adoption. To some extent, SRM is almost late to market with the needs of customers. Forrester recommends that companies evaluate SRM as part of future purchases and consider purchasing a la carte licenses for existing environments.

    By Stephanie Balaouras

    Check out Stephanie's research.

    Posted by Walid Saleh at 11:30 AM in High availability, News and Events, Stephanie Balaouras, Virtualization | | Comments (0) | TrackBack (0)

    April 10, 2008

    IBM Expands Replication Capabilities With Acquisition Of FilesX

    Stephanie On April 10, 2008, IBM announced its intent to acquire FilesX, a small startup that offers server-based replication and continuous data protection technology. The acquisition will become part of the Tivoli Storage Manager (TSM) family of products.


    This acquisition will help IBM Tivoli fill a gap in their current portfolio of offerings for data protection. The vendor currently offers Tivoli Storage Manager (TSM), which is one of the leading enterprise-class backup software applications, and Tivoli Continuous Data Protection for Files, a product mostly used to protect PCs. In addition to traditional backup to tape or disk, TSM can also manage Microsoft Virtual Snapshots (VSS) and its own IBM storage-based snapshot technology in support of instant restore or snapshot assisted backup. But the company didn’t really have an offering for customers who wanted something that was better than backup but not as expensive as storage-based replication, this is where FilesX comes in. With FilesX, IBM can now address the recovery requirements of small enterprises that can’t afford storage-based replication. They can also meet the recovery requirements of large enterprises that want to protect more servers within their company with a more affordable replication offering as well as servers at the remote office.


    To be really successful, IBM will need to integrate the management of FilesX into TSM. Customers are no longer interested in having multiple point products for the continuum of data protection options; they want to manage backups, snapshots, replication, and continuous data protection (CDP) from a single console. If achieved, IBM will compete head-on with offerings from CommVault and may surpass the current capabilities of Symantec NetBackup and EMC NetWorker. It’s unfortunate that IBM’s storage-based replication technologies are managed from within IBM TotalStorage Productivity Center; integrating the management of this functionality would make TSM the one stop for any IBM protection technology.


    By Stephanie Balaouras


    Check out Stephanie’s research

    Posted by Rachel Batiancila at 04:28 PM in Acquisitions and partnerships, High availability, News and Events, Stephanie Balaouras | | Comments (0) | TrackBack (0)

    February 12, 2008

    Dell Acquires MessageOne And Buys Its Way Into SaaS

    Stephanie It’s official, the future of information management and infrastructure is software as a service (SaaS). Today, Dell announced its intent to acquire the powerhouse in email continuity and archiving, MessageOne. This acquisition will give Dell the cornerstone that it needs to build out its own suite of SaaS offerings. Dell clearly didn’t want to be left out of race as it watched Iron Mountain successfully building out its SaaS offerings and watched its competitors and partners complete significant acquisitions in the market including Seagate Services’ acquisition of Evault, EMC’s acquisition of Mozy and IBM’s recent acquisition of Arsenal Digital Solutions. Then there’s Symantec who is building out its Symantec Protection Network.

    Dell’s acquisition of MessageOne is good for IT Infrastructure and Operations professionals. Increase competition will force the more rapid development of additional SaaS services for information management and infrastructure and it will put pressure not only on pricing but on improved customer service. Going forward there will be a lot of focus on customer service such as who can provide the absolute most secure environment in a multi-tenant architecture, who can provide 24X7 customer support and who can provide a unified customer experience when it comes to metering, billing and reporting across all SaaS services.

    The acquisition also means that the next time IT is considering new approaches and strategies to backup, archiving and disaster recovery, IT must consider SaaS services in addition to premise-based deployments of these solutions.

    By Stephanie Balaouras

    Check out Stephanie's research.

    Posted by Walid Saleh at 11:49 AM in Acquisitions and partnerships, High availability, Stephanie Balaouras | | Comments (1) | TrackBack (1)

    December 28, 2007

    Microsoft Makes A Bigger Step Into DR With Exchange Server SP1

    Voce Microsoft recently released the final version of Exchange Server 2007 SP1, bringing many features into production that didn’t make the cut for the original RTM. Some of the more notable enhancements include improvements to Outlook Web Access (OWA) and the management console and native IPv6 support. Arguably the most significant addition is Standby Continuous Replication (SCR). SCR enables organizations to replicate storage groups to stand-by servers or clusters at remote or secondary data centers. The SCR target can be manually activated if there is a failure at the primary data center. Existing disaster recovery (DR) solutions using native Microsoft tools were scarce and complex, especially compared to other platforms like Domino. To date, third parties like Symantec, NetApp, and Mimosa Systems have filled the gap for customers looking for true rapid failover in site-level failures, but some companies like to see more native options. SCR could be an interesting alternative for firms looking to balance cost and their recovery SLA's. It will be interesting to see how quickly firms integrate this into their DR planning and what kind of issues or limitations, if any, they come across.


    High availability (HA) and DR options in Exchange are rapidly evolving and shifting the reliance on expensive storage hardware for resiliency up into the application. Windows Server 2008 brings significant improvements to clustering that will make it simpler to deploy and increase its flexibility and effectiveness in creating greater separation between sites, having a direct impact on HA and DR planning. Server virtualization’s benefits in Exchange environments are still being explored as to how it can best compliment or enhance the resiliency of the different Exchange server roles. The addition of SCR is a great step for Microsoft in adding native site resiliency for the Exchange message stores, but firms still must look at contingency planning for all of the ways their users rely on email, whether that be mobile devices, OWA, or other business applications that leverage Exchange. If any of these are unavailable, Exchange is still “down”.


    By Chris Voce


    Check out Chris' research

    Posted by Rachel Batiancila at 03:39 PM in Chris Voce, High availability, News and Events | | Comments (0) | TrackBack (0)

    Next »

    Search this blog

    Enter your email address:

    Delivered by FeedBurner

    I&O Podcasts

    You should follow these analysts on Twittersmall

    Stephanie Balaouras

    Elizabeth Herrell

    Evelyn Hubbert

    Natalie Lambert

    Glenn O'Donnell

    Galen Schreck

    Chris Silva

    James Staten

    Chris Voce

    Doug Washburn

    Simon Yates

    The rest of the I&O team
    on Twittersmall

    Rachel Dines

    Christian Kane

    Categories

    Archives

    More...

    Forrester IT Blogs

    Entire contents ©2009 Forrester Research, Inc. All rights reserved. Forrester® is a registered trademark belonging to Forrester Research, Inc. Any use of the Forrester name is subject to Forrester's Citation Policy, available at www.forrester.com. The content on this Weblog is available for your informational and non-commercial use only. Usage by a company or organization for promotional, sales or advertising purposes must adhere to Forrester's Citation Policy and must be approved by the Forrester Citation Team. The views expressed by outside contributors and links to outside websites do not represent the views of Forrester, its management or employees. All content on this Weblog has been made available on an "as-is" basis, and Forrester shall not be liable for any direct or indirect damages arising out of use of this Weblog.