Right now, the internet probably seems like the Wild West.  Hackers are roaming around, seemingly attacking websites on a whim.  Most recently, groups like Anonymous, the Jester, and Lulz Security (LulzSec – now supposedly disbanded) have been attacking and successfully taking down web sites of all types.  Government and corporate, public and private, anybody seems as though they can be a target for these attacks.  While their reasons for attacking a site range from political statement to simply for the fun of it, hacktivists and black hat trouble makers alike, the end result is that hacking is now a real cause of downtime.

Disaster recovery-as-a-service (DRaaS), in my opinion, is one of the most exciting areas I look at. To me, using the cloud for disaster recovery (DR) purposes makes perfect sense: the cloud is an on-demand resource that you pay for as you need it (i.e., during a disaster or testing). Up until now, there haven't been many solutions out there that truly offered DRaaS--replicating physical or virtual servers to the cloud and the ability to failover production to the cloud provider's environment (you can read more about my definition of DRaaS in my recent TechRadar report), but so far today, we've seen TWO new DRaaS platforms announced from VMware and SunGard! Here's a quick roundup of what was announced today:

• VMware. VMware announced at VMworld that they will be making their popular Site Recovery Manager (SRM), a DR automation tool, available as a service through hosting and cloud partners. At launch, participating partners are FusionStorm, Hosting.com, iland, and Veristor.  Benefits: Built into the VMware platform. Limitations: VMware specific.

I've got backup on the brain. I guess this isn't an unusual occurrence for me, but it's also been bolstered by a week at Symantec Vision, a week at EMC World, as well as backup announcements about IBM's data protection hardware and CommVault's PC backup enhancements not to mention the flurry of cloud backup news this week from Trend Micro, CA Technologies, and Carbonite. All of this has gotten me thinking about the future of backup... we've come a long way from simple agent-based backup and recovery. Backup is just one piece in an ever-increasingly complicated puzzle we call continuity. If backup software vendors want to stay relevant they're going to need to offer a lot more than just backup in their "data protection" suites.

One thing that I’ve found in common across infrastructure and operations groups of all shapes and sizes is that they are continually searching for the ideal set of key performance indicators. A set of metrics that perfectly measures their infrastructure, demonstrates the excellence of their operations, but are still simple and cheap to collect. At least once a week I speak with a client searching for the holy grail of metrics, hopeful that I hold that coveted knowledge. They’re inevitably disappointed to find out that I don’t know what the best set of metrics is, and that I truly think that it doesn’t exist! Sorry if I’m bursting your bubble, but there is no essential set of metrics for all infrastructure and operations organizations. What makes sense for one organization to measure may be completely useless for another organization. What may be very simple to collect at one company is nearly impossible at another.

While I don’t believe in the myth of a single set of perfect metrics for all organizations, I do think it is valuable to learn from other organizations what they are measuring in order to compare them to your own metrics (and maybe steal some of theirs), which is why I am gathering a list of metrics from infrastructure and operations groups globally in order to form a database of metrics. Once we have a good number of metrics on this list, I will work to consolidate them down to the most commonly cited metrics and collect a benchmark on them. We’re calling this project “Forrester's Consensus Metrics For Infrastructure & Operations” and I really hope you’ll consider contributing to it because we can’t do this without your input.

Over the past several months, I've been receiving a lot of questions about replication for continuity and recovery. One thing I've noticed, however, is that there is a lot of confusion around replication and its uses. To combat this, my colleague Stephanie Balaouras and I recently put out a research report called "The Past, Present, And Future Of Replication" where we outlined the different types of replication and their use cases. In addition to that, I thought it would be good to get some of the misconceptions about replication cleared up:

Myth: Replication is the same as high availability
Reality: Replication can help to enable high availability and disaster recovery, but it is not a solution in and of itself. In the case of an outage, simply having another copy of the data at an alternate site isn't going to help if you don't have a failover strategy or solution. Some host-based replication products come with integrated failover and failback capabilities. 

Myth: Replication is too expensive
Reality: It's true that traditionally array-based replication has been expensive due to the fact that it requires like-to-like storage and additional licensing fees. However, two factors have mitigated this expense: 1) several storage vendors are no longer charging an extra licensing fee for replication; and 2) there are several alternatives to array-based replication that allow you to use heterogeneous storage and come at a significantly lower acquisition cost. Replication products fall into one of four categories (roughly from most to least expensive):