More Related Content Similar to 232 a7d01 (20) More from SMK PRASASTI KARANG BERAHI JAMBI (20) 232 a7d011. College of virtualization: Lessons in integrating data protection
software
Sponsored by Dell VMware
Speaker: Tom Nolle, President, CIMI Corporation
Moderated by Kate Gerwig
Karen Guglielmo: Hello, and welcome to a SearchStorage.com presentation, ‘College
Of Virtualization - Lessons For Integrating Data Protection Software’. This presentation
is being brought to you by Dell and VMware. For more information on Dell and
VMware, you can click on their logo in the lower portion of your screen. My name is
Karen Guglielmo, and I will be your moderator today. Joining me today is Laura DiDio,
a Hi-Tech Analyst and Consultant, a professional writer and a former reporter. She is a
principal at Information Technology Intelligence Corp., a company she founded. Before
we begin the presentation, I would like to review a few housekeeping items with you.
First, the slides in the presentation will be pushed to your screen automatically. If you
have any questions throughout the presentation, you can type them in the ‘Ask A
Question’ area located on the right-hand side of your screen and they will be addressed
following the event. If you have any difficulty viewing or reading the slides, click on the
‘Enlarge Slide’ button located in the bottom portion of your screen, and finally, if you
experience any technical difficulties with this presentation, click on the ‘Help’ button in
the lower right corner of your screen. With that said, I am now going to turn things over
to Laura DiDio to begin today’s presentation. Laura.
Agenda
•Overview: Data protection software
•Getting Started: General Advice
• Business & Technology Considerations
•Deployment
• Configurations & what to buy
•Conclusions & Recommendations
Copyright © 2009 ITIC All Rights Reserved
2. Laura DiDio: Thanks, Karen, and welcome everyone. It is a pleasure to have you here
with us. We are going to dive right in and get started because this is a hot topic and we
have a ton of information and data to help you with. Okay, so our agenda, we are going
to give you an overview of data protection software. We are going to give you some
general advice, business and technology considerations and some, you know, deployment
considerations, configurations, what to buy, what to do, and then we will give you our
conclusions and recommendations and we will wrap up with Karen doing some Q and A.
Overview: Data Protection
• Effective, efficient Data Protection is a core, fundamental
network component
• SMBs using virtualization will face additional challenges in
managing and protecting data
• Data protection ties into DR Strategy
• Virtualization generates lots of data
• Organizations must be able restore and recover data
quickly
• Absence of data protection will compromise the entire
network and potentially put your business at increased risk
for litigation
Copyright © 2009 ITIC All Rights Reserved
Okay, so data protection. Okay, this is a no-brainer, as we see on the slide. Efficient,
effective data protection is a core fundamental network component. Now, SMBs that use
virtualization, and that is many of you, especially on the server side but in your head we
are expecting a lot of you are also going to implement VDI, Virtual Desktop,
virtualization and also application virtualization as time goes on. You are going to face
specific additional challenges in managing and protecting your data and as we will see,
your data protection strategy is going to tie into your disaster recovery strategy and also
your virtualization strategy. One reason for that, virtualization generates a lot of data
when you are actually looking at things. So, there is going to be in some ways more for
you to manage at once. Clearly, organizations have to be able to restore and recover data
quickly and they have to make sure it is protected. The absence of data protection, we
don’t have to tell any of you, will compromise your entire network and especially
because you are SMBs who are even more risk averse than your enterprise counterparts, a
really bad hack could potentially put your business at increased risk for litigation or even
put you out of business.
3. Data Protection: Getting Started
•Thoroughly review existing infrastructure & data protection
• Start with a pristine network
• Fix what’s broken
• Regularly upgrade data protection equipment and
software
• Make a data protection/security plan, stick to it and enforce
it!!!
Copyright © 2009 ITIC All Rights Reserved
Now, as we turn to the next slide, getting started with data protection, once again, you
have to start at the beginning and that means you want a pristine network environment or
as pristine as it can be. That means you have got to start by thoroughly reviewing your
existing infrastructure, locating what are the weak points, are there any open doors, open
ports, backdoors, what type of hardware do you have, server hardware, do you need
ruggedized server hardware, how is your encryption. So do you have the latest upgrades?
You need to fix what is broken or what is old and outmoded, and you should be regularly
upgrading your data protection equipment and software. There was a famous German
19th century military strategist who said that military secrets are the most fleeting of all.
In the 21st century computing environment, what I would say is security and data
protection is one of the most fleeting of all, because as soon as you have one thing fixed
there is a hack to exploit something. There are always new and improved ways to crack
into and compromise the security and data protection of your network. So you have to
stay on your toes with this and it is a question of months, not years. You need to make a
data protection and security plan, stick to it and enforce it and by enforcing it that means
with all of your users and you need to disseminate what your security and data protection
plan is, what the rules are, and what the penalties are for violation.
4. Have you determined the cost of one hour of
downtime for critical or mission-critical
processes?
Copyright © 2009 ITIC All Rights Reserved
Do you have defined benchmarks to measure
component, system or infrastructure
performance?
Copyright © 2009 ITIC All Rights Reserved
So, as we turn to the next slide, the next few slides we are going to show you are based
on the realities of what is happening now. This is survey data from ITIC over the last six
months. We asked folks, have you been able to determine the cost of one hour of
downtime? Okay, now you will notice only one third of companies said yes. That is the
bad thing. So you have 51% who say no, and 14% who are unsure. So guess what? The
majority of people don’t know what damage can be brought. That is bad. You have to
know what the consequences are and if you don’t know how much downtime costs, there
is probably a lot of other things you don’t know either. When we look, we ask people, do
you have defined benchmarks to measure performance? Now security, actually this is a
better one, almost 40% said yes, but almost 50% said, you know, no. Again, bad number
there. We asked people what happens when something goes down, what factors do you
5. include in the cost? Once again, you can see productivity lost, but you look for all of
these things and this is all tight security and data protection. If your security is
compromised, if your data is unprotected, guess what? All of these things are going to
happen. You are going to have dissatisfied customers, damage to your reputation. You
are going to have regulatory exposure. You will lose, almost certainly lose revenue.
There is going to be an upstream and downstream impact from, everyone from the C
level executive to your endusers, to your business partners, to your suppliers, to your
customers. So, there is also the risk of SLA penalties, risk of litigation, the cost for what
happens for lost productivity for your employees, all sorts of things.
If yes, which factors are included in calculation
of downtime cost (select all that apply)?
Copyright © 2009 ITIC All Rights Reserved
Next slide, we asked people how many tier 2 outages, that is midlevel, 30 minutes to four
hours has the firm experienced within the last 12 months? Now, this is always dicey
because people talk about these things a little bit, you know, differently, but 44% said 1
to 3 outages. We also had 28%, nearly one, you know, one third said we did not have
any. That is not necessarily a number I believe in, but 15%, as you could see, we got,
said that they had 3 to 6 outages and then 5% said 5 to 10 outages. We had other people
who were unsure and then only 3% owned up to having more than 10 tier 2 outages, but
any outage is going to cost you money. Again, so...these numbers, a lot of people are just
guesstimating or they are not owning up to it, but still, you can see that this is pretty
prevalent. The tier 2 outage by the way is going to involve your network administrators,
having to do remediation, getting involved, so it is going to be time, it is going to be
productivity loss on the enduser side, it might mean your clients cannot get access to
data, business suppliers, partners, etc.
6. How many Tier 2 outages (30 min. to 4 hrs.) has
your firm experienced within the last 12 months?
Copyright © 2009 ITIC All Rights Reserved
But it is not the worst thing that can happen, as you can see from the next slide. We
asked what about the most severe tier 3 outages? That is four hours plus and you may or
may not have data loss, but you probably have some data loss. We had two thirds of
people said, no we have not had any, 66%, we have not had any tier 3 outages. Again,
that is not necessarily a number I believe because a lot of people want to keep quiet about
it. But as you can see, the remaining one third do have outages and this is going to be
significant in terms of the business operation, the cost, the remediation, the potential
damage to your reputation. So, the only good outage is not to have an outage.
How many Tier 3 outages (4+ hrs. w/data loss)
has your firm experienced within the last 12
months?
Copyright © 2009 ITIC All Rights Reserved
7. If your firm was unprepared to respond to the
Tier 2 or Tier 3 incident, what changed
afterward?
Copyright © 2009 ITIC All Rights Reserved
We also asked people to say, how prepared are you to address these outages when they
occur and as you can see, 41% or 2 out of 5 businesses said they are prepared. Then
51%, the majority said, we are somewhat prepared. We have some plans in place but
there was also some confusion. This is getting closer to the truth and then 5% basically
said they were unprepared, caught off-guard and really had to scramble, and 3% said that
they were totally caught off-guard and they were unable to respond in an effective timely
manner. So, you could imagine if you were in that 8% category minority, how damaging
that could be, especially since you folks are smaller businesses. It is going to really
impact you more. So you don’t want to be in a position where you are reacting to data
losses, network outages because you don’t have a data protection plan. Then we also
asked, well okay, if you were in that, if you are unprepared or only somewhat prepared
for data losses after one of these incidents, what changed? Now, 42%, again 2 out of 5
businesses that is, basically said they learned their lesson, but they are still working on
being proactive. But 22% said nothing changed, it was business as usual. We had 10%
who really became proactive and said we learned our lesson, we established service level
agreements and we made a future response plan. And then you had a 2% minority that
said, look we just played the blame game, pointed fingers and we have not done anything
constructive. So, this is an object lesson here for those of you who are in our College of
Virtualization, for what happens when you get out to the real world, you don’t want to be
in those slices where you are being reactive rather than proactive and have not done
anything constructive.
8. How certain are you that the SLA commitments
you expect from others align with the IT
services expectations your clients have of you?
Copyright © 2009 ITIC All Rights Reserved
Another question we asked and this plays right into data protection, security, etc. We
asked people do you require SLAs from your IT vendors, your hardware, your OS, your
application, your storage, your network virtualization vendors because if you don’t, you
should, and what we saw here is that only 17% absolutely say they do all of it. Now, you
can see from these, the smaller globe here, the pie chart, it is a higher percentage, 56%
from enterprises, with more than 3000 users, so clearly the SMBs are lagging behind
here. And we see 23% said we are not requiring anything beyond standard warrantee.
Again, you should require SLAs. It does not matter whether you have 10 people in your
organization or 500. You should require service level agreements and basic minimum
metrics and standards for performance from your vendors. Again that should be a staple
of any data protection plan.
9. How certain are you that the SLA commitments
you expect from others align with the IT
services expectations your clients have of you?
Copyright © 2009 ITIC All Rights Reserved
And this one here, this is scary. How certain are you that the SLA commitments you
expect from others align with the IT services’ expectations your clients have of you?
And again, only 2 out of 5 businesses were reasonably sure. You see that the largest slice
of this pie, okay, by 58% is either uncertain, you know, or excuse me you only have 12%
that are certain that they align. You have to make sure again data protection is 50%
technology, but it is 50% policy and human due diligence and that is what these slides
talk about here. So, you can get all of your best hardware from Dell, your best
virtualization and security software from VMware, but it is not going to mean a thing if
you are not putting policies and practices in place to protect your data. It would be akin
to buy the most expensive security or alarm system for your home and then going out and
leaving the windows open and the doors unlocked and not arming the security system.
So, half of this is going to be up to you.
10. Data Protection: Best Practices
• Check for compliance
• Virtualized environments contain more data – if there a 6
VMs on a single server you will see > 1 Tbytes of data if it
fails
• Virtualized data protection failures will take down
multiple servers!
• Ensure adequate bandwidth
• Check carrier routes
• Determine whether you’re protecting the data at the
hypervisor or OS level
• Ensure that you have the latest versions, patches
• Standardize the environment as much as possible
Copyright © 2009 ITIC All Rights Reserved
So turning now to the data protection best practices, the first thing you have to do is take
a look, are you in compliance? Okay, with all of your licensing agreement, are you in
compliance with regulatory issues for security and that is going to have pretty big
implications for those of you who are in the SMB space, you might be in a doctor’s office
or a dentist’s office, what have you, where medical records are kept. You have got to
protect that data, if it gets out, wow! You know what happens. It could just be business
records. It does not have to be medical records. It could be anything but you need to
protect and preserve your data. In a virtualized environment and many of you now, as the
cost of virtualization and hardware has come down so much, you are virtualizing, you
know, your server and increasingly your application environment. Virtualization is a
great thing. You can consolidate space, you can consolidate application, cutdown on
your manpower hours, utility costs, you name it, but you have to be aware that virtualized
environment will contain more data. So, for example, if you have six virtual machines on
a virtual server, on some level, as the network administrator, you will see six machines,
however, if you connect...once you connect to the host server, what you are going to see
is probably 1.5 terabytes of data. So, if that fails, if the virtualized environment fails, six
servers are going to be taken down. So, data protection is crucial because now much
more of your infrastructure is going to be contained under a single physical host server.
So, you are going to have a single point of failure even though you might...your
applications are in isolated containers. Okay, and if you have got locally attached
storage, it is going to be another big single point of failure. If it is SAN attached storage,
you will lose access to the data. So, from the business standpoint, the data would still be
inaccessible. Okay, so you need a comprehensive, cost effective solution that will
manage both your physical and virtual servers alike and that is one of the things that we
are seeing with VMware’s, vSphere, the latest version vSphere 4.
11. Conclusions & Recommendations
•Data Protection is a MUST!!!
•Business & technology planning are symbiotic
• Formulate a data protection plan and adhere to it!!!
•Keep Records – Organizations should document
everything: costs, manpower, remediation efforts; fallout
(e.g. lost business) from a disaster
•Budget accordingly
•Upgrade infrastructure as needed
•Adhere to the three “Cs”: Communicate, Collaborate &
Cooperate
• Enforce SLAs!
Copyright © 2009 ITIC All Rights Reserved
Now, your virtualized data protection failures will take down multiple servers, again, so
you don’t want that to happen. You want to be proactive not reactive. You have to
ensure adequate bandwidth. Again, all the data in the world contained in these
virtualized environments won’t be any good if you cannot transmit it if the pipes are too,
you know, not adequate, they are too small. So check your bandwidth. You also want to
check your carrier routes. Okay. Access in and out of the server, you might think that
you have enough redundancy, but you want to make sure that the carriers are not
subletting the same lease lines. So there has been many an instance where it is on the
same line and that line, that one trunk line goes down and you are still out. The other
thing you need to do is determine whether or not you are going to protect your data at the
hypervisor or the OS level. Okay that has implications as well. You also want to ensure
that you have the latest versions and patches updated. You need to standardize the
environment as much as possible that will cutdown on the amount of time you are
spending doing remediation work and it will cutdown on your management time as well.
Standardized environment can really cut your time to recover from a data loss or a hack
by about on average one third, but standardizing the environment helps because you are
not running hither and yon and a lot of times we find that the data is compromised
because you have not applied a patch or you have got different versions and the versions
are not interoperating together and that can cause disruption to the operation, you know,
to the network operation.
As we turn to the next slide, finally the conclusions and recommendations. You know
this, data protection is a must. Your business and technology planning are symbiotic.
Again, cannot overstate this, 50% of your data protection strategy will depend on the
technology. So you need good, strong underlying technology from your virtualization
vendors like VMware, from your hardware vendors like Dell, but the onus is also on the
C level executive, the IT department, and the endusers to strictly adhere to best practices.
You have to formulate a data protection plan, you must adhere to it. I cannot tell you
12. how many times I have been in consulting situations with some of the top Fortune 100
firms and they are four revs behind on their antivirus software. They have a data
protection plan that is four years old, they have not looked at it, they have not set
penalties or, you know, disseminated and distributed the computer data protection policy
and rules. You have to have rules in place, you have to enforce them, your endusers have
to know what they can and cannot do and what the penalties will be for infringing on the
rules. You also need to keep very, very good records. You have to document
everything. That means if you have had some data protection losses, how much did it
cost? How much is it costing you to buy the software, do you have adequate data
protection software and hardware in place, what is the costing to your manpower, what
about the remediation efforts, what has been the consequence or fallout from lost
business, if you have had a disaster or a hack? Budget accordingly. This is one area
where you do not want to skip. You need to also keep the entire infrastructure upgraded
as needed and once again you have to adhere to the three Cs, which is Communicate,
Collaborate and Cooperate, both internally and externally that means with your hardware,
software, virtualization providers. Ask them to help you out with best practices.
Companies like VMware now have an incredible array of tools, documentations, white
papers, that are available for free to assist you, so there is really, you know, no reason to
be behind the eight ball even if your organization is on a very, very tight budget and once
again, finally, you want to enforce those SLAs, service level agreements. You are paying
for all this equipment, so you and your vendors should be in sync and agree upon SLA
metrics that are most appropriate for your business and if it is not there, then you need to
rethink that policy and perhaps move on to another vendor. So, with that, I will turn it
over to Karen for the Q and A.
Getting Started: General Advice
•Know what’s on your network
•Adhere to the Three “Cs”: Communicate, Collaborate &
Cooperate
•Perform a thorough inventory and assessment of your
current environment
•Identify & Replace outmoded hardware
•Standardize the application environment
•Check and upgrade storage, bandwidth as necessary
•Security, security, security!
•Review Licenses
•Review SLAs
•Construct Operational Level Agreements (OLAs)
Copyright © 2009 ITIC All Rights Reserved
Karen Guglielmo: Great! Thank your Laura for your presentation. I would like to take
this time to remind everyone again that you are participating in a SearchStorage.com
presentation on ‘Lessons For Integrating Data Protection Software’. Today’s
13. presentation is being brought to you by Dell and VMware. If you would like more
information on Dell and VMware, you can click on their logo in the lower portion of your
screen. And now, we are moving on to the moderator Q and A portion of today’s
presentation. I am going to be asking Laura a couple of questions related to today’s
topic. So, let us get started. First, let me ask you, how is using data protection software
different in a virtual environment?
Deployment Best Practices
•Determine how you’re going to segment the virtualized &
cloud infrastructure
•Mix & Match: you can deploy Web servers and other
classes of servers in the same physical host
•Keep Production Applications separate for security
purposes!
•Adjust your network architecture/infrastructure to deal with
virtualized & private cloud environments
•Virtual infrastructure should have its own network
• It should not share with Email/messagging
•For the Virtualized/Private Cloud buy the most robust
hardware configuration the budget will allow
Copyright © 2009 ITIC All Rights Reserved
Laura DiDio: Well, it is different because, as we noted, virtualization is wonderful for a
lot of things, consolidation, for saving money, for saving time, but you have to really be
on guard because all of your, you know, data, you are going to have multiple instances of
application and data contained in a single physical server. So that can potentially be a
single point of failure, if you have not put the proper data protection controls and
configuration in place. So that is a scary thought. You know, you don’t want to take a
direct hit. So you really need to make sure that you have the proper hardware, proper
software and the proper data protection in that virtual environment.
14. Deployment Best Practices, contd.
•Public Clouds: Due Diligence is a must!
•Determine what tier of service you need
•Ask for References
•Ask Questions:
• What hardware do they use?
• How many paths in and out of the cloud
• What is the guaranteed response time
• Where are the hosts physically located
• What about security – physical and what are the country
policies if the host provider is outside of the U.S.?
• How are they segregating the services? SMBs will operate
much differently than an Amazon.com type business
Copyright © 2009 ITIC All Rights Reserved
Karen Guglielmo: Okay. So how is data protection linked to your disaster recovery
strategy?
Laura DiDio: They are inextricably linked. I mean it is a real symbiotic relationship.
So, for example, if you have protected your data but you don’t have a disaster recovery
plan in place and the worst happens, if you cannot recover from a disaster, then the best
data protection in the world, your data will still be safe but you are not able to access it.
So, the two have to go hand in hand, you have to protect the data to make sure it is not
compromised and it is not lost in the event of a disaster and the in the wake of a disaster
you have to make sure that you can recover quickly so you can get your users back up
and running and able to access the data. So overall, it is, you know, its data protection,
its disaster recovery, and it is business continuity. That is the Triumvirate that people
have to live by.
15. Conclusions & Recommendations
•Make a Business Plan based on the technology needs
•Construct a three-year technology plan
•Purchase the most robust hardware your budget will allow
•Make a security plan
•Adhere to SLA and OLA agreement
•Engage virtualization vendors & cloud providers
•Make use of tools & documentation available from vendors
like Dell, VMware and others
•Make sure your cloud providers are meeting their SLA
agreements with your organization
Copyright © 2009 ITIC All Rights Reserved
Karen Guglielmo: Okay, and finally, what would you say is the most common mistake
that people make in respect to data protection?
Laura DiDio: The most common mistake is the human error and that is they don’t have
a policy in place, they have an...or they have got an old policy, they have not dusted it
off. Things are really changing fast in security, data protection, managing the data, so
you have to constantly be upgrading this policy and again, I understand the focus of many
users, especially those people in the SMB space where you might have an IT department
that might be anywhere from one or two people up to maybe 10 people rather than dozens
or hundreds of IT managers. There is an incredible burden placed on these people and
the emphasis oftentimes is on just keeping the network up and running on a daily basis,
even if that means, you know, doing patch jobs here and there. But you have to make the
time and spend the money on data protection and that means you have got to get that
network protected to the extent it should be in 2010 and going forward because the
hackers are not standing still, there are...you are always going to find errors in software
that require a patch or some type of remediation or a fix. So you really want to stay on
top of this and once again if you are an overburdened IT manager or if you are in our
College of Virtualization right now and you are coming out and you are going to go to
work for an SMB, get to know your vendors. The vendors have a lot of tools at their
disposal. There are many free tools for self- assessment. There are many white papers
out there and documentation with best practices and how to, so engage them, also ask
them, what do I need? Is this the appropriate configuration for me in terms of my
hardware, how should I be configuring my virtualization environment so that it is
optimized for disaster recovery and data protection.
Karen Guglielmo: Okay. I am sorry, go ahead. You are going to wrap up?
Laura DiDio: No, so, I was just going to say, so that basically is the human element. It
is equally as important as the technology if not more so.
16. Karen Guglielmo: Okay, and that does conclude today’s presentation on, ‘College of
Virtualization - Lessons For Integrating Data Protection Software’. If you would like to
review today’s material at a later date, an archived version of this event will be made
available in our SearchStorage.com webcast library. I would like to again thank Laura
DiDio for taking time to be a part of today’s presentation, and I would also like to thank
Dell and VMware for sponsoring this event. And as always, thank you for taking the
time out to join us today. This is Karen Guglielmo, wishing you all a great day.