[PDF]Data Protection Considerations for Vblock...
2 downloads
212 Views
219KB Size
VCE Word Template
Table of Contents
www.vce.com
DATA PROTECTION CONSIDERATIONS FOR VBLOCK™ INFRASTRUCTURE PLATFORMS March 2012
© 2012 VCE Company, LLC. All Rights Reserved.
1 All Rights Reserved. © 2012 VCE Company, LLC.
Contents Executive Summary ................................................................................................................ 3 What is Data Protection? ..................................................................................................... 3 Industry Data Protection Trends and Objectives .................................................................. 3 Traditional Data Protection Methods versus Data Protection in a Virtual World - Today's Data Protection Challenges ............................................................................................................. 5 What does it mean for customers? ...................................................................................... 6 VCE Data Protection Story ..................................................................................................... 8 VCE Preferred Data Protection Solutions................................................................................ 9 Back-up & Recovery for Applications and Data ................................................................... 9 Site Recovery .....................................................................................................................10 Replication of Application Data ...........................................................................................10 Business Continuity ............................................................................................................10 Tiering ................................................................................................................................12 Summary/Conclusion .............................................................................................................13 Next Steps .............................................................................................................................13
© 2012 VCE Company, LLC. All Rights Reserved.
2
Executive Summary Data Protection is a critical element of the comprehensive planning effort for deploying the Vblock™ Infrastructure Platform. Data Protection on the Vblock platform specifically encompasses Backup/Recovery, Replication, Archive, and Business Continuity. VCE’s preferred data protection methodologies leverage proven, industry-leading components from EMC and VMware integrated into a seamless solution. The VCE Data Protection strategy encompasses three main tenants: Simplification – simplification of data protection in a virtualized environment. Completeness – end-to-end Data Protection solution covering all aspects from the Vblock platform and customer workloads. Flexibility – State-of-the-art Data Protection for new deployments. Preservation of legacy data protection system investments when updating needs to be deferred.
What is Data Protection? In the broadest context the term "data protection" encompasses a wide range of different technologies, techniques and methodologies used to ensure the integrity, availability and currency of both the data and the underlying delivery systems in an IT environment. For the purposes of this white paper, we are defining the discussion of data protection related to Vblock platforms, to include: The ability to back-up data and files for recovery in the event of loss or corruption The replication of data and files resident on one platform onto another, in order that the loss of a platform should not significantly disrupt service delivery The ability to maintain business continuity in the event of the loss or failure (either temporarily or for a significant period) of an entire platform or parts thereof The ability to guarantee both the availability and the integrity of data resident on a platform by creating back-up versions
Industry Data Protection Trends and Objectives Overcome shrinking backup window Despite some recent growth in overall IT spending, most IT organizations continue to grapple with fixed or even declining budgets and resources as the perennial demand to "do more with less" remains pervasive. Of course, the time available to execute back-ups, the back-up window, is also a precious resource. At best it remains fixed. At worst, it is being reduced as the pressure to provide continuous service operation around the clock increases, leading to a need for more frequent backups, e.g. nightly vs. weekly. At the same time the volume of data and the importance of IT services to the business continue to grow, and with virtualization and cloud services, even the way IT services are delivered is changing. The result is a significant increase in the number of critical applications for which backup alone is insufficient and for which high service availability is an imperative. These challenges put pressure on all aspects of the data protection strategy. The net result has been a migration from slower, less sophisticated technologies to faster and more capable ones that take account of falling storage costs and increased processing capabilities of virtual machines (VMs); disc-based storage is replacing tape to improve local transfer rates, de-duplication is © 2012 VCE Company, LLC. All Rights Reserved.
3
augmenting replication to reduce data volumes and speed off-site transfers and, dedicated back-up appliances are being put in place to offload on-board back-up processing. Minimize data protection costs through tiering While storage costs have declined over the years, it's certainly not free Every business unit wants zero data loss and zero downtime for 100% of their data. That is always true…. until they see the price tag associated with 100% site redundancies with fully synchronous replication. Responsibility falls to the IT department to offer fiscally responsible data protection options, or tiers, to the business units. Data protection classification involves understanding the objectives for each application and the cost of downtime in business impact and/or real dollars. Two key classifications are important here: •
The Recovery Point Objective (RPO) – How much data change is allowed between backups
•
The Recovery Time Objective (RTO) - How fast must the data be restored in the event of failure
Every application’s data should be protected by the appropriate data protection tier. For example, a loss of real-time financial transactions could have devastating negative impact on a business. Clearly this data easily justifies the highest level of data protection possible - low RPO, high RTO. In this case the objective would be zero data loss. Similarly, it will also be important that the data be restored almost instantaneously. At the other end of the spectrum, a data corruption on a desktop computer that is backed up nightly would be an inconvenience. It might mean someone needs to re-create a day’s worth of word-processing or spreadsheets, but is not likely to alter the corporations’ profitability. Determine the optimum data protection strategy When deciding which course of action to take to meet RPOs and RTOs it is important to consider different classes of failure and the circumstances surrounding them. Failure of a system component that can be easily replaced merits a different response than the loss of an entire data center or business location due to a disaster. Some failures can be more easily corrected than others. The corrective course of action will depend on the RPOs and RTOs that have been established. As an example: If the data for a particular application is backed-up every two hours and it takes an hour to recover operations from an alternate location, the recovery point will be three hours and the recovery time an hour. If a failure occurred and that particular problem could be resolved within less than an hour, it would be unnecessary to declare a disaster and to fail-over to a back-up system or location. When a failure is confined to a single application, as in the case of file corruption, the remedy should not disrupt other applications and services running on the same system/server. In such a scenario, recovery from a back-up data source should be implemented without the need for system fail-over. Determining the optimum data protection strategy requires careful consideration of all these factors, then matching them up to the right backup and recovery option. The Vblock platform's virtualized architecture is fully compatible with a complete range of options to meet the performance needs of the most mission critical applications and the cost-efficiency requirements of less critical ones.
© 2012 VCE Company, LLC. All Rights Reserved.
4
Traditional Data Protection Methods versus Data Protection in a Virtual World - Today's Data Protection Challenges Traditionally, data protection has been effected primarily through a combination of local and remote back-up capabilities using either tape or disc-based technologies and software. Local backup provided easier and faster recovery times in the event of data loss or system failure, due to higher local bandwidth connections. Backup to a second location via the wide area network, although slower, provided disaster recovery and business continuity. Increasing back-up complexity Over time, data protection techniques have developed to keep pace with the growing volumes of data and the increased criticality of IT services to the business. Originally, 100% of all data was backed up nightly. As the volume of data grew to the point that nightly "fulls" could not complete in the given time widow, weekday incremental copies combined with weekend full copies became the norm. It complicated backup. It also complicated and extended recovery, but it met the backup window. More sophisticated organizations went a step further: they split backup workloads so that every night of the th week, 1/7 of the data was fully backed up (rotating full backup schedule). While it was an efficient use of the backup window, it made administration all the more complex. When backup is inadequate, replicate Where the backup window allows insufficient time to meet the RPO, data replication to an alternate storage location, may be the answer. Replication copies the data on a continuous basis allowing recovery to occur back to a defined point in time, depending on the type of replication. Replication can occur asynchronously or synchronously. Asynchronous replication requires less processing overhead but introduces a lag resulting in some possible loss of data. Synchronous replication, maintains both origin and destination data sources in synchronicity for no data loss on failure but requires a higher processing overhead. By time stamping the replicated data, backup can also occur to specific points in time. This is very helpful when data corruption occurs, for example. Replicated data can be recovered back to the last known clean state. Business Continuity The widespread use of virtualization and the deployment of converged infrastructure solutions, such as the Vblock platform, have created both new opportunities and new challenges. Virtualization supports the dynamic allocation of applications to virtual machines and can automatically distribute or redistribute workloads based on server availability. This provides a level of resiliency not previously possible. However, to provide for true business continuity and reduce the need for "recovery" requires not only virtualization of the compute resources but also of the storage and networking capabilities so that applications can dynamically migrate between geographically dispersed servers. Maintaining server optimization using deduplication A key system design goal is to drive utilization of the hardware as high as possible, without negatively impacting application performance. That is, to maximize the number of virtual machines (VMs) that can run within each server blade. The higher the number, the lower the overall infrastructure cost. Yet the most taxing workload on the VM system resources is nightly backup. Backup uses large amounts
© 2012 VCE Company, LLC. All Rights Reserved.
5
of CPU, disk I/O and network I/O and so the back-up workload can easily become the limiting factor on how many virtual servers can run in a single physical server (blade). To overcome these "backup bottlenecks" in a VMware environment, a source-based data deduplication backup and recovery product is an excellent option to consider. Source based deduplication dramatically reduces the amount of data that must flow from each source server, through the network, to complete the nightly backup. It delivers an equally dramatic reduction in backup time. As a result, the bottleneck is eliminated and scaling up the server count can be achieved without adding more manpower, clock time or bandwidth. Managing data protection costs through tiering One challenge to data protection that remains unchanged is determining the “right” amount of protection required for each data set. If it could be done for free, every business application would be protected with zero data loss and near zero recovery time. Unfortunately, near instantaneous recovery for all applications is not free, so choices are required. A “tiered approach” to data protection takes into account the importance of the data and the actual business recovery needed. Individual applications and associated data sets have different business values, require different back-up frequencies and have different recovery time requirements. As a result, a well-executed data protection infrastructure offers a choice of cost effective options to meet the various tiers of protection needed. In a tiered approach, data and applications are allocated to categories (tiers) depending on their importance. For example, mission critical applications = tier 1, important but less time-critical applications = tier 2, and non- critical applications = tier 3. Using tiers, resources and data protection techniques can be applied more cost effectively to meet the more stringent requirements of critical applications while less expensive approaches are used for the other tiers. Customers need cost-effective solutions that satisfy the desired levels of backup and recovery for each data protection tier, while recognizing system and resource constraints. VCE offers a comprehensive set of data protection capabilities encompassing backup and recovery, archive, replication, business continuity as well as data availability and integrity. While VCE offers preferred products and best practices to meet whatever your data protection needs are, the Vblock platform readily works with all existing methods and approaches.
What does it mean for customers? Budget constraints, timing of lease expirations on existing backup components, recent license renewals, and/or lack of appropriately skilled human resources sometimes makes it impractical to simultaneously roll out a Vblock platform and a new data protection strategy. However, VCE strongly recommends that customers become informed about newer backup products and methodologies as part of their Vblock platform planning efforts. It will then be possible to develop a roadmap to migrate over time to a data protection strategy that facilitates maximum utilization of the virtualized environment, and meets or exceeds your Service Level Agreements. While it is certainly feasible to use traditional tape backup and recovery infrastructure to protect the data in the Vblock platform, the advantages of newer backup methodologies and current best practices should be investigated. Virtual infrastructures always experience explosive growth of application count and total data to be protected. Proactively deploying data protection solutions specifically designed for virtualized infrastructure will facilitate a very smooth scale-up. © 2012 VCE Company, LLC. All Rights Reserved.
6
Implementing new backup and recovery processes at the same time as deploying a Vblock platform has a number of advantages: It provides a logical cutover point so that application moving onto the Vblock platform can be moved off the old backup infrastructure at the same time It allows for scaling up the amount of data being protected without increasing the Operations staff size More headroom: Data protection service level agreements (SLAs) can continue to be met despite significant data growth Tape throughput problems, tape management problems and the security issues associated with tapes can be eliminated Advanced, purpose-built VMware features such as image level backups enabled by VMware API for Data Protection (VADP) and change block tracking can be used to increase back-up effectiveness and reduce the storage space requirements Storage and networking virtualization, where deployed, improves data accessibility and workload mobility allowing data to be accessed, shared and relocated to any location. Mobility also means being able to migrate and relocate virtual machines and applications as well as data It helps maximize the cost effectiveness of your Vblock platform investment.
© 2012 VCE Company, LLC. All Rights Reserved.
7
VCE Data Protection Story To meet the various data protection requirements of Vblock platform customers VCE suggests a range of solutions that can be applied, as needed, to the different tiers in the data protection strategy. These include: Backup de-duplication technology that significantly reduces the amount of data needed to be transferred during a backup, and hence, allows more data to be backed-up within any given window Business continuity for mission critical applications that must remain in operation and be recoverable within minutes of a disaster Snapshot technology that replicates crash consistent data to off-site to provide disaster recovery point objectives of hours or minutes, instead of the 24-hour objective delivered by single nightly backups. Site recovery that allows for pre-planning of how sites will recover after disasters or failures in an automated and repeatable process.
The principle objectives of these solutions are to: Simplify the task of creating the necessary levels of data protection in a today's complex virtualized environments. Provide end-to-end data protection covering all aspects of the Vblock infrastructure and customer workloads.
© 2012 VCE Company, LLC. All Rights Reserved.
8
VCE Preferred Data Protection Solutions Back-up & Recovery for Applications and Data The rapid growth in the volume of data to be protected has become the biggest factor in determining the type of back-up and recovery solution required for each application/service tier. For many applications it may be impossible to provide full back-ups within the available back-up windows due simply to lack of time to execute the backup. In virtualized environments, network resources within the platform will be a backup bottleneck. Deduplication of the back-up data will have a significant positive impact. Deduplication is the process of examining individual files or blocks of data and only backing up the files or blocks that are unique to the backup repository. The initial backup requires that all unique data blocks be transferred to back-up storage but thereafter, only new unique variable length blocks are transferred. For the typical backup this cuts the amount of network traffic to only a tiny fraction of the full back-up load. It also significantly reduces the amount of storage capacity required in the back-up system. Variable length block level deduplication is a powerful approach that not only reduces bandwidth requirements but also speeds the process of back-up and recovery and helps with back-up storage optimization. However, not all applications can benefit from deduplication at the source (client-side). For example, data from large and high-change rate databases, medical and other imaging applications plus audio and video are all highly compressed already and therefore have very little data commonality, hence, do not dedupe by very much. Plus the additional processing time required to process each block can negate some of the back-up time and network bandwidth savings. In this case it is more efficient to transfer the data to a dedicated back-up server or appliance for deduplication processing in-stream rather than to process it on the originating host. Processed data can then be transferred to storage more cost-effectively. In many environments a hybrid approach is the ideal solution. VCE‘s preferred solution is a combination of Avamar and Data Domain. Avamar is a client-side, variable length block level deduplication backup software and hardware target for backup storage. Data Domain as an in-line deduplication target hardware product is more efficient for handling large, high change rate databases. Avamar is typically implemented to complete secure and efficient backup of file systems, virtual servers, small databases, laptops and remote data sets over the wide area network (WAN). Data Domain can be combined with Avamar to complete critical high-speed backups of large high-change rate databases. The combination of Avamar with Data Domain delivers a comprehensive solution to address different back-up tiers and needs. Whether using Avamar only or a combination of Avamar & Data Domain, backups can be easily replicated off-site across a WAN without operator intervention. This is another compelling improvement over tape-based backup. It eliminates time and resources to clone a second set of tapes, and also the dollar cost and security risk of physically moving tapes offsite. One other consideration for protection of a virtualized environment is the need to have guest level backups, for application consistent application recovery, and for full server image level backups for rapid restore of a failed VM server. Image level backups are always crash consistent. Avamar provides both and you may need to leverage both guest and image level backup to meet your requirements.
© 2012 VCE Company, LLC. All Rights Reserved.
9
Site Recovery In a virtualized environment with multiple VMs running in each server blade, it is important that recovery mechanisms be simple to use - to avoid costly mistakes when the pressure is on - support a broad range of back-up and replication solutions, and automate site recovery and migration processes to ensure fast, reliable recovery. Frequent non-disruptive testing of recovery plans also important to ensure that business requirements are met. vCenter Site Recovery Manager integrates tightly with VMware vSphere, VMware vCenter Server and the underlying replication product to automate end-to-end recovery processes. It provides a simple interface for setting up recovery plans that are coordinated across all infrastructure layers, replacing traditional error-prone run books. At the time of a site failover or migration, Site Recovery Manager automates both failover and failback processes, ensuring fast and highly predictable recovery point objectives (RPOs) and recovery time objectives (RTOs). The recovery plans can be tested non-disruptively as frequently as required to ensure that they meet business objectives.
Replication of Application Data When a once-per day backup is not enough protection for a particular business application, creating data snapshots and replicating the snapshots from the primary data center to a second location multiple times per day or continuously (CRR) yields a higher level of data protection. Continuous Replication reduces or eliminates the length of data gaps (loss of data changes since the last backup), which are a normal by-product of traditional once per day backup processes. Having the application data at the DR site is just one half of the requirement of a DR plan. There is also the need to replicate the systems environment for the applications to run on at the disaster recover site. RecoverPoint Continuous Data Protection (CDP) uses time-indexed recovery points. RecoverPoint takes logical data snapshots every few seconds, creating unlimited recovery points. Users can bookmark recovery points to recover back to specific points in time, such as the close of a quarter or a pre-patch state. It is also possible to create application-aware I/O bookmarks. Federated environments are related applications that span multiple servers and storage arrays. Each application has its own RPO and RTO policies that govern the protection and recoverability of the application’s data. In RecoverPoint terminology, each application is a RecoverPoint consistency group with its own policy and Journal. Additionally, the customer needs to ensure that the individual consistency groups have a common consistency point across all of the applications. In RecoverPoint terminology, the user will create a group set that defines the RPO across all of the RecoverPoint consistency groups though the use of a common bookmark in each of the consistency group Journals. When the user recovers each of the consistency groups that make up the Federated environment and selects the common bookmark, the user will ensure that all of the application’s data is recovered to the exact same point in time. This enables the data to be used for such advanced features as building a testing and development environment, creating a Federated backup image and data mining.
Business Continuity True Business Continuity requires much more than just point-to-point replication. It requires fully automated recovery from unplanned disasters as well as the capability to avoid downtime for planned maintenance activities. By virtualizing the Vblock storage with VPLEX, VMware HA (High Availability) and DRS (Distributed Resource Scheduler) clusters can be stretched between Vblock platforms in © 2012 VCE Company, LLC. All Rights Reserved.
10
different physical locations to provide non-stop business continuance and also to enable organizational flexibility and workload balancing between sites. This provides the highest level of business continuance and also simplifies the environment and reduces overall costs. To be most cost-effective, the entire IT environment should operate as a virtualized environment. That is, applications running on virtual servers in one location need to be able to migrate to and operate on virtual servers in remote locations without the need to stop and restart. They must be able to continue to access data and connectivity regardless of physical location. This requires that both storage and networking become virtualized so that a dynamic virtualized storage infrastructure complements the virtual server infrastructure and network addresses also migrate with the applications and the data. Traditionally migrating data and applications between dispersed data centers required a series of manual tasks and activities, including replication and disruption during the switchover. Applications would have to be stopped and restarted after testing and verification. Using VPLEX Workload Mobility capabilities with the Vblock platform eliminates the complexity and the need for any disruption. Applications can now be moved between physical servers in different sites as easily as they are commonly moved between physical servers located in a single data center. This enables use cases of disaster and planned downtime avoidance at the data center level. Combined with VMware DRS, it also enables fully automated workload balancing between sites – effectively merging disparate resources in different locations into a single pool of resources – storage, network, and compute. The result is a much higher levels of resilience, increasing data protection and reducing unplanned application outages between sites. VPLEX does this by creating "Distributed Virtual Volumes" which are storage volumes located in two separate Vblock platforms that are 100% in synch at all times. Once the distributed storage device is established, applications can be started immediately at the remote location, even before all the data has been replicated. The VPLEX solution provides the dynamic storage infrastructure required to migrate applications, virtual machines and data within, across and between remote data centers with no interruption of service and zero data loss. It works in conjunction with VMware vMotion and a backup solution such as Avamar used also for tier 2 or tier 3 applications. Because of VPLEX’s AccessAnywhere technology which makes a storage volume simultaneously available in both locations, common high availability clusters such as VMware HA work as seamlessly across datacenters as they do within. Should any failure cause applications in a Vblock platform to go down (site loss, loss of access to storage, etc.), the storage will be accessible in the alternate Vblock platform allowing VMware HA to restart the applications there. In some configurations and for many failure scenarios, application restarts can even be avoided.
© 2012 VCE Company, LLC. All Rights Reserved.
11
Tiering Every company's data protection requirements differ depending on the size and scope of their IT operation and the importance of IT to the business. To be truly cost-effective your backup and recovery strategy should incorporate the combination of backup, replication, deduplication and business continuity capabilities that best meet the needs of your tiered applications.
Data Protection options for Vblock Platforms Required Level of Protection
VCE Recommended Solutions
Comments
Tier 3
Avamar, or Avamar with Data Domain
Once-per-day backup. Backups typically retained for 30 days.
Tier 2
Tier 3 solution + RecoverPoint
Replication does not eliminate need for daily point-in-time backups. Use both.
Tier 1
Tier 3 solution + VPLEX
Zero data loss. Near zero service interruption
Note: Tier 3: - All corporate data and applications where once-per-day backup is an acceptable level of data protection. In event of disaster, data loss is limited to last backup completion, therefore, 24 hours max. Tier 2: - Data/applications where once-per-day backup leaves too much business exposure. Multiple copies-per-day reduces worse case data loss to completion of last replication. Tier 1: - Business critical applications and data. Zero data loss in event of disaster is mandatory.
© 2012 VCE Company, LLC. All Rights Reserved.
12
Summary/Conclusion Ultimately, the decision of what combination of data protection functionality to use depends on your data availability requirements. The best practice approach to determining your data protection needs is to classify your operations/applications into tiers. Tier 1 applications are mission critical and require zero data loss and a near zero recovery time. Tiers 2 and 3 have less demanding requirements. With the content of the tiers identified it is then possible to evaluate the options for data protection for each tier and to compare costs against the business value of data or system/service loss. A well thought out data protection plan should include several data protection methodologies or “tiers of data protection”. Just like there are tiers of disk storage to accommodate needs for lower cost or higher performance, it is possible to have tiers of data protection that address lower cost or higher protection. Determining your data protection needs is a critical element of the comprehensive planning effort for deploying the Vblock platform. The VCE Data Protection strategy encompasses three main tenants: Simplification – simplification of data protection in a virtualized environment. Completeness – end-to-end Data Protection solution covering all aspects from the Vblock™ infrastructure and customer workloads. Flexibility – State-of-the-art Data Protection for new deployments. VCE's preferred data protection solutions include: Avamar - Deduplication back-up software & hardware, or a combination of both Avamar and Data Domain RecoverPoint - crash consistent application data replication , for recovery to any point in time vCenter Site Recovery Manager - Replication and recovery management of applications to a secondary site VPLEX - Automated disaster avoidance (business continuity)
Next Steps To learn about this and other Vblock solutions, contact a VCE representative or visit www.vce.com.
© 2012 VCE Company, LLC. All Rights Reserved.
13
ABOUT VCE VCE, the Virtual Computing Environment Company formed by Cisco and EMC with investments from VMware and Intel, accelerates the adoption of converged infrastructure and cloud-based computing models that dramatically reduce the cost of IT while improving time to market for our customers. VCE, through the Vblock platform, delivers the industry's first completely integrated IT offering with end-to-end vendor accountability. VCE's prepackaged solutions are available through an extensive partner network, and cover horizontal applications, vertical industry offerings, and application development environments, allowing customers to focus on business innovation instead of integrating, validating and managing IT infrastructure. For more information, go to www.vce.com.
THE INFORMATION IN THIS PUBLICATION IS PROVIDED "AS IS." VCE MAKES NO REPRESENTATIONS OR WARRANTIES OF ANY KIND WITH RESPECT TO THE INFORMATION IN THIS PUBLICATION, AND SPECIFICALLY DISCLAIMS IMPLIED WARRANTIES OR MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
Copyright © 2012 VCE Company, LLC. All rights reserved. Vblock and the VCE logo are registered trademarks or trademarks of VCE Company, LLC. and/or its affiliates in the United States or other countries. All other trademarks used herein are the property of their respective owners.
© 2012 VCE Company, LLC. All Rights Reserved.
