brian j. greenberg all rights reserved. [email protected] stand and deliver data protection sla’s...

Brian J. Greenberg All Rights Reserved. [email protected] http://briangreenberg.net

Stand and DeliverData Protection SLA’s

Strategies for developing Data Protection Service Level Agreements

Presented by Brian J. Greenberghttp://briangreenberg.net

[email protected]


Overview

• Data growth rates are huge and it’s only going to increase.

• As data grows, protecting it becomes increasingly more important.

• Occurrences of Data Protection SLAs are on a upswing.1

1 Storage Magazine, February 2008 (http://searchstorage.techtarget.com/magazineFeature/0,296894,sid5_gci1299125,00.html)


What I Assume You Know

• The nature of data protection in a backup environment.• Off-line/near-line, snapshots in time, removable

media, implications of legal holds, etc.

• At least one backup application.• NetWorker, NetBackup, TSM, etc.

• Your data• Or you know someone who knows your data, or

someone who knows someone who knows your data…


By The End Of The Session, You’ll Know The Following:

• What is a SLA.

• Data Protection SLAs v. Storage SLAs

• The business case for a SLA.

• A two phased approach to a SLA.

• A SLA for your own DP environment.


What is a Data Protection Service Level Agreement?

A data protection service level agreement is concerned with the agreed upon, measurable services of protecting a customers data according to the requirements laid out

in the agreement.

• Should not be confused with a Storage SLA, however, may be a subset of one.

• For the purposes of this presentation, DP SLAs are concerned with data that’s managed by a backup application. This will be different from organization to organization.


What is Data Protection?

• It’s not just doing a backup anymore.• Data growth rates are necessitating

increased attention to protection.• Data protection has become a true

discipline and profession.

Data Protection consists of the processes and methods used to maintain the availability and integrity of data

over time.


What Is Data Protection (continued)

• It is not the latest copy of data.(a.k.a., not part of continuous nor semi-continuous data protection.)

• A backup is:• A snapshot in time of a set of data.• A way to maintain data integrity over

time.• An inexpensive way to keep data for long

periods of time.• An inexpensive way to keep a copy of data

off-site and off-line.


The History Of Data Protection

• Historically, DP has been viewed by I.T. and Businesses alike as an afterthought, and at best, a forgotten insurance policy.

• DP has never been an important discipline, not even offered in school.

• DP in general has a bad reputation.• Over the years, this perception has injured

the practice of data protection, the reputation of data protection professionals and the technologies that are employed by the practice.


Why Bother With A DP SLA?

• Employing a SLA, engages a contractual agreement of services, something the business can understand.

• Begins with making a business case for protecting data through understanding the business impact of data loss.

A data protection SLA illuminates the practice of data protection to the business for the businesses sake.


The Business Case For A DP SLA

• An SLA sets a level of what is to be protected, how quickly it must be recovered and how long the data needs to be retained for.

• The business ‘declares’ the business requirements for protection (and compliance).

• Disaster Recovery & Business Continuance Plans will have most of this information already -- If you’re lucky.

• Will usually be supplemented with continuance technologies such as replication and snapshots.

Having a data protection SLA makes the practiceof protecting data a shared responsibly.


The Data Protection Business Alignment Process

Identify PointPeople

Backup PolicyBilling DepartmentHost(s)Path(s)Schedule(s) Retention

CopiesOff SiteOff-LineEncryptedEtc…

ProduceAlignment Report

Produce Current SL Report

Review current backuppolicies and SL with business.

Compile business requirements for Service Level and determine Technical,

Architectural & Process changes.

Legal RequirementsBusiness DrivenOff-Site SpecificationsEncryption RequirementsNumber of copies, etc..

Assess business requirementsfor Service Level

Data Gathering

Assessment


Step 1: Business Alignment

1. Know the current costs of data protection in your environment.

2. Based on what you can anticipate of your customers requirements, estimate any changes in cost. This will be the sanity check.

It's important to be business driven when designing your data protection architecture. If you're technology driven you'll find

yourself trying to fit your business processes around someone else's technology when it needs to be the other way around.


Business Alignment (Continued)

• Herding the cats… a.k.a. Identify the data owners.• Records Manager or Compliance Officer• Technical contact/owner• Data owner

• All data protection requirements must be legal/business driven.

• What is the data? • Where is the data?


• Are there Data Dependencies or Consistency Groups?

• Recovery objectives (Archive v. Backup)• Recovery Time Objective (RTO)• Recovery Point Objective (RPO)

• How many copies are required?• How many copies must be off-line?



• What are the physical location requirements for each copy?• Do any copies need to be off-site?• What does off-site mean in your

organization?• Are there encryption requirements,

especially of off-line copies?• What is the retention period of the data?



Service Level Assessment Form

• This form is an example of what yours may look like, however, yours will most likely be more extensive pertaining to the specific requirements of your business and how you do data protection.


Step 2: Data Protection Methods

• Once the assessment is complete and signed off in the preliminary requirements, you can then determine what architectures (how much money) will accommodate the requirements and be sustainable.

• This ($) may require a re-leveling of expectations from the businesses.


Considerations Of Methods

• Virtual Tape Libraries and other disk based backup targets including De-Duplication.• Not off-line.• May need to be replicated, still not off-line.• May not fulfill the off-site requirements.• Can be vulnerable in a rolling disaster.• Not cost effective for data retained for

longer than one year, maybe less.


• Encryption for removable media• Still very young in the industry.• Requires a excellent, reliable, protected

key management system.• May lock you into a technology for

decades.• Risky for long term retention data and

even more challenging to manage. • Could to be integrated into media

conversion projects for sustainability.

Considerations Of Methods (Continued)


Data Protection For Your Data Protection System

• Whatever your most aggressive SLA is for your customers, you’ll most likely need to match or exceed it for your Data Protection Environment.

• Take care of your backup catalog/index/database.


QUESTIONS?


FOR MORE INFORMATION

• http://searchstorage.techtarget.com• http://snia.org

I’ll be available at the Ask-the-Expert booth today from 1:30 PM to 2:30 PM.

Brian J. Greenberghttp://briangreenberg.net

[email protected]

brian j. greenberg all rights reserved. [email protected] stand and deliver data protection sla’s...

Documents

data slide

reputation of data protection

continuous data protection

integrity of data

data integrity

practice of data protection

nature of data protection

history of data protection