E-vaulting, at its core, is the process of creating a backup or
replicating important business data. The copy can be made on site,
but it is typically sent off site. There's nothing new about
e-vaulting; enterprise IT departments have been shipping backup
tapes and replicating data to remote
disk arrays and
virtual tape libraries (VTL) for years. For
example, shipping a tape to a vault in Atlanta, replicating an
Oracle database to a secondary disk array in the data center, or
transferring nightly backups to a colocation in Minneapolis
might all be termed "e-vaulting." More recently, however,
e-vaulting has grown to mean remote backups and replication for
small and midsized businesses (SMB)/small and midsized
enterprises (SME) using third-party services. This article
examines e-vaulting, highlights the major considerations and
roadblocks in implementation, examines the impact of e-vaulting
on real-life users and looks ahead at future trends.
@28469 The goals of e-vaulting
Analysts agree that e-vaulting is all about protecting data --
usually off site for disaster recovery purposes -- but it's a
difficult term to explain precisely because the definition varies
depending on whom you talk to. "E-vaulting is basically a technique
or a mechanism that transfers your data to offsite storage," says
Greg Schulz, founder and senior analyst at the StorageIO Group in
Stillwater, Minn. "It can be a technique, technology, product or
service."
In fact, there is no technological difference between e-vaulting
and more well-defined data protection schemes, like remote
backup or remote
replication. "E-vaulting is a marketing
positioning term, which perhaps sounds better than remote
replication," says Phil Goodwin, president of Diogenes
Analytical Laboratories in Erie, Colo. "I am not aware of any
significant 'secret sauce' associated with any e-vaulting
solutions that are out there." The idea is the same; connect
remotely to an offsite storage repository and periodically
update that data.
While e-vaulting doesn't bring anything new to enterprise
backups, the emergence of third-party e-vaulting services offer an
appealing alternative to SMBs. For example, providers like Asigra
Inc., EVault, AmeriVault Corp. and Iron Mountain Inc. offer
ready-made storage facilities that charge users based on backup
volumes. Users can leverage the safety of remote backups while
eliminating the capital investment, personnel costs and management
overhead of a separate location.
E-vaulting implementation issues
E-vaulting and remote replication rely on adequate
bandwidth. There has to be enough bandwidth
to move the necessary amount of data within an available time
period. Some remote backups
cache locally and then pass data to the
remote location as time and bandwidth permit. It is also
possible to use techniques like incremental backups, delta
differential (a.k.a. block or file differencing), data
compression and even data deduplication in
order to reduce the overall data volume that must be transferred
between sites. These tactics help to lower bandwidth
requirements and mitigate costs, but it's important to remember
that backups are made to be recovered. "People may be able to
replicate remotely using a relatively low-bandwidth
WAN because they're moving small amounts of
data, updated data and so on," Goodwin says. "But when it comes
time to restore an entire system, bandwidth will become a
bottleneck."
It's not always necessary to back up or replicate all corporate
data remotely, and many users employ e-vaulting only for their most
valuable data. This can lower bandwidth requirements further and
reduce replication costs. "It's substantially cheaper to store that
data encrypted on tape for offsite storage rather than storing it
on an array through an e-vault," Goodwin says, noting a particular
concern for e-vaulting users who pay a monthly fee based on the
amount of storage that they use. Vault the data that you will need
to recovery rapidly to keep your business running.
Just as a bank vault provides controlled access and security for
safety deposit boxes, e-vault implementations are often evaluated
for security features. "E-vaulting implies a certain amount of
security is associated with that site, both in terms of having a
hardened data center and physical security to get to the data,"
Goodwin says. "But that's certainly not a hard and fast rule."
Encryption is a principal element of
security, and data should be encrypted while in flight and at
rest on the remote storage system (regardless of who owns the
remote site). This renders the data unreadable without a
corresponding
key but also entails key management to
ensure that only authorized personnel can actually read the
stored data. Third-party e-vaulting providers should never
possess a key or back door into user data. Physical security is
another consideration that is often overlooked. A remote site
should restrict server and disk array access to key employees
only.
Don't overlook the importance of infrastructure and
configuration. Companies that replicate their own data typically
consider the impact of changes to their data center or IT
infrastructure, but using an outside e-vaulting provider can result
in a communication gap. Your e-vaulting provider can generally
advise you on any setup or configuration changes that might be
needed to accommodate new storage arrays, databases and other
changes; helping to ensure uninterrupted backup or replication. Be
sure to keep your e-vaulting provider updated with your most
current contact information so that any warning or alert emails go
to the correct recipient.
Finally, be sure to implement periodic checks to ensure that
your data is actually available and recoverable. An annual or
semiannual recovery drill is an excellent way to test the recovery
process and keep an outside service provider on its toes. "You
don't want to wake up one morning and discover that it [backup] has
been out of control for six months," Goodwin says.
The impact of e-vaulting
Although the definition of e-vaulting can vary depending on whom
you speak with, it's having a clear impact on SMBs. Larger
enterprises can vault their own data onsite or send the data to a
backup data center located hundreds or even thousands of miles
away. But smaller enterprises typically lack the IT staff and
capital budget to implement their own e-vaulting architecture.
Service providers, like Iron Mountain, EVault, AmeriVault and
others are filling this void -- offering third-party e-vaulting
services that are meeting the backup needs of SMB/SME users.
@28470 For First Citizens National Bank in Dyersburg, Tenn., the
challenge is to protect over 3 terabytes (TB) of vital banking
information across one data center and 17 local branches. Beyond
ordinary threats like fire, the nearby New Madrid fault poses a
serious earthquake danger to the entire region, forcing the bank to
consider more robust and reliable alternatives to its traditional
off-site tape backups. "We wanted to get our data to a different
part of the country quickly," says Jeff Tippett, information
services technical support network administrator. EVault emerged as
a preferred service provider, meeting the need for a distant
repository in Atlanta Ga., more than 400 miles from Dyersburg and
well outside of the New Madrid fault zone.
Tippett notes that disasters like Hurricane Katrina have really
changed the way that businesses deal with backups and disaster
recovery. "Banks are now looking at their backups with a better
view," he says. "Before [Katrina] a bank would never send their
data out to an external source -- especially over the Internet."
Today, however, remote backup and replication processes are easily
secured with encryption standards, like
AES 128 or AES 256, which protect the data
in flight and at rest with the service provider. Encryption is
also managed with a single key owned by the user, meaning that
only the bank can decrypt and use its data again. Tippett is
completely confident that this approach meets regulatory and
compliance requirements.
According to Tippett, EVault required no upgrades to the bank's
IT infrastructure, though a second T1 line was added for greater
bandwidth. Once the EVault software was installed and several minor
firewall configuration issues were ironed out, the service was up
and running. The initial upload or data copy can take significant
time, but subsequent backups can be dramatically shorter because
only changes are saved across the Internet. For First Citizens, an
initial upload of 4.5 GB took about three hours, while a typical
nightly update (about 7 MB of changed data) took less than five
minutes. The bank is still adding to its backup data set, but
Tippett is happy with the initial performance results and almost
negligible management overhead needed to manage the offsite backup
process.
Limited IT staff and resources can also enhance the appeal of
third-party e-vaulting -- freeing precious time to tackle more
pressing IT tasks and management. This was the problem for Asha
Joshi, IT manager at the investment firm of Cooke & Bieler LP.
Even with only 100 GB of storage between offices in Philadelphia,
Pa., and Charlotte, N.C., it was difficult to juggle nightly
backups along with desktop support, disaster recovery planning,
server maintenance, and other IT responsibilities. "It was getting
cumbersome to have either tape backup or disk arrays and maintain
them," Joshi says. "I was sending tape backups off site but that
wasn't enough -- we had to do something more."
The answer for Joshi was to outsource the company backups to
Iron Mountain through a WAN link, achieving more efficient and more
reliable backups through a provider with proven history in the
disaster recovery business. "Our management didn't want to go with
an unknown provider," Joshi says. "And they [Iron Mountain] have
facilities that backup to another backup facility, so that was
really reassuring."
Iron Mountain's e-vaulting process provided the ease and
flexibility that Joshi needed. Iron Mountain provided the backup
software, along with a network attached storage (NAS) storage
device. Backups are first generated locally to the NAS device and
then transferred across the WAN as time and bandwidth permit. This
keeps a local backup for quick restores and allows remote backups
to be accomplished across the company's current T1 line. AES-256
encryption keeps data secure in-flight and at rest at the remote
location. The user has the only key, so data is inaccessible to
anyone other than the customer.
The initial installation and setup was spread out over about one
week, but once the software was properly configured to communicate
through the corporate firewall and establish contact with the
remote location, it was just a matter of defining a backup set and
scheduling. Ongoing management is virtually negligible. "I do make
sure that everything is working OK, and if something does stop
working, I get an email from Iron Mountain," Joshi says. "It
[e-vaulting] is a great solution if you don't have enough manpower,
if you're a small company or if you're trying to save on
maintenance expenses."
The future of e-vaulting
Data replication and backups between remote sites should
continue to be an important practice for the enterprise -- it
eliminates tapes and speeds the backup and restoration processes.
But analysts see significant potential for third-party e-vaulting
services that enable SMBs to ensure timely backups while minimizing
complexity. "I see that as a huge growth opportunity both at the
enterprise down into the midmarket," Schulz says, noting an even
bigger impact on the SMB and suggesting that Internet service
providers (ISP) may eventually offer critical file backup services
for their small office and home office (SOHO) users. Even further
out, analysts see the eventual rise of value-added services, such
as electronic discovery to complement e-vaulting services. ***