For an SMB, storage and backup are as vital as for any organisation but can consume a considerable amount of budget and staff time. For that reason outsourcing storage and backup is a natural solution for SMBs. And with the rise of cloud storage, the options are increasing. But the cloud storage marketplace has been a fast-moving one, with more than its fair share of hype. So, here’s a sober look at which cloud services are suited to SMB storage and backup needs right now.
For an SMB, cloud storage and backup services fall into a number of categories:
- Data backup: Service providers offer the ability to back up primary data into the cloud.
- Data archive: Service providers offer the ability to archive data into the cloud, for long-term storage of rarely accessed data.
- Primary storage: Service providers offer storage space to hold the primary copy of data.
- Secondary storage: Service providers offer storage space to hold a replica or secondary copy of data.
The backup space is probably the most mature and well-utilised cloud storage offering for SMBs. The customer retains primary data at its location and backs up to the cloud using a variety of methods, including file- and Web-based protocols. Charges are based on the amount of backups stored. Backups are often expired on a time or frequency basis.
Implementing backup to the cloud is usually quite simple. Products such as Mozy use an agent on a PC or server to identify and write changed data into the cloud. An account can be created in a few minutes using a credit card. In larger environments, accounts can be subdivided and managed through a master user account.
Cloud archive services are similar to backup but with data retained indefinitely or through policies set by the custome r. In an archive scenario, the customer will most likely not retain a copy of the data so the service provider will be expected to offer additional backup and recovery services to protect the archive.
Data archiving is content-dependent and deals with particular types of files or other application data such as emails. For instance, Symantec offers an email archiving service that requires the deployment of an archiving management server at the customer site. Iron Mountain’s Virtual File Store also uses an on-site appliance but can archive SharePoint and file data in addition to email.
Primary storage in the cloud
Primary storage services provide direct access to files that would normally reside on a file server or a local storage system. Such services can be implemented in a number of ways, including via Web/Internet protocols that are designed to work directly with primary data in the cloud. For example, the EMC Atmos API enables block-level access to LUNs stored in an Atmos storage cloud. A number of companies—including Cirtas Systems, CTERA Networks, Nasuni, StorSimple and TwinStrata—now also offer cloud storage gateway devices that appear as local storage servers but in fact cache the reading and writing of files stored in the cloud.
Cloud storage gateway products rely on the assumption that only a small percentage of files are frequently accessed in most organisations. Typically once files are created, they are read and written to only a few times, and many are never used again. The gateway effectively archives these files to cloud storage while maintaining frequently accessed files in local cache. Over time data stored in the cloud increases without needing additional hardware on the customer’s site.
To implement these kinds of services you need to plan for demand. If the local cache is too small, end users will see high response times as their data is retrieved from the cloud. This equally applies to the available bandwidth to the Internet, which must be sized to cope with demand. And, all these solutions require the deployment of a physical or virtual appliance and associated storage.
Secondary storage in the cloud
Rather than provide direct access to data, secondary storage options provide a replica of primary data, rather than a simple backup. A good example of this kind of service is Dropbox. This service replicates the customer’s data into the cloud, from where it can be accessed via the Web or another PC or server. The service automatically keeps all copies in sync, but the cloud copy isn’t treated as the primary copy, as the customer can access their data without needing a connection to the Internet. Secondary storage services are ideal for businesses that wish to share data but don’t want to invest in dedicated file servers.
Cloud storage benefits and drawbacks
Cost. The whole premise of cloud offerings is to deliver computing services without capital expenditure on hardware by the customer. Charges are based on usage or utilisation, usually in the form of a monthly fee. This means the customer has only an ongoing operational expenditure (opex) charge.
Although an opex model favours the customer, there are drawbacks. If services are delivered for a variable monthly charge because of fluctuating volume and traffic, it may be difficult to forecast ongoing costs; and unless the service is correctly implemented and monitored, customers could receive a larger-than-expected bill at the end of the month. Also bear in mind that as the service provider mitigates their costs, they will be sharing infrastructure and likely using commodity components.
Scalability. Cloud storage offerings provide the customer with high levels of scalability and, in particular, the ability to expand and contract storage requirements without incurring additional hardware or software costs. Deploying storage in a traditional manner requires planning to be ahead of maximum demand but can’t flex to remove storage and reduce costs once demand is no longer required. This makes cloud storage a great solution for meeting short-term demand. Cloud storage also answers the time factor, enabling rapid deployment to meet demand.
Standards and lock-in. Currently there are no globally accepted standards for interfacing to cloud storage. Standards bodies such as SNIA have tried to establish initiatives to standardise protocols, but in the land grab to gain market share, providers have implemented their own protocols and standards. This presents customers with a number of issues.
Firstly, moving between providers is not simple. The proprietary nature of cloud architectures introduces constraints around data mobility. Moving large volumes of data may require downtime or service interruptions to end users, negating the benefit of using the cloud in the first place. Secondly, data management tools are not standardised. Each provider uses its own tool or GUI with unique terminology.
Performance. One of the drawbacks of cloud storage is around performance and, in particular, latency. Local storage devices provide low-latency data access that can’t be achieved using cloud services over the Internet.
Typically for backup and archive, latency isn’t a problem since data is effectively streamed in an asynchronous manner. However, for primary storage, things aren’t so simple. Some providers attempt to mitigate latency by using gateways or caching devices, as explained above.
While it’s true that latency can be avoided to a certain extent, it can’t be completely resolved, and caching appliances introduce other issues related to data consistency--especially in disaster recovery scenarios, when it may be unclear where the latest consistent copy of data resides.
For cloud backup, one performance issue to consider is the time required to achieve recovery. Backups are usually streamed out over a long time period, and in the case of recovery, data will need to be brought back in a short time scale. While this is suitable for small-scale restores, it is unlikely to meet SLAs for large-scale recoveries.
Security. It’s also important to evaluate the security characteristics of a cloud storage service before contracting with the provider. Most organisations place a big emphasis on securing physical assets such as servers and storage, as well as securing their data assets from unauthorised access.
Data security breaches may be subject to compliance and regulatory penalties. It is therefore extremely important that customers understand how data is secured by the service provider within its facilities. The provider should use secure communications (HTTPS and SSL protocols) and encrypt data. Highly secure services also enable the customer to encrypt data using its own encryption keys.
Service-level agreements. News stories on cloud service outages or data loss are commonplace. Just a few months ago, in fact, Google had a failure on its Gmail system that required the restoration of data from tape. The photo sharing site Flickr had a failure that resulted in losing a customer account containing thousands of photos and metadata, none of which could be recovered.
Many services provide no agreement to cover damages in the case of loss of data. And even when the service provider claims it takes backups, there’s often no guarantee that those backups will work and that data can be restored. It is therefore very sensible to consider the impact of data loss and the use of multiple services to ensure data availability isn’t reliant on a single provider.
It’s also important to have a clear understanding of how your IT services would be affected if a service provider went out of business, including how easily you could move to another provider. As mentioned earlier, that isn’t a trivial task.
Customers should ensure they understand all terms and conditions, including service-level agreements (SLAs) and objectives in their contract with the cloud storage vendor. Where possible, SLAs should be negotiated and tied to contractual obligations.
Using cloud storage services can provide SMBs with benefits, including cost reduction, flexibility in demand management and moving to an opex-based financial model.
The trade-off is that that you’ll need to ensure that using a service provider doesn’t put at risk the ability to do business and that your company’s existing operational processes can cope with the different operating model.
Used correctly, cloud storage services definitely form part of storage management strategy.
This was first published in April 2011