I’m sure you care a lot about it. I care a lot about my data. And I get paid to care about other people’s data too (up to a point). I did this as a topic for vBrownBag at Dell EMC World 2017. Unfortunately I wasn’t as prepared as I should have been and had a brain freeze towards the end and cut it short. The premise of the talk was around sizing for data protection activities. Whilst I didn’t want to go into specifics from a technical perspective, I think some people have been missing some fundamental stuff and I thought it might be useful to post some concepts that may prove useful.
Build The Foundation
Get your data protection foundation in place before you buy anything. It seems obvious, but you need to do a whole lot of preparatory work before you can put a reliable data protection solution in place. The key to a solid foundation, in my opinion, is understanding the answers to the following questions:
- What are you trying to do?
- What’s really important to the business?
- How do you categorise the information and articulate the value?
- What about dead data?
Once you’ve been able to successfully answer these questions, you can start to think about how the answers can be converted into a data protection solution.
What Are You Trying To Do?
Understanding what you’re actually trying to do is important. It seems a simple thing, but I run into a lot of well-meaning people who don’t understand the difference between backup and recovery, disaster recovery, and archiving. You might perform backup activities on a daily / weekly / monthly basis to provide a mechanism to recover files in the event of deletion, system failure, or some kind of corruption. You provide disaster recovery facilities in the event of a massive system failure, usually due to a significant environmental failure (for example, one of your data centres is flooded or your primary storage array has fallen over and can’t get up). An archive is something that you need to keep for a defined period of time but is not something that you access frequently. It’s a bit like those old photos you keep in a shoe box under your bed (remember when photos were actual things we held in our hands?). You might access them from time to time but they’re kept in a different spot from the documents you access on a daily basis. It’s important not to confound these three activities, as the technical solutions that can provide these services often look very different.
What’s Really Important To the Business?
So now you understand the kind of activity you’re trying to conduct. At this point it’s a good idea to try and understand what data you’re trying to protect. Spoiler alert – you’ll need to talk to the business. Sure, they might come back to you and tell you that everything is important and everything needs to be kept forever. You can park that for the time being. More importantly, they’ll be able to tell you what is the mostest of the most important applications and data. and when those applications and data are accessed. This information is important when it comes to assessing the capability of the proposed data protection solution. Some customers I’ve consulted with only run business hours and don’t care if it takes a full weekend to do their backups. Other businesses run applications that can’t be down while backups are running, so they need to look at alternative approaches to data protection that can be done in a shorter / non-disruptive timeframe (and usually for a higher cost). The business can also guide you on what really keeps the company running. I’ve lost count of the times I’ve walked into a company to do some consulting and observed a lot of people in the IT department who didn’t understand what was important to the business or why the business had placed such an emphasis on one particular application. You don’t need to be a world-leading expert on Widget X, but if that’s the main product sold by your company, it’s a good idea to at least understand the basics and the systems that support those basics.
How Do You Categorise The Information And Articulate The Value?
Understanding the data you have to protect is important. But how do you understand it’s value? You need to talk to the business about it. Once you understand what’s important to them, you can start to articulate the various levels of “value” that can assign to data. And it might not just be application data that is valuable to your company. Obviously, the infrastructure platforms hosting that data are also important (and certainly worthy of attention). Some companies find it simpler to articulate the value of data in terms of their core business, or in terms of revenue generated, or sometimes in terms of whether someone will die if the system is down (this is more often a healthcare system consideration than something you might see in retail). It’s also important that, once you think you’ve identified the data and estimated its value, that you get someone important in the business to review these assumptions and sign off on them. I’ve worked in plenty of places where the business has one idea of what’s being done with the data and the IT department has a whole other idea of what’s going on. It’s also important to revisit these assumptions on a regular basis to ensure that your protection systems haven’t been left behind when the company “pivots”.
What About Dead Data?
Finally, consider data lifecycles. It’s okay to delete things. It’s sometimes even a good thing. Not just because it clears up space, or provides some level of catharsis, but there may be legislative considerations that require you to get rid of old records to reduce the company’s exposure to potential litigation. Not everything needs to be kept forever. If it does, you may not need to back it up every day. Keeping everything forever will eventually cost you a lot of money to support. Unfortunately it’s often at the point that people have been doing this for a few years that they realise this approach may not be the best one.
Data protection can be hard. Particularly if you haven’t had the opportunity to understand the business and consult with them regarding what’s important to them (and how you can help them, not just get in the way). Hopefully I’ve provided some useful pointers here that will get you on the right path. Obviously, everyone’s situation is different, and what might be important to you may not be important to someone else. Life is like that. The point of this is that there’s a whole lot of work that needs to happen before you get to the point of even thinking about what the solution will look like. It seems like a common sense notion, but it’s one that is often dismissed in the rush to get solutions delivered in the enterprise.
And if you want to see jet-lagged me ramble on (albeit briefly) during my vBrownBag debut, here you go.