Is The Cloud Right For You?

Is the Cloud Right for You?
eBook 11 Published July 2010 By Vision Solutions
Table of ConTenTs
Chapter 11: Is the Cloud Right for You? Foreword...............................................................................................4 Managed Service vs. Cloud Providers ...................................................5 How the Cloud Works ............................................................................5 What Is the Public Cloud? .....................................................................6 What Is a Private Cloud? .......................................................................8 Hybrid Solutions .................................................................................10 Physical-Public Hybrids ......................................................................10 Physical-Private Hybrids .....................................................................10 hysical-Public-Private Hybrids ..............................................................11 Virtual Private Clouds .........................................................................11 Universal Considerations for Cloud Infrastructure ...............................12 Recovery as a Service (RaaS) .............................................................13 Cloud for SMBs ...................................................................................14 Cloud for Large Organizations .............................................................15 Calculating Cost of Downtime .............................................................15 Determining RPO and RTO ..................................................................16 Is Cloud Backup and Recovery Right for Your Organization? ................17 How Cloud Backup and Recovery Works ...............................................17 Cloud Security Essentials ...................................................................18 Cloud vs. Tape.....................................................................................19 The Costs of Tape Backup ..................................................................19 Off-Site, Rapid Recovery .....................................................................20 The Cloud DR Opportunity ...................................................................22 Eco-Friendly Incentives for Cloud Computing.......................................23 Conclusion ..........................................................................................24
sign up To beCome a member

As an eBook member, you will be the first to be notified when Chapter 12, appears in print! Receive information from IBM and Vision Solutions, Inc.

foreword
Many concepts in modern technology evolve so quickly that those involved in the creation of the technologies may not even notice that a new platform has been born out of their work. The cloud is such a platform. What started years ago in the field of hypervisor-based virtualization technologies is evolving into the ability to produce computer resources, in multiple physical locations, that act as if they were part of the local network that end-users and middleware applications are attached to. The cloud, as we know it today, has no true definition. We can only start with some definitions that hold true at the moment and then move into theoretical discussions about some of the most likely next steps in the field of cloud maturity. There are certain aspects of day-to-day technology issues that cloud computing can assist with, both now and into the next generation of the cloud-based computer resource. The cloud is getting a lot of press from both supporters and detractors. Some say it is the future of information technology; others say it is the same old thing, repackaged. The only real question is whether it can be a means to an end. For now, cloud computing is to IT storage and resource management what the smartphone is to the rotary dial; its simple, cheap, scalable, eco-friendly, and infinitely available. In the end, the cloud is just a metaphor for the Internet, and it works just like an electricity grid: resources, software, and information are provided to computers on demand and in the quantity demanded. In the 1980s, those resources were provided by giant mainframes and complex, geographically restricted client-server systems, which also required an enormous investment in hardware, space, and skilled staff to maintain them. Now, any business of any size, and even individuals, can consume storage space, software, and other resources in the cloud without having to own or manage a datacenter. Further, organizations can take advantage of technology that allows them to maintain a real-time backup copy of data, applications, and even operating systems in the cloud, which allows them to restore damaged or destroyed production servers in minutes instead of hours or days. The best part is, it doesnt take a dedicated IT staff to do it.
ChapTer 11
businessContinuityToday.com
The term cloud computing is so generic (and sometimes misused) that its nearly worthless in a practical discussion. Two aspects of cloud computing that are relevant to the discussion are Infrastructure as a Service (IaaS) and Software as a Service (SaaS). With IaaS, a service provider delivers raw resourceslike virtual machines, storage, and network bandwidthas a service. With SaaS, a provider layers a specific software solution on top of those raw resources and delivers that. When both IaaS and SaaS are combined in an offering that is specifically designed to provide data protection and disaster recovery, it is referred to as Recovery as a Service, or RaaS, which is discussed later in this chapter.
Like the Internet, the cloud is a network of computers. This network behaves like a collective virtual computer, where the applications can run independently from individual computers or server configurations.
managed serviCe vs. Cloud providers

There are key distinctions between hosting companies with managed-service offerings and cloud providers. The key differences have to do with how much of the infrastructure (and therefore, cost) is dedicated to the solution. Managed Service Providers (MSPs) and hosting companies generally provide dedicated hardware, software, and storage to each customer. This requires that the customer specify, pay for, and commit to specific capacities in advance. Cloud providers generally provision a customers current demands from a pool of capacity, thereby providing the elasticity to allow customers to later change their requirements with ease. Think of the difference between buying a generator and getting an account with a power company. The best cloud providers will let you buy capacity in very small chunks, allow you to change your usage on the fly, and bill you only for what you consumeall without a long-term commitment to any specific usage pattern or cost.
how The Cloud works

Like the Internet, the cloud is a network of computers. This network behaves like a collective virtual computer, where the applications can run independently from individual computers or server configurations. The hardware isnt important; the application is. High-speed Internet access has eliminated the need to have the software run on desktops, so now software can be completely Web-based. In fact, running software in the cloud makes it possible to run different operating systems at the same time. For example, you can host your Website on Linux while using Windows or Mac for applications.

5
User
Internet/Intranet Load Balancer Linux Box
LAN/WAN Real Server 1
Virtual Server
Real Server 2 Real Server n
The cloud network is made up of front-end layers and back-end layers. Front-end layers are the ones users see and interact with when, for example, accessing Internet-based email (like Gmail). The back-end is made up of hardware and software architecture that drives the front-end interface. Because the network of computers works together, the applications can take advantage of the combined computing power. Cloud computing also creates infinite flexibility. Depending on demand, resources can be increased or reduced as necessary by reassigning specific hardware.
whaT is The publiC Cloud?

Cloud computing technology is not new. The ability of an organization to rent space on servers has existed since nearly the beginning of the modern digital revolution back in the 1970s. Educational organizations routinely rent out space on their supercomputers in order to run complex calculations and simulations for private businesses like the pharmaceutical industry. However, mainstream renting of computer resources was typically relegated to the smaller business market and the extremely large enterprise space, leaving out most businesses in between those two extremes. Smaller shops could lease server equipment in co-location facilities. This wasnt truly a cloud solution, as the hardware was owned by the business that was leasing space, and only the facility, power, and networking was owned by the co-location company. However, it did evolve into a form of cloud computing, where servers as entire units could be rented out for a period of time or on an
6
ongoing basis to customers who did not wish to buy their own server resources to co-locate. This idea of renting dedicated servers could be seen as the greatgrandfather of the cloud solution set, as information and applications owned by one entity were being run on computer resources owned by another, but this model was still too expensive and inflexible to work on a large scale. The sheer amount of datacenter space and costs associated with acquiring, maintaining, and refreshing that large a number of physical servers made the business model difficult to maintain for all but a few large-scale hosting companies. The advent of stable, commercially available virtualization solutions allowed the hosted server model to evolve from the rental of physical hardware computer resources into the rental of virtual computer resources. This allowed each physical device to be parceled out to many more customers, reducing the overhead on the co-location provider and allowing for much greater client density per given square foot of datacenter space. The problem was that there were still limits to how many virtual machines could be logically managed by native tool sets. Virtual machines (VMs) still had to be created and destroyed manually by the co-location staff, and that kept the model from being flexible enough to expand rapidly. A few years ago, key players in the space we now know as the public cloud began to roll out a new theory of hosted virtualization that broke through those barriers. By writing complex Web-based front-end solutions to the back-end virtualization platforms, many companies were able to allow clients to create and remove virtual servers or other computer resources themselves, instead of waiting for a co-location employee to manually perform these actions. Many of these providers went beyond simply offering virtual servers and have created the ability to instantiate storage resources, virtual application connection points, and other technologies that would have been impossible in the world of simple virtual server rental. Which brings us to the world of the public cloud that we understand today. Vendors provide access to limited virtual machines, storage, and computerresource command and control systems, and organizations use those tools to create, manage, and reallocate resources as required for various projects. In this respect, the public cloud is the combination of those control resources alongside the resources themselves. The defining factor of the public cloud is that these resources and command/control systems are never owned by the organization that rents them, but instead are owned and maintained by some third-party organization. Public cloud systems may seem like a panacea to the problems of overcrowded IT facilities, but they do have some drawbacks. First is that the data and all computer resources associated with it are housed within a datacenter controlled by some other entity. This could cause security issues for highly
The advent of stable, commercially available virtualization solutions allowed the hosted server model to evolve from the rental of physical hardware computer resources into the rental of virtual computer resources
sensitive data (see the section below on private cloud technology). Then there is the fact thatwith the exception of completely new systemsdata and computer resources do not currently reside in the cloud. You will need some way to transfer the systems and the data resources from their current home into cloud computer resources located at your cloud providers facility. There are many solutions from various vendors that can allow you to achieve this goal, and as such this isnt an insurmountable obstacle, but it is one that must be taken into consideration as you plan your cloud strategy.
whaT is a privaTe Cloud?

The benefits of the public cloud are very visible. Organizations do not need to purchase or amortize hardware in order to create computer resources for applications or entire server platforms. However, since the organization doesnt own these resources, certain security concerns arise very quickly. Though many of these concerns can be overcome by strict legal agreements between the organization and the vendors in question, there is still a lingering doubt as to who has final control over a particularly sensitive computer workload. Public cloud simply isnt the ultimate best choice for every type of cloud-capable solution set. In order to address these specific concerns, many enterprise-class organizations are still willing to turn to the creation of cloud platformsbut only within their own datacenters and within their corporate control. Known as private clouds, these massive virtualization platforms can provide many of the same benefits as a public cloud platform but entirely within the legal and operational domain of a specific organization. While the idea of infinite scalability becomes lost due to a finite amount of corporate resources, control aspects to this type of cloud are greatly enhanced, making it a suitable choice for those organizations dealing with high-security computer requirements. In a common example, virtualized infrastructure platforms can be put in place across dozens or even hundreds of physical server resources located in one or more datacenters controlled by an enterprise. Native tools are leveraged to provide a back-end infrastructure, and the organizations own (or outsourced) programming staff creates a customized front-end platform that end-users can access to manage these virtual platforms. Along with the management tools, systems for tracking business-unit utilization of the resources must also be created in order to properly determine how internal billing will be metered out to the individual end-users within the organization. Once created, these front-end and back-end systems then allow business units to pay for computer resources as required, with those resources being released back
into the overall private cloud pool when they are no longer required. Since the individual business units do not know where their physical server locations are, they no longer require long periods of architecture design to ensure they get the resources they need in a local datacenter. They simply use the front-end tools to request the required computer power, storage, and other resources, and the custom front-end/back-end solutions provision the best combination of virtual and physical resources in the best location for the purpose. This ability to control security while still allowing for true cloud computer resource allocation makes private clouds an attractive solution for large organizations that require a higher level of security and control than they would otherwise be able to obtain from the public cloud. That is not to say that private clouds are without their own drawbacks, though. Moving cloud computer resources internally eliminates the native redundancy of most public cloud providers; the public cloud allows for a form of native disaster recovery (DR) just by ensuring that no single computer resource is housed in only one location. Private clouds would not natively be able to provide this type of redundancy but could be outfitted with third-party tools that can provide such redundancy easily. It becomes a matter of finding and implementing the correct recovery solutions, something that isnt typically necessary for public cloud platforms. The methodologies of public cloud architecture definitely require an economy of scale. They necessitate large numbers of physical servers to act as virtual hosts, large amounts of server-class storage space (typically in the form of SAN systems), and a great deal of power and cooling systems to maintain. Also required is appropriate licensing for the virtual infrastructure technologies and a dedicated staff to manage the systems that manage the end-users solution sets. When combined with the development costs of the customized command/control interfaces and billing systems, this type of solution becomes cost-prohibitive to all but larger enterprise organizations looking to produce a specific and secure cloud computing platform internally. So, while this model is in use today and does address many security concerns that exist within the public cloud, it is not a solution that is within reach of the average organization looking to leverage cloud solutions.
The ability to control security while still allowing for true cloud computer resource allocation makes private clouds an attractive solution for large organizations.

9
hybrid soluTions
As you can see, there are plusses and minuses to both public and private cloud solution sets. In addition to those hurdles inherent to the technology at this time, there is always the fact that many systems are onand will remain onphysical servers. This makes those particular systems incapable of migration to either a public or private cloud, since both of those technologies sets rely on virtualization at their core. In order to surmount these obstacles and to provide some facility for physical servers within an organization, many businesses are looking toward a variety of hybrid solution sets that merge existing technologies with the cloud. They also can use hybrid platforms to merge public cloud for most applications with private cloud for high-security application environments to leverage the best of both worlds. Physical-Public Hybrids The most common hybrid approach is to leverage the existing physical resources of the organization to host anything that is not readily suitable for public cloud and then contract with a vendor such as Amazon Web Services to provide cloud computer and/or storage resources for everything that can safely be migrated out of the local datacenter. An example would be a financial application with a Web-based front-end. The financial data is tightly controlled by internal and external regulatory compliance measures and therefore would probably not be easily migrated to a public cloud infrastructure. However, the Web-based front-end solution set would not hold sensitive data and could therefore be migrated with much less effort onto a cloud computer or cloud application platform. The appropriate levels of Web-based security, firewalls, and VPN infrastructure could then be applied to ensure that only data that is cleared to leave the datacenter is permitted to travel between the secure facility and the Web systems. The benefit of this type of hybridization is that the Web systems can be dynamically expanded to meet incoming user demand, but the secure systems can still be tightly controlled without redesigning them to exist within the cloud computer environment. Physical-Private Hybrids In some cases, even the security of a tightened private cloud computer environment is not suitable for the workloads currently residing in the traditional datacenter. In those cases, where the IT staff wants to gain more flexibility without redesigning site security, a private cloud infrastructure can be established to allow for cloud flexibility within the current datacenter environment.
10
Medical records are a good example of this type of solution set. Where largescale health insurers or providers (major hospitals, etc.) require the flexibility of cloud, they must still be aware of the impact of using external resources to house data bound by HIPAA and other regulations. In many cases, moving to a public cloud infrastructure would require a massive reconfiguration of security protocols and procedures, while establishing a private cloud would allow for flexible infrastructure without physically moving outside of the current secure environment itself. Physical-Public-Private Hybrids This solution set is perhaps the most complex of hybrids, and its used only by the largest of organizations. The theory behind this technology is that there will be some servers that must remain physical, others that can become virtualized but cannot be placed on public cloud networks, and finally many servers that could easily be adapted to the public cloud. As an example, consider a multi-service insurance conglomerate. Many Webbased solutions are already exposed to public traffic and could therefore take advantage of the increased on-demand scalability of the public cloud computer and storage solutions on the market. In most of this class of organization, a large number of legacy solutions exists, many of which are bound to physical hardware configurations and cannot migrate to a public or private cloud infrastructure at all. Finally, newer solution sets that still host highly sensitive data could be virtualized but cannot leave the security confines of the organizations datacenters. Combining all three forms of infrastructure (physical servers and public and private clouds) allows for maximum flexibility for all the various types of workloads and systems that make up the business.
A virtual private cloud is simply a public cloud infrastructure that has been securityhardened to permit only recognized traffic streams.
virTual privaTe Clouds

Public cloud providers are by no means lax on security issues. The modern public cloud can be made exceptionally secure, and the previous examples were meant to convey that the applications themselves would be difficult to adapt to the public cloud for security reasons within the apps themselves, not that they could not be made secure on a public cloud platform. Virtual private clouds are one example of how a public cloud can be made highly secure should the applications and systems in question be able to make the move to a public cloud. A virtual private cloud is simply a public cloud infrastructure that has been security-hardened to permit only recognized traffic streams. For example, email systems often contain highly secure information within their databases, but some components must be able to communicate with the outside world in order for email to flow. A virtual private cloud can allow email servers to have
11
strictly limited connectivity to email traffic (SMTP links, etc.) but otherwise speak only to servers within the corporate datacenter via an encrypted tunnel. The theory is very similar to establishing a VPN connection between two sites of the organization, except here the public cloud is accessed within an especially walled-off section of the cloud computer and storage infrastructure accessible only to the business unless otherwise specified.
universal ConsideraTions for Cloud infrasTruCTure

There are two topics that must be considered during the planning and implementation phases of any project where some form of cloud computer or storage resources are involved: how to get the systems into the cloud and how to provide DR solutions, especially if the cloud provider does not provide them. Migration of systems into and out of cloud infrastructurepublic or privateis not an insignificant task when those systems already exist in the physical or virtual world in your datacenters. If end-user downtime is not a concern, then a backup and restore model could be used to get the dataand possibly system informationfrom a fixed point in time into your cloud providers infrastructure. This is especially true for private clouds, where the physical distance is limited and bandwidth is generally easy to come by. However, if user downtime is to be minimized, you will need to investigate tools that provide some way to transmit both the system information and data from your current platform into the cloud platform. These tools will need to be able to address multiple forms of applications and be able to move this information over VPN tunnels or other secure transmission methods to ensure that data security is maintained. Most public cloud providers do offer the ability to establish VPN connections to your cloud computer resources on their platform, allowing you to focus on moving the data and system information. This solves the security problem but not the entire migration picture. The intended target platforms are almost definitely of a different form/class/configuration of hardware than your systems, and the tools you use will have to enable you to change these parameters on the fly. While this migration occurs, end-users will be making changes to data, so the tools must also be able to keep up with new information as they migrate the existing systems. Finally, every project has some amount of uncertainty, and implementing cloud strategies is no exception. The tools you choose for migration should be equally able to return you to your existing configuration if unexpected issues crop up after the migration is complete. Note that it is quite rare these days to see applications and platforms that would have any problem virtualizing without showing evidence of this during the investigation phase of the project, but it has been known to happen from time to time. A safety net is never a bad thing.
12
Most public cloud providers do offer the ability to establish VPN connections to your cloud computer resources on their platform, allowing you to focus on moving the data and system information.
reCovery as a serviCe (raas)

While most organizations are focusing on cloud computer and storage resources for extending or enhancing existing infrastructure, there is a specific use-case for cloud strategies that doesnt require moving existing systems to a cloud vendor. Leveraging public or private cloud computer infrastructure to allow for another avenue for DR is becoming popular as more companies begin to explore cloud architecture. Vendors can provide tools (such as Amazon Web Services EC2 and S3 products) that leverage cloud computer and storage platforms to create a complete backup and rapid-restoration platform for systems capable of virtualization. Some allow for protection of entire servers from your location, over a VPN connection, to one or more public cloudbased data-warehousing solutions. If a server fails at the primary business location, it can be either restored to another cloud computer resource or restored back to the primary location onto repaired or replaced hardware. Often, the choice of restoration location isnt required until the restore is about to begin, which allows for a great degree of flexibility. Organizations are contracting for cloud computer resources and then parceling out those resources to business units for DR purposes, while allowing these business units to continue business as usual on their current production data systems. The advantages of this methodology are numerous. You will not have to provide full infrastructure architecture for DR, which can amount to a large budgetary savings over time. You also can introduce the idea of public or private cloud technology into areas that would be hesitant to put their production systems on such platforms. Since only the DR platform is housed in the cloud, many reluctant managers would be willing to allow it in this instance. In short, cloud platforms can help introduce using cloud computer and storage resources in a non-production form; this is the traditional entranceway for emerging technologies in the enterprise, and its a great fit for public and private clouds.

13
Cloud for smbs

Right now, the practical impact of the cloud is most fully realized in small to mid-sized businesses (SMBs). SMBs can immediately enjoy the benefits of a full-sized datacenter infrastructure without having to implement and administer it, giving them access to multiple data centers anywhere in the world. And, as their demand for resources increases, they can add additional service as needed from their cloud computing vendor without having to pay for more hardware. One of the most interesting aspects of cloud computing is that is completely revolutionizing business continuity for SMBs. The United States Small Business Administration stated that SMBs fall into one of two categories: those that have endured a disaster and those that will. They go on to say that nearly 40 percent of those who go through a disaster will not be able to recover. The threat is real, and SMB owners are aware of it. However with tight budgets, there is little room for hardware infrastructure and specialized staff to maintain it. Still, SMBs rely heavily on technology like Websites, inventory, point-of-sale software, staff scheduling programs, email, and record keeping. In the case of legal and medical (also, financial and some manufacturing), there are strict compliance regulations about things like how long records must be kept and how much time businesses are allotted to produce a record on demand. If one of these businesses loses access to its technology for a day, or even an hour, serious consequences (fines, lost revenue, lost customer data and confidence) could occur that are difficult to recover from. It remains critical that SMBs have a current copy of their data stored somewhere safe and accessible. In the past decade, this process was so expensive that many SMBs resorted to dodgy tape-based backup systemsor, worse, theyve done nothing and hoped for the best. With the advent of cloud computing, instead of just crossing their fingers or paying for the hardware, software, space, and staff required for storage, an entire mid-sized corporation can rent enough cloud space to keep a real-time, full-server backup copy of all its data, applications, and operating systems. Real time means that every keystroke, every email, every bit and byte is safe, and full-server means that every application and even the whole operating system is safe and available. And it gets better: its also now possible to copy data into the cloud in real time, and its possible to retrieve it from the cloud... just as fast. What this means for SMBs is that if the store burns down or is flooded or someone spills coffee on the server, daily operations can resume in minutes instead of daysor never.
With the advent of cloud computing, instead of just crossing their fingers or paying for the hardware, software, space, and staff required for storage, an entire mid-sized corporation can rent enough cloud space to keep a real-time,
14
Cloud for large organizaTions

Though it may take a while for it to become standard, the cloud is fully scalable to even the larger organizations, and some are beginning to realize the cost- and time-savings of closing their datacenters and letting someone else deal with it. For some, it isnt yet practical to scrap their datacenters and staff and move to the cloud, and they will likely continue to rely on mainframes and client-server architecture until its no longer possible or cost-effective to maintain it. Others, like NASA and many pharmaceutical manufacturing giants, are ready and willing but have security concerns and are testing the waters by putting non-proprietary information in the cloud or by using some combination of public and private clouds. Either way, backup and recovery in the cloud works the same way for large organizations; the resources are just as scalable, backup is real-time, and recovery is just as fast. The question for organizations of any size is, When is it the right time to make the switch? The first step to evaluating the quality of a data backup and recovery plan is to figure out the cost of downtime and evaluate the Recovery Time Objective (RTO) and Recovery Point Objective (RPO). These metrics define how long you think it will take you to get back online and how current the data has to be.
The first step to evaluating the quality of a data backup and recovery plan is to figure out the cost of downtime and evaluate the Recovery Time Objective (RTO) and Recovery Point Objective (RPO).
CalCulaTing CosT of downTime

Calculating the cost of downtime can help determine RTO and RPO objectives, which are key factors in any backup and recovery plan. Knowing the cost of downtime can also help senior management understand IT system disaster recovery hardware and software budgets. While there is a simple formula below for calculating your cost of downtime, consider these questions: ow much money would be lost if all transaction data for the last twelve H hours, or even the last ten minutes, were lost? hat is the value of the knowledge contained in the companys last W twelve hours worth of emails and email attachments? What would it cost to have engineers recreate the last twelve hours of work? hats the exposure if you cant produce this data in compliance with W Sarbanes-Oxley, HIPAA, SEC, and other regulations?
15
Heres a simple way to estimate the average cost per hour of downtime:
Cost Per Occurrence = (To + Td) x (Hr + Lr)

To = Length of Outage Td = Time Delta to Data Backup (How long since the last backup?) r = Hourly Rate of Personnel (Calculate by monthly expense per H department divided by the number of work hours.) r = Lost Revenue per Hour (Applies if the department generates profit. L A good rule is to look at profitability over three months and divide by the number of work hours.) Next, determine RTO and RPO objectives. Determining RPO and RTO In measuring the criticality of IT systems, the two primary considerations are how much data and how much time you can afford to lose.
Recovery Point Objective

The first, the Recovery Point Objective (RPO), is the threshold of how much data an organization can afford to lose since the last backup. Defining the companys RPO typically begins with examining how frequently backup takes place. Since backup can be intrusive to systems, it is not typically performed more frequently than several hours apart. This means that the backup RPO is probably measured in hours of data loss.
Recovery Time Objective

The second, the Recovery Time Objective (RTO), is the threshold for how quickly an organization needs to have an applications information restored. For example, maybe four hours, eight hours, or the next business day is tolerable for email systems. Keep in mind the amount of time it takes to provision servers, storage, networking resources, and virtual machine configurations.

16
is Cloud baCkup and reCovery righT for your organizaTion?

Finding the right balance of features and price to meet your RPO and RTO is one of the most critical things you can do to protect your business. For IT system continuity, there are three solution categories: backup, high availability, and disaster recovery. ackup means keeping your data safe; in this situation, RPO is more B critical than RTO. igh availability means keeping your critical applications and data H online; a high availability solution is required for high RPO and RTO. isaster recovery is the ability to recover data in case the production D system is damaged, is destroyed, or becomes unavailable for an undeterminable period of time. A comprehensive disaster recovery solution that can restore data quickly and completely is required to meet low RPO and RTO thresholds. How Cloud Backup and Recovery Works Cloud backup and recovery requires a combination of technologies: backup and recovery software plus a Cloud Service Provider (CSP). This combination allows you to replicate data and system-state information from servers in your production environment into a virtual servercalled a repositoryrunning at the CSP. From this repository, you can restore entire servers to virtual machinesalso housed at the CSPto resume normal operations quickly and effectively. Good backup and recovery software is more than an IaaS target DR hardware site; it will be a full RaaS solution that includes both the target infrastructure and the technologies to replicate and recover your data effectively in the cloud.
Cloud backup and recovery requires a combination of technologies: backup and recovery software plus a Cloud Service Provider (CSP).
17
The best backup and recovery software will provide at least four layers of protection.
Recovery Server DC1 Double-Take Backup Repository Server Recovery Server Exchange
$1.99 / day per server VPN
Amazon EC2 $90 / month + $0.20 / GB DC1 Domain Controller Active Directory DNS Exchange Server Users Users
Users
Cloud seCuriTy essenTials

As mentioned, the security of backing up to the cloud is a major concern for larger or regulated industries. Backing up servers and data requires realtime protection combined with the security and stability of a trusted cloud infrastructure. How can you be sure your data is secure end to end? The best backup and recovery software will provide at least four layers of protection, starting at the production server with secure VPN technology and then isolating your data within the cloud with private backup repository, private security groups, and private storage.
18
Cloud vs. Tape

Regardless of size, if a business relies on tape backup alone, restoration is easy (although slow) only for the simplest failure and only if everything goes perfectly. If a hard disk fails and all the backup tapes are good and the staff is practiced at doing the repair and restore, then its possible to simply buy a replacement part and get things up within a couple of hoursthough the data will be from last nights backup. If the problem is more complicated and involves a replacement server for instance, a day or two will be required to get new hardware in place before recovery can begin. At this stage, 40 percent of tape restores fail. Tape backup has inherent problems that can go quickly from inconvenient to disastrous. Consider some of the issues and the ways they would affect your business in a disaster or system outage: ape backup hardware and software are expensive, especially if you T have multiple offices. aking backups every day requires manual intervention; its easy to M forget or skip it. ape backup nearly always involves downtime; you cant back up a T system that is in use. Tapes are easily damaged, lost, or destroyed. At best, youll be recovering from yesterdays data. orty percent of restoration attempts from tape fail. Can you afford to F permanently lose your data? ape restoration, when it works, involves hours or days of complete T downtime. The Costs of Tape Backup Acquisition and ongoing maintenance of hardware Acquisition of backup software and ongoing maintenance/support Acquisition and replacement of tape media Offsite storage and transportation costs Operation costs for performing backup and recovery Cost of downtime incurred during recovery Cost of data loss due to recovering to previous nights data
Tape backup has inherent problems that can go quickly from inconvenient to disastrous.

19
off-siTe, rapid reCovery

Every business will have different RTO and RPO goals. If an organization determines it has a four-hour RTO and RPO, then the business has decided that it can tolerate four hours of downtime between failure and recovery and that it will have to recreate (or do without) only the last four hours of data. Together, this is about eight hours of lost productivity. For most serious problems, its an optimistic goal for a tape (or disk-to-disk) backup system alone to meet. Even the most mundane failures can easily push recovery times into days or weeks: Equipment failure, requiring a replacement Extended or recurring power outage Air-conditioning failure Fire Flood (water leak) Physical damage to the building
The best way to ensure a fast recovery is to have replacement equipment standing by at an off-site location with the necessary software and configuration to quickly transfer users and data.
The best way to ensure a fast recovery is to have replacement equipment standing by at an off-site location with the necessary software and configuration to quickly transfer users and data. The best practice includes a remote data center with servers, storage, networking equipment, and Internet access. Restoring to this remote data center from backup tapes will likely take too long, assumes that the tapes were not affected by the original problem, and still leaves the risk of recovering only old data. Instead, replication software can be used to keep the backup systems constantly updated. A four-hour RTO and RPO requires: Off-site hardware and infrastructure to run servers and applications ata updates to the DR site more often than every four hours, D preferably real-time ontinual updates of the application and OS configuration (without this, C recovery may fail after a patch or an upgrade) method to deal with any hardware differences between production A and recovery environments
20
All the requirements in the list above can be met by currently available technology. If it is clear that local tape or disk-to-disk solutions do not provide adequate protection and a better solution is available, why isnt every server in the world protected? Usually the answer is cost. The cost of an off-site, rapid recovery solution comes in a variety of ways: Upfront cost echnical complexity (requires new IT specialists or time and budget to T train existing staff) perational complexity (managing a new data center and twice as much O equipment) roject management (complex, expensive projects require lots of P planning and management) Risk (expensive, complicated projects sometimes fail) Given all the cost, complexity, time, and risk involved in creating this capability, these projects are often delayed in favor of projects that produce immediate, obvious results, such as a Web server update or a desktop refresh. For some organizationsparticularly larger organizations with large staff and significant IT expertiseadding extra servers to an existing off-site location is relatively easy. But even in these large organizations, there are still servers that dont make the cut; they are not considered to be critical enough to justify the solution. If a server is so unimportant that it wont be missed when it fails, perhaps the next question is Why not just turn it off? The point of this off-site, rapid recovery solution is to preserve as much of the normal operating capability as possible. Customers and business partners dont care that a pipe burst and flooded the data center; they want to know when a business can deliver. If a server is important to meeting a business requirement, it is worth protecting. The question to ask is not Is this server worth the solution; instead, How do we make the solution practical for every server? Most of the cost and complexity of this solution comes not from the specialized tools for replication and recovery. Instead, the pain comes from, ironically, the extra facilities and equipment, both of which will sit relatively idle most of the time. Specifically: electing, acquiring, and building out a second data center (or the high S cost of renting one already configured) Selecting, acquiring, installing, and configuring the standby equipment Managing and maintaining the facility and equipment Integrating all the parts into a reliable solution
21
This creates a peak-versus-average problem, where time and money are spent building a redundant data center that can meet the peak capacity of the IT department, but the average utilization of that capacity will be very small. You pay for peak but only get the benefit of a very low average utilization. Easy and fast network access, and the introduction of electronic business practices across all industries, has resulted in reliance upon IT systems and therefore puts business operations at risk when IT failures occur. Tape backup was the preferred recovery solution of the 1970s computing era. Disk-to-disk and server-to-server replication is becoming more prevalent because it provides near-real-time copies of data for faster, easier recovery.
Easy and fast network access, and the introduction of electronic business practices across all industries, has resulted in reliance upon IT systems and therefore puts business operations at risk when IT failures occur.
The Cloud dr opporTuniTy

If an IaaS cloud provider can offer a complete data center, with enough capacity to meet peak needs (i.e. during a production outage) but only bill for the average usage during normal operations, there is clearly an opportunity to redefine the cost and complexity of an off-site, rapid recovery solution. By partnering with the right cloud vendor, a manager planning a disaster recovery solution gets access to: Unlimited spares for computers Disk capacity on demand F ree idle bandwidth, with (nearly) unlimited burst capacity A data center that is highly optimized and managed for low cost, high reliability, and high security ata centers located in multiple countries, to best meet geographic and D regulatory requirements All that remains is to integrate a suitable disaster recovery solution to this IaaS capacity. Sound good? It should. There are now real solutions to real problems, but be careful. Many managed service providers and hosting companies are touting their solutions as cloud, and many offer disaster recovery or online backup solutions, but do they meet your Recovery Point and Recovery Time Objectives? It helps to ask them a few key questions: Can you protect all of my servers and applications? Can you protect my OS and applications as well as the data? Can I actually failover to the cloud and stay up and running? Can I test the failover process to ensure the servers are recoverable?
22
o you provide a mechanism to recover the data/servers without lots of D downtime? an I pay for only what I use, or do I need dedicated servers in the C cloud? Once you find a solution that answers those questions to your satisfaction, you can look to protect every server in the infrastructure. It should be so costeffective that you can just sign up, set it, and forget it. Set a reminder to test failover every six months, and ensure you havent added any new servers.
eCo-friendly inCenTives for Cloud CompuTing

Another incentive of cloud computing is that it is eco-friendly. But theres more to going green than just social incentive: making your IT infrastructure more environmentally friendly can save you a ton of cash too. eplacing hardware components with a cloud system reduces energy R costs of running hardware and maintaining climate control and also reduces carbon dioxide emissions. There are tax and power company incentives to going green. onsolidating data in the cloud means more efficient management of C data centers, which means cost-savings. reen IT is composed of several technologies that all have the goal G of reducing power consumption and overall datacenter footprint, consolidating locations and resources, and improving efficiency of operations. ite consolidation to the cloud provides a flexible and efficient platform S that reduces power consumption. Consolidation usually means migrating physical servers to virtual machines, which need not be a complicated or expensive undertaking. Real-time and live migration products take the pain out of migrating to a new infrastructure. When consolidating infrastructures, consider your disaster recovery plan and your ability to protect your architecture from failure. onsolidated environments optimize power and cooling requirements. C They require less energy than would be necessary to power and cool an entire room of physical servers. They use a high-density power and cooling solution designed specifically for a smaller, more efficient virtualized environment. These solutions keep the dense architecture at an optimal temperature without cooling the entire data center.
23
loud computing can reduce the number of servers in your data C center, which may reduce your costs. If you would typically host your transactional Web server farms or commerce applications, you can use the cloud to provide those services instead. The cloud frees smaller SMB companies from the burden of a data center, while larger corporations are using the cloud to host less-critical or lower-tiered applications to further reduce their datacenter footprint. Using the cloud can enhance backup and recovery capabilities and reduce the costs typically associated with tape.
ConClusion
The cloud concept still has a long way to go before we can be sure exactly what its definitions, roles, and limitations will be. There is a tremendous amount of promise in public, private, and hybrid cloud platforms, and much of this promise can be seen in the real-world implementations of cloud technology in the market today. Leveraging cloud platforms where they make the most sense is a matter of careful evaluation and proper migrationin much the same way as you would with most other technology within the corporate organization. The right partners, the right tools, and the right platforms can all work together today to build the data systems that will continue to serve you well for the future.

24

Is The Cloud Right For You?

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Is The Cloud Right For You?

Uploaded by

Copyright:

Available Formats

Is the Cloud Right for You?