The continuous references to "business continuity" may appear to
be daunting. But in reality it is a
simple, yet critical approach in three steps:
- Keep your data safe.
- Make it accessible.
- Make it really accessible.
While the first two points are often discussed elements, the
third point, “really accessible” is a new dimension to
the discussions pertaining to the networking environment. With a
new product that links networks securely over a cellular data
network, "business continuity" is now unwired. Better yet, these
systems work more easily and are more manageable than before.
Some of the key considerations while addressing data security
are:
- Ensure data safety by backing up all data from personal
computers (including laptops) and servers, then store that data
both locally and remotely.
- Provide secure connections for remote users to access your
network and your safe and secure data.
- Take the next step and provide data connections from literally
anywhere within your cellular data network.
Enterprises need to begin by considering data safety first,
because without safe and secure data nothing else matters.
Enterprises should then consider two methods of network access:
typical and atypical.
It’s not Back-Up but Restoration
that matters
The truth though painful is that users do not think of back-up as
something they necessarily need to do. They feel it is something
that others need to do and either consciously or subconsciously
sabotage efforts. However, they place a great deal of importance of
the restoration of files. Users want files restored immediately.
Since they want nothing to do with the backup portion of this
equation, the onus falls on the technology provider.
And now the tape
unravels
Too many people envisage tape when they hear backup. There was a
perception that tape worked adequately for decades, but falling
hard disk prices changed the game. When comparing dollar per
megabyte of storage space years ago, tape won against hard disks by
a huge margin. The price spread was so wide that people suffered
through tape's many reliability and performance problems. While
some of tape's problems improved over the years, the cost of hard
disk space dropped so far companies are no longer willing to accept
slow and mistake-prone tape systems for their primary backup.
Hard disk cost reductions changed the backup equation. Disk to disk
backup systems provide performance and reliability never possible
with old fashioned tape. In summary, duct tape is great, but backup
tape should be retired.
Why files must be backed up in real
time
Today new software moves backup from uncertainty with tape to a
guarantee with disks. With new and state-of-the-art Continuous Data
Protection (CDP) software added to an organization’s backup,
and data tapes will become a thing of the past.
Like many technical terms, Continuous Data Protection has been
acquired a number of vendor specific interpretations. Any CDP
system provides more timely backups than traditional schedule-based
file backups. It is however critical to fully understand the
meaning of “continuous" by a vendor before buying a
system.
Enterprises must ensure that the system they intend to buy can
handle common server applications, such as accounting programs
(Quickbooks, Peachtree, Great Plains), sales tracking software
(ACT!, Goldmine), and Microsoft applications (Exchange Server,
Navision, BizTalk, Business Contact Manager, Sharepoint, etc).
Network applications with databases that stay open stymie less
intelligent backup systems. Enterprises must make sure that their
backup system supports Shadow Volume Copy from Microsoft and has
the ability to copy open databases without hours of extra
configuration and optional software modules.
Continuous Data Protection backup systems need at least two
components, and most companies demand three for adequate
protection.
nFirst, a backup file repository on the network accepts backup data
from other network devices. Sometimes this job goes to a general
purpose server, but smart companies use a dedicated backup
appliance for better performance and security.
nSecond, specialized software sits on each network device and
controls data transfer to the backup appliance. Personal computers
(desktops and laptops) and servers run agent software. Unlike older
backup software that copied changed files during the night, CDP
software agents track every write operation to the client hard disk
and copies the changes to the backup appliance. The agent software
works at a disk block level, not file level, greatly reducing the
amount of data sent over the network to the backup appliance.
nThird, smart companies configure the backup appliance to send
copies of files to a second location for redundancy. The remote
location may be another company backup device or online backup
service.
Ensure that Backups are stored at a
Second Site
Why store backup data somewhere far away? Because in case of
disaster, ranging from a major fire to dropped fruit juice,
organizational data is safe. Quickly restoring the files you need
to run your business means the difference between recovery and
bankruptcy. When your server suffers damage, the backup server
beside it tends to suffer as well, so your data files better be
safe, somewhere else.
Remote backup file storage protects against any disaster, large or
small, that may compromise the clients and backup appliance. Large
disasters like hurricanes make global headlines. A broken water
pipe won't make the news but it will ruin the company’s
servers and clients. Offsite data can then be used to recreate
servers and workstations once they get replaced.
Tape backup users can, if they remember, store tapes offsite. But
they can only restore files from those tapes when they physically
insert their backup tapes into their tape drive connected to their
computers. Getting tapes and new systems together physically may
delay file restoration for days.
Companies still need locally stored backup sets. Local backup file
storage makes local file recovery fast and easy. Optional Bare
Metal Restore (BMR) software takes a disk image snapshot of clients
and servers at scheduled intervals. When necessary, full recovery
of a saved snapshot takes minutes rather than a typical workstation
or server reinstall, which often takes two work days.
The more Backup,
the Better
The more data management options, the better. Remote management?
Makes great sense if companies control remote offices large enough
to have their own backup appliance. E-mail alerts in case of
trouble? Certainly.
Central management consoles with the ability to apply policies to
clients whether the clients want them or not? Absolutely, because
that makes life easier for managers and ensures more clients get
protected, even if against their will.
Once in place, test backup system by restoring files regularly.
Restore files to the client they came from, and to other clients,
all from the storage device management interface. Verify remote
data storage location by restoring files from there as well.
Remember, users call it file backup, but they really mean file
restore.
Make Your Data Accessible with Virtual
Private Networks
No matter how carefully you plan, some of your data is always
somewhere else. Irrespective of how carefully companies plan their
data management, there always is some data out of the purview of
the environment covered.
Companies now configure Virtual Private Networks so that employees
can reach the office network from remote location. Companies can
connect remote offices together. Companies must ensure that their
VPN is flexible enough to connect employees who can't reach the
office, such as during weather extremes or other extreme
conditions? Easy employee access to your network and data means
work continues even as the storm rages.
Very small companies may get by with saving shared files to an
online collaboration service. But once they start running
applications on their own server, that option disappears. They will
need access to data files on the servers, the ability to print back
to an office printer, and a way to execute internal Web based
applications. That means they need a Virtual Private Network.
VPN’s smoothen the way
A few years ago, a customer asking for a VPN generated great
excitement among the huge network services vendors. Supporting VPNs
for even a few remote connections meant expensive server equipment
gear at the office plus large and difficult to install and
configure client software on every remote workstation that might
possibly ever need to link to the office.
The innovation that resulted in the SSL VPNs now ensured that the
Virtual Private Networks can connect through a Web browser using
the same Secure Sockets Layer encryption popularized by e-commerce
vendors. There now is a positive trend in pricing. Hardware systems
gave way to less expensive software based SSL systems which created
fewer client problems than the hardware-based VPN options. Counter
intuitively, innovation and reduced costs moved the software SSL
VPN back to hardware. But now, instead of requiring large Windows
servers, new hardware incarnations mean a small network appliance
that hides behind the company firewall for improved security.
The VPN Appliance
Not only does the VPN appliance cost less than large network
hardware systems and VPN software applications on existing servers,
customers now get more flexibility. Hardware based systems needed
fat client software on each remote client, and early SSL VPN
vendors charged per client connection. In other words, the more
customers deployed the remote access system, the more it cost.
Now, modern SSL VPN appliances support clients without the need for
special software, and they charge by the appliance, not the user.
This allows companies to use remote access for regular connections
like remote offices and traveling laptops, just like always. It
also allows a company to keep running if no one can get to the
office, such as during bad weather. Since one can't plan ahead for
weather so bad it makes travel difficult, flexibility and no
per-use charges make an SSL VPN appliance a key part of a business
continuity plan.
Users each get their own specific URL to connect to the SSL VPN.
This makes management and user tracking that much easier through
VPN management tools. For expanded access, a small client
application should download transparently through the browser link
after authentication, allowing remote control of desktops and
access to more network resources.
Easier Authentication
Since network administrators have no clue as to where employees and
partners are, security takes top priority. Appliances sit just
downstream from the firewall for added protection. Even better is
two-factor authentication so users know the wandering laptop is
still under the control of the user who carried it out the door.
This level of security usually costs about $100 or more per client,
but some SSL VPN appliances include this feature. Of course, the
SSL VPN appliance must support the standard third party
authentication schemes (LDAP, RADIUS) and integrate with
Microsoft's Active Directory and other directory services.
Remote connections assume there's some data payoff at the end of
the road. Companies must ensure that their backup system at the
office guarantee data files await the remote user. Teasing users
with access but without data files is just cruel.
Keep Your Office Open
Providing connection options allows workers to remain productive
when working from remote locations. Remote access makes a great job
perk for employees need to work from locations outside the office.
And when a real problem hits, such as weather that closes down
travel in your area, the perk becomes a productivity lifeline and
keeps businesses open when other businesses shut down.
Adding up, an SSL VPN appliance will support users more flexibly
for less money, be easier to configure than server-based versions,
and work with your firewall for added security
Downside: no more bad weather or riot days off work. Upside:
business become more disaster proof.
Make it Really Accessible
Companies have often been faced with having to provide network
connections to kiosks. The need to connect a first response team
arriving at a location without a network. The need to link a group
of users to the Internet from a rest stop by the highway.
The T1 or DSL dies – what can users do to restore Internet
connectivity immediately? What can they use for a backup?
These questions don't get asked because vendors never had a good
answer for them. Why would vendors pose a problem they can't
solve?
The Non-Network Network
How about the cellular data network as an answer to the questions
most vendors avoid?
This doesn't mean a cell phone is used as a laptop. It means take
advantage of 3G data networks provided by every major cell phone
service provider. Radio waves reach farther than broadband
connections.
Take the instance of a small router/firewall/gateway appliance that
includes a slot for a 3G PC Card. When the primary network
connection fails, or when a group of users goes where broadband
connections remain a rumor, users can still provide network
access.
Today, wired data vendors promise WiFi hot spots everywhere, but
they were more than a bit optimistic. While WiFi vendors
under-delivered, the cellular carriers quietly added high speed
data networks to their cell towers over almost all the US.
Off-Grid Yet Managed
TV SWAT teams aren't the only groups that send out a "first
response" team that needs communications. Many companies send
installation teams, inventory groups, auditors, and overflow
support to remote locations. These sites often lack network
bandwidth, and sometimes lack network connections of any kind. Even
the most mundane situations, such as opening a new remote three
person sales office, can use a "connect anywhere" router when the
data services provider runs their typical two weeks late for
installation.
Companies must check for two critical features: remote management,
and speed. Management becomes more important than ever because the
remote team will pay less attention to network niceties than a
typical remote office. And everyone wants their network to be
faster.
But what is the speed that is in question? Anywhere from around
100kbps with GPRS to around 2,000kbps with EV-DO Rev A (best case).
A wireless option for the cellular data router makes even more
sense by providing more client flexibility (wired or wireless). And
if customers need to deploy a network in a park or a parking lot,
flexibility is the name of the game.
It may take customers some time to imagine where to use such an
appliance, because their thinking has always been limited by
available technology. Many companies never considered the
advantages of putting networks beyond the reach of, well, networks.
Now that connection technology really slips off the leash,
customers may find some interesting places to add a secure network
router/gateway with 3G access.
Data Access From Anywhere
Many studies point out that only about a third of small and medium
companies do a good job backing up their data. Notice the term was
"good job" not "great job." The research firm Gartner says only 25
percent of small companies exist in a single location, meaning even
the smallest companies need remote data access. Few small and
medium sized businesses have a network connection Plan B to use
when their network service provider fails them.
Despite user reluctance to help with any backup chores, despite the
hassles of mobile and remote users, and despite the fact you may
need Internet access where none exists, the show must go on. While
it may seem pretentious to call Order Entry and Accounts Receivable
"the show," business functions like those keep the house lights
on.
Not only can customers keep their data secure and available from
anywhere, really anywhere today, you can do it for less money and
with more management than ever before. Companies must manage
backups, because users won't help. They also must manage network
connections between offices and remote employees connecting back to
the office. Companies must really manage a temporary network used
to keep connections during an outage from your regular network
provider, or when deploying a network segment far outside the reach
of a broadband connection.
The saying, “you can't measure what you don't manage”
remains true. Now companies have options to measure a technology
provider’s increased success with file backup, data
connections, and business continuity.
Reliable and secure file safety and network access means your
business keeps going from more places despite unfortunate
situations than ever before. Better file safety and network access
management almost always means more cash in hand to measure.
Adopt Managed Appliances
On one level, we've been talking about data file safety and
accessing those data files from normal and unusual places for
normal and unusual reasons. The fancy term, business continuity,
describes the process well: keep businesses running in spite of
major floods or minor snow flurries.
On another level, we've been discussing the rise of managed
appliances now powerful and intelligent enough to provide data file
safety and network access in a wide range of situations. Big
server-based applications have their place, but affordable
appliances fit more situations and provide more value more
flexibly.
The goal: keep your data files safe and stay connected, no matter
what from no matter where. Now that small managed appliances handle
big intelligent processes, you have more options at more affordable
price points to keep your business up and running.