Nexsan Announces SASBoy, DATABeast and the Edge

Nexsan’s product lines continue to expand, providing an even broader range of solutions to offer customers. These exciting New Nexsan products complement their popular and successful SATABoy and SATABeast.

NEW Nexsan Products
DATABeast - Full Service Storage for All Your Data
DATABeast combines enterprise class storage services with mission critical availability for today’s data intensive environments. DATABeast consolidates large amounts of SATABeasts into a single, high density, easy to manage solution that can be economically expanded to meet the needs of any organization.

SASBoy - High Performance SAS Storage
Nexsan has raised the bar again with its SASBoy high performance SAS storage. The SASBoy’s unique combination of high performance with energy saving sets it apart enabling organizations to maximize the use of their investment while reducing cost of operation.

The Edge - Full Featured NAS & iSCSI for SASBoy, SATABoy and SATABeast
Nexsan has added NAS/NFS-CIFS and additional iSCSI storage services to our award winning storage systems. Additional features include online capacity expansion, replication, snapshots and Assureon CAS archive connectivity software for those customers needing archive and compliance. It’s the perfect solution for small to medium sized businesses with files and databases wanting to consolidate everything onto a single, easy to use Nexsan solution.

SATABeast Xi - Designed for Xserve and Mac Pro Systems
If you didn’t see it before, Nexsan has taken its award-winning SATABeast storage system and redesigned it for Mac environments.

Arcmail Tecnology - Importance of Email Archiving

The Growing Need to Archive Email

‘Email archiving’ is one of those terms that evokes a variety of responses from messaging managers. Individuals in heavily regulated companies, such as broker-dealers, see it as a critical element of good messaging management in order to satisfy regulatory requirements. Others see it as a ‘nice to have’ feature that might provide some additional value to their organization. Still others see it as undesirable because of the potential for preserving incriminating evidence that could harm an organization during a legal action or regulatory audit. This white paper is intended to address all three groups. Its goal is to help you understand the wisdom of at leastconsidering the deployment of an email archiving system. The white paper discusses the various benefits that such a system can provide and why archiving email for long periods can provide more benefits than detriments for just about any organization. This white paper also discusses the value proposition offered by ArcMail Technology, providers of an appliance-based email archiving system that is designed for organizations of up to 5,000 users.

Why Organizations Should Consider Archiving

There are a variety of reasons that any organization should consider deploying an email archiving system. In some organizations, one reason will suffice; in others, there will need to be a combination of benefits to help sell the notion that email archiving is a best practice and a sound business decision.

Regulatory Compliance

There is a mindset among many messaging managers and other decision makers that there are ‘regulated’ and ‘unregulated’ industries. Regulated industries would include broker-dealers and others who deal in securities trading, since these organizations face stringent requirements; while unregulated industries would include virtually everyone else. That is clearly not the case. In reality, there are heavily regulated industries, such as broker-dealers and investment advisors, and less heavily regulated, which includes just about everyone else. Virtually all employers in all industries face varying degrees of regulation. For example:

• Broker-dealers must comply with a variety of retention and supervisory regulations, including SEC Rules 17a-3 and 17a-4; NASD Rules 2210 and 3110; NYSE Rules 440, 342 and 472; and NFA Rule 2-9.

• Registered investment advisors must comply with new email retention provisions of Rule 204-2 contained in the Investment Advisers Act.

• The Investment Dealers Association of Canada imposes email retention and supervisory requirements on Canadian investment dealers through IDA By-law 29.7.

• Other data retention requirements focused on the financial services space include NCUA Part 749, 12 CFR 226.25, 17 CFR 270, 17 CFR 275 and 17 CFR 240.
  

• Large, public companies face regulatory requirements from statutes like Sarbanes-Oxley, specifically Sections 404 and 802.

• Organizations that manage healthcare-related information must satisfy statutes like the Health Insurance Portability and Accountability Act (HIPAA), the Medicare Conditions of Participation. Further, Medicare and Medicaid reimbursement to rural health clinics requires that these clinics maintain medical records for six years.

• Contractors to the US federal government must satisfy provisions of the Federal Acquisition Regulation (FAR).

• Almost all organizations, depending on the jurisdiction(s) in which they operate, are subject to regulations like the Gramm-Leach-Bliley Act, California’s SB 1386, the Americans with Disabilities Act, the Patriot Act, the Toxic Substances Control Act, the Civil Rights Act of 1964 and the Personal Information Protection and Electronic Documents Act (Canada), to name but a few of the many regulations that include data retention provisions. The consequences of failing to comply with data retention regulations, as well as legal discovery requirements (as discussed later in this document), can be severe. Consider the following:

• Ronald Perelman sued Morgan Stanley in a case in which Perelman alleged that Morgan Stanley did not uncover fraud at appliance maker Sunbeam. Because Morgan Stanley did not provide to the court emails that it was ordered to produce, the judge in the case told the jury that Morgan Stanley’s failure to produce the emails was ‘an act of bad faith’ – Perelman won a $1.7 billion judgement. Further, in February 2006, the SEC fined Morgan Stanley $15 million because of their inability to produce the required emails in this case.

• In March of 2004, Bank of America was fined $10 million by the SEC for failure to a) continue to retain email records regarding a recent merger and b) for taking too long to comply with regulatory requests. The SEC charged that Bank of America misled regulators and took too long to produce evidence in an investigation of improper trading by employees at its securities brokerage. The bank complained that it would be “too much work” to produce certain archived emails – it took the bank nearly two years to produce all of the emails that had been requested.



• In December 2002, Salomon Smith Barney, Morgan Stanley, Piper Jaffrey & Hopwood, Deutsche Bank and Goldman Sachs were fined a total of $8.25 million because of their failure to adhere to SEC Rule 17a-4 which requires broker-dealers to preserve electronic data on non-rewritable, non-erasable storage. While most of the regulations that include provisions for data retention do not specifically require email retention, there are two important things to consider in this regard. First, the increasing proportion of corporate records that are sent through and stored in email necessitates an archival capability that can manage records in this native format – printing copies of email for retention is unwieldy, prone to error and very expensive. Second, email constitutes a written communication that carries the same formality and weight of a certified letter. It is important, therefore, that organizations of all sizes and
  in all industries assess their regulatory requirements with regard to the preservation of email. These requirements exist at the Federal and state levels and, in some cases, at the county or city level. Also, the various countries in which an organization operates typically impose some level of record retention requirements with which organizations must comply.

Legal Discovery and Litigation Support

From a legal standpoint, data retention is an increasingly important component of a good messaging management strategy for one simple reason: email is increasingly included in legal discovery orders. Courts are increasingly finding that email contains valuable content that can be of value in legal discovery proceedings. Further, the case of Zubulake vs. Warburg has become the ‘gold standard’ in legal discovery arguments, since the case makes it more likely that a defendant will have to bear the costs associated with legal discovery if a plaintiff can demonstrate that an email system contains information that is likely to be valuable.

For an organization that must produce information from its email system during legal discovery, the primary value that an archiving system can offer is a dramatic reduction in the cost of this activity. An organization faced with the cost of satisfying a legal discovery order using nothing but backup tapes faces potentially major costs to satisfy the order. Because recovery servers must be set up, the contents of backup tapes read into live storage, and then the requested information must be found, the process of discovery can be time-consuming, extremely expensive and disruptive to IT staff members who typically must stop other activities to perform this work. An email archiving system can dramatically shorten the amount of time required for legal discovery and can cut the costs of discovery to just a fraction of what they would be otherwise.

Another issue to consider is the potentially severe consequence of not being able to produce email in a timely fashion in response to a discovery order. Emails that cannot be produced in response to such an order may be presumed to be incriminating – the Perlman case noted above is an example of the type of inference that may be drawn by a judge and jury from such an inability to satisfy a discovery order.

In addition to legal discovery, an email archiving system can assist an organization in assessing its position at the beginning of a legal action. An organization faced with a wrongful termination lawsuit, for example, can quickly go through an archive for all emails and other information that might be relevant. If the organization finds that its position is untenable, the organization’s legal counsel can push for a quick settlement in order to minimize its losses. If, on theother hand, an examination of the archive reveals that the lawsuit is without merit, it can leverage this knowledge, as well.

From a legal perspective, one of the arguments against email archiving is that it preserves ‘smoking guns’ that could serve to harm an organization during a regulatory audit or legal discovery. Many believe that deleting all email on a regular basis can insulate an organization from liability by removing potentially incriminating evidence that might be introduced during a legal action, for example. However, there are two arguments against deleting email as a means of protecting an organization:

• Deleted email is never completely deleted. While your organization may delete all copies of email, external recipients of email still likely have copies of it stored in their archives, on backup tapes, or in local .PST files. Employees likely have copies of email on their laptops, PDAs, home computers, USB keychain devices, etc. In short, while email can be deleted from servers and backup tapes, there are many other locations in which copies may be found.

• Deleting email on a regular basis is no guarantee that an organization will not be held liable for producing email during a regulatory audit or during discovery.

Storage Management and Storage Optimization

Most organizations impose mailbox size quotas in order to ensure a good compromise between email server performance and usable mailbox sizes for end users. Osterman Research has found that the median mailbox size among organizations that impose such quotas is 100 megabytes. If mailbox sizes are allowed to grow larger, email server efficiency can suffer, message delivery times can slow and restoration after a server crash can take longer. If quotas are made smaller, users will spend more time cleaning out their mailbox in order to stay within their quota limitation, reducing their productivity.

An appropriately configured email archiving system can automatically move content from users’ mailboxes to the archive while still making it available to users on a long term basis. From an operational standpoint, then, an email archive can provide the best of both worlds: IT can impose fairly strict quota limitations in order to maintain optimal email server performance, while users can employ a mailbox that appears to be infinitely large because content is automatically archived.

Knowledge Management

Osterman Research has found that the typical email user spends about one-third of his or her day using some aspect of an email system: sending and receiving emails, looking for attachments, creating or looking up contacts, managing tasks and so forth. Coupled with the fact that email systems have become the primary file transport mechanism and repository for most organizations, there is, therefore, an enormous quantity of information stored in email systems that users can employ in doing their work. Osterman Research has found that more than 90% of email users refer to old email when composing new email.

An email archiving system can serve as an effective knowledge management tool by making older email content available to users through an easy-to-use search interface. While knowledge management is unlikely to be the primary reason that an organization implements email archiving, it is an important additional benefit that an organization can realize.

Disaster Recovery

It almost goes without saying that disasters happen. Hurricanes, tornadoes, floods, earthquakes – as well as the odd leaky water pipe above a server room – can all render an email system inoperable. While backup tapes are useful in bringing an email system back online, perhaps using a secondary set of servers at another location, there can still be substantial data loss incurred. For example, if an email server goes down due to some sort of serious problem at 4:00pm on a Wednesday afternoon, typically the most recent backup tape that would be available would be one from the night before, resulting in a loss of all email data generated by employees on that Wednesday. An email archiving system, on the other hand, can be configured to archive data in near real-time, resulting in comparatively little data loss.

The ArcMail Technology Value Proposition

ArcMail Technology’s Defender is a self-contained appliance that provides a complete archiving solution for organizations of up to 5,000 users. The appliance is easy to deploy and manage, and provides a complete archiving solution that satisfies the requirements discussed above:

• Compliance
  
  Defender fulfills the message storage requirements of the various regulations noted above. Data is stored with MD5 identification, an encryption algorithm designed to verify the integrity of data, to guarantee that the data has not been modified.

• Legal discovery

Defender can quickly produce all related documents. Often, showing the context in which an email was written can refute a single apparently damaging email taken out of context.

• Storage management

With access to an extremely large archive, users no longer need to tie up large amounts of storage on their desktops or the company mail server(s).

• Knowledge management

Defender offers an easy-to-use interface that allows users to rapidly identify and recover messages. Users may retrieve their messages from their own archive, reducing the need for IT staff to be involved in recovering deleted or missing emails. Defender also provides a number of other benefits, including:

• A very affordable archiving capability that can be deployed for as little as $10 per user.

• Real-time archiving, not batch archiving. This is extremely important in the context of regulatory and legal compliance, since a batch archiving system allows users to delete email between archiving cycles.

• Non-intrusive archiving that imposes no requirement on individual users to identify the records that need to be retained and those that can safely be deleted.

• An ‘edge’ form factor, completely independent of the email server, so that mail server performance is unaffected by archiving operations.

• The ability to restore email content to a newly created mailbox so that individual users can be investigated independently of their normal day-to-day use of email.

• On-line search capablities, including email and mailbox restoration, eliminating the need for tape-based systems.

• Protection of intellectual property through both outbound content filtering and supervisory search capabilities.

• Defender serves as the basis for a robust disaster recovery and business continuity solution
  

Summary and Conclusion

Email archiving is a critical component of an overall messaging management capability that can provide a number of important benefits for organizations of all sizes in all industries. Among these benefits are:

• Regulatory compliance

• Legal discovery and litigation support

• Storage management and storage optimization

• Knowledge management

• Disaster recovery

For smaller organizations, an easy-to-deploy email archiving solution is an important tool that can reduce an organization’s costs, make it more responsive to information requests during regulatory audits or legal discovery, make its email servers more efficient and make its users more productive.

Storage Area Network Basics! SAN Management Overview

The storage area network (SAN) centralizes enterprise storage by interconnecting storage devices and subsystems through a dedicated high-speed network fabric, such as Fibre Channel, FICON OR ESCON. A SAN can also extend beyond the local data center, connecting storage systems at remote geographic locations through WAN links like ATM or SONET. Once implemented and configured, the SAN's storage resources can be managed centrally, allowing administrators to organize, provision and allocate that storage to users or applications operating on the network across an organization. Centralization also allows administrators to monitor performance, troubleshoot problems and manage the demands of storage growth. If you're new to storage area network technology, or just need to refresh the basics, this guide covers the essential concepts of configuration, provisioning, performance and capacity management, and monitoring and troubleshooting. SAN hardware leaders include StoreVault, Snap Server 700i Series and the Nexsan Technologies Company.

RAID configuration
RAID technology serves two purposes in the disk array or server; it can be used to improve storage I/O performance through striping, and it can bring redundancy to the RAID group through mirroring and parity techniques. When implementing RAID, it's necessary to select an appropriate RAID level and specify a RAID group size (the number of disks committed to the group). For example, use RAID 1 when top performance is essential. This mirrors the contents of one disk to another but uses twice the number of disks. Other RAID levels protect disk groups by striping parity information across each disk in the group. RAID 5 uses one additional disk for parity data, while RAID 6 uses two extra disks, allowing the loss of two drives simultaneously. RAID 6 has become more prominent in recent years due to the popularity of SATA drives, which are high-capacity drives that take longer to rebuild.

Rebuild time is a serious issue when configuring RAID arrays. When a disk fails, it takes time to rebuild the failed disk's contents. During a rebuild, the RAID group is inaccessible or operates at reduced performance. But as disk capacities have burgeoned, rebuild times have become problematic. Now that SATA disks are routinely at 750 GB with 1 TB drives available, failures can take hours to rebuild. Such long rebuilds expose the RAID array to a greater potential for multiple disk failures and data loss. Look for disk arrays that offer fast rebuild times and predictive fault features that can start a rebuild to a spare disk before a complete disk failure occurs.
Another issue comes in changes to the RAID setup. Traditionally, a RAID group was a static entity once a level and group were selected. To change a RAID level or group size, the group would have to be rebuilt from scratch using the new size and level, and then reloaded from a backup. An increasing number of RAID platforms support dynamic RAID groups, allowing administrators to change levels and group sizes on the fly.

SAN provisioning
To centralize storage on a SAN while restricting access to authorized users or applications; the entire storage environment should not be accessible to every user. Administrators must carve up the storage space into segments that are only accessible to specific users. This management process is known as provisioning. For example, some amount of data center storage may be provisioned for an Oracle database that might only be accessible to a purchasing department, while other space may be apportioned for personnel records accessible to the human resources department.

The major challenge with provisioning relates to storage utilization. Once space is allocated, it cannot easily be changed. Thus, administrators typically provision ample space for an application's future use. Unfortunately, storage capacity that is provisioned for one application cannot be used by another, so space that is allocated, but unused, is basically wasted until called for by the application. This need to allocate for future expansion often leads to significant storage waste on the storage area network. One way to alleviate this problem is through thin provisioning, which essentially allows an administrator to "tell" an application that some amount of storage is available but actually commit far less drive space -- expanding that storage in later increments as the application's needs increase.

Provisioning is accomplished through the use of software tools. Tools typically accompany major storage products. For example, EMC's Celerra NAS family includes Celerra Manager software for provisioning. The issue for administrators is to seek a provisioning tool that offers heterogeneous support that covers the storage platforms currently in their environment. Otherwise, IT staff will need to use multiple provisioning tools, increasing management difficulty.
SAN performance and capacity management
SAN performance can be adversely affected when storage runs low, resulting in application performance problems and service level issues. Many IT organizations guard against this threat by overbuying and overprovisioning storage, but this frequently results in wasted capital since the additional storage investment is not necessarily utilized. Organizations are embracing performance and capacity planning practices to avoid unexpected storage costs and disruptive upgrades. The goal is to predict storage needs over time and then budget capital and labor to make regular improvements to the storage infrastructure.

In actual practice, SAN performance and capacity planning can be extremely difficult. It's virtually impossible to predict the storage needs of an application or department over time without a careful assessment of past growth and a comprehensive evaluation of future plans. In fact, many organizations forego the expense and effort of a formal process unless a mission-critical project or serious performance problem demands it. Organizations choosing to sustain an ongoing performance and capacity planning effort will need either comprehensive storage resource management (SRM)-type tools, or a capacity planning application.

SAN monitoring/troubleshooting
SAN problems can be particularly difficult to isolate -- further complicated by the complex configurations and interrelationships between the servers, switches and storage platforms that often populate a storage area network. A working SAN is a digital ecosystem unto itself and seemingly innocuous changes in one place can have a catastrophic impact on another.
The best SAN troubleshooting is typically proactive and usually involves establishing a performance baseline of critical characteristics before problems ever arise. It's then a simple matter to compare a current baseline against a "known good" baseline. This often reveals problems quickly and can identify any performance changes as the result of upgrades or reconfigurations.

Another key to effective SAN troubleshooting is comprehensive change management policies. By tracking changes and restricting change activities to authorized IT personnel, an administrator can avoid unexpected trouble and quickly correlate help requests with recent SAN changes.

Data Deduplication - Eases Storage Requirements

Data is flooding the enterprise. Storage administrators are struggling to handle a spiraling volume of documents, audio, video and images, along with an alarming proliferation of large email attachments. Adding storage is not always the best solution; storage costs money and the sheer number of files eventually burdens the company’s backup and disaster recovery (DR) plans. Rather than finding ways to store more data, companies are turning to data reduction technologies such as data deduplication. This article explains the basic principles of data deduplication and looks at some of the implementation issues for data deduplication technology.

Understanding data deduplication

Data deduplication is a means of reducing storage space. It works by eliminating redundant data and ensuring that only one unique instance of the data is actually retained on storage media, such as disk or tape. Redundant data is replaced with a pointer to the unique data copy. Data deduplication, sometimes called intelligent compression or single-instance storage, is often used inconjunction with other forms of data reduction. Traditional compression has been around for about threedecades, applying mathematical algorithms to data in order to simplify large or repetitious parts of a file—effectively making a file smaller. Similarly, delta differencing reduces the total volume of stored data bycomparing the new and old iteration of a file and saving only the data that had changed. Together, thesetechniques can optimize the use of storage space.

Benefits of data deduplication

When properly implemented, data deduplication lowers the amount of storage space required, which results in less disk expenditures. More efficient use of disk space also allows for longer disk retention periods, which offers better recovery time objective (RTO) for a longer time and reduces the need for tape backups. Data deduplication also reduces the data that must be sent across a WAN for remote backups, replication and disaster recovery. Data deduplication primarily operates at the file, block and even the bit levels. File deduplication is relatively easy to understand: If two files are exactly alike, one copy of the file is stored and subsequent iterations receive pointers to the saved file. However, file deduplication is not very efficient because the change of even a single bit results in a totally different copy of the entire file being stored. By comparison, block and bit deduplication looks within a file and saves unique iterations of each block. If a file is updated, only the changed data is saved. This behavior makes block and bit deduplication far more efficient. “It’s an order of magnitude difference in terms of the amount of storage that it [block deduplication] saves in a typical environment,” says W. Curtis Preston, vice president of data protection at GlassHouse Technologies Inc. Other analysts note that deduplication can achieve compression ratios ranging from 10-to-1 to 50-to-1. However, block and bit deduplication take more processing power and use much larger index to track the individual blocks. Data deduplication platforms must contend with the issue of “hash collisions.” Each chunk of data is processed using a hash algorithm, such as MD5 or SHA-1, generating a unique number for each piece. The resulting hash number is then compared with an index of the existing hash numbers. If that hash number is already in the index, the piece of data is a duplicate and does not need to be stored again. Otherwise, the new hash number is added to the index and the new data is stored. In rare cases, the hash algorithm may produce the same hash number for two different chunks of data. When such a hash collision occurs, the system fails to store the new data because it sees that hash number already. This is called a false positive and can result in data loss. Some vendors combine hash algorithms to reduce the possibility of a hash collision. Some vendors are also examining metadata to identify data and prevent collisions.

Implementing data deduplication

The data deduplication process is usually implemented in hardware within the actual storage system, but it is also appearing in backup software. Hardware-based implementations are usually easier to deploy and are geared to reducing storage at the disk level within the appliance or storage system. Software-based implementations also reduce data, but the reduction is performed at the backup server. This minimizes the bandwidth between the backup server and backup system, which is particularly handy if the backup system is located remotely. “Users get end-to-end benefits when deduplicating data at the source—less data traverses the WAN, LAN and SAN,” However, deploying deduplication in a new backup application is more disruptive because it involves installing lightweight agents on the systems that must be backed up, in addition to installing the new backup engine.

Caveats regarding data deduplication

There is no universal approach to data deduplication; results can vary dramatically, depending on factors such as the storage environment and, of course, which dedupe product is selected. Data deduplication only makes sense when long-term retention is involved, usually for backup and archive tasks. Short-term retention sees little benefit because there is nothing to deduplicate against. Preston cautions against the misinformation circulating between deduplication vendors and suggests focusing on issues of performance, capacity and cost. With due diligence, you can identify potential performance and compression issues in your environment. “Let’s say you’re backing up seismic data or medical imaging data—this data tends to not dedupe very well,” he says. He also advices users to test a prospective data deduplication platform with various types of backups and restores, and see how it functions under actual circumstances. Scalability is another issue for data deduplication deployment, especially in terms of performance as the data deduplication system grows. Performance might have been an issue as early hash indexes grew large and additional time was needed to look up each block, but Preston calls that FUD (fouled up data) marketing now. “All of the vendors that I am aware of that are currently shipping or about to ship have addressed this [scaling issue] in one way or another,” he says. Nevertheless, he recommends you check with you data deduplication vendor on the matter. From a management perspective, data deduplication should not present any noticeable increase in overhead. “It [management] shouldn’t be any more or less than just a standard VTL [virtual tape library].” When multiple deduplication devices are needed, however, there could be an incremental increase in management effort.

Impact of data deduplication

The Appalachian and coastal areas South Carolina are enticing attractions to tourists and regional industry. Advertising, communication and literature have emerged as key assets to the Department of Parks, Recreation and Tourism—the agency responsible for promoting tourism as an industry and maintaining an extensive park system throughout the state. The agency originally had an EMC Corp. storage area network (SAN) hosting a total of 4 terabytes (TB), of which 1.2 TB comprised the actual working data set of databases and files, while 2 TB was allocated for disk backups before being relegated to DLT. Like many IT organizations, the agency sought ways to mitigate the increasing storage demands of its media and other data. After investigating numerous data deduplication vendors, the agency settled on Data Domain Inc.’s 430 appliance for disk backup tasks. With 2 TB of onboard storage, the 430 replaced the 2 TB that had previously been set aside on the SAN. The reduction in space was dramatic with bit level deduplication. “With the compression and deduplication, I think we’re using about 900 MB,” says Bernie Robichau, the agency’s systems administrator and security officer. The space reduction was a welcome cost savings, but it also allowed much longer backup retention on disk. “If someone had requested a two-week old file, I would have never been able to get that from a disk-based backup because I couldn’t keep two sets of backups on our allocated 2 TB of hard drive [SAN] storage,” Robichau notes. “Now someone can request a file from three weeks ago or six weeks ago, and it’s immediately available.” Robichau says that installation of the data deduplication platform was relatively quick and easy, requiring only about four hours of onsite engineering work and minimal configuration. Its current CommVault System Inc. backup infrastructure proved to be fully compatible—backup agents were simply pointed to the new appliance rather than the EMC SAN. “The backups worked just as they always did, but we’re consuming far less disk space and much more retention than we ever did before,” he says. While the deduplication appliance requires almost no management time, Robichau notes as much as 75% labor savings in tape overhead, such as cartridge rotation, cleaning and storage. The only remaining tape effort involves full backups on weekends and systematic cartridge rotation to an offsite location. Although there are no immediate plans to upgrade storage on the 430 appliance, the attention is clearly focused on disaster recovery. Previous considerations of complex disaster recovery plans were put on hold due to complexity. However, the 430 supports replication easily and Robichau expects to replicate the 430 to a duplicate appliance and eliminate backup tapes entirely sometime in the next fiscal year or beyond. “There’s no planning beyond synchronizing an identical appliance on site and putting it in one of our remote locations.”
Denver-based IT hosting provider was drowning in customer data. Its challenge: to keep its data protection business running smoothly, along with other services, like managed server hosting, managed firewalls and load balancing. However, its backup environment was formidable; handling 20,000 backups per month with each customer protecting 20 GB to100 GB. Even with 4.5 TB of protected storage, They could only keep two weeks of retention. To make matters even more challenging, its StorageTek L700 and L11000 tape libraries were managed by an outsourced provider, requiring a full-time engineer at the hosting provider. But, it was ongoing restoration problems that forced them into action. “Our success rate from backups, at the lowest point, was roughly 70%,” says senior systems engineer. “And far too often, we couldn’t hit [restore] the exact day they wanted.” Poor performance of the tape backup process also plagued the organization, with full backup windows often exceeding 18 hours. These problems also translated into significant customer support costs. It became clear to him that disk storage was the key to beating reliability and performance woes, and data deduplication would be essential to reduce the total volume of storage needed for full and incremental customer backups. They opted for Avamar Technologies’ Axion software running on a cluster of 11 Dell 2850s offering about 10 TB of total storage. The actual deployment involved a forklift upgrade, but he reportsthat the system was up and running in just a few days after installing agents on almost 400 backup servers and migrating necessary data.

The move to data deduplication brought several significant benefits, most notably a reduction in storage requirements. While it might have taken 350 GB to protect 100 GB of customer data without deduplication (full and incremental backups), with data deduplication, it actually takes less storage than the data it’s protecting. “I’m using about 7 TB of storage to protect roughly 8 TB of data,” he says. “That includes anywhere from two weeks to one year of retention [daily full backups].” Backup time was also slashed; in some cases an 18-hour backup window fell to 1-1/2 hours, while the backup and restoration success rate was improved to 98% or more. Before, two full-time engineers were needed. After the deployment, that requirement fell to one half-time engineer. “We wanted to have an ROI [return on investment] of 24 months, and we hit payback at 20 months,”.

Today, the 4.5 TB of protected data has grown to about 7.6 TB protected by data deduplication. About 2 TB of that protected data is replicated to a smaller Avamar deployment at a disaster recovery site in St. Louis. The company continues to use tape for long-term archival backups. He expects the amount of protected data to double in the foreseeable future, though less storage will be required to handle the growth.

The future of data deduplication

In the near term, industry experts see data deduplication filling an important role in disaster recovery: saving disk storage space by replicating the data of one deduplication platform to another located off site. This reduces the need to move tapes back and forth, which can be particularly valuable when replicating hundreds of terabytes of data. Other analysts note that the separate “point products,” like VTL, will address backup window performance, while data deduplication addresses the issue of storage capacity. Whitehouse says, “Next-generation backup solutions fix both, deduplicating data as it’s sourced from the backup target and improving the efficiency of its transfer across a LAN/WAN to the central disk repository.” Deduplication is now common in VTLs and will appear as a feature of traditional backup products.

Key considerations in developing a storage area network design

Storage area networks (SANs) let several servers share storage resources and are often used in situations that require high performance or shared storage with block-level access, like virtualized servers and clustered databases. Although SANs started out as a high-end technology used only in large enterprises, cheaper SANs are now affordable even for small and medium-sized businesses (SMBs). In earlier installments of this Hot Spot Tutorial, we examined what benefits SANs offer over other storage architectural choices, as well as the two main storage networking protocols, Fibre Channel and iSCSI. In this installment, we'll look at the main considerations you should keep in mind when putting together a storage area network design.

Uptime and availability
Because several servers will rely on a SAN for all of their data, it's important to make the system very reliable and eliminate any single points of failure. Most SAN hardware vendors offer redundancy within each unit -- like dual power supplies, internal controllers and emergency batteries -- but you should make sure that redundancy extends all the way to the server.
In a typical storage area network design, each storage device connects to a switch that then connects to the servers that need to access the data. To make sure this path isn't a point of failure, your client should buy two switches for the SAN network. Each storage unit should connect to both switches, as should each server. If either path fails, software can fail over to the other. Some programs will handle that failover automatically, but cheaper software may require you to enable the failover manually. You can also configure the program to use both paths if they're available, for load balancing.
But you should also consider how the drives themselves are configured, Franco said. RAID technology spreads data among several disks -- a technique called striping -- and can add parity checks so that if any one disk fails, its content can be rebuilt from the others. There are several types of RAID, but the most common in SAN designs are levels 5, 6 and 1+0.
RAID 5 stripes data across every disk in the unit except one, which is used to store parity information that can be used to rebuild any drive that needs to be replaced. RAID 6 adds a second disk for redundant parity. This protects your client's data in case a second drive breaks during the first disk's rebuild, which can take up to 24 hours for a terabyte, Franco said. RAID 1+0 stripes data across a series of disks without any parity checks, which is very fast, but mirrors each of those disks to a second set of striped disks for redundancy.

Capacity and scalability
A good storage area network design should not only accommodate your client's current storage needs, but it should also be scalable so that your client can upgrade the SAN as needed throughout the expected lifespan of the system. You should consider how scalable the SAN is in terms of storage capacity, number of devices it supports and speed.
Because a SAN's switch connects storage devices on one side and servers on the other, its number of ports can affect both storage capacity and speed, Schulz said. By allowing enough ports to support multiple, simultaneous connections to each server, switches can multiply the bandwidth to servers. On the storage device side, you should make sure you have enough ports for redundant connections to existing storage units, as well as units your client may want to add later.
One feature of storage area network design that you should consider is thin provisioning of storage. Thin provisioning tricks servers into thinking a given volume within a SAN, known as a logical unit number (LUN), has more space than it physically does. For instance, an operating system (OS) that connects to a given LUN may think the LUN is 2 TB, even though you have only allocated 250 GB of physical storage for it.
Thin provisioning allows you to plan for future growth without your client having to buy all of its expected storage hardware up front. In a typical "fat provisioning" model, each LUN's capacity corresponds to physical storage. That means that your client will have to buy as much space as it anticipates needing for the next few years. While it's possible to allocate a smaller amount of space for now and transfer its data to a larger provision as needed, that process is slow and could result in downtime for your client.
Thin provisioning allows you to essentially overbook a SAN's storage, promising a total capacity to the LUNs that is greater than the SAN physically has. As those LUNs fill up and start to reach the system's physical capacity, you can add more units to the SAN -- often in a hot-swappable way. But because this approach to storage area network design requires more maintenance down the road, it's best for stable environments where a client can fairly accurately predict how each LUN's storage needs will grow.

Security
With several servers able to share the same physical hardware, it should be no surprise that security plays an important role in a storage area network design. Your client will want to know that servers can only access data if they're specifically allowed to. If your client is using iSCSI, which runs on a standard Ethernet network, it's also crucial to make sure outside parties won't be able to hack into the network and have raw access to the SAN.
Most of this security work is done at the SAN's switch level. Zoning allows you to give only specific servers access to certain LUNs, much as a firewall allows communication on specific ports for a given IP address. If any outward-facing application needs to access the SAN, like a website, you should configure the switch so that only that server's IP address can access it.
If your client is using virtual servers, the storage area network design will also need to make sure that each virtual machine (VM) has access only to its LUNs. Virtualization complicates SAN security because you cannot limit access to LUNs by physical controllers anymore -- a given controller on a physical server may now be working for several VMs, each with its own permissions. To restrict each server to only its LUNs, set up a virtual adapter for each virtual server. This will let your physical adapter present itself as a different adapter for each VM, with access to only those LUNs that the virtualized server should see.

Replication and disaster recovery
With so much data stored on a SAN, your client will likely want you to build disaster recovery into the system. SANs can be set up to automatically mirror data to another site, which could be a failsafe SAN a few meters away or a disaster recovery (DR) site hundreds or thousands of miles away.
If your client wants to build mirroring into the storage area network design, one of the first considerations is whether to replicate synchronously or asynchronously. Synchronous mirroring means that as data is written to the primary SAN, each change is sent to the secondary and must be acknowledged before the next write can happen.
While this ensures that both SANs are true mirrors, synchronization introduces a bottleneck. If the secondary site has a latency as high as even 100 to 200 milliseconds (msec), your system will slow down as the primary SAN has to wait for each confirmation. Although there are other factors, latency is often related to distance; synchronous replication is generally possible up to about 6 miles.
The alternative is to asynchronously mirror changes to the secondary site. You can configure this replication to happen as quickly as every second, or every few minutes or hours. While this means that your client could permanently lose some data, if the primary SAN goes down before it has a chance to copy its data to the secondary, your client should make calculations based on its recovery point objective (RPO) to determine how often it needs to mirror.

Disk users looking to add Tape back into their storage infastructure

OVER TWO THIRDS OF DISK-ONLY USERS LOOK TO ADD TAPE BACK INTO STORAGE INFRASTRUCTURE ACCORDING TO RECENT SURVEY

Survey Data Suggests that Most Companies Surveyed Are Migrating to a Tiered Storage Infrastructure of Disk and Tape Deployments

SILICON VALLEY, CALIF. — (March 12, 2008) — HP, IBM Corporation and Quantum Corporation, the three technology provider companies for the Linear Tape-Open (LTO) Program today released survey results that strongly suggest that storage customers that use a disk-only infrastructure are now looking at tape storage technology as part of a tiered storage infrastructure to support backup and archiving. Over two thirds of surveyed businesses said they were looking to add tape storage back into their overall network infrastructure and of those respondents, over 80-percent plan to add tape storage solutions within the next 12 months.

The survey, which was taken in the fourth quarter of 2007, focused on the views of more than 200 network administrators and mid-level tech specialists at mid-size to large companies throughout the United States.

"The integration of tape storage into a tiered information infrastructure is highly strategic for customers, due to its low cost of ownership, low energy consumption and portability for data protection," said Cindy Grossman, Vice President of Tape Storage Systems, IBM. "LTO tape technology is a perfect choice for enterprise and mid-sized customer with its proven reliability, high capacity, high performance and ability to address data security with built-in encryption and data retention requirements for the evolving data center."

According to the survey, 58-percent of the respondents use a combination of disk and tape for long term archiving, 24 percent use tape exclusively, and 18-percent employ a disk-only approach. In this group, 68-percent of the current disk only users plan to start using tape for long-term archiving, and over half (58-percent) plan to add tape for short-term data protection.

"The survey findings suggest that disk-only users may be experiencing a bit of buyer’s remorse," said David Geddes, senior vice president at Fleishman-Hillard Research, who oversaw the study. "We found that a wide majority of companies that employ purely disk-based approaches are looking to quickly include tape in their backup and archiving strategies.

LTO tape technology delivers the backup and archiving features needed by today’s storage administrators, including high capacity, blazing performance, 256-bit drive-level encryption for data security and WORM cartridge support to address data retention needs. With low energy consumption, tape technology can also provide organizations with a green alternative for the data center. Studies have shown that tape-based backup and archiving solutions can deliver substantial TCO benefits and energy savings

The LTO format is a powerful, scalable, adaptable open tape format developed and continuously enhanced by technology providers HP, IBM Corporation and Quantum Corporation (and their predecessors) to help address the growing demands of data protection in the midrange to enterprise-class server environments. This ultra-high capacity generation of tape storage products is designed to deliver outstanding performance, capacity and reliability combining the advantages of linear multi-channel, bi-directional formats with enhancements in servo technology, data compression, track layout, and error correction.

The LTO Ultrium format has a well-defined roadmap for growth and scalability.

Yoggie Introduces the Firestick Pico Hardware Firewall

Yoggie Security Systems Introduces "Firestick Pico" Hardware Firewall
Ultra-Portable USB Device Protects PCs from Broadest Range of Attacks

LAS VEGAS, January 7, 2008 - Taking a page from its own miniaturization playbook, Yoggie Security SystemsTM (exhibiting at 2008 International CES in the Sands Convention Center, Innovation Pod #269) has introduced a unique, ultra-portable USB key-sized hardware-based firewall solution to protect PCs from malicious attacks.

The Firestick PicoTM places a physical barrier between PCs and the Internet to ensure that threats never reach users' computers. Unlike software firewalls, the fire red colored Firestick Pico mini-computer is based on a dedicated hardware platform specifically designed to protect PCs from the most devastating menaces including denial of service, buffer overflow and the broadest range of malicious attacks. It blocks all Internet threats and attacks outside - before they reach PCs or laptops.

The Firestick Pico is a complete Linux-based 300 MHz computer with a dual flash memory mechanism that constitutes an 'untouchable operating system' running an independent firewall application. In addition, each Firestick Pico comes with a complimentary Kaspersky security software suite.
"Yoggie's Firestick Pico brings another choice to end users," said Shlomo Touboul, CEO and founder of Yoggie Security Systems. "While our Gatekeeper Pico offloads all security applications from a PC, the Firestick Pico offloads just the firewall functionality at a much lower cost. This allows different levels of security and a range of price points for discerning buyers who are joining the Yoggie revolution: moving security applications from the PC to dedicated, miniature computers to enhance security and improve PC performance."

With Yoggie's Firestick Pico, road warriors can connect to any unsecured hotspot with the comfort of being completely protected.

About Yoggie Security Systems
Yoggie Security Systems™ established in 2005 by Shlomo Touboul – the inventor of Behavior Based Blocking Technology - is the developer of the world's first hardware-based computer security solution. Yoggie's range of USB key-sized security mini-computers connects to any PC or laptop at home, in the office and on the road - blocking Internet threats outside the host computer and boosting computer performance by off-loading installed security software. Yoggie's products combine best of breed security software with propriety patent-pending developments to provide the most comprehensive all-in-one security technology available to both consumers and corporate users.

Yoggie Security Systems Wins PC Magazines 2007 Technical Excellence Award

Yoggie Security Systems Wins PC Magazine's 2007 Technical Excellence Award
Yoggie Pico Mini-Computer Honored in Security Category

NEW YORK, December 4, 2007 - Yoggie Security Systems™ has won PC Magazines's 2007 Technical Excellence Award for its Yoggie PicoTM, the world’s first hardware-based security solution for laptops and PCs that provides a suite of 12 security applications on a USB key-sized security mini-computer.

PC Magazine's 24th annual technical excellence awards, revealed today in the publication's December 4, 2007 cover issue, as well as online, recognize products, services and industry leaders that have improved the computing industry. The Yoggie Pico took top honors in the security category; winners were also selected in seven other categories - Storage, User Interface, Component, Software, Printing, Wireless and Person of the Year. Winners were selected by the magazine’s editorial staff.

"The Yoggie Pico is revolutionizing how people protect their computers, providing much more security in an easier to use and cost effective way. Using a unique hardware-based Internet security solution, the Yoggie Pico's USB key-sized Linux-based computer is packed with some of the toughest available security applications," said Shlomo Touboul, founder and CEO of Yoggie Security Systems. "It's gratifying that our innovative developments have been recognized by a publication as prestigious as PC Magazine."

By moving the software and the security burden to its own mini-computer, all Internet threats are blocked outside -- before they reach the PC -- and the PC regains resources enabling a performance boost. The Yoggie Pico has simplified "plug and forget" installation and operation, with no special technical knowledge required to produce a seamless security solution without pop-ups and update alerts.
In recent weeks, Yoggie Security Systems has been recognized by a host of other organizations and publications including CES Best of Innovations 2008 - Computer Accessories, Business Week/IDSA Silver Idea Award, Red Herring Global 100 Finalist, RSA 2007 Innovation Award and Network World's ‘Top Ten Security Companies to Watch.'

About Yoggie Security Systems
Yoggie Security Systems was established in 2005 by Shlomo Touboul, founder and former CEO of Finjan Software, and the inventor of Behavior Based Blocking Technology. As a result of countless meetings with IT managers around the world, Mr. Touboul realized they all share a common concern - while security technology has matured to provide robust security, traveling laptops create security holes that jeopardize the security of the entire corporate network. Mr. Touboul decided to dare the impossible, to try to miniaturize all the security appliances found in the corporate server room into a credit-card size device that can be easily carried and connected to the laptop.

The attempt was successful. After two years of intensive research, the world's first miniature security server was created. Putting all the security solutions into such a small device requires robust processing power, and indeed the Yoggie Gatekeeper is as strong as a full-blown Pentium III PC (520 MHz). But unlike a regular PC, it was designed as security hardware, with a hardened operating system and physical separation between the unsafe zone (Internet) and the safe zone (connected to the laptop). Yoggie solved the vulnerabilities of traveling laptops by effectively extending robust corporate security to the mobile and remote workforce. In addition to serving the corporate world, Yoggie security mini-computers are suitable for SMBs and home users.