Business Impact Analysis

Too often today IT backup solutions are designed in the absence of good business continuity/disaster recovery plans. Worst, one technique usually cannot satisfy all requirements and typically is unaffordable.

Organizations need the means to quantify the risks and calculate their tolerance for interruption of services in order to develop cost effective solutions. Which applications need instantaneous recovery and which can come back online in 2 days? What are the interdependencies for those applications? Where will the alternative work location be? How far will your employees need to travel? Will planes be flying?

The answer to these questions lie in a business impact analysis (BIA). The BIA process will collect, analyze, prioritize and identify gaps between capabilities and requirements. Ultimately, the BIA allows the organizations to obtain the focus and funding needed to properly protect its operations from outages and catastrophic impact.

A leader in BIA development is Sungard Availability Services whose process guided by ISO 22301 standards has helped hundreds of organizations develop an effective BIA.

Business Impact Analysis

Total Cost of Ownership

Frequently we see the financial impact of new technology on the budget is not quantified. This leaves progressive engineers and managers unable to justify to their executives why change is beneficial. Without hard facts and supporting analysis inertia leads to doing more of the same…more tape, more storage, more people.

The equipment manufacturers will provide total cost of ownership (TCO) analysis but typically their models are inflexible, contain unexplained results, and tend to be suspected of bias.

Data Protection Advisors delivers a TCO analysis that is completely transparent, focused on hard dollars, and relies on conservative methodologies. Our models are built in Excel and delivered to customers with straightforward computations and formulas revealed. We quantify the hard dollar costs including: hardware, software, installation, training, maintenance, power, cooling, space, bandwidth, off-site storage, and tape cartridges. In this way, comparisons of current costs to potential new technology can be made on the basis of net impact to the budget.

Because of our open format and straightforward formulas, our customers are able to easily change factors to better reflect their current environment and run “what-if” scenarios. We have found that this approach to TCO analysis allows our customers to take ownership of the model and embrace the findings.

Analysis of Total Cost of Ownership
  • Deliverable: Comprehensive TCO Model
  • Duration: Estimated 8 Hours
  • Price: $200 per Hour

Why do an Audit?

The purpose of a Backup Audit is to independently confirm:

  1. Everything that should be backed up is backed up
  2. Verify that data is actually recoverable
  3. Retention policies are correctly implemented and followed

Backup Audits

The audit involves gathering metadata from backup servers, storage targets, System Center or vCenter and DNS servers. A consolidated master list is developed and organized to identify duplicates and omissions. DPA then sorts the master list by application owner and confirms their preference for recovery point, recovery time, and retention period. Findings are summarized and recommended actions are developed. Approved corrective actions are implemented by the customer and status is tracked. DPA then requests and monitors the recovery of selected hosts (whole vm, file system or object) by the customer’s operations. Either a sample or the entire environment can be verified. Recovery results are documented and reported. Retention policies and logs are reviewed. Comparisons are made to requirements. Retention results are documented and reported.

The following backup applications are supported:

  • Symantec NetBackup
  • EMC Networker
  • EMC Avamar

Backup Audit
  • Deliverable:
    • Current Backup Status Report
    • Owner Protection Preference Report
    • Backup Findings & Recommendations Report
    • Corrective Actions Completion Report
    • Master Backup Status Report
  • Duration: 3-5 Days (dependent on size of environment)
  • Price: $250 per hour excluding travel

Why do an Assessment?

Assessments avoid mistakes. They determine the current status of backup: the good, the bad and the ugly. In medical terms, assessments avoid treating the symptom rather than the cause. To avoid mistakes, doctors conduct examinations and order x-rays. The assessment is an x-ray of your backup environment. Without an assessment precious time and money will likely be wasted. Whenever considering new technology, an assessment is a good place to start.

Information about backup jobs (i.e., metadata) is often locked inside files generated by the backup application. Unfortunately, the metadata is not easily deciphered and takes a considerable amount of time to review. This information can be viewed via the backup application itself but generally means viewing it policy by policy, or performing searches of the jobs database. Backup applications do provide tools to export this information but time is required to review and manually manipulate the metadata into useful information. However when unlocked with automated tools, these files contain a wealth of information about backup performance, jobs, policies, scheduling, and retention times. By collecting and consolidating information the metadata can be easily reviewed, analyzed and compared to an organization’s policies to see how the backup environment is performing and whether it is meeting the desired service level. The assessment can also assist in determining problem areas within the environment to investigate.

There are four objectives of a backup assessment:

  1. To determine the current health of the backup environment
  2. To identify ways to improve performance
  3. To identify ways to lower cost
  4. To determine the impact of new technology

On-Site Backup Assessment

The traditional approach used to conduct an assessment relies on running scripts that collect data and then sending that data off-site for review and report generation. While this approach works well for some organizations, others cannot allow their data to leave their site due to security restrictions. Data Protection Advisors understands these security concerns and has developed the ability to collect and generate reports entirely on-site. This allows organization to have a backup assessment performed while maintaining complete control over their data.

To begin the assessment our engineer brings a virtual machine, VM, on a set of DVDs that will be deployed on-site. The VM provides a working environment that is isolated from the rest of the customer environment to process the backup metadata (i.e, data about backup jobs).

Once the VM is deployed the next step is to collect the metadata from the backup servers. The customer is provided with one of two scripts based on the OS of the backup application, a batch file for Windows or shell script for Linux/UNIX. These scripts reside on the DVD. The scripts use the backup application’s CLI commands to export the backup metadata to a set of files. Once the data has been exported the generated files must be copied (e.g. using a CD) to the VM for processing.

The backup metadata remains on the VM and does not and cannot leave the customers environment. Working entirely within the VM, our engineer runs our tool, which imports the data from the files, analyzes the data, preforms the calculations and generates the reports. These reports are analyzed and recommendations are documented in the final Backup Assessment Report. The VM is then deleted and the DVD is destroyed.

Supported backup applications are:

  • Symantec NetBackup
  • IBM TSM
  • EMC Networker


On-Site Backup Assessment
  • Deliverable: Backup Assessment Report & Analysis
  • Duration: 1 Day
  • Price: $2,500 per master server excluding travel
  • View White Paper
Sample Assessment Slide

Longest Average Backup Times
Full Backups per Client

This is a sample slide generated from our On-Site Assessment Tool. This slide shows the clients with the longest backup times for full backups. It helps to highlight clients that may not be backing up properly or within policy windows.

Sample Assessment Slide

Failure Rate
Environment Overview

This is a sample slide generated from our On-Site Assessment Tool. This slide shows every backup job for every client within the recent history. It helps to give a visual overview of the success of a customer's backup environment.

Whenever possible Data Protection Advisors prefers to schedule live demonstrations either in-person or via Webex. This allows us to show real functionality and have interactive discussions with our customers. However, for your convenience click the links below for an on-demand demonstration.

Visual Search Technology

With today's growth in visual media, a solution is needed to automatically index and search images and video. Breakthrough software from piXlogic uniquely addresses this challenge. The software is able to automatically identify faces, objects, and text in images and video. A key investor in piXlogic is In-Q-Tel. The software provides automatic content tagging, enables search via keyword or by image, enables alerting from live video or web crawls, and provides the ability for automated redaction in every frame.

The State of the Art in Visual Search Technology
link to embedded video

This video provides an overview and demonstration of the piXserve software from piXlogic.

VMware vSphere Data Protection

Backup is now embedded in vSphere at no additional charge. It is called vSphere Data Protection (VDP) and is a game changer for backup in virtual environments. The savings from elimination of traditional backup licenses will help drive virtualization throughout your environment.

VMware vSphere Data Protection
link to embedded video

This is a video made by VMware covering vSphere Data Protection.

Oracle Direct Backup to Data Domain

Oracle Administrators can now directly control the backup and recovery of all Oracle data bases. Using Oracle Recovery Manager (RMAN) data bypasses the backup server and writes directly to Data Domain. Backups will complete 50% faster and use 90% less network. No longer is intervention from the backup team required to protect, replicate or restore mission-critcal data.

Oracle Direct Backup to Data Domain
link to embedded video

This is a video made by EMC covering Oracle Direct Backup to Data Domain.

Our customer’s information is one of their most vital assets and often faces stringent security and compliance requirements while in use. However, those requirements also apply to how that information is ultimately destroyed. Data erasure, degaussing and destruction services help our customers meet these requirements by ensuring their information is protected at all times, even after destruction.

One Stop Shopping - Tech Refresh

Data Protection Advisors is uniquely capable of offering a single quote that includes both new technology and secure destruction of old equipment.

With technological innovation driving five year obsolesce cycles, organizations are required to constantly refresh 20% of their storage infrastructure, on average, each year. While the selection of new technology can be complicated, the destruction of the replaced technology is often overlooked. This typically means data is at risk until internal resources can be obtained to ensure secure data removal or destruction, or a separate procurement executed, awarded and scheduled to a third party.

Our one-stop approach provides a fixed cost for new technology, secure destruction of data, and removal of the replaced technology. This allows organizations to avoid the cost and headache of direct investment in destruction equipment, include the cost of data destruction in the capitalized asset, ensure compliance with policy and regulation, and avoid the risk associated with accidental disclosure while replaced equipment is awaiting destruction.

Erasure

Erasure techniques should be used when the objective is to re-use equipment. When data is deleted it is removed from the file system directory but still resides in blocks on the disk. To prevent data from being read again, the data blocks must be overwritten. Depending on the sensitivity of the information, the data blocks can be overwritten with multiple passes (i.e., 1, 3, or 7 times). This takes a long time and places a heavy load on the array or tape system.

Erasure services can be delivered on full arrays and on individual drives after replacement. Full array erasure services are available on EMC, IBM, Sun, Hitachi, HP, and Network Appliance. This service has been verified and validated by an external third party to ensure all data on erased drives is rendered unreadable and cannot be recovered.

Our customers receive a comprehensive report and Certificate of Completion for the specific array and/or drives erased, and the level of erasure achieved.

Degaussing & Shredding
A Superior Solution at the Same Cost

Degaussing and shredding techniques have become best practice and should be used when equipment will not be redeployed. Our Securis solution ensures data is destroyed in a fraction of the time, uses an ultra-secure process, and is completed in an environmentally friendly manner.

Degaussing is the process to magnetically scramble information into random patterns making the data stored unreadable. Our solution uses an industrial degausser that is approved by the National Security Agency and is fully compliant with all National Institute of Standards and Technology (NIST) Special Publication Series 800-88, and the National Industrial Security Program (NISP) Operating Manual (DOD 5220.22-M).

Shredding adds an additional level of protection. It is used when a customer must have their disk or tape destroyed to meet compliance or regulatory requirements. Shredding can be performed on hard-drives, DLT tape, LTO tape, thumb drives, cell phones and other data storage devices.

Shredding when combined with degaussing offers the most comprehensive destruction solution in the industry. The entire process requires less time to execute and is approximately the same cost as erasure.

Example: (64) 1TB drives
Type Hour(s)
Erasure (seven-pass) 128
Degaussing and Shredding 1

Both degaussing and shredding can be done on-site or off-site.

All methods are compliant with NIST 800-88 standards, DoD 5200.22-M data sanitization, HIPAA/HITECH, Sarbanes-Oxley Act, Gramm-Leach-Bliley Act, FACTA Disposal Rule, Bank Secrecy Act, Patriot Act of 2002, Identity Theft and Assumption Deterrence Act, US Safe Harbor Provisions, FDA Security Regulations, PCI Data Security Standard, and all other various local, state, and federal regulations.

All destroyed materials comply with a zero landfill and zero export policy. 100% of each electronic device is recycled. Absolutely nothing is disposed of in a landfill. Absolutely nothing is exported to developing areas such as China, India or Africa.

Do-it-Yourself versus Data Destruction Services

In the past some organizations have invested in their own equipment to destroy tapes and disk drives. This was typically done to maintain control of information security. However, managers often did not realize the time required to review and comply with constantly changing standards and regulations. In addition, the hidden costs were not well understood such as:

Hidden Costs:
  • Training for personnel
  • Amount of time associated with degaussing and shredding
  • Certification of processes
  • Investment in new equipment to comply with emerging standards
  • Maintenance and recalibration costs
  • Disposal of waste (cost, security, environmental impact)

Today audited, compliant, ultra-secure, environmentally responsible services are available on a pay-as-you-go basis from Securis. Service costs are now clearly established and highly competitive to internal costs. Our Securis solutions require no capital investment, no management overhead, and avoid extra burdens of self-certification and compliance responsibilities.


Prices:
Zone Minimum Charge Lead Time ARO
Metro Washington $400 2 weeks
Maryland, Virginia $3,000 3 weeks
Out of Region $10,000 4 weeks

Services that apply to the minimum charge are: $125/hour (including round trip travel from Chantilly, VA) plus device destruction charges.

Data Destruction
  • Deliverable: New equipment installed, data securely destroyed, and old equipment recycled.
  • Duration: 250-1000 drives per hour. Among the dependencies are: whether drives have been removed from equipment; caddies removed from drives, and serial numbers are available for scanning.
  • Price: Individual Custom Basis

Overview

EMC software called Data Protection Advisor (DPA) provides a single view into the status of heterogeneous backup environments. When properly configured the software will collect extensive information from servers, switches, multiple backup applications, tape and storage devices. This allows end-to-end correlation analysis to be conducted for rapid problem determination and comprehensive reporting across the entire backup infrastructure. Basic reports are included with the DPA license. However, many customers desire custom reports for management, service level reporting (SLA), audit, compliance, or chargeback purposes.

Custom Report Types

Data Protection Advisors LLC offers three types of custom reports: simple, advanced, and complex. Simple reports are modifications to standard DPA reports provided with the license. Advanced reports involve the creation of new reports using DPA functions. Complex reports involve the creation of new reports using additional logic and/or external data sources.

Development of custom reports includes setup in our lab of Avamar, Networker, NetBackup, vCenter, and DPA; creation of backup job data; report creation, lab test and debug, and troubleshooting in customer’s environment.

DPA Custom Reports
  • Deliverable: '.wds' custom report file with import and successful execution in the customer’s environment.
  • Duration: typically 1-5 days.
  • Price:
    • Simple Reports - $200/report
    • Advanced Reports - Fixed-price/report based upon scope
    • Complex Reports - $50 per hour
    • All prices exclude travel (if necessary)
  • View White Paper
Sample Custom Report

Percentage of Successful Backups by Server Type
Example Simple Custom Report

This is an example of a simple custom report. This report has been configured to run weekly and report specifically on Symantec NetBackup and IBM Tivoli Storage Manager. The time period is configured for the last week. Additionally the report can be configured to automatically be emailed to any number of email addresses.

Sample Assessment Slide

View of DPA User Interface
Example custom reports have been overlayed

Custom reports can be configured to run automatically on specified objects and for specified time periods. Reports can also be run manually. The charts generated are highly customizable.

Please contact us for any current promotions.