1 White Paper HP Answers SMBs Data Protection Needs Through Simply StoreIT Offerings By Jason Buffington, Senior Analyst; and Monya Keane, Research Analyst July 2014 This ESG White Paper was commissioned by Hewlett-Packard and is distributed under license from ESG.
2 White Paper: HP Answers SMBs Data Protection Needs Through Simply StoreIT Offerings 2 Contents Executive Summary... 3 Introduction... 3 Don t Underestimate the High Cost of Downtime... 4 What Should SMBs Be Planning For?... 4 Virtualization Is the Great Enabler... 4 Don t Settle for Mediocre Protection... 5 Plan for Disk, plus Tape, plus Cloud... 6 HP s Answers to an SMB s Need for Right-sized Data Protection... 6 For Organizations Just Beginning to Modernize Their Data Protection... 7 As the Journey to Modern Data Protection Continues... 7 As Scale Grows and Complexity Increases Across the Organization... 8 Bringing It All Together... 8 Four Things That You Should Do NOW... 8 The Bigger Truth... 9 All trademark names are property of their respective companies. Information contained in this publication has been obtained by sources The Enterprise Strategy Group (ESG) considers to be reliable but is not warranted by ESG. This publication may contain opinions of ESG, which are subject to change from time to time. This publication is copyrighted by The Enterprise Strategy Group, Inc. Any reproduction or redistribution of this publication, in whole or in part, whether in hard-copy format, electronically, or otherwise to persons not authorized to receive it, without the express consent of The Enterprise Strategy Group, Inc., is in violation of U.S. copyright law and will be subject to an action for civil damages and, if applicable, criminal prosecution. Should you have any questions, please contact ESG Client Relations at
3 White Paper: HP Answers SMBs Data Protection Needs Through Simply StoreIT Offerings 3 Executive Summary Small and midmarket organizations depend on their data as much as large enterprises depend on theirs but the right tools for protecting a smaller organization s data are not enterprise tools with reduced feature sets and price tags. Organizations of all sizes need to understand their exposure caused by mediocre protection, and then utilize right-sized technologies that are available in the market today. This paper describes the needs of small and medium-sized businesses (SMBs) for enterprise-quality data protection right-sized for them. The paper also examines the Hewlett-Packard data protection portfolio designed to address those needs, focusing on the technologies offered through HP s Simply StoreIT program. The analysis covers: The distinctive circumstances of SMBs that struggle with modern data protection. Concepts that SMBs should consider and plan for as they engage in modernization efforts. Right-sized HP technologies that contribute to a modern data protection capability. Pragmatic suggestions to help SMBs in their modernization journeys. In general, it is essential to build awareness among business stakeholders regarding the importance of better-thanmediocre data protection. Points should be constructed based on what the impact to the business would be after performing a realistic, even non-optimistic assessment of current capabilities. It is equally important to cast aside any assumptions that midmarket organizations can t afford anything more than a bare-bones solution. Rather, recognize that such organizations cannot afford downtime, lost data, or lost credibility with customers or partners. Introduction When a large enterprise has an IT problem, it typically can summon its own onsite experts to fix it. Midmarket organizations usually don t have specialist superheroes on hand to save the day when issues arise. So, the organization suffers inordinate downtime until a team of IT generalists can figure out the problem. Because such events can be so damaging to productivity/profitability, data backup and disaster recovery are priorities for midmarket organizations. In fact, ESG research shows that improving data backup and recovery was the most-cited IT priority of surveyed midmarket organizations for 2014 (see Figure 1). 1 Figure 1. Top Ten IT Priorities for Midmarket Organizations in 2014 Top 10 most important IT priorities for midmarket organizations (100 to 999 employees) over the next 12 months. (Percent of respondents, N=213, ten responses accepted) Improve data backup and recovery Increase use of server virtualization Information security initiatives Desktop virtualization Manage data growth Data center consolidation Bring-your-own-device (BYOD) policy Business continuity/disaster recovery programs Major application deployments or upgrades Improve collaboration capabilities 22% 21% 21% 23% 23% 28% 27% 31% 34% 38% 0% 5% 10% 15% 20% 25% 30% 35% 40% Source: Enterprise Strategy Group, Source: ESG Research Report, 2014 IT Spending Intentions Survey, February 2014.
4 White Paper: HP Answers SMBs Data Protection Needs Through Simply StoreIT Offerings 4 It is much more efficient for midmarket organizations to address backup challenges by making minor investments in better technologies and thus avoid major expenses due to downtime. Don t Underestimate the High Cost of Downtime Companies of any size, and the people working at them, rely on their data. While real data protection solutions certainly aren t free, they are extremely inexpensive compared with the cost of downtime. Consider, for example, a 50-person service-based company with an average annual salary of $60,000 (US) per person: Each person earns an average of approximately $30/hour, equating to $1,500 per hour across the organization, regardless of whether the employees can be productive or not. That 50-person company might generate $8 million per year, or $4,000 per hour, through productivity. Adding those amounts together, it appears that the simplified cost of downtime even for this small organization could be $5,500 per hour. Now consider a typical server outage: Failures of servers without modern data protection capabilities can, on estimate, result in a loss of ½ a day s worth of data (assuming that the server could fail in the morning with near zero data loss, or at the end of the day causing a full day s loss). Hence, an average of ½ a day s worth of work is lost, and much of it will need to be recreated = 4 hours lost. Failed servers without built-in resiliency need most of a business day (best case) to be recovered = one day of limited productivity = 8 hours lost. Putting it together, a single outage per year can cost $66,000 (12 hours at $5,500 per hour). This model is admittedly oversimplified. Perhaps the organization doesn t come to a complete stop but is instead just significantly encumbered while or file services are offline. In that case, encumbered might translate to half productive, resulting in an outage costing $33,000 instead. Of course, your numbers will differ from the example, but the formula and ideas for customizing this cost model can help you quantify your own company s downtime costs. 2 Beyond raw downtime, consider the customer satisfaction that is lost when a company must admit, We can t pull your record up right now, not to mention the decreased morale internally due to downtime impacts and being forced to recreate data that went missing due to an IT calamity. What Should SMBs Be Planning For? Acknowledging that doing nothing (or doing something inadequate) will cost your organization significant money, here are some suggestions to help you improve data protection and maintain organizational productivity: Virtualization improves your ability to protect your data because your servers and services are encapsulated within VMs that provide a more thorough protection capability and increase your restoration agility. Modernizing your data protection mechanisms yields more successful backups, more reliable restores, and more flexible recovery capabilities. Virtualization Is the Great Enabler Virtualization is a journey that every business environment should be on: Some organizations are just beginning the journey by consolidating their underutilized servers or adding new servers/services without adding incremental hardware. Other organizations are evolving beyond consolidation toward an agile infrastructure the kind that gives midmarket organizations the same flexibility regarding new capabilities that large enterprises desire, albeit in smaller configurations that make sense. 2 Source: Wiley Press, Data Protection for Virtual Data Centers, Jason Buffington, 2010.
5 White Paper: HP Answers SMBs Data Protection Needs Through Simply StoreIT Offerings 5 Regardless of where you are in the virtualization journey, recognize that beyond operational and capital benefits, virtualization enhances your ability to protect your data, and thus, your business. Those benefits are so tangible that most environments should continue or accelerate the virtualization journey (unless a technical reason such as accessing a USB security key or other peripheral exists) to the point that eventually, every server is virtualized even those single-function file servers at small offices. VMs really can be much easier to protect. You can easily move a VM from an older or debilitated hardware platform to a newer platform or alternate location (even a cloud provider s location). Those actions aren t possible, much less easy, if you run your applications or services on non-virtualized systems. Thankfully, both VMware and Microsoft (through Hyper-V) have economical offerings that provide either a free hypervisor (so you can move your existing OS into a VM) or affordable virtualization solutions designed for midmarket IT and branch office implementations. A little extra effort to virtualize your server(s) now will yield higher uptime and more recovery agility when you really need it. That being said, be sure to develop your virtualization and protection strategies to complement each other. As Figure 1 showed, virtualization and backup are both key priorities that repeatedly appear adjacent to each other in ESG s annual IT priority surveys. Avoid deploying new virtualization technologies without considering the data protection ramifications or benefits. And, vice versa, don t alter a data protection environment without assessing the possible effects on ongoing virtualization efforts. Trying to reduce your capital-cost outlays through virtualization without ensuring adequate protection will bring a reduced net result. It s like putting all of your eggs in one basket when that basket isn t reliable or protected. (Notably, the HP Simply StoreIT program includes solutions for virtualization that are tailored to the needs of SMBs.) Don t Settle for Mediocre Protection Many people assume that the gap between robust, enterprise-quality data protection and what SMBs can afford is insurmountable. The assumption is incorrect. Don t trust the protection of your data your business s most precious asset to scripts, copy jobs, or applets. When selecting a solution, look for these capabilities: For virtualization protection, protection solutions for VMware should leverage the VMware API for Data Protection (VADP) to ensure reliable backups and recoverable data. Similarly, protection solutions for Hyper-V must leverage Microsoft Volume Shadow Copy Services (VSS), again to ensure reliable backups and recoverable data. Item-level recovery (ILR) is a key capability for both physical and VM-centric data protection solutions. Being able to restore whole servers after dire events may be why you originally bought your backup solution. But in practice, granular recoveries are far more frequently needed. If you haven t utilized ILR in the past, you and your users will wonder how you managed without it but be aware that not all backup software does ILR well. Deduplication saves you far more than it costs, period. The intelligent discernment regarding when to transmit new blocks versus when to discard what is already protected can happen within the storage solution, within the backup server, or within the agent/proxy on the production platform. Such flexibility is a good thing. Typically, though, the most effective deduplication happens as close as possible to the production workload using agent/server approaches (versus occurring in deduplicated storage). And the most effective dedupe requires a well-integrated combination of software plus hardware. Integrated backups, snapshots, and replication offer considerable recovery agility. Each method has its own benefits i.e., an ability to access previous versions, rapid rollback, and distance-based recoverability respectively. The best solutions utilize integrated hardware and software so that you won t have to manage three separate tools within what should be one data protection strategy.
6 White Paper: HP Answers SMBs Data Protection Needs Through Simply StoreIT Offerings 6 Appliances (physical and virtual) can significantly accelerate the adoption and deployment of IT technologies for data protection. Small offices can protect themselves without necessarily having to add hardware, while multi-site environments can replicate from smaller virtual appliances to larger physical ones or to a cloud provider s hosted solution. Predictable performance of backups and restores is going to be key to any SLA-related negotiations between the backup administrator and the various business/application stakeholders. Test your recovery methods routinely so that you can provide real-world RPO and RTO estimates to constituents. Never assume that vendor-published backup speeds (if available) are at all indicative of performance during restores, or vice versa. Plan for Disk, plus Tape, plus Cloud Recognizing that a variety of software is available to support and strengthen your data protection strategy, take a close look at the medium that your data of last resort will live on: Disk Disk-based storage for backup (and sometimes for archiving as well) is the ideal medium for many data protection scenarios. It often boasts deduplication, compression, and replication capabilities that enable a broad range of recovery scenarios for midmarket organizations, in form factors and prices that are right-sized. Modern backup software is designed with a disk-first approach, making the combined solution simple to deploy and reliable to use. Specifically, for first-tier recovery in most environments, disk is the best medium including server-/appliance-based internal disk and deduplication storage arrays. Disk s ability to continually deduplicate and compress redundant data over a long period, along with its granular recovery performance, make it a recommended cornerstone of most data protection strategies. Tape Modern tape solutions, including standalone drives and robotics, still undeservedly suffer from the tape stigma that arose decades ago. These days, LTO drives are capable of a level of performance that most single servers will struggle to feed fast enough, while providing a very inexpensive way to store a significant amount of data. Tape data also has a shelf-life of many years, and tape allows users to store or transport data easily to a vault, secondary office, or even to an autoloader set up in a small business owner s home. Thanks to innovations such as the linear tape file system (LTFS), which lets a tape cartridge be mounted and accessed as easily as a USB thumb drive, tape will continue to have a place in a wide variety of organizations. With reliability solved in modern tape offerings, and recognizing tape s affordable, appealing $/GB profile, tape solutions can be an effective complement to many data protection strategies. Cloud Data backup and disaster recovery are two of the most commonly sought cloud-service scenarios encompassing laptop/endpoint protection, file-sharing/collaboration, and offsite secondary repositories. For many, the easiest solution is simply to take advantage of the current backup software s or hardware s capability to replicate an additional copy of data to a cloud provider. Several ways exist to get to the cloud for data protection, and ESG expects that the cloud will continue to be a hot area of innovation for years to come. HP s Answers to an SMB s Need for Right-sized Data Protection Hewlett-Packard is one of the very few IT vendors that offers a comprehensive portfolio of data protection capabilities that span production servers and primary storage, through traditional backup/archive capabilities, into secondary storage, and extending to cloud and tape solutions. Portfolio components that are especially applicable to the needs of small and midsize businesses include: HP servers standalone, rack-mount, and blade-server configurations. Primary storage products such as the HP Modular Smart Array (MSA), the HP StoreVirtual Storage (scale-out storage for virtual environments), and the HP 3Par StoreServ tier-1 storage platform.
7 White Paper: HP Answers SMBs Data Protection Needs Through Simply StoreIT Offerings 7 HP Data Protector backup software and HP Consolidated Archive software. HP StoreOnce disk backup and deduplication storage. HP StoreEver tape drives and libraries. HP Helion Cloud services. To understand how many of these product lines provide data protection options that have been right-sized for SMBs, one should look specifically at the offerings that HP calls its Simply StoreIT program. To put the products into perspective, recognize that maturing your IT infrastructure and strategy is an evolution that is often accomplished as a multi-phase approach, described by HP as: Starting Out Building Momentum Building Expansion. For Organizations Just Beginning to Modernize Their Data Protection With a storage-centric perspective on accelerating the modern SMB IT infrastructure, HP starts with modern tape and disk: Standalone Tape Drives Although tape may have been a coarse word 20 years ago, modern LTO-6 drives represent a mind-blowing evolution beyond those archaic offerings. LTO-6 drives can often outperform the I/O channels of single-backup-stream solutions, with LTO cartridges having failure rates (MTBFs) that are actually better than single hard drives. And as mentioned earlier, innovations such as LTFS enable administrators to mount an LTO tape cartridge as easily as one accesses a USB thumb drive with drive-letter access, a clear directory structure, and drag/drop usability. HP s tape solutions start with its HP StoreEver LTO Tape Drives, and then continue with autoloaders and libraries. Disk-based Backup Targets While modern tape solutions provide robust long-term storage, many environments have standardized on disk-based backup repositories to leverage disk s deduplication and compression benefits. For smaller organizations and those first discovering deduplicated disk storage, HP offers its HP StoreOnce Virtual Storage Appliances (VSAs) as an entry into deduplicated disk storage without involving immediate investment in a new hardware device. VSAs are deployed as virtual machines within an existing infrastructure but offer the deduplication savings typically found in expensive physical appliances. As the Journey to Modern Data Protection Continues Keeping in mind ESG s guidance to plan for disk plus tape, SMBs requiring more than standalone LTO drives have multiple options: Tape Autoloaders Providing significantly increased overall capacity, HP StoreEver LTO Autoloaders wrap the standalone tape drive with multiple cartridges and robotic automation, so that larger organizations can gain the benefits of modern tape solutions and midsize organizations can run for days or weeks with minimal to no tape rotation or media management. Deduplicated Disk Appliances Scaling beyond the virtualized VSA offering (while boasting the same underlying technologies), HP StoreOnce 2000 and 4000 Series Backup Systems provide robust storage that works with a range of data protection software offering enterprise capabilities right-sized for SMBs that are modernizing their IT infrastructures. As dedicated assets, the StoreOnce deduplication appliances reach very high speeds for data ingest (backups) and restores, as well as a guaranteed 3 20:1 deduplication ratio. In general, deduplication right-sized for SMBs should be of particular interest to any smart SMB IT organization trying to move away from the too-common practice of backing up to raw disks. Unfortunately, many SMBs still justify that approach as a cheap, good-enough alternative to deploying specialized devices. 3 Source: HP, StoreOnce Get Protected Guarantee
8 White Paper: HP Answers SMBs Data Protection Needs Through Simply StoreIT Offerings 8 As Scale Grows and Complexity Increases Across the Organization As environments continue to grow in size and complexity, IT decision makers may want to evaluate the data protection storage offerings that HP has adapted to meet such demands: Advanced Tape Libraries built to deliver the long-term retention benefits of tape to SMB organizations at the larger end of the scale, HP StoreEver MSL Tape Libraries offer greater automation and are more scalable than autoloaders something important to think about whenever one considers implementing a tape library. Distributed Deduplication Disk Systems by utilizing a common deduplication mechanism called HP Catalyst, all HP StoreOnce Backup Systems can move data between them while the data remains in its deduplicated state. The systems also provide backup applications 4 control over backup, replication, and recovery from any StoreOnce appliance at any site, which greatly simplifies backup administration. As organizations grow, larger HP StoreOnce systems can be deployed at the primary data center, while remote offices can utilize HP StoreOnce VSAs. An organization can continue to replicate data in deduplicated form to a larger StoreOnce system using low-bandwidth links, resulting in cost savings. HP also offers Federated Deduplication technology: Federated dedupe enables HP Catalyst-enabled backup software, virtualized HP StoreOnce VSA devices, or any HP StoreOnce appliance to deduplicate data. That data then remains deduplicated and replicable between sites or to a cloud provider. Bringing It All Together Built from experience in enterprise data protection goals, but with midsize organizations in mind, the HP StoreEver (tape) and StoreOnce (disk) product lines offer SMBs scalable options for data protection storage again aligning with ESG s guidance on what SMBs should be planning for (or refraining from), namely: Don t settle for mediocre protection either in software or storage. The era of batch scripts and built-in backup utilities talking to generic storage is over. Whether you prefer modern tape for its long-term durability and performance or modern disk for its deduplication and replication capabilities, don t settle for generic storage that doesn t add value or agility to your protection and recovery processes. Virtualization is the great enabler from a production perspective as well as in the way it can provide new protection and recovery alternatives. But modern virtualization relies upon equally modern servers and storage to provide a strong foundation. Plan for tape, plus disk, plus cloud to address the long-term preservation requirements that arguably are best served by tape, along with the efficiencies and agility offered by disk, and the secondary facilities and DR enablement that is offered by the cloud. Plan to leverage all three until the business goals (not the technical preferences) determine that the options can be consolidated. Four Things That You Should Do NOW Right-sized data protection is achievable, and solutions exist that meet organizations needs for reliability, simplicity, and affordability. Now, here are some next steps to consider and pursue: 1. Build awareness among business stakeholders regarding the importance of better-than-mediocre data protection. Regardless of organizational size, any modernization discussion should start with understanding the business units goals and data dependencies, followed by an assessment of your current capabilities (which will almost assuredly be discovered to be insufficient to the business goals). Only after achieving a common understanding of the gap between technical capabilities and business requirements will you be able to truly address modernizing your data protection and overall IT infrastructure. 4 Supported by HP Data Protector, Symantec NetBackup, and Symantec Backup Exec.
9 White Paper: HP Answers SMBs Data Protection Needs Through Simply StoreIT Offerings 9 2. Continue or accelerate your virtualization journey. Do it for the operational benefits you ll immediately gain and for the data protection agility that also comes from virtualization, including whole-machine protection and portability during unplanned interruptions and planned migrations. And, wherever you are in the journey, ensure that the virtualization protection-specific capabilities you deploy provide reliable protection using hypervisors APIs, application-aware protection and recovery, and the ability to do granular recoveries (i.e., files from within a VM). 3. Modernize your data protection media, including considering both contemporary tape (LTO-5 or LTO-6) and deduplicated disk either or both should yield new efficiencies in storage, improved protection, and better recovery times. Start by testing your recovery speeds and assessing your backup windows: You ll probably discover some areas that need improvement. 4. Get your data out of the building, either to a secondary self-managed facility or to a cloud-based service. Even if you don t have a grandiose BC/DR strategy or toolkit, an additional copy of your data in a separate location can mean the difference between your business surviving or shutting down in the event of a crisis or outage. The Bigger Truth SMBs deserve enterprise-caliber data protection, but they can t afford to buy enterprise products with enterprise price tags and enterprise complexity. Even though your data center may fit in a closet or a small office, you don t need to settle for inadequate protection. Because midmarket organizations depend on their data but don t have a team of IT superheroes waiting in the wings, they arguably need even better data protection. In other words, SMBs need enterprise-quality data protection, right-sized for them. To be clear, most midsize organizations underestimate the level of protection that they need, similar to how many individuals underestimate their long-term financial preparedness. That analogy continues with the recognition that by continuing to remain underprotected, midsize organizations risk catastrophes that could have been avoided by making just a few strategic changes. The good news is that vendors of traditionally enterprise technologies are answering the call by right-sizing their hardware and redesigning and recreating the management/user experience to accommodate the IT pro generalist whom most midmarket organizations rely upon with the result being data protection that is reliable, affordable, and easy to use. HP is a hallmark example of a vendor that has not only right-sized its technology offerings, but wrapped them within programs such as Simply StoreIT that make it easier for SMBs to understand, acquire, deploy, and successfully operate/manage a modern IT infrastructure.
10 HP Pub No. 4AA5-1360ENW 20 Asylum Street Milford, MA Tel: Fax: