Chapter 16 Content Based Planning Methodology

Transcription

1 Chapter 16 Content Based Planning Methodology

2 322 - Content Based Planning Methodology This chapter will focus on a content based design approach for business data that takes into account disaster recovery, data availability, and data preservation strategies. This chapter will not only focus on Simpana software strategies, it will focus on other methods to meet SLA s including hardware and appliance based solutions that can integrate with Simpana software. This chapter will focus on these main concepts: Meeting SLA s for disaster recovery, data recovery, high availability, and data preservation. Understanding and designing solutions for business system dependencies. Addressing protection needs and current capabilities and performing Gap Analysis to improve SLA s or adjust requirements. Design strategies to provide comprehensive on-site, off-site and archiving protection. Survey Environment Some CommVault administrators make a fundamental mistake by building storage policies before they really understand what they do and what their business requirements actually are. Fortunately, many policy configurations can be modified, though changing configurations can come at a price. Before you begin building storage policies a thorough survey of all business systems should be conducted. The best way to perform this would be to meet with key business system owners to determine protection requirements and to conduct inventories of your infrastructure. This in the real world rarely happens. Usually when CommVault engineers arrive on-site, little information is available to configure policies. Taking these situations into consideration, this chapter will not only work on building policies from scratch, but also modifying existing policies. Another issue when assessing environments is the lack of cooperation from the other side of the wall. On the business end, people are hesitant to make decisions, especially when it comes to data protection. Unfortunately, the CommVault administrator becomes the scape goat when disaster strikes and data is lost. Getting people to sign off on policies can be difficult, if not impossible. This situation is also taken into account and some methods of dealing with these scenarios are provided.

3 Content Based Planning Methodology Detailed flow for survey phase illustrates the level of detail that can be documented when performing in-depth analysis of the production environment. This level of detail not only assists in designing a CommCell environment but also is important when considering an overall disaster recovery strategy.

4 324 - Content Based Planning Methodology Identify Business Systems When designing data protection strategies it is important to assess entire business systems, not just servers. In today s data centers it is very common for business systems to have many components including backend servers, front end servers, storage resources, and network resources. All these components should be looked at as a whole to properly define protection requirements. Example: Viewing business systems from the owners view may be different from the view that IT has. The following chart illustrates several business systems that have a common backend database. Though the database server is a single system, each business system may require separate protection requirements. Business System Purpose Value Owners Backend Resources Payroll Sales Tracker HR database Track employee payroll Track all sales leads, activity, and historical sales data Maintain records on all current and past employees 4 Finance MS-SQL 3 Sales MS-SQL 2 Corp MS-SQL Identify & Classify all Components of Business System When surveying the business environment all the components that make up a business system should be analyzed. Who owns the system, its value to the company, the cost of downtime, the cost of recreating data, cost of data loss, servers it runs on, storage it uses, networks it relies on, etc Each component should also be classified as IT or business. Each classified component may require different protection and retention methods. Business Classification Data whose primary purpose is to directly support business functions is classified as Business Data Types. This would be the actual data being managed for business purposes such as , financial databases, home folders, or web content. If this data is lost, it could cost thousands or even millions to recreate if it can be recreated at all. Although IT may manage the servers, the data owners are ultimately responsible for the business data. DBA s, managers, Chief Officers, VP s all invest a lot of time and money to build or purchase business systems which make their work more efficient and more profitable. The loss of the data on these systems could be catastrophic. Rebuilding a database server is easier than recreating a lost database. Business systems may require different

5 Content Based Planning Methodology protection requirements than the core IT data on that same system. Compliance requirements may also require the data be kept for long time periods, encrypted, placed on WORM media, etc Business data can be an entire system or component of system (e.g. critical database running on a database server or a sales tracking system in SharePoint). Business data can be containerized into subclients. These will be used to determine different SLA s for different business systems. IT Classification IT data classifications include operating systems, system databases, domain controllers, DNS servers, etc... This data does not directly serve a business purpose but it is the foundation in which business systems run. The primary purpose of protecting IT data is for Disaster recovery purposes. For example, a database server has a system database, some configuration files, and an underlying operating system which all qualify as IT data. There is also a financial database that runs on the server which is classified as business. This system may require different protection and retention methods that will be defined by its owner. IT systems that support business systems. Dependencies required for business system to function. o Domain controllers. o Network configurations including: routers, switches, VPN, and SAN configurations. o Front end and back end servers. The following diagram shows the division of data on a database server into IT and business classifications. The different data can be defined in separate subclients and managed based on storage, retention and destruction policies.

6 326 - Content Based Planning Methodology Granular Classification of Business Data Depending on protection and recovery requirements, business systems can be divided and categorized to meet very specific requirements. An server would be classified as both IT and business. It must be protected for disaster recovery purposes, which is primarily a function of IT. The ability to recover or preserve specific mailboxes or data stores will be associated with business classifications. Using Simpana agents and subclients, different data can be containerized and protected to meet both business and IT requirements. This will add a level of administrative complexity but will allow the administrator to implement solutions to meet business requirements. Example: An Exchange server is being protected for business and IT. The database and file system are protected to disaster recovery purposes. A Mailbox idataagent is used for granular backup and recovery of Sales and Management mailboxes. Management and Executives mailboxes are journaled and protected with the Compliance idataagent. All journaled messages are also content indexed for ediscovery purposes. Data Classification Requirement Protection Method Exchange operating system IT DR protection File System idataagent Exchange database IT DR protection Exchange Database idataagent Sales & management mailboxes Business Provide fast recovery for deleted / lost messages Exchange Mailbox idataagent All management and executives Business Provide message preservation and discovery for ALL messages Exchange Compliance Archive idataagent and Content Indexing Understand Value & Protection Requirements The value of a business system will determine protection requirements. Mission critical business systems will have shorter Recovery Time Objective (RTO) and Recovery Point Objective (RPO) values. Financial and communication data may have longer retention and data preservation requirements. Each business system should be looked at granularly and protection requirements should be defined.

7 Content Based Planning Methodology The following chart illustrates protection requirements for an Exchange server. OS data and Exchange databases are protected primarily for DR purposes and have an IT classification. Managers and Executives mailboxes and journal mailboxes are protected for business and compliance reasons. Each business component is defined separately and assigned classification and priorities. Server Data Protection Classification Data Type Priority 1-4 Data Center Location Server Location DC_Exch1 File System IT Windows 3 Main Center / Corp Physical Exch_1 DC_Exch1 Database IT Sales and Managers DC_Exch1 mailboxes Business Manager and executives DC_Exch1 Journal Business Exchange DB store 2 Exchange mailboxes 4 Exchange Journal MB 4 Main center / corp Main center / corp Main center / Corp Physical Exch_1 Physical Exch_1 physical Exch_1 Determine Service Level Agreements Service level agreements are used to establish protection and recovery windows and acceptable amount of data loss within those windows. Recovery Time Objectives Recovery Point Objectives Retention Requirements o On and off site disaster recovery o Data recovery o Data preservation and compliance copies Prioritize Data Type Set priorities for different data types to establish its value to the company. For data protection the priority levels will affect scheduling times, job priorities, and performance tuning to provide higher priority jobs with adequate resources. For recovery, a high priority data type can ensure certain business systems become available before others. An example would be dividing databases into different subclients. Group higher priority mailboxes into smaller databases on the mail server and lower priority mailboxes into other databases. Consider a mail server recovery time if the total size of all databases was 600GB with mailboxes thrown into different databases with no rhyme or reason. Now consider that same server with the highest priority mailboxes in a small dedicated database about 60GB in size. The high priority database can be recovered first and the lower priority databases recovered later.

8 328 - Content Based Planning Methodology Protection Windows Operation windows will be different for different data types and different servers. Using CommVault software different parts of a server can be backed up at different times. Some data types such as databases may require short protection windows if the database has to be placed in an offline state in order to back it up. Knowing protection windows can also assist in determining the best methods for protecting data such as using snapshots instead of traditional backup. Recovery Objectives Recovery objectives are based on time to recover (RTO) and acceptable amount of data loss (RPO). These numbers determine the Service Level Agreements (SLA) for business systems and data. Recovery Time Objectives determine the length of time a business system can be down. This can also include Mean Time to Repair (MTR) and Maximum Tolerable Downtime (MTD). Recovery objectives should be based on business systems and not servers. Recovery Point Objective determines the acceptable amount of data loss. The more frequent protection operations are run, the shorter the RPO will be. Each protection point; through traditional backup, log backup, or snapshot creates recovery points. Understanding the business data, the value of the data to the company, the cost associated with recreating it, or the cost to the company if the data cannot be recreated should factor in to the RPO value. More valuable data can be protected on more regular intervals and less valuable data protected on longer intervals. For the most valuable data protection options such as log shipping, snapshots or replication can be implemented to further reduce the RPO. The last person who should determine protection requirements and methods should be the backup administrator. Owners of the data should be consulted to gather as much information about the data so appropriate protection strategies can be designed and implemented. Meet with all key personnel to determine requirements for protecting the data. This may include system administrators, managers, DBA s, and auditors. Address SLA requirements and assess current protection methods. Analyze requirements and capabilities and determine whether protection methods must be altered or SLAs must be readdressed. This will ultimately come down to cost. The Risk Assessment chapter will focus on this concept in more detail.

9 Content Based Planning Methodology Sample table showing an Exchange server with different IT and business components. Each component has and RTO and RPO associated with it along with the current protection methods. Server Data Recovery Time Objective Recovery Point Objective Online / Offline Protection to Meet Objectives DC_Exch1 File System 8 hours 24 hours Weekly Full Daily Inc DC_Exch1 Sales Mail Database 8 hours 24 hours Nightly full backups DC_Exch1 Users Mail Database 24 hours 24 hours Nightly full backups DC_Exch1 Managers + mailboxes 2 hours (2 month) 24 hrs after 24 hours Nightly mailbox backups to disk target for recovery requests DC_Exch1 Manager + Journal 1 hour (6 month) 24 hrs after 24 hours nightly compliance backup Identify Retention Objectives for Each Data Type Retention objectives should be based on the three primary reasons for protecting data: Disaster Recovery, Compliance, and Data Recovery. Disaster recovery retention requirements are best to be handled by IT and should be based on how many complete sets or cycles should be kept. Compliance copies are usually point in time copies such as month end or quarter end and the retention should be based on how long the data needs to be kept for. Data Recovery may include all protected data within a time period (full and incremental) and the retention should be based on how far back in time data can be recovered. Retention times can be customized for different business data types. For example, on an Exchange server there is a data recovery requirement for regular users to recover a deleted message for 60 days, but for sales people the requirement may be one year. By creating these different business data types, different retentions can be set to meet business requirements. The table on the following page illustrates different business and IT requirements for protecting data in primary, near line, and offline (off-site) retention requirements. These values make up retention requirements for DR, data recovery, and data preservation/compliance copies.

10 330 - Content Based Planning Methodology Server Data Protection Method Primary Target Primary Retention Near Line Target Near Line Retention Off Site Target Off Line Retention Archive Target Off Line Retention DC_Exch1 File System File System ida Dedupe Disk_1 14 days N/A N/A LTO 4 tape 14 days N/A N/A DC_Exch1 DC_Exch1 DC_Exch1 Exchange Database Managers and sales mailboxes Manager and executives Journal Exch DB Agent Exch mailbox Agent Exchange Compliance Archive Dedupe Disk_1 14 days N/A N/A Dedupe Disk_1 Dedupe Disk_1 2 months 6 months LTO 4 tape 1 month N/A N/A LTO 4 Tape 1 years N/A N/A N/A N/A LTO 4 Tape 2 Years N/A N/A LTO 4 Tape EOQ 5 Years Data Destruction Policies Once data exceeds its useful lifecycle, destruction of that data may be required. This is one of the most overlooked aspects of data protection. Proper data destruction policies are essential for meeting company and government compliance requirements. Several Simpana features can be used to assist in meeting data destruction requirements: Mark media to be erased can be used to mark a tape to be erased after all jobs exceed retention on the tape. Erase media jobs must be scheduled for each tape library where data should be destroyed once it exceeds its useful lifecycle. Disable Managed Disk Space. For disk libraries, managed disk space is used to maintain data in storage beyond its retention requirements. Disable this option in the Retention tab of the storage policy copy if you do not want to use this feature. Note that this option is enabled by default. Erase Data is a licensed feature which allows the granular logical deletion of data within a job. This option is enabled in the General tab of the storage policy properties. Note that this option is enabled by default and any media written to an erase data enabled policy cannot be recovered with Media Explorer, the Catalog option, or Restore by Job. VaultTracker policies and reports. These reports are critical when tapes are being stored off-site. Before the data can be destroyed the tapes must be recalled. Using Due Back VaultTracker policies you can run reports on tapes that have exceeded retention and must be destroyed.

11 Addressing Unrealistic Requirements Content Based Planning Methodology What do you think most people would consider the most important business system? In most cases it s one of two things, their system or . Regarding , it is a communication method and should be high on a priority list for recovery. Of course recovering a communication method versus recovering users are two different things. This is an example of business and IT systems. If the sales department wants their accessible within one hour of disaster, well that might be improbable, but resuming communication on the other hand can be done in a short time period. When an owner of a critical business system proposes unrealistic requirements, it s important to understand that in most cases they do not understand the capabilities and limitations of technology. Providing details on capabilities for protection beforehand can not only help to avoid unrealistic expectations but also assist the business system owners in better understanding what it is you can do for them. Again, they don t know the technology so acting as a liaison between business and IT to narrow the gap can be mutually beneficial. Another method to alter unrealistic requirements is to propose solutions and related company costs. This could quickly change minds when they fully understand what it would take to accommodate their requirements. Always consider that maybe their requirements are realistic. If a financial system loses 15 minutes worth of data and the cost to the company would be estimated at five million dollars, then the benefit in a larger investment could be well worth it. Using Default Policies Another approach to determining business system requirements is to present it in a multiple choice manner. Don t ask them what they want, show them what they can have. Policies can be predetermined by IT and upper management. Once agreed to, business owners can be presented with the options. I have seen this becoming more common recently and it makes the decision making process much easier. The benefit of this is to align everyone into a more simple structure. The power behind this is that if custom requirements are needed, policies can be modified by adding secondary copies or creating new policies for the custom requirements.

12 332 - Content Based Planning Methodology Gather Technical Data Physical location of each component of the system. Server location within physical or virtual environment. Current data size and projected growth. Once the data has been classified, technical information must be gathered. Technical statistics in a well-organized and documented environment can be gathered through reports, documentation, and system analysis. Location of Data The location of data relative to storage can greatly affect the performance of data protection operations. Is the data direct attached, network attached, SAN attached? Is the data on a physical or virtual server, local or remote location, local subnet, remote, accessed over a VPN? All of these questions can affect the solution to protect the data. Snapshots might be better than traditional backups; replication may be better than relying on someone at a remote location to swap tapes, or locating a media agent in closer proximity to the data to avoid too many router hops can be critical decisions in providing adequate protection for data. Size, Change and Growth of Data Understanding current and future storage capacity needs is essential in determining where data should go, how long it can stay there for, and whether or not additional investment in storage is required. Predicting and trending growth expectations can be accomplished through historical reporting and analysis tools. Estimating growth requirements can allow you to anticipate storage requirements which may alter your purchase decisions for more hardware or persuade decision makers to go with more efficient storage methods such as deduplication. Not planning for future requirements can result in adjusting protection requirements to fit capacity needs. That change in policy could have negative effects on you and your company later on down the road. System & Business Dependencies This may be one of the most overlooked aspects of providing adequate protection for data. The simplest example would be protecting an Exchange server but not protecting your Domain Controller. The thought might be We have so many domain controllers, we don t need to protect them. Then active directory becomes corrupt or a full site disaster destroys all of your DC s. Your dependency required to rebuild your Exchange server is now unavailable. Granted this is an extreme example but it should be noted that dependencies and the time it takes to rebuild them will have an effect on your recovery objectives. All system dependencies should be considered for all business systems. Business dependencies can also be important. Consider the CFO who is the only person who knows a critical password which will be required before a system can be rebuilt. Consider a Web provider who must perform actions on their end so remote users can access a database on your end. The point is, when it comes to system dependencies you should leave no stone unturned. Figure out every dependency within your environment for each system.

13 Content Based Planning Methodology Production & Storage Infrastructure Where production data is located and its proximity to protected storage will play a large role in designing storage policies. The following section addresses the three key aspects of infrastructure: Production data location. Library configuration and placement. Data paths from production to storage. Production Data Location The location of production data should be taken into consideration when planning Media Agent placement and storage policy design. Large amounts of data being transmitted over a production network can not only slow down backup performance but also inconvenience end users (not to mention frustrate network administrators). Take the following into consideration for addressing the location of production data: Direct attached data will require movement over the network when backing up data. If possible consider multi-homing the server and connecting it to a dedicated backup network. SAN attached data can be protected using a LAN Free path if a Media Agent is installed directly on the Client. Consider using this approach when large amounts of data require protection. Network attached storage can be backed up over the network or directly into a SAN if the NAS device is capable of SAN integration. The Simpana software supports either method. Remote data can either be backed up over a WAN or a Media Agent can be installed at the remote location. Using Simpana deduplication with client side deduplication would be the best method for protecting data over the WAN using minimal bandwidth. If a Media Agent is at the remote location, using Simpana deduplication and DASH Copy will allow data to be Auxiliary copied over the WAN using minimal bandwidth.

14 334 - Content Based Planning Methodology Diagram illustrating production data location. Library configuration and placement The location of libraries and their proximity to production data and Media Agents should be considered when designing a CommCell environment. Consider the following implementation methods and caveats: Direct attached library is the easiest to configure but it creates a single point of failure if the Media Agent goes offline. Ensure there are adequate Media Agent resources when using this method. SAN attached library is useful when backing up data over LAN Free paths or when consolidating large amounts of data into a central library location. For disk libraries using Simpana Deduplication, it is strongly NOT recommended to use multiple Media Agents in a Round Robin configuration as restore performance can suffer significantly. For tape libraries, using multiple Media Agents writing to a Dynamic Drive Sharing (DDS) library is ideal for providing scalability and fault tolerance for backups and restores. Network attached library is best used in environments where dedicated backup networks are used for data protection operations. Avoid moving large amounts of data over production networks. Network storage with dedicated backup networks and multiple Media Agents is the preferred method for protecting data when using Simpana deduplication. This will provide scalability, high availability and adequate restore performance.

15 Content Based Planning Methodology The following diagram shows LAN and LAN-Free clients and various Media Agent and library physical architecture. Libraries can be direct, SAN or NAS. Data Paths LAN based paths will be used when backing up clients with no Media Agents installed. There is a general rule that all data must be moved through Media Agents when writing to protected storage. The exception to that rule is direct NDMP dumps of NAS filers that are SAN attached. LAN Free (SAN) paths can be used with Client / Media Agents to avoid using the production network for data protection jobs. This is useful when protecting large amounts of data especially to SAN attached tape libraries. NDMP libraries can use either LAN based or LAN Free paths. LAN based paths use CIFS or NFS shares to protect data over the network through a Media Agent and into protected storage. If the NAS filer is attached to a SAN with a tape library, direct NDMP dumps can be executed and managed by the Simpana software to provide a LAN Free path. This method does not require the data to be moved through a Media Agent.

16 336 - Content Based Planning Methodology GridStor Technology can be used to allow multiple data paths to be used in a Round Robin or failover pattern. Round Robin is best used with SAN attached tape libraries or NAS attached disk libraries. Failover can be used when a preferred Media Agent and/or library path should be used but other paths can be used in case of inaccessible primary paths. Careful consideration should be taken into account when using Simpana deduplication. The following diagram illustrates the data path options available when using GridStor technology for LAN based and LAN-Free paths.

17 Content Based Planning Methodology Simpana Specific Considerations There are also some Simpana specific considerations regarding the number of storage policies that may be required. The following highlights these situations. Incremental Storage Policy An Incremental Storage Policy links two policies together. The main policy will manage all Full backup jobs. The incremental policy will manage all dependent jobs (incremental, differential or logs). This is useful when the primary target for full backups needs to be different than dependent jobs. Traditionally this has been used with database backups where the full backup would go to tape and log backups would go to disk. A more recent adoption of this feature is for writing full database jobs to deduplicated disk and log jobs to non-deduplicated disk. In either case when logs are protected multiple times per day, to shrink RPOs, replaying the logs from nondeduplicated disk can be faster than tape or deduplicated disk. Microsoft SQL Log Storage Policy MS-SQL subclients have a unique configuration where Full and Differential backups can be directed to one storage policy and Log backups can be directed to a second policy. This is the same concept as Incremental Storage Policies except that instead of linking the policies together, the two policies are defined in the Storage Device tab of the SQL subclient. Legal Hold Policy When using the Simpana Content Indexing and compliance search feature, auditors can perform content searches on end user data. The search results can be incorporated into a legal hold. By designating a storage policy as a Legal Hold policy, the auditor will have the ability to associate selected items required for legal hold with designated legal hold policies. It is recommended to use dedicated legal hold policies when using this feature. Legal Hold Storage Policies can also be used with Content Director for records management policies. This allows content searches to be scheduled and results of the searches can be automatically copied into a designated Legal Hold Policy. Erase Data Erase data is a powerful tool that allows end users or Simpana administrators to granularly mark objects within a job as unrecoverable. For object level archiving such as files and messages, if an end user deletes a stub, the corresponding object in CommVault protected storage can be marked as unrecoverable. Administrators can also browse or search for data through the CommCell Console and mark the data as unrecoverable. It is technically not possible to erase specific data from within a job. The way erase data works is by logically marking the data unrecoverable. If a browse or find operation is conducted the data will not appear. In order for this feature to be effective, any media managed by a storage policy with Erase Data enabled will not be able to be recovered through Media Explorer, Restore by Job, or Cataloged. It is important to note that enabling or disabling this feature cannot be applied retroactively to media already written to. If this option is enabled then all scratch media written by the policy from the point erase data is enabled cannot be recovered other than through the CommCell Console. If it is disabled then all scratch media

18 338 - Content Based Planning Methodology written by the policy from the point it is disabled can be recovered through Media Explorer, Restore by Job, or Cataloged. If this feature is going to be used it is recommended to use dedicated storage policies for all data that may require the Erase Data option to be applied. For data that is known to not require this option disable this feature. Note: This option is enabled by default on all new storage policies created as of Simpana v9 sp3. Group Security If specific groups need rights to a specific storage policy to manage it than it is recommended that different policies be created for each group. This is a very effective separation of power method in larger departmentalized organizations. Each department group can be granted management capabilities to their own storage policies. Media Password The Media Password is used when recovering data through Media Explorer or by Cataloging media. When using hardware encryption or the Simpana software copy based encryption with the Direct Media Access option set to Via Media Password, a media password is essential. By default the password is set for the entire CommCell environment in the System applet in Control Panel. Storage policy level media passwords can be set which will override the CommCell password settings. For higher level of security or if a department requires specific passwords, use the Policy level password setting which is configured in the Advanced tab of the Storage Policy Properties. Using Encryption with a Deduplication Policy If Client side encryption is going to be used with deduplicated data, separate storage policies must be used to separate encrypted and non-encrypted data. The ability to encrypt deduplicated data is a powerful tool which is unique to Simpana software. This is because the encryption will take place after the block has been hashed and compared. Using encryption for deduplicated data is especially useful when backing up deduplicated data to Cloud storage. Content Indexing Simpana Content Indexing can be used to proactively or retroactively index the contents protected data. A storage policy can manage data either requiring or not requiring indexing. Consideration in this case should be placed on subclient design. Data that does require indexing should be defined in separate subclients from data not requiring indexing. The subclients requiring indexing can be selected in the Content Indexing tab of the storage policy properties. Filters Filters can be applied through the Global Filter applet in Control Panel or locally at the subclient level. If specific folder locations require special filters, a dedicated subclient should be used. Define the subclient content to the location where the filters will be applied and configure local filters for that subclient. The option to use Global Filters can still be used allowing the global and local filters to be combined. If global filters are being used but specific subclient data should not have certain filters applied define the content in a separate subclient. Global filters can still be enabled for the subclient but the exclusions list can be used to override the global filter settings.

19 Open File Handling Content Based Planning Methodology Open file Handling using Microsoft VSS or CommVault QSnap can be used to ensure open files are protected. VSS is an available option for Windows 2003 or higher agents. Non Windows agents can use CommVault QSnap to ensure open files are protected. Pre/Post Scripts Pre/Post Process scripts can be used to quiesce applications prior to protection. This is very useful when protecting proprietary database systems or for quiescing databases within virtual machines prior to using the Simpana Virtual Server Agent for snapping and backing up the VM. Assess Current Protection Strategies Whether you are deploying the Simpana software for the first time or you are modifying or redesigning your CommCell environment, a methodical approach can be used to better ensure a successful implementation to meet current and future needs. This section will focus on assessing current protection methods that can be used to assist in improving new deployments or existing CommCell infrastructures. Identify Current Protection Methods What are the current methods for protecting data? These methods can have a significant effect on protection and recovery windows as well as retention and media management requirements. The following table shows different data types and the current protection methods. Data Protection Method Frequency File Server Traditional backup Weekly full / daily incremental SQL Server SQL database dumps Nightly Exchange Exchange DB agent Nightly full NAS Filer Traditional backup through file Weekly full / daily incremental share Virtual machines (low priority) File system agents in VM Weekly full / daily incremental Virtual machines (high priority) File system agents in VM Weekly full / daily incremental Virtual machines (running applications) Application quiescing and file system agents in VM Weekly full / daily incremental

20 340 - Content Based Planning Methodology Retention and Destruction Strategies Retention policies should be determined for all data within an environment. Depending on specific business and compliance requirements data destruction policies should be determined as well. The following table shows the different data types and retention and destruction policies. Data On-Site Retention Policies Off-Site Retention Policies Destruction Policies File Server 30 days 60 days None SQL Server 7 days None 60 days Exchange 14 days 60 days 60 days NAS Filer 30 days 60 days None Virtual machines (low 14 days 60 days None priority) Virtual machines (high 30 days 60 days None priority) Virtual machines (running applications) 7 days 60 days 60 days Protection Windows Protection windows may be different for weekdays and weekends. This information should also be documented as it will be used when performing gap analysis to determine if changes need to be made to meet current and future projected operation windows. The following chart illustrates weekday and weekend operation windows. Data Weekdays Weekends File Server 8 hours 48 hours SQL Server 1 hour 1 hour Exchange 8 hours 48 hours NAS Filer 8 hours 48 hours Virtual machines (low priority) 8 hours 48 hours Virtual machines (high priority) 8 hours 48 hours Virtual machines (running applications) 1 hour 1 hour

21 Recovery Objectives Content Based Planning Methodology Recovery objective should be defined for data and also assigned a priority level for recovery. Recovery Time Objectives (RTO) determine how long before a business system must be brought back online. Recovery Point Objectives (RPO) determine the acceptable amount of data loss that can be sustained. The following table shows RTO and RPO requirements for different data. Note that objectives are not defined for some data. It must be determined if objectives need to be defined or if the data is not critical to the continuation of business operations. Data Recovery Time Objective Recovery Point Objective File Server None defined 24 hours SQL Server 1 hour 1 hour Exchange 4 hours 24 hours NAS Filer None defined 24 hours Virtual machines (low priority) None defined None defined Virtual machines (high priority) 4 hours 24 hours Virtual machines (running applications) 1 hour 1 hour

22 342 - Content Based Planning Methodology Perform Gap Analysis Gap Analysis is the concept of analyzing required protection goals against actual results. This requires careful planning and analysis of results over time. It basically comes down to a simple yes or no whether goals are being met. If goals are not being met then either environmental changes must be made or requirements must be modified. The following table represents a Gap analysis audit based on previous tables from this section. This analysis will be expanded in the next section where various solutions will be discussed to shrink the gap. Data On Site Retention Policies Off Site Retention Policies Destruction Policies Weekday Window Weekend Window RTO RPO File Server YES YES N/A YES YES Not tested YES SQL Server YES YES NO YES YES NO NO Exchange YES YES NO YES YES NO YES NAS Filer NO NO N/A NO NO NO NO Virtual YES YES N/A NO YES Not tested YES machines (low priority) Virtual YES YES N/A NO YES Not tested YES machines (high priority) Virtual machines (running applications) YES YES NO NO NO NO NO

23 Modify Protection Methods or Requirements Content Based Planning Methodology In some cases, modifying Simpana configurations can solve problems if requirements are not being met. In other instances adding Simpana features can help achieve goals. Simpana configurations and features can only protect the data as fast as the environment will let it and only store the data as long as storage capacity is available. The following table shows various Simpana solutions to assist in meeting protection goals. The following table proposes specific solutions to overcome or shrink the gaps between required protection goals and actual results. This chart also illustrates additional Simpana features that can be implemented in a CommCell environment. Data On Site Retention Policies Off Site Retention Policies Destruction Policies Weekday Window Weekend Window RTO RPO File Server SQL Server Exchange NAS Filer Policies are not being met because protection windows are not being met. Use VaultTracker policies to recall and destroy data on tapes Use VaultTracker policies to recall and destroy data on tapes Use SnapProtect if hardware supports it. Use NDMP dump to tape (if attached to SAN). Test and readdress RTO needs Use SQL database agent to multistream backup/restore. Schedule log backups hourly Divide and prioritize database recovery Adjusting protection methods should improve RTO and RPO. Retest after changing methods. Virtual machines (low priority) Virtual machines (high priority) Virtual machines (running applications) Use VaultTracker policies to recall and destroy data on tapes Use Image level backup Use VSA agent Use VSA agent Use SnapProtect and VSA if hardware supports. Alternately, use application agents in VM Test and readdress RTO needs Test and readdress RTO needs VSA/SnapP rotect provides faster restore / revert snaps With VSA/SnapProtect snap every hour. Alternately use agents in machine performing log/incremental backups hourly. The chapter Risk Assessment will take a more detailed look at addressing and assessing technologies and Simpana features to assist in meeting protection requirements. It will address various technologies outside of CommVault and their cost-value-risk trade-off. It will also go into technical details on Simpana configuration options and the value-risk assessment for using each option.

24