Discussions for buying storage typically begin with determining the company’s requirements, and usually focus on meeting the needs of business critical applications — also known as tier 1 applications.
As the term implies, these applications are the most critical to an organization. In most cases, downtime or interruption to business critical applications causes a significant negative impact to the company. This negative impact can be financial or an embarrassment that could lead to loss of future business.
When companies quantify the business impact of the loss of critical apps, they usually measure it in financial terms such as a material loss of ‘x’ dollars per hour of unavailability. They also look at longer term impacts, such as the number of customers that will go to a competitor because of the downtime. Not only will that business be lost, but the likelihood of the next transaction going somewhere else impacts future business.
A more jarring measurement that some IT professionals use to explain the justification for a business continuance/disaster recovery strategy is how long of an outage would be impossible to recover from, forcing the company out of business. These numbers vary widely by industry, but they certainly get a lot of attention when measured in days or hours.
Storage is a key element in meeting business critical application availability needs, although the amount of management they require on the storage end varies by application. Requirements for storage systems used for business critical applications start with four key areas:
- Data Protection – The potential data loss due to operational error (from a variety of causes), corruption from the application, or a hardware malfunction is real. A recovery time objective (RTO) and recovery point objective (RPO) need to be established for business critical applications. This will dictate the frequency of protection with the generations retained, the data protection technology needed to meet the time and capacity requirements, and the recovery procedures. The data protection strategy used for a business critical application may be different than secondary -– or Tier 2 — applications.
- Business Continuance / Disaster Recovery – BC/DR is a storage-led implementation where the replication of data on the storage systems is the most fundamental element. A solid BC/DR plan requires storage systems that can provide coherent replication of data to one or more geographically dispersed locations. This capability is necessary to ensure the operational availability of the critical app.
- Security – Secure environments and secure access to information are implied with business critical applications. From a storage standpoint, the control of access to information is an absolute requirement and is not always addressed adequately when developing a storage strategy. Block storage systems protect access through masking and physical connection limitations, moving the security problem to the servers. File storage for unstructured data uses a permissions set that relies on the diligence of administrators and has potential openings that must be addressed with careful consideration. This area will improve as more investments are made in storage for unstructured data.
- Performance – Most of the time, business critical applications demand high performance. For storage, quality of service and service level agreements are defined to meet minimum requirements for operation that do not degrade or impede the application’s execution. These require measurement and monitoring of the storage to determine impacting events and degradations where actions can be taken. Isolating performance issues is a complex task that requires skilled storage administrators with tools that work with the storage systems and networks.
Organizations must give careful consideration to their storage for business critical apps. There needs to be a process for understanding the requirements, evaluating the choices for systems that can meet the requirements, and a strategy for the overall business of storing and protecting information.
(Randy Kerns is Senior Strategist at Evaluator Group, an IT analyst firm).