Enhanced data protection
Features like CDP, encryption, and disk-based backup and recovery are becoming more prevalent, but there are significant differences in how backup programs deliver these features. For example, products such as CommVault's Galaxy and Symantec's Backup Exec allow administrators to manage CDP within the backup software management interface. Hewlett-Packard (HP) Co.'s OpenView Storage Data Protector uses different interfaces and requires separate logins to manage its backup and CDP databases. Though products like OpenView Storage Data Protector and Atempo's Time Navigator store the CDP data in a different database than the backup data, both HP and Atempo plan to create an index that will allow them to use a federated approach to manage data in the two databases.
Other backup software vendors offer CDP, but not in the truest sense of the word. For instance, Atempo has three versions of its CDP product: LiveBackup for PCs, LiveBackup Express and LiveServ for Microsoft Exchange. The first two support only desktops and laptops, while the Express version lacks disaster recovery and system rollback capabilities. Syncsort's Backup Express delivers a type of CDP functionality, although the company doesn't market it as CDP. With Backup Express, administrators may set up a schedule to quiesce applications and capture block-level changes to create a consistent and recoverable system image at various times throughout the day. While not true CDP, it allows users to create recoverable images more often than once a day.
Data encryption capabilities also vary widely. For instance, CA's BrightStor ARCserve Backup includes host-based encryption that allows administrators to specify which files they want to include or exclude from encrypting, as well as what level of encryption they wish to apply to files. However, there are several downsides to using host-based encryption: Turning on encryption requires a password to be set prior to initiating the backup and the password must be available when a restore is done. Second, using host-based encryption increases CPU overhead on the server during backup and recovery, which can affect backup performance. Users also need to verify what levels of encryption the backup software supports and which ones they use. Products such as EMC's Retrospect support an older encryption algorithm, DES-56, which, if used, can be hacked in 35 minutes or less by simply using all possible 56-bit key combinations. Syncsort Backup Express and Symantec Backup Exec plan to incorporate encryption into their products later this year.
As vendors integrate disk into the backup process and claim support for features like disk-to-disk-to-tape (D2D2T), users need to verify how vendors are implementing this functionality. One of the least desirable ways to implement D2D2T is when the backup software treats the disk as a target and dumps the data to disk. This requires the backup software to back up the dump file again from disk to tape, and two restores must be done: first from tape back to disk, and then from disk to the original location. It can also result in the backup software losing track of the dump files and the contents of the files.
EMC employs a variation of this approach to centrally manage backup files created by its SMB Retrospect product. Retrospect will back up data on remote-office servers and desktops to disk located in the remote office. Central data centers can then use EMC's enterprise NetWorker to gather the dump files created by Retrospect from the remote offices and store them centrally. However, multiple administrators may need to get involved to restore files because Retrospect may not know where the dump file resides if the remote office's disk copy has been deleted.