Publish in



Please download to get full document.

View again

of 6
All materials on our website are shared by users. If you have any questions about copyright issues, please report us to resolve them. We are always happy to assist you.
m Virtualization Economics DISCOVER Innovate Reliab nformation Global Change Intelligent Technology Se ght Opportunity Social Infrastructure Integrate Ana SOLUTION PROFILE Hitachi’s Approach to 3-Data-Center Business Continuity and Disaster Recovery New Form Factor Supports Top-Notch Protection The standard for disaster tolerance in most organi-
  DISCOVER    S   O   L   U   T   I   O   N   P   R   O   F   I   L   E Hitachi’s Approach to 3-Data-Center Business Continuity and Disaster Recovery New Form Factor Supports Top-Notch Protection for Smaller Organizations The risk of permanent data loss is a growing problem for organizations as the amount of data under management is growing at an annual compound rate of 40% or more. In addition, the complexity and interdependency of the IT environment is increasing, and the number and size of risks to the organization continue to rise. Previously, organizations had manual procedures and paper trails they could utilize to recover data, but those are largely a thing of the past. Today’s interconnected world can create an illusion of business continuity; however, the risk to revenue and reputation from an extended outage has never been greater.  The standard for disaster tolerance in most organi-zations is a two-site disaster recovery architecture, with one production site and a secondary disaster recovery location. The distance between these sites helps to determine the amount of data at risk of per-manent loss. The further the distance, the greater the data transfer latency: the greater amount of data that will not be in the secondary site at the time of a pro-duction site outage. However, having the two sites in close proximity results in the risk of both of them being impacted by a major regional event, such as a large earthquake or violent storm.For many organizations, these risks are becoming unacceptable, and reducing the probability of perma-nent data loss is a business imperative.Recent technological advances in storage-based data services, including active-active storage clustering and highly efficient long-distance replication, have enabled the cost-effective implementation of three-site disaster recovery architectures. These architectures dramati-cally improve protection against permanent loss and “corruption” of data. Moreover, this approach provides the foundation for much faster system recovery, or can even mitigate the need for recovery.  SOLUTION PROFILE CategoriesThreatsSystem Events Hardware or software failures, network problems, corrupted data, viruses, glitches, bugs Internal Events Human error, fire, plumbing leaks, electrical spikes, construc-tion defects, angry employee External Events Utility interruptions, sabotage or terrorism, hacking, accidents  Acts of Nature Floods, hurricane or typhoon, tornados, earthquakes Interdependence Threats Supply chain disruptions, partner failures, labor strikesHitachi has a long, successful history of helping large enterprise organizations with their disaster and business continuity needs. These capabilities are now available in a new midrange form factor, enabling smaller organizations to achieve levels of protection that were previously unavailable to them. Introduction When a disaster strikes, an organization may lose data and access to data, and thus the ability to function. Recovering from such a catastrophe is a business imperative. Leveraging techniques that focus on risk quantification and mitigation is key: It will help organizations to choose which tech-nology to use, and balance that decision against the determination of how much to spend.Specifically, this decision revolves around three fundamental service level require-ments for business-critical functions and their associated applications: ■ Recovery point objective: How much data loss can be tolerated during recov-ery? For critical data, the ideal is usually zero data loss. ■ Recovery time objective:  What is the acceptable time within which to recover systems and operations? The goal for critical operations should be measured in seconds or minutes. ■ Return on investment:  What is the right balance between risk and mitigation? The total cost of disaster protection should be less than the anticipated impact of a potential major disruption. Understand the Risks What could possibly happen to disrupt your operations? Depending on your location, a lot (see Table 1). These decisions are not independent of one another. Data loss, and in particular loss of data integrity, can significantly increase recovery time. TABLE 1. THREATS TO OPERATIONS According to the U.S. National Archives and Records Administration, 93% of companies that lost their data for 10 days or more filed for bankruptcy within one year of the disaster, and 50% filed for bankruptcy immediately. Historically, the emphasis has been on reducing the time required to recover sys-tems. All recovered systems lose some data. Today, there is significant pressure on organizations to implement recovery solutions that give a very high probability of zero data loss; this has been a business imperative for the financial industry for some time. More and more, organizations are finding it inordinately costly to recover if data is lost, and the corresponding recovery time is significantly increased. The business processes to recover lost data manually after a disaster become more difficult as processes are increasingly com-puterized. Automatic remote recovery for all major IT systems can simplify business processes and reduce costs.Recovery decisions can no longer be made in isolation. Within an organization, the failure of one system can quickly have a domino effect and bring down other sys-tems. Government agencies and business groups are mandating increasingly stringent recovery objectives to ensure that industries and society can recover quickly from man-made and natural disasters. As the world of digital business evolves, the attributes of business continuity and disaster recovery are transitioning from being highly desirable targets to being absolute “must haves.” Why Do You Need a 3DC Architecture? Part of these mandates is the requirement that at least one backup data site is located a significant distance, often more than 200 miles, from the primary data center. Recovery solutions have an important tech-nology constraint: Zero data loss cannot be achieved over long distances. The practical limitation is usually less than 50 miles, or whatever latency the application will tolerate when its data is synchronously replicated.  3  ArchitectureTechnologiesCascade: Synchronous +  Asynchronous Hitachi TrueCopy + Hitachi Universal Replicator Multitarget: Synchronous + Asynchronous  TrueCopy + Universal Replicator + Universal Replicator Storage Clustering +  Asynchronous Global-Active Device Feature + Universal Replicator Figure 1. Cascade 3DC Architecture TABLE 2. HITACHI TECHNOLOGIES FOR MULTIPLE DATA CENTER ARCHITECTURES If your critical applications and data require always-on access, you will need an active- active high-availability topology between sites. However, if you can’t get two sites within acceptable synchronous distance that meet the requirements for geographic dispersion, you will need a third site to protect against a major disaster that impacts the first two.By introducing a three-site architecture with two data recovery nodes (one at close dis-tance and one at long distance), a very high probability of zero data loss and fast recov-ery times can be achieved. Types of 3DC Architectures  The architectures of 3-data-center (3DC) disaster recovery solutions can consist of a combination of technologies to enable very high probabilities of zero data loss at local and long distances. They combine synchronous replication (local recovery node) with asyn-chronous replication (remote recovery node).  The local recovery node can accommodate very rapid recovery with a high probability of zero permanent data loss. Active-active storage clustering adds even greater resilience to the design. Testing of this envi-ronment is simplified, and IT personnel can be shared between the primary node and the local backup nodes.  The remote recovery node provides for recovery with low permanent data loss “in the unlikely event” that both the primary and local recovery nodes are impacted. As is the case in many IT decisions, choices available for 3DC protection can be deployed and even combined to meet an organization’s specific needs for various business continuity and disaster recovery scenarios. Hitachi Data Systems offers the following options, among other combinations, with Hitachi Virtual Storage Platform (VSP) G1000 and VSP G800 storage systems. These models use the remote replication technologies in Hitachi Storage Virtualization Operating System (SVOS), as shown in Table 2. Cascade 3DC Disaster Recovery  Architecture  This approach (see Figure 1) is sometimes known as “multihop,” and it combines technologies to provide a high probability of zero permanent data loss for the majority of disaster scenarios over a long distance. Typically, Hitachi TrueCopy remote syn-chronous replication is used between the production and local recovery sites to minimize data loss, with Hitachi Universal Replicator used to copy the data asynchro-nously from the local recovery site to the remote recovery site. Alternatively, Universal Replicator can be used for both links.Recovery time depends on various factors: the speed of the long-distance link between the local and remote recovery nodes, what time of day or year the primary node goes down, and the complexity of the recovery pro-cess. Recovery can be made at the remote node in under an hour or within a few hours. There are two main options within this topology: ■  The local recovery node can be a minimal disk-only “bunker” whose primary func-tion is to ensure that data can continue flowing to bring the remote recovery node completely up to date should the primary node go down. The local recovery node is often an unmanned storage site. This configuration is the most cost-effective way of providing a high probability of zero data loss at a remote recovery node with very good recovery time characteristics. ■ Less frequently, the local recovery node can be a full data center (often with failover and failback systems). This provides zero data loss and very rapid recovery for disasters at the primary node. Going forward, this configuration is less likely, as the multitarget topology discussed in the next section is a cost- effective option that gives better protection.One trade-off with cascade topology is seen in the following example. In the event that the local recovery node goes down, the remote recovery node is frozen with the data it has received at that point in time. The organization then has to decide whether to continue to run the IT produc-tion systems without ongoing protection. Business continuity and disaster recovery, using a 3-data-center topology, will be essential contributors to sustaining brand loyalty and brand value, especially in a world in which changing vendors can be as simple as going to a different website.  SOLUTION PROFILE Figure 2. Multitarget 3DC ArchitectureFigure 3. Storage Clustering With Asynchronous Replication 3DC Architecture If it does, the remote recovery node gets further behind, and if a rolling disaster takes out the primary node as well, significant permanent data loss can occur. It can close down the systems at the primary node until the secondary node is recovered or a communications link can be established between the primary node and the remote recovery node. In this case, the recovery time is elongated, but the probability of per-manent data loss is minimized.For organizations within a small geographical area, the cascade three-node topology makes good business sense. A disaster that takes down both the primary and local recovery sites is likely to affect most local customers. For interstate and international business, and especially for organizations that provide critical infrastructure services, this topology may not meet more exacting requirements. Multitarget 3DC Disaster Recovery  Architecture  The difference between the cascade topology and the multitarget is that in the multitarget topology, the primary data node backs up data to both nodes simultane-ously. See Figure 2. This is a recent technological capability, and very-high-performance controllers are required to manage this process. This approach ensures that there is no perma-nent data loss if either the primary or local recovery node is lost.Either node can communicate data to the remote recovery node to ensure zero data loss. To ensure rapid recovery, the storage controller technology has to be able to resynchronize the controllers at the remote recovery node with either the primary or local node, and pass just the changed data (delta resynchronization). In the cascade topology, if the local recovery node is down, no data can be transferred to the remote recovery node, as discussed above. The major disadvantage of the multitarget architecture is the higher cost of telecom-munication lines. A major advantage is that if there are backup servers in the local recovery node, there can be failover and fail-back between the primary and local nodes.  This significantly enhances recovery times.  Additionally, remote snapshots or clones can be created and mounted in either of the backup sites to enable secondary pro-cesses. These include operations such as backing up to tape, refreshing development systems, or enabling recovery testing with-out impacting the performance or availability of the production systems. Storage Clustering With Asynchronous Replication  The most recent advances in storage resiliency and data availability are found in global-active device storage clustering tech-nology. This feature is part of the Storage  Virtualization Operating System of Hitachi  Virtual Storage Platform G series systems. With global-active device, there are two pro-duction sites, each with an active copy of all data. If a failure occurs at either site, its data is transparently available at the other site, with no need to fail over or fail back. Universal Replicator asynchronous repli-cation is used to copy the data from either production site to the remote recovery site.  All of the additional benefits of the multitar-get configuration described above apply to this architecture. See Figure 3. The storage clustering 3DC model provides the greatest levels of data availability and resiliency with zero data loss. Simplify Your Business Continuity and Disaster Recovery Plan and Operations Many disaster recovery strategies consist of a collection of application-specific point solutions that must be individually main-tained and managed. These must then be individually executed at the time of a
Related Search

Previous Document


Next Document

kasus etika

We Need Your Support
Thank you for visiting our website and your interest in our free products and services. We are nonprofit website to share and download documents. To the running of this website, we need your help to support us.

Thanks to everyone for your continued support.

No, Thanks