Just a year or two ago, only the Fortune 500 could seriously consider implementing CDP. Today, continuous data-protection offerings are available in a range of prices from vendors large and small. That's fortunate, because most organizations have carefully planned data-protection techniques for their critical applications, but leave their file services to conventional nightly backups--occasionally discovering that file servers are more mission-critical than the IT staff ever knew.
|
We sent out a call for software products that provide continuous or pseudo-continuous data protection for Microsoft Windows servers. (We defined pseudo-continuous as using a snapshot-and-export model or other method that doesn't send changes to the backup repository in real time.) To qualify for this review, the products had to copy data to storage external to the protected server, make point-in-time copies (snapshots) at
least once per hour and let administrators restore data at least hourly during the business day, or eight times per day.
As we discuss in "Data Do-Over", there's considerable nitpicking around the term CDP. Let the marketing reps and the Storage Networking Industry Association (SNIA) argue about infinite restore points and what qualifies as continuous protection. We're not interested in splitting hairs; like you, we just want to safeguard our data as comprehensively as possible, without breaking the bank or overwhelming our WAN.
Every vendor we invited joined in, and we installed Availl CDP 3.0, FilesX Xpress Restore, IBM Tivoli Continuous Data Protection for Files 2.1, LiveVault InControl, Microsoft System Center Data Protection Manager 2006, Symantec Backup Exec 10d for Windows Servers, TimeSpring Software TimeData 2.1, and XOsoft WANSyncHA for File Server and Enterprise Rewinder in our Purchase College (New York) partner lab.
We tested by backing up multiple Windows 2003 file servers while running a script that emulated typical employees accessing servers using Microsoft Office applications, including Word, Excel and Outlook. We then repeated the exercise after connecting the source and destination servers with a low-speed (1 Mbps, just to make life interesting) link. We graded the software on backup frequency (minimum recovery point objective), number of backups that can be kept online for restores, types of data protected (such as files, open files, SQL, Exchange), management/configuration/ease of use, ability to send data off-site, features and price.
Our pricing grade is based on the cost to protect three file servers by copying data to a single backup server, both in the same data center as the source servers and remotely.
We see three primary scenarios in which file-based CDP will be useful. The first is for general protection of file servers/NAS in the data center. In this application, we'd use a CDP system to replace the nightly backup to disk or tape, and run off-site tapes from the CDP server. It also would be nice to have the CDP box integrated with a replication system that could send file changes in real time, or snapshotted changes, to a disaster-recovery site. Although some consider CDP a niche application for highly critical or transactional data, we're sold on using it as the general backup for our file server cluster, just because we found many of these products easier to manage than conventional backup.
The second scenario is centralized backup for branch offices. Even simple tasks like monitoring a backup server and changing tapes can fall through the cracks when assigned to plant or clerical personnel. Using a CDP setup to protect branch-office file servers eliminates the need for tape drives and tape handling at the remote site, and it means we can use the same replication technology we'd use for disaster recovery to send branch backup data to headquarters. Ideally, we'd add a local repository so we can restore files in the remote offices from a local copy, not across a slow WAN link.
The third scenario: CDP can help address the problem of laptop data. We can bully desktop users to store all their data on servers, where we can back it up, but laptop users are tougher nuts to crack. Why not use CDP technology to journal file changes on the user's local drive and automatically upload them to a central server whenever the user connects to the office network, directly or over a VPN? Granted, this isn't technically CDP because the remote connection is intermittent, but we found IBM Tivoli CDP especially well-suited to protecting laptop data. When the user is offline, his or her files are backed up to the local RealTimeBackup folder as they're updated, and the latest versions are uploaded to the remote folder when the user connects to the network. We could even point the remote folder to a removable disk, like a USB hard drive, instead of a NAS or file server.
Infinite Variety
The products we tested vary significantly in how close they come to the holy grail of continuous protection: unlimited restore points. For example, Microsoft DPM, LiveVault InControl and FilesX Xpress Restore moved our file-change data from source to backup server periodically rather than continuously. Symantec Backup Exec 10d continuously moved data to the backup server, but only gave us an hourly restore point.
These products also vary in how they handle data retention. More straightforward offerings like Microsoft DPM and Availl CDP simply discarded older versions of our files as they ran out of disk space or reached their maximum number of snapshots. More sophisticated entries like TimeSpring TimeData, LiveVault InControl and Symantec 10d could filter down our snapshots to hold continuous data for 24 hours, a daily snapshot for a week, a weekly snapshot for a month and so on, making them more complete backup systems.
Finally, products differ in their support for applications beyond simple files. Several support Exchange and SQL Server, with FilesX and TimeSpring allowing individual mailbox or message restores without having to restore an entire Exchange message store.
Backup frequency and restore granularity are what separate CDP and pseudo-CDP from conventional backup. The products we reviewed cover the spectrum: Microsoft DPM, LiveVault InControl and FilesX Xpress use a snapshot-and-export model, meaning they send data from the source server to the backup server at preset intervals, from hourly to every 15 minutes (InControl). Symantec 10d is a variation on this theme: It sends data to the backup server continuously but uses hourly snapshots to create restore points. XOSoft's WANSyncHA and TimeSpring's TimeData have truly continuous models, and Availl and Tivoli CDP for Files store changes when files are saved, a method that works well for common document types but isn't well-suited to databases or other files open for long periods of time, like Outlook's .PST files. If you want to protect these open files, Availl can take as many as eight snapshots per day.
Symantec and Microsoft use Windows VSS (Volume Shadow Copy Service) to manage their snapshots and therefore must live with VSS' limitations, meaning we could keep only 64 restore points. The others are limited only by the disk space allocated to them.
Data Diversity
While our testing focused on protecting file servers, most organizations have database and messaging servers supporting mission-critical applications that could benefit from more than nightly backups. Microsoft, Symantec and Tivoli are limited to protecting files, while Availl and LiveVault support backing up Exchange, SQL Server and other databases as open files. FilesX adds some support for Exchange and SQL Server, making restores easier and more reliable, while TimeSpring and XOsoft go beyond simply protecting Exchange and SQL Server files to providing restore points at database transactions and checkpoints. TimeSpring even includes OnTrack's PowerControls to let you restore a single mailbox or message from an Exchange information store without mounting it on a running Exchange server.
In addition, XOsoft and LiveVault support Linux and some Unix variants as well as Windows.
Mixed Results With Setup
Symantec and TimeSpring were the easiest products to set up and use, with relatively obvious install processes and user interfaces. At the other end of the spectrum was Availl, which presented us with a confusing mixture of Windows apps and Web pages for its management interface. XOsoft's primary function as a set-it-and-forget-it-until-disaster-strikes replication product shows in its limited user interface. Similarly, LiveVault's management via the LiveVault Web site shows its heritage as a remote backup service.
Protecting your data in the server room is nice, but you also must get it off-site. All the products except Tivoli CDP, TimeSpring TimeData and Symantec 10d provided compression to conserve our WAN bandwidth. TimeSpring supports sending data directly from servers to as many as three backup servers, while everyone else except Microsoft and Tivoli support multitier architectures, where the backup server sends your data to a remote backup server.
To review overall features, we examined the restore mechanisms each product provided. XOsoft supports restores only by rolling own files can be a timesaver for IT, and all the products except LiveVault, TimeSpring and XOsoft provide this functionality, most using a browser-based utility. Not surprisingly, Microsoft offered the widest variety of self-service options, including restores from inside Office applications. either the primary data or the backup server's copy back to a point in time. The others provided administrative restore features through their management interfaces. And, except with LiveVault and Tivoli, we also could mount our protected drives from the backup server.
Letting end users restore their own files can be a timesaver for IT, and all the products except LiveVault, TimeSpring and XOsoft provide this functionality, most using a browser-based utility. Not surprisingly, Microsoft offered the widest variety of self=service options, including restores from inside Office applications.
Although most conventional backup programs provide bare-metal restores for servers as an extra add-on, only FilesX provides this capability from CDP data. In our tests, we booted from the Xpress Recovery CD and successfully performed a bare-metal restore of our server's C: drive.
Prices for our test set of three file servers with 3 TB of storage ranged from $25,000 for LiveVault based on its "amount of data protected" pricing model to Microsoft's $950 and Symantec's $995, which included not only the continuous protection server and agents for our test servers but also a Backup Exec media server for conventional backups. XOsoft, at $14,000, and FilesX, at $9,995, are a bit more than the rest of the pack, which clustered around the $5,000 mark.
Symantec's Backup Exec 10d wins our Editor's Choice award, thanks to good overall support for file system CDP, excellent backup data management, decent integration with Backup Exec's standard backup functions and an amazing price.
Those organizations wishing to protect Exchange and SQL Server should take a good look at FilesX Xpress Restore and TimeSpring's TimeData. Xpress Restore has a broader set of features but isn't a true CDP offering.
At first glance, XOsoft's WANSyncHA seems out of place in a CDP products comparison. It is, after all, asynchronous, file-based replication software, designed for disaster-recovery scenarios. However, one of the critical flaws with simple replication as a data-protection mechanism is that the primary server will almost always be in the middle of writing data when it crashes or when the link between primary and secondary sites goes down.
Therefore, the data at the remote site will be inconsistent or corrupt in some way. XOsoft has addressed this problem by building a data-rewind function into WANSyncHA, so as you switch to the remote server you can rewind to a point in time where the data wasn't corrupt. You can even rewind the primary server back in time from the remote server if a software or user problem on the primary server caused some data corruption.
Microsoft's DPM isn't a bad pseudo-CDP application, but limitations, including lack of support for server clusters and a maximum eight snapshots a day, moved it down our list.
Smaller organizations should strongly consider LiveVault's InSync service, and Tivoli Continuous Backup for Files deserves an honorable mention as one of the best offerings we've seen for desktop and laptop data protection. It provided extremely granular restores but was hindered by a lack of WAN connectivity.
Finally, Availl's CDP was tantalizingly close to being a contender, but its clumsy user interface and a need to accommodate open files separately make it difficult to recommend.
Backup Exec 10d, formerly known as Panther, isn't a stand-alone product but rather new functionality for Symantec's venerable Backup Exec. As you would expect, it has much of Backup Exec's look and feel and significant integration with more conventional disk and tape backup functions. We could archive data from the Continuous Protection Server (CPS) repository and view both CPS and other backup job status lists and alerts in a single console.
At start-up, the install CD runs an environment test, which ensured that all aspects of our test bed were up to snuff. Having wasted many hours with programs that didn't tell us we had to download a new version of MDAC (Microsoft Data Access Components) until midway through the setup, we really like this feature.
We then defined our servers to create a protection group and specified where to store temporary journals and index files. Once the setup program finished, we followed the steps in the CPS assistant to push agents to our file servers, create backup destination folders and create backup jobs. Those familiar with Backup Exec will speed right through creating selection and exclusion lists for data; newbies should take just a few seconds longer.
|
|
CPS continuously sends data from the file server to your protection server and then uses Windows Volume Shadow Copy Service (VSS) to create snapshots on the protection server to preserve file versions. Because CPS uses VSS on the CPS protection server, it's limited to 64 snapshots for each destination. With that one restriction, we could define when to take snapshots, as many as one per hour, and what snapshots to retain, and could collapse and store daily and weekly snapshots.
Symantec 10d does have limitations, most significantly it doesn't protect critical applications like Exchange and SQL Server, but this is overcome by its ability to protect our files and the fact that it's a huge bargain.
Symantec Backup Exec 10d for Windows Servers, $995, includes Backup Exec 10d, the Backup Exec Continuous Protection Server and three Continuous Protection Agents. Symantec, (800) 327-2232, (650) 527-8000. www.symantec.com
As we installed our repository server, TimeData's setup program installed an update to the .Net framework and a full copy of SQL Server 2000, as opposed to the more limited MSDE most other products use for their database engine. We then assigned the folder it should use to store event log and backup data and the drive letter to use for read-only access to the data in the repository. We'd prefer creating multiple repository folders, though, because a single folder could lead to expansion and capacity issues.
We could manage everything through the Web or Windows versions of the TimeData management console. If we wanted greater protection, TimeData could install a second copy of the agent and save data to two repository servers simultaneously.
|
|
When we created a backup job, which TimeSpring calls a Content Group, we were pleased to see an advanced support for Word and Excel option that keeps the temporary files that these applications create from cluttering up the protection repository. We selected our test data folders and switched to monitor mode to watch the initial sync complete. We skipped exporting the content group definition to a second repository, but that would be handy for setting up a local copy for fast restores and a remote copy for disaster recovery purposes.
Those tasked with protecting SQL Server can select additional options to create restore points at each user transaction, at all named transactions or just at SQL Server checkpoints. For Exchange storage groups, TimeData automatically creates restore points at database checkpoints, log file rollovers and other system events. Like all but FilesX Xpress Restore, TimeData doesn't manage SQL Server or Exchange transaction logs, so you'll still need your standard backup application.
TimeData 2.1, $4,875 for a three-server, two-repository configuration. TimeSpring Software, (888) 375-7634, (408) 834-8966. www.timespring.com
On the downside, XPress Restore doesn't provide true CDP; it takes snapshots up to once an hour, like Microsoft's DPM, then transfers them from the data server to the backup repository server. Again, we're more concerned with the end and see no point in being nitpicky about the means--if data leaves the primary server at least hourly, we were interested in taking a look.
After installing XPress Restore we were surprised to see a "License Expired" message. A quick call to tech support revealed that the product created a serial number using the MAC address of our server, and FilesX had to generate a system-specific license key file for us. We had to repeat the process for data servers where we wanted to mount snapshots.
Once that problem was resolved, we were pleased to see that Xpress Restore integrated into our Active Directory and granted appropriate access to our "users" without us having to create additional users and groups or explicitly log into the application. Next, we defined a repository by giving Xpress Restore control of a pair of disk drives through a process that looked and felt like Windows Disk Administrator.
|
|
Now it was time to start backing up our data. Using the policy wizard, we selected the folders we wanted to protect and told Xpress Restore to use Windows VSS to get a consistent set of files in each snapshot and to take snapshots hourly from 8 a.m. to 7 p.m., Monday through Friday. Xpress Restore is a VSS requestor but doesn't require VSS; in contrast, DPM and 10d use VSS to manage their snapshots, not just to put data in a consistent state.
When the time came to restore we mounted a snapshot as a read-only volume from the data server and, because we had the required second network card installed on our repository server, accessed a share on the repository server to successfully restore individual files.
Xpress Restore is a powerful application and would be a good choice for those looking to protect Exchange or SQL servers and for whom hourly granularity is good enough.
FilesX Xpress Restore, $9,995 as tested. FilesX, (866) 434-5379, (617) 581-6367. www.filesx.com
We installed WANSync on a pair of servers and created a replication scenario to copy the folders containing our test data. As expected, we had a range of compression, bandwidth and other parameters to control replication. We set the rewind buffer to infinite time and 1 GB of disk space, then set up a second scenario to replicate the shares hive of our server's registry so that all we'd have to do to have users access our target server is change a log-on script.
After running our update scripts we went to rewind and were floored by the number of recovery points. Each file save in Word creates about six entries as the temp files are updated and renamed to the file's real name. If you're using WANSync to protect Exchange or SQL Server, checkpoints are logged as handy points to rewind to.
We picked a rewind point, and it took just a few moments for WANSync to roll our target server back. It was as if the second half of our script had never run--all our files were in their intermediate state. XOSoft also sells its rewind technology separate from replication, as Enterprise Rewinder, which lets you set up a rewind journal local to your file server and rewind the state of the server without a doppelganger.
Although XOSoft's rewind technology is interesting, the limitation of having to roll all the files protected by a scenario back to a single point in time makes it more appropriate for disaster recovery than as a general backup tool.
WANSyncHA; Enterprise Rewinder, WANSyncHA for File Server, $3,500 per server, $14,000 as tested. CDP is included in WANSyncHA. Enterprise Rewinder, $25,000 for a 10-server license. XOsoft, (866) WANSync, (781) 419-5200. www.xosoft.com
Installing DPM involved first installing Windows 2003 Server SP1 and allocating the space it needs. DPM requires at least one dedicated disk to store its data; this will make expansion more difficult than if it could use a volume, directory or file share.
It was simple to push DPM agents out to the servers we wanted to protect, but it would also be fatally easy to click OK without noticing that the default choice is to reboot servers automatically after agent installation, and reboot all your servers in the middle of the day! We'd like to see a more fail-safe setup here.
DPM shows its status as a version 1.0 product. We could protect only servers in the same domain as our protection server, for example, which could negate branch office scenarios. Also, DPM can't run on a domain controller, can't protect clustered servers and can't protect servers running 64-bit versions of Windows.
We've found that few organizations actually use end-user restores because server admins don't trust users, but if you have more faith than your peers, DPM enables end users to easily restore their own files using the VSS plug-in for Windows Explorer that adds a "Previous Versions" tab to file and folder properties, just as they can with VSS for shared folders snapshots.
|
|
Perhaps DPM's greatest strength is that vendors from CommVault to Xiotech are falling all over each other to support it, offering everything from packaged DPM hardware-software bundles, to updates, to conventional backup applications that allow archiving of data from the DPM repository. If you use a DPM-aware backup application, you can run your long-term backups from the DPM repository and restore data directly to the source server.
Although DPM isn't truly CDP, it is a respectable first attempt at a disk-to-disk backup application.
Microsoft System Center Data Protection Manager 2006, $950, includes one server license and management licenses to protect three file servers. Microsoft, (800) MICROSOFT, (800) 642-7676. www.microsoft.com
This Web management model has a couple of drawbacks. Selecting folders to protect, and other screen-I/O-intensive tasks, were a bit pokey. Although your data is encrypted, the NOC staff at LiveVault can see the servers and folders you've chosen to protect, which the only the truly paranoid would find objectionable especially considering that LiveVault is now part of Iron Mountain, the most trusted name in records management. Even worse, you can't restore data, even from a local vault or appliance, if your Internet connection is down.
On the plus side, even though your data is stored on your premises, LiveVault's NOC can still monitor your backup infrastructure and let you know when something's gone awry, before you try to restore data that hasn't been backed up in weeks. When we shut down our lab for a long weekend, we got a phone call from LiveVault asking if there was a reason our vault hadn't checked in for two days.
In addition to the InControl software, LiveVault sent us one of its TurboRestore appliances, a low-end 1U server that can act as an intermediate backup location in branch office, hosted or other scenarios where the primary data vault is offsite, and a Dell PowerVault 745 to use as our vault.
We installed the vault software, and after waiting for it to generate an encryption key, were directed to the LiveVault site to add our server to our account. After following the same process for the appliance and data servers we could select the folders we wanted protected. InControl's online heritage also shows in the limited restore options, which don't let you mount a snapshot as a volume. This is the only product with encryption.
|
|
Where truly continuous applications intercept file updates and send them to their data repositories in real time, InControl uses a snapshot provider to capture file changes only every 15 minutes. This is a big step up from nightly backups, and tends to reduce the bandwidth used between a protected server and its vault, but it could result in data loss in time-critical applications. Although our Editor's Choice offers only hourly snapshots, it does continually export data. If the primary server crashes, its data is in the Backup Exec server, just not recoverable until the next snapshot is taken on the hour or manually.
We found InControl easy to use and liked its features, like data consolidation that allows for monthly and quarterly snapshots. It is, however, the most expensive product we looked at; smaller organizations might be better off with the InSync service.
LiveVault InControl, $25,000. LiveVault, (877) VAULT-ME, (508) 460-6670. www.livevault.com
Once we installed Tivoli CDP we fired up its Java console and told it on which drive to store local backups, the folder to send backups to on our file server, and the folders and file types we wanted to back up. It became clear that Tivoli CDP is designed to protect data files, not systems: The default file list to protect is the My Documents folder and all files with .XLS, .DCO, .PPT and .123 extensions.
Once we told Tivoli CDP what files to protect we had it synchronized and created the initial backup. As our script modified files, Tivoli CDP created versions of the file in its RealTimeBackup folder with serial numbers appended to the file name. We then logged out of the server to see what would happen. Turns out the copies had stopped because the process that does duplication was running as an application in the logged-in user's system tray. A few minutes with the manual, and we had it running as a service with the right permissions.
|
|
Because it lacks a central control console for multiple data sources and other management features, Tivoli CDP isn't the best choice for enterprise file server protection. For example, we could specify a limit on the amount of disk space the local copy should take up, and Tivoli CDP will delete older versions when it reaches 85 percent of that size; we couldn't specify how much space the remote copy should be allowed to use.
IBM Tivoli Continuous Data Protection for Files 2.1, $3,980 as tested; $35 per client (laptop/desktop); $995 per server processor. IBM, (800) IBM-4YOU. www.ibm.com
Installing Availl was so fast--less than one minute--we took a second to realize it was done. After installing the agents on additional servers we set out to create backup jobs. Unfortunately, that meant using Availl's clunky user interface, which comprises a mixture of Windows applications that aren't accessible in a terminal services session and Web pages.
Availl Backup operates in two modes. When we created a file mode job to protect a data folder, it replicated each file when we closed it and created a new version with each save. This is great for apps like Word and Excel; we could create versions until our space quota was filled, not bothering with temp files that never close.
Database jobs replicate data as it's written to protect files that remain open, like Outlook .PSTs and databases. But we could protect only 500 to 1,000 files per server, so if you have a folder of user home directories that contains .PST files and thousands of Word documents, you may have to do some fancy footwork to protect it.
|
|
The database mode will also not keep multiple versions of a file to restore to unless you specify that the Availl server should make snapshots. We could schedule as many as eight snapshots per day for each backup job. Snapshots are accessible copies of protected files and can be saved to any available disk, including mapped drives.
We restored versions of files through the agent's link to the server's Web interface and by mounting the repository for a job from the client. Unlike some of the other products we tested, Availl doesn't have a practical end-user restore function. When we tried to mount a protected server's data on our Availl server, we were rewarded with the blue screen of death. Definitely a bad sign.
Although it has an interesting feature set, Availl CDP needs some work before we'd call it ready for enterprise use.
Availl CDP 3.0, $4,485, as tested. Availl, (800) 474-0116, (978) 474-9113. www.availl.com
Howard Marks is founder and chief scientist at Networks Are Our Lives, a network design and consulting firm in Hoboken N.J. Write to him at [email protected].
R E V I E W
Continuous Data Protection
Welcome to NETWORK COMPUTING's Interactive Report Card, v2. To launch it, click on the Interactive Report Card ® icon above. The program components take a few moments to load.
Once launched, enter your own product feature weights and click the Recalc button. The Interactive Report Card ® will re-sort (and re-grade!) the products based on the new category weights you entered.
Click here for more information about our Interactive Report Card ®.
We installed each of the products using a Dell PowerEdge 1600SC (2.4-GHz Xeon with 1.5-GB RAM) as the data repository and management server. We then installed agents, or other client software, on three servers ranging from a Compaq notebook to a 3.2-GHz Pentium 4 white-box server. All servers were running Windows 2003 Server with Service Pack 1 and were reverted to a virgin state using Symantec's LiveState Recovery between application tests.
All the servers were configured in a single Active Directory forest with two domains. Each server had a single Gigabit Ethernet connection to an Extreme Summit7i switch in a single subnet and a second 10/100 interface to a management subnet. Test clients running Windows XP were connected to the Gigabit subnet.
We selected a volume with 2 GB of assorted test files on each server to protect. Once initial synchronization was complete, we ran scripts that used Microsoft Word, Excel and Outlook to modify files within the protected folders.
We then restored files from various generations, checked that we had gotten what we asked for where we wanted it, and examined the products' other file-related features. Although some of the products reviewed here support SQL Server and/or Exchange, we did not test this functionality.
All Network Computing product reviews are conducted by current or former IT professionals in our own Real-World Labs®, according to our own test criteria. Vendor involvement is limited to assistance in configuration and troubleshooting. Network Computing schedules reviews based solely on our editorial judgment of reader needs, and we conduct tests and publish results without vendor influence.