Installations that use VTL libraries with de-duplication technology often perform a raw backup to disk and then tape as a means of ensuring the fastest time to securing the data offsite, and improving the recovery point objective (RPO) in the case of a disaster at the data center. Inserting de-duplication as a first step can increase the RPO and introduces another potential technology failure point, but also has the potential to reduce IT costs, especially relative to performing backups on tape.
One key technology that has enabled a reemergence of remote backup and recovery services is de-duplication. This can be done at the originating site, or at the remote site, and there are tradeoffs that must be evaluated seriously.
The advantages of de-duplication being done at the site is that the data sent over the network is minimized with lower IT costs and shorter network transmission times before the data is secure. Some vendors argue that de-duplication is a type of weak encryption; however if encryption is a requirement before transmission over the network, de-duplication can only be done first or not at all.
The disadvantages of de-duplication are that an additional de-duplication step is required to produce the data for transmission, with the added risk of technology failure, additional IT cost (e.g., server and operational overheads), and additional elapsed time before the data is ready for transmission.
The ideal from an IT cost point of view is to de-duplicate the data early, then compress the data and then transmit without encryption. However, the business has to decide whether the additional costs of de-duplication later in the cycle are offset by reductions in risk and improvement in RPO.
Action Item: Installations looking at remote backup and recovery must establish a robust process for looking at the impact on each application group of inserting site de-duplication technologies. Evaluation criteria include RPO and recovery time objectives (RTO), as well as cost and risk. The hard question “what happens when the de-duplication technology fails” must be asked and answered. This process should include strong input from corporate risk officers and the line of business.
Footnotes: