In spite of the growth of remote backup over the network, tape is still a key element in disaster recovery (DR)
plans. Because of cost and other advantages, some companies use tape for DR even after they have abandoned it for other purposes. However, to get the most out of tape, you have to recognize its characteristics and the implications of those characteristics.
"Tape has three main advantages," says Rob Callaghan, senior product manager for tape automation and enabling technologies at Quantum Corp. "First is portability. You can move it offsite to your disaster recovery site. Second is cost -- even compared to disk as disk prices keep coming down. Finally, because you can encrypt it, you can protect it during transit."
A fourth reason for tape's continued use in DR is scalability. "All of the big companies are still using tape because [disaster recovery] is just unsupportable otherwise," says Bob Covey, vice president of marketing for Qualstar Corp. By having multiple tape drives working in parallel at the DR site, a tape recovery can achieve an extremely high bandwidth, especially compared to a WAN connection.
"With LTO-4 you have a tape transfer rate of 120 MBps," says Peri Glover, director of product management for Overland Storage Inc. "We've got libraries that can transfer data back and forth in multiple terabytes per hour." "If it's a full disaster, recovering from tape is faster than getting the data from a remote backup," says Molly Rector, vice president of marketing and product management at Spectra Logic Inc. "Remote backup is great for day-to-day recovery of files, but in a true disaster recovery, by the time you get your system up and running at a remote site you can almost certainly have your tapes there faster."
Of course this depends very much on the amount of data, applications and other files involved. In the case of a small business with a few hundred gigabytes to be restored, a remote backup may be faster.
Plan, test and practice
You're probably not going to try to recover everything on your system, at least not right away, but you do need to be able to find the subset of tapes you need in more-or-less the proper order. A disaster is not the time to go pawing through your library trying to locate misplaced tapes.
In any disaster things are, by definition, not going according to plan. For example, Overland Storage had a designated administrator for its IT DR plan as well as a backup administrator and a backup for the backup administrator. But, when the company was threatened with evacuation because of the San Diego brush fires last October, approximately 650,000 people in the San Diego area were being evacuated at the same time.
The DR administrator was packing up to evacuate, the backup administrator was already evacuated and the backup administrator's backup was trying to get back to their home. Meanwhile, access to Overland's headquarters was extremely difficult, and a power outage was threatening because the fires had knocked out the main power lines leading into the city.
Overland didn't have to evacuate, but it had a major problem with employees getting to the office. Some employees simply moved in, pets and all, for the duration, but others couldn't get to the site because of travel restrictions.
You need to make sure that someone authorized to access the tapes is available at the DR site, with the keys (physical) needed to get to them.
Of course, that won't do any good if the tapes aren't readable. "Having software that is able to verify data is critical for disaster recovery," says Rector. "You need something that can go through and notify you if there's a piece of bad media."
"That's probably the biggest hole in using tape for disaster recovery," Rector adds. "You get into a situation where you need to bring the tapes back and one of them doesn't work."
The answer, as with any DR plan is regular testing. It's important to run tests to make sure everything works and you haven't forgotten anything. Since everything from personnel to applications change, it's important to run a test at least once a year or that exercises all the functions of the DR plan.
Prioritize your data
Part of your DR plan should include what to bring back in order to get the most critical parts of the business functioning again. "It's unlikely the second the world starts to live again you're going to need all your data back," says Grover. Less-important areas can be restored later -- or in some cases not restored at all -- during the disaster period. This is psychologically easier with tape because tape breaks your data down into discrete chunks (the tape cartridges). Ideally you should organize your DR tape set by priority, with the highest priority data all on one subset of cartridges.
Think in terms of recovery
Although backup is the day-to-day activity, you want to plan your DR efforts to get the fastest, most efficient recoveries possible.
One problem is the "endless incremental," where a company makes a full backup either once or very infrequently and then just does incremental backups. This is the fastest way to do day-to-day backups because it minimizes the amount of data in each backup, but it is also the slowest and most error prone.
"The last thing you want to do is to have to restore 50 incremental backups and a full backup in a disaster," says Rector.
Encrypt your tapes -- and manage your keys
Tapes that leave your primary site should be encrypted. This is particularly true in a disaster because of the confusion and the greater possibility of losing tapes. The risks associated with losing sensitive data are simply too great not to encrypt.
Fortunately, tape encryption is becoming standard practice. Tapes can be encrypted either at the tape level using something like LTO-4's built-in encryption, or by using an appliance at the server or network level.
Encryption requires key management and in a disaster, the keys must be available to authorized people. Make sure that the keys are properly secured and provided to the DR personnel. Your DR plan should specify how the keys will be handled, how they will be transported and how they will be made available. It's particularly important to test the key management aspects of the plan.
"Don't send the data with the keys," cautions Quantum's Callaghan. The keys should go to the DR site over a different path and usually in a different medium from the data. If you are using tape, you can send the encrypted keys over a VPN network or by a separate person on an encrypted memory stick. Whatever medium, make sure the file containing the keys is also encrypted.
Consider a tape library
Because recovery time is so important, it can make sense to have a tape library available at the DR site to speed and organize loading the data.
"The best case scenario to get up and running most quickly is you've got the tapes in a tape library (at the DR site)," says Don Simpson, a senior sales engineer at Qualstar. "Otherwise you have to be swapping tapes in and out. That's the smartest thing to do but it's the most expensive thing to do."
There are ways to mitigate the cost, however. One popular method is to repurpose an old tape library. "You don't have to have the same kind of tape library at your disaster recovery site," says Spectra Logic's Rector. "You can have an older, smaller library at the DR site."
The older library may not have the ability to keep up with the business' day-to-day needs, but it may be adequate for recovery since it usually involves a smaller data set. Of course, it needs compatible drives, but many libraries allow replacing the drives with newer technology.
About the author: Rick Cook specializes in writing about issues related to storage and storage management.