Offering a level of service for data protection that is realistic but meets users' expectations can be a tough balance. George Crump, president and founder of Storage Switzerland, finds that referring to the process as a service-level agreement may not be the best approach.
"I use objective versus agreement. Because the problem for me is -- and I think for most IT people -- when we start using the word agreement, that means the other side agrees. And there [are] just times when you can't get users to agree to things," Crump told the audience at his recent Storage Decisions presentation.
Crump said the process of determining service-level objectives (SLOs) is based on establishing what he called a return to operations (RTO), a recovery point objective (RPO), a version recovery objective (VRO) and a geographic recovery objective (GRO).
Crump's RTO is based upon how quickly data can be restored to a useful state. Even if data is available, a recovery window continues to grow and the longer it takes for users to have access to that data, he said.
"Backup is really the movement of data from point A to point B. Recovery is moving data from point B to point A. The operation is getting it to point A and being able to do something with it," he said.
The RPO is measured by how much data a user can afford to lose, said Crump. And while "none" is a frequent response, it's likely to be more expensive and less practical.
"'None' gets really expensive. I can do 'none' but I'll need a new budget. So what we try to do is work with users and back them off of what that is…. In most cases, you don't need a zero-point recovery for file data," said Crump.
A version recovery objective deals with the reality that as data ages, an organization should need fewer iterations of that data and store it in fewer places, he said. "The process is understanding that data and where to put it."
A geographic recovery objective goes further. It includes plans for how to deal with problems like a power outage or as big as a regional storm event like Superstorm Sandy, he said.
"It's more than just disaster recovery; it's being able to survive multiple types of disasters. What we've seen repeatedly now is that you need a regional recovery ability and some sort of national or international recovery capability," Crump said. "The point is to take these and have answers for each one of these questions for each application and then that rolls into a service-level objective [which] you then state to your users."