Manage Learn to apply best practices and optimize your operations.

Data storage options for SMBs

What are your data storage backup goals? Knowing the answer to this question will save you time and money -- but first, you have to determine an answer.

Determining how and where to back up your data partly involves understanding how much data changes in a given period, your recovery time objective (RTO) and recovery point objective (RPO) requirements, and applicable threat risks.

What is RTO and RPO?
RPO is the point in time that you wish to recover data. Shorter RPO times result in less lost data. For example, an RPO of five minutes indicates that data must be protected to within a window of five minutes, where an RPO of one hour indicates that the data vulnerability window -- the time in which data could be lost -- is one hour. Conversely, an RPO of zero indicates that no data can be lost, that your data is constantly being backed up, replicated, and mirrored or journaled to prevent data loss.

Another variation of RPO is how complete or comprehensive the data protection should be. For example, your RPO may be to protect within an eight-hour interval, meaning up to eight hours of data could be lost. Comprehensive or completeness would address whether 100% of your data is protected or if only certain files and data are completely protected. To build on this example, open files may not be completely backed up unless buffers in memory are flushed to disk for a complete backup. Another consideration is if the backup is protecting only certain files in your specific directories or file shares, or if the backup is complete. The trade-offs for a lower RPO are increased cost with less loss of data.

RTO is how quickly you need to have data restored, recovered and ready for use. Where RPO is the window that determines the granularity of data protection, or how much data could be lost, RTO is the window of recovery. An RTO of one hour indicates that protected data must be restored and ready for use in one hour. An RPO of two days indicates that protected data must be recovered and restored, ready for use within two days.

For continuous, nonstop processing, an RTO would be zero, meaning no time delay for recovery or restart. A consideration for RTO is that you may be able to recover your data in the specified time period, however will you be able to recover your server's operating system and installed applications in order to use your data? For example, if only data files are being backed up in the event of a server failure requiring replacement, a new operating system and applications would need to be recovered or installed plus data restoration. Thus the RTO needs to consider how complete the backup operation is, and how that completeness or lack thereof will add to the recovery, restoration and restart time. Similarly to RPO, the tradeoffs for RTO are less delay in accessing data and more costs with a smaller RPO.

Your RTO and RPO (see sidebar) will be determined by the value and time-sensitive nature of your applications that support your business's continued operations. Some backup and recovery technologies and techniques for small and medium-sized businesses (SMBs) include:

  • Remote backup to your own facility or to a managed service provider (MSP) facility.
  • Integrated backups with snapshots to reduce or minimize downtime for data backups.
  • Bare-metal complete system recovery, including operating system, applications and data.
  • Full or incremental backup of data that has changed since your last backup was performed.
  • Desktop and laptop backup or server backup coupled with application integration.
  • Disk-to-tape, disk-to-optical, disk-to-disk, disk-to-local or remote removable media.

For a complete backup, you will need to ensure that desktops and laptops, as well as servers, are backed up to enable complete restoration. Simply relying on users to save key data files to a server or shared file system that is regularly backed up does not guarantee a complete backup. For example, if users forget or neglect to save critical files to file servers, key data may be missed and not backed up. Similarly, if you are using a desktop-based backup product that looks at only certain folders or directories -- for example "My Documents" on a Windows environment -- you may not be protecting data stored elsewhere on that system.

Depending on what your data protection objectives are, you may need to leverage a desktop-backup product that enables complete protection of operating system, application and configuration information to facilitate bare-metal restore. Look for backup products that are flexible and extensible to enable you to tailor the technology to meet your specific needs and requirements on an application, server or even desktop basis.

When deciding how to back up your environment, consider the following:

  • How much data needs to be backed up in a given amount of time?
  • Is a candidate backup product or service optimized for distributed or local backups?
  • What applications (Exchange, SQL, Oracle and others) need to be backed up?
  • Are you looking for bare-metal backup and recovery or basic file recovery?
  • What types of and how many servers need to be backed up, and in what time frame?
  • What are the security, RTO and RPO requirements for different users and applications?
  • Do you need to ensure that a copy of the data is kept local as well as off site?
  • Can backed-up data be accessed as a file system or is the data in a container file?
  • Is a candidate product targeted toward servers, desktop or both?

Technology and services vendors include Arsenal Digital Solutions USA Inc., Asigra Inc., Atempo Inc., Avamar Technologies Inc., CommVault Inc., EMC Insignia (Dantz & Retrospect), EVault Inc., FalconStor Software Inc., FilesX Inc., Hewlett-Packard Co., IBM Tivoli, Innovation Data Processing, Intradyn Inc., Microsoft, Symantec Corp., Vembu Technologies Pvt. Ltd. and many others. Hardware, media and device vendors include Data Domain Inc., Diligent Technologies Corp., EMC Corp., Fujitsu, HP, IBM, Imation Corp./Memorex Products Inc., LeftHand Networks Inc., Network Appliance Inc., ONStor Inc., Overland Storage Inc., Quantum Corp., Seagate Technology/Maxtor Corp., Sepaton Inc., Sony, Spectra Logic Corp., Sun/STK, Tandberg and many others.

More on storage
Data protection should rank first for SMBs, exec says

Storage offerings meet SMB needs

Systems management essentials
There are many options available to back up SMBs that range from do-it-yourself, combining hardware and software, to outsourcing your backups to an MSP with many variations and combinations. Identify your needs including RTO and RPO, what available budget exists and business exposure, and then align applicable technology to those needs. RAID-protected disk is not a substitute for performing regular backups to some other medium. For distributed environments, your options include placing backup hardware and software at remote offices, pulling or pushing data back to a central site, or consolidating data to a central or regional site for remote access using wide-area file services.

When leveraging an MSP as part of your backup and data protection strategy, keep in mind the amount of data that needs to be backed up and the available network bandwidth to ensure that data is protected on a timely basis. Depending on your needs, a multi-tier backup could involve disk-to-disk for local fast recovery and an off-site copy for disaster recovery and business continuance purposes to another media.

Greg Schulz is founder and senior analyst of The StorageIO Group in Stillwater, Minn., ( and author of the book Resilient Storage Networks (Elsevier).

Dig Deeper on Small-business IT strategy

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.