Data Recovery Best Practices Kit

(1)

Data Recovery Best Practices Kit

White Papers

Cloud Computing – Bright or Stormy?

Data Loss in a Virtual Environment – An Emerging Problem

Articles

The Challenges of Data Recovery from Modern Storage Systems

Virtualized Tape Library

Recovery Guides

Consumer Data Recovery Guide

Small-to-Medium Business Data Recovery Guide

Enterprise Business Data Recovery Guide

Information & Tip Sheets

The Critical Need for Data Recovery

Ontrack

®

_{Data Recovery Quick Reference Guide}

Ontrack

®

_{Data Recovery Quick Reference Guide}

(2)

An Altegrity Company

Solutions to successfully meet the requirements of business continuity.

(3)

1

Kroll Ontrack, Ontrack and other Kroll Ontrack brand and product names referred to herein are trademarks or registered trademarks of Kroll Ontrack Inc. and/or its parent company, Kroll Inc., in the United States and/or other countries.

Introduction

The Cloud – Designed to Weather a Storm

When it Rains in the Cloud

Have an Umbrella for the Cloud

Nothing but Blue Skies in the Cloud

2

(4)

Introduction

Ask the average computer user to describe cloud computing and chances are you will get a blank look or a chat about the weather. Marketing has succeeded with informing Internet users of the existence of cloud computing, yet few users can explain what the cloud represents or what it means to them. Virtually all Internet users have been introduced to cloud technologies without being aware of it. Have you used a photo-hosting Website? You’ve used cloud storage. Are you using an interactive social media site or office applications from a Web browser? You’re using cloud software.

The cloud computing industry has entered the formative years and is now able to provide solutions for organizations looking to keep new technology investments and costs low. Virtualization technology, or software that emulates computer hardware, provides the foundation for all of cloud computing’s service offerings. Cloud computing offers three services: Software as a service (SaaS), platform as a service (PaaS), and infrastructure as a service (IaaS). Cloud infrastructure as a service (IaaS) is the most established of the cloud service offerings because it allows organizations to use only what they need for computer system requirements; for example, IaaS allows customers to have access to offsite, virtualized computers without having to pay the associated hardware costs or facility expenses.

SaaS is the most accessible of cloud service offerings because it provides full application functionality through a Web-based interface. The number of applications that have been developed for Web browsers is amazing. For example, there are complete office productivity applications that are available through only a Web browser and an Internet connection.

PaaS is targeted at rapid application development and leverages the two previously mentioned cloud services. Think of PaaS as the intermediary between SaaS and IaaS; this cloud service may be closer to adoption than was previously thought1

because it will enable more SaaS functionality.

Gartner Research reports that the adoption of cloud infrastructure as a service (IaaS) is beginning to gain traction in the marketplace. Gartner predicts $3.7 billion USD worldwide for the cloud market in 2011 and $10.5 billion in 2014; an astonishing increase in market adoption over the next three years.2

Consumer acceptance of cloud services via mobile phone applications demonstrates that the technology is delivering an economic model that more companies are investing in. According to comScore, Inc., a digital business analytics company in the U.S., 69.5 million people own smartphones in the U.S. and as of late 2010 almost half of those users accessed their bank, credit or brokerage accounts through their mobile devices.3

The Cloud – Designed to Weather a Storm

Jason Baker, chief technology officer at Visi, Inc., a data center hosting and IaaS service provider, reports that cloud technology is “designed to handle failure” through its inherent redundancy and distribution design. Baker explains that

(5)

“traditional application deployment…was on the Web server, the application server and database server. Cloud computing removes all of that and allows organizations to focus on either the Web-facing or application layers.” The physical layer—the hardware—is provided by virtualization technology.

As the demand for the cloud increases, cloud services and applications will become commoditized. Yet the staying power of the provider and their reputation is what will stick with cloud customers. “Trust is essentially what will carry cloud service providers through the next few years,” says Harold Moss, chief technology officer of IBM’s cloud security strategy, “the service space will grow and then it will thin out. Only those providers that are offering complete solutions now will be the ones standing in the future.” Moss relates how service providers may dilute their solutions by outsourcing their own services to another service provider in an effort to stay price competitive. This turns into a “compounded service level agreement,” Moss says, and the overall provider’s service is devalued because it too has used the cloud to deliver computing resources. Each of those SLAs becomes reliant on another provider.

When it Rains in the Cloud

Adherence to compliance, security and accountability governance policies are expected of cloud providers. Unfortunately, certificates and audit assessments do not reveal how a cloud service provider will respond to a business disruption.4

Stormy weather in the cloud can be disastrous for end-users, as exemplified by the events an IT service provider in Canada experienced. The service provider had a NetApp®_{40TB Filer appliance that contained virtual LUNs, or iSCSI files at}

the NetApp volume level. Inside of those iSCSI files were VMware®_{ESX volumes.}

The ESX volumes contained the virtual disk files for servers of both the IT service company and some customer’s IaaS virtual machines. The tempest facing this company was not external but internal.

A disgruntled employee issued the “Delete Volumes” command at the storage unit level. This particular storage unit employed NetApp’s block snapshot technology and this alone would have saved the data if the rogue employee had stopped there. Unfortunately, this employee knew how the Filer’s snapshot function worked. The Filer’s system clock was set back one hour right before deleting the NetApp volumes so that the snapshot replication copied the empty volume metadata. After the damage was done, the employee reset the Filer’s system clock before exiting the company’s data center. The NetApp Filer continued to take volume snapshots, as scheduled, filling the entire snapshot list with empty blocks. When other administrators discovered the disaster, there was no valid recovery point to go back to.

This disaster moved into full category storm status because not only were some of their customer’s IaaS systems gone, but the service provider didn’t even have its own operational data. Worse still, there were no relevant backups of any original data. This particular service company had promised a 99.99 percent uptime for its data center and large Tier-1 Internet connections. During the whole business disruption, uptime and lightning-fast connectivity were maintained, thus meeting their stated SLAs. As customers of this cloud service soon discovered, system uptime and connectivity are not the same as data availability.

As the demand for the cloud increases, cloud services and applications will become commoditized. Yet the staying power of the provider and their reputation is what will stick with cloud customers.

3

(6)

The Canadian IT company was forced to engage a data recovery service provider to recover its own data and its client’s IaaS virtual systems as well. During this business disruption, the company worked hard to take care of its customers. However, some customers were informed that if they had not purchased additional replication or did not have a backup of their data, they would need to purchase their own recovery through the same data recovery service company. This was a shocking realization for customers who assumed their SLAs included data availability.

This example illustrates that SLAs and contractual obligations may not provide cloud users complete protection in the event of a business disruption. Equally risky is not having a data recovery clause included in a cloud provider contract. Overconfidence that storage equipment will be self-healing or 100 percent redundant is naive and cost-prohibitive. Synchronous data replication is expensive and does not prevent the results of human error or malicious data destruction.

Have an Umbrella for the Cloud

Storms broke in the early part of 2011 causing outages for some of the biggest names in cloud service.5_{These storm cloud events were unrelated to each other;}

however the disruptions resulted in downed or disabled websites, affecting Internet users. Subscribers of these services were met with the message, “This service is temporarily unavailable.” Because cloud services are relatively new, a customer may not realize the limitations of an SLA contract until a business disruption occurs. For example, what compensation or credit does the SLA provide due to an outage, or how will the cloud provider’s recovery procedure restore the missing services? Cloud customers may realize too late that they require more resiliencies from their cloud contracts.6

Cloud providers without in-house or third-party recovery specialists available to assist in resolving the business disruption are not providing an expected level of trust to their clients. During an outage, all IT hands are on deck, working feverishly to restore services, replace equipment, restore backups, and perform root cause analyses and other investigative tasks associated with management’s need to understand what triggered the event. Cloud providers that attempt to keep everything in-house quickly discover that an already burdened IT staff nears the breaking point during an outage.

A cloud outage can result from network failure, hardware replacement, a network attack from the outside, or a software bug, to cite common causes. Additionally, despite advances in data storage technology, data loss occurs in the cloud and can contribute to an outage. Data recovery service companies get data back from storage devices that have failed, have been mismanaged through human error, or have even been victimized by outright sabotage. However, data recovery service providers are not directly tied to the storage-to-consumer supply chain. Recovery services are used by storage consumers only after they have lost access to their data. No one really believes that a storage failure or data loss will happen to them. Yet, when it does, a cloud provider (or client) that did not fully backup their data immediately before the disaster can work with a data recovery service company to get that original data back.

System uptime and connectivity are not the same as data availability.

4

5_{http://www.computerworld.com/s/article/9216064/Amazon_gets_black_eye_from_cloud_outage, http://www.pcmag.com/article2/0,2817,2384214,00.asp,} http://www.computerworld.com/s/article/9211798/Update_Google_Gmail_outage_leaves_thousands_of_users_without_e_mail_,

http://news.cnet.com/8301-31001_3-20046091-261.html

(7)

The virtualization technology of cloud storage adds yet another complex layer to the data recovery process. Due to the dual file system layout of both the host server and the virtual computer system, data fragmentation is doubled. As previously stated, virtualization technology enables cloud services and provides incredible flexibility for scaled growth. The storage layer can become a weak link because virtualization is so heavily relied on. The best umbrella to have when adopting cloud technology is to require your cloud service provider to partner with a reputable, full-service data recovery company. This will minimize downtime caused by data storage failures.

This goes beyond having offsite storage or asynchronous/ synchronous replication, or tape backups, in the SLA (which all cloud providers should provide, at a minimum). A cloud provider that has partnered with a reputable data recovery service provider is demonstrating that data availability is more important than system uptime or accessibility. A cloud provider that has partnered with an enterprise-level data recovery company is building a client’s trust in its service offering by having a complete business continuity plan to protect the subscriber’s data.

Data recovery is only one aspect of the cloud computing discussion. Data destruction is equally important.

Understanding what happens to your data when the cloud contract ends is part of researching cloud providers. Large data centers will have OEM service contracts to maintain the storage equipment and have failed drives destroyed or degaussed before leaving the secure environment. It is easy to assume that deleted data will be quickly overwritten by the endless write operations of subsequent storage. However, complete data destruction requires that specific client files go through an erasure process. This is where sensitive files are overwritten with pseudorandom data and then deleted from the volume.

Nothing but Blue Skies in the Cloud

Having a clear forecast for your cloud strategies requires seeing all of the obstacles. Some of those obstacles will be from the service provider and others will be from the project strategy and budget. Knowing where the service provider’s provisions end and where your data protection arrangements start is vital keeping your infrastructures or applications available for your customers.

Kroll Ontrack recommends these considerations to keep your company’s skies blue.

5 The Technical Tornado – Considerations

Why This Matters

• Do the backup systems and protocols meet your own in-house back-up standards?

• Does your cloud provider have a record of technical reliability to cope with your needs?

Suspect hardware, fragmented files and inappropriate RAID levels, for example, can compromise data availability.

• Is your data stored on reliable storage systems?

• Are the different types of data and applications managed appropriately? • Does your cloud vendor have a data recovery provider identified in its

business continuity/disaster recovery plan?

• In instances of data loss, it is imperative that a rapid response procedure is adhered to.

• How does the vendor prove they comply with data retention laws? • What are the service level agreements with regard to data recovery,

liability for loss, remediation and business outcomes?

Waiting to find out how the cloud provider handles these questions may be too late for you to react to downtime.

(8)

The Prevailing Wind of Security – Considerations

Why This Matters

• How secure is your data? What measures does the provider take to reduce the risk of a data breach? For example, is the data encrypted? • Do you know who within your company and the cloud service provider

can access your data?

• What are their security clearances?

Your company employs industry practices around data security, including employees. Understanding how your cloud partner manages their staff and data will help in choosing a service that closely matches the policies you already have.

• Data ownership - Do you still own your data once it goes into the cloud? • Do you own it once it leaves your possession?

• Is end-of-life data erased and degaussed from all hardware, who certifies that it has been deleted, and has it been erased to your country’s specific erase standards?

Recent debate over one popular social media site’s security suggests that the question is worth a second look.

Navigating the Legal Fog – Considerations

Why This Matters

• Does the cloud vendor retain data in line with your company’s corporate document retention policy?

• Will the cloud provider offer assurances that it will comply with data protection regulations?

• In case of litigation or an investigation, will you or your external e-discovery provider be able to access and either extract or preserve all electronically stored information?

In the case of e-crime, or a data breach, forensic investigators will secure all of the storage and that may include your data. If data is shared between cloud services, this may complicate the investigation and leave you and your customers without any access to storage or applications.

• Where exactly is your data stored?

• Is it virtualized with data from other companies? • Where is the data center geographically?

• Will the data be stored in jurisdictions that subject it to subpoena by third parties?

• If you terminate a cloud relationship can you get your data back? What format will it be in?

• How can you be sure all copies of your data are destroyed when the contract ends?

Multi-tenancy can pose issues for data recovery and the production of data in litigation or investigations, while geographical considerations are also important as data retrieval delays for recovery or collection can be exceptionally costly.

You are responsible to your clients for protecting and maintaining their data—not the cloud provider. Understanding and overcoming the obstacles will prevent legal disasters.

(9)

XXXXX

Copyright © 2011 Kroll Ontrack Inc. All Rights Reserved. Kroll Ontrack, Ontrack and other Kroll Ontrack brand and product names referred to herein are trademarks or registered trademarks of Kroll Ontrack Inc. and/or its parent company, Kroll Inc., in the United States and/or other countries. All other brand and product names are trademarks or registered trademarks of their respective owners.

For more information, call or visit us online. 800.872.2599 in the U.S. and Canada +1.952.937.5161

(10)

An Altegrity Company

Solutions to successfully meet the requirements of business continuity.

(11)

1

Kroll Ontrack, Ontrack and other Kroll Ontrack brand and product names referred to herein are trademarks or registered trademarks of Kroll Ontrack Inc. and/or its parent company, Kroll Inc., in the United States and/or other countries.

Introduction

Common Virtual Data Loss Scenarios

Recent Virtualization Data Loss Case Studies

Data Loss Consequences

(12)

Introduction

The terms “business continuity” and “disaster recovery” have been blurred over the years and this has created confusion for businesses who are attempting to protect their business operations. A business continuity plan is a comprehensive policy that ensures all of a business’ departments can successfully operate with minimal or limited impact during a disruptive event.1_{The disaster recovery plan}

and emergency response procedures are generally part of a larger business continuity plan.

The advent of virtualization technology has enabled business continuity planning and execution for many organizations. However, virtualization technology is complex and requires specialized skill and knowledge from both IT staff and management. In fact, if deployed or managed carelessly, virtualization can itself create business disruptions or data disasters as outlined by the graphs below.

If deployed or

managed carelessly,

virtualization

can itself create

business disruptions

or data disasters.

2

1_{For purposes of this article a business disruption is anything that prevents day-to-day work from being done, including power disruption, downed phone} lines, and so forth. A data disaster occurs when data is corrupted. Hence, a data disaster is a subset of business disruption.

2_{Forrester Research’s 2010 report on the business state of disaster recovery preparedness, a joint effort with the Disaster Recovery Journal,} http://www.drj.com/images/surveys_pdf/forrester/2011Forrester_survey.pdf

74

% Machine

26

% Human

Traditional System

65

% Human

35

% Machine

Virtual System

According to Forrester Research’s report on the business state of disaster recovery preparedness, a joint effort with the Disaster Recovery Journal,2_{many organizations}

have improved their disaster recovery capabilities over the past few years. Despite a slow economy, survey respondents reported an increased confidence in being prepared for a data center disaster or site failure.

Seventy-six percent of survey respondents reported no disaster or major disruption in the past five years, yet Forrester Researcher reports that companies should not take comfort in this statistic. Instead, it should serve as a wake-up call because a whopping 25 percent of companies are likely to declare a disaster. Furthermore,

Source of Failure:

Human vs. Machine

• Human error • Lack of education

• System and hardware failure

• Environmental (power outage, over-voltage, etc.)

(13)

business disruptions are much more common than “declared disasters.” Getting an organization to declare a disaster can be a matter of perspective, according to Don Stewart, director of professional services at Ongoing Operations, a non-profit business continuity service provider for U.S. credit unions. “In some events, IT is so focused on fixing the problem that they don’t inform senior management of the disaster event,” Stewart relates. Some organizations have not defined what a business disruption is, therefore senior management will hesitate to declare a disaster if the event is perceived to be minor; for instance in the case of a phone system failure, or delays in e-mail messaging.

Staying prepared requires more than having a documented business continuity plan; it requires teamwork from all stakeholders. Having a stake in planning at this level ensures that business operations would be maintained in the event of a disruption. Stewart recommends that a good plan starts with a risk impact analysis. Most companies, according to Stewart, will purchase an in-depth risk assessment and then do nothing about it; “the report just sits there with no further actions being taken.” This is as effective as making a list of essentials to pack in a kit in case of a house fire but never assembling the kit.

Common Virtual Data Loss Scenarios

When data loss happens within a virtual data center it is usually due to human error. Other virtual data loss events result from hardware failure and are

exacerbated by the lack of a disaster recovery plan. Disaster recovery plans that are weak or not regularly tested force IT staff to focus on un-tested repairs based on faulty troubleshooting. Obviously, nobody wants a data loss or business disruption on the systems they are responsible for. Too often, a serious data loss or business disruption results in unemployment for all responsible or thought to be responsible. Other data loss scenarios have been due to overconfidence in a SAN’s redundancy. Precious recovery time is lost when it is discovered that important backups are corrupted or not readable during the middle of a disaster. This is the worst possible time to learn that backups have been failing or that backup software has not been reporting media failures during backup sessions. Reference the pie chart provided by Kroll Ontrack that provides a breakdown of 2010 virtual data loss types:

3

Fifteen percent of

respondents knew the cost of their business’ downtime; it averaged nearly $145,000 USD per hour.

Virtual Data Loss Types

(figure 2)

28

% Virtual Disk Corruption

28

% Deleted Files on Virtual File System

(14)

Recent Virtualization Data Loss Case Studies

A virtualization data loss can be catastrophic for an organization. Determining the financial impact of a business disruption is difficult because there are both tangible factors, including productivity loss, missed sales opportunities and staff’s hourly time, but also less tangible factors to downtime such as potential non-compliance penalties, damage to corporate image and weakened customer confidence. The previously quoted Forrester-DRJ survey noted that 15 percent of respondents knew the cost of their business’ downtime; it averaged nearly $145,000 USD per hour. That is an estimate that would make any director or CIO take notice of the readiness of their business continuity plan. Virtualization technology can compound those losses as illustrated by the following cases.

The Case of the Reformatted Server

A business in Italy recently experienced a business disruption when their 4TB virtual host server lost access to the storage system. The virtual environment contained 40 virtual machines in a mixed operating system environment; some were Linux, a few were legacy UNIX systems and the remainder consisted of Microsoft®_Windows®_{servers. These supported business application servers, web}

servers and database servers.

The virtual host server was operating a Linux-based hypervisor with two 2TB LUNs attached. At some point, the storage LUNs were reformatted. The reason for the reformat wasn’t divulged, but the damage to the existing file system structures was severe and extensive. During the reformat process, the Linux storage manager writes EXT file system metadata in predefined areas throughout the volume. This metadata contains only a couple of thousand bytes of information, yet the impact upon the virtual host server’s file system and virtual disk files was devastating. Each virtual machine had four to six virtual disk files totaling 70-90 virtual disk files stored by the host server. Some of the virtualized Microsoft Windows servers employed “dynamic disk volume” configurations (i.e., “logical volume manager” in Linux parlance) between multiple virtual disk files, further complicating recovery efforts.

After the organization’s IT department exhausted all internal resources, a professional data recovery firm was engaged to recover the data. Despite the damage, virtual disk files were found and critical data was restored.

The Case of the Disastrous Data Merge

A United States business merger suffered a disaster while the two company’s IT departments were merging their data. Evidence suggests the disaster was caused by employee sabotage and the cause is still under investigation by computer forensic investigators.

The first company’s virtual host server held over 400 virtual machines across 20 storage LUNs. During the data merge, someone with administrative access to the virtual host server systematically deleted the 400 virtual machines and their virtual disk files, causing the loss of over 440 virtual disk files and over a thousand snapshot files.

It is industry best

practices combined with IT management procedures that ensure data protection.

(15)

The merging company quickly engaged emergency data recovery services and prioritized core servers that provided essential services. In three days, those systems were up and running. For the next two weeks emergency recovery efforts continued on the rest of the storage system. This required extensive recovery engineering efforts to search the unallocated areas of the storage LUN for potential virtual disk files, identifiable only by their file system attributes.

Through a combined effort of backup restoration and original volume recovery, data was recovered. Most of the virtual disk files were complete, while other virtual disks required the file contents to be extracted due to file system damage.

The Case of the Off-Site SAN Reformat

Disaster recovery efforts went from bad to worse for a company in Luxemburg. During routine maintenance on the company’s SAN storage that housed its virtual machines, the SAN was presented to a different physical server by accident. When the SAN storage was identified as “unknown,” the volume was automatically reformatted. Initially, some staff panicked due to the potential for data loss. They were relieved when they were reminded of the identical SAN storage located off-site which employed the SAN equipment’s automated site replication technology. It was thought that this would be a minor business disruption. Upon logging into the remote SAN, the IT team discovered that the remote SAN was an identical copy of the primary site; the SAN’s automated site replication technology had not been disabled prior to the maintenance. Thus, when the reformat occurred at the primary site, the secondary SAN was reformatted as well. Through the efforts of experienced data recovery engineers, the virtual machines and virtual disk files were successfully recovered.

This organization did not have any backups because it was assumed that dual storage architecture and site replication mechanisms provided complete data and system redundancy. This case is especially compelling because storage equipment features provided a false sense of security. In reality, it is industry best practices combined with IT management procedures that ensure data protection.

(16)

Data Loss Consequences

Virtualization technology has revolutionized the IT industry and has delivered on the promise of a reduction in facility expenses and equipment costs. According to IDC’s worldwide tracking of external disk storage systems, total disk storage capacity shipped was over 5,100 petabytes—a 55.7 percent increase over the previous year.3_{This continued growth requires IT management to maintain disaster}

recovery documentation and to exercise recovery plans regularly. This will minimize or eliminate business disruptions due to data loss within virtualized environments. As more storage is consumed by virtualization technology, additional attention must be given to the management and protection of virtual assets. Maintaining business continuity by having well planned and tested disaster recovery plans is essential. Successful organizations realize that any disruption within the virtual infrastructure, regardless of how small, will have an amplified impact on the business as a whole. This has led IT leaders and business continuity planners to proactively include data recovery services in their contingency plans. Choosing a data recovery service vendor before a disaster occurs prepares the IT team for a successful survival of a business disruption caused by a data disaster.

6

(17)

XXXXX

Copyright © 2011 Kroll Ontrack Inc. All Rights Reserved. Kroll Ontrack, Ontrack and other Kroll Ontrack brand and product names referred to herein are trademarks or registered trademarks of Kroll Ontrack Inc. and/or its parent company, Kroll Inc., in the United States and/or other countries. All other brand and product names are trademarks or registered trademarks of their respective owners.

For more information, call or visit us online. 800.872.2599 in the U.S. and Canada +1.952.937.5161

(18)

The Challenges of Data Recovery from Modern Storage Systems

Authors: David Logue, Robert Bloomquist

Source: (In)Secure – Help Net Security

Date: June, 2012

Today, every organization is managing vast amounts of structured and unstructured data

across traditional databases and within both cloud and virtual environments. This makes

data recovery all the more difficult in the event of a data loss. With data residing in

multiple locations, high availability means it is constantly moving between storage layers,

automatically leaving companies dangerously unaware of where their data is at any

given moment.

While vendors are trying to make storage easier for end users, they are actually

generating more complex recovery scenarios in the event of a data loss.

This article examines the various challenges associated with data recovery from a

variety of the most popular storage systems today and will specifically outline what

customers, data recovery providers, and storage vendors

need to be aware of in the event of a data loss.

Taming the cloud

“Cloud computing” has been a buzz word in the last few years, and many organizations

have quickly and easily handed over control of valuable data to cloud providers.

Unfortunately, many are still trying to understand the challenges that go along with

storing data in the cloud and recovering lost data in the event of a disaster.

(19)

the limitations of an SLA contract until a business disruption occurs. After a data loss,

cloud customers may regret not requiring more resiliencies from their cloud contracts.

The best safeguard upon adopting cloud technology is for the cloud service provider to

partner with a reputable, full-service data recovery company, which minimizes downtime

caused by data storage failures. This way, customers are more aware of where and how

their data is stored, and how it will be recovered if a loss were to occur.

The virtualization headache

Virtualization is nothing new. However, as more and more companies rely on

virtualization systems to support critical elements across their infrastructures, they face

scenarios such as hardware failure, deleted virtual machines or virtual disks, file system

corruption, and file level corruption. It is critical to address some of the lesser-known

challenges associated with recovering data from virtualized environments.

The real challenge with data recovery in a virtual environment is that there is one piece

of physical hardware along with multiple virtual machines. Therefore, the failure of one

physical machine can result in the failure of many virtual ones, making the impact of data

loss far greater. In addition, finding the correct pieces of data and bringing them back

together is difficult, as data is fragmented across the storage platform and constantly

moving behind the scenes. Add to that thin or sparsely provisioned files, and you have

the makings of a true data recovery puzzle.

Virtualized environments contain much larger pools of data, and the key to not

over-taxing storage is to balance load capacity. The user has the opportunity to place a large

amount of data in a single storage environment. The challenge becomes recovering data

at this scale, and having the tools in place to both recover the data completely and get it

back to the customer in a timely manner.

In addition to the quantity of data, the amount of fragmentation also impacts the success

of the recovery, with less fragmentation leading to a higher success rate. Large volumes

of data make it very difficult to find the individual fragments of specific virtual disks to

reassemble damaged or deleted virtual machines.

Understanding the new storage landscape – Solid state drives (SSD)

Flash-based SSDs have made their mark on the storage market, touting huge benefits

such as high speed (low read latency, random access, and start-up times), low power

consumption, light weight, noise-free, and high resistance to shock and vibration. SSD

storage capacities are increasing and can speed up server applications by as much as

three times the normal rate.

(20)

SSDs is increasing - making data loss potentially catastrophic for the businesses or

customers involved.

Many believe SSDs are immune to data loss due to the lack of moving parts compared

to traditional hard disk drives (HDDs). While SSD drives are less susceptible to fail from

being dropped, data loss can still occur due to a variety of circumstances as they have

their own unique characteristics that make recovery inherently complex.

In the most extreme cases, data recovery from SSDs can be very time-consuming due

to the need to research the algorithms used to originally store the data. With SSDs, the

location of the data changes every time it is rewritten, making recovery far more

complex.

SSDs can also employ other unique complex functions such as advanced Error

Correction Code (ECC), garbage collection, data striping RAID-like techniques,

compression, encryption, bad block mapping, Read/Write caching,

and read disturb management methods.

Additionally, since SSDs generally have a finite number of writes before they become

unstable, wear leveling contributes to the extremely arduous task of reassembling the

data. This process can take anywhere from a few days to several weeks, depending on

the complexity of the drive.

SSDs are still in the earlier stages of their technology life cycle compared to HDDs.

Therefore, they vary greatly from manufacturer to manufacturer and between drive

families within the same manufacturer. They also often times differ within the same drive

family and can even drastically vary within the same model of SSD!

The variations are primarily due to changes, enhancements, and firmware updates

manufacturers make to improve drive operation and to meet customer requirements;

however, this adds to the difficulty and complexity of recovering data.

Finally, it’s important for customers and manufacturers of enterprise servers or

client-based systems integrating and utilizing SSDs to understand the complexities and

challenges with recovering data on SSDs. Just like HDDs, SSDs are not immune to data

loss and as the technology matures, the standards and data recovery tools and

technology will also continue to emerge and mature. Developing standards and data

recovery solutions for SSDs instills confidence in Storage Integrators and customers to

more widely adopt and implement SSD technology.

What’s in your database?

Whether an organization is facing physical hardware damage, internal database

(21)

some might assume. Each database is complex and unique, featuring its own internal

structure different from others, with different versions and upgrades constantly released.

Data recovery vendors must keep up with these varied formats and upgrades in order to

successfully recover customer data. In addition, corrupt, missing, or deleted data can

create a series of recovery issues reliant on an exhaustive analysis of the complex

internal structure of the database. When a storage device is not operational, or a file

system structure needs repair, many companies simply assume a recovery is

impossible.

Although not impossible, it does require raw database fragments to rebuild database

files. With all of these scenarios, the recovery method must easily allow the customers to

gain access to their data once it has been recovered.

Another challenge presented is the physical data versus the logical data. When a hard

drive fails, many data recovery providers try to recover data only at the physical level,

but ignore the logical level.

There are also many different and proprietary file systems and dynamic RAID

configurations, which require various types of solutions to recover data. Providers need

to be able to pull critical data out of the virtual level that is

useful for their customers, in addition to the physical data from the various file systems

and configurations, to ensure a quality and complete recovery.

Conclusion

The technology landscape will only continue to become more complex as hardware and

software are constantly updated, and offer faster capabilities and larger storage capacity

every day.

As vendors try to gain a competitive advantage over one another, they create new

updates to their file systems that require additional research and development. In turn,

individuals and organizations are becoming increasingly reliant on these ever-changing

data storage technologies, with their critical data being housed in various types of

environments.

When this data, whether structured or unstructured, resides in multiple kinds of

(22)

They also need to be aware of recovery processes and procedures in the event of a data

loss to minimize any impact to business continuity and salvage business critical

information.

David Logue, Esq. is the lead remote rata recovery engineer for Kroll Ontrack. He

assists customers around the world with the recovery of data from failed or damaged

computer systems while ensuring efficiency and quality at every stage of the data

recovery process.

(23)

Virtualized Tape Library

Virtualization is becoming more and more topical in the computer trade magazines. In

some articles, virtualization has been hailed as the next frontier of computing. What is

computer virtualization and how can you or your clients benefit from it?

Virtualization is a method of running other software or hardware applications under a

host system. The virtual system and the host system would share the same hardware.

Virtualization can allow multiple systems to share one physical computer. For example,

an enterprise could invest into a computer system with high processing power and

maximum memory, then by using virtualization, an administrator could have three or four

operating systems running on that equipment (depending on the processing power of the

equipment and the operating system requirements). The benefits of hardware cost

savings alone justify you or your client’s attention to this exciting technology.

Recently, Microsoft

®

and VMware

®

(companies specializing in software virtualization)

announced that consumers could download their virtualization software at no charge.

The result of Microsoft and VMware publicly releasing their virtual host server software

to users free of charge encourages more individuals to become familiar with virtualized

operating systems. This familiarity, combined with cheap access to massive amounts of

storage (with individual disk drives at 700GB and single 1TB drives just around the

corner, multi-terabyte arrays are common place) and RAID technology becoming more

widespread and thereby more accessible, is anticipated to produce a proliferation of

virtualization across business types and sizes.

Virtualization doesn’t stop with operating systems; you can also have virtualized

applications and SAN storage pools. In line with these resource virtualization concepts,

presenting storage components like hard disk drives as tape hardware is known as a

virtual tape library, or VTL. The topic of this month’s technical article, VTL technology

boasts a high percentage of return on investment, offers ease of installation within an

existing archival environment, and affords faster data restores. Additionally, VTL doesn’t

mean the end of the investment that has been made into physical tape machines or

libraries. The architecture of the backup system can still stream data to a physical tape

for offsite storage.

(24)

schema in place pre-VTL implementation will still be available after migrating to a VTL

setup.

Storage Concepts of a Virtual Tape Library

The storage concepts of VTL revolve around streaming backup data to a RAID 0, or

RAID 5 configuration. There are several advantages to streaming the data to a disk

array first; the principle among them being speed. Benchmark tests have shown that the

transfer throughput (from server to backup disk array) is noticeably increased. This is

because the data transfer to magnetic tape media is eliminated. Additionally, retrieval of

archived data is also much faster because there is no bottleneck due to rewind and

fast-forward operations, or of cataloging tape archives and sessions.

Storage for a VTL system can start at the half terabyte range and go into the hundreds

of terabytes depending on your needs. Storage can be high performance Fibre Channel

or iSCSI systems. Alternatively, SATA (Serial ATA) and PATA (Parallel ATA) systems

are available and are usually lower in cost. All of these storage systems are a good

choice for VTL implementations.

VTL software and hardware also support multiple virtual tape libraries. Historically, in

environments using a traditional physical tape machine schema employing a one

physical tape machine setup it was noticed there was a lot data moving to that one

device. To address this data movement issue, IT administrators added multiple tape

machines, large tape libraries that employ many tape machines, to spread the workload

out and to keep the data transfer balanced. VTL setups offer the same multiplicity of

backups running at once, which means you can distribute the archiving process over a

greater number of data areas. Despite the virtualization however, the data will still be

physically stored on the RAID storage array.

For IT environments that have specific policies regarding offsite storage of data, nearly

all VTL systems now support a physical tape library that is connected to the VTL,

allowing a consistent flow of archived data to be “re-archived” onto a physical tape—a

backup of a backup. This helps to doubly ensure that user files are being protected. The

secondary archive is set to a schedule where tapes can be stored or recycled.

Some organizations have produced a VTL setup on a WAN scale. In theory, this enables

organizations to host a remote Disaster Recovery site as little as 50 miles away. By

utilizing point in time snapshots in conjunction with such a VTL setup, the data

restoration during an outage is reduced considerably.

A large number of tape backup applications already employ some sort of tape

virtualization. If you have specific requirements in this regard, you should contact your

software vendor. So how does the entire system work?

Operation Flow

(25)

installation depending on the equipment installed, with connectivity details, (IP, SCSI,

iSCSI, Fibre Channel) dependent on the topography of the network.

With more setup and configuration a more dynamic, fault-tolerant solution can be

installed—all without the overhead, media cost, and tape recycling schedules.

What exactly does virtualization bring to this configuration? Virtualization has the

potential to remove tape media from the topography completely. As mentioned

previously, products are available that can create multiple virtual libraries or tape

machines. The advantage is that multiple backups can be running from different servers

all into a storage pool. This storage can perform a less rigorous backup to tape, or

another VTL. This second level VTL can be slower disk storage and function as an

ongoing backup of the first level backup. Easy availability of products to facilitate

creation of VTL environments along with affordable technology has made the dual

backup process with different schedules possible.

Data Recovery of VTL storage

Today’s compliance and regulatory laws are requiring organizations to ensure ‘data

availability.’ You won’t get an understanding nod from an auditor by saying, “The server

you wanted to look at has just failed.” What happens when there is a failure on the

storage array that is hosting your first level or second level backup data?

All is not lost! A professional data recovery firm can rebuild and extract the data from

storage arrays that are used in VTL systems, focusing on the data contained within the

tape archive files post-extraction. Today’s complex archiving software will store the

target files with a high compression ratio and internal cataloging method. Ensure that

you find a competent and experienced data recovery provider with the capabilities to

deliver the archived data in a timely fashion.

(26)

Consumer Data Recovery

Guide

Choosing the right data recovery provider can be the deciding factor in whether you will get your lost data back. Scan the Internet for ‘data recovery providers’ and you’ll find hundreds of options, but before you make a decision, ask yourself the questions below so you can select the provider that offers the highest level of professional service and overall best value.

Ontrack

®

_{Data Recovery}

Technology & Resources: Identify data recovery providers that have the resources to solve a wide variety of data loss challenges.

Data Recovery Questions Kroll Ontrack _Responses Other Provider _Responses

Does the provider heavily invest in its research and development for new storage

environments, such as flash, mobile and tablet devices? Yes

Can the provider recover from all storage platforms, including: desktop, laptop, mobile device,

SSD/flash? Can they recover from all content types, such as files, digital photos and e-mails? Yes Does the provider have a local presence? This is important to ensure your data is secure and is

never being sent out of your country of residence.

Yes 18 cleanroom environments globally Experience & Success: Identify data recovery providers that have the most experience and can prove their success. How long has the provider been in the data recovery business? Expert providers typically have vast

engineering capabilities and extensive experience in data recovery.

More than 1,400 years of combined data recovery

experience How many engineers does the provider have? Do they have a dedicated research and

development team? Your provider should have sufficient resources to handle large/small jobs and skillsets to cover all forms of data loss on all types of storage.

Over 150 data recovery engineers worldwide + dedicated R&D teams How much data has the provider successfully recovered? Providers with the most experience have

recovered vast amounts of data from all types of data loss situations.

More than 5 Petabytes of file data in just

the past year Does the provider offer a secure, online portal that allows you to view recoverable files and

track the status and progress of your data recovery from start to finish? The provider should offer transparency before, during and after your recovery.

Yes Via Ontrack®_Online™

Service & Solutions: Identify data recovery providers that provide a wide range of solutions to fit within your budget and address your specific needs.

Does the provider offer a variety of recovery options? Does it have service and/or do-it-yourself

(DIY) options to fit your budget? Yes

What is the standard turn-time for desktop and laptop data recoveries? The provider should have a range of service levels to address your unique data loss situation.

We offer standard through emergency service levels & recover data in as little

(27)

E0412 Copyright © 2012 Kroll Ontrack Inc. All Rights Reserved. Kroll Ontrack, Ontrack and other Kroll Ontrack brand and product names referred to herein are trademarks or registered trademarks of Kroll Ontrack Inc. and/or its parent company, Kroll Inc., in the United States and/or other countries. All other brand and product names are trademarks or registered trademarks of their respective owners.

For more information, call or visit us online. 800.872.2599 in the U.S. and Canada www.ontrackdatarecovery.com

Professional Customer Service: Identify data recovery providers that provide the support wherever and whenever you need it.

How flexible is the provider with customer service? Are you able to reach them 24/7/365 and in your native language? Expert providers offer around-the-clock service in a variety of languages.

Yes 24/7 service in 15+ languages Does the provider have a technical support team on staff to give you pre- and post-recovery

support? Expert providers keep your data for at least 30 days to assist in properly migrating it back into

your storage environment. Yes

Security & Confidentiality: Identify data recovery providers with documented procedures for maintaining the strictest security and confidentiality of your data.

Does the provider have ISO-5/Class 100 cleanroom environments? Expert providers have the best-in-class standard to safely open, repair and recover data to ensure it stays safe.

Yes 18 cleanroom environments globally Is the provider authorized to handle highly sensitive data? Do they adhere to US government

protocols? Don’t take your security for granted and hand over your personal information to just anyone. Yes Has the provider completed SAS 70 Type II Certification on their processes? They should have a

comprehensive Information/Data Security Policy in place that covers all access control, data handling

and data security protocols/standards. Yes

Does the provider always return your recovered data in an encrypted format? Ensure that your data

is secure and it doesn’t fall into the wrong hands. Yes

Does the provider perform thorough employee background checks and require signed

confidentiality agreements for everyone that might come into contact with your data? It’s essential

to guarantee your security with the people handling your data. Yes Does the provider utilize strict physical security measures, such as 24/7 monitoring by security

cameras and personnel? Coupled with data safety and employee security, your provider should take

every measure to ensure your data stays secure and confidential. Yes Does the provider insist on using internal resources to perform data recovery services? Not

everyone takes your security seriously, so make sure the provider isn’t sending your data to a

third-party data recovery specialist. Yes

Trust & Confidence: Avoid the gimmicks! Identify data recovery providers you can trust by eliminating those that use questionable sales tactics.

If the provider claims “no data, no charge” – what will they charge if they recover data, but not the data that you need? Don’t fall for this questionable sales tactic and ensure that you know exactly what data you’re getting back and at what cost.

We provide a list of recoverable files before a

purchase decision Will the provider commit to quoted price ranges in writing to ensure the services fit within your

budget? Yes

Will the provider give you a listing/report of all recoverable files before you make a purchase

decision? Is this included in their evaluation service? If they don’t, walk away. Yes Will the provider offer you a free, no-obligation consultation and allow you to speak directly

with a data recovery engineer to discuss your options? Don’t be left in the lurch by not getting to

(28)

Small-to-Medium Business

Data Recovery Guide

Ontrack

®

_{Data Recovery}

Does the provider heavily invest in its research and development for complex storage

platforms, such as SSD and virtual environments? Yes

Can the provider recover from all storage platforms, including: all operating systems, server and network storage, desktop and laptop, virtual environments and SSD/flash? Can they recover

from all content types, such as files, databases and e-mails? Yes Can the provider recover data from systems that are proprietary or unique to their clients?

Expert providers invest in technologies to develop customized or just-in-time (JIT) solutions for data

loss situations that aren’t necessarily “typical.“ Yes

Experience & Success: Identify data recovery providers that have the most experience and can prove their success. How long has the provider been in the data recovery business? Expert providers typically have vast

development team? The provider should have sufficient resources to handle large/small jobs and the skillsets to cover all forms of data loss on all types of storage.

More than 5 Petabytes of file data in just

the past year Does the provider have a secure, online portal that allows you to view recoverable files and

track the status and progress of your data recovery from start to finish? The provider should offer transparency of your recovery before, during and after it’s completed.

Does the provider have the resources to perform emergency or on-site data recoveries? Do they provide remote data recovery services? Providers that understand their small and medium business customers know that every minute of data loss costs money, so they develop solutions to get them up and running quickly.

Yes

What is the standard turn-time for data recoveries? The provider should have a range of service levels to address your unique data loss situation.

We offer standard through emergency service levels & recover data in as little

(29)

Yes 24/7 service in 15+ languages Does the provider have a technical support team on staff to give you pre-and post-recovery

support? Expert providers keep your data for at least 30 days to assist in properly migrating it back into

your storage environment. Yes

Yes 18 cleanroom environments globally Is the provider authorized to handle highly sensitive data? Do they adhere to US government

protocols? Don’t take your security for granted and hand over your personal information to just anyone. Yes Does the provider always return your recovered data in an encrypted format? Ensure that your data

Has the provider completed SAS 70 Type II Certification on their processes? They should have a comprehensive Information/Data Security Policy in place that covers all access control, data handling and

data security protocols/standards? Yes

cameras and personnel? Coupled with data safety and employee security, your provider should take

budget? Yes

(30)

Enterprise Business Data

Recovery Guide

Ontrack

®

_{Data Recovery}

Does the provider heavily invest in its research and development for complex storage

platforms, such as SSD and virtual environments? Yes

Can the provider recover from all storage platforms, including: all operating systems, server and network storage, RAID, desktop and laptop, virtual environments and SSD/flash? Can they

recover from all content types, such as files, databases and e-mails? Yes Can the provider recover data from systems that are proprietary or unique to their clients?

Expert providers invest in technologies to develop customized or just-in-time (JIT) solutions for data

loss situations that aren’t necessarily “typical.“ Yes

Experience & Success: Identify data recovery providers that have the most experience and can prove their success. How long has the provider been in the data recovery business? Expert providers typically have vast

development team? The provider should have sufficient resources to handle large/small jobs and skillsets to cover all forms of data loss on all types of storage.

More than 5 Petabytes of file data in the

just past year Does the provider offer a secure, online portal that allows you to view recoverable files and

track the status and progress of your data recovery from start to finish? The provider should offer transparency before, during and after your recovery.

Does the provider have the resources to perform emergency or on-site data recoveries? Do they provide remote data recovery services? Providers that understand their enterprise customers know that every minute of data loss costs money, so they develop solutions to get them up and running quickly.

Yes

What is the standard turn-time for data recoveries? The provider should have a range of service levels to address your unique data loss situation.

We offer standard through emergency service levels & can recover data in as

(31)

Yes 24/7 service in 15+ languages Does the provider have a technical support team on staff to give you pre-and post-recovery

support? Expert providers keep your data for at least 30 days to assist in properly migrating it back

into your storage environment. Yes

Yes 18 cleanroom environments globally Has the provider completed SAS 70 Type II Certification on their processes? They should have a

comprehensive Information/Data Security Policy in place that covers all access control, data handling

and data security protocols/standards? Yes

Is the provider authorized to handle highly sensitive data? Do they adhere to US government

protocols? Don’t take your security for granted and hand over your personal information to just anyone. Yes Does the provider always return your recovered data in an encrypted format? Ensure that your data

cameras and personnel? Coupled with data safety and employee security, the provider should take

budget? Yes