How To Back Up A Virtual Machine

2010 Symantec Disaster Recovery Study

Methodology

• Applied Research performed survey

• 1,700 enterprises worldwide

• 5,000 employees or more

• Cross-industry

Key Findings

• Virtualization and Cloud Make DR Complex

• The Downtime Recovery Gap

• Impact of Disaster Recovery Testing

• Recommendations

4

Virtual Environments Protected Properly?

•

56% of data on virtual systems is regularly backed up

•

Only 20% of virtual environments protected by replication or

failover technologies

Lack of Tools, Decrease of Virtual Protection

• 58% report different tools for virtual and physical environments

is a challenge

• Virtualization led 84% to reevaluate DR plans in 2010

• 60% of virtualized environments not covered in DR plans

Storage and Resource Constraints an Issue

• 59% identified resource constraints (people, budget, and space)

as the top challenge when backing up virtual machines

• 57% state that the lack of primary and 60% state that lack of

backup storage hampers protecting mission critical data

Cloud Causes Security and Control Issues

• Organizations put 50% of applications in the cloud

• 66% say security is main concern of cloud

• 55% say control is biggest challenge of cloud

9

Downtime Recovery Gap

•

Expectation of downtime for outage = 2 hours

•

Actual downtime in last 12 months = 5 hours

•

Median of 4 incidents in past 12 months

Major Causes of Downtime

•

72% experience downtime from

system upgrades (50.9 hours)

•

70% experience downtime from

power outages and failures (11.3

hours)

•

26% conducted a power outage

and failure impact assessment

•

63% experience cyber attacks

(52.7 hours)

12

Improvement In Testing Frequency and Success

• 82% test more frequently than once a year

• Significant increase from 66% who reported same in 2009

• 40% of tests fail to meet RTO/RPOs

Reasons for not testing

•

Budget (60%)

•

Disruption to employees (59%)

•

Disruption to customers, sales & revenue stream (24%)

•

Lack of people’s time (26%)

•

Cost of testing: $606,948

15

Recommendations

•

Ensure that mission-critical data and applications are treated the

same across environments (virtual, cloud, physical) in terms of DR

assessments and planning

•

Use integrated tool sets for managing physical, virtual and cloud

environments to save time, training costs and help better automate

processes.

•

Embrace low-impact backup methods and deduplication to ensure

that mission-critical data in virtual environments is backed up,

efficiently replicated off campus

•

Prioritize planning activities and tools that automate and perform

processes which minimize downtime during system upgrades

•

Implement solutions that detect issues, reduce downtime and recover

faster to be more in line with expectations

•

Don’t cut corners on basic technologies and processes that protect in

17

Appendix

Company titles

24% 43% 7% 17% 7% 2% 0% 10% 20% 30% 40% 50% Chief Information Officer (CIO) / Chief Technology Officer (CTO)

VP / SVP

Data Center Maanger or Data Center Director

IT Manager

IT Staff

Other (Please specify)

Industries

10% 10% 10% 9% 8% 7% 7% 7% 7% 4% 4% 3% 3% 3% 3% 2% 2% 1% 0% 5% 10% 15% 20% 25% Financial Manufacturing Technology Telecommunications Healthcare Automotive Consumer Insurance Retail Education Energy Media Online Public sector Transportation Real estate Other (Please specify) Hospitality

Downtime

72% 70% 69% 64% 63% 63% 63% 48% 47% 46% 46% 45% 44% 42% 42% 1% 0% 20% 40% 60% 80% 100% System upgrades

Power outage / failure / issues Fire Configuration change management issues Cyber attacks Malicious employee behavior Data leakage or loss Flood Hurricane Earthquake Tornado Terrorism Tsunami Volcano War Other (Please specify)

Q1: How many of each of the following has caused your organization to

experience downtime in the past five years?

Downtime

52.7 50.9 15.1 15.0 11.3 10.4 9.6 9.3 9.1 8.3 7.8 7.4 7.2 6.9 6.9 1.6 0.0 10.0 20.0 30.0 40.0 50.0 60.0 Cyber attacks System upgrades Configuration change management issues Fire Power outage / failure / issues Malicious employee behavior Terrorism Earthquake Data leakage or loss Flood Hurricane Tornado War Volcano Tsunami Other (Please specify)

Q2: How many hours of downtime has your organization experienced in

the past 12 months for each of the following?

Downtime

48% 13% 8% 6% 4% 4% 4% 2% 2% 2% 2% 2% 1% 1% 1% 1% 0% 10% 20% 30% 40% 50% System upgrades Cyber attacks Power outage / failure / issues Fire Flood Configuration change management issues Data leakage or loss Earthquake Malicious employee behavior Tsunami Volcano Terrorism Hurricane Tornado War Other (Please specify)

Q3: As measured by hours of downtime, what is your number one cause

of downtime?

Threat assessments

69% 67% 48% 48% 44% 26% 26% 25% 24% 23% 16% 6% 6% 5% 4% 1% 0% 20% 40% 60% 80% 100% Cyber attacks System upgrades Earthquake Terrorism Hurricane Power outage / failure / issues Data leakage or loss Configuration change management issues Fire Malicious employee behavior Flood Tsunami Tornado Volcano War Other (Please specify)

Q4: Which of the following threats has your organization conducted an

impact assessment?

DR responsibility

61% 12% 9% 6% 4% 3% 2% 1% 1% 0% 0% 0% 20% 40% 60% 80% 100% Chief Information Officer (CIO) / Chief Technology Officer (CTO)

IT Manager Disaster Recovery Manager (DRM) Data Center Manager or Data Center Director VP / SVP Business Continuity Manager (BCM) IT Staff External consultant / outsourcer None - we do not have a disaster recovery committee Other (Please specify) Don't know

Q5: Which person in your organization has the ultimate responsibility

for managing the disaster recovery plan?

DR committees

65% 56% 32% 25% 25% 21% 18% 15% 11% 8% 8% 7% 1% 1% 1% 0% 20% 40% 60% 80% 100% Disaster Recovery Manager (DRM)

Systems / infrastructure manager Chief Information Officer (CIO) / Chief Technology Officer (CTO) / IT Director Chief Executive Officer (CEO) Chief Security Officer (CSO) Divisional / Departmental IT manager Chief Financial Officer (CFO) Business Continuity Manager (BCM) Line of business executives / managers Other directors External consultant Non-IT senior managers None - we do not have a disaster recovery committee Other (Please specify) Don't know

Q6: Which of the following people are on your organization's disaster

recovery committee?

DR plans

55% 50% 40% 23% 18% 16% 11% 0% 20% 40% 60% 80% 100% HP-UX AIX Windows Solaris RedHat VMware SUSE Linux

Q9: What of the following are covered by your DR plan?

Replication

Yes 92%

No 8%

Replication

69% 68% 65% 34% 0% 0% 20% 40% 60% 80% 100% Database-based replication Application-based replication Array-based replication Host-based replication

Other (please specify)

Q10b: What replication technologies are used?

(Only asked of those who replicate critical applications between data centers)

(Mark all that apply.)

Replication challenges

55% 25% 17% 3% 0% 20% 40% 60% 80% 100%

Complexity of replication solutions

Cost

Limited WAN bandwidth (too much data)

Hardware lock-in

Q11: What is your primary challenge with storage array-based

replication?

Disaster impact

4% 5% 5% 5% 5% 6% 6% 7% 6% 12% 6% 7% 7% 8% 9% 7% 10% 11% _10% 10% 29% 32% 32% 33% 32% _34% 32% 32% 34% 31% 41% 42% 44% 41% 39% 42% 37% 36% 40% 37% 19% 14% 11% 13% 14% 11% 15% 14% 10% 10% 0% 10% 20% 30% 40% 50% 60% 70% 80% 90% 100%

Data loss Cost of downtime Reduction in profits Reduction in revenue Damage to competitive standing in the marketplace Configuration drift issues Damage to brand reputation Damage to customer loyalty Damage to supplier relationships Decreased employee productivity

Q13: How would you rate the potential impact that could results from a

disaster your organization is concerned about?

Downtime costs

$62,063 $55,324 $47,769 $42,265 $41,117 $39,590 $24,571 $21,748 $18,409 $10,523 $0 $10,000 $20,000 $30,000 $40,000 $50,000 $60,000 $70,000 Web servers

Custom line of business applications Databases ERPs / CRMs Web commerce applications Application servers Messaging applications Collaboration software Email Other (Please specify)

Q14: What would you estimate is the cost of an hour of downtime for

each of the following in your organization?

Outages

Q15: How many outages did you have in the past 12 months?

Downtime

Q16: In your estimation, how long was the average time of

downtime per incident in hours?

Disaster recovery budget

Q17: What is your annual disaster recovery budget?

Disaster recovery budget

31% 31% 67% 26% 3% 43% 0% 10% 20% 30% 40% 50% 60% 70% 80% 90% 100%

Over the past 12 months In the next 12 months

Q18: In your opinion, which of the following best describes your

disaster recovery budget?

Recession impact

12% 23% 17% 46% 2% 0% 10% 20% 30% 40% 50% Extremely negative impact

Some negative impact

No impact whatsoever

Some positive impact

Extremely positive impact

Q19: How has the global recession impacted the resources available for

your disaster recovery planning?

Annual IT budget

Q20: What is your total annual IT budget?

IT budget allocation

Q21: What percentage of your IT budget is allocated towards

disaster recovery initiatives including backup, recovery,

clustering, archiving, spare servers, replication, tape, services,

DR plan development and offsite costs, etc.?

DR site status

72% 63% 17% 3% 0% 20% 40% 60% 80% 100% It is hot standby

It is managed by an outside vendor

It is cold standby

We don't have a disaster recovery site

Q23: What is the status of your disaster recovery site?

Failover / recoveries

31% 29% 22% 18% 0% 10% 20% 30% 40% 50% Same-site failover / recovery

Cloud failover / recovery

Campus failover / recovery

Global failover / recovery

Q24: What percentage of your failover / recoveries you perform is each

of the following types?

Recovery time

2.1 2.2 2.2 2.4 1.8 1.9 2.0 2.1 2.2 2.3 2.4 2.5

Skeleton operations Mostly back up and running 100 percent up and running Operations would be able to continue as normal despite the disaster

Q25: If a significant disaster were to occur at your organization that

destroyed the main data center, how soon would the organization be

able to do each of the following?

(In hours)

(Means shown)

Recovery objectives

Q26: for the Tier 1 applications in your disaster recovery plan,

what are your recovery time objectives? What are your

recovery point objectives? (Medians shown)

Recovery Time Objectives

4

Recovery objectives

Q27: For virtualized applications in your disaster recovery

plan, what are your recovery time objectives? What are your

recovery point objectives? (Medians shown)

Recovery Time Objectives

4.0

Reevaluation

14% 16% 52% 10% 4% 1% 1% 1% 1% 0% 20% 40% 60% 80% 100% Monthly Quarterly Every 6 months Once a year Every 1 - 2 years Every 2 - 3 years Less frequently than every 3 years On an ad-hoc basis Never

Q28: How often do you reevaluate your TO / RPO requirements or

change them for new applications?

Full scenario testing

16% 15% 51% 11% 3% 1% 1% 1% 1% 0% 20% 40% 60% 80% 100% Monthly Quarterly Every 6 months Once a year Every 1 - 2 years Every 2 - 3 years Less frequently than every 3 years On an ad-hoc basis Never

Q29: How frequently does your organization carry out full scenario

testing of its disaster recovery plan, involving relevant people,

DR testing cost

Q30: How much did you spend in the past year on DR testing?

DR testing cost

Q31: What was the cost of testing your disaster recovery plans

in the past year?

Successful tests

Q32: What percentage of disaster recovery tests successfully

recovered critical data and applications within RTOs / RPOs?

Recovery barriers

3 3 3 3 3 2 0 0 1 2 3 4

Insufficient IT infrastructure at the DR site Configuration issues Discovery that the plan has become out of date People do not do as they are supposed to Processes turn out to be inappropriate Technology does not do what it is supposed to Other (Please specify)

Q33: How many times did each of the following challenges prevent you

from recovery within the RPOs / RTOs?

Testing barriers

60% 59% 26% 16% 15% 14% 13% 4% 3% 0% 0% 20% 40% 60% 80% 100% Resources, in terms of budget

Disruption to employees Resources, in terms of people's time Disruption to customers Lack the technology to run the test Disruption to sales and the revenue stream Other IT projects taking a higher priority Not seen as a priority by top management None Other (Please specify)

Q34: Which of the following do you consider to be barriers to running a

full scenario test on your disaster recovery plan?

Deduplication

20% 19% 10% 48% 1% 1% 0% 10% 20% 30% 40% 50% Considering / planning, but have not yet purchased capabilities

Purchased capabilities, but have not yet implemented

Implemented, but have not been able to see ROI

Implemented, able to demonstrate ROI

Implemented, fell short of ROI

Implemented, but too soon to demonstrate ROI

Deduplication

Q36: How much budget would you estimate you save / would

save by implementing deduplication?

Deduplication

Q37: How much storage space, in terms of gigabytes, would

you estimate you save / would save by implementing

deduplication?

Appliance form vs. Software model

Appliance with software 44%

Software delivery model 56%

Q38: Do you prefer an appliance form factor with software for

deduplication or a software delivery model built into existing backup

Reevaluating

Yes 85%

No 16%

Q39: Has implementing server virtualization caused you to reevaluate

your disaster recovery plan?

Virtual servers

Q40: What percentage of virtual servers is covered in your

disaster recovery plan?

Virtual applications

26% 25% 25% 23% 23% 22% 0% 0% 10% 20% 30% 40% 50% Databases Application servers Web servers Messaging applications ERPs / CRMs Custom line of business applications Other (Please specify)

Q41: What percentage of the following applications are being put into

virtual environments at present?

Virtual applications

26% 25% 25% 24% 22% 22% 0% 0% 10% 20% 30% 40% 50% Databases Application servers Web servers ERPs / CRMs Custom line of business applications Messaging applications Other (Please specify)

Q42: What percentage of each of the following applications will be put

into virtual environments 12 months from now?

Virtual servers

30% 30% 30% 30% 0% 10% 20% 30% 40% 50% Application test environment

Patch testing environment

Application development environment

Production environment

Q43: What percentage of the servers in your data centers are being

virtualized in each of the following?

Backing up virtual environments

50% 30% 30% 24% 0% 20% 40% 60% 80% 100% We utilize off-host technology (e.g., VMware VCB / v-Storage API) for

"client-less" backups of VMs

Like a physical machine - standard Client (non deduplication) inside each virtual machine

Like a physical machine - except with deduplication client inside each virtual machine

Not backing up virtual machines

Q44: How do you back up virtual environments?

Virtualization

60% 60% 53% 29% 25% 13% 10% 8% 2% 0% 20% 40% 60% 80% 100% Performance

Manpower / human resources Application vendor support issues Cost Skills Storage inefficiencies / storage costs too high Inability to meet service levels / availability requirements of the business Ability to recover and manage virtual environments Haven't though much about it

Q45: What are the main reasons you have not virtualized more

applications?

Virtual server testing

9% 50% 14% 13% 7% 5% 2% 2% 0% 20% 40% 60% 80% 100% Daily Weekly Monthly Quarterly Semi-annually Yearly Less than once a year Never

Q46: How often do you test virtual servers as part of your disaster

recovery plan?

Challenges

60% 57% 55% 39% 37% 19% 15% 7% 1% 0% 20% 40% 60% 80% 100% Lack of available backup storage capacity

Lack of primary storage capacity Lack of automated recovery Insufficient backup tools Lack of enterprise high availability Lack of enterprise storage management Different tools for physical and virtual environments Lack of scalability Other (Please specify)

Q47: What challenges have you faced in protecting mission critical data

and applications in virtual environments?

Challenges

38% _35% 30% 35% 30% 49% 20% _16% 38% 28% _30% 30% 29% 30% 21% 23% 30% 44% 34% 36% _40% 36% _40% 30% 58% 54% 19% 0% 10% 20% 30% 40% 50% 60% 70% 80% 90% 100% Lack of available backup storage capacity Lack of primary storage capacity Lack of automated recovery Insufficient backup tools Lack of enterprise high availability Lack of enterprise storage management Different tools for physical and

virtual environments Lack of scalability Other (Please specify)

Q48: How much of a challenge do each of the following present in

protecting mission critical data and applications in virtual

environments?

Virtual applications

25% 23% 22% 21% 20% 20% 20% 20% 0% 10% 20% 30% 40% 50% Disk backup

Continuous data protection Tape backup Online / cloud storage (ie online) Optical removable media (CDs, DVDs, Blu-ray, etc.) Data replication High availability failover Global or wide area failover

Q49: What percentage of your organization's data and mission critical

applications in virtual environments are protected by each of the

following?

Data backup

Q50: What percentage of the data on your virtual systems is

regularly backed up?

Virtual backup

18% 54% 12% 9% 4% 2% 0% 1% 0% 20% 40% 60% 80% 100% Daily Weekly Monthly Quarterly Semi-annually Yearly Less than once a year Never

Virtual backup challenges

59% 16% 16% 5% 4% 0% 20% 40% 60% 80% 100% Resource constraints (people, budgets, and space)

Application-consistent backups

Lack of efficient technology / hardware / software

Lack of efficient restore options

Too much time required

Q52: What is the top challenge with backing up virtual machines as

opposed to physical ones?

Email recovery

34% 26% 16% 14% 5% 4% 1% 0% 10% 20% 30% 40% 50% Continuous data protection

Email as a service Global failover Local failover Regular backup Cloud-based hosting Protecting data with snapshots

Q53: In terms of email or Exchange, which of the following is your

primary disaster recovery strategy?

Multi-tiered services

62% 57% 25% 18% 14% 9% 2% 0% 20% 40% 60% 80% 100% Failure to protect all components of the IT service

Lack of coordination between application and data recovery solutions Having inconsisten levels of protection for different components of the IT

service Lack of understanding application dependencies Using manual recovery of the application, which is slow and increases the risk

of error Cross-functional teamwork and communication is lacking Other (Please specify)

Q54: What challenges does your organization have with managing high

availability and disaster recovery for multi-tiered IT services?

Multi-tiered services

Q55: How many hours does it take to recover your

multi-tiered services?

Cloud storage

61% 23% 7% 8% 0% 20% 40% 60% 80% 100%

Considering / planning, but have not yet purchased capabilities

Purchased capabilities, but have not yet implemented

Not considering

Already implemented

Cloud storage

14% 65% 11% 9% 0% 20% 40% 60% 80% 100%

Have not been able to see ROI

Are able to demonstrate ROI

Fell short of ROI

Too soon to demonstrate

Cloud computing

57% 17% 11% 6% 6% 4% 0% 20% 40% 60% 80% 100% Software as a service

Backup to the cloud Failover to the cloud Not using cloud computing Recovery from the cloud Deploying cloud applications

Q58: How are you using cloud computing initiatives to help with your

data center's disaster recovery plan?

Cloud computing impact

16% 67% 13% 4% 0% 0% 20% 40% 60% 80% 100% Extremely easier Easier No change More difficult Extremely difficult

Q59: What has been the impact of cloud computing to your disaster

recovery plan?

Cloud computing challenges

55% 14% 14% 12% 4% 1% 0% 20% 40% 60% 80% 100% Control failovers / make resources highly available

Control of management of resources Ability to backup Security Expertise Other (Please specify)

Q60: What are the biggest disaster recovery challenges you face when

considering implementing cloud computing / cloud storage?

Cloud computing policies

Yes 85%

No 15%

Q61: Do you have written guidelines or policies in place for approving

cloud applications that use business sensitive or confidential

Cloud computing

55% 25% 14% 5% 1% 0% 20% 40% 60% 80% 100% CEO CIO / CTO IT managers

Employee end users / business managers

Employees who implement their own

Cloud computing

50% 50% 0% 10% 20% 30% 40% 50% 60% 70% 80% 90% 100%

Mission-critical applications Non-mission critical applications

Q63: What percentages of the following types of applications are you

putting into the cloud?

Cloud computing concerns

66% 14% 12% 6% 3% 0% 20% 40% 60% 80% 100% Security Accessibility Control Management Backup

Q64: What is the biggest concern with putting mission-critical

applications in the cloud?