Greetings from the Data Protection Summit

I've been going to fewer and fewer trade shows, conferences, and expos. The reason: I see mostly the same folks (nice though they are) and the same gear. I have the same conversations about mostly the same stuff. Storage conferences in particular are dull with endless rows of storage systems, mostly disk systems, that all look the same. Usually someone tries to convince me that their new disk system is faster then anything ever known. Okay, sure. Whatever...

However, I decided to go to the Data Protection Summit in Irvine even though it's a new event. I like focused conferences especially about the very thing I write about the most. As can be expected with a new conference, turnout was not what everyone wanted but the sessions were high quality. On the vendor side, there weren't any of the giant three-letter-acronym companies. Instead, there were mostly smaller companies that focused on one or two innovative (or so they hope) products.

So here are my impressions of what the conference had to offer:

1. Gobs of storage security “platforms”. More concentration of storage security than I've ever see before. There were more encryption devices displayed then people in the sessions. The problem with these devices is that they all look and act the same. I think it would be hard to decide on a vendor given the sameness of the products.

   Note to vendors: People don't buy based on small differentiators especially when they can buy from a large full service vendor instead.

2. Where was everyone else? With the emphasis on encryption so strong, there was little room for other forms of data protection. Hardly anyone was showing good old-fashioned data protection solutions, tape or disk. ILM, traditional backup and restore, CDP, etc. were talked about in the sessions but no one was showing them. It is a strange disconnect between what was discussed and what was shown.

   This tells me two things. First that in minds of small vendors at least, all the other forms of data protection have jumped the shark. No matter that backup systems are what people are buying. It's just not interesting enough to get the VC's to invest in you. Second, old-fashioned backup is still interesting enough to talk about and (more importantly) buy. It's just not as much fun to see. Everyone talks about the new Fall Out Boy album but secretly listens to Bruce Springsteen.

3. Compliance Rules! If security didn't get your attention then regulatory compliance sure did. No matter what the subject, it always came up. Vendors, analysts, and IT folks all had something to say about it (me included). It's so worrisome even though it only represents a small part of what is wrong with data protection. It just goes to show that lawyers can scare the snot out of anyone, even seasoned IT people. Most of us would rather face an angry mob of end-users whose data was dumped down the drain than be deposed by an attorney.

   We can all imagine the opposition lawyer, dressed completely in black and hissing “Where are the tapes” like Darth Vader. Sends a shudder down your spine, doesn't it?

4. Your own private DR site. I saw something really cool from a company called VaultStor. It was a standalone, self contained, D2D system in a fireproof and waterproof vault. It's a DR center that fits in a closet. It's a great solution for small and remote offices where it is terribly inconvenient to build a protected data center. Often in those cases the device are left vulnerable to physical disaster. Or the data is left vulnerable to any kind of disaster. VaultStor is a great idea. My thanks to Tom Rauscher of Zetera for pointing them out to me.

5. From The “All Talk and No Action” Department. There was a lot of gabbing about protecting mobile data but few solutions. Everyone admits it's a problem yet there didn't seem to be too many good ways to address it. Most of the solutions were geared toward protecting mobile data from prying eyes but not from total loss.

   There seems to be this fantasy land where laptops hold no useful information that isn't backed up on a corporate server. In this wonderful place, the CEO has never dropped his laptop down a flight of stairs and a salesperson never accidentally erased the customer proposal that was written in the hotel the night before. Lovely place. I want to live there.

And there you have it. The first Data Protection Summit has come and gone. It yielded, for me anyway, some interesting insights into where the industry is heading. So, despite the low turnout, there was a lot of value in it.

Looking Forward in 2007

At this time of year, there is a tendency to look back on the year that just passed. Subsequently, the industry press and blogsphere is chock full of articles with titles like "The Best of 2006 in.." or "Looking Back at 2006 in...". I thought about doing that too. For about ten seconds. Who wants a recap of stuff we already know. That's fun for cultural ruminations about music or movies but not for technology, especially a subspecies like data storage. We are more interested in where we are going than where we've been.

One of the reasons I was tempted to do a retrospective is because the upcoming year seems to be shaping up to be, well, a bit dull. The last few years have been, technologically speaking, quite exciting. We have seen the mainstreaming of ILM, CDP, disk-to-disk backup, and WAFS. Highly scalable NAS devices and file virtualization, on the edge just a few years ago, are now commonplace.

With all this new technology having previously been introduced, a slowdown is inevitable. Once technology is proven to the point where managers can feel it is safe, they deploy it. That's where the focus will be in 2007. Getting all of this useful technology into the data center without something going horribly wrong. The good news is that after all the data disasters of the past year, there is renewed interest in data protection at the highest levels of the corporation. That means there will be budget for these projects.

For vendors, this is good news indeed. Rather than evaluating new technology, IT managers will actually be buying it. It's a salesperson's dream - something new to talk about that works and that customer might actually buy.

Also on the vendor side, consolidation will continue. The big companies will continue to gobble up the small ones that are still left. Their focus will be on integrating these newer technologies into their overall product lines. To that end, CDP is fast becoming a feature of disk-based backup and WAFS another network service.

Since everyone will be spending their time digesting acquisitions and technology, don't expect radical new technology to hit the streets. Think incremental changes to products rather then revolutionary new technology. Most folks will be too worried about deployment to care about something disruptive.

For sure, some areas will continue to show innovation. Information management tools such as classification or information tracking are still in their infancy. A lot can happen in this arena in the next year. Application specific storage also has some ways to go and will be a hot area in 2007.

A lot will be happening on the consumer side as well. While more a packaging project, making advanced technology available to consumers will be an interesting path for some companies. Seagate and Iomega are gearing up to attack this market head on. As more and more households store and share lots of digital photos, music, and videos, they will need better storage options then a PC hard drive. These products will be well received once the prices come down a bit.

In a nutshell, 2007 will be a bit boring unless you are making or spending money. In that case, you will be very busy.

Another One Bites The Dust

The CDP consolidation continues! It was announced today that Symantec, who acquired Veritas some time back, has acquired the assets and intellectual property of Revivio. This is totally predictable. Symantec/Veritas was one of the few major backup software vendors without a decent CDP feature and Revivio was struggling to stay alive. Revivio's investors get something, Symantec gets a key feature.


This is all part of the ongoing absorption of VTL and CDP players into the portfolios of larger technology companies. Just recently we saw Avamar picked up by EMC and XOSoft plucked by CA. This absorption was inevitable. CDP and VTL are both features, not products. The do not change the data protection model so much as extend it and give it a new performance envelope. They are in no way disruptive in the way SANs were to storage and data protection.

There are now precious few independent CDP companies left. Timespring comes to mind plus a few others. How long can a CDP vendor stay independent? With this move by Symantec most of the major data protection companies now have this feature. Netapp might go for an acquisition here. They have the NearStore VTL software but not true CDP. HDS is more likely to source than buy CDP. The field is getting very narrow indeed.

Of course, CDP vendors may opt to stay the course and not sell out. That's fine if you enjoy getting stomped by one of the big boys. Most data protection vendors can now offer a full spectrum of solutions, hardware and software. Independents are left to pick up the scraps.Despite the customers they already have time is running out on these companies. There will be fewer and fewer folks ready to buy from a small company when they can get it as an add-on or feature of their backup software. Eventually the big boys will start pricing this software to move until it finally is a standard feature. Then what?

My advice to those still trying to swim against the tide is to get out of the ocean while you can. Otherwise, there will be nowhere left to swim to.

Time May Change Me, But I Can't Trace Time

The title of this entry is from the David Bowie song "Changes" off the album "Hunky Dory". While I know he didn't have computer data in mind when he sang these words, it sure applies. How do we trace time? Can we track changes in data and adjust resources based on change? The answer lies in another quote from Maestro Bowie "It Ain't Easy".

I've been researching a paper around the idea of just-in-time data protection. It pulls together some concepts that I have been batting around for quite some time including the idea of Service-Oriented Architectures and dynamic data protection. I've written about both of these topics before. In looking at how to make the data protection environment more responsive, I started to realize that resource allocation needs to be adjusted according to how quickly the data is changing. The rate of change of the data, should then drive one of the major data protection metrics, Recovery Point Objective or RPO. RPO basically says how far back in time you are committed to recover some piece of data. My thinking goes like this: Why spend money to provide high performance backup to data that isn't changing? Conversely, rapidly changing data justifies a short time frame RPO and more resources.

As I went about talking with vendors and IT people I quickly discovered that there was no good and easy way to determine the rate of change of data. We simply don't track data that way. There are some indirect measures, especially the rate of growth of disk storage. For homogeneous data stores, such as a single database on a disk, this works well, assuming your unit of measure is the entire database. It doesn't work well at all for unstructured data, especially file data. We might be able to look at how much space is used in a volume but that's a pretty gross measure. Databases have some tools to show how fast data is changing but that does not translate to the disk block level and does nothing for file systems.

What we need to understand is how often individual files are changing and then adjust their data protection accordingly. If a file is changing an awful lot, then it might justify a very short RPO. If it's not changing at all, perhaps we don't need to back it up at all so long as a version exists in an archive. In other words, we need to assign resources that match the metrics and rate of change affects the metrics. This is complicated because how often data changes is variable. It might follow along with a predictable lifecycle but then again, it might be more variable than that. The only way to know is to actually measure the rate of change of data, especially file data.

The simple solution is a system that tracks changes in the file system and calculates rate of change for individual files. This information would then be used to calculate an appropriate RPO and assign data protection resources that meet the metrics. The best system would so this on the fly and dynamically reassign data protection resources. A system like this would be cost effective while providing high levels of data protection.

No one has this yet. I'm thinking it is two to five years before this idea really takes hold in products. That's okay. It's usually a long time before something goes from a good idea to a usable product. We have to start with the good idea.

More Fun for You at SNW

After last year, I had pretty low expectations of SNW this year. There was so little new and interesting that it was discouraging. So, going into this year's Expo I have to admit that I had a bad attitude. I am happy to report that I was mistaken and actually found some interesting trends and technology. That is not to say all is rosy. There is still a lot of silliness out there but that is easily balanced by intelligent responses to real problems.

The Most Interesting Announcement

The announcement that caught my attention right away was EMC's acquisition of Avamar. Avamar was an early entry into disk-to-disk backup. What is most interesting about Avamar is their software. The hardware is beside the point. They are leaders in making backup more efficient by only bothering with changed data, called de-duping. They have done a great job with presenting backed up data so that it is easy to find and retrieve.

This fills a significant hole in EMC's lineup. They now have traditional backup (from Legato), CDP, disk-to-disk backup, and remote copy. Pretty much a full spectrum data protection product line. Nice.

Application Specific Storage

There are way too many storage array vendors in the marketplace. They can't all survive. However, there is a nice trend emerging, one that I think may have legs - Application Specific Storage. By this I mean storage systems tailored for specific types of applications. In general, we have taken general purpose arrays and tweaked them for specific purposes. In some cases, some vendors have specialized arrays and software for certain industries such as graphics, media, or the large files typical in oil and gas explorations.

The newest classes of storage are similar in concept - build arrays that fit certain application criteria. This is married to specialized files systems and network operating systems as well as other hardware to make networked storage that is able to meet the performance and management needs of common applications. This is a trend to watch.

Annoying Techspeak

Okay, there are lots of silly acronyms and marketing speak in the computer technology industry. What I really hate is when it is downright misleading. I saw the term "adaptive data protection" tossed on some booths. That attracted me like a moth to a lightbulb of course. Unfortunately, there was nothing adaptive about it. What I found was configurable (read manually configurable) CDP. Aw comeon! Adaptive means that it changes when the environment changes. It does not mean that I can change it when I notice that something is different.

ILM In A Narrow Band

There is much less talk about ILM than last year or even than the year before. What there is now is more focused ILM products. Lots of advanced classification software and search and index engines. This is good. It shows the maturation of the ILM space.

Oh You Pretty Things!

Design has finally come to storage. I don't mean engineering design, functional but unattractive. Instead, design in terms of form and attractiveness. Lets face it, a lot of storage gear is downright ugly. Some of it so ugly that you need to put a paper bag over it before you put it in your data center. Now we have curves and glowing logos. You actually want to look at the stuff.

Gimme Shelter

Yes! More secure products. Software, secure storage, and security appliances. Not only is there critical mass in security products, but more and more security is integrated into other components. Let the black hats penetrate the network and server perimeters. They'll hit the wall with storage.

Give Me Some Relief

And what do IT professionals want? Relief. Relief from regulators and lawyers. Relief from high costs. And relief from the crying and wailing over lost data. They want to keep what they want while ditching what the lawyers want to ditch.

Perhaps this is a sign that things are changing in the storage industry. Innovation still exists and is growing. That's very good news.

Mother Nature 1, Small Business 0

I live near Buffalo New York. Last week we had a freak October snow storm. Now, before anyone starts with the usual jokes, keep in mind this was not the normal Buffalo snow. Since the storm was widely but poorly reported, it is understandable that most people have an incomplete understanding of the scope of the disaster. Having fallen off the news cycle in a day, it's also unlikely people will ever get the whole story unless you live here or know someone who does. That's sad because it is an excellent object lesson in disaster preparedness.

The Facts.

To give some context to the situation (and hopefully stop the snickering) here are the facts of the storm:

• The last time it snowed this early here was in 1880. We expect a small sprinkling at the end of the month but not this much this early


• According to NOAA, the average snowfall for Buffalo for October is 0.3 inches. This is averaged over 59 years. We got 23 inches in one night.


• On October 13, 2006 over 400,000 homes were without power. A full week later, on the 20th, there were still over 32,000 people without power.


• Costs for tree removal and damage for municipalities could top $135M. That doesn't include business losses and other economic factors, insurance losses, and repairs to homes.


• Schools have been closed all week in many districts and some will still be closed into next week, nearly two weeks into the disaster situation

Now, it's not like Buffalo and Western New York are new to snow. We are usually prepared for anything. Not this though. What it tells you is that despite your best planning for known risks, there are any number of unknown risks that you can't anticipate.

The Impact.

Most large businesses were effected by the storm because their employees couldn't get to work. Streets were blocked, there were driving bans in most municipalities, and folks had families to worry about. Small businesses, on the other hand, suffered because they had no power. My office was offline for an entire week. After six days I was able to get a generator to run my computers. Power came back after seven days and I was up and running.

As an aside, the latest joke running around Western New York goes like this:

Q. What's the best way to get your power back
A. Get a generator

Pretty sad, eh?

The Lesson.

What this experience underlines is the need for disaster planning by even the smallest of businesses. I know a great number of lawyers, doctors, dentists, and accountants that could not operate or operate effectively because they had no electricity. Computers did not operate and cell phones ran out of juice quickly. A common problem: cordless phones that don't operate at all without power.While large businesses will have gas fired generators that can operate nearly indefinitely, most small businesses have no alternate source of energy.

The situation also shows the dark underbelly of computer technology. Without juice, computers are inert hunks of metal and plastic, more useful as door stops than productivity tools. Even worse is having your critical data locked up in a device that you can't turn on. There were quite a few times when I found myself wishing for my old fashioned paper date book.

So what should the small business professional do? There are some actions or products that I'm considering or that saved my bacon. Here's my top tips:

1. Get a small generator. A 2000-watt generator can be had for $250.00. A computer will need anywhere from 150 watts to 600 watts depending on the type of power supply. Laptops use even less. For the average small business professional, a 2000-watt generator will allow you to work at some level.


2. Offline backup. My data was well protected - for the most part. However, as it got colder I began to worry that some of my disk-based on-line backup might be damaged. Thankfully it wasn't. Still it is clear to me that I need to get my data offsite. Burning DVDs or taking tapes offsite is not practical. So, I'm looking into offsite, online backup


3. Extra cell phone batteries. The truth is, I mostly use my cell phone when traveling and can usually recharge it regularly. That works great when you have juice. An extra battery might make the difference between being operational and losing business. Some people used car chargers, many for the first time, to power up dead cell phone batteries.
   


4. Network-based communication services. One of the best things I did was get a VoIP system. It obviously wasn't working with the power out but the network was. That meant I never lost my voice mail. I could also get into the voice mail to change it. Small, onsite PBXs or answering machines don't work once the lights go out. Also, keep an old-fashioned analog phone handy. These work off of a landline's own 5-volt power. In many instances, folks had viable phone connections but no analog phone to hook up to it.
   


5. Duct tape. It works for everything. No, really.


6. Give help, ask for help. Buffalo is the kind of community where everyone helps everyone else out. That's how I got a generator. Others I spoke with were operating out of other people's offices. Keep a list of you friends and colleagues who can help you. Be prepared to help them too. That's right on so many levels

The last tip is the most important. Technology will never have the power that people do. Over the past week I saw more signs of that then I ever thought possible. I know people who had their neighbors stay with them for over a week because they somehow had heat. I saw generators loaned like library books. On my block I encountered a group of high school students - cleaning out driveways so people could get out to the street.

That's right, roving bands of teenagers committing random acts of kindness. If this is what the world is coming to then I'm all for it. And like the Boy Scouts say "be prepared".

ILM - The Oliver Stone Version

I've noticed that you don't hear much about ILM anymore. A few articles in InfoStor maybe. What news you do hear is mostly of restructurings or closings at small startup companies in the space. It seems that many ILM plays are moving into other markets or selling narrow interpretations of their technology under a different guise. I've pondered this turn of events and have collected a number of theories as to what has happened to ILM. So grab your popcorn and read "Tom's ILM Conspiracies"

It Was All Hooey To Begin With
One of the most popular theories is that ILM was a load of horse hockey from the start. The story goes this way:

1. Big companies find core technology doesn't sell as well as it used to


2. They quickly come up with a gimmick - take a basket of old mainframe ideas and give them a three letter acronym


3. Hoist on stupid and unsuspecting customers


4. Sit back an laugh as the rubes buy the same stuff with new facade

This is a variation of the "lipstick on a pig" theory that says ILM was only other stuff repackaged. It was all a scam perpetrated by evil marketing and sales guys to make their quota and get their bonuses.

Unfortunately, there are several holes in this theory. First, a lot of the companies in the space are new ones. While they take the lead from the big ones, they don't get technology and products from the big companies. They actually had to go out and make new technology not just repackage old stuff. The same is true for the big companies. Many had to develop or acquire entirely new technology to create their ILM offerings.

I also don't think that IT managers are as stupid as this theory would make them out to be. Your average manager with a college degree and a budget to manage rarely buys gear just because the salesman said it was "really important". So the marketing ploy argument falls down.

Good Idea. Too Bad It Didn't Work
Also known as a "Day Late and a Dollar Short. This theory says that ILM was a great idea but just too hard to implement or build products around. There is some truth to this one. It is hard to develop process automation products that don't require huge changes in the IT infrastructure. ILM is especially susceptible to this since it deals with rather esoteric questions such as "what is information? , "how do I define context?", and "what is the value of information?". Packaging these concepts into a box or software is not trivial.

It probably didn't help that a lot of ILM product came out of the storage industry. Folks in that neck of the woods didn't have a background in business process automation, the closest relative to ILM.

Put another way - making ILM products is hard and a lot of companies found it to too hard to stay in the market.

The Transformer Theory or Morphing Into Something Bigger
ILM. More than meets the eye! It's funny if you say it in a robotic voice and have seen the kids cartoon and toys from the 80's. But seriously folks, the latest theory is that ILM hasn't disappeared, it's simply morphed into Information Management. This line of thought goes like this:

• ILM was only a start, a part of the whole


• It was successful to a large degree


• Now it is ready to expand into a whole new thing


• Get more money from customers

This is one of those sort of true and not true ideas. It is true that ILM is part of a larger category of Information Management. So is information auditing and tracking, search, information and digital asset management, document and records management, and even CAS. That doesn't mean that ILM as a product category has gone away. Not everyone needs all aspects of Information Management. Some folks only need to solve the problems that ILM addresses.

So, while ILM is now recognized as a subcategory of Information Management, it has not been consumed by it. This theory does not explain the relative quiet in the ILM world.

A twist on this theory is that ILM has simply gotten boring. No one wants to talk about it because it is pretty much done. That's boloney! Most vendors are only just starting to ship viable ILM products and IT has hardly begun to implement them. Nope. Put the Transformers toys and videos away.

Back and To The Left. Back and To The Left.
ILM was assassinated! Just as it looked like ILM would become a major force in the IT universe, evil analysts (who never have anything good to say about anything) and slow-to-market companies started to bad mouth it. It was a lie, they said. It was thin and there was nothing there. Unlike the "Hooey" theory, assassination assumes that there was something there but it was killed off prematurely by dark forces within our own industry.

That's a bit heavy, don't you think? Sure, there are naysayers and haters of any new technology - heck! I can remember someone telling me that the only Internet application that would ever matter was e-mail - but there are also champions. When you have heavy hitters like EMC and StorageTek (when they existed) promoting something, it's hard to imagine that a small group of negative leaning types could kill off the whole market.

Remember, there were a lot of people who hated iSCSI and said it would never work. Now, it's commonplace. Perhaps, like iSCSI it will just take awhile for ILM to reach critical mass. It is by no means dead. So that can't explain the dearth of noise

It was always about the process anyway
They have seen the light! Finally, all is clear. ILM was about the process. The process of managing information according to a lifecycle. A lifecycle based on and control by the value of the information. No products needed, so nothing to talk about.

Sort of. Okay, many people have heard me say this a hundred times. It's The Process, Stupid. However, designing the process and policies is one thing. Actually doing them is something else entirely. ILM relies on a commitment by a business to examine their needs, create processes, translate these into information policies, and then spend money on products to automate them. Just as it's hard to build a house without tools, it's hard to do ILM without tools. Software primarily but some hardware too.

It's good that we have woken to the fact that ILM is about process and policy. That doesn't explain why there isn't more news about tools that automate them.

No Time To Say Hello - Goodbye! I'm Late!" Theory
Also known as "That Ain't Working'. That's The Way You Do It" effect.. This theory postulates that IT managers simply have more important things to do. Who has time for all that process navel gazing? We have too many other things to do (sing with me "We've got to install microwave ovens.") and simply don't have the time to map out our information processes and design policies for ILM. I'm sure that's true. I'm sure that's true for almost every IT project. It's a matter of priority. However, we do know that lots of people are struggling with information management issues, especially Sarbannes-Oxley requirements. If that wasn't true, the business lobby wouldn't be expending so much energy to get SOX eliminated or watered down.

There is a kernel of truth here. If IT doesn't see ILM as a priority, it will die on the vine. I just don't think that ILM is such a low priority that it explains the lack of positive news.

Everything is Fine Thanks. No, Really. It's Okay.
What are you talking about, Tom? Everything is peachy keen! We're at a trough in the product cycle and that makes us a bit quiet. No. Um. Customers are too busy implementing ILM to talk about it. That's the ticket. No wait! They are talking about it but no one reports it anymore. It's too dull. That's because it is so successful.

Nice try.

Not nearly enough IT shops are doing ILM, this is the time in the cycle when products (and press releases) should be pouring out, and the trade press will still write about established technology. Just look at all the articles about D2D backup and iSCSI, two very well established and boring technologies (and I mean that in only the most positive way). I will admit that ILM is no longer the flavor of the month but you would think that you'd hear more more about it. We still hear about tape backup. Why not ILM?

My Theory
Or non-theory really. My feeling is that ILM turned out to be too big a job for small companies. They couldn't put out comprehensive products because it was too hard to make and sell these products. Complete ILM takes resources at the customer level that only large companies have. Despite trying to develop all-encompassing solutions, many have fallen back on doing small parts of puzzle. The companies that are still in the game are either big monster companies like EMC and IBM, implementing total ILM solutions, or small companies that do one small piece of the information management process. Classification software and appliances are still pretty hot. No one calls them ILM anymore because it is more narrow than that.

So ILM is not dead, just balkanized. It is a small part of a larger market (Information Management) that has been broken down into even smaller components such as information movement and classification. ILM is not dead or transformed. Just hiding.

CA and XOSoft

In the past week or so I have had a lot of people ask me what I thought about the recent acquisition of XOSoft by CA. Overall the questions range from the overarching "Why did CA buy XOSoft?" to the more pointed "Isn't XOSoft worried about CA's reputation?" Here's my two second analysis.

1. CA Wins - CA needs to fill out their product line. With CDP and Replication technology from XOSoft, CA has one of the most complete data protection product lines in the industry. CA customers will soon have a complete, well integrated basket of data protection tools to draw from. CA also gets a willing partner and doesn't have to pay a premium needed to acquire an unwilling one.



2. XOSoft Wins - Besides the obvious monetary gain for XOSoft founders and investors they now get access to big company resources and the entire range of data protection and security products that CA offers. Let's face it, CDP is becoming a feature. XOSoft would have had to acquire someone (a small or distressed cmopany with the obvious problems associated with that) or would have become a niche player catering to the "I hate the big guys" crowd. There's not much of a future in that.



3. CA's Reputation - This is still a problem. Everyone thinks of CA as having questionable (at best) business practices and slow, inattentive, and non-responsive product development. While that's changing, it will be awhile before CA can change the industry's perception of itself. From CA's point of view, bringing energetic young companies into the fold helps this along. For the folks at those companies, it means having to manage an issue they have never dealt with.



4. XOSoft Customers - Come on now. You didn't really think these guys were going to stay independent forever. You can now look forward to getting a well integrated data protection and security suite rather than cobbling one together on your own. It was inevitable and is beneficial in the long run.

Ultimately, it was best for XOSoft to take the deal with a known partner rather than wait on the sidelines until all the other CDP companies were gone. If they had done that, they would have been faced with limited choices and probably a lower selling point. If they had continued to stay independent, they would have been pushed to the back of the room, forever a small niche player with limited growing room. For CA, they get a quality purchase that fills out their product line, making them much more competitive. Sounds like a good deal to me.

As to the CA rep, remember what Timon says in the Lion King "You have to put your past behind you". At some point the industry has to give CA a chance to move beyond it's past indiscretions. The XOSoft acquisition is a step in that direction.

Just-in-time Data Protection

There is more activity in the data protection arena now than I've seen in years. We are reaping the fruits of years of new innovation to finally begin to achieve something special in data protection. Looking back over the past few years we have seen the emergence of:

• Disk-based backup including VTL
• Data reduction techniques
• Continuous Data Protection (CDP) and real-time replication
• WAFS or Wide Area File Systems
• Tiered Storage
• Data Lifecycle Management

All of these combined provide a whole host of choices in how one architectures data protection systems. It would seem that soon we will have the ability to protection all of our data all the time. But does that make the most sense?

Constant and complete data protection will always be very expensive. Bandwidth costs money, disk capacity costs money, and software costs money. To strive to backup everything all the time is to strive to waste money. Why? Because there is rarely a good reason to backup all the data, all the time? We may want to backup all of it sometimes. That the realm of tradition backup. We may want to backup some of it all the time. That's were CDP comes in.

Where we send it to be protected is also part of the equation. Do we keep it on-site? Copy it to tape to be stored off-site? Send it over a WAn link to another locations. All of these location options provide different levels of protecton at different costs.

What we really want is "just-in-time" data protection. Akin to JIT manufacturing, the goal is to protection data when it needs to be protected. Some data will need constant backup, perhaps because it is mission critical and needs to be available 24x7x365. Other data will only be backed up occasionally because it doesn't change much. Image files are an example of something that rarely if ever changes and only needs to be backed of once in awhile. Some data will be copied off-site to a DR facility immediately because it must be made available the second a disaster occurs. Other data will be archived and left in a vault on site. It all depends on how important the data is, how fast it needs to be accessed after a disaster or failure, and how much you are willing to pay for the priviledge of having the other two.

New data protection technology allows us to fine tune our systems to deliver data to backup exactly when it is needed. If we follow a philosophy of JIT data protection then we will soon find an equilibrium between protection, cost, and time. And that is a perfect combination. Start with the JIT goal and you have a fighting chance of achieving that balance. Do too much or pay too much and you will waste resources. Do too little or pay too little and your important data is always in danger.

Continuous Data Protection: Is It A Product Or Feature?

Backup used to be the backwater of the storage world. Even though it was the single most important way of protecting data for just about everyone, it was also the most boring. Little that was new was happening and most everyone was trying to tweak the same model. Every night, we copied data to tapes. The addition of a SAN helped make tape backup work better but did not change the model. Even disk-to-disk backup was a new twist on the old ways of doing things.

Continuous data protection (CDP) is a major change in the way back up is performed. Instead of the staged backup that happens once a day, information is backed up as it is created and changes. The backup medium is generally another disk or disk array, not tapes. A major problem with backups, loss of data since the last daily backup, is alleviated. CDP also does this (or should do this) in a seamless fashion. CDP transforms backup into a non-disruptive system function, rather then management function that causes system interruptions.

So the question that comes to mind is: Is this really a product or simply a feature of backup software? The question is important because it affects how companies invest in the technology. Should you invest in a product when what it does will be part of a suite? Would it work better as part of a suite of backup and data protection software?

The answer is that CDP is quickly becoming a feature. We know this because backup software companies are investing in CDP or acquiring companies that make CDP products. Clearly they think that CDP is feature. In fact, CDP is what backup will be in the future. The idea of remembering to backup critical files on some artificial schedule no longer fits the dynamic IT environment of today (or tomorrow).

So, as we peer into the crystal ball we see CDP being the usual way of backing up critical data, with tape the preferred archive medium. CDP will become a feature of a data protection or backup suite. Soon. Very soon…