july 20

Service Level Agreements: The Secret To Backup Success
Without a service level agreement (SLA) for your backup system, you'll think you have an eight-hour RTO (recovery time objective) and a 24-hour RPO (recovery point objective).
by W. Curtis Preston, GlassHouse vice president of data protection

http://www.datastorageconnection.com/content/hubs/dir.asp?hub=news

Most arguments are started due to mismatched expectations. You thought you were going to Steak & Shake for dinner, and your spouse thought you were going to Steak & Ale. Next thing you know, you’re in the Steak & Shake and shake parking lot having an argument about how you were supposed to be at Steak & Ale. It’s not that your spouse doesn’t like Steak & Shake – they were just looking forward to the stuffed mushrooms at Steak & Ale. You, on the other hand, were looking forward to getting one of those “two shakes in one glass” that they have at Steak & Shake. Either of you would have been much happier if you  had agreed to where you were going before you left the house.

Without a service level agreement (SLA) for your backup system, you’ll think you have an eight-hour RTO (recovery time objective) and a 24-hour RPO (recovery point objective). Your customer, on the other hand, will hear something that makes them think you can meet a two-hour RTO and a one-hour RPO.  Everything will be fine until your reality is juxtaposed to their illusion – usually during an important recovery. You’ll wish you were arguing over Steak & Shake.

It all starts with utility computing

To understand the value of service level agreements for a backup and recovery environment, let’s compare such an environment to a typical electrical company.  An electrical company has a standard voltage and frequency (120 Volts @ 60 Hz in the US), and exceptions to that are simply multiples of the standard (e.g. 240 Volts). They meter every Kilowatt Hour of electricity you use, and you pay only for the electricity you use. You do not typically pay for infrastructure. That is, if the electricity required by your home or business requires them to upgrade a nearby substation, or run additional cables to you, you do not typically pay for that cost other than in your per-Kilowatt Hour bill. As a result of paying for things this way, you don’t get the impression that you own the substation or the cables that run to your house. The electric company has a service level agreement with you for a standard voltage at a particular amperage at a given cost. When you flip on a light switch, you don’t wonder if it’s going to come on, and you don’t wonder if it will be too many volts or an amperage that’s unsafe for your device.  This is all result the result of an agreement upfront combined with consistent service; that builds trust. In addition, they get to apply economies of scale when building out their infrastructure, and charge every single person every single time they flip on a light switch. That’s how you get profitable.

Now let’s look at the typical data protection environment. They have an infinite number of non-standard backup configurations, and an infinite number of speeds that your backup will run, and how long your backup or restore will take.  Exceptions are so common they almost shouldn’t be called exceptions. Internal customers do not pay for how much their systems cost to back up, and if they need more, they’re told to buy more. If your server is bigger than what we can handle with our current infrastructure, we’re going to ask you to help pay for the new big tape library that we need just for you. Unfortunately, that leaves you with the feeling that you own that tape library, and we’re not taking advantage of economies of scale. The typical data protection also has very few agreements between customers regarding how long their backups and restores will taken, and how often they will be successful, etc. All it takes is a “really long” restore, or a restore with a problem to remove any trust that the business units have. The restore might have fit within an reasonable RTO, but since we haven’t agreed upon one, our customers can accuse us of all sorts of things. As a result of all of this, we have a lack of trust and a very costly operation.

SLAs are the key

Service level agreements are the only way to gain trust and reduce cost. The first goal is build your reputation by agreeing to a standard then proving that you’ve met it. The second goal is to reduce cost by implementing either charge back or published costs.

The creation of SLAs is a dialogue not a monologue. You have to have conversations with the business owners and let them state their requirements. If you can meet the requirements with your current system, do so. If you can’t, explain to them the costs involved in doing so, and see if you can get a temporary reduction in these requirements. If the requirements can’t be changed, you’ve got a perfect justification for improvements to your backup system. The important thing is not what you agree to, but that you have the conversation and agree on something – and that you can meet the requirements that you’ve agree to. Make sure to discuss all of the following requirements:

Recovery Time Objective
The RTO is the amount of time you’re allowed to take to recover an individual server.

Recovery Point Objective
The RTO is how much data you’re allowed to lose. For example, you need to recover the server to within one hour of the failure.

Backup Window
When are you allowed to back up each server.

Application Impact
How much are you allowed to impact servers during backups.

Retention Periods
How long should you keep your full backups, incremental backups, etc?

Privacy Issues
How should you be treating backups that have personal information on them?

Once you’ve agreed to an SLA, you have to prove that you are meeting it. The best way to do this is through consistent, brutally honest reporting. The best way to do that is through the use of commercial data protection management software. Please do not try to do this on your own; there is an entire industry built around helping you to report your backups to the people whose data you’re backing up.

A lot of people are afraid of reporting failures automatically to internal customers.  The only reason this would make sense if they already think your backups are perfect; chances are they don’t think that. Chances are they’ve heard enough rumors that the perception of how your backups are is significantly worse than reality. Reporting will get rid of rumors, and will build trust.

Once you’ve got this process rolling, don’t forget to periodically review and tweak your SLAs. Increase your backup success percentage goal, or decrease tighter backup windows, RTOs, or RPOs. This is another great way to improve trust.

Once you’ve implemented SLAs and reporting, the next step is to start talking about cost. The ultimate goal would be to implement a per-GB charge back to each business unit to allow you to actually become a profit center. Many companies aren’t ready for that yet, and that’s OK. A smaller step would be to report back to the business units and the CFO what each business is costing the company to back up. You’d be amazed at how human nature and peer pressure will help you out in this respect.

Start talking about SLAs for your backup system. You’d be amazed what agreeing to a standard can do for your reputation within the company.

About The Author

W. Curtis Preston, GlassHouse Vice President of Data Protection, joined GlassHouse as part of the acquisition of The Storage Group which he founded. Curtis authored Using SANs and NAS, Unix Backup and Recovery, The Storage Security Handbook, as well as many articles on data protection and security. He has been designing and implementing data protection systems for over 12 years, and now consults on data protection with end users from Fortune 100 and Fortune 500 companies, as well as vendors around the world. Curtis is also a sought-after speaker for technical and CXO-level audiences, and is always rated very high by his audiences. He can speak the languages of business and technology to any level audience, using humor to keep the presentation enjoyable.