News
11/29/2012
11:36 AM
George Crump
George Crump
Commentary
50%
50%

Managing The Multi-Vendor Backup

Backup management applications go a step beyond monitoring, but they remain limited. It's time to develop a framework-driven approach.

In recent columns I have covered the challenges of consolidating to a single backup application for the enterprise. In short, no single application can do it all, and the capabilities of application-specific backups are still too compelling. I've also discussed consolidating to the backup appliance, but this leaves gaps in monitoring and managing the mixed environment. There is software available to provide this management overview. In this column I'll discuss what to expect -- and what not to expect -- from these products.

There is a big difference between managing and monitoring. Monitoring basically lets you know that something is wrong, but to fix whatever went wrong means launching the offending application's GUI. Also, tasks like adding new clients, scheduling and performing restorations can't be done from the monitoring product. An application that manages the environment does more than simply let you know that something is wrong -- it also lets you fix the problem directly from the management application. This includes the ability to add new clients, change backup schedules and execute restores. A management application can eliminate the need for the backup administrator to be an expert at the various backup applications' interfaces.

[ Before you can assess a vendor's storage deduplication ability, you need to understand the process. Read about it at Measuring The State Of Primary Storage Deduplication. ]

There are several good monitoring applications available that can give you a dashboard that shows how your various backup applications are running. If you are running multiple enterprise backup applications, these programs can alert you to problems and errors. Some even provide a help desk workflow capability. But as I discussed in Managing The VMware Data Protection Problem, many of these monitoring solutions have largely ignored the VMware-specific backup products. This is particularly problematic because selecting a backup product for the virtualized environment is a key point of backup application splintering. A few companies are now closing this gap by providing monitoring intelligence across both enterprise applications and virtualization-specific backup products.

Applications that monitor backup are mature and provide a sense of control over the mixed backup application problem. They are also relatively cost-effective and easy to install. However, since most lack the ability to do anything beyond monitoring, specific changes need to be made through the application. That means that the backup administrator must learn each individual application's interface and terminology.

Management applications attempt to go a step further by actually interfacing with the backup application, either through a series of APIs or, more commonly, by controlling it through the command line. The problem with management applications is that they support a limited number of applications, and they exert a relatively low level of control over the applications. They also tend to be expensive. Few management applications can control all of an enterprise's backup applications, which explains why monitoring programs are more popular: they are more complete and more cost-effective.

In the webinar The Four Things That Are Breaking Enterprise Backup, I discussed the need for an alternative to current backup monitoring and managing products. These framework products would turn backup applications into service engines, allowing different products to share capabilities. For example, if the developer of an application-specific backup product wants to add tape support, they could get it from this framework instead of developing it themselves.

We're starting to see the beginnings of such framework-driven products now, from larger IT suppliers with multiple backup hardware and software products. The first step is to use these products to better integrate and leverage their backup investments. Over time, they could open up and allow other vendors to leverage these frameworks.

From SDN to network overlays, emerging technologies promise to reshape the data center for the age of virtualization. Also in the new, all-digital The Virtual Network issue of Network Computing: Open Compute rethinks server design. (Free registration required.)

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Dark Reading Tech Digest, Dec. 19, 2014
Software-defined networking can be a net plus for security. The key: Work with the network team to implement gradually, test as you go, and take the opportunity to overhaul your security strategy.
Flash Poll
10 Recommendations for Outsourcing Security
10 Recommendations for Outsourcing Security
Enterprises today have a wide range of third-party options to help improve their defenses, including MSSPs, auditing and penetration testing, and DDoS protection. But are there situations in which a service provider might actually increase risk?
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-2208
Published: 2014-12-28
CRLF injection vulnerability in the LightProcess protocol implementation in hphp/util/light-process.cpp in Facebook HipHop Virtual Machine (HHVM) before 2.4.2 allows remote attackers to execute arbitrary commands by entering a \n (newline) character before the end of a string.

CVE-2014-2209
Published: 2014-12-28
Facebook HipHop Virtual Machine (HHVM) before 3.1.0 does not drop supplemental group memberships within hphp/util/capability.cpp and hphp/util/light-process.cpp, which allows remote attackers to bypass intended access restrictions by leveraging group permissions for a file or directory.

CVE-2014-5386
Published: 2014-12-28
The mcrypt_create_iv function in hphp/runtime/ext/mcrypt/ext_mcrypt.cpp in Facebook HipHop Virtual Machine (HHVM) before 3.3.0 does not seed the random number generator, which makes it easier for remote attackers to defeat cryptographic protection mechanisms by leveraging the use of a single initial...

CVE-2014-6228
Published: 2014-12-28
Integer overflow in the string_chunk_split function in hphp/runtime/base/zend-string.cpp in Facebook HipHop Virtual Machine (HHVM) before 3.3.0 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via crafted arguments to the chunk_split ...

CVE-2014-6229
Published: 2014-12-28
The HashContext class in hphp/runtime/ext/ext_hash.cpp in Facebook HipHop Virtual Machine (HHVM) before 3.3.0 incorrectly expects that a certain key string uses '\0' for termination, which allows remote attackers to obtain sensitive information by leveraging read access beyond the end of the string,...

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Join us Wednesday, Dec. 17 at 1 p.m. Eastern Time to hear what employers are really looking for in a chief information security officer -- it may not be what you think.