Making sense of the data protection market

Choosing a “Data Protection” solution can be a bit of an adventure.

There are masses of vendors all offering their own twist on Backup and Recovery.

Do you need a “Next gen, scale-out backup appliance”, a “Recovery orchestration tool” or “Copy data management”? These are all genuine product categories but we find them to be incredibly confusing.

It’s especially hard because on the surface, they all seem to be promising the same thing.

But they are not all the same. They all have their own strengths and weaknesses and no single product will work for everyone.

*Sidenote, some  of these claims are exaggerations, some are spurious, and some are flat-out lies.

Rather than use the industry’s own marketing terms, we think there are more useful ways to categorise the market.

For instance, we often think about which products are best for SMEs vs Enterprises:

We also categorise on features like recovery speed, method (snapshots vs journaling) or pricing model.

But for us, the best way to categorise solutions is: “Backup-first”, “Replication-first” or “All-in-one appliances”.  That gives us the clearest indication about what a solution is actually best at.

In an ideal world, you would only need one product for Backup and Disaster Recovery. Combined solutions do keep things simple, but tend to make compromises, so in our experience, you may often need more than one product.

Backup-first, Replication-first & Converged Appliances

These are solutions that started life as Backup products. Products like: Backup Exec, Asigra, Arcserve and Commvault. In many cases they have since added replication and recovery features. 

There are Replication technologies like Zerto that have now added ‘backup’ through extended journals or versioning to roll-back to older copies of data.

‘Converged appliances’ combine software with hardware in a single ‘plug-in and play’ box. These products aim to do both Backup and Replication. In reality however, tend to be more of one than the other.

Backup-first software

Backup solutions are efficient at storing a lot of historic versions of your data. That’s vital for long-term retention, for Governance Risk and Compliance and for ransomware recovery. The downside of backups is that they take a long time to recover all your data at once.

Replication-first software

Replication on the other hand lets you fail-over from one site to another without any downtime.

The downside is that it copies problems from your production site to your DR site. For example, your DR site is useless if you replicate ransomware to it.

Replication-first software generally doesn’t offer the granularity of recovery or the long-term retention of data to meet those GRC requirements.

When these products were originally built, they didn’t intend to keep lots of versions for long term retention so they store the data less efficiently. As a result, you keep fewer copies and have a more limited recovery window.

They’re also harder to restore individual files. In most cases it is possible, but the process is longer and more convoluted. 

Converged appliances and combined Backup & DR

Converged appliances are designed to simplify the process. They combine software and hardware in one.

There are two key markets for converged appliances:

  • Small businesses who want a simple box to take care of their IT resilience
  • Large organisations who want to simplify complex backup environments and eliminate proxy servers and media agents into simple appliances that scale up as they grow

They deliver on the promise of simplicity but the downside is that they’re don’t do DR on their own.

You can ‘live-mount’ your backups on the appliance but that in itself won’t get you very far. To run those servers, you’ll need to add compute resources to the storage.

Several converged appliances will claim that you can recover entirely onto the appliance.

You might think that can’t be possible, that several racks of hardware could be recovered onto a 2U appliance with slow storage and a fraction of the compute capacity. And you would be correct.

There is a big discrepancy between the promises of how many servers can be recovered onto an appliance and what is practical in the real world. We once evaluated a solution that claimed you could recover 50 servers onto its appliance. After some light interrogation, their technical team admitted it would be less than half that figure. 

Which is best for you?

Our recommendation would be that before you assess vendors, define your Recovery Point and Time Objectives (RPO & RTO) and set your data retention policy.

Then, you can go out to market and find a solution (or solutions) that meets those needs.

Smaller organisations with few governance requirements might find a combined solution will suit their needs for speed of recovery, long term retention and cost. For more advanced requirements you will probably find you need separate backup and replication products.

With that being said, there is rapid development and real improvement in the combined solutions. There might not be a single product that can meet all your needs right now, but in 12 or 18 months there may be.