How to Perform Innovative Disaster Recovery for AIX and Power Systems - Page 2

Recovery time objectives and recovery point objectives

If tape is not sufficient, what is? Recovery goals fall into one of two classes: Recovery Time Objectives (RTO) and Recovery Point Objectives (RPO). As the name implies, RTO identifies an organization's goal for the maximum time it should take to recover data and applications after a disaster. In other words, how long can operations be down if something goes wrong?

The meaning of the term RPO isn't quite as obvious, but the concept is no more difficult. RPO identifies an organization's goal of the maximum amount of data that will be lost as a result of a disaster. It is called a RPO because it refers to a point in the ongoing stream of data (specifically, the oldest data recovery point that would be considered tolerable). In simple terms, the question is, how much data can the company afford to lose?

All other things being equal, the closer the organization's RTO and RPO are to zero (zero recovery time and no lost data), the more it will have to invest in a disaster recovery solution that meets those objectives.

Continuous data protection

The Continuous Data Protection (CDP) products that are now available on the AIX platform diminish or eliminate many of the deficiencies of tape-based backups. In addition to providing standard replication, CDP runs on a production AIX system, capturing any updates to files and databases. These updates are then transmitted electronically to a backup system.

When replication is real-time, RPO values very close to zero can be achieved. Combined with CDP, this provides the best of both worlds-think of CDP as Tivo for the AIX server. Recovery is not only possible to the present moment, but with "true CDP" it is possible to recover to any point in time within the recovery window. This amounts to an RPO range of near-zero to as much as hours or days past.

The alternative to true CDP is near CDP. Here, data is saved at predetermined points in time called checkpoints. How these intervals are defined depends on the CDP product. Some CDP software copies data when a file is saved or closed, as this is a known, clean recovery point. Other products may copy data when processor and/or network loads are low.

In most cases, the checkpoint frequency of a near-CDP product is measured in one-hour intervals or more. Organizations with high transaction volumes may find this to be inadequate because an individual data item can change several times within the backup interval. If corruption or deletion happens in the middle of that interval, it will then be impossible to recover the data item to its state immediately before the problem occurred.

In a world where organizations are saddled with increasingly stringent data protection regulations, an incomplete recovery facility such as this may be intolerable. Near-CDP products are further limited by the usual need for large amounts of disk space to maintain the checkpoint copies of the data.

Beyond supporting more stringent RPOs, CDP delivers a capability that tape-based backups can't provide. While disasters are exceptionally rare, the more common occurrence is the need to recover data because it was corrupted or because it was accidentally deleted. Unlike tape, CDP stores incremental data changes as they occur and, therefore, can be used to recover data to a variety of points during the day. Furthermore, with true CDP, data can be recovered to its state at any time (such as immediately before it was corrupted or deleted).