“If all you have is a hammer, everything looks like a nail!”

“If all you have is a hammer, everything looks like a nail!”

This proverb was first introduced to the English lexicon by Abraham Maslow, an American psychologist who is best known for creating Maslow's hierarchy of needs psychology theory.  The meaning of the saying is that with limited tools, single-minded people apply them inappropriately or indiscriminately.

Maslow’s maxim sprang to mind during a conversation with a customer at the recent HPE Discover event in London. HPE Discover is our premiere customer event with thousands of IT professionals in attendance.   It’s a valuable opportunity for executives, managers, architects and engineers to explore new technologies and gain hands-on learning and training.  But it’s an equally beneficial experience for data protection geeks such as myself because I get to speak with customers about the challenges they are facing and the strategies they are adopting to ensure availability and protection for their business critical applications and data.

The Maslow adage triggered in my head while speaking with the CIO of a large UK-based manufacturing company.  He was telling me that ever decreasing per-outage downtime tolerances for his mission-critical applications meant that he was considering “ditching backup” as it wasn’t delivering the Recovery Point Objective (RPO) and Recovery Time Objective (RPO) SLAs that his business needed.  Instead he would be solely relying on “faster” array-based snapshots and replication.

An interesting discussion ensued on the relative technical merits of snapshots, replication, disk based backup as well as long term data retention on tape and/or the cloud.  But when I changed the focus of the conversation from SLAs to a more business risk-based analysis of his data protection requirements – asking him for example how his applications would be protected against file loss or application corruption beyond the oldest snapshot and/or replica - he seemed less confident in a snapshot/replication only approach.  Sure his service levels would improve with replication, but would the lack of a proper backup retention policy unintentionally expose his business to malware or ransomware?

Protecting the business, not just the data

And this is why the “If all you have is a hammer, everything looks like a nail” dictum is relevant.  The bottom line is that when it comes to best practice data protection, no single data protection technology can provide the complete solution. The starting point for any data protection policy decision should always be a business risk assessment as opposed to a technology discussion.  Once you understand the cause and effect of application downtime and data loss, you can then properly assess the pros and cons of the data protection technologies that are available.

“50 ways to leave your lover”

This was the lament of American singer-songwriter Paul Simon in his number one hit from the mid-1970s.

Sadly there are probably more than 50 ways to leave/lose your data!  Application downtime and data loss can come from a variety of sources.  Network or power outages, component failure, human error, human malevolence, data corruption, software bugs, site failures or natural disasters are just a few examples.  In addition we are seeing a dramatic growth in ransomware attacks on users across the globe and the results have been very concerning.  The FBI reported that victims paid $209M to ransomware criminals in Q1 2016.  According to the Institute for Critical Infrastructure Technology (ICIT), 2017 is expected to be a year in which ransomware wreaks havoc on companies.  For any business, the question is no longer “Will I be a victim of ransomware?” but instead “Will I be prepared when ransomware attacks?”

Business Risk Analysis

Application downtime and data loss can and does have a severe impact, directly equating to lost employee productivity, lost customer/partner confidence and loyalty, lost revenue, lost business opportunities and increased risk exposure.

Any business risk analysis of data loss scenarios threatening your business will therefore typically end up with the same conclusion. Data availability and protection is a continuum that must cover a wide range of scenarios.  Snapshots, Replication and Backups have different but complementary roles to play when it comes to mitigating the business impact of data loss incidents.

How Snapshots and Replicas Complement Backup

Array-based snapshots offer fast, non-disruptive point-in-time copies of data and enable fast recovery to a recent copy in the event of file loss and corruption.  But snapshots alone cannot deliver comprehensive backup.   They have retention limitations and a dependence on the underlying storage system. Make no mistake, your snapshots are at risk if the storage system fails.

Array-based replication provides the redundancy that enables rapid recovery from hardware platform outage or site outage. However, replication will not provide comprehensive protection against file loss or file corruption as errors, deletions and corruptions affecting the primary copy can be replicated to a second site.

Retention policies are important to consider in the context of silent or undetected data loss or corruption.  Data doesn’t always raise a red flag when it is deleted or corrupted so resolving corruption or recovering files often requires older copies of data than the snapshots and replicas kept on primary storage.  The beauty of backup is that it enables the long term retention of multiple previous point in time copies of your data.  In this respect it allows you to “back up time”, providing you with the historical information that enables you to recover to a specific time in the past. 

To deliver the comprehensive data protection that mission-critical applications require, you still therefore need backups (in addition to snapshots and replication) as a second line of defence.   Backups are self-contained, fully independent copies of your data that protect applications running on primary storage against storage platform outage as well as file loss or application corruption beyond the oldest snapshot.   Disk backup enables fast recovery and enables many copies of data/previous points in time to be kept economically over time with deduplication.

Minimize risk

RMC 4.0 – Combining the best of snapshots, replication and backups

The good news is that our recently announced HPE Recovery Manager Central (RMC) 4.0 software gives you the best of snapshots, replication and backups …tightly integrated and delivered as standard with every HPE 3PAR Array!

RMC 4.0 federates HPE 3PAR All-Flash arrays and HPE StoreOnce Systems to provide a converged availability and protection service optimized for flash environments. It augments traditional backup approaches, combining the performance of snapshots and replication with the protection of backups. As a result RMC offers 23x faster backup with no backup impact on the application server, enables self-service automated application managed protection for VMware, Microsoft SQL, Oracle and SAP HANA environments, lowers cost and complexity by reducing the need for a backup application, and reduces risk by protecting applications running on 3PAR against storage platform outage, file loss or application corruption beyond the oldest snapshot.  And if that wasn’t enough, it also orchestrates bi-directional replication between 3PAR and HPE StoreVirtual arrays

RMC 4.0

Deploying the right tools, for the right task at the right time

Satisfying the varied recovery requirements of your business should not be a question of ‘either-or’ but more a case of ‘where’ and ‘how’ to best use snapshots, replication and backup.

And coming full circle, that’s how “Maslow’s Hammer” meets Data Protection.   Ensuring availability and protection for business critical applications and data demands more than a single tool in the toolbox.

Find Out More

RMC 4.0 announcement blog
RMC Video

Simon Watkins

Simon Watkins  Simon Watkins

WW Product Marketing Manager, Backup, Recovery & Archive (BURA) HPE Storage

Other posts by Simon Watkins

Contact author