Grow A Greener Data Center by IT Architect Douglas Alger From Cisco

“Green IT is ultimately about resource efficiency – maximizing what you have and optimizing how it is consumed.  Beyond the admirable environmental benefits from being green, such optimization lets you accomplish more and spend less.”

This is just a sampling of the insight you’ll find below as our Data Center Leaders Interview Series details necessary tactics and quantifiable benefits for taking your data center green.  Helping us is Douglas Alger, IT Architect for Physical Infrastructure from Cisco and author of the book Grow A Greener Data Center.

For anyone who still feels that Green IT is simply an altruistic business fad nearing an end, rather than a significant strategy for saving capital and optimizing power usage, this interview is for you:

Evolving Solutions:
What tips would you offer for businesses prior to launching a Green IT initiative?

Douglas Alger:
Specific to  the Data Center space, I recommend having tools in place to monitor your Data Center resources.

Being able to track power consumption down to the cabinet level, temperature conditions, and hardware utilization is invaluable for developing and implementing Data Center green initiatives.

Monitoring tools can help uncover inefficiencies such as short-cycling of an air handler or which servers in your Data Center are consuming a disproportionate amount of power.  They also can help you prioritize potential improvements, calculate the return on investment, and – after implementation – accurately track efficiency gains.  Without them are you left to guess at the impact of the improvements you are making.

Evolving Solutions:
How would you recommend selling the idea of green IT to upper management who see it as little more than a fad?

Douglas Alger:
I think it’s important to emphasize that green IT is ultimately about resource efficiency – maximizing what you have and optimizing how it is consumed.  Beyond the admirable environmental benefits from being green, such optimization lets you accomplish more and spend less, conditions that are always going to be of interest to a company.

For Data Centers, being green saves money by reducing energy consumption (the largest operational expense of a Data Center) and cutting down on the use of consumable items such as patch cords.  Being green also extends the lifespan of your facility (deferring future construction costs), provides more flexibility to accommodate future technologies, and positions your company well in the event that environmental regulations around energy-efficiency or carbon emissions are enacted in the future.

Evolving Solutions:
With business movements that emerge quickly, such as Green, it is not uncommon for mistakes to be made due to rapid deployment.   What implementation mistakes have you witnessed, in regards to Green IT initiatives?

Douglas Alger:
Companies sometimes launch green initiatives without developing an overall strategy.  That’s fine for the short term and individual green projects can definitely be successful, but as more uncoordinated green activities are initiated you can end up with redundant efforts and other inefficiencies, especially at large companies.

Any green initiative that you can think of – recycling programs, promoting alternate transportation, server virtualization, etc. – are bound to accomplish more if they’re implemented as part an organized program with defined goals.

Evolving Solutions:
Your book, “Grow A Greener Data Center,” walks companies through a bottom-up approach to building a green data center, beginning with physical construction.  For companies that do not have the option to physically build a new data center, what do you recommend as an ideal starting point?

Douglas Alger:
There are a lot of green improvements that can be made to existing server environments that are very low cost, paying for themselves many times over, and easy to implement.  One simple step, for example, is to install timers and motion sensors on your Data Center lighting, causing non-emergency lights to turn off whenever the room is unoccupied.  (This can be done for other building spaces that are unoccupied for extended periods of time as well, such as conference rooms and bathrooms.)

If your Data Center’s power and cabling infrastructure are routed under a raised floor, seal any excess gaps at the floor tile openings where patch cords and power cables enter the plenum space.   This will improve the performance of your cooling system, reducing your energy consumption.

Yet another green improvement that can be implemented unobtrusively is to make energy-efficiency a key purchasing criteria for hardware that goes in your Data Center.  Newer, more energy efficient devices can be introduced as part of your company’s normal refresh cycle for hardware.  This can lead to significant savings over time.  When you factor in a server’s cooling needs and the conversion losses that occur along a Data Center’s power delivery chain, your energy savings will ultimately be nearly three times the number of watts you conserve at the hardware level.

Evolving Solutions:
Toby Velte, Global Technology Strategies with Microsoft, describes how he helps to ensure Green IT initiatives are funded by always relating projects to the pressures of capitalism, rather than the pressures of altruism.  Do you find this to be true across the board, or have you seen some firms consider start to implement green IT purely from a sense of corporate responsibility?

Douglas Alger:
I have seen businesses undertake green activities because they want to do the right thing, but I agree that if you want to truly entrench green initiatives within your company you need to demonstrate their business value.  When budgets get tight, upper management is more likely to cut a “feel good” program than one known to contribute in a proven way to the company’s success.

Evolving Solutions:
Wild Card:  Anything else you would like to add?

Douglas Alger:
Some people don’t immediately associate Data Centers with opportunities to be green.  With the tremendous consumption that occurs in these facilities, though – often 20 to 40 times the energy usage of traditional office space – there are ample opportunities to be more efficient and thereby save energy, save money, and reduce your carbon footprint.

Storage Consolidation Expert Rajeev Bhardwaj

Behind labor, energy costs are emerging as the second highest operating cost in most data centers worldwide. Operating in an economy still in the early stages of recovery, companies must explore all options available for reducing data center energy costs.

Today’s entry in our Data Center Leaders Interview Series sets out to help companies make the critical IT decisions that will lower costs, including those associated with storage consolidation, without hindering performance.

For help, we turn to Rajeev Bhardwaj, Senior Director, Data Center Switching Technology Group, Cisco:

Evolving Solutions:
What do you recommend as a first step in the development of a cost efficient storage consolidation or networking plan?

Rajeev Bhardwaj:
End-to-end virtualization will consolidate the datacenter and will deliver operational efficiencies from the perspective of being cost-effective and applications being easier to manage, provision, and deploy. End-to-end virtualization in the datacenter includes server virtualization, server I/O virtualization, Storage Area Network (SAN) virtualization, and Storage virtualization.

End-to-end virtualization should begin with SAN virtualization as the SAN network interconnects all the storage and server elements in the datacenter and a consolidated SAN can serve as a platform for further virtualization of servers, server I/Os, and storage.

Customers typically deploy silo’ed infrastructure with multiple SAN islands based on departmental, application, and performance needs. The consolidated SAN must maintain the logical separation between the SAN Islands from both data path and control plane perspectives while consolidating them on a single, physical infrastructure: Virtual SAN (VSAN) allows to easily achieve that virtualization abstraction.

Consolidating multiple SAN islands in a virtualized SAN allows to significantly reducing the number of infrastructure assets required, being now shared and dynamically allocated based on actual needs.

This approach optimizes assets’ utilization and dramatically reduces deployment, management, as well as power, space and cooling costs. A consolidated SAN has the additional advantage that intelligence can now be deployed in the SAN to enable both server virtualization and storage virtualization.

Evolving Solutions:
What are the inherent dangers in trying to make your storage consolidation plan too cost efficient?

Rajeev Bhardwaj:
It is very important to consider the underlying architecture of each device required to deliver the consolidated SAN. If the SAN switch architecture is not robust and delivers unpredictable performance and latency, the consolidated SAN becomes a central bottleneck affecting all applications and all departments.

One should consider questions such as – how does the switch architecture handle congestion, does it exhibit consistent latency and performance, does it provide enough buffer-to-buffer credits per port to handle different applications and distances, does it provide high availability and in particular for links that carry a lot of bandwidth between switches?

Evolving Solutions:
Green IT is seen by many as a solution to upgrading existing data centers to be more cost efficient.  Do you feel green IT practices can significantly impact the cost of storage consolidation?

Rajeev Bhardwaj:
A piecemeal approach of deciding each IT component based on its power consumption can work fine for marginally reducing power as a first step, but can actually be counter-productive overall if a holistic view of the data center power is not considered.

Solutions that at the chassis level seem to provide slightly better power consumption, have proven to increase the overall power cost of the datacenter: poor network support of server virtualization constraints the consolidation of servers, consuming over 75% of the overall datacenter power budget; limited networking capabilities and unpredictable performance require to increase network size as soon as new applications are deployed in the datacenter, transforming the initial minimal saving in a major cost.

Green IT can reduce cost and power usage while increasing operational efficiency in the data center if achieving end-to-end virtualization is maintained as a goal. Deploying the right networking infrastructure can provide security, performance, Quality of Service (QOS), and ease of management required to enable reductions in the size of the server farm, the number of LAN and SAN switches, and the number of storage arrays.

Evolving Solutions:
In a recent interview, author and StorageIO found Greg Schulz helped dispel the myth that storage networking and consolidation are business expenses that only apply to large enterprises.  In your experience, are smaller businesses aware of the need for storage consolidation and networking plans?

Rajeev Bhardwaj:
In these tough economic times, smaller businesses are looking to reduce both capital and operational expenditure. Smaller businesses understand that times are tough but are also looking to position themselves for the turn-around in the economy and so are not willing to sacrifice on scalability.

IT is increasingly considered as a means to increase the company efficiency and competitiveness by providing real-time data to any sales person, partner, or executive anywhere at any time while maintaining security and keeping costs low.

Smaller businesses are very much interested in buying and maintaining fewer servers, fewer switches, and getting more mileage out of their existing storage arrays. Thus we see smaller companies collapsing their multiple fabric switches into a larger director to gain scalability and high availability while reducing management expenses.
Similarly, we have also seen keen interest in our Fibre Channel over Ethernet (FCoE) portfolio from smaller business looking to consolidate their LAN and SAN expertise and infrastructures.

Evolving Solutions:
Omar Sultan, your colleague from Cisco, envisioned matured virtualization, greater use of automation and the evolution of cloud computing as solutions that would lower data center costs five years from now.  What would you add to this list?

Rajeev Bhardwaj:
Most organizations have separate LAN and SAN departments managing separate networks today. Five years from now I see this distinction being blurred and administrators who are aware of both LAN and SAN environments running a common network based on common switching components.

I see this common, cost-efficient network providing the under-pinning for higher data center virtualization, automation, and ultimately evolution of highly scalable, secure, and highly available private and public cloud infrastructures.

Evolving Solutions:
Wild Card:  Anything else you would like to add?

Rajeev Bhardwaj:
Energy costs are emerging as the second highest operating cost (behind labor) in most of the data centers worldwide. While networks consume a very small percentage of the overall data center power, deployment of intelligent networks can drastically reduce end-to-end power consumption and management costs while reducing provisioning time for new applications and achieving greater operational efficiencies in the data center.

Our Discussion With John “Traenk” Traenkenschuh Continues

From natural disasters such as tornadoes, to (recently declared) pandemics like swine flu, our world practically demands companies protect data with business continuity and disaster recovery plans.  And yet, some do not.

In part 1 of our Data Center Leaders Interview with IT veteran John “Traenk” Traenkenschuh, we discuss how business continuity and disaster recovery plans have evolved and how they may look years from now.

In Part 2 below, John leverages real world insight, including that  gained from his experience as a ‘Wave One’ responder in the wake of  Hurricane Andrew, to discuss the  factors that should compel all companies to develop strong continuity and disaster recovery plans:

Evolving Solutions:
Dan Blacharski of IT World ran a poll asking readers to share the disaster recovery plans they have in place.  As of this writing, 31% of respondents answered ‘backup software with off-site storage.’  However, almost as high a percentage of respondents had no plan.  What do you find most surprising about these results?
(Editor’s Note:  Poll numbers have since updated to 40% ‘backup software with off-site storage, 28% with no plan.)

John “Traenk” Traenkenschuh:
I’m surprised that organizations are discussing, publically, those problems that they are screening privately.

How many organizations must admit that not only are their backup media stolen, the same media are unencrypted as well?  Too many organizations have no BRP plan and associate BRP with system back up only, whether a prioritized list of core applications exists or not.

These organizations are most vulnerable to a massive disaster that breaks operations for hours, if not days.  Too many organizations have no identified BRP coordinator.  Most have never had a practice outage.  Most have no NOC (Network Operations Center) documentation to guide a BRP event.  Just as bad, too many have documentation done without the help of the technical staff.  These plans are full of ‘smoke-and-mirror’ assumptions such as ‘IP just plain happens here’.

Whether swine flu, bankruptcy, regulations, or natural disasters like tornadas (what happens to a tornado that swings though my part of the country); there have never been a more compelling set of factors requiring true BRP expertise.
Sadly, never have our most prominent organizations been least prepared to cope with today’s events.

Don’t believe me?  Read the news.  Find out how much critically important data is kept on laptops.  Experience the horror as a backup media theft has a ripple effect that has hundreds of thousands of customers given public notice that an organization is negligent at best.  A good Business Resumption Plan anticipates these exposures and helps the organization take steps to lessen impacts.

Most concerning are those stories that reveal significant parts of the infrastructure are open to attack.  Surprised by the results of the poll?  Not at all.  Hopeful those will change?  Certainly.

Evolving Solutions:
What factors play most heavily in developing a disaster recovery or business continuity plan, for example, government regulations, client contracts, or something more?

John “Traenk” Traenkenschuh:
Yes.

There is no single one factor that motivates even the busiest organizations.  It is a series of factors, acting randomly, that is creating ‘Perfect Storm’ conditions for compliance.  While you list excellent and compelling factors, we miss some of the more compelling.

Swine flu is a perfect example of an exposure that crops up out of nowhere.  Much like a 1970’s ship disaster movie, the premise seems almost ludicrous.  There is a new flu that can kill (and has).  It incubates in pigs, but leaps onto humanity like plague-filled fleas from centuries ago.  World Healthcare organizations predict a pandemic, in a vain attempt to predict the spread (in a small-world global community full of same-day flights).

When too little happens, organizations take this as a sign of needless panic and assume it’s ok to assume the best.  And then it comes, as assuredly as the ship’s belly-flop, everyone is backpedaling to try to fix the blame–instead of working to fix the problem.

I was a ‘Wave One’ responder after the Hurricane Andrew disaster.  Discussing Disaster Recovery conditions with those who have never helped in a sizeable Disaster Recovery event is so very frustrating.  Much like those BRP plans done without detailed knowledge of the underlying technologies, conversing with inexperienced BRP people is a lesson in futility.

It is rife with unfounded assumptions, those as ridiculous as “IP happens here”.  What happens when your organization calls in BRP workers from far away and your area has most road signs blown away?  When the switched landlines are gone, what mobile and cellular options have you lined up?  The water is yellow and brown; what do you do for your onsite workers, knowing local bottled water was sold out two days before?  You’re counting on local expertise to bridge the documentation gap; they have their own tragedies and family illnesses to work through.  What do you do now?

It is the raw unpredictability of today’s business events that compels us to work through the Disaster Recovery specifics, earlier, versus waiting for later.  Those organizations that aggressively prepare for BRP, with noted and experienced BRP experts, will survive.  Those that do not will find their instance of a Heartland data loss (or flu quarantine or…) may find survival impossible.

Evolving Solutions:
What tips would you offer for a business as it develops disaster recovery or business continuity plan for the first time?

John “Traenk” Traenkenschuh:
Surprisingly the most basic, the simplest advice, is seldom heard.  I would like to review a few basic ideas I share freely.  BRP need not be an overly expensive exercise in paperwork and meaningless reports.

a.     Talk with your business insurance professional – I am always surprised to find a business, no matter how small, that has no business insurance plan.

The Insurance Industry can only profit as your business avoids losses and/or lessens impact.  The right representative will take a personal interest in your business and keeping it free from grave exposures unconsciously assumed.  An onsite inspection, useful when calculating premium, can help find those crowded exit hallways that are littered with combustibles.  The inspections may be done for free in some cases; and if so, this can help you begin BRP efforts with low costs.

At some point, your organization will need to decide which exposures (and resultant costs) you will assume yourselves.  The biggest BRP issue too many face is:

•    Vagueness regarding what risks you still face,
•    Uncertainty concerning which of these you have self-insured, and
•    Indecision and inertia over which loss and impact mitigating steps your organization has signed up for.

b.    Create a BRP team within your organization – Let me guess…  You’ve already identified your ‘Goto Guy’ and have pinned all your hopes (and equal wrath) on him or her.  If this is true for your organization, this is ill advised for both political and for BRP reasons.  BRP is seldom popular when times are good and funding is available.  It becomes ‘hysterical over-reaction’ when times are tight and layoffs are ongoing.  Who in your organization is encouraging and funding BRP in these difficult times?

(Ironically, the downturns and layoffs are the most important times to have BRP plans updated!)

Your team needs to have members from a few influential parts of the organization, to ensure minimal funding at all times.  The same small team also ensures that the loss of any one member keeps BRP event handling continuous.  Seeing BRP as an IT-only exercise is another ‘biggest’ mistake an organization might make.  Until BRP is funded and supported by the organization itself, it simply will never be completed.

c.    Engage the services of a ‘Hired Gun’ – The stakes are high, very high.  The required skills involve IT, security, disaster recovery, virtualization, system and application design, IP networking, etc.  You will need an objective third party to bounce ideas off of.  At some point, the same party will need to coordinate disaster simulation exercises.  There is no reason to create forms and process flows for readiness—there is no time for that.  Implement, and not just plan, your BRP initiative!

Be ready for a series of tough questions that challenge your assumptions regarding how your organization operates.  Process improvements, including a painstaking inspection of externally sourced important applications and infrastructure, will be part of the package you hope to buy.  If there is no appetite for change, there can be none.  Meanwhile, how many of your best, most knowledgeable workers just retired or were laid off?  Change is inevitable despite our rejection or acceptance of it.

Hint:  BRP professionals who cannot work remotely or create suitable remote access systems, who insist on expensive and frequent onsite visits, these same people may be incapable of helping your organization’s flexibility during an actual BRP incident.

d.    Test (and Retest) your BRP technologies – Get the right support from the leadership and simply shut down a critically important system and/or application.  How quickly is control and coordination responsibility (and decision making authority) transferred to the correct group?  Were the promised backups performed reliably and were they available?  Hopefully, you will find that all went as planned.  If not, you will have the means to identify and remedy the problems.

I know that I have over-simplified what needs to go into a BRP plan and readiness effort.  Those organizations that are truly interested in improving their BRP readiness will act on steps this simple.  Others will simply laugh it off as hysteria, until it is too late.

Evolving Solutions:
Wild Card: Anything else you’d like to add?

John “Traenk” Traenkenschuh:
We started this interview with a brief glimpse at the business and IT improvements that are possible with virtualization technology, our second chance to exercise good governance and stewardship over the applications and information placed under our care.  The latter part of the interview discusses Business Resumption Planning and the many ways this field of study has grown, despite lack of interest from those organizations risking public and regulatory ridicule for simple mistakes.

Virtualization can provide focus for BRP efforts, all the while ‘Perfect Storm’ factors call on today’s BRP professionals to be ready for new and more challenging disaster scenarios.  In all of this, the issue is not a technical issue.  Instead, it is an issue with organizational efficiency and ability to face the challenges.  All the advice in this interview is provided freely, with no claims given to its sufficiency or perfection.  These views do not reflect the views of my employers, the organization publishing this interview, or any of my professional organizations with which I am associated.

I promise to do my best to respond to any and all queries left in response to this interview.  BRP, Virtualization, and Green IT are more than slogans to me.  They are a key to surviving in a radically changed business and social environment that seems more the stuff of nightmares than the evening news.

Business Continuity & Disaster Recovery Expert John “Traenk” Traenkenschuh

In a recent interview with Lawrence Webber, we discussed the ‘hows’ and ‘whys’ of business continuity and disaster recovery planning.  This week, our Data Center Leaders Interview Series drives home the importance of this topic during our two part interview with John “Traenk” Traenkenschuh.

Budding author, book editor, and Information Technology worker at three Fortune 100 companies, John “Traenk” Traenkenschuh’s insight into business continuity and disaster recovery planning comes courtesy of years of real world experience.

For his time spent introducing students to Microsoft’s Visual Basic, Traenk has been awarded the Microsoft Most Valuable Professional (MVP) designation since 2004.   He has also authored  VCP VMware 310 Cert Flash Cards as a late stage exam preparation tool.

In part one of our interview below, Traenk demonstrates the value of business continuity and disaster recovery planning through a look at both the evolution and future of  these solutions:

Evolving Solutions:
You have extensive experience in the fields of disaster recovery and business continuity.  How would you describe the evolution of recovery and continuity solutions since you first entered IT?

John “Traenk” Traenkenschuh:
Circular, the path from older Business Resumption Planning (BRP) options to today’s BRP options seems to have gone in a circle.

In times past, well defined applications were housed on well maintained and highly available hosts.  This design simplified identifying both the critical applications and the business data (and important external datastores) being acted on.  Flash forward a decade or more, and the emergent client-server model has us splattering app bits and pieces all over an increasingly ‘splashed to the four winds’ technical infrastructure.

The UNIX server acts as a client to the z/Series, fetching a copy of Accounts Receivable from some obscure PDS and then acting on it.  The new generation of Accounts Receivable data results are now posted to a Windows 2000 server, where someone’s copy of excel, running on a PC, performs data transformations that a staff assistant posts as authoritative graphs of the organization’s Accounts Receivable status.  And this mix of platforms and informal accesses is driving business decision making!

Indeed, everyone applauds the data without realizing the BRP issues:

•    How can we secure that data (and transformations that occur) across so many network and SAN paths?
•    What constitutes ‘safe storage’ in this ad hoc design?  Are any of the data generations ever reckoned back to the z/Series?
•    Which devices are now promoted to our high-priority computer/application list, those systems that MUST be restored by hour four of our BRP planning?  (And are we really comfortable with important data being manipulated and stored on the Staff Assistant’s laptop, possibly misplaced by absent-minded baggage handlers???)

Now flash forward, again, to 2009.  The right application of virtualization technologies can alleviate many of the harms we thought unsolvable just a few years ago.  We begin centralizing the technical infrastructures into a handful of virtualization hosts.  The mandate to virtualize means the company begins alerting and responding to the ad hoc IT flows that flooded our 90’s networks.

Throw in Desktop virtualization, and even those sore-point endpoints, the thousands of laptops and desktops winking on and off the internal network (so-called ‘Intraverse’), these are now backed up reliably.  (No one is saying goodbye to fat clients with the new scheme either.)

This is the core premise of virtualization technologies, that we might begin returning to required centralized technical and governance structures, structures that allow the organization to meet regulatory requirements, to cut costs, and to begin adopting a more green footprint as hundreds of dedicated computers are folded into a handful.

Evolving Solutions:
What disaster recovery and business continuity solutions do you see emerging in the next 5 years?

John “Traenk” Traenkenschuh:
If the term ‘solutions’ equals IT technologies, I think we start poorly?  BRP has always been a practices and procedures discussion; one implemented through technology to be sure, but one that has never been about technology, per se.

I believe, strongly, that the regulatory pressures and economic costs of today’s IT infrastructures require increased virtualization.  This will begin normalizing the infrastructure, the applications, the data (and access methods—maybe, more on that below), etc.  This will impact BRP in several fundamental ways:
•    Technical infrastructure BRP plans must no longer mirror a fractured infrastructure/Intraverse, one that includes all known and planned flavors of linux, a few Macs in the warehouse, Billy-bob’s mobile phone app, and who-knows-what ancient systems lingering in any one building’s computer center.  We lessen the options and force updates.
•    ‘Stealth’ processing and data results will be identified, making system- and application-prioritization more reliable.  Much like the show, “Cash in the Attic”, virtualization forces us to check into all the dataflows and systems , if we are to achieve our goal.
•    Flows that are difficult to manage may go outside the organization.  Increasingly, internal IT shops are no longer required to host every website nor to code up each and every workgroup-level Word macro.  Some of the processing, lurking in baling wire informal technologies that often run on volunteer hardware, these may need to go elsewhere for support.

I see governance to governmental regulations (and business partner practices) increasing the pressure to change.  If IT organizations cannot get a handle on internal pressures to [mis]manage application design and basic information access, away from longtime informal practices; at some point some-to-all IT services may be moved to Cloud Computing organizations, who will reduce an complex IT equation to a true Software as a Service (SaaS) offering.

At this time, IT organizations are in flux regarding whether to build an internal virtualization infrastructure or whether to vFarm IT Out to a third party.  There are compelling reasons for and against building or sourcing your vFarm.

There may be a middle ground:  ‘enhanced resources’, those you and I call ‘Consultants’.  These will be tasked with mapping legacy organizational practice with externally dictated Best Practices, with the idea that there can be a smooth transition plan to a world-class IT infrastructure.  However, that is an expensive course; and as a former consultant, I know that there are some very insular organizations that will not transition until they must.

In my mind, the Enron, and now banking crises, have made regulatory oversight of most organizations inevitable.  Payment Card Industry (PCI) compliance requires security testing with world-class tools.  Although imperfect, this system anticipates all organizations submitting to third-party security audits.

Please remember that I had seven great years in the Insurance industry, at a premier company.  Insurance works, providing premium sufficiency, because industry members manage to common processes that examine the risk exposures faced by all.  In fact, if I can add one small point, I’m shocked that the world of IT security metrics STILL does not have data-driven risk experience models as sophisticated as those used in the insurance industry.

Ask most insurance pro’s the relative claim value of the loss of mechanic’s finger, and they can arrive at a figure, no matter how obscure the facts.  Ask an IT person the relative value of a hairball analysis application, running at a pet food company with 23% market share, and you will wait, despite so much business data near at hand.

The Center for Internet Security (www.cisecurity.org) has an intriguing system of metrics announced recently.  Mitre.org’s CVSS is some help.  But overall, much remains mysterious, although commodity virtualization infrastructures and service offerings may bring us to a more common understanding of the worth of systems and their data, should a disaster occur.

If readers would like a short list of trackable technologies, those aiding BRP, let me offer this one:

•    Security Information and Event Management (SIEM) – Thanks to responsible vendors publishing long lists of security best practices, (Microsoft and others) and to the work of responsible security think-tanks covering security for multi-vendor environments (Center for Internet Security and SANS (@ www.SANS.org)); many organizations have enabled all the logging we can.  In debug mode at that!  This has made incident response as difficult as finding the proverbial needle in a haystack [of event information].  How can you prioritize BRP responses for the important applications, when you cannot separate the security wheat from the chaff?

•    Virtualization Security (known by many names and techniques) – Now that vFarms are hosting our applications, either on-site or off-site, we need to track what goes on at the virtualization ‘back-plane’.  The reoccurring fear is that a hacker can use a virtualized machine’s (VM) security weaknesses to attack the hypervisor, and then use it as gateway to other VM’s.  Another fear is the ‘rogue’ vFarm administrator who does all manner of bad things, accidently or maliciously.  In this world, the vendors to watch are those virtualization vendors with a long history of security prowess and competent tools AND those security vendors who offer solutions for the virtualization layer and for those VM’s needing their host security tracked and alerted (CA and eTrust and others).  The lack of security API’s in many virtualization packages is a leveling factor; few tools can operate at the backplane layer.  But to be sure, configuration audit and management is still possible.  As security API’s are provided by the vendors, being aligned to a solid security vendor will provide valuable.

•    Risk evaluation tools – As mentioned before, there is a fundamental fuzziness to security evaluation that makes risk mitigation difficult, if not dangerously off-the-mark.  Once regulations and cyber-security governmental appointments begin leveling the playing field, we’ll see new, improved risk models and companion tools that make risk evaluation less subject to personal and professional biases.  Maybe.

•    Green IT Movement – Complementary to BRP is the Green IT Movement.  Whether the computers gain electrical efficiency or we find ourselves growing a more extensive IT intraverse on fewer systems, these factors impact BRP directly.  Uninterruptable Power Supplies may be cut back, either because of fewer/more efficient computers OR because we do not want to proliferate an IT environment full of lead-acid batteries belching hydrogen fumes, possibly spilling sulphuric acid during a disaster.   Computer room temperature control units may be scaled back because of fewer computers, improving BRP focus.  I recently read a toilet paper wrapper that proudly proclaimed that the energy used during production was generated through windmills!  Expect all organizations to be encouraged to offer similar claims to environmental sensitivity—and for reasonable adjustments to be made to our BRP plans.

Part 2 of our interview with discussing Business Continuity & Disaster Recovery with John “Traenk” Traenkenschuh, discussing the factors guiding continuity and disaster recovery planning, and tips for getting a plan started, will publish later this week.

Storage Consolidation & Networking Expert Greg Schulz

As businesses in any industry grow, they often find themselves with both more data to mange and more costs to contain. Storage consolidation, networking and Green IT can all make for effective solutions if implemented in line with overall business needs and objectives.

Our Data Center Leaders Interview Series offers detailed advice on how companies can best keep synch needs and objectives with data center solutions, courtesy of Greg Schulz.  Schulz is founder of the independent IT analyst consultancy firm StorageIO Group and author of the books The Green and Virtual Data Center(1) and Resilient Storage Networks(2).

Below, we discuss with Greg how to begin development of a storage consolidation or networking plan, detail the benefits of Green IT and debunk the myth that business continuity and disaster recovery are only for the rich and famous:

Evolving Solutions:
In your book, Resilient Storage Networks, you speak of the growing need to store any piece of data and access it at any time.  At what point do businesses put themselves in danger of not being able to achieve this goal without a storage networking solution?

Greg Schulz:
The reality is that a networked storage, or, storage networking solution if you prefer, enables scaled connectivity either from a performance, accessibility, available or all of the above perspective beyond the limits of a dedicated direct attached connection.

Note that a direct attached connection could be a Serial Attached SCSI (SAS), Fibre Channel or iSCSI without a switch topology. Thus as more servers need to access shared storage than what can be provided by the native ports on a storage system, or, more storage is needed than what can be attached to the native ports on a server, a storage network becomes beneficial.

On the flip side to this, a storage network or networked storage solution can also exist in the form of a switch-less configuration, granted some of the storage networking police who prefer switches might not agree with the definition. For example, a large storage system with 8, 16, 32, 64, 128 or more Fibre Channel ports could be considered and are often marketed as a storage network solution.

The point is this, a benefit of a networked, or, storage network storage solution is the ability to scale performance, availability, capacity and connectivity beyond the limits of a smaller dedicated internal based storage solution.

Thus the emphasis should be on getting organizations to deploy shared storage that can grow with the business including attaching to larger switch based storage networks when and where needed.

Resilient Storage Networks by Greg Schulz

Evolving Solutions:
What do you recommend as a first step in the development of a storage consolidation or networking plan?

Greg Schulz:
Take a step back from the various technologies and tools. Have a clear understanding of business objectives and requirements to know how to make a linkage to the benefit of the solution and how the business is sustained or enhanced.

This helps to build a business case and then measure the ROI impact for future project enhancements particularly during tough economic times. Where this comes into play is being able to map to the business the technology that is needed to enable sustainability thus requires funding compared to those technologies or initiatives that would be nice to have or seen as discretionary and thus miss out on funding.

Also, keep a balanced approach to avoid tunnel vision on space capacity utilization. While there is a lot of rhetoric about the need to drive up storage or space utilization, don’t do it at the expense of degraded performance or introducing application instability or degraded quality of serve. Some systems have a low utilization to meet quality of service or other performance or service level requirements in which case the solution can be to move those applications onto faster performance storage in order to achieve affiance.

Keep in perspective what it is that you are looking to move or the problem being fixed. Thus, management insight tools are needed that can shed light not just on storage space capacity utilization, that also show performance and activity usage information. Find a balance between performance, availability, capacity and energy (PACE) o meet a given service level requirement and cost points.

These and others themes are discussed in more detail in my new book “The Green and Virtual Data Center” (CRC) available at Amazon and other venues.

Evolving Solutions:
How do green IT strategies synch with storage networking?

Greg Schulz:
Green IT strategies which are really about addressing and enabling business sustainability and growth by optimizing IT and data infrastructures have a strong synergy with efficiency enabling technologies including networked storage or storage networking as well as virtualization among others.

Most organizations do not buy and deploy networked storage, regardless of if SAN, NAS, Fibre Channel, FCoE or iSCSI just for the sake of buying it, that is unless they have a really good sales rep.  Instead, most organizations deploy storage networks as a means of improving efficiency and optimizing how IT resources are managed and used. Likewise, most organizations don’t or can’t afford to go green just for the sake of meeting PR or other initiatives and many organizations see green as being all about carbon footprints.

The reality is that most organizations have a need to address their power, cooling, floor-space or footprint as well as other environmental issues to support and sustain business growth, these are the other aspect of being green.

Ironically it is these issues that most organizations have been tasked with addressing and in many cases not making the connection that these are in fact green it issues that by addressing them, they in fact are being green. This paradigm is known as the green gap, thus tools, technologies and techniques including storage networks can help to improve on affiance and optimization enabling enhanced IT infrastructure resource management (IRM).

The Green and Virtual Data Center by Greg Schulz

Evolving Solutions:
In your experience, are small businesses or major enterprises more aware of the need for storage networking solution?

Greg Schulz:
There is a common myth that business continuity/disaster recovery (BC/DR) are issues and concerns only for the rich and famous meaning only for large enterprises or high profile financial organizations. The reality is that BC/DR along with general HA and data protection is affordable and the issues are applicable to organizations of all size.

Given the different size, scope and scale of these various sized organizations, there may or may not be the awareness of the benefits of specific technology including networked storage, thus there is an opportunity to show how data protection including BC/DR can be enabled and enhanced leveraging storage networks and other related technologies.

Likewise, there is an opportunity to leverage networked and shared storage for organizations of all sizes. At the high-end that can mean Fibre Channel and moving forward Fibre Channel over Ethernet (FCoE) or iSCSI in mid-sized environments along with NAS, while smaller environments can leverage low cost Fibre Channel, iSCSI, NAS or even shared, multi-host SAS based storage systems for small Exchange, SQL and VMware based clusters.

Thus tiered access for storage networks enables the most applicable technology to be mapped to the business needs of different environments. For example, a small environment can attach and share a dual controller RAID array such as the equipped with SAS/SATA disk drives attached via shared SAS, or larger environments share the same array across more servers with native iSCSI attachment, or even larger environments use the same array configured with Fibre Channel for either high performance scenarios.

Those are great example of tiered access to a tiered storage device enabling a networked or storage networked device for organizations of different sizes.

Evolving Solutions:
Leaving the company anonymous, what is the largest data disaster you’ve witnessed that could have been avoided with resilient storage networking?

Greg Schulz:
Not all disasters make the headline news, in fact, every day there are countless mini-disasters that due to configuration, best practices and how technology is used combine to contain these from expanding and rolling into major disasters.

In one situation it was a scenario where resilient components were interconnected thereby negating the benefits of no single point of failure (SPOF) resulting in downtime. In another scenario, lack of change control and configuration management, in another, it was a focus on capturing data in as small time slice interval as possible, only to not have captured all of the data that was still in memory thus resulting in an inconsistent recovery.

Another scenario was an outage where the IT systems were available; however no one could access the data as the network links were down including those from a secondary carrier who just happened to use the same common back-bone carrier.

Let’s not forget about scenarios where RAID and replication without point in time based snapshots or backups were confused with being a replacement for backup.

In those scenarios, data was in one case replicated to another site however when deleted at the primary, it was deleted at the secondary. In a related scenario, RAID was assumed to be the backup, that is until the entire RAID storage system became un-available including the snapshots that were stored on the device.

Don’t confuse or assume RAID and replication alone are replacements for backup and data protection as they need to be combined with some type of time recovery point based technique for complete or comprehensive data protection.

The common theme in all of these is that it’s not how much hardware or software, how many 9’s availability, it’s the people, processes and procedures including how they are configured to avoid, isolate or eliminate faults from spreading into disasters.

Thus, look for single points of failure, avoid being a penny wise and pound foolish. For example in the quest to save a few hundred or perhaps thousand dollars by skipping a second HBA or adapter on a server that is going to be used for virtualization and consolidation only to expose it as a single point of failure where multiple servers no exist (e.g. multiple eggs in one basket).

The bottom line is this, if something can happen it will, all technology will or can fail regardless of vendor marketing spin, however what differentiates various vendors is how they have learned from these faults or issues to configure around them leveraging best practices and their experience.

(1)The Green and Virtual Data Center is published by Auerbach-CRC.
(2) Resilient Storage Networks is published by Elsevier.

Learn more at www.thegreenandvirtualdatacenter.com or on twitter @storageio.