Recently, a customer asked me for further clarification on a proposed storage assessment. Wisely, they'd asked third parties to give them perspective on the value of a storage assessment. The third party, an industry analyst, came back with four major areas to address:
Properly provision storage
Maximize ROI by devising a data lifecycle tiering strategy
Plan capacity for future purchases
Validate disaster recovery (DR) strategy and intracompany service-level agreements (SLAs)
The customer, again wisely, asked Datalink and the two other bidders to explain how our proposals would address the above. My response was very targeted, but had some insight that I think should be thrown to the aether. I’m also expanding it since the original response didn't address all of the points (they were out of scope for what we were trying to do).
So without further ado, here are my thoughts on this:
1) Properly provision storage
The consultancy identified this issue because most organization don't truly understand what storage they have and how it's allocated. In addition, most organizations allocate storage as a "knee-jerk" reaction to demand. By that, I mean that most allocations are either done by satisfying the customer's requests ("I need 2TB of disk for my SQL database.") or by including storage in the acquisition of servers. These allocations don't consider the true cost of data management or even true storage requirements. Provisioning is also typically looked at as a one-way function: storage allocation. However, there's a flip side to this: storage reclamation. As you well know, most users over request storage because it’s easier to go to the well once. Very rarely, if ever, will they tell you “I asked for too much. You can take 1TB back.”
So, the first step in establishing a provisioning strategy is understanding what storage you have, how it’s allocated, and how well it’s being utilized. Once you have that understanding, you can make more informed strategic decisions on how your business should operate the storage infrastructure. Next, you can start creating policies and procedures regarding storage allocation and de-allocation. Only then will you be able to design a technology architecture to support your business requirements.
A good start for an assessment, internal or external, should give you an understanding of your current policies, procedures, and infrastructure. Additionally, it should make some broad recommendations on the direction to take for your next step. However, determining a complete storage provisioning and management policy should be a project of it’s own right.
2) Maximize ROI by devising a data lifecycle tiering strategy
Similar to point #1, the first step in understanding your data lifecycle is mapping your current storage. A strategy must consider the results of #1 and do exactly that for your unstructured and semi-structure data (files system and email). An analysis of the data should give you the ammunition necessary to determine a tiering structure that makes sense for you. Give careful consideration to the results and match them to industry best practices. However, best practices should only be a guide as each business is different. The ultimate strategy will blend best practices and targeted site-specific practices.
3) Plan capacity for future purchases
This, again, ties to point #1. Capacity planning is part and parcel of a provisioning strategy. Because storage, systems, and growth vary drastically in most companies, a plan for projected requirements for the subsequent 18 months should be developed to assist you in planning for currently expected growth. However, as is the nature of any assessment-like engagement, recommendations are created only with data identified during the engagement. If your business changes unexpectedly or grows faster than the projections created during the engagement, the recommendations will probably not be accurate. That's why you would need to have a capacity planning process that accommodates changes. This process needs to be ongoing and self monitoring. Typically, devising a capacity planning process is outside the scope of an assessment. However, it's something that you should be able to devise, albeit with some minor help, after this type of engagement.
4) Validate DR strategy and intracompany SLAs
Storage provisioning, allocation, and capacity planning are part of a properly maintained DR strategy. However, many companies fall into the trap of believing that a data protection or data replication plan is the DR plan. They neglect to consider the people and non-IT processes required to implement DR. While it’s true that these data-based protection mechanisms can help in the case of minor or even major disasters, a DR plan should be based primarily on managing business processes in the case of an “event.” A good storage protection strategy would be used to accelerate the recovery process, but would not be the recovery process. Any assessment engagement that addresses this element, should be focused on either how to implement a data protection methodology, or how the current or proposed protection systems map to the larger DR plan. The only way to drive these results is to create or validate SLAs among all of the business units or stakeholders.
Speaking of which, that's the other most common failure among many of my customers. Data protection mechanisms are created based on perceived needs rather than any measured or clearly defined business requirements. As an example, it’s common to encounter sites that use backup technologies to capture incremental backups nightly and full backups once a week. These are typically implemented across the board without considering that some applications require more frequent, or even less frequent backups. Often, secondary protection mechanisms are implemented by application groups, DBAs, or even non-storage systems' administrators. These secondary schemes are in place because the system-wide protection mechanisms are perceived as either inadequate or unrealistic to their needs. These are clear indications that the overall DR strategy is flawed, and needs to be addressed.
Naturally, these observations are just the tip of the iceberg. Let me know if you want me or a member of our team to further discuss this with you.