Disaster Recovery by Google
Thursday, March 4, 2010
Will you be ready when disaster strikes? It's an uncomfortable question for many IT administrators, because answering it with confidence usually requires boatloads of money, immense complexity, and crossed fingers. Fortunately there's a better way.
Taking email as an example, consider a few of the ways that companies protect their data from disruption. Ideally a typical small business backs up its email. They have a mail server, and copy the data to tape at regular daily or weekly intervals. If something goes wrong, they go to the tapes to restore the data that was saved before their last backup. But the information created after their most recent backup is lost forever.
In larger businesses, companies will add a storage area network (SAN), which is a consolidated place for all storage. SANs are expensive, and even then, you're out of luck if your data center goes down. So the largest enterprises will build an entirely new data center somewhere else, with another set of identical mail servers, another SAN and more people to staff them.
But if, heaven forbid, disaster strikes both your data centers, you're toast (check out this customer's experience with a fire). So big companies will often build the second data center far away, in a different 'threat zone', which creates even more management headaches. Next they need to ensure the primary SAN talks to the backup SAN, so they have to implement robust bandwidth to handle terabytes of data flying back and forth without crippling their network. There are other backup options as well, but the story's the same: as redundancy increases, cost and complexity multiplies.
Google Apps customers don't need to worry about any of this for the data they create and store within Google Apps. They get best-in-class disaster recovery for free, no matter their size. Indeed, it's one of the many reasons why the City of Los Angeles decided to go Google.
How do you know if your disaster recovery solution is as strong as you need it to be? It's usually measured in two ways: RPO (Recovery Point Objective) and RTO (Recovery Time Objective). RPO is how much data you're willing to lose when things go wrong, and RTO is how long you're willing to go without service after a disaster.
For a large enterprise running SANs, the RTO and RPO targets are an hour or less: the more you pay, the lower the numbers. That can mean a large company spending the big bucks is willing to lose all the email sent to them for up to an hour after the system goes down, and go without access to email for an hour as well. Enterprises without SANs may be literally trucking tapes back and forth between data centers, so as you can imagine their RPOs and RTOs can stretch into days. As for small businesses, often they just have to start over.
For Google Apps customers, our RPO design target is zero, and our RTO design target is instant failover. We do this through live or synchronous replication: every action you take in Gmail is simultaneously replicated in two data centers at once, so that if one data center fails, we nearly instantly transfer your data over to the other one that's also been reflecting your actions.
Our goal is not to lose any data when it's transferred from one data center to another, and to transfer your data so quickly that you don't even know a data center experiences an interruption. Of course, no backup solution from us or anyone else is absolutely perfect, but we've invested a lot of effort to help make it second to none.
And it's not just to preserve your Gmail accounts. You get the same level of data replication for all the other major applications in the Apps suite: Google Calendar, Google Docs, and Google Sites.
Some companies have adopted synchronous replication as well, but it is even more expensive than everything else we've mentioned. To backup 25GB of data with synchronous replication a business may easily pay from $150 to $500+ in storage and maintenance costs- and that's per employee. That doesn't even include the cost of the applications. The exact price depends on a number of factors such as the number of times the data is replicated and the choice of service provider.
At the low end a company might tier the number of times they replicate data, and at the high end they'll make several copies of the data for everyone. We also replicate all the data multiple times, and the 25GB per employee for Gmail is backed up for free. Plus you get even more disk space for storage-intensive applications like Google Docs, Google Sites and Google Video for business. Other companies may offer cloud computing solutions as well, but don't assume they backup your data in more than one data center.
Here are a few of the reasons why we're able to offer you this level of service. First, we operate many large data centers simultaneously for millions of users, which helps reduce cost while increasing resiliency and redundancy. Second, we're not wasting money and resources by having a data center stand-by unused until something goes wrong – we can balance loads between data centers as needed.
Finally, we have very high speed connections between data centers, so that we can transfer data very quickly from one set of servers to another. This let us replicate large amounts of data simultaneously.
One of the most compelling advantages of cloud computing is its power to democratize technology. Whether it's a 25GB email inbox, Video for business, synchronous replication, or one of countless other advanced services, Google Apps gives companies of all sizes access to technology that until recently was available to only the largest enterprises. And it's available at a dramatically lower cost than the on-premises alternatives, without the usual hassles of upgrading, patching and maintaining the software.
No one likes preparing for worst-case scenarios. When you use Google Apps, you have one less critical thing to worry about.
Posted by Rajen Sheth, Senior Product Manager, Google Apps
Taking email as an example, consider a few of the ways that companies protect their data from disruption. Ideally a typical small business backs up its email. They have a mail server, and copy the data to tape at regular daily or weekly intervals. If something goes wrong, they go to the tapes to restore the data that was saved before their last backup. But the information created after their most recent backup is lost forever.
In larger businesses, companies will add a storage area network (SAN), which is a consolidated place for all storage. SANs are expensive, and even then, you're out of luck if your data center goes down. So the largest enterprises will build an entirely new data center somewhere else, with another set of identical mail servers, another SAN and more people to staff them.
But if, heaven forbid, disaster strikes both your data centers, you're toast (check out this customer's experience with a fire). So big companies will often build the second data center far away, in a different 'threat zone', which creates even more management headaches. Next they need to ensure the primary SAN talks to the backup SAN, so they have to implement robust bandwidth to handle terabytes of data flying back and forth without crippling their network. There are other backup options as well, but the story's the same: as redundancy increases, cost and complexity multiplies.
Google Apps customers don't need to worry about any of this for the data they create and store within Google Apps. They get best-in-class disaster recovery for free, no matter their size. Indeed, it's one of the many reasons why the City of Los Angeles decided to go Google.
How do you know if your disaster recovery solution is as strong as you need it to be? It's usually measured in two ways: RPO (Recovery Point Objective) and RTO (Recovery Time Objective). RPO is how much data you're willing to lose when things go wrong, and RTO is how long you're willing to go without service after a disaster.
For a large enterprise running SANs, the RTO and RPO targets are an hour or less: the more you pay, the lower the numbers. That can mean a large company spending the big bucks is willing to lose all the email sent to them for up to an hour after the system goes down, and go without access to email for an hour as well. Enterprises without SANs may be literally trucking tapes back and forth between data centers, so as you can imagine their RPOs and RTOs can stretch into days. As for small businesses, often they just have to start over.
For Google Apps customers, our RPO design target is zero, and our RTO design target is instant failover. We do this through live or synchronous replication: every action you take in Gmail is simultaneously replicated in two data centers at once, so that if one data center fails, we nearly instantly transfer your data over to the other one that's also been reflecting your actions.
Our goal is not to lose any data when it's transferred from one data center to another, and to transfer your data so quickly that you don't even know a data center experiences an interruption. Of course, no backup solution from us or anyone else is absolutely perfect, but we've invested a lot of effort to help make it second to none.
And it's not just to preserve your Gmail accounts. You get the same level of data replication for all the other major applications in the Apps suite: Google Calendar, Google Docs, and Google Sites.
Some companies have adopted synchronous replication as well, but it is even more expensive than everything else we've mentioned. To backup 25GB of data with synchronous replication a business may easily pay from $150 to $500+ in storage and maintenance costs- and that's per employee. That doesn't even include the cost of the applications. The exact price depends on a number of factors such as the number of times the data is replicated and the choice of service provider.
At the low end a company might tier the number of times they replicate data, and at the high end they'll make several copies of the data for everyone. We also replicate all the data multiple times, and the 25GB per employee for Gmail is backed up for free. Plus you get even more disk space for storage-intensive applications like Google Docs, Google Sites and Google Video for business. Other companies may offer cloud computing solutions as well, but don't assume they backup your data in more than one data center.
Here are a few of the reasons why we're able to offer you this level of service. First, we operate many large data centers simultaneously for millions of users, which helps reduce cost while increasing resiliency and redundancy. Second, we're not wasting money and resources by having a data center stand-by unused until something goes wrong – we can balance loads between data centers as needed.
Finally, we have very high speed connections between data centers, so that we can transfer data very quickly from one set of servers to another. This let us replicate large amounts of data simultaneously.
One of the most compelling advantages of cloud computing is its power to democratize technology. Whether it's a 25GB email inbox, Video for business, synchronous replication, or one of countless other advanced services, Google Apps gives companies of all sizes access to technology that until recently was available to only the largest enterprises. And it's available at a dramatically lower cost than the on-premises alternatives, without the usual hassles of upgrading, patching and maintaining the software.
No one likes preparing for worst-case scenarios. When you use Google Apps, you have one less critical thing to worry about.
Posted by Rajen Sheth, Senior Product Manager, Google Apps