Storage compliance

Enterprises sometimes overlook the importance of standards compliance when designing a storage infrastructure. In their haste to develop solutions, features such as performance, functionality or interoperability may be overlooked, and CIOs who assume that standards are faithfully adhered to may find themselves faced with costly problems.

  • E-Mail
By  Sarah Gain Published  March 2, 2005

Storage compliance|~|John-Bentley-HDS-in.gif|~||~|All too often, packaged storage area network (SAN) solutions collapse when a customer attempts to add another standards-compliant product to the configuration. This predicament would not arise if proper attention were paid to compliance in the first instance.

When the broader outlines of a storage system are defined, consideration needs to be given to the suitability and compatibility of the various components. They have to be a good fit not only for an organisation’s business needs, but also for the existing inhouse applications with which the infrastructure will have to interface. Therefore, the system’s standards compliance is of primary importance.

Since the Institute of Electrical and Electronic Engineers (IEEE) Computer Society announced approval of the first storage system standards back in 2000, the previously isolated examples of open standards have begun to combine into commonly supported systems and protocols.

Following the Storage Network Industry Association’s (SNIA) ratification of the Network Data Management Protocol (NDMP), it has been adopted as a standard for enterprise backup. The SNIA Backup Working Group (BWG) has further managed and developed the protocol as an open industry standard.

The protocol, originally pioneered by Intelliguard and Network Appliance, is an open standard promoted by server, back-up software and back-up device vendors. It defines a common architecture for the way a network’s heterogeneous file servers are backed up, allowing the creation of a common agent to be used by central back-up applications to support different file servers running different platforms and platform versions. Because back up occurs locally and directly to tape drives from file servers, management can take place from a central location. This minimises network congestion by separating the data and control paths.

Following on from this, the Common Information Model (CIM), and the Simple Object Access Protocol (SOAP) began to emerge as standards within the marketplace. CIM enables administrators and software management programs to control applications and devices on entirely different platforms in the same way, thus ensuring interoperability across a whole network.

Similarly, by using SOAP, messages are independent of any operating system or protocol, and information in web service requests and response messages can be encoded before they are sent them over a network.

These, along with other open system standards, like those describing architecture, data model, core media management protocol and drive and library management protocols, are of great benefit to users and implementers alike. They enable the creation of secure, interoperable, distributed system products and allow for full scalability and platform neutrality, freeing devices from the restrictions of licensing.

The publication of such standards specifying system and component behaviour offers granularity of conflict and permits the interoperability of products from a variety of vendors.

In the past, storage standards compliance has not been a major concern for the Middle Eastern market because the concept of storing data was new for businesses. In more mature markets, however, such as Europe and the US, compliance and issues of interoperability have long been some of the key considerations for CIOs selecting storage systems.

Increasingly, companies in the Middle East are coming to realise the importance of a fully integrated, fully compliant storage infrastructure. Companies are beginning to see that the software used for storage systems is fundamental to improving performance and supporting multiple hardware systems. They are also realising that it can provide considerable cost benefits as well as a comprehensive information infrastructure.

For these reasons, there has been a move toward consolidated business solutions that enable enterprises which rely on applications such as customer relationship management (CRM), enterprise resource planning (ERP) and supply chain management (SCM) to collect data from the various applications and store it securely.

“It is becoming fundamentally important that CIOs ask vendors about the standards to which the various components of a storage solution comply. It is essential that all the elements conform to current open system standards at every component level, including software solutions,” says John Bentley, sales manager at Hitachi Data Systems in the Middle East.

Last year, the SNIA End User Council (EUC) delivered to the industry a comprehensive ‘End User Top Ten Pain Points’ survey, which prioritised the most important issues facing storage and networking end users today. Collaboration with end users in all stages of the survey allowed an insight into the priorities of storage users.

The results highlighted storage management issues of cost, increasing demand for storage resources, poor management tools, limited options and increasing complexity as the main areas of concern, with end users ranking cost price, total cost of ownership, managing growth, meeting capacity needs, and the ability to manage storage assets as their key considerations when architecting a storage infrastructure.

In the short term, companies are primarily concerned with the cost and the capacity of their storage infrastructure because, as Abbas Taher, eCompany’s product manager, explains, “On a short term level, these are the most important issues for the CIO because the cost of storing data on disk is still high, and because the volume of data that customers generate is growing so fast,” he adds.

With many enterprises relying on third party integration teams to project manage infrastructure implementations, the responsibility of ensuring standards compliance tends to fall to them.

“The integrators know the requirements of all the organisation’s applications, operating systems, database, and network,” explains Amir Afzal, executive manager, information technology at Commercial Bank of Dubai (CBD). “They look into business requirements, performance requirements, data quantities, recovery time and up-time and plan the whole thing from there.”

Although the responsibility may lie with the third party, if enterprises want to protect and manage business needs into the future, CIOs must become more involved in the architecting process and learn more about the significance of standards compliance in a storage infrastructure.

Businesses are able to make decisions and implement quickly, gaining competitive advantage in the marketplace because they have the flexibility not only for growth, but also to change software as needed, allowing them to maximise investment.

However, the issue is not always straightforward for enterprises. “While larger, more experienced customers tend to be aware of the need for standards compliance, they are in a catch 22 situation,” Bentley explains, “Because they started up a long time ago they have legacy systems. That is a huge investment to simply throw away so while they might not be overlooking compliance, their choices may be restricted.”

In the small-to medium-sized business (SMB) marketplace, however, these restrictions may not be an issue, but organisations are often simply unaware of the issues and their relevance to business practices. “Some vendors will sell a solution without even talking about open standards solutions,” says Bentley.

In the long-term, the consequences of standards non-compliance in a storage network can be even more detrimental to business. The rapid advances in technology can leave businesses stranded if they do not invest in up-to-the-minute storage facilities.

Taher sees this as a genuine area for concern and describes how neglecting data standards early on can result in problems when data storage devices go out of date, potentially leaving customers unable to access their information. “While tape is currently the most reliable way of storing data long term, there is a good chance that somewhere down the road, within the next few years, there will not even be tapes and disks,” he says.

There could be one new media that takes their place.” This could mean that companies are forced to overhaul their storage systems completely, he adds: “That is why the media that an organisation chooses now is so important in the long term — they may very well encounter retrieval problems in the future.”

This is the reason for the current interest in retrieval schemes that are being offered by some of the leading storage providers who offer to transfer data from outdated systems onto the technologies of the future.||**|||~|Ashraf-Helmy-HP-in.gif|~||~|The issue of the storage media is even more significant for the banking and finance sectors as a result of the demands handed down by new compliance and regulatory requirements such as Basel II.

Although such policies have not had a huge impact in the Middle East yet, the emerging opportunities for foreign banks to come into the region, combined with the growing need for banks in the UAE to interact with other institutions on the international platform, means there is an ever-increasing need for local institutions to comply with the authorities’ regulations.

The impact of this is that many establishments now have to increase their storage requirements even more. “With e-mails now having to be kept for seven years rather than just three months, organisations need to be able to store increasingly vast quantities of data for longer periods,” notes Bentley.

Clearly this can be very expensive and new, lower-availability technologies that comply with the necessary standards will facilitate compliance with, and maintenance of, the ultimate sector standards.

“Some of the data might be old and if it is combined with some newer storage which is not written to the same standards, the company will not be able to access it — just because they haven’t got the integration,” Bentley continues.

One of the underlying goals of standards compliance is to keep operational costs down, as it is able to do away with this kind of complete duplication of resources. From a standards perspective, the longevity of the storage media is not the only long-term issue that should be considered, however.

The risk of vendor lock-in is a primary concern for businesses because, as Mohamed El-Shanawany, Middle East and Pakistan storage sales manager for IBM Middle East, explains: “Vendor lock-in means less competition and higher costs. It also presents the risk that, if a vendor’s strategy or roadmap does not support the business needs of the organisation, the organisation may be limited in their future business growth. It will be difficult and painful to then move to a solution from another vendor.”

Vendors cannot afford to ignore the demand for open standards compliance if they wish to be competitive in the marketplace. When implementing its new systems, Central Bank of Oman took into consideration as much detail as possible: “During the scoping and planning phase of our implementation we assessed the needs of all the user departments of the Central Bank and of the commercial banks."

"We started with a template and a guideline of what was required by the business in terms of integration with our current applications and with the satellite systems,” says Jamal Al Raisi, payment department manager at the bank. “Then we launched a request for proposal (RFP) to hire a consultant,” he adds.

It is becoming increasingly common practice that when considering the purchase of a new product, enterprises will send out an RFP consisting of a list of standards with which a potential product must comply. Clearly, any customer wishing to maintain vendor independence and flexibility cannot afford to neglect standards compliance in their product selection process.

These stipulations are reinforcing the decision of the major vendors to move away from proprietary solutions as they are required to give their customers the right to choose the applications, operating systems, SAN switches, virtualisation solutions, disks and so forth that best suit their business needs.

However, standards compliance does not ensure interoperability, as standards often lack sufficient definition to guarantee complete compatibility. A lack of clarity when describing certain standards may also lead to vendors misinterpreting guidelines and providers only need to make minor alterations to the microcode before it becomes impossible for customers to install new products into their configuration.

As a result, standards development requires extensive, regular testing to verify the integrity of the standards and to highlight differences in vendors’ interpretations.

Similarly, the growing reliance of businesses in the Middle East on an increasingly vast and varied assortment of software solutions to handle all aspects of ERP means that the generation of e-documents and data is resulting in a proliferation of information that must be stored.

Companies in the region are starting to realise the vital importance of this information and data, coming to see them as the life-blood of their enterprises, and want to protect them accordingly.

The events of 9/11 and the corporate account scandals of organisations such as Enron and Xerox, all illuminated a clear need for greater security, back-up and disaster recovery capacities in data storage systems and this is having an ongoing effect on companies’ decision-making processes and operations.

“As a bank we are interested in solutions, not just products, and working solutions are made up of so many components that of course standards compliance was an issue when we were architecting the new infrastructure,” says CBD’s Afzal, “Previously the storage systems were not safe and since we had implemented a lot of systems over the last two years, we were looking for a reliable, high-performance kind of storage and in fact all the infrastructure standards, even security and liability and performance standards were looked into.”

Ashraf Helmy, product marketing manager for HP agrees, “storage is not like a server, which might be replaced or discontinued,” he says. “It is carrying data, and data is the CIO’s primary business — if he loses data then he loses the business. That is any CIO’s most important asset, above the server, the hardware. It is data.”

There are four layers of a storage system that should be kept in mind throughout the architecting process, Helmy says. Companies must consider the array, as well as the infrastructure and its compliance to the worldwide standards protocols.

The server itself, including server operating systems, server HBA and drivers form the third layer that needs to be taken into account and, lastly, there is the management of the proto-storage solution must also be taken into consideration by any company planning a storage installation.

However, these are not ultimately the most critical factors:
“The most important parts are not the little bits and pieces—not the array, the infrastructure, the server, or the operating system. The most important thing is the management,” he says. “Any enterprise or organisation that is considering a multi-vendor storage, infrastructure and servers should still be able to maintain one management application that controls all these components,” Helmy adds.

Storage compliance needs to be an integral part of a well-managed IT infrastructure to ensure the integrity, confidentiality and accessibility of information. CIOs require a cost-efficient, multi-tiered storage environment with centralised and automated policy-based management to ensure business continuity.

To make sure that their storage system can continue to meet their business needs well into the future, CIOs need to be able to reduce operating costs and improve efficiencies. Enhanced flexibility is essential in enabling information to be quickly and easily stored and moved as an organisation’s needs grow and change.

Indexing and classifying information allows companies to have greater control over their important documents, enabling them to see at a glance exactly what kind of information they have, where it is stored, and what value it holds.

Automated policies are able to retain information, move it to the most appropriate storage tier as its value changes, and securely delete it as regulations dictate, as well as minimising downtime in a crisis, shortening recovery time, and protecting business against disaster.

In order to make certain that a new storage infrastructure is going to be able to meet these demands, El-Shanawany recommends CIOs ask vendors specific questions when they are planning a new system. “First of all,” he says, “customers need to ask vendors whether their products comply to SNIA CIM standards.”

All new products should be compliant to the organisation’s CIM standards, which aim to ensure that interoperability issues do not arise. Helmy also recommends that customers try where possible to work with SNIA members for any implementation because, as he explains, “the association organises regular interoperability tests.

SNIA members can participate with their equipment in these tests to show in practice how different products from different vendors interoperate with each other.” Before any type of storage component is introduced into the market, all SNIA members make sure that they comply with storage standards, which reinforces the real-world impact of the standards themselves.

In order to create an archive of unquestionable integrity that will protect the enterprise and its employees, IT planners must take into account regulatory requirements and compliance standards.

At the same time, compliance and legal professionals must be ready to actively communicate the regulatory requirements so that IT planners can do their job. It is not enough to say, “We know what must be done.” That knowledge must be translated into guidance for IT, or IT will be held hostage by indecision.||**||

Add a Comment

Your display name This field is mandatory

Your e-mail address This field is mandatory (Your e-mail address won't be published)

Security code