We were able to raise the money on the strength of our vision and our 2011 results. nScaled was a pioneer in recovery-as-a-service (RaaS) three years ago, when no one know what the heck RaaS was and everyone thought disaster recovery was a boring market, dominated by goliaths like Sungard and IBM, catering exclusively to huge customers who could afford to spend millions of dollars every year for redundant capacity. nScaled is now a leader in the suddenly hot RaaS market, a market that now is getting plenty of attention from the analyst firms and the tech press.

Of course, our customers have known about nScaled for several years, and we added a bunch more in 2011. By all measures – number of customers, new bookings, recurring revenues, number of servers protected, and terabytes of storage under management ­– nScaled tripled its business in 2011.

We’re proud to have been able to raise money in what can be a very challenging investment environment, and to have fantastic partners like Almaz Capital and Doughty Hanson Technology Ventures.

Here’s the full text of the announcement:

nScaled Announces Series A Investment by Almaz Capital and Doughty Hanson Technology Ventures 

$7M investment to accelerate nScaled’s global expansion of its Recovery-as-a-Service offerings

San Francisco – February 22, 2012 – nScaled, a pioneering provider of cloud-based Recovery-as-a-Service (RaaS) solutions, today announced that it has completed a Series A round of financing, securing $7 million in investments from Almaz Capital and Doughty Hanson Technology Ventures, as well as leading Silicon Valley angel investors. The investment will be used to fund nScaled’s growth, including expansion of its global network of data centers and new software development, as well as sales and marketing efforts.

Peter Loukianoff, co-founder and managing partner of Almaz Capital said, “In nScaled, we found a company that is in prime position to command a dominant role in the emerging market of cloud-based disaster recovery. nScaled’s technology platform will enable the company to broaden its service offerings in the future and allow customers to take full advantage of the cloud and its enormous economic and operational benefits. Cloud-computing is forcing dramatic structural changes in the way software applications are consumed by companies of all sizes and nScaled is well-positioned to capitalize on this tectonic market shift.”

“We invested in nScaled because we believe there is a gap in the market for technology that simplifies and reduces the cost of providing disaster recovery,” added George Powlick, managing director at Doughty Hanson Technology Ventures. “nScaled’s early success and the market’s acceptance of Cloud-based recovery services make us confident that nScaled will become a leader in the market.”

“2011 was a stellar year for nScaled. We tripled the size of our business by virtually all measures and we have similarly aggressive growth plans for 2012,” said Mark Hadfield, CEO of nScaled. “This funding will help us achieve that growth and position us as one of the dominant players in Recovery-as-a-service.”

As part of its growth strategy, nScaled recently announced the availability of free accounts designed to provide prospective customers with a fast and easy way to discover Cloud-based disaster recovery, backup and archiving capabilities for their VMware data centers.

About Almaz Capital

Almaz Capital is one of the leading venture capital firms serving entrepreneurs and companies with ties to Russia and the Commonwealth of Independent States (CIS). Investors and strategic partners of the firm include industry leaders, such as Cisco, the European Bank for Reconstruction and Development (the “EBRD”), and UFG Asset Management. Almaz Capital primarily targets early and expansion stage investments in high growth sectors, including Technology, Digital Media, and Communications. In addition to extensive experience in Russia and the CIS, the firm’s network in Silicon Valley offers portfolio companies an effective local investment partner with global reach. For more information please go to http://www.almazcapital.com/

About Doughty Hanson Technology Ventures

Doughty Hanson Technology Ventures invests in exceptional entrepreneurs and management teams that have the passion, commitment and vision to conceive great ideas and build global businesses. Their investment strategy targets companies that develop sophisticated and proprietary technologies and focuses on three industry sectors: internet software, mobile communications and clean energy technology. For more information please go to http://www.doughtyhanson.com/

Multi-tier Server Protection 

In a multi-tier server environment, the quiescent state of a single server isn’t enough. In order to achieve a working and consistent application, the various servers that make up the entire application stack may need to be in a quiescent state across multiple servers, a term referred to as “cross-server application quiescence”. As an example, in a document management system where the database server and a file server are both present, it is often necessary for the database and file server to be recovered from virtually the same moment in time. In other cases, it may be better for the file server to have a more recent copy of the data than the database server but never the other way around. In the process of working with our customers, nScaled has experience working with many different types of multi-tier applications.

Cross-server Application Quiescence is the key to protecting multi-tier applications

The most important factors to consider when protecting servers in a multi-tier application are the Recovery Point Objective (RPO) and the Recovery Time Objective (RTO). The RPO represents the amount of data that you are willing to lose in the event of a disaster. As an example, if snapshots of a server are taken every 30 minutes and the last snapshot was taken at 2:00PM, a disaster taking place at 2:29PM would mean that 29 minutes of data may be completely lost. The RTO represents the amount of time it takes to get the disaster recovery system online and functioning in place of the original production system. With multi-tier applications the RPO will drive the snapshot frequency of more than one server and therefore the snapshot times of these services must be closely synchronized between servers involved in the application. The RTO will drive the frequency of testing, degree of documentation, and in some cases may change the techniques used to protect the servers.

Another facet of protecting multi-tier applications involves snapshot frequency and retention. As an example, a typical database and file server will need to have snapshots taken frequently enough to deliver the desired RPO. The retention policy (how long the snapshots are kept) will likely be longer for these servers as well (i.e. 24 hourly, 7 daily, 4 weekly) Application servers and API servers in a multi-tier architecture typically do not have much if any dynamically changing data and as such the snapshot frequency can be much lower (i.e. every 3-4 hours) and the retention can also be less granular (i.e. 4 hourly, 3 daily) for the purpose of disaster recovery.

Measure Twice, Cut Once

Determining the desired RPO and RTO for any system is nothing more than an arbitrary determination unless the disaster recovery solution can be monitored and tested. Monitoring a disaster recovery solution involves knowing whether or not the RPO for protected systems is being met. Using the nScaled Cloud Console, the current state of both local protection (mirroring) and off-site protection can be monitored using our simple dashboard as well as email alerts. By monitoring the state of both local protection and replication to the nScaled Cloud, you can know at any given time whether or not your RPO is being met.

Determining an appropriate RTO is often driven more by business continuity demands rather than practical considerations. Even though it may be a requirement to have a specific RTO for a given system, whether or not the RTO is achievable can only be determined by testing. Using the nScaled Cloud Console and infrastructure, the disaster recovery process can be tested on demand. Using a private limited connectivity network along with nScaled’s approach to leveraging Microsoft Active Directory, the RTO for your servers can be tested, refined, practiced, and proven. Practicing the disaster recovery process for business critical servers allows IT leadership and engineering to have confidence that a specific RTO can be met.

Minimizing RTO 

The more business critical a system is the smaller the RTO tends to be. At nScaled we have experience helping a wide array of customers meet their RTO demands. Reducing the RTO to an absolute minimum generally means leveraging live servers (primary servers) that run full time in the nScaled cloud. By leveraging live servers in the nScaled cloud, more functional components can be pre-configured to be ready to go on a moment’s notice. When needed, nScaled can deliver enterprise class load balancers that are configured and ready for a disaster event. By leveraging live servers in the nScaled cloud, technologies such as SQL replication and DFS can be leveraged to provide extremely quick failover times. Primary servers in the nScaled Cloud benefit from built-in customizable alerting functionality provided by the nScaled Cloud Console.

Client Access 

The nature and scope of a disaster can present myriad areas of impact. The service disruption from a disaster can range from minor and highly localized to broad and geographically distributed. Since there are so many variables that can trigger the activation of a disaster recovery plan, nScaled offers multiple solutions for getting your end users access to critical systems. Our server protection solution leverages a MPLS or VPN tunnel to privately and securely deliver your server data to the nScaled Cloud. This same connection can be leveraged for providing access from your offices to the nScaled Cloud in the event of a disaster. For remote branch offices, nScaled supports failover VPN tunnels directly to your cloud environment in the nScaled Cloud in the event that your central office is impacted by the disaster. For end users working from home or other locations, secure, authenticated client VPN access to the cloud environment is built into the solution. In cases where Citrix is the prevailing method that your end users use to connect to your applications, a solution can be developed to provide the same familiar access to applications that your end users are accustomed to using.

Protecting Multi-tier Applications

Overview 

Many businesses rely on multi-tier applications in order to deliver highly available and scalable services to their enterprise. Multi-tier applications are network services that are delivered using multiple servers each running specific roles within the tiered application. Typical multi-tier applications consist of at least a database layer and an application layer. Depending upon the service, multi-tier applications can consist of many more layers and services. Enterprise class applications often have the option of running many roles on one server and subsequently scaling up to multiple tiers in order to grow with increasing use and demand within an organization.

Given the scalable nature of a typical multi-tier application, these same services tend to be critical to business continuity. Due to the inherent complexity of multi-tier applications, developing a disaster recovery strategy for these applications can seem overwhelming. Using the nScaled approach, we can deliver a solution that can be routinely tested, validated, and easy to use, making protecting these critical applications achievable.

Typical Multi-Tier Architectures 

Even with the wide array of applications that can be delivered using a multi-tier design, the overall architecture of all multi-tier applications tend to have many – if not all – of the same components in common. Applications such as document management, online learning, customer relationship management, accounting, human resource management, asset tracking, and many others use architecture similar to the one shown.

Multi-tier applications tend to take considerable time and expense to set up. The investment of time required to completely and effectively deploy this architecture is well worth the reward, however, given the inherent scalability and reliability associated with reducing single points of failure and distributing the computing workload across more than one server.

Basic Server Protection 

With the nScaled approach, servers are protected using block level mirroring technology. Each write operation on a protected server is mirrored to the nScaled Local Cloud Appliance on the customer’s network. Once the initial snapshot has been taken, subsequent changes (deltas) are captured in a consistent state called a “quiescent snapshot”. A quiescent snapshot is an exact representation of a server at a specific point in time where both the file system and underlying blocks are in a consistent state. This quiescent state allows a server to be booted from the snapshot as a virtual machine. This approach is independent of any underlying SAN technology and works with both physical and virtual machines. Once the snapshots are captured on the Local Cloud Appliance, the data is replicated to the customer’s environment in the nScaled Remote Cloud data center. Since the server snapshot is in a quiescent state, the server can then be booted in the nScaled Local Cloud Appliance or in the nScaled Remote Cloud whenever it is needed.

We’ll finish up next time.

What it is

You get a free account in our recovery-as-a-service cloud environment, accessed through our Recovery Console SaaS admin interface. You also download, for free, our Cloud Hub virtual appliance and install it on any host running VMware ESX.

What you get

The free version of our service lets you manage your VMware systems more easily that anything else around. Start, stop and resize servers. Set up alerts and check usage. Most important, it’s your first step towards implementing DR in the cloud. Heck, maybe your first step towards DR of any kind.

Now, to be clear, while the free account is limited to VMware only, paid nScaled service can protect both physical and virtual servers, running Windows or Linux. And, of course, when you step up to a paid service, you get all of the DR/backup/archiving that nScaled is known for.

But the free accounts are useful for wrangling your current systems, and will give you an idea of what it’s like to use nScaled. What have you got to lose?

Fixing the fragmented approach to Backup, Archiving, Disaster Recovery & Business Continuity

Despite decades of research and development into backup and data protection, enterprise customers are generally unsatisfied with the status quo when it comes to data protection and recovery processes. Business continuity, disaster recovery, backup and archiving are common, overlapping data center operations, and are repeatedly targeted for replacement.

Rather than simply moving from one vendor to another, enterprise customers are seeking a new paradigm for data and workload protection and recovery, one that provides a complete view of all their applications and systems, is verifiably effective, cost effective and resilient by design to various calamities which might strike the enterprise.

According to research done by Gartner:

By 2013, at least 20% of organizations will have changed their primary backup vendor due to frustration over cost, complexity and/or capability, up from the typical single-digit percentage shifts today. By 2013, more than 50% of midsize organizations and more than 75% of large enterprises will implement tiered recovery architectures.– “Best Practices for Addressing the Broken State of Backup”, 27 August 2010

The Broken State of Enterprise Recovery

Data Growth

The largest single contributor to dissatisfaction with enterprise recovery is the massive increase in the data to be protected. Estimated by industry analysts at around 45% growth per annum, data is growing so rapidly that many IT leaders are facing an unsustainable situation. Richer digital media (pictures, video, and sound), increased collaboration and connectivity, increasing use of “big data” by marketers, versioning, replication and the monolithic nature of application design contribute to the rising tide of enterprise data growth.

Beyond the growth of the data, the amount of data in protection/recovery systems is growing even faster, as companies add more systems to the list of ones that have to be protected. Additionally, protection requirements are changing from simply keeping a week’s worth of daily backups to keeping a day’s worth of 15-minute snapshots, a week’s or month’s worth of dailies, and years’ worth of monthlies, sometimes for ten years.

Backups Are Broken

Too much data means fewer and poorer backups, which creates risk to the organization – the risk of downtime, lost productivity, lost data, and financial loss. Expectations from business leaders for service levels on recovery times and the volume of single occurrence data loss have increased to the point where near-zero system downtime is a commonly accepted goal.

The very idea of the “backup window” has been obsoleted by the 24×7 nature of business. An outdated paradigm for backup and recovery where systems are offline once a week for a full backup, offline daily for incremental backups, and where data is copied to long term storage medium, has become nearly impossible to accomplish successfully.

Fragmented Approach to Recovery

Further complicating matters, companies have built up, over time, fragmented approaches to recovery. First there was the backup system with tapes being driven to a vault. Then perhaps a do-it-yourself (DIY) disaster recovery plan was implemented at a co-location facility other than the primary one, with manually managed system upgrades and tests, if the DR plan is tested at all. Some applications may have their own DR plan, like the inline SaaS offerings for email. Some corporate data may, of late, be in a cloud storage or cloud backup service.

In short, things are a mess, with no one quite sure where all the data is or how to get at all of it if necessary. A lack of a comprehensive approach leaves the IT team with a training and personnel issue which ultimately adds to cost and complexity. What’s called for is a standard way of backing up and recovering all services.

While data loss and system outage are unacceptable, so too are the escalating costs of managing all this data. While a company’s IT systems can be an effective differentiator and a strategic investment, data protection and recovery is not viewed as such. This has led to a growing realization among IT leaders that scarce resources (primarily people) would be better off focused on strategic IT initiatives that differentiate the organization from its competitors, rather than being consumed with mundane tasks such as backup and recovery.

We’ll continue this topic in a future post…

Unfortunately, this is just a baby step towards something that already exists: a unified platform that provides continuity, disaster recovery (DR) and archiving, obviating the need for backup at all.

We call this Three Phase Workload Protection. “Workload”, not “data”, because what’s being protected is the entire server: OS, application, configuration and data. It’s a super-set of data protection. Lose a file? No problem, mount a saved workload as a disk and retrieve the file. But lose a whole server? Also no problem – spin up the saved workload as a virtual server and get back to work.

The key to the Three Phase approach is that the primary (production server) is snapshotted frequently, and the snapshots then automatically proceed through the phases, with no manual intervention needed.

Why are Continuity and DR different? In our view, it’s about what you need to recover, and the best place to recover from. There are three things you can lose:

1. Data
2. A server
3. The whole data center

The first two can and should be recovered locally, from a saved workload that’s on your LAN. No big, hairy failover needed. Self-service, fast, no latency. We call that “Continuity”. (In the case of a data recovery, that’s “backup”, which is simply a feature of the Three Phase approach.)

Backup has been relegated to feature status

If you lose your whole data center due to blackout, hurricane, flood, or what have you, you need to failover to a remote facility. That’s Disaster Recovery.

When the workload images get old enough that they are no longer if use for continuity or DR, but still need to be retained for regulatory or policy reasons, they are automatically moved to archival storage. And of course, old workload snapshots can be automatically discarded based on policy.

Sure, we exaggerate when we say that “backup is dead.” It isn’t, it’s simply been relegated to feature status in the much more comprehensive Three Phase Workload Protection model.

But Mother Nature earns all her headlines for good reason. The big, capital-D, Disasters also matter. And there’s a lot of them out there.

A recent story I read pointed back to a map that the New York Times published last year, “Where to Live to Avoid a Natural Disaster”. It is not encouraging. Between hurricanes, tornadoes and earthquakes, there aren’t a lot of businesses in the US that can take the chance of not having a DR solution to handle The Big One.

I did find a small corner of Wyoming that looks pretty safe, so if you’re a fan of winter on the Great Plains, I guess you could move your business there.

To reinforce the point, the Insurance Information Institute just published their data for 2011, and to the surprise of almost no one, it was a record-setting year for natural disasters.

This isn’t intended as fear mongering, but as a reality check. Back when disaster recovery was complex and costly, you could understand why a business might try to bravely ignore the risk from natural disasters. But the time for whistling past the graveyard is over. Modern, cloud-based recovery services have seriously altered the economics of DR. It’s time for businesses to stand up to Mother Nature.

Methods of Data Protection

This brings us to the issue of choosing data protection technologies. If you have one of the rare, homogeneous environments, this can be a straightforward matter, as simple as using the replication technology available with your virtualization platform of choice, like VMware’s Site Replication Manager.

More typical data centers with physical and virtual servers, Windows and Linux, and so forth, will need a replication solution with broad OS and application support, like FalconStor’s data protection solution, with host agents for a wide variety of systems. Look for a solution that can do frequent snapshots, as this will determine the recovery point objective (RPO) that’s possible. Any solution can offer a 4-hour RPO, but 15-minutes is the new gold standard, so do your research.

Some critical business applications are starting to build in their own data protection capabilities, and using them might be the best approach. One example is Microsoft Exchange 2010, with its Database Availability Group (DAG) feature. It lets multiple Exchange mailbox servers be configured in a group, with each having both active and passive mailbox databases. DAGs can be configured by some RaaS providers with passive databases hosted by the provider while the active copies are on the customer’s premises. It’s a clean approach that leverages what Microsoft has built, but not all RaaS providers can accommodate it.

The bottom line is that you have choices for how to go about protecting your data center. The best choice of a provider will be the one who can provide a broad array of data protection technologies and accommodate heterogeneous environments.

Testing

We come to testing last, but it is the most important issue here. For some companies, it is their DR “Waterloo”, where they lose the war against business disruption. In the past, DR solutions were separate systems, disconnected from the production environment. Managing “change skew” – the continual stream of software updates, hardware upgrades and OS patches, become duplicate work and was often neglected. Without updates, tests become worthless and were discontinued. In the event of a disaster, the recovery site was essentially useless.

Snapshotting/replication technologies have solved the first issue, keeping up with change skew. By automatically and continuously doing block-level replication of protected servers, all system changes are captured automatically. Install a patch, and minutes later, those changes are captured as a delta snapshot and replicated to the RaaS site.

This makes testing the DR plan and the RaaS solution practical, and test you must! The reality of the typical mid-size or larger company is that there are many critical applications, some of which have multiple components running on separate servers (eg: an e-commerce site with separate web, app and database servers). Failing over to the DR site in a disaster isn’t a simple matter of starting everything up all at once. Having a comprehensive and up-to-date run book is key, and so is exercising it periodically. Starting servers in the right order, making sure that all core services like DNS and DHCP work, that IP address assignment happened properly – all of this needs to be de-bugged before the next disaster hits.

Conclusion

Recovery-as-a-Service is changing the business continuity and disaster recovery market. RaaS makes real DR available and affordable to mid-size companies that couldn’t afford it and didn’t have the staff to implement it in the past. There are now multiple RaaS providers with widely different solutions, so customers have to do their homework. It’s not enough to know what RPO and RTO the provider offers, or where their data centers are located. You need to understand some of the core technologies they use and set of services they offer to make their offering a complete, turnkey DR solution.

Prioritize Servers and Applications

The same mentality that leads companies to use backup and forego DR also negatively affects the way they think about prioritizing their protection requirements. Thinking about recovery in terms of which files to protect is the wrong way to go; you end up lost in the weeds and not looking at things systematically.

With RaaS, you’re protecting entire servers, so the focus should be on which servers are critical to the company’s survival, which are important but not critical, and which ones don’t require a DR plan. If you are a law firm, you’ll probably put your email and document management system in Tier 1; if you are an online retailer, your e-commerce site (web server, app server, payments) should be Tier 1. In any case, the point is to match both your Recovery Point Objective and Recovery Time Objective to the importance of the server.

The reason for prioritizing may itself be phasing out. In traditional DR solutions, companies had to rent co-lo space, buy hardware, bandwidth, etc., and then watch it sit idle until there was a disaster. Companies became cost conscious, and started prioritizing their business applications, protecting just the most critical ones, in order to save money. But RaaS changes the economics of DR solutions. By taking advantage of the elasticity provided by virtualization, and the economies of scale that public cloud based over-provisioning allow, RaaS solutions often cost just a fraction of traditional methods. This has allowed organizations to include more of their applications in their DR plans, making their businesses safer.

Dealing with a Heterogeneous Environment

Protecting your servers would be easy if they were all the same. A lot of customers and vendors talk about DR as if all their servers were Windows OS running on VMware on an x86 box. And indeed, a great number of business applications today run this way. RaaS solutions that only work on these kinds of servers seem well suited to the very few companies that have nothing but this type of environment.

But in practice, companies don’t have such homogeneous data centers. Their Oracle database runs on Windows, but their Apache web server runs on Linux. The Active Directory server runs virtually, but the ERP system runs on a physical server, and it’s Solaris. The home office is standardized, but a couple of the remote offices have their own non-standard servers. Et cetera. The point is that when making a DR plan and selecting a RaaS provider, you need to include all the critical business applications, regardless of platform.