The rise of storage process automation.
You've also heating more about storage process automation with the avalanche of regulatory compliance statutes, such as SEC Rule 17a-4, HIPAA, 21CFR Part 11 and Sarbanes-Oxley. Before you regard it as mere hype, however, realize that automation is already being deployed in IT shops today, as IT managers recognize and take advantage of its practical benefits. They understand that while classical monitoring, discovery and planning disciplines are an important part of a storage management framework, real savings are primarily generated through efficient, compliant operations.
Compliance has always been one of management's top IT priorities. It's true across increasingly regulated industries like financial services or health care, or in unregulated environments where companies continually work to improve operational practices/efficiencies. Storage process automation is designed to optimize asset utilization and productivity by consistently executing information storage operations in line with prescribed best practices. Because, at its core, achieving compliance is more about how your IT operations are performed than it is about whether service-level goals are met.
There are many benchmarks offered for achieving compliance. Four main themes, however, are consistently referenced in discussions concerning the test for compliance:
* Do I have well-documented policies and procedures (practices) for storage operations?
* Can I demonstrate an operational methodology for enforcing these practices?
* Are these consistently applied across the enterprise?
* Can I and do I audit?
Most companies today either have or are attempting to address the issue of documented practices. While it's a necessary step, it's not enough. In fact, the only thing good documentation certifies about a process is that it's defined and documented. In no way does it ensure you're doing the right thing. The hard part comes in consistently performing and enforcing the tasks needed to ensure compliance.
For example, the CIO of a West Coast financial services company recently told me that his team spent several months documenting operational practices for provisioning capacity and data protection services to his customer-facing applications. But two months after the system was implemented, he discovered during a checkpoint review that few, if any, of the processes were actually being followed. More disturbing was the level of surprise from his operations team that a follow-up audit would be performed. He learned the hard way that without management commitment driving the implementation of compliance throughout the organization, documentation achieves virtually nothing. Even when that commitment is present, it is still difficult to certify policy conformance across complex operations without help. In a mid- to large-scale storage environment, process automation can provide that help, consistently implementing and enforcing the rules.
Information storage operations can involve complex or repetitive user tasks and system processes--in workflows that migrate across multiple platforms. They can easily involve stall" in different administrative organizations, locations and shills. Storage process automation can capture and encapsulate these operations in software as a "canned" process to be used (and reused) by authorized administrators. This creates a defined management model, ensuring that all local and remote tasks within a given process are executed in a consistent fashion--according to specified policy.
Today, storage process automation is typically equated with capacity provisioning and positioned as a natural extension of SRM. In this limited arena, automation can deliver (through policy compliance) substantial improvements in storage utilization and staff productivity. But process automation has an even greater potential impact when applied outside the SRM domain; it can perform and audit execution of data movement, protection and recovery operations, providing the framework to certify that critical data is where it is supposed to be, and that it can be recovered according to defined timetables.
This view was confirmed by a survey of storage managers, conducted at the spring Storage Management conference. They said their top five challenges were (in order): Backup verification, database cloning/snapshot, data migration, low storage utilization and reclamation of space. Think about it: all of these responses involve related processes, and each can benefit greatly from the labor savings and policy compliance provided by storage process automation. While capacity provisioning plays an integral role in some cases, in others it may play no role at all. So, it becomes crucial to think of automation as a technology that can address each of these operational tasks and also as a framework to weave them together, where needed, in an end-to-end process.
Traditionally, systems management approaches have focused on monitoring of status across the infrastructure topology. Data about state, utilization and performance are collected in a central repository and presented via an administrator console for event notification, data correlation and analysis. This "single pane of glass" approach has served well in storage management, providing the storage manager with a consolidated view of system status. Many of these tools have added integrated wizards or applications for provisioning infrastructure controlled by the storage administrator. But in most organizations, storage operations--even provisioning--involve processes and infrastructure that are not controlled by the storage administrator. The "single pane of glass" model is not easily extended to multiple users, and it often fails when attempting to control the actions and workflows inherent in automating operations in an end-to-end process. So, more often than not, the automated storage operations that have been deployed in the data center have been implemented through scripting.
Process automation technologies however, are available today, providing significant and necessary improvements over both scripts and monitoring-centric solutions. These include a workflow model spanning multiple organizations that supports more than just task approval. It allows humans to interact with the process providing policy decisions, when necessary, while the process is running. Another improvement over scripts is the ability to define a process, delegating its execution and management to enable a self-service model with fine-grained security access control. Most importantly, process automation solutions support rapid and iterative deployment, starting with single-task automation and evolving to more complex processes that implement an organization's specific operational practices.
Besides the obvious benefit (in the case of scripts) of substituting vendor-supported software for handcrafted code, process automation solutions can manage the distributed execution required by today's networked storage environments. In addition, they provide a substantially improved process management model that matches organizational requirements and realities.
And in an environment where new rules and regulations seem to emerge every day, and where managers wonder what's hype and what's real as they try to do more with less, technologies that truly deliver on their promises may be worth their weight in gold. Storage process automation is not yet in the mainstream; despite the "next big thing" label, many companies are thoroughly studying its applicability within their organizations before committing to it. But some companies are beginning to adopt the technology, "starting small and scaling fast," not because they have to have the next big thing, but because they realize it can help them meet their compliance challenges today in a no-nonsense way.
Tad Lebeck CTO and VP of engineering and technology for Invio Software (Los Altos, CA)
|Printer friendly Cite/link Email Feedback|
|Publication:||Computer Technology Review|
|Date:||Sep 1, 2003|
|Previous Article:||Where was your data when the lights went out? Mission-critical data and network apps' security, accessibility during the blackout of 2003.|
|Next Article:||Data replication considerations.|