Blog categories

My blog posts and tweets are my own, and do not necessarily represent the views of my current employer (ESG), my previous employers or any other party.

I do not do paid endorsements, so if I am appear to be a fan of something, it is based on my personal experience with it.

If I am not talking about your stuff, it is either because I haven't worked with it enough or because my mom taught me "if you can't say something nice ... "

How do you back up Big Data? Or SaaS? Who will be the next Veeam?

It seems that every time that a new major IT platform is delivered, backing it up is an afterthought – often exacerbated by the fact that the platform vendor didn’t create the APIs or plumbing to enable a backup ecosystem. Each time, there is a gap where the legacy folks aren’t able to adapt quickly enough and a new vendor (or small subset) start from scratch to figure it out. And for a while, perhaps a long while, they are the defacto solution until the need becomes so great that the platform vendor creates the APIs, and then everyone feverishly tries to catch up. Sometimes they do, other times, not so much:

Veeam, while not the only virtualization-specific backup solution, is a classic example of this scenario and are typically the vendor that the legacy solutions measure themselves against for mindshare or feature innovation, in their efforts to win back those who are using a VM-specific product in combination with traditional physical backup solutions.

Before them, Seagate Software’s Backup Exec was synonymous with Windows Server backups, helped by the built-in "Backup Exec lite" version that shipped within early Windows.

Before them, Cheyenne Software’s ARCserve was synonymous with Novell NetWare backups, who was among the first to protect a server’s data from within the server, instead of from the administrator’s desktop (really).

History continues to repeat itself

The challenge for platform vendors is that after the early adopters have embraced a platform (any platform), the mainstream folks will push back under the premise of “If I am going to put my eggs (data) in this basket, it better be a solid basket” (meaning that it is back-up-able) – without which will ultimately hinder the second/broader waves of adoption. Other examples include:

Microsoft SharePoint has a slightly similar architecture to “Big Data”, with its disparate SQL databases being far more protectable than the metadata and “Farm” constructs that link everything together. Many legacy backup solutions that had robust SQL protection capabilities struggled to back up SharePoint (restore was even worse), in large part because Microsoft hadn’t developed the VSS enablers to traverse the Farm. Today, after four major releases of SharePoint, almost anyone can back it up like “just another Microsoft application.”

As mentioned earlier, VMware hypervisors were notoriously difficult to back up in their early days, with legacy backup providers being very late to solve the challenges. Instead, a completely new group of virtualization-specific backup vendors created new approaches to address the market demand for better virtualization protection. Today, with the mature VADP mechanisms provided by VMware, VM backups are now reliable, but agility of VM recovery continues to vary widely among solutions. Some virtualization protection solutions are continuing to thrive, while the legacy backup vendors are rapidly catching up in VM backup features and trying to recapture their lost market share not only from the VM-specific vendors but VMware’s own VDP solution. is perhaps the poster-child of software-as-a-service, enabling CRM solutions for organizations of all sizes. And as a cloud-based solution, most early adopters were focused primarily on assuring availability of the data/service across the Internet. Unfortunately, SFDC has not yet published APIs that allow traditional backup solutions to protect SFDC data. The result is that customers are moving from legacy, albeit protected, self-managed CRM systems to an arguably far superior CRM system in SFDC, but are losing the ability to protect their data once it is there. SFDC is rumored to have a rudimentary recovery capability that is purportedly $10,000US per event and doesn’t have an SLA for recovery. Like the disruptive platforms before it, ESG expects that mainstream demand and platform maturity will eventually make protecting and restoring SFDC data easier, but in the meantime, like virtualization, a new group of cloud-backup solutions are among the first to try to solve what legacy vendors are slow to adapt to.

And that brings us back to … How do you back up Big Data?

To begin to answer that question, I partnered with my ESG Big Data colleague, Nik Rouda, in authoring a brief on what you should be thinking about and looking for in the future.

CLICK HERE to check out “ESG’s Data Protection for Big Data” brief.

As always, thanks for reading.

[originally posted on ESG’s Technical]

AA and USAir are not “one airline”

To the “New AA” — please stop misrepresenting yourself as a single airline with US Airlines. AA-USAir-poster_thumb.jpg

You are not conducting yourself as a single airline, and the result is that I won’t see my kids this evening.

Your signage says “We’re bringing you greater schedule options ” but that isn’t entirely true.

I booked an AA round-trip from Dallas to Phoenix (with AA flight numbers) because I am a faithful AA flyer. My outbound flight was on AA, but I was surprised to find that my return flight was “operated by US Airlines“. I didn’t want USAir, even though I saw those options when I booked my flight, so I booked AA … and got USAir anyway.

Because my AA flight number was actually a US Airlines plane, I couldn’t get preferred seating and couldn’t request an upgrade. How is that “one airline”?

I arrived four hours early to the airport and went to the AA counter, whose very friendly, professional and empathetic staff explained that I was booked on USAir, so AA couldn’t help me — even though I booked an AA flight number. The AA staff courtesy was a stark contrast to the brisk, almost rude, US Airlines staff who printed my boarding pass when I requested to standby for the earlier flight.

I went to the US Air gate for the earlier flight (3:30p) and stood at the counter while the gate agent handed out other standby boarding passes, including to non-rev’s … and then said that I wasn’t on her list and it was now less than 10 minutes before departure.

An earlier US Air flight at 3:30 had available seats, but I couldn’t have one — because the front agent hadn’t put me on the list (even though we talked about it, including the likelihood of availability) … even non-rev’s got on, but not me.

An earlier AA flight at 4:00 also had available seats, but I couldn’t have one. I walked to a different terminal but the AA agent, though harried was still more professional than US Air’s staff — and she explained that even though I had an AA flight number, she couldn’t help me either.

While I was surprised by the US codeshare, I expected the same respect and helpful service that I might get when flying on American Eagle. If I had booked an AA codeshare that was “operated by British Air” or another OneWorld partner, then I would presume this disconnectedness — though I have had much better codeshare experiences with AA flights operated by both BA and Qantas than what I’ve seen with US Air. But you are one airline, right?

If your answer is “that sharing is coming” — then TAKE DOWN YOUR SIGNS, because your marketing department is making promises that the rest of your airlines (plural) are unable to satisfy.


VIDEO: What to plan for in a Data Protection Spectrum

Continuing on the theme that we started last year that “Data Protection” is the umbrella theme that encompasses a broad range (spectrum) of IT behaviors, including “Backup, Snapshots, Replication, etc.”:


Here is a video that gives some color to those ideas (pun intended):


1. Start with a fresh understanding of your business units’ operational requirements, based on feedback from the business owners, department heads, application experts and other stakeholders.  To get more ideas around quantifying the cost of downtime for assessing the Business Impact Analysis (BIA) and Risk Analysis (RA), download this chapter from my book – Data Protection by the Numbers.

2. Once you can quantify their recovery goals (SLA/RPO/RTO) and the business impacts of them not achieving their availability requirements, then choose the “color” of the DP Spectrum that best meets those goals.

3. If the solution’s TCO/ROI is in line with reducing the business impact, meaning that the solution doesn’t cost more than the problem, then add the method (not yet the product) to your DP Solution Architecture

4. Once you understand which colors (i.e. backups, snapshots, archives, replication, clustering, etc.) that really fit your business needs

If you do this, you will likely find that most of the colors of the DP Spectrum fit within your business strategy, but that does not mean that you should necessarily settle for 10 products from 7 vendors – because it is unlikely that you’ll be able to cost-justify it otherwise.  Instead, , look for solutions that consolidate the management of them:

  • Backup software that also manages snapshots or replication, perhaps that also includes archival features
  • Protection storage that can support backups and archives (meaning extended retention), that has effective deduplication AND whose data is very durable
  • Expertise that can knit not only the product components, but also the strategies, together into a living DP plan

Thanks for watching.

[Originally posted on ESG’s Technical]

JBuff on the Cube at IBM Pulse 2014

While at IBM Pulse 2014, I was invited to sit in at ‘the Cube’ to talk about what’s new in Data Protection.

We had the chance to talk about:

  • Virtualization Protection
  • Endpoint Protection
  • How the Cloud is changing Data Protection Options
  • And how IBM is evolving its data protection offerings to meet those demands.

My sincere thanks to IBM & SiliconAngle for letting me join the program – and to you who read this blog.

D2D2C is like 1 box of Legos and 2 manuals

Last year, I blogged that a modern “Data Protection Strategy” is more than just backup – instead including also snapshots, replication, archiving, etc.  (see also

And while some would then call this a hybrid architecture, others prefer to think about “hybrid” as being disk plus tape or cloud.  If we dig into where those ideas meet, we’ll find that even with something as simple as “Disk to Disk to Cloud” as a way to first recover locally from disk and then extend that protection to a cloud-repository, every answer just brings up more questions. 

In fact, even D2D2C has at least two configurations – similar to having one box of Legos and two instruction manuals; meaning different ways to assemble the same pieces and end up with (at least) two very different results.

Here is a video of some of the questions that you should be asking – and my suggested ideas for coming up with what will best fit you.

[Originally posted on ESG’s Technical]

As always, thanks for watching.

8 Suggestions that Every Data Protection Strategy should have

As a “data protection dude”, I have the best job in the world – I have the opportunity to talk to hundreds of IT Pro’s on what they are doing (or are thinking about doing) in data protection, and then survey thousands more on the same ideas. 

So, for all of the IT Pro’s who are now into the fray of 2014 and asking “What else should be doing to ensure my organization’s recover-ability?” – this video includes eight suggestions to consider as part of your data protection strategy (including the ESG data that supports those suggestions).

[Originally published on ESG’s Technical]

As always, thanks for watching.

Virtualization Protection re-cap for 2013

Backing up and recovering VMs” is not solved.  There are lots of options in market, and the dynamics seem to shift by the day:

The unified (physical plus virtual) backup solutions are trying to take back share from the virtualization-specific folks, now that some of them are catching up (or passing) on VM protection methods and recoverability features.

The virtualization-specific backup solutions are protecting their share from the unified folks (above) and the hypervisor vendors (below), while continuing to innovate and differentiate.

The hypervisor vendors are offering their own backup solutions, instead of just the VADP/VSS API’s that enable their ecosystems.

There are some disruptive startups that are forcing folks to reconsider everything they know about “backup” via advanced appliances that warp one’s imagination of consolidated protection, copy-data management, etc.

And everything that any of them are doing … are now or soon could be also going to the cloud (if the cloud-backup providers don’t beat them to it)

So, as IT organizations of all sizes continue their maturation from simply “consolidation” to the “private cloud” and the “software-defined-whatever”, 2014 promises to be even more interesting. 

To celebrate that, here is a list of some of my virtualization protection posts, just from the 2nd half of 2013:

· INFOGRAPHIC — Virtualization enabling BC/DR

· VIDEO — What to look for in Virtualization Protection in 2014

· VIDEO — ESG’s recap of VMworld 2013

· BLOG — Channel / Service Provider opportunities for highly-virtualized environments

· BLOG — Using Virtualization-Specific vs. Unified Backup solutions for VMs

· RESEARCH BRIEF — Virtualization/Backup Skills (and the gaps)

· RESEARCH REPORT — Trends in Protecting Highly Virtualized Environments

Yes, it promises to be an interesting 2014.  My first advise = virtualize everything.  After that, you have lots of options.

Thanks for reading.

OFS and BaaS – why you need both

At first glance, the services can be easily confused:

  • A small application is installed on your endpoint device, perhaps from a consumer “app-store”
  • Behind the scenes, there is a cloud-based storage service; typically billed on capacity used
  • Your changes to local files seem to be magically updated, with no effort at all

Yes, it’s very easy to see how OFS and BaaS are similar. 

  • If the cloud-service retains multiple versions of your data, is it BaaS?
  • If the cloud-service allows other devices to access your data, is it OFS?

And for individual users and their consumer data, one might use either service for both goals – but they are NOT the same.

Maybe individual consumers can blur the lines on these, but IT organizations and their companies cannot. To better explain the differences, and to really understand what is going on in both spaces, Terri McClure joined me to discuss the topic. Terri covers file-based storage (including the OFS market), while I cover data protection (including BaaS).

Yes, there are some technical similarities between OFS and BaaS – but companies cannot afford to confuse the two, nor can they confuse consumer offerings with the types of OFS and BaaS services that will either safeguard corporate data or expose it to the world.

Follow Terri or I on twitter at @ESGanalystTMac and @JBuff, respectively.

For all of the newest OFS perspectives, check out her blog.

As always, thanks for reading.

[Originally posted on ESG’s Technical]

The best accessories for Surface Pro don’t all come from Microsoft

A few months ago, I wrote about how my Surface Pro (v1) had become the only device that I travel with (blog).

Since then, I have streamlined optimized even further, with a few other gadgets.  In my travel bag:

Portable DVD/Blu-Ray from Buffalo ($85)

This ultra-portable Blu-Ray player/burner is barely larger than two blu-ray plastic cases stacked, with two USB cables that are easily hidden away within the shell itself. One cable provides connectivity to my Surface. The other is for supplemental power by plugging into another USB port. It appears that the Surface Pro sends enough power that the supplement isn’t needed, but you could make use of the USB port on the Surface Pro charger block, if you wanted to reduce battery draw on your tablet.

Wired USB Xbox360 controller ($35)

If I am not watching movies in my hotel room, I am gaming. And the selection of Windows 8 games is growing by the day, including some that allow for use of a standard USB-wired gaming controller. My favorite this month, Halo: Spartan Assault, which is a tween-friendly top-down shooter in the great Halo tradition.

Check out my review of Halo: Spartan Assault (and other games) at

HDMI adapter cable ($12)

Playing a game or watching a DVD/Netflix are all very good on a Surface Pro, but so much better on a hotel TV screen … try a combination HDMI adapter and cable.

At Home – the only thing I need is my Docking Station from Pluggable.

A docking station for a Surface? YES!!! ($99)

If you read my earlier accessory blog, I had a mix of Ethernet/USB hub, video adapters, sound connectors, etc. I have replaced all of it with a very nice little device from Pluggable that connects via a single USB 3.0 (5Gb/s) connector. After that, I enjoy:

· Video via HDMI / DVI / VGA port. Technically, it’s a DVI port, but hats off Pluggable for including DVI/HDMI and DVI/VGA adapters. It probably adds a buck or two to the package price, but the easiness of having exactly what you need when open the box more than makes up for it as a rounding error. Frankly, it is a tiny example of a vendor doing ‘the right thing’ and not the absolute minimum.

The docking station also includes:

· Audio-jacks on the front

· Gigabit Ethernet port on the back

· Two forward-facing USB3 ports for devices, like my DVD player/burner

· Two more USB ports in the rear for connectivity (like to my keyboard/mouse)

This docking station really is perfectly suited for a Surface or other ultra-portable device. Honestly, if it worked any better, it would have Microsoft branding on it and likely cost twice as much.

However, because it isn’t a “Surface Accessory”, I am thinking about getting two more – for members of my family that have a Surface and a netbook, respectively.

None of these devices or their discoveries are earth-shattering, but I hope that this gives you some ideas of how to make your ultra-portable techno-life even better. If any of the devices are interesting to you, here’s some easy links to them on Amazon (yes, though I don’t do consumer-oriented posts often, the few-cent click-kickback from these helps pay for my websites).
As always, thanks for reading.


Blu-Ray & DVD

GAMING Controller

HDMI Adapter/Cable

New Math: Virtualization plus DPaaS = BC/DR!

Maybe that is overly-simplified, but not by much. Virtualization makes servers (and their associated storage) portable, while Data Protection Services provide alternate locations and expertise that many organizations of all sizes have been desperate for.

In 2013, ESG published complete research reports on both of these topics:

Research Report: Trends in Protecting Highly Virtualized Environments

Research Report: Trends in Data Protection as a Service (BaaS, DRaaS and STaaS)

And in each survey, we were careful to dig in for extra insights related to BC/DR. So, here is a new ESG Infographic discussing the latest BC/DR trends that are empowered through the intersection of two transformational IT mechanisms.

CLICK HERE for the ESG Infographic on BC/DR, powered by Virtualization and the Cloud

As always, thanks for reading.