 Welcome to CUBE Conversations, a series on data protection. I'm Dave Vellante of Wikibon. The purpose-built backup appliance is now more than $3 billion annually, according to IDC. That's bigger than the entire tape market was prior to data deduplication hitting the scene. We're here with Nancy Majors, the Associate Director of Disaster Recovery and Storage at Brown University, to talk about how data protection is evolving. Nancy, welcome to theCUBE. Thanks for coming on. So tell us a little bit about what you're doing down at Brown University and your role there. Well, I'm the Associate Director of Disaster Recovery and Storage Services here at Brown University. We're in Providence, Rhode Island. Brown's a member of the Ivy League. This is a special year at Brown because we're celebrating our 250th year. So we have a little legacy around to support, so we know some stuff about that. Our community is about 20,000. We have 20,000 faculty, staff, and the student represents our entire community. That's kind of where I'm, that's a little bit about me and where I'm coming from. So we love Brown University. We love the Ivy League, New England. We feel smarter just talking to you guys. So thanks again for coming on. So tell me a little bit about, let's take us back. We were talking earlier about your sort of recent experiences in data protection. Take us back to sort of pre-2009. Maybe you could describe your environment. What was keeping you up at night back then? Right, prior to 2009, we had an aging data center. Our data center had been built in the early 1980s and the technology and the power and cooling needs have changed dramatically since then. And we did not have the funds basically to build a new data center. So not having enough power and cooling to keep our servers running was a big concern for me. Additionally, we were running backups to tape. We would send those tapes to an offsite storage company. And we never really even knew whether or not we could recover our data from those tapes. We had never actually tested doing a data recovery from those tapes every now and then. We would have to recover some data and we could get one or two pieces back, but we never looked at recovering an entire service and large amounts of data that we were putting out onto tape. So it comes 2009 and the university had some plans to give us some resources to help fix our data center and in doing so, we had to rebuild our data center essentially from the ground up while keeping it running in the same facility. So that's a pretty scary thought to somebody whose job it is, is to protect the data, knowing that I'm going to have all of my power and cooling and raise floor and walls around my systems replace live. So we raise this as a concern, as a risk to the project to update the data center is that without a sufficient business continuity plan and disaster recovery planning, that we weren't really comfortable rebuilding the data center live without having that in place. So the university allocated funds as part of the project to implement a business continuity program as well as a disaster recovery program so that we could recover those applications that they deemed critical in a timely manner should something go wrong with our construction project or going forward, there was a lot going on in the world at that time with a lot of bad things happening with Katrina and all sorts of stuff that raised disaster recovery as. So you didn't have a lot of confidence in your backup environment. You couldn't test it adequately. Maybe you could check a box for the compliance people but you knew in your heart that there was a potential exposure there. Is that right? Absolutely. And the business hadn't really defined those needs either. We had been backing things up but if your business doesn't tell you what's really critical and how fast they need that back then you're kind of making a guess there. So was it fair to say you kind of had a one size fits all of backup strategy at the time? Exactly. So we backed up everything. We did a nightly backup. We went to tape. We kept a copy of the tape on site and the copy of the tape went offsite to that mountainous tape storage. Okay. So talk about what you did, what changed? What's your technology look like today? Give us the before and after. Right. So before, obviously we had a giant tape library and we had no disaster recovery program. 2009 we implemented a disaster recovery program which allowed us to set up a secondary data center at in New York. We are in Providence. So that's pretty geographically diverse but it's not as much as some people might like. We replicate our critical data from Providence to New York using EMC products. We use EMC SRDF for our databases and our mainframe. We use EMC recover point for our critical VMware environment and we use EMC data domain for our network backup. So we no longer ship that copy on tape out to that mountain everything is just kept within our own network. So we don't have to worry about the security of our data leaving our data centers because it doesn't ever leave. It's always in our data centers. So you have no tape, is that correct? That's correct. Yes, everything. Congratulations. Yeah. So okay, talk a little bit about what results you found. I mean, talk maybe a little bit more color on the business impact. You said earlier that the business really wasn't involved in the backup. How did you get them involved and how involved are they today? Yeah, so we let them know that we're gonna be doing construction and there was a real potential for us to take down their services, cutting water mains and things like that. So they really understood that there was a real potential for us to create a disruption in their services. And we told them, we said, we need you to tell us what the criticality of these services are. And we came up with a rating scheme forum of recovery time objectives and recovery point objectives. We gave them multiple locations where we kind of wanted them to land. Immediate no data loss or a 24 hour data loss is it was kind of our targets for them. And then we gave them varying recovery time objectives from two to four hours all the way out to a week for how long it would take us to actually get their systems back. Should there be a critical event in our data center? We then made sure that we had all of our data replicated. We made sure we had systems in place to do this. And then we started a disaster recovery program where we test all of these services our 33 critical business systems are tested annually on a, we do a 48 hour disaster recovery testing where we stand up all of our services and we do this in an isolated network. So we're not doing it live. I'm not actually sending all my traffic from Providence down to New York, but we stand up all of our services as if it was a disaster. We do it in an isolated network. And we have our users actually come into that isolated network and validate that the services are running within that network to their satisfaction. So it really, we now know that our services are recoverable. We're meeting our windows and our users have validated that that's the case. So was the financial impact largely one of risk reduction? Did you look at other factors like how much is this spending on the overall infrastructure? I wonder if you could share just some quick information there. It was primarily the risk reduction. And it was also, it allowed it in the short run it was risk reduction in the longterm. It's also, you know, it's also brought our costs down in ways that we might not have expected not having to buy tapes, you know, the disc, the disc systems actually end up to be more cost effective in the long run, running on disc with deduplication than running on tape. Your mileage may vary on that, but in our environment, that is the case. It's actually more cost effective for us to put it on disc with deduplication than to send it out to tape. So Nancy, as it relates to data protection, what's on your to-do list? What are you looking at going forward, key initiatives, maybe talking about it a little bit? We have really large unstructured data. We have about a petabyte of unstructured data which is like file systems and stuff like that. Recovering of that using a traditional backup system which is, this is one of those applications that falls within our 24 hour type recovery. Recovering that type of an environment using a traditional backup is almost impossible because we have like a petabyte of data. So we've moved, we're moving to an EMC Isilon system using Isilon Sync IQ to sync that data directly down to our disaster recovery site in New York. This is giving us a great advantage on those unstructured data stores that we're actually able to raise the recovery time objectives and recovery point objectives on those services to what we consider our priority one type services. So basically these are a read-only copy of this data is available at any time at our remote locations. So we're up against the clock, but if I understand it correctly, you've gone from a one size fits all to a data protection as a service environment which is not trivial, especially getting the business involved. What's the one, last question, what's the one piece of advice you would give your peers trying to go along a similar journey? Replication is great, deduplication is fabulous, all these things, the technology really enables everything. Get your business involved because they're the ones who can make it happen for you financially and never miss the opportunity of a crisis. Thanks very much, love to have you on. We'll see you at EMC World and really appreciate your insights. Okay. Thanks again. All right. Thanks for watching everybody. This has been CUBE Conversations with Dave Vellante and we'll see you next time.