Managing data over a WAN

The protection of data in remote offices is increasingly recognised as a huge problem for organisations of all types and sizes.
Read time 4min 20sec

Business drivers behind the need to protect distributed data include regulatory compliance, support of litigation procedures, and the need to achieve a competitive advantage and improve operational efficiency.

Customers agree the size of the problem is growing as companies expand, merge, open more offices to get closer to their customers, and increase the use of digital technologies to run their businesses. Furthermore, the current methods of protecting data in remote offices are no longer effective or appropriate.

New technology

Emerging technologies offer the efficient copying and transferring of remote data over the wide area network (WAN), enabling the data from many offices to be aggregated into a single centralised repository. Existing problems around backup are addressed by eliminating manual and distributed processes.

There are two key technologies that have emerged in this area: distributed remote office/back office (ROBO) backup to disk, and wide area file system (WAFS). The development of these technologies has been driven by regulatory compliance requirements. Still relatively new to the market, they will all become more robust, flexible and integrated.

By making a copy and transporting it to a distant location, both backup and disaster recovery requirements are addressed.

ROBO backup to disk

Regional offices require data centre performance and recoverability, as they often have little or no remote office data protection skills and limited wide area bandwidth. A solution to this problem is ROBO backup to disk, which is designed from the ground up to protect the data located outside the data centre.

Distributed ROBO backup to disk offers the following:

* Local and global de-duplication technology, which builds a catalogue of the data as it is written to the virtual tape library. De-duplication drastically reduces the amount of storage required as well as the amount of data being replicated between sites for disaster recovery purposes
* WAN optimisation
* Centralised management and control
* Local and centralised data recovery
* File and data versioning
* Continuous data protection in some cases

When selecting a solution, bear in mind that we're talking about moving the company's data over semi-private and even public networks. It's essential that this data be protected from prying eyes and inadvertent disclosure. Look for solutions that perform site-to-site authentication and can encrypt data while in flight and at rest. Also be sure to address firewall traversal issues to avoid unnecessary security compromises.


Recently, WAFS and WAN optimisation products have emerged as alternatives to performing backup at remote offices. By speeding up WAN data transmissions, enterprises can safely centralise all their data storage at the data centre and forego file servers in the remote offices.

WAFS promises the following major benefits:

* Application acceleration - WAFS appliances make the applications perform faster and give a good fit to organisations whose networks are constrained by low bandwidth and high latency
* Bandwidth optimisation - WAFS appliances use a feature called scalable data referencing, which removes repetitive bytes out of the WAN traffic on any application. In practice this reduces WAN traffic by as much as 60-85%, which can help organisations avoid an expensive bandwidth upgrade

Existing problems around backup are addressed by eliminating manual and distributed processes.

Logan Hill, business unit executive for security and availability at Faritec

The WAFS architecture is fairly straightforward. At the corporate data centre, a WAFS central server is attached to network-attached storage or a storage area network. This central server is connected over the corporate WAN to a device called an edge file gateway at each branch office, and this is connected to the branch office LAN. At each branch office, users see the data they need on their LAN, apparently stored on the edge file gateway just as if it was a local file server. Performance-wise, the data is available at LAN-like speeds.

The central server is responsible for permissions, access controls, data integrity, file management and data protection at the remote sites. The first time a file is accessed at a branch office in a given session, a 'cold hit' is sent over the WAN to the edge file gateway using various network optimisation techniques including compression, data streaming and differencing (sending only the data that has changed from a previously accessed version of the file). Subsequent file accesses -'warm hits' - come from the edge file gateway's cache, and are supplied over the LAN only, at a much higher speed.

Although there may be many solid debates between proponents of WAFS and ROBO backup, I believe the trend is towards backup. This is being driven by capacity-based software licensing models, requirements for a standardised approach that also include offices generating quite a lot of data and, most importantly, the backup approach empowers users to do administration such as restoring their own deleted files.

Logan Hill

Business unit executive for security and availability at Faritec.

Logan Hill is a certified information systems security professional and was recently appointed as business unit executive for security and availability at Faritec. He has been at Faritec for three years, where he is responsible for business solutions development within the security offering. Hill recently specialised in the public sector, designing multiple security functions for the protection of critical information systems, information availability, retention and redundancy.

See also