|At a Glance
|SonicWALL CDP 2440i Appliance (01-SSC-6301)
|Smart, Secure Network Backup Device
|• Ease of use, simple configuration
• Automatic backups of key data
• Offsite storage for disaster recovery
• “Bare Metal” backup functionality
|• No gigabit Ethernet
• Offsite storage requires subscription
• Can slow down network on initial installation
Here on SmallNetBuilder, we’ve reviewed numerous NAS and storage devices for saving and keeping copies of critical data on your network. Brace yourselves folks, this review is about a new type of data storage technology, one significantly different from a NAS.
CDP, or Continuous Data Protection, is an emerging technology in data storage and backup products that takes the administration and scheduling out of running backups—even enabling end users to restore lost files, as well as providing a solution for offsite disaster recovery—all on a disk-based network appliance.
SonicWALL has a line of CDP appliances for the small-to-medium business, based on the technology acquired through the purchase of Lasso Logic back in 2005. (See the SonicWALL press release). There are four products in the SonicWALL CDP line, ranging from the 1440i to the 4440i. The 1440i is designed to support a network with 15 PCs and three Servers, while the 2440i I’m reviewing can handle up to 30 PCs and five Servers. The higher-level CDP products, the RAID 1 based 3440i and RAID 5 based 4440i, handle greater numbers of PCs and Servers. The 3440i is rated for up to 75 PCs, while the SonicWALL spec sheet simply lists the 4400i as capable of handling more than 75 PCs.
From a technology standpoint, continuous data protection systems manage your data differently than traditional backup systems and software. Traditional backup devices allow for full, incremental, or differential backups. As you know, full backups make complete copies of the designated drives and/or folders. Differential backups make full copies of each file that has changed since the last full backup. Incremental backups make full copies of each file that has changed since the last full or incremental backup.
Continuous Data Protection differs by monitoring when the local machine writes to disk. When write activity occurs in a monitored folder on a PC, the updates are then backed up over the network to the CDP device, creating a continuous update of files.
The continuous data protection solution saves byte or block-level differences rather than file-level differences. This means that if you change one byte of a 100 GB file, only the changed byte or block is backed up. This saves on storage space over traditional incremental and differential backups, which make copies of entire files. In addition, continuous data protection works, uh, continuously, while backup systems run at specific intervals or schedules.
Some files may be updated hundreds of times, and it could get messy if all those changes were saved by the CDP. The CDP will save a maximum of 15 versions of a file, always keeping a copy of the original and latest version, and then a staggered subset of versions to prevent excessive disk utilization.
To summarize, continuous data protection is a more intelligent, efficient, and dynamic backup system, saving only the small amount of data that has changed, and doing so in real time instead of at static intervals.
Figure 1: Front and rear views of the 2440i
Over the past several weeks, I’ve had the opportunity to run the SonicWALL CDP 2440i on my network. Physically, it is a mini PC at 10.75” wide, 11.5” deep, and 2.5” high; see Figure 1. It has a CPU fan plus two chassis cooling fans that aren’t too loud, but you won’t want it on your desk, either.
You’ll recognize the internal components as similar to those in a PC; see Figure 2 below. The system runs on a VIA motherboard with a CLE266 chipset and a low power, low heat x86 1Ghz VIA Nehemiah CPU. Also inside is a 512MB stick of Kingston DDR333 RAM, an integrated 10/100 Ethernet NIC, and an Enterprise class 250GB PATA Western Digital Hard Drive (WD2500SB).
Figure 2: The motherboard of the 2440i
The back of the device has all the physical interfaces of a typical PC, including PS/2, VGA, USB, and even audio ports. The manual indicates that connecting to them can void the warranty, so I saved you the risk and tried it. Booting the CDP with a keyboard, mouse and monitor does enable you to see the BIOS graphic, telling you the system is built on a VIA VPSD board, as well as letting you watch the OS boot.
SonicWALL has secured both the BIOS and OS from end user access, so that is all you can see. Thus, there’s no reason for a keyboard, mouse, and monitor, or a KVM for that matter. From watching the OS boot, I can tell you the system is running a Debian based Linux OS. Once booted, there’s nothing you can do with the physical I/O connections; you’re left at the simple screen in Figure 3.
Figure 3: Boot screen for the CDP
Installation of both the hardware and client software was basic. Plug in a network cable and the power supply, and it turns on and boots up. Bootup takes about 75 seconds, about what you’d expect for loading a more complete OS than a typical NAS.
To get the CDP working on your LAN, you’ll use SonicWALL’s secure web based configuration utility (Figure 4). The CDP requires a static IP (default = 192.168.168.169); there isn’t an option for DHCP. If your LAN is using a different subnet than the 192.168.168.0 /24 network, you’ll need to use the supplied crossover cable to reconfigure the CDP’s IP address, gateway, and DNS settings.
Figure 4: Network configuration for the CDP
Other than configuring network settings and changing the default password, there is little need for the CDP web utility. The remaining functionality comes from using the CDP software, which you download from SonicWALL’s website once you’ve set up a user account and registered your device’s serial number and authorization codes.
Installation of the software is as simple as any other Windows package: just click your way through the screens to complete the installation. I installed the software on four different Windows XP machines and one Windows Vista machine without issue.
Two applications are loaded in the installation process: the Agent Tool and the Enterprise Manager. The Enterprise Manager is automatically loaded with the Agent Tool, but requires the CDP’s password you configured in the web tool, which should keep inquisitive end users out as long as you use secure password management practices.
Once you complete the installation, simply launch the SonicWALL CDP Agent Tool to ensure it can access the CDP (Figure 5). PCs on the same subnet as the CDP will auto-detect the device. Two PCs on my network are on a different subnet, so I entered the IP address of the CDP into the Agent Tool’s manual configuration option screen, which enabled access.
Once the Agent Tool sees the CDP, it automatically starts the process of continuous data protection by running a full backup of the contents of the Windows Desktop, Favorites, and My Documents folders.
Figure 5: The CDP Agent Tool
Additional folders can be added to the automatic CDP protection scheme by clicking the Add Folder icon and selecting the appropriate folder. Note: only folders on local drives can be added; trying to add a folder on a network or USB drive will result in a message stating, “Removable media drives and network paths cannot be selected.”
This initial full backup process may throw some load on your network if end users have a lot of files in the selected directories. This highlights one downside to continuous data protection: you can’t control when it runs.
I’d recommend installing the SonicWALL software on client PCs after the close of business to minimize impact on your LAN. Once this initial full backup is complete, the CDP only sends block-level file updates as they occur, reducing load on the network significantly.
The workhorse of the CDP software is the application that runs in the background on each PC and Server, watching for disk write activity to the defined directories. Using Windows Task Manager as in Figure 6, you can see the CDPAgentService.exe application is only using 1% of my laptop’s CPU, and this was while saving a file to a folder configured for monitoring by the Agent Tool. I talked to the product manager at SonicWALL, and he told me the Agent software monitors the CPU utilization on the host PC and waits for low CPU utilization before pushing updates to the CDP.
Figure 6: The Task Manager view of the Agent Service
In Use – more
I wanted to see if the CDP was really able to detect activity on my hard disk and write to the CDP device in real time. To do so, I devised a highly complex, sophisticated test. I created a new text file with a single sentence (called testfile.txt) and saved it in a folder being monitored by the SonicWALL Agent Tool. Then, I added a second sentence to my text file, saved it again, added a third sentence, and saved it again.
Figure 7 is a screen shot from the SonicWALL Agent Tool Restore File Menu. You can see that there are three versions of the file. All three were automatically created on the CDP each time I saved my work to disk. Version 3 is the latest copy of the file with all three sentences. Version 2 is the second copy with two sentences and Version 1 is the original copy of the file with just one sentence.
OK, so that wasn’t all that complex or sophisticated of a test, but it did the job and verified the continuous backup functionality. In the event I was working on an important spreadsheet, presentation, or report, each version would be saved to the CDP, something that could be missed by a nightly backup.
Figure 7: Three versions of a changed text file
With continuous version backups, and my test CDP only having a 250GB Hard Drive, I was curious about the compression ratio being used to store data. SonicWALL does point out that this is a business class device. It isn’t designed to back up MP3s, home movies, or huge stores of digital pictures, and the default profile will actually prevent storage of these file types. The CDP is intended to back up key applications, critical user files, and important data and emails. This explains how you could use this device for an office with 30 PCs and 5 Servers.
SonicWALL indicates the CDP runs overall data compression resulting in space savings of about 2-3.5X, depending on file types. To verify this compression, I looked at the Windows properties of eight folders on my laptop configured to back up to the CDP, and then looked at those folders’ properties on the CDP using the Agent Tool. In both cases, right-clicking a folder and selecting properties provides the data. As you can see from Figure 8, the CDP actually compressed the data from my hard drive by about 4X. Overall, I backed up five PCs to the CDP and used about 33GB on the CDP.
Figure 8: A chart showing the 2440i’s data compression
Another useful aspect of the CDP is support for remote user laptops. Since the Agent Tool is connecting to the CDP via IP, any VPN connection that provides IP connectivity to the home office LAN should work. I was able to remotely send file updates from my laptop to the CDP located back on my LAN using the SonicWALL Global VPN Client software that connected to a recently-reviewed SonicWALL TZ190W.
In addition to file backup, the CDP will automatically back up application data, such as email. By default, it will monitor the default file locations for Outlook and Outlook Express and back up email folders on client PCs. In addition to email, SonicWALL provides backup support for key business applications including QuickBooks, Peachtree, ACT!, Goldmine, Great Plains, Solomon, and various Microsoft business applications. SonicWALL needs to update its software to support the new Vista Windows Mail, though.
The Enterprise Manager software is very useful for managing the CDP. Tools are provided that enable the network administrator to add/remove agents, configure application backups, define and configure policies, search and restore files, run reports, or configure alerts.
Policies enable configuration of storage limits and filters for client PCs, as well as defining folders you want backed up. The default policy limits each client to 80GB storage space as well as filtering backups of.mp3,.avi, and.mov files, as mentioned above. New policies can be created with different limits and filters, and the default policy can be edited as needed.
SonicWALL’s Report menu is a handy tool for the network administrator, providing nice displays on utilization and performance. Figure 9 shows the Executive Summary report, which lists file utilization by PC, as well as the top types of files stored on the CDP.
Figure 9: The Executive Summary report
The Offsite Feature is one of the CDP’s gems. The 1440i and 2440i have single hard drives, and hard drives fail. Even on the higher end 3440i and 4440i devices that have RAID arrays, good disaster recovery planning dictates offsite storage of mission-critical data. SonicWALL automates offsite storage in the CDP with its subscription-based Offsite storage feature, eliminating the hassles of transporting and housing tapes or disks.
AES-256 bit encryption is used to securely send data from the folders selected by the administrator to one of SonicWALL’s three offsite data centers. (AES-256 bit encryption is an NSA-approved encryption method; it’s faster and more secure than DES/3DES encryption.)
Once you’ve subscribed to the service, all you have to do is select which data is mission critical, and SonicWALL does the rest. Enabling a folder for Offsite backup is simply a matter of a check box in the Enterprise Manager.
Files and data in folders that are being backed up to the CDP and configured for Offsite backup will automatically be transmitted from the CDP to the SonicWALL data center. Transmission from the CDP to the data center happens shortly after the data is stored on the CDP. This activity is behind the scenes, though, and there are no controls or visibility for the network administrator to schedule or monitor the transmission of data from the CDP to the data center.
SonicWALL gave us a 5GB test subscription to the Offsite service, so I set three folders on three different PCs with about 280MB of data to be backed up Offsite. The Offsite functionality is an out of sight, out of mind feature. You don’t see anything happening once configured, but the CDP is sending the data in small amounts to the selected data center.
When I looked at my CDP the next morning, the Offsite report confirmed the backup was complete and copies of my selected folders were offsite; see Figure 10. To retrieve the data per the SonicWALL documentation, you’ll need to contact SonicWALL tech support. You also need to retain a copy of your unique 256-bit key, as this key makes your data secure from even SonicWALL’s engineers.
Figure 10: The Offsite Service report
Bare Metal Backup
Bill Meade writes that “Bare Metal” backup is a killer app for NAS devices in his recent review of the HP Media Vault Pro NAS. I agree with Bill on the value of this application. It appears SonicWALL does too, as they have made Bare Metal Backup a service along with its CDP solution.
Although a form of data protection, Bare Metal Backup is really a distinct function from file backups. Bare Metal Backup allows you to create an image of your system, selecting an entire drive or partition as the backup object instead of selecting folders as the backup object.
Creating an image means backing up an entire disk or file structure in one shot, including operating system, applications, and files. Having an image of your system is useful if you want to erase or replace your hard disk and reload from scratch, but save yourself the time of re-installing the OS and all your applications.
The 2440i includes two licenses for Bare Metal software from Acronis. I installed the Acronis software on an XP Pro machine loaded with about 50GB of applications and ran the software to create an image of my C drive. The resulting image was about 38GB in size.
I configured the Acronis software to save the image in a folder on the D drive, and then configured the Agent Tool software to back up that folder to the CDP. If I wanted this image to be stored offsite, I could also have configured that folder for offsite backup, but with the size of the image, this would have exceeded my test offsite subscription. Instead, I made a copy of the image to a network drive.
To restore my machine from this image, I would boot my machine to a bootable CD created using the Acronis recovery software; see Figure 11 below. Since the Acronis boot CD loads network functionality, I would then point the Acronis recovery software at the network location where I copied the image.
The end result is that Bare Metal Recovery functionality provides the ability to efficiently restore an entire Operating System and all the applications with a single boot disk and network connection.
Figure 11: The Acronis boot CD
Pricing and Conclusion
SonicWALL touts the CDP product line as a solution to the problems with tape backups, and cites some interesting statistics in their product literature. Apparently, 30% of IT costs are associated with tape backups, of which 20% fail, while a surprising “40% of dedicated, full-time IT Managers can’t recover data from their tape backups.” SonicWALL’s CDP solution is designed to eliminate these costs and challenges.
The SonicWALL CDP 2440i is intended to be a seamless solution to data backup needs for small network administrators. It is a full hardware/software solution, comprised of three elements: the physical appliance, a software Agent for PCs and Servers, and the software Manager. This makes the 2440i a flexible and complete solution to network backups that not only saves key data, but provides offsite disaster recovery and full image restoral as well. If you were going to use the single-disk 1440i or 2440i, I’d recommend you budget in the cost of the offsite subscription.
Of note, the SonicWALL CDP runs on Debian Linux, yet supports only Windows clients and servers at this point. Presently, there aren’t software versions for either the Mac or Linux. SonicWALL is working on a Linux client, targeting release for the fall of 2007. In addition, gigabit support is provided in the higher end 3440i and 4440i, but not the 1440i and 2440i.
SonicWALL has a pretty complete package here, but there is competition in the continuous data protection space. IBM has a continuous data protection software package called Tivoli, which offers the advantages of continuous data protection, and provides the options to send the backups to local disk and/or network storage devices such as a server or NAS. There are also other vendors of CDP software products—check this Network Computing article for more info.
Seagate is the only company to have had a consumer-focused solution in their Mirra product. But the company recently discontinued Mirra, saying that they are rolling the technology into an upcoming product.
Like other SonicWALL products, there are both purchase and subscription costs with the CDP. The 2440i has a list purchase price of $2,999, plus annual subscription costs of $509 for software and firmware updates, increased to $629 or $1,172 if you want 8×5 or 24×7 support.
For 5GB offsite storage, the list on the annual subscription is $353. The Bare Metal Recovery feature will set you back $30/PC or $299/Server.
Data backup isn’t cheap—these products are not really targeted at consumers and will stretch the budgets of many small businesses. But, as SonicWALL points out, tape backups have significant weaknesses. And while NASes are a common and easy means of network data protection, most allow for backups only at specific intervals. The beauty of continuous data protection is its dynamic capture of disk activity.
I can think of numerous occasions when I created an important file, made changes, then goofed something up and lost hours of work. I wish I’d had the SonicWALL CDP 2440i on my network then; I would have been able to independently restore my work and save hours of re-work and frustration. I certainly enjoyed the security of having SonicWALL’s 2440i continuously saving my work as I wrote this review!