This article can also be found in the Premium Editorial Download "Storage magazine: Expanding SANs: How to scale today's storage networks."
Download it now to read this article plus other related content.
Even as I am writing this article, Hurricane Isabel is pummeling the East Coast of the U.S. and its projected path is very wide. Should a considerable amount of flooding take place, multiple data centers in Isabel's path could be affected by this storm. And although a natural disaster's target is less symbolic and has more to do with location (i.e., ocean-side states and fault lines), the resulting damage as far as data loss could prove to be worse than that of a terrorist attack.
Data centers that find themselves in Isabel's path can call their DR provider and put them on alert to the possibility of needing floor space and equipment. However, this doesn't reserve the needed resources for recovery, and thus doesn't invoke any real action on the part of the provider. If you want to ensure that resources are available, you must actually declare a disaster before you get resources for your recovery efforts. This is also the point at which invoices should be generated as well. Therefore, because disaster declarations aren't cheap, a DR coordinator wouldn't ordinarily issue a declaration "just in case" a disaster might strike their data center.
Declaring a disaster helps to ensure that your resources are available, but doesn't actually guarantee that they are available. Declaring a disaster simply puts you in a queue behind other IT organizations that apparently had Sungard on speed dial and contacted
Considering these realities--the symbolic significance of Sept. 11 and now the weaknesses of our electrical infrastructure--should give us all enough pause to wonder how we would recover our applications if the contracted recovery site was not available due to this first-come, first-serve practice. I'm not saying that you should have recovery contracts with multiple recovery vendors (Who can afford that?); but I am saying that your recovery vendor should have resources in sites across the country, and at an extreme, outside of the country to help ensure that the widest reaching disasters do not paralyze your applications indefinitely.
As for the general state of our disaster preparedness, the recovering insurance company completed restoring its applications before its contracted time expired, much to the delight of some of the executives who came to Philadelphia to witness the recovery. Hopefully, that's representative of other companies, as well. But there was room for improvement, such as how they provisioned IP addresses or prioritized application recovery. Practice may not make perfect, but it sure goes a long way toward turning vigilance into readiness.
This was first published in November 2003