Every business needs to face the reality of disasters, no matter whether they result from forces of nature, acts of terrorism, careless (or malicious) employee actions or simple hardware failure. Every business, no matter what size, is now re-examining its IT preparedness for a disaster and disaster response plans.
Data loss can be devastating. Business records today are increasingly in electronic form. Dependency on these records, and the tools used to process and store them, continues to grow. Most electronic records, such as emails or transactions, never get printed out. If electronic records are lost, they might be impossible to re-create. For most businesses, data loss is not an option.
Businesses are also now obligated to comply with legal requirements for retention and discovery of electronic information, even in the face of disaster. Consequently, organizations today must implement the technologies and policies needed to ensure the safe preservation and availability of their data and guarantee the timely recovery of that data when disaster strikes. Disaster recovery strategy starts with sound planning and design.
Addressing current disaster recovery capabilities
Disaster recovery planning involves three musts.
- Your backups must be protected. For example, having a backup tape full of data in a local tape drive will not be of much use if the data center burns to the ground. A second copy of your backup needs to be in a different physical location.
- You must be able to recover your business operation from the backup. If one site washes away in a flood, there must be enough data in a protected location to continue normal business operations. For most companies, data is not the business -- data supports the business.
- Your recovery process must function properly within a given timeframe prescribed by your specific business needs. Simply put, a distant backup is worthless if you can't get the business running again -- or take weeks to restore data from tape.
Once you weigh the implication of each of these musts against your business recovery requirements, you can start to formulate a meaningful disaster recovery strategy.
Disaster recovery strategies and business needs
There is no single approach to disaster recovery (also called business continuity planning or BCP) and no one way to protect your business operations. Strategies and procedures established by one company may be inappropriate for another. Bu there are several common approaches to disaster recovery planning.
The most common approach to disaster recovery is offsite tape, where backups are periodically run in data centers or remote offices. The backup tapes are then duplicated and transferred to a secure offsite location, such as an Iron Mountain vaulting facility. The tapes are recalled based on a rotation schedule or when recovery is needed. In recent years, optical media such as DVD has also been used for backups. Optical media is more expensive than tape, but it offers better performance and reliability. However, optical media has fallen out of favor in backup scenarios because of its limited capacity.
Another popular option is remote disk replication, where data center resources are periodically copied to similar storage resources at a distant location. For instance, a bank might choose to replicate the contents of EMC's Centera across a WAN link to a duplicate Centera installed at a location hundreds of miles away. Duplicate resources like this can often allow faster recovery than tape and, when properly implemented, might also take over as the main storage location if the primary site becomes unavailable.
There is always a cost element to disaster planning/recovery. It's a form of insurance: You're spending money to protect against a greater financial loss. The goal is to match the complexity of the data protection scheme and the associated cost with the potential loss you're trying to prevent. So while a small medical office might do well shuffling weekly backup tapes offsite because its recovery needs may not justify more expensive options, a global 24/7 Internet retailer might require a completely replicated data center because downtime will cost far more than the disaster recovery solution.
Remember the third "must" above: Recovery must be completed within a timeframe that matches the business' recovery requirements or ROI. Large amounts of data against a tight recovery time objective (RTO) dictate a more elaborate recovery strategy.
Disaster recovery tools
The data protection solution you choose should reflect your recovery strategy, which is dictated by business recovery requirements. If tape is the preferred backup and restore media, you can select any backup/recovery software compatible with your tape drive platform. The products most often found in larger data centers include Symantec (Veritas) NetBackup, EMC NetWorker and IBM Tivoli Storage Manager.
Many disaster recovery strategies that leverage replication between storage arrays rely on software provided by the manufacturer of the array. EMC's Symmetrix Remote Data Facility replicates data between Symmetrix systems. IBM uses Peer-to-Peer Remote Copy between IBM arrays. Hitachi Data Systems uses TrueCopy to replicate between HDS arrays. But you're not limited to hardware-specific replication software; companies such as FalconStor Software, Doulbe-Take Software and Kashya (now part of EMC) provide tools for replication between heterogeneous storage arrays.
Organizations that lack the resources to operate a disaster recovery location can outsource their disaster recovery operations to a third-party service provider for a monthly fee. Such disaster recovery service providers include E-Vault, IBM Global Services and EMC, through its recent acquisition of Mozy (Berkeley Data Systems).
There is no "one-size-fits-all" disaster recovery strategy. It makes perfect sense to implement a tiered disaster recovery strategy that incorporates tape backups, backup to disk and data replication. Since not all business processes are equally critical to a company's survival of a company, their respective supporting systems and data will have different recovery priorities.
Disaster means crisis, and a crisis is no time to search for tape vaulting contacts or to figure out how to rebuild your backup environment. Disaster recovery experts stress the need for thorough documentation. Such documentation should include instructions to outline system preparation, restoration steps and post-restoration testing/validation of the data center prior to resuming normal operation. It should also contain contact information (e.g., phone numbers for administrators, vault service contacts, etc.) or access passwords.
This documentation is your disaster recovery plan. There should be several copies of the plan, each entrusted to key IT and management personnel. Note: Practice strict version control to ensure that only the latest recovery procedures are available.
Pierre Dorion contributed to this disaster recovery article. He is the data center practice director and a senior consultant with Long View Systems Inc., an IT services and solutions company.