This article first appeared in "Storage" magazine in their November issue. For more articles of this type, please visit www.storagemagazine.com.
What you will learn in this tip: How
DR prices are coming down and the options to protect your data are growing. Picking the right combination of options is the key to being cost-effective. But before you can select the right combination of DR options, you must establish an application/data classification foundation (ADCF). The following describes how to classify data by its value and then pick the tools (replication, backup, mirroring, snapshot, etc.) that will protect the various classes of data while also keeping your company in compliance with regulatory requirements. The ADCF also lays the groundwork for a comprehensive, workable information lifecycle management process.
Risk-to-benefit actuarial analysis often shows the cost to meet an organization's DR objectives for all applications and associated data. This leads to a budget-driven DR approach that may meet the DR requirements only for the organization's most vital application data. The rest of the data is either completely unprotected or relegated to a DR approach that falls short of organizational and regulatory requirements. This is also known as the DRGAP (gravely abysmal protection).
The DRGAP is the difference between the level of DR required and the level of DR that can be afforded, or the difference between the actual level provided and the level required.
What is cost-effective DR?
Depending on a company's needs, the definition of cost-effective DR can vary considerably. For our purposes, cost-effective DR is defined as meeting the DR needs of the organization; the protected data is within compliance with regulations, and the DR process falls within the organization's budget. The ADCF is the key element to determining the proper balance between under- and overspending on DR protection.
Use the ADCF to determine the value of the data to be protected. One method that works well is to assign the data to four categories: mission critical, essential, important and less critical (see "Establishing data's value"). For each category, you must set the recovery point objectives (RPOs) and recovery time objectives (RTOs). Next, each application and its associated data must be prioritized and assigned to a category. This isn't as daunting as it might appear. Ongoing surveys suggest that assignment should be based on application availability requirements, regulatory compliance and elimination of business risk.
Once you know the RTO and RPO for each application (see "Setting RPO and RTO benchmarks"), you can provide an operational framework for valuing or prioritizing the data (see "Correlating data to RPO and RTO").
The next step is to determine which available DR options satisfy each application/data classification's DR requirements and to then match their total cost of ownership (TCO) to the budget. You'll likely find that one size doesn't fit all and a mix of solutions will be required.
Read the rest of this tip in Storage magazine.
Tip: Lack of DR could be hazardous to your company's health
Tip: How to determine acceptable data loss
Tip: Think small to avert big disasters
Tip: Disaster recovery costs can be expensive- how do you convince management of its necessity?
About the author: Marc Staimer is the founder of Dragon Slayer Consulting and has over 15
years experience in the storage industry.
This was first published in December 2004