Disaster recovery (DR) and business continuity solutions are a necessity for every business, large or small. It is an investment in the future of your small or midsize business and should be proactively approached rather than left as an afterthought. Each organization’s data recovery plan is unique. But one basic solution can still be recommended for every small and midsize business: the implementation of continuous data protection combined with disk image backups and off-site storage.
The steps to achieve this level of security and peace of mind include line-of-business (LOB) analysis of mission-critical data, creation of DR and business continuity policy, the formulation of a strategic implementation plan and the execution of that implementation plan. Let’s take a look at these steps in detail:
Step No. 1: LOB analysis of mission-critical data
Like any other project, you first need to start by analyzing your current status. The key here is that business continuance as a well-thought-out and executed DR plan will make or break an organization. Begin with a three-step approach to developing a successful backup and data recovery strategy:
1. Discovery: Interview the key players such as top-level directors, managers, team leaders and employees to determine mission-critical data. All e-mail systems, Web data, accounting systems and industry-specific proprietary software should be analyzed to determine the value to the organization if it becomes temporarily unavailable or is lost forever.
2. Analyze: Perform cost-benefit analysis to determine tolerance to downtime and loss of data-be it a temporary downtime or complete failure and loss leading to the need for data re-creation. Difficult decisions about data relevancy also need to be made with the associated cost of ownership and regulatory provisions.
3. Plan: Determine what solutions are viable, within budget range, and provide security and peace of mind to the stakeholders. The key determinations are downtime, restoration time and redundancy of data backup solutions.
Creating a DR and Business Continuity Policy
Step No. 2: Creating a DR and business continuity policy
After mission-critical data has been identified, the next step is to create a policy that will focus on the continuous backup of that data and ongoing scheduled operating system images that will prevent disaster. Most SMBs cannot afford a disaster of any kind, so it is vital that they plan accordingly. Your DR and business continuity policy needs to be effective in the following three key areas:
1. Pinpointed restoration of mission-critical data: The mission-critical data needs to be restored quickly, with the most recent changes available. Using a LAN or WAN-based hard drive appliance with a built-in RAID array that offers continuous data protection will create easy restoration points for Exchange, SQL, Active Directory and user file shares.
2. DR for system and service failures: Disk images should be scheduled on a daily or weekly basis that take snapshot views of the critical systems to either a local network-attached storage (NAS) or USB device, which is then taken or replicated to an off-site location.
a. Service restoration
Utilize virtual and redundant systems in the event of a service failure to prevent data loss such as transaction processing on a point of sale (POS) system or inbound e-mail.
b. Hardware failure
To recover from a hardware failure, maintain available parts or relationships with vendors that can supply hardware quickly.
c. System destruction
Use an off-site storage system to prevent localized environmental events from affecting the data backup copies.
3. Proactive remote monitoring system to verify integrity of system: A DR plan is only as good as its last successful restoration. The next step is to monitor and test the system to ensure quick, proactive responses. Monitoring is done continuously to ensure that there are no problems, while testing is performed at regular intervals to ensure the integrity of the system.
Formulating a Strategic Implementation Plan
Step No. 3: Formulating a strategic implementation plan
Next, your small or midsize business will formulate a strategic implementation plan beginning with a risk-based analysis. This will determine the level of risk versus capital investments an organization is willing to make to ensure viability. Your plan will be guided by the wisdom gleaned from the following analysis to determine where best to focus your expenditures on a reliable system. To determine the strategic implementation plan, the four business models below need to be analyzed:
1. On-site versus off-site: Determine whether the investment will be made for an on-site infrastructure that will include redundant systems for power, cooling, connectivity and hardware, or will partnering with a hosted co-location facility be a better investment with less TCO? Every plan must include an off-site option, with automatic replication or manual storage in case of a physical disaster.
2. Downtime tolerance: Determine how tolerant an organization as a whole is to downtime. Then, within the organization, a tolerance threshold determination needs to be made depending upon the type of data, services being provided and customer demand. This will determine the layers of redundancy required by the organization to prevent downtime.
3. Quantity of data: Determine how much infrastructure to invest into the on-site location, based on the amount of data that is deemed mission-critical and needed to recover from a disaster. The cost point of on-site redundancy versus off-site remote access will focus the organization on where to invest its precious dollars.
4. Communications infrastructure: In conjunction with the quantity of data, determine the communication infrastructure needed to replicate large amounts of data to an off-site location or which network services are necessary to maintain a reliable remote access connection to off-site repositories of live data. The more data being replicated, the larger the data access point will need to be. Eventually, the cost will be prohibitive for replication and remote access will make more sense.
Step No. 4: Executing the implementation plan
Now that you have designed a plan to respond quickly to user needs, lost or damaged data, server crashes and natural or unnatural disasters, you are ready to execute. Ongoing testing and monitoring of the system is key, as test restorations and war-gaming help you prepare for recovery. The policy, plan and procedures will need to change periodically as your system grows and changes, so an annual evaluation is necessary.
As you can see, the majority of the project is in the planning, analysis and evaluation stages. SMBs, in particular, need to focus their attention on off-site and hosted solutions that provide enterprise-grade support and fault-tolerance at SMB prices. This is what will enable the SMB owner to rest peacefully at night, knowing that their critical data and systems are being given the attention they need from professional IT infrastructure specialists.
Thomas Nieto is Director of Strategic Consulting Services at AnalySYS. Thomas presently oversees strategic planning for clients and directs a team of consultants engaged in projects, project management and consulting services. Thomas is responsible for managing the company’s data center and server farm, while providing strategic vision and technical expertise for the company’s internal IT infrastructure. Prior to this role, Thomas was IT Director for a regional behavioral health specialist with eleven offices throughout the eastern United States. He can be reached at thomas.nieto@analysys.net.