Weigh your backup and DR technology options
Even though backing up data and developing a plan to restore it isn't the first step in business continuity planning (BCP), it's still a cornerstone. Without a solid backup and disaster recovery plan, your client could sustain thousands of dollars' worth of downtime or data loss. Now that you know how to assess your client's risk and establish a contingency plan, we can take a look at some of the specific technologies -- such as tape and online backup and remote mirroring -- to handle the data side of the equation.
To protect against a catastrophic scenario, a backup and disaster recovery plan needs to ensure that your client can resume business operations from another site altogether in case the primary site goes down.
This is where recovery point objective (RPO) and recovery time objective (RTO) numbers become a factor, according to Oli Thordarson, CEO at Alvaka Networks Inc., a managed service provider (MSP) in Irving, Calif. For instance, an architecture firm may do nightly tape backups. After a disaster, the firm would take a week off to set up new servers and restore its data. Since its drafting systems aren't customer-facing, it may be more cost-effective for the firm to risk losing its computers for a week than to pay for a system that delivers an RTO of a few hours.
On the other hand, one of Thordarson's clients is a tile manufacturer whose contract with The Home Depot requires it to acknowledge every order within a matter of hours. This means it needs to have both a short RPO -- so it doesn't lose existing orders -- and a quick RTO -- so it can start getting new orders immediately. The tile company uses virtualized servers and backs up the images regularly as part of its backup and disaster recovery plan. In the case of an emergency that renders a server inoperable, IT just installs the most recent virtual machine image to a new server, which then picks up exactly where the old system left off.
Three of the most common ways to back up data are to create tape backups, to use an online backup service, and to mirror the data to another data center or branch office.
Tape devices are cheap but slow and need to be physically transported to a safe location. They can also be unwieldy if your client is backing up a lot of data, and your clients will have to maintain machines that can read them. Still, tapes -- which are one of the oldest storage technologies out there -- can be a good way to create backups if RTO is not a huge concern.
Tapes also provide snapshots of your client's data as a whole, which can be useful for audits. Other systems back up each file individually, meaning that it can be difficult and time-intensive in an audit to reconstruct exactly what information a company had at a given moment. With tape backup, companies can just refer to the corresponding tapes. Some companies supplement other, more sophisticated backup techniques with quarterly tape backups for this reason.
Remote backup through an online service
Online backup services, from companies such as EVault or AmeriVault, have the advantage of storing data at a completely different location. Since this could be thousands of miles away, it's safe from even regional disasters, such as earthquakes, that may otherwise take out both a client's primary site and its physical tape storage facility. On the other hand, online backup services may not be economical for a high volume of data, Thordarson said, especially if your client wants to back up multiple versions of files.
Mirroring to an alternate site
Tapes and online backup are good for saving your client's data, but they don't solve the problem of restoring the systems that data resides on if a disaster knocks out the primary site. For that, your client will need to mirror its data to a hot site that combines storage and redundant servers preloaded with the right applications.
Clients who take that route for their backup and disaster recovery plan have essentially two options, said Michael Grunder, vice president at Vantage Technology Consulting Group in Boston. They can set up an alternate network operations center (NOC) at a branch office, or pay a third party for a hot site.
With those third-party services, often billed as "high-availability" systems, the vendor's hardware hosts the customer's software as well as backed-up data. In an emergency, the customer can just work out of the vendor's NOC. Two forerunners in high-availability disaster recovery services are SunGard and IBM.
The decision to use a branch office or a third-party vendor will depend on several factors, including your client's budget (building and maintaining a fully redundant NOC is expensive) and how willing the client is to mirror its data to a third party.
Whether your client uses a "high-availability" vendor or sets up its own secondary NOC, the principle is the same. Servers at the alternate site are loaded with the same systems as those at the primary. Data from the primary site is replicated to the alternate site regularly, so if the primary site goes down, the secondary will be instantly ready -- both in terms of data and in terms of applications -- to start handling transactions. Replication frequency varies on the specific implementation, but it can be as quick as continuous data protection (CDP), in which files are replicated every time they change.
You should have regular training and testing runs to make sure your backup and disaster recovery plan is executed smoothly, according to consultants. About once a year, your client should simulate a complete disaster at their primary site and see how quickly -- and with how much data loss -- they can move operations to the secondary site. Running this drill regularly should ensure not just that the technology works, but that your client's employees know exactly what to do to make the switchover as instantaneous as possible.
21 Nov 2008