IN THIS GUIDE:
- Network disaster recovery planning: A service opportunity
- Network disaster recovery product sales opportunities
Fires, floods, hurricanes and terrorist attacks can cripple the networks that businesses small and large depend on. VARs and solution providers can tap this business opportunity by helping customers plan for network disasters, ensure business continuity, and recover from the unforeseeable. In this guide on network disaster recovery planning, we look at the types of services and related products you can offer customers, and how to keep on top of the client's regulatory compliance.
Network disaster recovery planning: A service opportunity
by David Jacobs
Network disaster recovery planning requires much more than customizing a generic document. You can apply the breadth of your experience to help customers:
- Scope the range and likelihood of disaster types.
- Evaluate the potential impact and severity of possible events.
- Create comprehensive disaster plans.
- Put in place ongoing procedures to prepare for disasters.
- Determine how to recover from disasters.
An incident affecting network connectivity can be as simple as a hardware failure or as catastrophic as an earthquake. The problem is, most businesses only consider natural disasters when planning their network disaster recovery and business continuity efforts. Draw on your range of customer experience to point out potential disasters that are less likely to be considered and to help estimate the likelihood of events. Begin by presenting to customers a generic network disaster plan that outlines the full range of risks. Explain and weigh potential risks that are not immediately apparent. For example, wide area network (WAN) links can go down when a service provider's equipment fails, a line is cut when someone digs in the wrong place or a natural event such as an earthquake occurs. Internal networks fail when switches or routers malfunction.
Customers who have migrated to VoIP must also take into account the risk of losing voice communications. Public carriers have taken seriously the responsibility for maintaining voice communications and have historically maintained high levels of reliability. Your business continuity plan must provide a way to maintain voice communication. For some customers, leaving a few public carrier lines in place is sufficient. For others, more complex solutions may be required.
WAN optimization enhances disaster recovery plans True disaster recovery plans used to be only for large multi-billion dollar customers. Nowadays not a single company should be without a disaster recovery plan. However, being able to afford the network bandwidth to accommodate such a plan has historically been a problem for all but the largest companies. Now, thanks to the advent of WAN optimization technologies, even your small and midsized customers can have the peace of mind that comes with a disaster recovery plan.
Learn more about WAN optimization for disaster recovery...
Network disaster recovery plans and procedures
Work with your customer to create appropriate network disaster recovery plans and procedures. Help identify vulnerabilities by using your knowledge of your customer's business and its network, as well as your professional expertise, in these key areas:
- LAN recovery: Local area network (LAN) recovery requires accurate and up-to-date network documentation. The first step in preparing to deal with an outage is creating accurate documentation if it's not already available. As you work with your customer, suggest a detailed network audit to bring documentation up to date. Include in your plan a procedure to ensure that every future change is documented.
- Web backup: Backup Web servers are a must for customers who depend on a Web site for revenue. Suggest contracting with more than one network service provider to ensure that switchover occurs immediately and automatically in the event of a failure. If your customer relies on a Web hosting service, make sure that the service provides adequate backup or suggest that your customer contract with more than one hosting service. On the other hand, if your customer's Web site can be down for a few days without serious consequences, do not expend as much effort and expense to protect it.
- Data backup: Data backup is essential. Work with customers to create and implement appropriate procedures. For some customers, an end-of-day backup is sufficient, with data entered on the day of the failure easily replaced without serious consequences. In businesses with zero tolerance for data loss, remote disk mirroring may be required. In any case, put in place a procedure to confirm that backups are actually occurring and backup media can be read.
Disaster recovery services
You can play a vital role in assisting customers as they recover from a disaster. Knowledge gained while creating the plan and putting procedures in place enables you to help in any way required. That may mean quickly supplying replacement network hardware, reloading backups or even moving some processing to your own facility while repairs are made.
Network disaster recovery product sales opportunities
by David Jacobs
Network disaster recovery and business continuity planning offers services and sales opportunities for value-added resellers (VARs) and systems integrators. However, you must ensure that the network disaster recovery plans you create are as complete as possible, and that you offer products appropriate for your individual clients' needs.
Restoring a network to its pre-disaster state is nearly impossible without detailed and accurate documentation. Most network management packages include network documentation functionality that tracks network device configuration settings and can reapply them to replacement hardware like routers and switches.
Physical network configuration is as vital as device configuration. Physical network configuration includes correspondence between switch port and workstation, identifying labels on the cable connecting port to workstation, placement of the cable in a bundle and the path of the bundle. Cable management software packages such as UltiCAM 2000 by Total Wire Software Company Inc. and NetDoc by Brady Worldwide Inc. are designed to address these problems. They integrate information from office area blueprints with information about connections, maintain internal consistency and make both individual and end-to-end connections easy to see. Both vendors offer their products through channel partners.
Customers whose businesses rely on their websites and Internet connections for revenue must maintain connectivity through multiple service providers. If customers host websites externally, they must contract with more than one provider to ensure that customers will always be able to reach the site. Many Web hosting providers offer partner programs. You can select and affiliate with two or more vendors and include Web hosting in your service offerings.
Redundant switches, routers and servers
Adding connections to multiple WAN service providers often requires additional switches or routers. Customers with more than one location may need to add additional servers to take over if the servers at one location go down or become unreachable.
Backup software and hardware
VARs and integrators can offer their customers a wide variety of data backup software and hardware products. Large vendors such as CA, EMC, HP and Symantec maintain partner programs as do smaller backup vendors such as Acronis, Atempo and Bakbone. Because of the large number of vendors and similar product offerings, you can add value by selecting and partnering with vendors offering products best suited to your customers.
Email backup is critical. Again, there is a wide variety of both software products and hardware appliances VARs can choose from. Inexpensive software packages purchased directly from the vendor may be adequate for small businesses. CA, EMC, HP and IBM all offer software products suitable for medium-sized to large enterprises.
Email backup appliances all provide basic backup facilities but differ by the email products supported and by the size of customer targeted. Both Azaleos Corp. and Plasmon Plc offer appliances supporting Microsoft Exchange. The Azaleos product combines all Exchange processing and archiving on a single appliance that's managed remotely by Azaleos. The Plasmon appliance offloads the archive function.
Some requirements are industry-specific. For example, the Securities and Exchange Commission (SEC) requires that email be archived on an unalterable medium. And HIPAA requires that patient information is encrypted. Both Intradyn and Tangent appliances store mail on WORM (Write Once, Read Many) tape, and both can encrypt mail.
Managed and remote backup solutions
VARs and integrators can also give customers guidance choosing managed and remote backup providers. Many providers of remote backup services maintain partner programs in addition to offering their services directly.
Amerivault, Evault and Iron Mountain offer multiple partner programs with varying levels of participation. Partners can choose to simply refer customers to the service vendor, while partners with software or hardware tailored to a particular industry can integrate the vendor's products with their own and sell a unified offering.
Iron Mountain also offers branded services hosted from the VAR's own data center. Technology is licensed from Iron Mountain and services are sold directly to customers. All of these programs provide partners with a recurring revenue stream.
David B. Jacobs of The Jacobs Group has more than 20 years of networking industry experience. He has managed leading-edge software development projects and consulted to Fortune 500 companies as well as software startups.
Disaster recovery software and compliance considerations
by Stephen J. Bigelow
Network disaster recovery (DR) relies on software products that can send critical data to the remote site or recover that remote data for return to the client. Once implemented and configured, the disaster recovery software system needs to be routinely tested to ensure that all of the parts involved work properly. All of this activity needs to happen while maintaining the client's regulatory compliance or other corporate governance position, further complicating network DR and business continuity planning for solution providers.
This section of our guide discusses changing trends in disaster recovery software and highlights the importance of regulatory compliance.
Changes in disaster recovery software
Disaster recovery software should satisfy the data protection needs of the client and their business. The most important consideration in disaster recovery software selection is the recovery time objective (RTO) -- understanding how quickly the DR software can retrieve and restore data from the remote site. The product should accommodate the customer's data load and change rate in synchronous or asynchronous mode, pass that data within the available effective WAN bandwidth, support all of the client's mission-critical applications or data types, and still fit within the client's budget. "Time to recovery is the main goal, and then balancing against cost," said Dave Sobel, CEO of Evolve Technologies, a solution provider located in Fairfax, Va.
In the past, DR software solutions often proved complex and difficult to configure fully. But disaster recovery software is changing. "The trend I can clearly see is simplification of the infrastructure," Sobel said. "Customers are looking for fewer tools in the environment." Solution providers can teach clients how to use their existing infrastructure and tools for new tasks wherever possible, rather than changing or adding to their infrastructure. In other cases, solution providers must help the client ensure that any new iteration of tools they already have will solve emerging problems or changing DR needs.
The push toward simplification is reflected in a trend away from third-party products. "Movement is away from snapshots and third-party replication products such as SAN Snapshots or DoubleTake, or VMware VMotion," said Rand Morimoto, president of Convergent Computing, a network solution provider in Oakland, Calif. "The movement is to built-in replication like SQL 2005 Mirroring, or Exchange 2007 Stretch Cluster Continuous Replication, or DFS-R -- where the replication is in the application, thus failover and failback is native to the app and fully vendor- and auditor-supported." This approach reduces the number of DR tools in the environment and eliminates vendor finger-pointing when replication doesn't work as expected.
While virtualization tools like VMware may not be desirable for disaster recovery alone, clients that already employ virtualization for consolidation or management purposes may also see benefits in DR.
"Another application that we see playing a bigger role in DR … is VMware," said Bob Laliberte, analyst with the Enterprise Strategy Group in Milford, Mass. Laliberte noted that virtualization enables far greater flexibility in site design and equipment, allowing for cost savings, which some clients may leverage to establish a third DR site (such as a restoration site in addition to a traditional DR site). Additional tools like VMware's VMotion enable the migration of one virtual machine to another, allowing failover between host servers without disruption. Similarly, VMware's Site Recovery Manager automates the recovery of virtualized environments for SMB/SME clients.
Testing and documentation in the DR environment
Testing is critical for any network disaster recovery plan, but the frequency and extent of testing depends on the client's recovery objectives. Clients with tighter recovery objectives must test more frequently. For example, a client environment with 20 users and several servers with an RTO of 24 hours may require little (if any) actual recovery testing. It may be adequate to verify several times a year that the client's data is available to be recovered. Conversely, a client that relies on recovery times of mere seconds in a critical disaster may demand much more frequent testing. No two clients are the same -- experts like Morimoto, Sobel and Laliberte cite testing rates ranging from once per year to once per quarter to once per month and even more frequently for busy enterprises.
When advising a client on DR testing frequency, solution providers will need to weigh the costs of labor and potential network disruption, as well as the risks of testing, such as potential restoration errors. "If you want [reliability] to be 100%, I need to continually be testing it daily," Sobel said. "That may not be what you really need." Sobel suggests that solution providers first examine the risks and costs of the client's RTO and then evaluate a testing schedule that can minimize those risks.
A major concern with any DR plan is the effect of change. New applications, new servers, additional storage resources, patches, updates and any changes to the physical network infrastructure or WAN can all adversely affect the DR plan, requiring an updated plan and new testing. Changes are often overlooked until testing reveals missing or inaccessible data, so keeping the client's DR plan current can be a significant opportunity for solution providers.
DR validation software such as Onaro's Replication Assurance, CA XOsoft Assured Recovery, Continuity Software's RecoverGuard, and Symantec's Fire Drill feature in Veritas Storage Foundation 5.0 High Availability (HA) for Windows all monitor and test the DR system by reporting or accommodating changes as they're found. Laliberte said that as these validation tools mature, testing requirements will ease, because validation tools will be constantly monitoring DR readiness.
Solution providers should also be concerned with DR documentation, which includes all of the policies and procedures needed to execute the DR plan. The documentation is light for most client organizations. "Clear documentation is important, but with HA/DR combo solutions the [high availability] doc, DR doc, and general patching and updating docs are all the same … very simple," Morimoto said. There may be separate documentation for the client and the solution provider depending on who is actually performing DR activity. Solution providers can potentially generate added revenue by offering routine testing and documentation review/update services.
Compliance considerations for disaster recovery
Most client organizations must preserve data in a manner consistent with regulatory compliance rules appropriate for their business or vertical. For example, any publicly traded U.S. company is governed by Sarbanes-Oxley (SOX) compliance, while U.S. healthcare businesses are also affected by Health Insurance Portability and Accountability Act (HIPAA) regulations. Solution providers that develop, implement or change DR postures will need to ensure that the changes still meet compliance objectives that may overlap multiple regulations. This can complicate DR design and testing because client data must be preserved in a manner not only to accommodate the client's business objectives (such as recovery time), but also to satisfy one or more compliance auditors.
Take the time to understand the compliance needs of the client's industry, as well as the unique requirements of the particular client. Success depends on close work with the client beyond just IT tasks -- often involving input from human resources, finance, legal and other departments. "Then the solution provider can help implement the DR solution, test it and make sure it all works," Morimoto said, noting that DR features integrated into each application often pose little problem for compliance.