Last summer's blackouts in the U.S. and Canada have reminded many
people of the fear and confusion that marked the events of September
11. For others, however, they posed the perfect opportunity to verify
just how well they had prepared for rough times.
Businesses have also been reminded of the vulnerability of their critical
information and communications systems, underscoring the need for
airtight business continuity planning (BCP) and disaster recovery
services (DRS). According to John Gantz, chief research officer at
IDC, IT security/business continuity is priority number one for IT
professionals. This trend will translate into $155 billion in worldwide
spending on DRS and BCP products and services in 2006.
9/11, enterprises realized they had to significantly beef up their
business continuity investments and put comprehensive business continuance
management programs in place, if they were to adapt and survive in
the face of any incident or situation that might present itself. |
Meanwhile, the recent blackouts have shown that business continuity
is not an insurance plan against which claims are never made. Instead,
companies that have pursued business continuity in earnest have become
more nimble at dealing with and recovering from the unexpected outages.
It would therefore be wise to regard business continuance programs
as a crucial investment that can mean the difference between prosperity
and total breakdown.
Identify the risks
So what does it take to establish an effective business continuance
strategy? First, you must recognize the possible risks to your business
processes. Start with such low-hanging fruit as:
Traditionally, these risks would be dealt with by backing up data
on tape or disk arrays, then accepting the necessary evil of waiting
for as long as it took to restore damaged resources from backups.
With today's real-time organizations committed to 24/7 availability,
this is obviously unacceptable.
- Hardware, software and human error-related failures.
- Data corruption.
- Network outages, power failures and site disasters.
Set your objectives
To implement a business continuance plan that will enable you to maintain
the desired level of availability, you must define your RTOs (recovery
time objectives), or the acceptable amount of time it would take for
your organization to resume operations following a disaster. For some,
a day would be good enough. Many real-time enterprises, however, would
find damages from a site outage as short as four to 24 hours absolutely
Additionally, you must set your RPOs (recovery point objectives),
or the accuracy with which specific data states can be recovered from
backups, journals or transaction logs. Is an application checkpoint
good enough? Or do you require a higher degree of granularity than
when choosing your restore point?
Finally, you should also realize that as essential as IT services
are to your organization's business continuity, they are but a single
factor in the scheme of things. To effectively recover from disasters
and resume business operations, you will need to create a plan that
focuses on all critical resources, including IT, employees, facilities
Choose the right solutions
A business continuance program may entail a completely reworked architectural
blueprint, as well as integration of supporting technologies such
as mirroring, replication and clustering. Nevertheless, any of the
following solution levels may be targeted:
- Backup and restore to provide minimal protection against site
outages, with recovery lasting several days and requiring either
hardware replacement or tape restore operations.
- Business recovery to provide a shared infrastructure, with strong
recovery processes for RTOs ranging from eight to 72 hours.
So which solution should you choose? You might be surprised to find
that even medium-size companies on a budget will be able to afford
effective disaster tolerance. Therefore, it's probably a good idea
to start by discarding traditional backup systems (or at least strengthening
them) and deploying real-time, replication-based data availability
and disaster recovery solutions.
- Disaster tolerance to provide a disaster-tolerant infrastructure
that employs data replication to ensure either limited data loss
or no data loss at all, with RTOs ranging from nearly zero to
Before making your choice, be sure to evaluate competing solutions
on the basis of the following key factors:
- Reliability. All high-end file system-based replication solutions
may be effective in backing up server files. However, lab tests
are likely to show that many of them will also replicate corrupted
data, offering no way to back out of corrupted replicas. The ideal
solution would allow you to either schedule deferred replication
(preventing replication of corrupted servers) or easily wind data
back to a previous state of complete data integrity.
- Performance. How quickly can your organization get back up and
running? Does reviving a damaged server or bringing a standby
replica on-line require time and manual intervention, or can users
simply and instantaneously be switched to a standby replica halfway
around the globe? Also, does everyday replication affect the performance
of your information infrastructure, or is it completely transparent?
Choosing the wrong solution here may mean that users will suffer
the impact of the added replication activity on the servers they
rely on for their daily work.
Replication systems will allow you to maintain duplicates of your
business-critical servers not only locally but also globally, over
the WAN. Continuous, real-time replication will keep replicas up-to-date
at all times, so that when disaster strikes, your data and applications
will remain available and fully operational.
- Cost. Many considerations fall into play here. Is the solution
generic, or is it tailored to the specific application servers
(Exchange, SQL, Oracle) being secured? Does deployment require
specialized hardware? Do replicas need to have additional database
or application server licenses installed? Obviously, the ideal
business continuity solution should strike a reasonable balance
between price and performance.
Better solutions will offer flexible replication scheduling, multiple
replication scenarios (one-to-one, one-to-many, many-to-one and many-to-many)
and advanced management and notification facilities. The ideal solution
should also provide you with automatic fail-over (for instantaneous
data and application availability), as well as safeguards against
both malicious and inadvertent data corruption, in the form of snapshot-based
undo, bookmarks or full-fledged data rewind capabilities.
A solution for all sizes
Business continuity provides enterprises with flexibility and resilience
in the face of any business interruption. With the growing variety
of solutions offered and their increasing ubiquity, business continuance
programs are no longer solely the domain of large global corporations.
They will ensure that any company, big or small, will be better equipped
to defend its critical information resources and business processes
against the next disaster.
Oh, and given recent experience with power outages, you might also
want to throw in a few extra uninterrupted power supplies for good
About the Author:
Gil Rapaport brings years of experience in marketing and business
development in the telecom and software industry. Mr. Rapaport is
actively involved in developing new marketing concepts and realizing
business development opportunities for XOsoft. (http://www.xosoft.com)
He previously served as Manager of Business Planning for Bezeq International,
a leading Israeli ISP and international telecom solution provider,
where he headed the company's ISP acquisition initiatives and international
cable infrastructure ventures.
Mr. Rapaport holds an MBA from the Hebrew University in Jerusalem,
Read this newsletter at: http://www.itmanagementnews.com/2004/0126.html