Why A Business Continuance Program Should Be In Your Future

By Gil Rapaport

Last summer's blackouts in the U.S. and Canada have reminded many people of the fear and confusion that marked the events of September 11. For others, however, they posed the perfect opportunity to verify just how well they had prepared for rough times.

Businesses have also been reminded of the vulnerability of their critical information and communications systems, underscoring the need for airtight business continuity planning (BCP) and disaster recovery services (DRS). According to John Gantz, chief research officer at IDC, IT security/business continuity is priority number one for IT professionals. This trend will translate into $155 billion in worldwide spending on DRS and BCP products and services in 2006.
After 9/11, enterprises realized they had to significantly beef up their business continuity investments and put comprehensive business continuance management programs in place, if they were to adapt and survive in the face of any incident or situation that might present itself.

Meanwhile, the recent blackouts have shown that business continuity is not an insurance plan against which claims are never made. Instead, companies that have pursued business continuity in earnest have become more nimble at dealing with and recovering from the unexpected outages. It would therefore be wise to regard business continuance programs as a crucial investment that can mean the difference between prosperity and total breakdown.

Identify the risks

So what does it take to establish an effective business continuance strategy? First, you must recognize the possible risks to your business processes. Start with such low-hanging fruit as:
  • Hardware, software and human error-related failures.

  • Data corruption.

  • Network outages, power failures and site disasters.
Traditionally, these risks would be dealt with by backing up data on tape or disk arrays, then accepting the necessary evil of waiting for as long as it took to restore damaged resources from backups. With today's real-time organizations committed to 24/7 availability, this is obviously unacceptable.

Set your objectives

Get NetworkingFiles Newsletter Free
">Click Here

To implement a business continuance plan that will enable you to maintain the desired level of availability, you must define your RTOs (recovery time objectives), or the acceptable amount of time it would take for your organization to resume operations following a disaster. For some, a day would be good enough. Many real-time enterprises, however, would find damages from a site outage as short as four to 24 hours absolutely unbearable.

Additionally, you must set your RPOs (recovery point objectives), or the accuracy with which specific data states can be recovered from backups, journals or transaction logs. Is an application checkpoint good enough? Or do you require a higher degree of granularity than when choosing your restore point?

Finally, you should also realize that as essential as IT services are to your organization's business continuity, they are but a single factor in the scheme of things. To effectively recover from disasters and resume business operations, you will need to create a plan that focuses on all critical resources, including IT, employees, facilities and equipment.

Choose the right solutions

A business continuance program may entail a completely reworked architectural blueprint, as well as integration of supporting technologies such as mirroring, replication and clustering. Nevertheless, any of the following solution levels may be targeted:
  • Backup and restore to provide minimal protection against site outages, with recovery lasting several days and requiring either hardware replacement or tape restore operations.
  • Business recovery to provide a shared infrastructure, with strong recovery processes for RTOs ranging from eight to 72 hours.
  • Disaster tolerance to provide a disaster-tolerant infrastructure that employs data replication to ensure either limited data loss or no data loss at all, with RTOs ranging from nearly zero to eight hours.
So which solution should you choose? You might be surprised to find that even medium-size companies on a budget will be able to afford effective disaster tolerance. Therefore, it's probably a good idea to start by discarding traditional backup systems (or at least strengthening them) and deploying real-time, replication-based data availability and disaster recovery solutions.

Before making your choice, be sure to evaluate competing solutions on the basis of the following key factors:
  • Reliability. All high-end file system-based replication solutions may be effective in backing up server files. However, lab tests are likely to show that many of them will also replicate corrupted data, offering no way to back out of corrupted replicas. The ideal solution would allow you to either schedule deferred replication (preventing replication of corrupted servers) or easily wind data back to a previous state of complete data integrity.
  • Performance. How quickly can your organization get back up and running? Does reviving a damaged server or bringing a standby replica on-line require time and manual intervention, or can users simply and instantaneously be switched to a standby replica halfway around the globe? Also, does everyday replication affect the performance of your information infrastructure, or is it completely transparent? Choosing the wrong solution here may mean that users will suffer the impact of the added replication activity on the servers they rely on for their daily work.
  • Cost. Many considerations fall into play here. Is the solution generic, or is it tailored to the specific application servers (Exchange, SQL, Oracle) being secured? Does deployment require specialized hardware? Do replicas need to have additional database or application server licenses installed? Obviously, the ideal business continuity solution should strike a reasonable balance between price and performance.
Replication systems will allow you to maintain duplicates of your business-critical servers not only locally but also globally, over the WAN. Continuous, real-time replication will keep replicas up-to-date at all times, so that when disaster strikes, your data and applications will remain available and fully operational.

Better solutions will offer flexible replication scheduling, multiple replication scenarios (one-to-one, one-to-many, many-to-one and many-to-many) and advanced management and notification facilities. The ideal solution should also provide you with automatic fail-over (for instantaneous data and application availability), as well as safeguards against both malicious and inadvertent data corruption, in the form of snapshot-based undo, bookmarks or full-fledged data rewind capabilities.

A solution for all sizes

Business continuity provides enterprises with flexibility and resilience in the face of any business interruption. With the growing variety of solutions offered and their increasing ubiquity, business continuance programs are no longer solely the domain of large global corporations. They will ensure that any company, big or small, will be better equipped to defend its critical information resources and business processes against the next disaster.

Oh, and given recent experience with power outages, you might also want to throw in a few extra uninterrupted power supplies for good measure.

About the Author:
Gil Rapaport brings years of experience in marketing and business development in the telecom and software industry. Mr. Rapaport is actively involved in developing new marketing concepts and realizing business development opportunities for XOsoft. (http://www.xosoft.com)

He previously served as Manager of Business Planning for Bezeq International, a leading Israeli ISP and international telecom solution provider, where he headed the company's ISP acquisition initiatives and international cable infrastructure ventures.

Mr. Rapaport holds an MBA from the Hebrew University in Jerusalem, Israel.

Read this newsletter at: http://www.itmanagementnews.com/2004/0126.html
Free Newsletters
Part of the iEntry Network
over 4 million subscribers

Send me relevant info on products and services.

-- ITManagementNews is an iEntry, Inc. publication --
iEntry, Inc. 880 Corporate Drive, Lexington, KY 40503
2004 iEntry, Inc. All Rights Reserved Privacy Policy Legal

archives | advertising info | news headlines | free newsletters | comments/feedback | submit article

ITManagementNews Home PageAbout iEntryArticle ArchiveNewsWebProWorld ForumsJaydeiEntryContactAdvertiseDownloadsiEntry