Strategies for delivering disaster recovery solutions for the modern datacentre

What if a virus infiltrated your systems? If the communications lines to your primary datacentre went down then what effect would this have? How would a corruption to your main corporate database impact your operation?

These are all things that can and do hit organisations and businesses around the world on a regular basis, and when they do the knock on effects can be enormous. When disaster strikes can you be sure that your organisation is ready to recover and to do so quickly?

Many companies are gambling with their survival and viability through failing to carry out the necessary steps to protect against disaster and to ensure quick recovery when it does strike.

Gartner Group states that datacentres are experiencing a 50-80% compound annual growth rate increase in data volumes. At the same time, economic pressures are driving the centralisation and consolidation of data, servers and storage back into the datacentre. In essence, the technology available and the economic landscape is driving companies to put more data, of ever increasing importance and criticality in one central location. And the amount of data is further increasing the size of the risk.

This 'all the eggs in one basket' approach may make savings by allowing companies to manage more for less but it also hugely increases a company's risk. If they lose a datacentre then they lose everything.

So how do you avoid the dangers of critical data loss, long recovery times and potentially massive financial losses that can be associated with a disaster - be it a local hardware problem or a complete site loss?

It is very important to make sure that you have a disaster tolerant infrastructure in place, in order to build a disaster recovery plan that allows you avoid many problems before they occur. Most importantly, you need a plan that will ensure the fastest possible recovery when faced with a disaster.

The Modern Datacentre
With flat or shrinking IT budgets and growing data volumes businesses are increasingly deploying storage networking and virtualisation technology to allow them to share and make more efficient use of existing hardware investment.

This centralised datacentre approach generally means that there are different applications for different departments running on different platforms. There are different types of storage from different vendors with different characteristics in terms of performance, resilience and recoverability. And not every one of these applications for these departments has the same requirement for storage. They don't all need highly performant storage or the most resilient storage.

As VERITAS have developed solutions to help organisations achieve a centralised datacentre approach, they have also worked with customers to develop a new methodology to take make best use of this environment.

The Quality of Storage Service model or QoSS looks at the data from the applications perspective. It recognises that a development server, for example, may not have the same storage requirement as your e-commerce server. It may not have the same backup requirement. It might not need five nines availability. It may not have the same business impact, if it were down for a few hours, as other departments and their applications. For example, it may not be necessary to replicate all that data from your development server to the other side of the world, while at the same time it may be vital to do so for your Oracle database or your e-business server.

So when planning your strategy for disaster recovery and disaster protection in the modern datacentre it makes absolute sense to invest prudently. In other words, look at every application or department and deliver the right level of resilience for each individual case. After all, you wouldn't buy a Ferrari to tow a caravan.

Planning for disaster
When planning your disaster recovery strategy it is possible to use the same four measures used in the QoSS model to help when assessing the disaster recovery requirements for a particular application.

Survivability of Data
What level of lost data can be tolerated?

Time to Recovery
How quickly does the application need to be back in service?

Time to Capacity
How quickly is storage capacity used up and at what point does new capacity need to be added?

Application Performance
What sort of storage is going to deliver the right speed of access and performance for the particular application?

Both Survivability of Data and Time to Recovery are the most obvious measures when putting together the disaster recovery plans for your applications but equally important are time to capacity and application performance.

The whole ethos of any disaster recovery plan is that it eliminates or minimises the impact on your operation in the event of a disaster of any magnitude. This means that where an application warrants the ability to failover from your primary to a secondary site the QoSS provisions made on your primary site need to be considered at your secondary site.

Whatever service levels are in place for bringing on new capacity for an application on a primary site will need looked at for the secondary site. If you have to add new capacity to an application where your primary data is being replicated, your secondary site will need new capacity.

If you are running your database on very high performance storage on your primary site, but your replicating to slower storage on a secondary site then, in the event of a disaster, when your secondary site takes over, your database will see degradation in performance. A performance impact like this can be visible to users or the outside world.

This may be perfectly acceptable but it is still another factor to consider when devising your plan.

So when putting together your disaster recovery plan it can help to have a basic structure around which to build your plan. The following steps represent a typical approach, however, every organisation or business is different and only you can decide what the right plan is.

1. Application Inventory
One of the first tasks when formulating a plan is to know what applications are running, on what systems and what resources need to be in place for those applications to run effectively.

2. Threat Analysis
There are many types of disaster and many causes. Some of these can be local threats, which can be addressed locally, and some can have a more widespread impact with global implications. Typical threats can include anything from hardware and software failure, viruses, telecommunication or power failures, right through to natural disasters.

3. Vulnerability Assessment
Having established the potential threats to your business and its systems, you are now in a position to look at how those threats can impact individual applications. Each application, and the entire infrastructure that supports it, will have its own areas of vulnerability. Some of these will be common across all applications and some will be unique to a specific application or department.

4. Risk Analysis
Now you know the potential threats to each application you can start to look at those threats in terms of how they would impact the application, and ultimately the business, if they were to be come a reality. An important part of this process is to look at all the knock-on effects of those threats and ultimately their financial impact.

5. Investment Requirement
Once in a position of having analysed the risks to your applications you are now in a position to make a business decision on what level of investment needs to be made to protect each of those applications. We looked earlier at the technology at your disposal and the outcome of your risk analysis can guide you as to how much of the complete solution should be applied to each application. The good news is that some of the spin off benefits of a consolidated, centralised infrastructure is that some of that technology may already be in place.

Having been through this process you're now in a position to bring in the other elements of your plan, such as drawing up detailed procedures to follow, in the event of a disaster and assigning responsibilities.

Summary
There are many threats to a modern consolidated datacentre and the consequences of those threats becoming a reality are greater than ever.

Traditionally when people have thought of disasters they have immediately thought of natural disasters, but today disasters can come in all shapes and sizes and, with the stakes getting higher, it is more important than ever to plan for them.

Putting in place a plan will allow you to deploy the right technology to avoid a lot of the smaller local threats and to ensure that you have the right protection for when things do go wrong.

Ultimately VERITAS can ensure that you deploy the right solution in the right place and ensure that your business can survive a disaster with minimal impact.