A strategic checklist for business continuity

These critical matters require analysing and deploying people, facilities, business processes-and, yes, technology-with an eye to removing single points of failure, or any combination of factors that can result in creating a single point of failure.

We sat down with Greg Valdez, VERITAS Software's Chief Information Officer, who addressed the broad issue of business continuity, and shared with us his checklist of issues that must be analysed and integrated into a disaster recovery initiative.

Here is what he had to say:
"Generally, a disaster is something that stops business transactions from occurring. People usually start with high availability technologies, such as clustering, in order to remove single points of failure.

Disaster recovery is usually reserved for the catastrophic loss of the whole data centre. Business continuity gets into the issue of preparedness-how an enterprise can ensure it's ready to deal with catastrophic events."

Think Strategically and Plan Comprehensively
"When I think about building an environment, or rebuilding it in a disaster recovery situation, I focus on thinking out carefully several issues."
These issues include the following.

It all starts with your most important asset - people. Executives have to ask the question, "If you have a disaster, do you have enough human and knowledge capital dispersed to get the business back up and running?" At the heart of this important question is whether the enterprise has distributed institutional knowledge throughout its geographical locations so that personnel are available to bring business operations back online.

It is essential to bring operations back quickly and establish normalcy. This demands plans and processes that can be executed by well-trained and well-rehearsed crisis response teams. Executive management must define which applications and business operations will receive first priority in a recovery.

Planning must include contingency plans to meet physical facility requirements for running operations in the event that large elements of the physical infrastructure are incapacitated.

Disaster recovery strategies must involve contingencies for hardware and software components so they can be put in place rapidly to respond to different events. Most companies either buy the equipment and have it ready, or reserve it.

Some businesses will put non-critical applications on the second set of gear that they will replace with more critical applications in a disaster. Others, especially in mainframe environments, will run them at less than 80% capacity, then in a disaster, load them up with the failed components they need.

The same applies to network connectivity and services. Businesses need to design networks that can automatically re-route failed nodes. And plans must provide for acquiring new network connections where needed, so that services such as DNS and IP can be available. In most cases, businesses have plugged local connections into larger, fault-tolerant, self-healing networks.

Quickly reinstating data services in the recovered scenario requires backups and hardware environments similarly designed for the recovery
It is vital to re-establish systems management capabilities quickly, such as job execution, monitoring, and the basic security features, including rebuilding the data centre command centre.

"Unlike a restaurant menu, picking and choosing which of these issues to act on is not a practical option. Failure to have a plan for any of these elements can leave an enterprise wallowing in operational limbo in the wake of a disaster," says Valdez.