Manage Learn to apply best practices and optimize your operations.

Disaster recovery plans: Points to consider

A comprehensive disaster recovery plan is critical to surviving a crisis, especially in an SMB environment. But evaluating your disaster recovery needs is no small task. This tip explains what to consider when designing your disaster recovery strategy.

Disaster recovery (DR) plans and strategies run the gamut from relatively simple and straightforward to complex and all encompassing, depending on need and applicable threats. While applicable threats are generally the same for small and medium-sized businesses (SMBs) and large enterprises, the relative scale of the environment and resulting impact and disruption to your business are what set SMBs apart.

Here are some things to consider when creating a DR plan:

  • What could happen and what is most likely to happen, and how will it affect your business?
    Example: If email is an essential enabler for your business, then it needs to have a DR focus. Could you revert to manual processes for some period of time, and if so, for how long and at what expense to your business? Identify what needs to be protected along with what is required in order to restart, restore and recover your business applications and data.

  • Consider scenarios where your facilities, servers, storage or applications are still intact, however you have no access to them.
    Example: A localized event, such as a power failure or an accident on an adjacent roadway, prevents access or use of applications and data.

  • Likewise, your plan should consider damaged or failed individual servers, PCs and laptops as well as loss or destruction of storage systems and other IT resources.
    Example: In the wake of Hurricane Katrina, some secondary or remote storage systems used for remote mirroring, replication or electronic vaulting were also damaged in addition to primary systems.

    More on disaster recovery
    SMB business continuity planning basics

    DR planning: Business impact analysis for IT
    You should also know what your budget is, how much data needs to be backed up, how much data changes and what your recovery time objectives (RTO) and recovery point objectives (RPO) requirements are.

    Storage options include local and remote backup, using remote network-based backup. Other technology options include using magnetic tape, hard disk drives, removable hard disk drives (RHDD) and optical disks. Disk-based backup, also known as disk-to-disk (D2D) is becoming a poplar choice for local and remote backup, replacing or supplementing tape-based backup. A hybrid example is disk-to-disk-to-tape that could be D2D local or remote combined with local or off-site tape backup.

    Simply relying on data recovery services alone is not a fail-safe strategy for data protection. Instead, SMBs should combine recovery service capabilities with other techniques, including regular data backups with copies sent off site, either via network-based remote backups or removable media, or some combination of both. If you have multiple branch locations, you should set up your servers to replicate or copy critical files and applications between sites on a regular basis.

    To protect against damage or loss of data, servers or a facility, data needs to be sent off site either via portable media such as tape, RHDD, networks or some combination of technologies. For smaller environments where there is limited network bandwidth, RHDD-type technologies, such as those from Quantum Corp., Iomega Corp. or Imation Corp., could be used for daily backup and then sent to an off-site facility or home with someone. Key to using any removable media is to make sure it is encrypted.

    Often the focus of DR involves hot or cold standby locations with real-time synchronous or time-delayed asynchronous data mirroring and replication or remote backup to an off-site facility. For some SMB environments, disaster recovery plans should include a pre-established relationship with a data recovery service. Data recovery services are useful for recovering accidentally deleted files or damaged media and disks, thus avoiding costly and timely reconstruction of entire systems or disks. But a recovery service should always be used in parallel with, not separate from, other recovery efforts as a further insurance policy.

    Local and remote data replication can be implemented using server-, appliance- or network-based systems. The key points to keep in mind regarding data replication over any distance are how much data needs to be replicated, how much data changes on a daily basis, what are the RTO and RPO requirements, and how much network bandwidth is available. Not all network bandwidth services and speeds are available in all areas, and the price for network bandwidth services will vary.

    For applications that have an RPO and RTO of zero or near zero, real-time or synchronous data communication is needed. The enemy of synchronous data transmission is, of course, latency, which increases with network congestion and distance. The tradeoff for spanning larger distances or meeting budget constraints is asynchronous or time-delayed data communications, but this is not ideal.

    Distance is both friend and foe to data storage, with respect to disaster recovery. On the plus side, distance enables survivability and continued access to data. The downside is the cost penalty in terms of expense, performance and complexity, which increases with distance. When looking at backup networks to span large distances, remember that bandwidth is important but latency, or a lack thereof, is critical for timely data movement to insure consistency and coherence.

    SMBs should leverage multiple techniques and technologies for a "belt and suspenders" approach to disaster recovery. For example, combining remote replication along with some form of backup technique is a good strategy. This could include leveraging disk-based backup to tiered storage combined with point-in-time copy and snapshots, integrated with applications and database systems.

    As a best practice, design and configure your disaster recovery plan to contain and isolate faults and prevent them from spreading throughout your network. To do this, eliminate single points of failure and combine various data protection techniques to achieve resiliency.

    Understanding what the applicable threats are to your system and categorizing your application, data and storage needs to determine the appropriate level of protection to counter those threats are two keys to disaster recovery planning. If you align the proper RTO and RPO to the specific business function or application and understand your data availability, accessibility and retention requirements, as well as their interdependencies upon other applications and technologies, you're well on your way to preparing your SMB for any eventuality.

    Greg Schulz is founder and senior analyst of The StorageIO Group in Stillwater, Minn., (, and author of the book Resilient Storage Networks (Elsevier).

  • Dig Deeper on Small-business infrastructure and operations

    Start the conversation

    Send me notifications when other members comment.

    Please create a username to comment.