The more an enterprise virtualizes its data center, the less need it might have for a traditional disaster recovery (DR) plan because it can swap out and easily move around resources in a virtualized environment. In this Q&A, DR expert Paul Kirvan looks at whether virtualization helps or hurts disaster recovery management, at the DR pros and cons of data center consolidation, and DR precautions that often are overlooked.
Is virtualization making disaster recovery management easier, or is it adding another layer of complexity?
The major virtualization vendors made DR a big part of their products and services play. In a perfect virtualized environment, you might not need a data center at all. You could lease one from someone else, and as long as you have browsers on your laptops, you can run your business.
In a perfect virtualized environment, you might not need a data center at all.
If you're moving into a virtualization environment, like with anything else, you need to make sure the software is rock-solid and you can back it up and protect it. You need to make sure the virtualization vendor has expertise and a commitment to disaster recovery and protecting your investment in virtualization. You have to make sure that all the vendors you use right now for all of your hardware are committed to making sure that your technology works in this [virtualized] environment.
If you work with a VAR [value-added reseller] or any third party, they need to be on board. If you work with the large Platform-as-a-Service or Infrastructure-as-a-Service providers, they have to have DR plans too. Now the CIO who runs a virtualized environment is not only thinking about the DR capabilities of his or her own shop, but also the DR capabilities of all the other organizations that virtualize what he or she has.
So, what should CIOs be asking vendors in terms of their disaster recovery management capabilities?
When you go out for bid, ask what the vendor is responsible for during the transition from the old to the new environment. What will they do if something crashes? Will they stand by their system and make sure none of your data gets destroyed? That should be in the RFP [request for proposals]. The CIO has to think strategically six to 12 months down the road, making sure the people are available [and] the processes and step-by-step procedures and the technology -- the old triangle of people, processes and technology -- are in place. You can't remove any of that triangle, which includes third-party vendors.
If a CIO doesn't want to rely on a third party or invest a lot in a DR backup site, what else can he or she do?
Organizations need to take a hard look at the various locations they have, to see if they can serve as a recovery site for critical systems and applications, even if it's just a branch sales office. The cost to outfit one of those sites is a heck of a lot less than going to a third-party cloud provider or hosting provider. Keep that in mind, because you will be paying hundreds of thousands of dollars a year for a service that you may never use. So, take a look at all the offices where the business operates and use them as a backup site to spread the risk more effectively. With the Internet and VPNs [virtual private networks] improving the connectivity, it's really not difficult at all to make a failover site possible.
Data center consolidation is something many CIOs strive for, but are you a fan of this approach?
It is better to have several mini data centers as opposed to one big data center, because it spreads out the risk. That one data center is one big single point of failure. CIOs know they need to have a primary and secondary, but what is not as obvious is where those locations really are if you use a cloud provider.
I have a client whose own primary and backup sites are 80 miles apart. They have all the bases covered, but you have to keep in mind that in that type of situation, both centers could be on the same power grid. You have to figure out what the downside is before you come up with a fix, and if you decide to consolidate [your data centers], make sure that primary site is impregnable.
What disaster recovery management precautions tend to be overlooked?
More on disaster recovery strategies
Most CIOs can go to bed at night knowing they have the right safeguards in place, but when was the last time you tested those procedures to make sure they are in the right sequence? When was the last time you tested other members of the IT staff to make sure they can step in when the primary people aren't available? I can tell you that most organizations don't do anything like that.
It takes a lot of time to review all of the [DR plan] scripts for all of the systems, and to verify that the network is recoverable by taking it down in a couple of places. IT has to make sure that the backup servers in a storage room are working properly so they can fire them up if they need them. That is all part of dealing with a disaster that is not considered.
Let us know what you think about the story; email Christina Torode, News Director.