Disaster Recovery: It’s Not One Size Fits All

December 14, 2011 | Posted by Joe Disher, Manager, WW Applications and Solutions Engineering

You may be familiar with the story of a girl named Dorothy, who, when walking her dog near her farmhouse, suddenly finds herself whirling around in the center of a cyclone.  Next thing she knows she’s fighting off swarms of flying monkeys and melting witches. Just as with the classic Oz story, when disasters strike they typically happen suddenly and unpredictably and if you’re not adequately prepared, all you’ll want to do is go home and hope it was all a dream.

Disasters – the kind that make you wish you had ruby slippers – affect all types of businesses irrespective of size, industry or complexity of your datacenter and virtually all businesses are at some risk of data loss or downtime due to disaster. Think for a moment about how much your business depends on access to and availability of data. Preparing for how to effectively respond to these downtime events is crucial.

The development of a comprehensive disaster recovery (DR) strategy can be challenging because it requires businesses to try to predict future events using unknown variables and uncertain levels of risk.  And that’s not all: each IT manager must plan for the various disaster scenarios that apply to his or her unique business and its data.

And just as no two businesses are the same, no two disasters are the same. After all, a flooded datacenter is not the same as a malicious virus attack, even though both may result in downtime.  Downtime of business critical transactional data may be more catastrophic than downtime of a user’s image collection.

To develop a DR strategy IT admins must determine appropriate Recovery Time Objectives (RTOs) – how quickly the site should be back up and running – and Recovery Point Objectives (RPOs) – how often the data sets are updated.

Because downtime events vary and data sets vary in value – and since budget is typically a factor – IT managers should create unique DR policies with varying RPOs and RTOs depending on the value of each data set and disaster scenario.

Some questions that IT managers can think about to help them better develop effective DR policies and appropriate RPOs and RTOs include:

  • Is a DR strategy required? In terms of necessity to protect data, businesses will typically agree that a DR strategy is essential but for some businesses it may be more complex – many companies are required by law or regulation to have a DR strategy in place.  What’s more, regulatory compliance often mandates specific parameters or levels of data protection.
  • Where am I? Natural disasters affect areas in different ways and datacenter location should be kept in mind. As an example, datacenters in Florida should be prepared in the event of a catastrophic hurricane whereas datacenters in Kansas should be prepared for tornadoes. And to the casual observer, those two disasters may seem pretty similar but consider: how far in advance will I know (e.g., hurricanes may present the luxury of days compared to minutes for a tornado) and what does the aftermath usually look like?
  • What are my risks? Even if your datacenter is located in a place where natural disasters never happen (IT Utopia!) – your data may still be at risk.  Viruses, corruption, accidental deletion, among others, can all lead to downtime.  Planning for disasters of this kind may include offsite and offline data storage, such as tape, which is less vulnerable to data loss.
  • What is the value of the data? Put another way: what does it mean to your business if you lose a particular type of data?  Ideally, all data would have the ultimate DR plan, featuring completely offsite, real-time mirroring of data – which would make recovery seamless for end-users.  The prohibiting factor is cost: DR requires hardware, software, network pipeline and one or multiple physical sites.  Intuitively, the shorter the RPO and RTO, the higher the cost (i.e., real-time mirroring would have an RPO and RTO of nearly 0.)  If your business relies on transactional data to operate, it’s wise to thoroughly protect that data (i.e., a policy indicating shorter RPO and RTO), however it probably wouldn’t make sense for that same business to protect a user’s email archive in the same way because the data isn’t as valuable.

By establishing tiers of disaster recovery based on policies that account for type and value of data and different disaster scenarios, IT admins can allocate infrastructure and budget in a way that makes sense for their business – saving time and ensuring appropriate levels of protection.

What are your thoughts on disaster recovery and how is it working at your business?  Have you ever experienced a frustrating data disaster that had you saying, “There’s no place like home”?

Leave a Reply