How much downtime can your business afford? What applications does your business need to function? Your journey to digital transformation should include a disaster recovery (DR) plan, specifically a DR plan that serves your organization’s business continuity needs. Disasters are no longer only natural events; human error and cyber-attacks are now major factors. An organization’s disaster recovery needs will change over time. Taking certain actions can help improve your disaster preparedness.
Follow these 10 steps to build a better disaster recovery plan that truly serves your business – for recovery from any type of downtime event and to minimize unnecessary downtime every day.
1.) Build your disaster recovery plan on business continuity
Your business is different from every other business and to be effective your disaster recovery plan needs to be in lock-step with the needs of your business. The first step in building an effective disaster recovery plan is to acquire a deep understanding of how the continuity of the business depends on your IT environment. What applications does the business need to function? How current does the data need to be? How long can the business function without that application?
Disaster recovery requires prioritization to ensure the most important applications come up fast enough. To this end, you’ll need a matrix that ranks the urgency of each critical business function along with the application that supports that function. Your recovery services provider will use the information to design the best disaster recovery solution for your business.
2.) Understand your application and data dependencies
The next step is to understand the application and data dependencies of the priority applications. For example, SQL Server or Active Directory may need to be online before the application can run, so network services, databases and directories will need to be recovered first.
This step in disaster recovery planning includes deep discovery and the documentation of servers and virtual machines. A provider with professional or consulting services capabilities will have the tools to uncover dependencies and specific system details. This discovery may also reveal the complexity of your IT infrastructure such as SQL clustering services, or IBM mainframe or Power Systems (pSeries) that require specialized high availability DR.
3.) Application tiering prioritizes system recovery
Tiering applications is crucial for disaster recovery planning. Like the IT strategy of tiering application data storage – wherein IT administrators invest in faster, more expensive disk drives for some applications – disaster recovery involves making decisions and investments to ensure the most important applications are recovered fastest. A DR and business continuity approach in which an organization assesses and makes strategic decisions about which applications and data are most urgent to recover is called application tiering.
The matrix discussed earlier can be extended with recovery point objectives (RPO) and recovery time objectives (RTO) for each application, and the applications grouped accordingly. With this information, the matrix supports the tiering of applications for disaster recovery.
Recovery point objective (RPO) is the amount of time in minutes or hours for which it is tolerable to lose data should a disruptive event occur. RPO affects the frequency of data replication.
Recovery time objective (RTO) refers to the window of time between a disruptive event and a return to operational status. RTO largely determines the class of equipment and the means by which data is recovered.
4.) Understand data change rates and replication bandwidth
Keeping your recovery environment up to date requires bandwidth. To understand the amount of data involved, you and your DR provider will work together to quantify the rate of change. Changed data will need to replicate to the provider or DR site. Do you have a hundred servers each with 100 terabytes of data that changes frequently? That’s very different from a similarly high-volume infrastructure with less change. Change rate will bear upon your disaster recovery plan and replication resources.
5.) Set requirements for recovery environments, including SLAs
Identify what is an acceptable recovery environment for your business, and whether you’ll need multiple environments for applications with differing service level agreements (SLAs). Will a multitenant environment meet the needs of your business, or do you need a hosted private cloud?
Another factor playing into this decision is how long you expect to be running your disaster recovery environment. One level of performance and functionality might be fine for a couple of days but may not be acceptable if your business needs to run in the DR environment for a longer time span.
6.) Choose your replication method based on RPOs and RTOs
Many organizations use a combination of data movers to address application tiers with different recovery requirements. A complex IT organization will use more than one technology to copy data from one location to another, that is, multiple data movers. For example, if a business application needs a 15-minute RPO with near-zero RTO, synchronous replication will be necessary. Otherwise, most organizations with short RPO and RTO goals choose asynchronous replication.
Synchronous replication is the process of copying data over a network so there are multiple up-to-date copies of the data. Data is written to multiple sites at the same time, so the data remains current between sites. Latency requires the sites to be located close together.
Asynchronous replication writes data to the primary storage array first and then copies the data to replication targets. This type of replication is designed to work over long distances and requires less bandwidth.
Backup services are used to archive and recover non-critical data. These include cloud or online backup, remote file backup, and local tape/disk backup.
7.) Identify internal resources and application experts
Regardless of the DR vendor you choose, your organization will need to provide people to help. A DRaaS provider delivers the data mover technology and DR application expertise to set up your DRaaS infrastructure and get your data copied from one location to another – and to orchestrate recovery. Your business will need to contribute people who are familiar with your IT environment and applications, including troubleshooting. They’ll be needed throughout the implementation, which could take a few weeks – or a few months in a complex environment.
8.) Change happens, so test your DR plan regularly
Beyond the initial implementation, set aside time quarterly or at least yearly to test your disaster recovery plan to ensure it is ready. These tests often reveal changes made to an IT environment that impact disaster recovery: a server was retired, firewall and network settings that have been changed, or a new environment was put into production. Testing finds these types of gaps and allows for a smooth recovery when you need it.
9.) Drive short-term ROI from your DRaaS environment
Many of our clients find they can drive further ROI and value from their DRaaS environments. For example, businesses can speed the rate of security patching and mitigate cyber threats and stop ransomware with DRaaS. No longer do you need to apply a patch and hope it doesn’t crash your production environment. DRaaS lets you set up a test bubble where you can safely apply and test security patches before deploying them in production.
Watch the webinar, “From Hurricanes to Hackers: The Expanding Horizons for Disaster Recovery”, to learn more about the impact of DRaaS on cybersecurity.
10.) Derive long-term ROI from your disaster recovery environment
Does your IT transformation journey involve migrating to the cloud or from one cloud to another? Forrester Research’s survey, Cloud Migration Services (May 2017), revealed that more than two-thirds of organizations involved in modernizing their business application portfolio were migrating their existing applications to the cloud.
DRaaS uses the same tools in many cases as cloud migration, so the availability of these tools can increase your business and IT agility. Consider the business’s long-term goals for the cloud in your disaster recovery plan.
Putting requirements into action with the best DRaaS provider
Since the success of your DR plan depends upon choosing a vendor that meets all of your requirements, this is an important step. Businesses in many industries will want their DRaaS provider to have expertise in regulatory compliance, security services and hybrid cloud deployments, for example. In addition, experience with the platforms and applications you use is essential. (Tip: Certifications can tell you a great deal about which platforms the vendor is qualified to support.)
Focusing your disaster recovery plan on the needs of the business means that RPO, RTO, SLAs and rollover data center locations play huge roles in your choice. In addition, ensure the DRaaS provider offers solutions that allow them to test their systems with minimal to no disruption to your business operations.
As a DRaaS provider, TierPoint helps organizations like yours plan for and limit the impact of interruptions to data, application and infrastructure – in natural disasters, cyber disasters, cloud migration, and routine maintenance and security management. We’ll meet you where you are in your digital transformation journey, including any combination of public cloud providers, a fully-managed TierPoint private cloud, colocation and on-premises solutions.
We collaborate and customize DRaaS solutions to meet your requirements. With a customer-first mindset, TierPoint is a responsive partner that will be involved in the entire planning, implementation and maintenance of your disaster recovery solution. TierPoint scored the highest for satisfaction among evaluated providers in Gartner’s 2018 Magic Quadrant for DRaaS. You’ll get 24x7 support from our available and responsive DR experts.
Take the next step
Build a better disaster recovery plan that truly serves your organization’s business continuity goals and beyond – in any type of downtime event, not just a natural disaster such as a hurricane. Review and strengthen your organization’s disaster readiness plan today with a disaster recovery strategy session.