Emergencies and disasters occur unexpectedly. They come in many flavors, from sporadic security breaches and outages to natural disasters such as Hurricane Katrina. If you stop and consider the value of your data, it becomes clear that you can’t ignore the impact a failure can make on your business. That’s why having a reliable disaster recovery and business continuity plan will prepare you to face unexpected obstacles head-on.
This article offers an overview of disaster recovery best practices and walks you through 5 general steps of establishing a successful business continuity plan to ensure your organization’s applications remain safe and easily accessible in the event of any disaster, natural or manmade.
Did You Know?
- According to Gartner, only 35% of SMBs have a comprehensive disaster recovery plan in place
- A recent Touche Ross study estimated the survival rate for companies without a disaster recovery plan is less than 10%
- According to IDC, about 70% of all successful network attacks were carried out by employees and insiders
- As indicated by Datacore, 1 in 3 organizations was hit by a virus or malware attack in the last five years
STEP 1: IDENTIFY MISSION-CRITICAL APPLICATIONS
The first step to developing a business continuity plan is identifying mission-critical, or tier 1 applications for production, sales, marketing and other lines of business that must be continually operating to support the needs of your organization. These applications may be found at the infrastructure and the line-of-business levels.
Once tier 1 applications are identified, document their resource consumption by evaluating CPU usage, RAM, network utilization and other critical resource elements. Measure inbound and outbound network traffic and record all the dependencies that each application needs to operate, for example, dynamic-link libraries (DLLs).
STEP 2: DEFINE RECOVERY POINT OBJECTIVES (RPO) AND RECOVERY TIME OBJECTIVES (RTO)
This step will help you understand what downtime is going to cost you and how much time you need to recover and make sure that your losses are at a complete minimum. Use metrics below.
- Recovery Point Objective (RPO) is a centerpiece of any business continuity planning. It is the maximum targeted period in which data might be lost from your service due to a major disaster. If RPO is measured in minutes (or even a few hours), then in practice, off-site mirrored backups must be continuously maintained – a daily off-site backup on tape will not suffice!
- Recovery Time Objective (RTO) is the targeted duration of time and a service level within which a business process must be restored after a disaster (or disruption). RTO answers the question: “How much time does it take to recover after notification of business process disruption?” While RPO designates the variable amount of data that will be lost, RTO estimates the amount of real time passed before the disruption begins to impede critical business operations.
STEP 3: DETERMINE STRATEGY FOR ONSITE AND OFFSITE SCENARIOS
Organizations supporting data centers with a high data change rate will often opt-in for an onsite backup strategy that provides quick recovery in the event of a disaster. In the case of a server failure, especially due to a natural disaster, onsite backup won’t mean anything and your files will be lost if they’re kept onsite. That’s why offsite solutions are often used by geographically dispersed organizations looking to secure their infrastructure in multiple locations.
A blended disaster recovery strategy utilizes the onsite backup for the high data workload business, while the offsite strategy ensures a business-level recovery. The blended approach creates a more flexible backup strategy than choosing one or the other. With a wide variety of backup solutions, not all of them are created equal. Your organization’s approach to disaster recovery and business continuity largely depends on the individual nature of your business.
STEP 4: IMPLEMENT WORKFLOWS
Planning a reliable disaster recovery/business continuity strategy is no longer an option. Recovery should be planned, predicted and controlled. Thoroughly organize your thoughts, ask the right questions and develop workflows for a plan that is closely aligned with your business and covers the following areas:
- Live Migration
STEP 5: TEST. ANALYZE. OPTIMIZE
Once you have developed your business continuity and disaster recovery plan, it is essential to test it. Testing and analyzing verifies the effectiveness of your plan, trains participants on what to do in a real-life scenario and identifies areas where the plan can be optimized and strengthened.
Conduct a plan review at least quarterly. Gather division leaders, department heads and everyone else involved to evaluate the elements of the plan that need improvement. Introduce the plan to newly hired managers and consider any new feedback; perform a simulation of a possible disaster scenario; include business leaders, vendors, partners, management and staff. Test data recovery, replication, asset management, leadership response and relocation protocols to establish a realistic response plan. Use simulation to identify competencies within your workforce that can aid when a real disaster situation occurs.
5nine offers a unified cloud management platform that takes care of your backup and recovery needs. 5nine Cloud Manager takes your tier 1 applications to other physical sites, replicates them to Azure, centrally manages and secures multiple environments and monitors all virtual machine performance from the convenience of a single-pane-of-glass console. By accelerating your cloud capabilities, 5nine empowers you to focus on what matters most – building your business by maximizing your investment in the Microsoft Cloud.