Mark Reeve from Quattro Consulting discusses IT Disaster Recovery and Contingency Planning for all businesses
With the massive increase in email use and companies’ reliance on electronic documents, forms and processes, even the smallest companies are now concerned about their vulnerability to a period without their IT Servers and infrastructure.
Most small to medium businesses now rely on processes that can no longer be replicated or performed manually. Whether it be a simple suite of spreadsheets for accounting or sales monitoring, or larger purpose built applications, the ability of the organisation to continue trading with the correct level of accuracy, service and audit would be severely compromised by an extended period without the PCs and Servers they currently rely on.
According to a recent Gartner survey, one in three U.S. businesses would lose critical data or operational capabilities if struck by a disaster. Only one in five companies has hot sites where people can connect with their most important applications, according to a recent Harris Poll of 52 Fortune 1000 company executives.
As with the public at large, businesses are now seemingly at threat from major power cuts, chemical, biological and other terrorist activities. Whilst the threat to an individual is small, the reaction of the authorities is of much more concern to the business community.
Location
A case in point is a leading charity in London. They have had a Disaster Recovery contract in place for a number of years, with successful yearly tests being performed. The charity’s Disaster Recovery site was located within the same city as its head office. It was realised that in the event of a threatened biological or chemical attack, or a natural epidemic such as SARS, the local authorities new evacuation plans would clear the area, and would mean that neither the charities or the DR company’s staff would be allowed near enough to invoke the plan, never mind keep the servers operating for the other offices around the country.
Availability of Systems
If the area affected did not include the DR Site itself, another problem that was highlighted was the possibility of multiple invocations from multiple customers. In this scenario the small to medium businesses, which cannot justify the cost of the ‘Gold’ services offered by the DR companies, would simply be ‘placed on hold’ until the larger corporate companies have been taken care of and extra servers being found and implemented.
Risk Assessment
The original risk assessment for the small companies was based on the chances of X amount of companies having a fire/flood at the same time as themselves, offset against the cost saving of having the lower level of contract. With the chances of entire areas being attacked or evacuated beginning to be as likely as the theoretical fire these calculations have to be reconsidered, with the resulting rise in cover required.
A recent survey in the US showed that the threat of fire has been significantly reduced in many computing installations. Prior to 1980, damage associated with fire, including fire-fighting operations, was estimated as causing 62% of total installation losses. During the intervening years to the present day, fire detection and suppression systems have reduced this threat to 9% of the losses, where as power surges and brownouts (a dip in the power level supplied to the computer equipment) account for 19% of all disasters.
DIY
In the past the ability of SMB companies to successfully implement there own internal DR or High availability process was greatly hampered by the cost of fast reliable communications, the price of hardware and skill levels of non IT employees.
Cost of communications
The last few years has seen the widespread introduction of Broadband and ADSL communications enabling the fast, reliable, cheap and (if implemented correctly) secure transfer of data between sites. In 1992 a 512MB line to a remote office would have cost £900 a month, the equivalent ADSL connection could now be as little as £29 a month.
If you’re already using private lines to link offices, it’s possible to now use a Virtual Private Network – not necessarily to replace those lines, but at least to back them up. If the private lines go down, you can safely and securely send your site-to-site data over the Internet.
If you have ‘standard’ routers (such as CISCO etc.) at the edge of your network, then you already have all the hardware you need for a disaster-recovery VPN. All you need to do is get the operating system upgraded and spend some time configuring – and testing – the back-up plan. If you’ve got a remote-access system at corporate headquarters, then you also have a big piece of the picture. Reviews by various network publications show that you can link almost everything. There are many suppliers of low-cost VPN back-up devices that perform these tasks, or even consider using your Windows 2000 servers as site-to-site VPN gateways. Some connectivity, no matter how ‘simple’, is better than none.
Cost of Servers
The cost of servers, especially those capable of simply holding your data and performing your critical functions, can be obtained for much less than the equivalent cost of the corresponding DR services. This is especially if a common sense approach is taken with the realisation that in those circumstances the fastest and most up to date machines would not actually be required.
Many sites are now taking the pragmatic approach when they upgrade their servers, the old servers are being earmarked as Disaster machines and are being located and connected accordingly.
Key Personnel
With the increase in the use of PCs at home the general, IT literacy of your staff will have much improved over the last few years. The opportunity of being able to site a server at one of your remote sites is perhaps an easier solution than once appeared. Further advantage could be taking by enabling access from the Internet to your disaster machine so that staff could work from home if the circumstances dictated the availability of PCs and space at your chosen DR location is limited.
One key point that was learnt by businesses after September 11th was that whilst the hardware was easily replaced the IT/Business knowledge of the staff was much harder to recover. Having your backup servers within your own organisation, on remote sites would greatly strengthen your ability to survive, should there be a situation. As far as transfer of knowledge is concerned, yet again it would be beneficial to ensure that throughout your organisation, those with the knowledge share that knowledge.
Conclusion
Whether you are a large company with a seemingly proven DR strategy, or a small to medium business with the requirement to guard against interruptions to your IT systems, the opportunity should be taken to review your plans. The latest advances in communications and hardware could be utilised to provide yourself with a more cost effective and useful solution to your DR needs.
About Quattro Consulting
Quattro Consulting was formed in 1997 to provide Technical Consultancy and Services to the IBM iSeries-AS/400 marketplace. The directors of Quattro realised that most iSeries-AS/400 related service providers were not specialists on the technical aspects of iSeries-AS/400, with their expertise in software development, marketing and support. Quattro Consulting offer a specialised service, assisting users to enable their iSeries-AS/400 to operate to its full capacity and capability, irrespective of the application that is being run.
Quattro’s three founding directors have been involved with the iSeries-AS/400 since its release in 1988 and subsequently have amassed over 50 years collective AS/400 experience between them.
If you would like the opportunity to discuss the relevance of the points in this article to your business please feel free to contact Mark Reeves at mailto:mark.reeves@quattroconsulting.co.uk
