Organizations I have worked with typically find themselves lacking a disaster recovery (DR) plan for an assortment of reasons. They have never had an outage; Disasters are too numerous to plan for; It is too expensive; They have one - it is called backups; Etc.
Technology has evolved to a point where every company, big and small, now has access to affordable and effective disaster recovery solutions. It doesn't take much to protect your organization from extinction due to a disaster. The following are a few things to think about when devising your organization's recovery plan.
#1 Disasters can and will happen and they don't announce themselves.
- Your organization is not impervious to disasters.
- You don't need to plan for disasters, you need to plan for the results of the disaster. Power outages; Datacenters destroyed; Loss of connectivity.
#2 Disaster recovery plans are a subset of a quality business continuity plan.
- The C-Suite needs to understand and be part of the solution.
- They need to buy into the plan, support the plan and fund the plan.
- They along with other business personnel need to determine recovery time objectives (RTO) and recovery point objectives (RPO) for each application.
- Depending on your RTO & RPO, you will be able to recommend the disaster recovery method to use for each application.
- Some different methods are Active-Active, Active-Standby and Active-Recovery.
- Large organizations will reduce costs by implementing tiered disaster recovery planning and methods.
#3 Having a documented plan that you can follow is half the battle.
- You do NOT want to be attempting to figure out what system to bring on line first during the chaos the occurs before, during and after a disaster.
- The plan should be socialized with anyone that has a role in recovery.
- Create step-by-step runbooks designed for someone who doesn't know the system to follow as the person responsible may not be available.
- Your plan/runbooks should document who, what, how, when and where.
- The runbook should define what systems should be brought up first, second, third, etc. as well as provide architectural diagrams.
- DO NOT SAVE security credentials in the plan or runbook.
#4 You must implement the technology required by the plan.
- Having a backup of your data is terrific, but if you have no way to restore the data and further, nowhere to restore the data to, how do you recover?
- You need target hardware, appropriate licensing and logistical coordination.
#5 Test your plan regularly.
- The solution you choose should be a solution that you can exercise on a regular basis.
- There are many ways to slice and dice a solution. It is very possible to create a plan that is testable.
#6 Choose an appropriate recovery site.
- Selection of the site at which you plan to recover systems is critical.
- Distance between your primary site and secondary site can vary, however, to avoid a single disaster affecting both sites, a distance of 105 miles between them is recommended.
- There are a number of variables you should consider when selecting a secondary site such as accessibility and latency.
If you don't have a DR background, I suggest working with a professional that is experienced. Disaster recovery isn't rocket science, but you could quickly spend a lot of money and still not have a disaster recovery plan in place. It is worth every cent to do it right the first time as even a small outage can have major impacts on your business. Our Disaster Recovery Assessment is a great way to start the process of protecting your business from all kinds of events. Now is the time to start.
Jerry Nelson is CTO at Beyond Impact. He is instrumental in understanding client pains, finding sustainable solutions, and navigating an ever changing technology landscape. He is a strong partner for business and technology. Usually he's found riding a motorcycle.
Download our Disaster Recovery Planning eBook here:
More Disaster Recovery Blogs: