June 2008

Business Continuity Plan

The vast majority of companies are essentially playing Russian roulette with their systems and data, and ultimately, the future survival of their businesses. As many as 80% of all US companies to not have an effective DR plan, and over 90% of companies fail within one year of a significant data loss. Recovery time objective (RTO) refers to how quickly the system is back up, while recovery point objective (RPO) refers to how recent the restored data is (and how much data is lost forever). Systems that provide better RPO and RTO cost more. As a rule of thumb, a company should spend about 3% of its IT budget on business continuity planning, or higher for locations at high risk of natural disasters or terrorist attacks. It is not unusual for an enterprise to spend 25% of its IT budget on disaster recovery.

Assessing Risk and Cost

1. Determine all possible risks that threaten system uptime: earthquakes, internal sabotages, electric outages, bad weather, fire, etc.
2. Determine the cost of lost data and downtime for critical business processes.
3. Compare the cost of a given system with the costs associated with losing a certain amount of data (for RPO) or uptime (for RTO). The cost of the potential loss should be higher than the cost of the system implemented to prevent it.

Planning

1. Redundant, near real time hot backup site between 64 and 200 miles away.
2. Backup site runs daily production operations at least once every month.
3. Physically secure your servers and backup systems
4. Establish a recovery team from among the IT staff and assign specific recovery duties to each member.
5. Outline priorities for the recovery.
6. Document the entire plan. Include instructions to outline system preparation, restoration steps, post-restoration testing/validation of the data center prior to resuming normal operation, contact information for administrators and vault service contacts and access passwords.
7. The creation of run books documenting all functional areas within IT, including applications, databases, networks and servers is essential to a well administered DR plan. The run book, combined with the larger DR plan, gives your organization a detailed process to follow to recreate your systems and protect your business from disaster.

Technology

1. Uninterruptable power supply (UPS) Device: allows your computer to keep running for at least a short time when the primary power source is lost. It also provides protection from power surges. Software is available that automatically backs up (saves) any data that is being worked on when the UPS becomes activated.
2. Virtualization allows multiple virtual servers, with heterogeneous operating systems, to run on the same physical hardware, while maintaining system isolation. Because each virtual server environment (including data, application, operating system, BIOS, and virtualized hardware) is saved as a single file, applications can be restored to any hardware with a virtualization platform easily and rapidly. Through virtual infrastructure, all aspects of business continuity can be improved, including faster, more flexible, and more reliable DR at a lower cost. Virtualization also offers the added benefit of allowing thorough DR testing without the cumbersome need for additional hardware.
3. Tiered storage archiving: Archiving allows a business to allocate different types of data and applications to different classes of storage based on performance, availability and recovery requirements. By understanding the relative value of data, companies are then able to maximize their storage investments by maintaining only critical information on costly, high-performance storage platforms while off-loading less essential data to less expensive, lower performance devices.
4. Tape backups are cost effective, but slow, prone to failure and need to be physically transported to a safe location at least 120 miles from the corporate data center, which can hinder the timely restoration of systems, and prove to be extremely costly.
5. Online backup has the advantage of storing data far enough away from the central datacenter, but readily available for use if it is needed. However, this solution is not economical for a high volume of data, especially if you want to back up multiple versions of files.
6. Remote mirroring allows you to restore the systems that data resides on if a disaster knocks out the primary site. Whether you set up an alternate network operations center at a branch office or pay a third party for a hot site, the servers at the alternate site are loaded with the same systems as those at the primary. Data from the primary site is replicated to the alternate site regularly, so if the primary site goes down, the secondary will be instantly ready—both in terms of data and in terms of applications—to start handling transactions.
7. Unified Messaging: A consolidated messaging environment can dramatically improve the rebuilding process after a disaster.

Testing and Updating

1. Test recovery procedures to uncover flaws or problems that might otherwise go unnoticed until it is too late. Record your test results.
2. Update your DR plan as new applications and systems are added, modified or removed.

Partner Spotlight

CallTower is the leading provider of hosted, IP communications and collaboration services and applications for businesses nationwide. CallTower provides companies with advanced communications and collaboration services that replace their phone system with a business tool that increases employee productivity and customer satisfaction.

Companies have found that disaster preparation around their voice/data systems have allowed them both peace of mind as well as business continuity when a disaster occurs. Instead of losing productivity and access to information, customer calls or voice/email, CallTower offers 24/7/365 built-in-disaster-proof access to their critical information. With CallTower, a company can take advantage of advanced features to operate seamlessly through an untimely event. For more information, contact your PC Professional Account Representative or visit www.calltower.com.