Guest Column | May 5, 2009

Business Continuity Tricks of the Trade


Written by: Bob Williamson, SteelEye Technology

Implementing a strong business continuity plan is a goal that mature businesses strive to achieve. While this seems like a viable way to minimize loss from catastrophe, many organizations wrongly assume that they are doing enough to protect their business systems, data, and processes against disaster.

Mid-market and enterprise customers confront common challenges ranging from technical to tactical, primarily when it comes to protecting their vital business assets and driving responsiveness to customers. Around-the-clock business continuity is particularly important in today’s globally connected world and system administrators must have a strong disaster recovery plan in place to take action if any unforeseen issue arises. But are they adequately protected against all potential sources of peril? In many cases, the answer is no. It is up to you as an IT provider to provide answers and, ultimately, a reliable solution.

Every organization is susceptible to some sort of IT disaster. Whether it’s a storm, a power outage, an old-fashioned equipment malfunction, or other unexpected event, every IT department is at risk for system failure. To mitigate this risk, IT professionals must have an ongoing and comprehensive business continuity plan in place because one never knows when disaster will strike. If an organization needs assistance in developing such a plan there are resources available from vendors and their resellers that can help develop and implement these comprehensive plans.

If you are a VAR working with a customer to develop such a plan, there are several steps you must take in order to develop a comprehensive solution.

Ask Questions
Asking the right questions is the first step in developing a viable business continuity plan. For instance, what are the critical applications and data that must be protected? How quickly will these applications and data need to be restored should a disaster occur? Will this happen automatically or can it be controlled manually? Can risk be mitigated by outsourcing or relying on a secondary site? Has total cost of ownership been taken into consideration? What type of solution will satisfy operational requirements of internal stakeholders?

Unfortunately, while most organizations know they need business continuity and disaster recovery plans, a majority do not have the ability to communicate what is required to implement one that meets business objectives. In most cases, executing a trial run of a recovery plan for a hypothetical disaster will reveal most, if not all, technical and operational processes that will need to be enhanced or improved.

For instance, many customers do not consider that electricity might be unavailable in a disaster, so they enact a plan that relies upon electricity. Others fail to consider the fact that IT personnel might evacuate the area, such as in a hurricane, or be unable to drive to work due to a blizzard. Or they fall short in realizing that having a secondary site within only a hundred miles is risky and prone to experiencing the same problems and issues. Locating a secondary site a thousand miles away may be a better option.

If an organization’s existing business continuity plan includes these or other vulnerabilities, a VAR partner should consider these tips about points to consider when delivering high availability and disaster recovery for business-critical applications.

Evaluate for real ROI
In these uncertain economic times, IT budgets and staffs are under pressure to do less with more. As a consequence, any existing or new investments in business continuity infrastructure and planning will undergo intense scrutiny. VARs need to consider the whole package when evaluating these solutions. Business continuity solutions may have hidden costs — monetary and otherwise — that can lead to an incomplete or inefficient plan unless a VAR considers every possibility. With business continuity critical to an organization’s health, these issues must be clearly understood and addressed well in advance to assure the proper response should a disaster occur.

For example, the planning and implementation process must include a real ROI calculation to justify any added investment and must account for all possibilities — an analysis that includes many factors specific to a particular business. For instance, a Florida-based e-commerce business might experience its highest traffic during nights and weekends because most consumers are not working at those times. Conversely, an email outsource provider tends to be busiest during the traditional 9-to-5, Monday-through-Friday workweek. In the event of an unplanned system failure or downtime, there must be a clear definition of what an organization can accept for downtime before the system is again fully available. A VAR must clearly establish those requirements.

Understanding virtualization risks and rewards
According to leading market analyst firms IDC and Gartner, virtualization is being used by 75% of all IT departments. While migrating to virtual server systems can lead to lower costs, increased flexibility and improved efficiency, the risks of virtualization can be misunderstood.

Even with all its benefits, virtualization is only as successful as its deployment configuration. As most IT professionals know, virtualization can increase the scope of failure where all of a company’s mission-critical applications and data are relying on the availability of one physical machine hosting multiple virtual machines (VM). This precarious situation can have devastating consequences for business operations in the event of an unforeseen disaster.

To take advantage of virtualization and provide adequate protection to an organization’s mission-critical data, consider employing real-time, server-level data replication and continuous data protection with rewind capabilities as tools necessary to secure digital assets and prepare for both planned and unplanned downtime. If most, or all applications and VMs need to be replicated, then replicating entire VM images (or the entire VM image store) from the host OS level leads to a much more efficient and secure data protection configuration. Only one replication job needs to be created and managed in order to replicate all the VMs on a given host. The result is a streamlined system configuration that protects what is most important to the organization.

Who’s in charge?
The limitation on staff time and resources needs to be top of mind as a VAR plans for a customer’s business continuity solution. If a disaster occurs when internal IT personnel are not present (assuming they exist at all), will the issue be handled automatically, or will someone need to track down the appropriate system administrator? If the latter is the case, IT professionals must have the necessary tools and processes in place to ensure that all employees in the organization can easily access the appropriate emergency contact to take action. If the answer is contact with the VAR planning the solution, that must be taken into consideration as well.

Continuing evolution in business continuity
While many companies have incomplete business continuity plans, there are numerous ways for companies to effectively incorporate business continuity planning within their current IT infrastructure. VARs can provide a valuable level of support to IT and C-level executives to help integrate critical business continuity components into evolving IT infrastructures that must adapt to constantly changing technology and human resources. In addition to ensuring all relevant options are available to customers, they can work with IT and other departments within the organization to clearly define and outline the necessary steps to take for an effective business continuity strategy. Such comprehensive, dynamic business continuity planning helps ensure continuous availability of mission-critical systems, applications and data when disaster strikes – so that all sleep at night.

Bob Williamson is the Executive Vice President of Product Management and Business Development for SteelEye Technology, Inc., a leading provider of business continuity and disaster recovery solutions for multi-vendor IT infrastructures.