Inside Track: BC and DR

Pro

1 June 2013

 While zero-downtime is a possibility for systems "that simply cannot fail such as air traffic control", business continuity and disaster recovery (BCDR) experts believe that avoiding outages "99.999%" of the time can be within reach for particularly motivated companies. 

Renaissance director Michael Conway, said when it comes to an airport "I think we can agree we’d all like planes to land in an orderly fashion", but that otherwise businesses have to be "realistic" about what constitutes a worthwhile BCDR investment.

Zero down
"When you’re talking about zero downtime, it depends how much you want to spend and how desperate you are to achieve that goal. You’ll have people who scream, rant and roar that they can’t ever afford a laptop to be down for example. But in a lot of cases the reality is you’re not using it all the time, if it’s down for an hour or two you will get over it. You don’t particularly want it down for a day or two obviously but that’s another conversation."

Peter Trevaskis, enterprise marketing manager with Dell Ireland said that "zero downtime" systems have been "around for a long time" however "they were never called zero downtime but 99.999% up".

He continued, "That’s because there are so many variables, not just in the components that make up a complete infrastructure supporting a single system, but also there is the perception of what ‘up’ actually means and what constitutes it is open to question too."

145 hours
Trevaskis added that many companies will ultimately "prefer five nines (99.999) rather than 100% to cover themselves in the event of a perceived outage". The real time behind the percentages is interesting though, with Trevaskis noting that the "99% uptime" still constitutes 145 hours of outage per year.

While this figure may make some CEOs and CFOs baulk at the damaging possibilities faced by their business, they can console themselves with the fact that a more crowded BCDR marketplace means the cost to reach exceptional levels of coverage is lower than ever before. Trevaskis claimed "building a system that can deliver 99% uptime is easily within reach of many organisations" as formerly "prohibitive" levels of costs have decreased dramatically.

Rob Paddon, solutions director with Trilogy Technologies said there can, however, still be "a big cost" to reach the aforementioned "five nines" level, noting that once the final breakdown is given to decision makers there can still be an element of "shock". Instead of getting fixated on the "race to zero" though, Paddon recommended businesses reviewing their BCDR requirements to "think a lot harder about what they actually need".

RPO & RTO
He continued, "There are two very old school things which people talk about which are recovery point objectives (RPOs) and recovery time objectives (RTOs). What we would generally do is look at those requirements for each system or sub-system rather than just holistically looking across the entire business and saying ‘you need seven nines for everything’.

"For example," added Paddon, "think about web-based transaction processing. That’s critical, that needs to be up so that may well justify quite a high level of investment. Businesses should have some degree of more intelligent segmentation-tier one, tier two, tier three-and then measure availability against each. I think that’s probably more practical for a lot of people."

Technical services manager of Comsys, Geoff McGowan mentioned the likes of VMware SRM, Veeam Backup and Replication plus EMC RecoverPoint as technologies which can help companies achieve "a zero RPO" and a "low" RTO.

McGowan said that at this point "most companies choose a low RPO of one day and medium RTO of two to three days, which seems to be the sweet spot currently. We have found with the simple addition of snapshotting technology, the RPO for partial failure can be decreased even further with little additional cost."

Cyberattack
Certainly, the reality that businesses need to "think a lot harder", as Paddon put it, about unexpected outages seems to have dawned on most organisations. Paranoia can be a great motivator when it comes to investing in security-related products, with a survey from the UK-based Business Continuity Institute (BCI) this January revealing that 65% of organisations questioned were "extremely concerned or concerned" about a disruptive cyberattack occurring within their company before the end of 2013.

Questioning people from 62 countries and 730 organisations (across sectors such as financial services, public administration, retail and manufacturing), the leading concern when it came to possible breaking points was unplanned IT and telecom outages with a massive 70% of respondents expressing concern that they could fall foul of such incidents, while 66% were worried they could suffer a data breach.

At the time of the report’s release, Lyndon Bird who is a technical director at the BCI, commented that, "The high level of concern over a cyberattack may well be misplaced but it demands a considered independent analysis of the threat to avoid hype and disillusionment and ensure a proportionate response is in place."

Cloud hesitancy
Of these concerned companies surveyed, many who choose to reinvigorate their BCDR approach will reach for cloud-based solutions to ease their worries, however Comsys’ McGowan was wary about jumping to the conclusion that this will be a widespread reaction.

"Most companies," he said, "are still hesitant about putting their DR solutions into the cloud, preferring a mix of the conventional DR model and building DR solutions around private cloud infrastructures. Public cloud DR services are much more suited to smaller businesses that don’t have strong in-house IT skills."

Asked if cloud-based BCDR options are now the choice of most businesses Dell’s Trevaskis gave a very simple "no", but added that the question "opens up that can of worms as to what exactly is cloud".

"Many organisations," continued Trevaskis, "use co-location services to replicate production systems off site. Even more have, over time, switched the primary and back-up around and are now using the co-location site as the primary production system. The reason for this, for the most part, is that co-location has superior infrastructure giving a far higher protection for business continuity. They also offer a greater ability to support remote users having more robust internet connectivity." 

These types of services, argued Trevaskis, have been used "for quite some time and nobody described them as cloud but they could be easily fall into the hybrid definition of cloud". Over the coming months he said we can expect to see "more organisations evolving a cloud back-up strategy", meaning that they "typically continue to use local back-up solutions but will experiment with utilising cloud back-up as off-site options. You can then expect to see these solutions slowly evolve into being the primary back-up".

Regular testing
Lorcan Cunningham, MD with Savenet Solutions said that while cloud is not "the first choice just yet" for BCDR this is mainly due to not enough awareness at the customer end to the kind of robust cloud services available in this space. Offering advice to potential investors, he said that in the case of cloud-based DR, "there is no point in paying for any type of solution unless you test it regularly and the testing works".

Cunningham continued, "It should also be transparent where the data is residing and what service level agreements (SLAs) are being offered by the cloud provider. Who do you call when the disaster happens and how good is their support? Are you calling local providers or a call centre in another country? All of these things are critical when you need to access your DR environment in a hurry."

McGowan also noted that "A cloud offering should provide very tight SLAs, reduce admin and infrastructure costs and be able to guarantee the security of the data."

Integrated package
Trilogy’s Paddon said that one interesting development in the past year has been a change in focus for BCDR product vendors who are, he said, "recognising how they need to bring all the components together" within a solution.

Looking towards the year ahead, Paddon expected this trend to continue. "If you think around continuity and recovery, things like virtualisation, communication, security, storage all being pulled together into an integrated package where it’s proven they will work cohesively, that’s what’s needed."

"You have the vendors themselves taking responsibility," he said "to make sure all this works as opposed to throwing it all out there as a product and saying ‘go build it yourself’. That’s new and actually pretty important, and it’s taking a lot of headaches away for smaller companies in particular."

Renaissance’s Conway said that much of the changes in the BCDR market will be "incremental" as we move towards 2014, adding that the biggest alteration he’s seen flourish of late is the evolution of cloud offerings to "allow people to develop architectures which are relatively agnostic".

Converged stacks
Dell’s Trevaskis meanwhile said that the next 18 months will see an "increase of fully replicated, pre-integrated converged stacks". Explaining further, he said "I am not saying replicated in the sense of data but actually a complete replication of the infrastructure."

"At the moment when you examine a replicated environment you will see differences, it might be simply that some of the systems are on different firmware versions for some of the hardware components. Or in extreme cases the infrastructure is completely different with less processing power and less data capacity space and is not intended to fully replicate the production environment but instead keep critical systems alive to some degree."

Trevaskis added that new solutions to the market will mean it is now possible to have a "complete mirror in the remote site that does not just closely match the production systems but is an exact copy".

Savenet MD Cunningham claimed the next year will see many companies "seriously" reassess their cloud strategy as they begin to see how "back-up and DR is an easy first step to the cloud", and is something which can enhance their current IT setup "dramatically" while reducing their risk of data loss. Cunningham added that this is "especially true" in the case of cloud-based disaster recovery, "where users are accessing the DR environment through virtual PCs."

McGowan of Comsys feels that offerings from both Nimble (which has won praise from Gartner over the past year) and Microsoft’s integrated cloud storage arm, Storsimple, may well shake up the BCDR market over the next year.

COMPLIANCE
However, he also said to watch out for rapid development in purpose-built back-up appliances (PBBAs). Mentioning EMC’s Data Domain and Avamar solutions in particular, McGowan echoed words that have been oft-repeated in the past ten years when he told ComputerScope how such developments "should finally mean the demise of tape as the standard for back-up and remove tape from DR sites".

"Software defined everything should ease the current mobility issues in BC and DR for virtualised environments," added McGowan.

"One big thing," which Trilogy’s Paddon said organisations have to concern themselves with over the coming year is the "need to constantly think about how security requirements change". He said this is particularly of note when it comes to compliance. "If you have to be certified for things like ISO 27001 you need to think about your whole cloud environment," commented Paddon.

He continued, "Businesses are putting things in private, public and hybrid cloud and if you’re comfortable doing that for your production systems fine but if you’re not comfortable with your production systems being in the cloud really you have to think about why that is and does that give you some implications with BCDR?

"Because if DR kicks in then your cloud is now your production environment, how do your software licences work? How does your security get enabled? You can’t ignore these questions."

Read More:


Back to Top ↑

TechCentral.ie