It’s fire season in the west, hurricane season in the south, tornado season in the Midwest, and heaven knows when another blizzard is going to ravage the east. You need to protect your data.
1. Prepare to get critical applications back up now. If you have a data disaster you need to keep right on going. That means not only restoring data, but restoring data to the live application. To get your virtual servers back up and running you need snapshots of VM images. You need bare metal recovery for physical servers. And for application failover you need cloud failover for a secondary virtual data center. This is not the least expensive cloud service in the world, but is far less expensive to retain than a physical remote hot site. You will replicate your data to the cloud and will also have access to standby VMs that will immediately take over the processing of a failed virtual application. Once your primary data center is restored, you fail back again to the data center. Virtual failover need not be a DIY unless you want it to be: it’s a common offering with cloud backup services and/or DR as a Service (DRaaS).
2. Replication and snapshots. Backup and recovery (BUR) is still the first line of defense in disaster recovery, but may not restore quickly enough for critical applications. For that, add snapshots and replication to your DP environment. Snapshot technologies are often resource-intensive, so apply them to the data with the tightest RPO and RTO settings. Replication – which usually replicates snapshots for near-continuous protection – can replicate locally, or – with sufficient WAN bandwidth — to remote sites or to the cloud. Note that replicating to the cloud avoids the cost and maintenance time of remote hot sites. But do test speed of recovery before depending on the cloud in an actual data disaster.
3. WAN acceleration. If you are going to backup or replicate remotely – and we certainly suggest that you do – invest in fat pipes and/or WAN acceleration technologies. Most products offering cloud data transfers will engineer acceleration technologies for you, but do your due diligence and test. Backing up or replicating over narrow pipes is painful enough. You do not want to restore that way.
4. DRaaS (Disaster Recovery as a Service). You can skip a lot of internal purchases, configuration and tracking by using DRaaS. Providers are not created equal – you need to due diligence to find out who your provider is using as a backup partner (Symantec? Unitrends? Zerto?) and that your provider gives you adequate infrastructure, security, scaling and service levels. You might also lose some measure of control over your own data, but springing for a customer portal will put many of those concerns to rest.
5. Prioritize RTO and RPO. Many companies are comfortable enough with defining RPO and RTO by “mission-critical” and the rest as “we can take a day to get this back.” However, there is a big segment of business-critical applications like Exchange and Office that do not need continuous backup and recovery, but must be in place within hours, not days. Prioritize your applications by mission-critical (RPO in seconds, RTO in minutes), business-critical (RPO in minutes, RTO in hours), and the rest where RTO is measured in one or more days. Then apply your DP solutions accordingly, assigning near-continuous replication and failover to mission-critical applications, nearline disk to business-critical applications, and tape or cloud-based restore to lower application priorities.
6. Remember the edge. We’ve been talking about protecting corporate applications and rightly so – most corporate data is housed on networked servers and storage. However, mobile devices — including laptops, tablets and smartphones — now house over 30% of corporate data and that percentage is growing. A lost or corrupted cell phone isn’t going to bring down a company like a lost data center might, but with so many devices in the market a loss of even a few of them can threaten corporate data and security. When you are planning your corporate DR response, remember the edge devices and allow for data protection. The easiest solution is to adopt an edge file capture product that stores employee mobile data to a corporate-owned cloud site. IT and its provider apply best practice data protection to the central repository for robust edge protection.