No doubt about it, losing bits bites. Even the loss of a tiny amount of information can prove to be a company’s undoing. Lose a lot of them and you can be in a whole world of trouble from lawsuits to financial ruin.
A big part of disaster recovery, then, is copying the bits and storing them somewhere else other than the main data centre. But where should one squirrel that second data centre where it will be both safe and readily accessible? In other words, how far away is far enough? It is, by all accounts, a tricky question.
The question of how far is far enough arose after 9/11 when a significant area of Manhattan was shut down as a result of the horrendous terrorist attack on the World Trade Centre buildings. Some estimates show as many as 18,000 businesses were affected. All of the recovery vendor sites were filled to capacity.
A backup data centre hundreds of miles away can’t effectively mirror data in real time, so the risk of lost data between the last backup and the event is increased. Disaster recovery site placement isn’t about the IT, it is about the disaster. If the CEO lies awake at night worrying about the Mayan 2012 apocalypse, then the moon or Mars might be good, if impractical, choices for DR site locations. Fortunately, most business executives have a narrower and more realistic view of the disasters they want to hedge against.
Mapping the Threat
The first step to determining where your disaster recovery centre should be is to map the probable threats to your company. Your geographic area will determine the nature of the most likely threat. If you’re located where there are natural disaster propensities, then close by may not be the best answer. Another negative is having the DR facility located on the same power grid as the primary data centre, which will then cause the same exact challenges if there is a blackout or brownout.
If these environments are not a challenge for you, having your DR site close by is a good option because your staff can still get to work and service the facility. Some companies with multiple data centres construct a centrally located DR facility for this purpose.
Before you stick a pin in the map and call it your new DR home, double-check the logistics of moving to and using the site.
While almost all companies backup their data, there are other elements to consider in the realm of high availability and disaster recovery. The application and the infrastructure need to be protected as well, if the organisation intends to continue business operations and/or to minimize downtime when an event occurs.
Indeed, developing a checklist of needs is in order, and then you will know exactly what to backup and how to evaluate the proposed DR site.
The ‘distance debate’ really boils to risk and cost.
In order to answers the “How far is far enough?” question, ponder the following factors:
- The level of data protection and fibre optic distance limits.
- The topography of the area for vulnerability to natural disasters and malicious physical attack.
- The logistics and infrastructure to support the movement of people (including work at home options) and resupply goods such as diesel fuel.
- The nature of facilities options and cost of upgrade.
- The regulatory requirements/guidance for specific industries for “out of region” recovery.
- The other options to improve recoverability from a range of threats to business operations.
This last one is vital, some organisations get all wrapped up in distance issues without recognising other gaping holes to maintaining operationally stable, available, protected and recoverable business systems. Efficient and effective management of risk to business operations is a ‘big picture’ game.
Rules of Damage
While the perfect answer for each company will differ according to individual need, there are a few general rules to guide you through the site selection process.
Consider regional disasters first. If you are close to hurricane or earthquake zones, then you should have your recovery centre at least 100 or more miles away. Another risk factor might be a nuclear power plant. On a smaller scale, you obviously do not want your recovery centre located in the same flood plain as your production data centre.
If wide-spread disasters are not at issue, think smaller distances. As an absolute minimum, three miles should be sufficient to avoid problems. Generally, however, having a recovery centre at least a 100 miles away should still be considered a best practice for data centre recovery. This is usually impractical, however, for office or work area recovery where transport of significant numbers of people is necessary.
Don’t overlook people-issues in DR site planning. For work-area recovery, DR centres typically need to be within 20 to 30 miles of the standard work area. In addition to the distance, ideally you should look for a site which has multiple means of transporting the people to the site (e.g., roads, light rail, train, boat, etc.). This helps ensure that if one transportation mode is down or blocked that your people are still able to arrive at the recovery centre.
Cloud Cover
By performing a risk assessment on the business that includes geographical location, physical location, labour force availability, point of where the revenue stream is generated, the business will be able to make informed decisions on ‘how far is far enough’.
The ideal answer to this question is for the business to work towards implementing true Cloud computing. Then there is no dependency upon the physical office space. That means your telephone system, network infrastructure and workspace should all be through a hosted environment.
Using the Cloud to cover DR issues is a viable option even though for businesses that have large office pools, true Cloud computing may not be possible because of the constraints of the business operations. But the Cloud still can help you avoid many of the problems associated with having your own DR site. The Cloud is even beginning to reverse the entire DR equation.
