Today, more than ever, disaster recovery (DR) – also called ‘business continuity planning’ – is a vital layer of protection for many organizations. However, a surprisingly large number of organizations do not have the proper plan in place to protect important IT infrastructure, applications or software.
In the past, the most common reasons cited by businesses for not protecting important data with disaster recovery services are because of cost, complexity and unreliability—making it unsuitable for all but the most mission-critical, enterprise applications. However, with emergence of strong proven cloud environments, this is no longer the case.
Classify Your Data and Systems
It’s important from the beginning to go through the exercise of classifying your IT systems into categories of importance. It’s up to you to determine the importance of systems as not all organization will be the same.
’Class A’: Mission critical system and data, should be classified as ’Class A’ meaning the most important and critical to your day to day business. Common examples are Email, BES, Domain Controllers, production code servers, etc.
‘Class B’: is still important, but something you can safely live without for a little while. Example: SharePoint servers, file servers, EFSS servers, video conferencing servers
‘Class C’: Data that needs to be stored purely for legalities or regulations, usually for several years
‘Class D’: Systems that do not require backups or protection
Set RTO and RPO for Each Data Classifications
Recovery Point Objective (RPO) and Recovery Time Objective (RTO) are one of the most important variables of a disaster recovery plan. These objectives guide the business case to choose a optimal data backup plan.
Recovery Point Objective (RPO): Up to what point in time could the Business Process’s recovery proceed tolerably given the volume of data lost during that interval? Or, what is the largest amount of ‘work’ that we can tolerate loosing? If a backup is performed daily at 6pm, your RPO would be 24 hours (24 hours maximum loss).
Recovery Time Objective (RTO): How long can you tolerate your systems to be down for? Or, the duration of time which a business process must be restored after a disaster in order to avoid unacceptable consequences associated with a break in continuity.
Once you’ve assigned your systems to the classifications above, you need to set a desired RTO and RPO for each.
Typically we have seen these scenarios, although your business is most likely different:
’Class A’: Active/Active failover, 1 second RTO and 1 second RPO. Servers and systems are replicated offsite in real-time, so if you experience issues within your primary environment – everything automatically fails over to the secondary environment with no downtime or data loss.
‘Class B’: 24 hour RPO, 4 hour RTO. Data and systems are backed up daily using common backup platforms. The RTO and RTO verifies here from 12/2 or 48/8
‘Class C’: Historically, achieved via tape backups. However the cloud has opened up new and affordable opportunities for long term data retention.
‘Class D’: Systems that do not require significant backups or protection
Choose a Vendor
Now that you’ve set the correct expectations, you can begin looking at vendors. More than likely, you’ll want 2; the actual backup software or ‘platform’ and the data destination host or ‘cloud’. You can read more about selecting a cloud vendor here.
Choosing a backup platform vendor can be tough, and there are too many options to discuss here. However, we at SCC have experience in most of them. If you’re not sure about a specific platform, ask us about it in the chat window on the left side of your screen, we’re always happy to help and answer your questions.
So you’ve now set the correct expectations, you’ve found great vendors that you trust, and you’ve successfully protected your applications, systems, and data. This is where most CIO’s and IT managers lose focus… DR testing requires an ‘honest look’ at your infrastructure.
We recommend Class A and B testing at least once a year. Schedule around the same time as your yearly fire alarm systems test.