| Time to review your disaster recovery plans? Mark Reeve gives his view on some current DR and business continuity issues for SME businesses.
Most small to medium businesses (SMEs) now
rely on processes that can no longer be replicated or performed
manually. Whether it be a simple suite of spreadsheets for accounting
or sales monitoring, or larger purpose built applications, the ability
of the organisation to continue trading with the correct level of
accuracy, service and audit would be severely compromised by an
extended period without the PCs and servers they currently rely
on. A case in point is a leading charity in London. It has had a disaster recovery contract in place for a number of years, with successful yearly tests being performed. The charity’s disaster recovery site was located within the same city as its head office. It was realised that in the event of a threatened biological or chemical attack, or a natural epidemic such as SARS, the local authorities’ new evacuation plans would clear the area, and would mean that neither the charities or the DR company’s staff would be allowed near enough to invoke the plan, never mind keep the servers operating for the other offices around the country. If the area affected did not include the DR Site itself, another problem that was highlighted was the possibility of multiple invocations from multiple customers. In this scenario the small to medium businesses, which cannot justify the cost of the ‘Gold’ services offered by the DR companies, would simply be ‘placed on hold’ until the larger corporate companies have been taken care of and/or extra servers had been found and implemented. The original risk assessment for small companies was based on the chances of X amount of companies having a fire/flood at the same time as themselves, offset against the cost saving of having the lower level of contract. With the chances of entire areas being attacked or evacuated beginning to be as likely as the theoretical fire these calculations have to be reconsidered. A recent survey in the US showed that the threat of fire has been significantly reduced in many computing installations. Prior to 1980, damage associated with fire, including fire-fighting operations, was estimated as causing 62 percent of total installation losses. During the intervening years to the present day, fire detection and suppression systems have reduced this threat to 9 percent of the losses, where as power surges and brownouts (a dip in the power level supplied to the computer equipment) account for 19 percent of all disasters. DIY The last few years has seen the widespread introduction of Broadband and ADSL communications enabling the fast, reliable, cheap and (if implemented correctly) secure transfer of data between sites. In 1992 a 512MB line to a remote office would have cost £900 a month, the equivalent ADSL connection could now be as little as £29 a month. If you're already using private lines to link offices, it’s possible to now use a Virtual Private Network - not necessarily to replace those lines, but at least to back them up. If the private lines go down, you can safely and securely send your site-to-site data over the Internet. If you have ‘standard’ routers (such as CISCO etc.) at the edge of your network, then you already have all the hardware you need for a disaster recovery VPN. All you need to do is get the operating system upgraded and spend some time configuring - and testing - the back-up plan. If you've got a remote-access system at corporate headquarters, then you also have a big piece of the picture. Reviews by various network publications show that you can link almost everything. There are many suppliers of low-cost VPN back-up devices that perform these tasks, or even consider using your Windows 2000 servers as site-to-site VPN gateways. Some connectivity, no matter how ‘simple’, is better than none. The cost of servers, especially those capable of simply holding your data and performing your critical functions, can often be obtained for much less than the equivalent cost of the corresponding DR services. This is especially if a common sense approach is taken with the realisation that in those circumstances the fastest and most up to date machines would not actually be required. Many sites are now taking the pragmatic approach when they upgrade their servers, the old servers are being earmarked as disaster machines and are being located and connected accordingly. With the increase in the use of PCs at home the general IT literacy of SME staff has much improved over the last few years. The opportunity of being able to site a server at one of your remote sites is perhaps an easier solution than once appeared. Further advantage could be gained by enabling access from the Internet to your disaster machine so that staff could work from home if the circumstances dictated that the availability of PCs and space at your chosen DR location is limited. One key point that was learnt by businesses after September 11th was that whilst the hardware was easily replaced, the IT/business knowledge of the staff was much harder to recover. Having your backup servers within your own organisation, on remote sites, would greatly strengthen your ability to survive, should there be a situation. As far as transfer of knowledge is concerned, yet again it would be beneficial to ensure that throughout your organisation, those with the knowledge share that knowledge. Conclusion Quattro Consulting offers a specialised service assisting users to enable their IBM iSeries-AS/400 to operate to its full capacity and capability, irrespective of the application that is being run. Contact Mark Reeves at mark.reeves@quattroconsulting.co.uk
•Date:
10th October 2003 •Region: UK/Worldwide •Type:
Article •Topic: IT
continuity |
