Editor's note: This article was expanded and updated in November 2017.
When building a data center disaster recovery plan and a business continuity plan, remember that you are protecting a significant investment in information technology and communications. Depending on the nature of the disruption, the data center's overall integrity may be untouched or it could be totally destroyed.
Disaster recovery (DR) plans need to be flexible and scalable to address a broad range of disruption scenarios. The same goes for business continuity (BC) plans. Both plans also need to be tested regularly to ensure that the technology, processes and people all work together with as minimal disruption to the business as possible when a disaster strikes.
This data center disaster recovery planning guide focuses on best practices for setting up a DR plan. Discover the most important factors in a successful data center DR plan, who should be involved in the planning process and how to get started.
Business continuity plans ensure people have a place to work when their original location becomes unusable. A BC plan should outline essential business functions, clearly identify those systems and processes that must operate without interruption, and specify how to maintain them. It should take into account any possible business disruption.
A DR plan is a broad term that describes a process to recover disrupted IT systems, networks and other critical assets an organization uses. Having a DR site is a crucial factor when planning your organization's recovery from any disaster.
Companies can set up an internal site that it owns and manages, or an external site through a cloud or service provider. Organizations that need data back quickly often choose an internal site, typically a second data center that enables quick resumption of business. However, cloud-based disaster recovery options increasingly offer fast response times to meet tight recovery time objectives.
External DR sites can be hot, warm or cold. A hot site can serve as a fully functional data center that companies can move into if a disaster hits the primary data center. A warm site has equipment, but not data. The organization must add customer data -- and often hardware and software -- after the disaster strikes. A cold site has IT infrastructure, but no equipment until a disaster hits. Cold sites are for organizations or specific workloads that can wait for an extended period to get back up and running.
An organization may use several types of sites, putting its most critical applications and data in a hot site and less important systems in warm or cold sites.
For comparison purposes, a data center disaster recovery plan focuses exclusively on a data center facility and its infrastructure, e.g., physical location, construction, security, power sources and environmental systems.
A key activity in preparing a data center DR plan is an operational risk assessment of the building or facility. The assessment analyzes key operating components, such as building location, e.g., access routes, proximity to fuel storage tanks, proximity to highways, rail lines and airports; power generation, e.g., commercial power, backup power systems; power protection, e.g., grounding and bonding, lightning arrestors, line conditioners, surge suppressors; HVAC (heating, ventilation and air conditioning); critical systems, e.g., servers, VoIP systems; network infrastructure, e.g., cabling, connectors, routers, copper and fiber circuits; security, e.g., physical access and information security; workspace, e.g., offices, conference rooms, cubicles, furniture, lighting; fire protection, e.g., fire detectors, smoke detectors, fire extinguishers, FM-200 extinguishing systems; building floors and walls, e.g., fire-rated walls, raised floors; and utilities, e.g., water, power, sewer, communications.
When planning a data center operations risk assessment, coordinate with IT management and building management, if your firm is a tenant, or with facilities management, if you own the building. Review your objectives for the assessment with these organizations before starting.
And review your risk assessment checklist -- if you have one -- with IT management, building management and facilities management to ensure you cover all the bases. If possible, ask IT and facilities for any assessments they conducted or have on file. These may help save you time, unless the data is more than a year old.
Perform the following actions in the assessment:
Compile the results from data center operational assessments into a gap analysis report that identifies what is currently done versus what ought to be done, with recommendations on how to achieve the required level of preparedness and the estimated investment required.
As part of the analysis process, examine the impact of a data center disruption on the business. What will happen to critical business processes if data center operations are disrupted? What might happen to the company's image, reputation and competitive position in the aftermath of a data center disruption?
In addition to identifying business impacts, the assessment can demonstrate opportunities for improvement, and it can also help the development of the DR plan by identifying existing situations -- e.g., older diesel generator that should be replaced -- that may be affected by a disruption.
Once you have analyzed the data center and have identified potential risks to operations, prioritize the risk scenarios in order of severity, potential damage and likelihood of occurrence. This can be used to focus the plan's response activities in the proper sequence for the situation. (see our free, downloadable DR planning template and checklist)
Using the structure noted in the National Institute of Standards and Technology's SP 800-34 standard, "Contingency Planning Guide for Information Technology Systems," we can expand those activities into the following structured sequence of activities:
When building a data center DR plan, keep in mind the following guidance:
Data center disaster plans help protect a significant investment for most organizations. While some firms address data center recovery by building a second data center or leasing specially equipped space at a third-party facility, a careful assessment of data center operations and risks is an important starting point in a DR program.
27 Nov 2017