Gajus - Fotolia
For McKesson Corporation, downtime may literally be a matter of life or death.
Hospitals and other healthcare facilities can't reasonably keep every type of drug in stock in their own dispensaries. McKesson distributes drugs and medical supplies to hospitals, both during routine resupplies and emergencies. A strong and properly tested disaster recovery plan ensures nothing stops those important deliveries.
"We're delivering pharmaceuticals. If we can't ship product, somebody could die," said Jeffrey Frankel, senior disaster recovery engineer at McKesson Corporation.
McKesson Corporation is a Fortune 7 pharmaceutical giant with about 70,000 employees and business units spread across the world. From an IT perspective, each of those units run autonomously -- there is no single IT infrastructure that connects all of them. Each location has its own IT staff without standardized technology stacks.
Still, all disaster recovery (DR) inside McKesson is handled by a central DR group, which Frankel is a part of. He said the biggest reason for this was to standardize DR practices across the business units and make it easier to establish and follow protocol.
"Individual units might be using VMware or Hyper-V or anything at all. But security standards and DR standards need to meet ours," Frankel said.
A centralized DR group also made it easier to test and prove recoverability. Frankel said this was especially important for keeping insurance and auditors satisfied.
McKesson began using Zerto six years ago, and it was the first time the organization used a third-party vendor for DR. Frankel and his DR group were only responsible for the pharmaceutical side of the business at the time, and they were previously using VMware Site Recovery Manager (SRM). However, Frankel said Zerto proved to be so much more efficient than SRM that the DR group's responsibility expanded to the entire organization.
One key feature that led Frankel to a Zerto purchase was journaling that allows for point-in-time recovery. He said this is a key difference between high availability (HA) and DR that many in his organization didn't initially understand. McKesson was already replicating to a second site, which solved the HA use case, but DR needs the additional functionality of restoring to an earlier version if files are corrupted or compromised.
Frankel evaluated Actifio, Veeam and SRM, and said Zerto had them beat on functionality, ease of use and flexibility. McKesson's business units have a wide array of failover setups, including on premises to Microsoft Azure, on premises to another on-premises data center, Microsoft Hyper-V to Azure cloud, VMware to Azure and VMware to IBM data availability as a service. Zerto worked with all of these setups, in addition to lowering McKesson's RTOs and RPOs.
"We have a wide variety of implementations, but none of our RPOs are ever above 15 minutes," Frankel said.
DR isn't just the technology behind it. McKesson's group is broken down into three teams, each handling a different aspect of DR.
The first team handles business continuity from the facility standpoint. They focus on the portion of the disaster recovery plan that deals with what to do if the facility is compromised and where workers go in order to continue working.
A second team focuses on consulting and logistics. This team works with executives to outline the scope of what's needed for DR, including what's considered mission-critical and the order in which business applications need to be brought back. This team also schedules tests and handles logistics and coordination when disaster strikes.
Finally, the engineering team, which Frankel is a part of, is responsible for all the technical aspects of the disaster recovery plan. They piece together the IT tools that make the previous team's plan work.
One new feature Zerto introduced that Frankel wants to expand is its analytics capabilities. Before this was implemented, he would have to give direct access to the Zerto console to consultants, auditors and other non-IT personnel in order to look at the data. This meant untrained staff could accidentally start a failover process. The analytics and reporting functions have removed that risk.
"We didn't want to give nontechnical people admin rights. Now, they can't break anything," Frankel said.