We saw plenty of strong cases for sound disaster recovery planning in 2016.
The Delta Air Lines outage and ransomware made news in the wrong ways, while cloud disaster recovery saw advancements. These developments underscored the importance of careful planning and testing, whether on premises or in the cloud.
Here are some examples from the past 12 months where disaster recovery planning best practices could have helped, along with a recap of some of the advice we've offered on SearchDisasterRecovery.
Learn from the Delta outage
The outage at Delta was one of the top IT stories of 2016. It resulted in a global computer failure, forcing the cancellation of more than 2,100 flights and stranding tens of thousands of passengers. But DR testing could have prevented it.
"It was later discovered that approximately 300 of Delta's servers were not connected to a source of backup power," storage expert Brien Posey wrote in a DR testing tip. "This lack of connectivity to a backup power source likely contributed to the incident, but this also points to a much deeper problem. Had Delta performed DR testing, the backup power connectivity issue would have been discovered much sooner."
Posey made several testing recommendations in the wake of the outage:
- DR testing must be an ongoing process, not an annual event.
- Try to find any single points of failure.
- Be able to automatically fail over critical workloads to a secondary data center.
- Keep an eye on bandwidth consumed by off-site storage replication.
Follow these disaster recovery planning best practices -- your organization does not want to make the kind of news that Delta made in 2016.
Test your test
Testing is a much recommended but often missed element of disaster recovery planning best practices.
Independent IT consultant/auditor Paul Kirvan's top DR tip of 2016 is to conduct a "dry run" before the actual test. Bring in key departments, such as systems, network, database and facilities, to ensure "all players are in agreement on the process and that the test facilities are fully prepared," Kirvan said in an email. "This can be as simple as convening all participants in a conference room and/or conference call to go over the test, ideally the day before the actual event."
Among other recommendations, during the test, Kirvan suggests being prepared to stop and reschedule if it's not going as planned, and having a scribe take notes. After the test, the team should complete an after-action report and use test results to update DR plans.
Caution with containers for DR
Container storage had a good 2016. One example of its use is in Windows Server 2016.
Windows containers offer application virtualization and portability, Posey wrote in his tip article on how a container can be used for disaster recovery.
"Containers are an interesting option for disaster recovery because their portability could make it possible to easily move an application to a public cloud or alternate data center," Posey said.
But he stressed caution when moving a container from one environment to another.
"A Windows container could be a good tool for disaster recovery since it is possible to port containerized applications to the cloud or an alternate host," Posey wrote. "However, care must be taken to avoid breaking any dependencies or losing any data volumes."
As moving container data volumes can be a challenge, make sure to back them up and then restore them after the move.
Reach for the sky with ransomware recovery planning
Ransomware attacks unfortunately made lots of news in 2016. According to the U.S. government, ransomware is the fastest growing malware threat, and more than 4,000 attacks occurred daily in 2016, a 300% increase over 2015 numbers.
In his tip article on planning ransomware recovery, consultant Jim O'Reilly suggested using the cloud for DR.
"The result of using the cloud DR process to protect against ransomware is that you can get back to a working state, less the recovery point objective time," O'Reilly wrote. "Of course, the ransomware recovery time depends on how much data needs to be transferred to get things up and running."
O'Reilly recommended that the best place for recovery is in the cloud zone where the data is stored.
In following disaster recovery planning best practices, IT should also take care to adhere to security protocol, encrypting data at rest in the cloud and obeying government rules. A proper cloud disaster recovery approach can protect against ransomware.
Preparing for DRaaS
Disaster recovery as a service (DRaaS) is emerging as an affordable, flexible DR approach. With many new products launching in 2016 alone, planning for DRaaS has become increasingly important.
In his deep dive into selecting the right DRaaS provider, Kirvan urged detailed preparation. Among his recommendations:
- Decide if you really need DRaaS.
- Figure out what you wish to recover.
- Determine the timeframes for recovery.
- Verify security requirements.
- Identify any additional requirements for failover.
When you've selected possible DRaaS vendors, prepare a request for proposal to obtain information about their offerings.
You can never be too careful or comprehensive in your disaster recovery planning best practices, so pay attention to detail as closely as possible.
Top backup and DR software offerings
DRaaS leads the way in 2015
New, upgraded cloud DR products dominate 2014