Network access during the disaster recovery operations process

Just as a working network is absolutely essential for normal business operations, the same is true during disaster recovery (DR) operations.

Just as a working network is absolutely essential for normal business operations, the same is true during disaster recovery (DR) operations. In fact, it's possible to argue that a working network is even more important while recovery is underway because so many recovery operations depend on network access to succeed. Even normal workday business tools such as email, instant messaging (IM), telephone service, database access, and line-of-business applications take on heightened importance when those tools must go to work in bringing business operations up from nothing tangible to something useful and at least moderately functional.

First, and foremost, disaster recovery or business continuity (BC) plans must address the following elements of network access in the context of making them available as quickly and completely as possible, at least for members of the DR/BC teams (and over time, for the entire workforce as well):

  • Communications: Email and instant messaging must be available, and working more or less as normal. Many organizations arrange for outsourced access to email services during the recovery period, and rely on a combination of consumer-grade IM software with commercial-grade security and protection software to limit the security and disclosure risks that such software can pose.
  • Applications: Key databases and related front ends and tools must be restored as soon as recovery time objectives (RTOs) dictate, particularly for contact and client information, parts and inventory, order processing, and so forth, along with line-of-business apps such as HR, ERP, and so forth. Mirrored hot backup sites can deliver the quickest uptimes, but many elect to restore backups at warm or cold sites to save money. This can keep employees in touch with key Software-as-a-Service (SaaS) applications, multi-tiered apps and services, custom applications and so on.
  • Remote access: If employees can work from home while disaster recovery is underway, organizations suffer much less from lost revenues and opportunity costs during a disaster recovery period. This observation grants special urgency to funding for hot backup sites and remote access technology, even during tough economic times like those we're experiencing right now.

Remember, when disaster strikes or recovery becomes necessary for whatever reason, all basic needs for access and functionality remain unaltered. In fact, during a recovery effort, additional needs for access often become necessary to help facilitate and speed the recovery process to completion. This helps to explain why it's such a fantastic idea to arrange for rapid deployment of high-speed wireless networks, and such high-speed wired infrastructure as may be necessary to support transplanted disaster recovery teams and the data centers they invariably bring into operational status.

More on networking and disaster recovery
Server virtualization strategies for disaster recovery

A sample disaster recovery network checklist procedure

Top disaster recovery tips for protecting your VoIP systems
Beyond support for DR/BC teams and data centers, however, disaster recovery also invokes what some call "the remote access imperative." This enables employees, partners, and others to keep working remotely even when the normal workplace environment may be completely out of action. The key to this kind of infrastructure relies on secure VPNs to provide an access path to backup or fallback operations centers. This can be combined with redundant appliances at such remote locations to match whatever equipment is in use at primary data centers and other work locations. When primary sites become unavailable, remote users can switch over to the backup sites without a loss of access or services. To make this kind of approach work best, it's also important to test and measure fallback environments versus primary counterparts to make sure that access methods, data available, and response time and latency don't vary noticeably.

When it comes to implementing a backup scheme like the remote access approach just outlined, it's also important to address these technology requirements:

  • The chosen solution must be easy and quick to deploy so as to ensure minimal or no disruption of service and access
  • It must be sufficiently scalable and available to handle even peak loads during the recovery process (and very likely beyond normal peaks, owing to the background activities so often involved during restoration)
  • The chosen solution must provide access to all key applications, services and data so as to impose minimal or no disruption on normal work activities
  • The chosen solution must maintain compliance with mandated regulations and best practices, and must also be sufficiently secure to maintain proper security coverage throughout the recovery period

When planning for backup or recovery sites (particularly for failover or hot backup situations), it's essential to think about the geographic scope of potential disasters. A building next door or down the street won't be much good as a workable alternative if a hurricane, forest fire or earthquake occurs. That's because a nearby site is just as likely to be rendered inoperable as a primary site if the two are too close together. Most experienced DR/BC professionals look for sites that are at least 100 miles away, if not several states distant, so as to keep local or regional disasters from knocking out a backup site as well as the primary site.

SSL-based VPNs for remote access and recovery

To those ends, SSL-based VPNs are particularly well-suited to deliver remote access during recovery operations. Furthermore, SSL VPNs are clientless, and work through any Internet browser, so virtually any Internet-connected PC (netbook, notebook, or desktop) may be used for remote access. SSL VPNs operate at the application layer, to maximize security protection and application of appropriate compliance and security policy requirements. They also support fine-grained access controls, so organizations can count on the same rights and privileges taking effect both locally and remotely.

Finally, support for strong encryption and strong end-point security also protects remote communications from unauthorized snooping or sniffing. In fact, these same technologies can be used at all times to facilitate teleworking, and to help reduce commute times, and boost worker productivity. That's why many organizations are taking this approach to boost connectivity during normal operations as well as during disaster recovery. This helps speed the payoff on the investments involved, and ensures a better ROI overall.

About this author: Ed Tittel is a long-time freelance writer and trainer who specializes in topics related to networking, information security, and markup languages. He writes for numerous TechTarget.com Web sites, and recently finished the 4th edition of The CISSP Study Guide for Sybex/Wiley (ISBN-13: 978-0470276886).

Dig Deeper on Disaster recovery networking