Business continuity planning is an involved, exhaustive process, but it isn't one that storage administrators can ignore in the post Sept. 11 world. Because storage is only a small part of the process of business continuity it's important to keep an overall view of the process.
In a paper titled "Storage area networking: An essential guide to SANs as a component of business continuation", Mark Steinberg of Hill Associates, a telecommunications training and marketing firm, points out that: "Storage, as a part of an overall BCP, is not just about managing disk arrays and capacity or making sure the server stays up. Storage is about managing one's risk...
"A tightly integrated BCP that includes storage hardware, software and networking services can mitigate the risk of loss, while securely protecting data from even the most often cited reason for loss -- human error."
For storage administrators, Steinberg says, the key questions are:
Where should the data be stored?
How many copies are required?
How often should copies be made?
How will copies be restored and recreated?
How should copies be retrieved if required?
Under what circumstances should a plan of recovery be initiated?
All this has to be considered in the context of the overall business continuity planning process. At a very high level, Steinberg says, that process should work something like this:
Assume a total disaster
Start planning from a worst-case scenario. It's the least likely disaster, but the one that provides the most rigorous test of your plan.
Identify critical applications and equipment.
The key question is: "What is the cost to the enterprise of <emph> not </emph> having this application or piece of equipment available?
Understand your needs
Ruthlessly separate 'must have' from 'nice to have' while determining the pieces that your business has to have to function.
Devise a disaster recovery team and determine how to mitigate the risks of loss
Business continuity planning is by it's nature a team effort. Storage should be part of that team.
Recognize that there are many alternatives and approaches, with no perfect solution
In other words, you're going to make choices and compromises and you're not going to like all the implications of any realistic plan.
Test the plan before you commit everything on that strategy
Stringent, realistic testing is critical to any successful business continuity planning. Test your plan to the breaking point. It's the only way you'll find the flaws.
Deploy the plan in phases
Don't try to do everything at once. Deploy for success and build on the successes.
Train and educate the staff
Staff education and buy in is critical. No plan is better than the people who will have to execute it.
Monitor the process
A business continuity plan isn't a finished document, it's a process and the process needs to change as your business does.
Test the results over time
Test, test and re-test to make sure the plan still works the way it is supposed to.
Reevaluate and have regular updates of the plan and the process
Even the best plan becomes outdated over time. Don't just update the processes, occasionally rehtink the plan from the basics. Businesses change and business continuity plans need to change with them. This is especially important in relation to storage where technology changes rapidly and architectures shift with the technology.
Rinse and repeat
Like the movie of the same name, this can be called "The never ending story."
Steinberg's paper is available from the Hill archives at: http://www.hill.com/archive/pub/papers/2002/09/paper.pdf.
Rick Cook has been writing about mass storage since the days when the term meant an 80K floppy disk. The computers he learned on used ferrite cores and magnetic drums. For the last twenty years he has been a freelance writer specializing in storage and other computer issues.