| Hurricane
season 2004 made Charley, Frances, Ivan and Jeanne household names.
In 2005, Dennis, Rita and Katrina became forever etched in the collective
American memory. According to hurricane specialist William Gray
of Colorado State University, 2005 was the most destructive hurricane
season on record (see page 16). At this writing, 2005 had tied the
record with 1969 for most hurricanes ever in a season with 21 named
storms, according to the National Weather Service. For organizations
that did not have a weather-safe business continuity solution in
place for the 2005 hurricane season that would secure their data
and information technology (IT) infrastructure, it is time to implement
a plan for 2006.
Business continuity planning is the process of ensuring that an
organization’s important processes and facilities keep running
in the event of disasters or other breakdowns. Most IT managers
know that having a plan is important but critical components often
are either missing or not fully tested. As a result, the organization
suffers lost productivity, lost output and, in the case of government
agencies, poor or inconsistent service to citizens in a very urgent
time of need.
The first step in developing a business continuity plan is to identify
tasks that must continue in disaster situations and the IT components
associated with those tasks. The critical components include:
• Uninterruptible Power Supply: Keeping Systems Running—Power
can be the source of a business disruption (as in the blackout of
2003, when a simultaneous power outage struck dozens of cities in
the eastern United States and Canada) or the component that keeps
an organization running. Uninterruptible power supply (UPS) is the
most critical component of a business continuity plan because without
adequate power, the entire network infrastructure is reduced to
a series of very expensive paperweights.
A UPS battery backup unit is used to keep IT systems running until
the main power source is restored, a secondary power source is up
and running, or until the IT system can be gracefully shut down.
In the event of a sudden power loss, users may not have time to
save data, or their operating systems may be damaged—unless
a UPS kicks in.
Selecting the correct UPS device requires some fairly basic math.
Before purchasing a UPS, organizations must assess the amount of
power, and the amount of time, required to keep running before the
organization is able to switch to an alternate power source. Satellite
offices, for example, may require less power but more time, given
that IT staff may have to travel to the location to execute the
power transfer. Alternatively, some vendors have software that allows
for remote management of the UPS or executes a proper shut down
in the event that IT staff is not available.
The organization must also assess its projected growth and buy UPS
to accommodate that growth, ensuring that all systems are protected
in emergencies today and tomorrow.
• Data Backup: An Essential Step—With primary power
planning complete, the IT staff can focus on ensuring the survivability
of mission-critical data. Here, simple is still best, and tape systems
remain the reliable, proven approach for backing up critical data.
Data is copied on the tape at the organization’s main location,
and the tape is taken to a secure, remote location for safekeeping.
Although this step is basic, organizations must regularly back up
their systems and faithfully take the backup tapes to a secure,
offsite location.
• Data Replication: Seeing Double—Data replication is
a more extensive alternative to tape backups and entails duplicating
data at a remote site on redundant servers. With replicated data
existing at multiple sites, the organization can be up and running
again faster than with tape backup. Additionally, the IT system
can be set up so that the disabled, central site fails over to the
remote site, continuing computing operations with little to no interruption.
Many IT managers are considering data replication, especially at
government agencies, which are increasingly required to implement
disaster recovery plans with a data replication component.
PUTTING IT ALL TOGETHER
With the mission alignment and business continuity components in
place, the next step is to ensure that employees at all levels of
the organization understand the plan for continuing essential operations.
If employees don’t know what to do in a crisis, the plan has
little value.
All IT system components should be assigned to IT staff members
and their individual tasks detailed. The information should be written
so the most non-technical personnel can understand it, and copies
should be kept outside the computer network. The information will
not help if it is stuck in a disabled system.
Finally, organizations must regularly test their business continuity
plans. This is where many continuity strategies fail. Many plans
are not checked often enough or at all. One government agency did
not test its plan and discovered after critical information was
lost that its IT system was not backing up data. The plan should
be reviewed at least twice a year and always with the introduction
of new computing equipment or an increase in valuable data.
AN ONGOING EFFORT
Given the record-setting 2005 storm season, failing to plan for
storm-related outages really is planning to fail. Although no shrink-wrapped
technology solution will guarantee continuity of operations, by
proactively implementing a well-conceived plan, organizations will
be able to weather any storms that come their way.Keenan Baker is
a storage specialist with CDW Government, Inc. (CDW-G), a leading
supplier of brand-name information technology products and services
to government and educators. He is responsible for designing storage
solutions for customers in federal, state and local government agencies,
and educational institutions.
Kurt Tunelius is the American Power Conversion (APC) Vendor Champion
at CDW-G, where he designs network infrastructure solutions that
integrate racks, power, cooling and environmental management.
|
