Twelve days of limited or no telephone, electricity, internet and access to the business systems that are vital to run a business.Sounds like a nightmare, right? This was the reality for some companies, VARs and Managed Service Providers (MSPs) that supported these companies after Hurricane Sandy struck on October 29, 2012. For many companies, this was a rude awakening to say the least. One colleague who runs a MSP company with customers that have hundreds of servers and thousands of workstations told me that he had to run the company from home using his cell phone and home network because his business was affected by the outage.
Will it happen again? Of course. One can rely upon Mother Nature to act without considering the impact to computer systems and disregarding the impact to our lives and livelihoods. So, what do you do to prevent impact to your business?
The answer is classic. It was previously unavailable or of little value to the SMB market – create and test a Disaster Recovery (DR) plan and, just as importantly, create and test a Business Continuity Plan (BCP). From an information systems perspective, DR planning covers the steps from identification of a disaster, to ensuring that systems are restored to operation within the time period required by the business, the Recovery Time Objective (RTO), and with access to the data to the period required by the business, the recovery point objective (RPO). The BCP takes over after the disaster has been contained. It focuses on the steps to ensure that the people and processes can return to work, even in a temporary environment while recovering to a “permanent” state.
When I was VP of IT at BarnesandNoble.com and we were putting together our BCP plan, the ability to recover systems and data were quite easy because of the architecture and our internal processes. The solution to ensure that people could start working again after recovery from the disaster required some real thinking: Where would they work? How would they reach the operating applications if they could not gain access to their workplace, their computers, their telephones or the normal internal network? How do you answer these questions if you don’t have access to the financial resources of a large company?
There are technical solutions today that put BCP within the reach of the SMB market and it is possible to operate in a way that offers predictability for operating a company, even after a disaster. This is done by ensuring that:
Your systems are virtualized and managed in a highly available tier III plus data center with failover to a remote data center.
Data is stored on highly available data stores and it is replicated (with the appropriate RPO) to the remote data center.
End-user desktops are virtualized and hosted so that employees can use whatever device (workstation, tablet, etc.) is available to them in the event of a disaster and employees can still reach their original desktop, data and applications.
Virtualized end-user desktops can failover to the remote data center that houses the failover servers and storage.
Today, companies everywhere are using cloud environments for server and storage resources and moving to a variable operating expense model for infrastructure. Not as many are investigating and implementing cloud-based Hosted Virtual Desktops (HVDs). When considering cloud for the financial benefits of day-to-day server and application operations, if the requirements for desktop are included, a realistic solution can be found that is within the budget of the SMB market. Doing this can solve the technical issues of business continuity in the case of a disaster. This strategy helps me sleep at night. Isn’t that one of the goals of everyone who must manage IT for a company?