Are We Back Up And Running Yet?
It’s an all too familiar occurrence for businesses today: something goes wrong – from the simple accidental deletion, to the loss of an entire building’s worth of data and IT is supposed to make it all better. Right now. (Is it done yet?)
This is not always the easiest task to accomplish. Why? It may be worth considering that you’re using the wrong backup and recovery solution or you’re simply using the one you have incorrectly.*
Define The Disasters
It’s impossible to plan your recovery if you don’t know what disaster is you’re protecting against in the first place. Take a look at this list of potential disasters and identify which ones are important to you (or your customers if you’re an MSP).
- Loss of data – A deleted folder, a case of ransomware that encrypts every file on your server, or a database that becomes corrupt.
- Loss of an application – Changes to security or system configurations, or even updates that negatively impact services.
- Loss of a system – A hardware failure, or for those of you with virtualized servers, a crashed OS.
- Loss of connectivity – When applications hosted inside your walls are used externally.
- Loss of business location – Electrical outage, fire, flooding, or even a chemical spill outside the building.
- Loss of operations – Any of the previous disasters can represent a complete stoppage of business operations.
Not All Data Is The Same
It’s crucial to recognize the importance of your data, applications, systems, connectivity, and locations, as you may need to respond with a completely different recovery strategy in different situations.
To truly define the disasters you want to protect against, you’ll need to define the loss instance granularity. Clearly you are not going to treat all files on a file server with the same level of importance. You need to look at each data set, application, system, etc. and decide just how critical it is to the business.
For example, when thinking about a loss of data, you might be thinking about a specific file server and a few critical client endpoints. But when trying to protect against the loss of a location, you’re considering many more applications, endpoints, business processes, etc. The goal here is to make sure you know which parts of your environment need protecting, and from what disasters they need to be protected.
Getting Specific About RTO And RPO
Putting specifics around the amount of time you have to recover (Recovery Time Objective or RTO) and how much data you are willing to lose (Recovery Point Objective or RPO) on a per-recovery data set basis is key.
For example, a mission critical application may have an RTO of less than 15 minutes, and an RPO of less than 30 minutes, whereas files on a file server can have an RTO of 1 day, and an RPO of anything less than 1 week. Questions like how often to back up and where recovered data will be kept need to be answered for each of these objectives.
Remember, you’ll need to apply these objectives to each combination of “disaster” and data to be protected, because getting a server back up when there’s a loss of data is a completely different backup and recovery exercise than when there’s a fire in the building causing the server to go up in flames.
Defining The Actual Goal Of Recovery
Finally, this step will yield a set of technical requirements you’ll use to select a disaster recovery solution. By answering the questions mentioned, you’ll start at the actual goal of disaster recovery – Recovery – and work backwards.
Take the example of an Exchange server potentially going up in flames to spec out the backup and recovery. The server room would be gone, and you need that back up and running within 30 minutes, without losing more than 30 minutes of data. Using these criteria, you’re going to need to be able to recover to an alternate location, use image-based backups (or you can’t meet the RTO of 30 minutes), have incremental backups no more than 30 minutes apart, and use some kind of continuous recovery strategy that restores the incremental image backup as it is generated.
Now you create a few entries in your list of disaster recovery solution requirements:
- Image-level backups
- Support for Windows
- Continuous recovery
- Data compression technology
One Size Does Not Fit All
Your recovery needs will dictate your solution. That means you need to build out the true list of features, support, and capabilities necessary to recover your environment.
By considering the possible disasters, matching them with the data sets to be protected, and identifying what the needed recovery objectives look like, all in an effort to build a tactical requirements list for the actual backup and recovery, you can build the list that specifically meets your organization’s needs. Ultimately, this will help you choose a disaster recovery solution that is sure to meet your needs.
In order to get the most from your managed services contract you must carefully compare all potential providers to ensure they are willing and able to provide the services you need to keep your business moving forward in the future. If your managed services provider cannot supply the following three things (at minimum) keep looking until you find a company that addresses these issues.
*Source: SolarWinds Backup 2017.
If you would like to know more, please contact us at 1-800-871-9683 for a free consultation. Also, if you do not have online BDR (backup-disaster-recovery) and anti-virus/malware protection for your business, please give us a call to help you implement the latest systems. Our email address is: firstname.lastname@example.org