A couple of years ago I came to work one Monday morning to find the disk drive containing all the CADD files for a major architectural firm was in its death throes and threatening to take all the company's irreplaceable project files with it. We had a set of tape backups, but when I mistyped the restore command (tar c instead of x); I wiped out the most recent tape.
After several days of recovery work, we lost just one day of actual data, but weeks of expensive staff time. I had also created a few irate clients in the process. Could this nightmare have been prevented? Yes, if I had thought about the importance of data recovery instead of just tape backups.
Do you know where your backup tapes are? Do you think you have an adequate data recovery plan in place? Have you ever tested your plan? If you're having that sinking feeling just about now, you are not alone.
According to a recent poll by the Enterprise Storage Group consulting firm, "About 66 percent of the respondents said the backup process took too long, while 49 percent cited the lengthy recovery process, and 40 percent pointed to the number of staff hours required to manage these processes. In fact, 51 percent said they were either worried or knew that their current backup schedule left some of their data exposed to potential loss."
Businesses are not ultimately interested in backups per se; they are more concerned with having their mission critical data available or easily retrievable when disaster strikes. Don't look at data protection from the backup perspective; turn the idea on its head and think about planning for data recovery.
In September we introduced general data protection concepts; this month we will use these concepts to help create a data protection plan for your business. Once you have identified your critical data and implemented appropriate ways to protect it, you will then be able to minimize the business disruption of that inevitable computer disaster.
Identifying Critical Systems
As with any planning project, the first step is to take an inventory of your existing computer systems. First, identify your major applications and the systems that contain your critical files and data. For example, a law firm is likely to use some kind of specialized document management system while a dentist might have a patient records database and a billing application. Think about the database(s) you depend on for vital customer information.
Don't forget your e-mail system for many of my clients, archived e-mail is vital business data. Whatever business you are in, you're going to have mission critical data located on a computer.
Next, list all those important databases and applications in a spreadsheet. Include information about how many gigabits of data you have; what computers the files are located on and whether they're in text format or database format. If you can open the file in Notepad and more or less read it, it is a text file, if it looks like gibberish than it is not.
This is important information that will drive your choices for a data protection application. If you have a SQL database for example, you will need specialized software. Most backup programs do not properly handle files that are in active use. Since databases are always "open", this can be a problem.
Now that you have identified the crucial applications and data, next inventory the hardware. If your company is dependent on a computer from the dinosaur age, it will be harder (or impossible) to replace. One client was shocked to discover their customized 486-based database system was completely unprotected and unsupportable. And if you've been hosting your company's Web site on an office computer, it's time to stop. For the cost of a cup of coffee per day, a Web-hosting center can fully protect your site off-site, where it won't tie up your company's bandwidth.
Look at the kind of backup you have in place now; do you use a second system, tape, floppy, CDROM or perhaps nothing at all? Think about how long it would take to recover a full system if you suffered a complete hardware and software failure. For a large file server, it can literally take days to recover all of your files, after you have replaced the hardware. These questions might seem picky and difficult, but without this information you will not able to formulate your data protection and business continuity plan. Wouldn't you rather be thinking about recovery now, instead of during a crisis?
Protecting Your Data
Now that you have identified your important systems, the next step is to think about how you would replace them. If a critical system fails how long could you do without it before it would negatively affect your business? Think carefully, because the answers will have a major impact on how you will protect your systems and how much you will spend to gain that protection.
If your business absolutely, positively, cannot afford to be off-line for more than a few hours, you might think about moving your systems to a hosted data center. Depending on your requirements you can either choose a fully managed system or possibly an ASP (application service provider) model.
Unless you have more resources than the average small business, you could never match the level of service and support offered by a managed service. Your provider supports everything for a price, of course. If you can manage your business without a system for the days it will take to recover it, do not waste your money; spend it on the systems that really matter for your business continuity.
Redundancy, I Said Redundancy
Data protection ultimately boils down to making sure you have accessible copies of your data in different places, so that if one system fails you can switch over to another quickly. I like to think of data protection as a cascading series of file and system copies. Each copy is further away and harder to retrieve, but it is still available for disaster recovery.
The first line of defense would be a simple disk mirror, which is literally two hard drives in your computer with identical information. Since computer disk drives are the components most likely to fail (except for the fan, they are the only moving parts), buy a system with mirrored hard drives so that if one disk fails, you will still have a working system.
If you purchase a system configured as a server, it usually has mirrored disks and a redundant power supply as standard options. The next level of protection is a duplicate system in a second location and a portable disk with critical data that can be transferred into the new system. This might work for a dataset of less than 20 to 30GB, but if you have hundreds of gigabytes of data, the data recovery can easily take a day.
Since tape backup is slow and unreliable, the modern alternative is near-line backup, or an on-site NAS (network attached storage) device, with regularly scheduled updates, so that the data is always fresh. These storage devices start at under $800 and are very easy to install and manage. They are the best solution for companies that maintain important files on people's desktops.
Using software like Centered Systems Inc., Second Copy or Backup for Workgroups by Lockstep, Inc., you can take scheduled "snapshots" and store them on the server or NAS. This solution allows you to recover your data quickly, but it will not help if you need to rebuild your server, unless you purchase additional specialized system imaging software like Ghost and Acronis that capture your operating system configurations.
After you have created several recoverable copies of your data locally, look seriously at the added protection of off-site backup. For small amounts of data, less than 10GB for example, the price of managed off-site backups is reasonable, figure about three-to-five dollars per GB per month.
As you can see, with some advanced preparation you can identify the important systems that need to be fully recoverable quickly. You can then devote resources to making sure those systems are properly protected and easily be recoverable in the event of a disaster. By careful planning, you can apply your scarce resources to the systems that really matter and not waste money on backups that will not meet your primary objective to get back to work quickly and painlessly. Hopefully all the disaster recovery planning will never actually be used, but it is better to be prepared than be caught without.
Beth Cohen is president of Luth Computer Specialists, a consulting practice specializing in IT infrastructure for smaller companies. She has been in the trenches supporting company IT infrastructure for over 20 years in a number of different fields including architecture, construction, engineering, software, telecommunications, and research. She is currently consulting, teaching college IT courses, and writing a book about IT for the small enterprise.
|Do you have a comment or question about this article or other small business topics in general? Speak out in the SmallBusinessComputing.com Forums. Join the discussion today!|