Essential_Guide_DR_June2006

Essential July 2006 The Guide to Choosing a Disaster Recovery Solution By Kathy Ivens Special Advertising Supplement This special advertising section was produced by Windows IT Pro in conjunction with Neverfail and appears as an insert in the July 2006 issues of Windows IT Pro. sponsored by F or many years, most IT professionals thought of disaster recovery as file recovery in the event of a computer or disk failure. Until recently, most companies were satisfied with a recovery plan that consisted of a nightly backup, usually to a tape device. When a drive failed, a new drive was inserted, the operating system and software applications were installed, and the data was restored from the tape. Life is different today. As computer equipment has become much more powerful and sophisticated, the notion of constant availability of data has replaced the notion of being able to restore data in a short period of time. At the same time, the definition of “short period of time” has changed from a day (or several days) to hours, and in some cases, minutes. Because protecting data is a given, backups will always be necessary. But the continuous availability of that data is now the priority. Businesses must maintain continuous access to applications and data for employees, partners, and customers. Downtime has become unacceptable, and disaster recovery means maintaining availability without downtime. What Is a Disaster Anyway? IT managers and consultants have been forced to enlarge the scope of the definition of “disaster.” We’ve learned that a disaster isn’t just a dead hard drive, a power loss, or a serious loss of data due to human error or malware. Instead, a disaster can include the loss of all communications in an area that extends beyond the office or the neighborhood in which the office is located. Terrorist attacks and natural disasters have also forced us to redefine the word “offsite.” As we have seen in tragedies such as the terrorist attacks on Sept. 11, 2001, and Hurricane Katrina, whole cities and even entire metropolitan areas can be rendered inoperative for some time. In the wake of such disasters, government agencies are establishing rules and regulations to ensure access to critical data. For example, in the United States, government agencies are estab- lishing disaster recovery mandates that insist on instant recovery for a variety of core industries, such as governments, healthcare, banking, brokerage, insurance, and other critical sectors. The point of these regulations, of course, is to ensure that this critical information is always available regardless of the scope of a disaster. The Securities and Exchange Commission (SEC) is developing disaster recovery mandates for public companies. As part of these mandates, if the company doesn’t have its IT systems available promptly after experiencing a disaster, the SEC will hold the board of directors and senior management personnel responsible. High-Availability Technologies Hardware and software solutions offer a variety of technologies to keep computers available. However, two technologies offer the most reliable and robust solutions for instant availability: one is Microsoft clustering and the other is third party software that is designed specifically for continuous availability. Clustering Clusters can be configured as a failover solution, which is generally referred to as clustering with Active/Passive mode (Active/Active mode is a cluster service where the cluster provides multiple active servers to service a large number of Regulations for Disaster Recovery Health Industry: Covered Entities (CEs) must maintain reasonable and appropriate administrative, physical, and technical safeguards to protect the confidentiality, integrity, and availability of their electronic protected health information (EPHI) against any reasonably anticipated risks. Public Companies: The Securities and Exchange Commission (SEC) rules state that public companies must maintain “Reasonable safeguards for information” and for availability. The Board of Directors and senior management will be held accountable. E-Commerce: Consumer Credit Protection Act (CCPA) section 2001 Title IX mandates availability of data in Electronic Funds Transfers including Point of Sale. All Businesses: IRS Procedure 86-19 requires offsite protection and continuous availability of computer records containing any tax information. users instead of providing Primary Server/Site failover services that ensure continuous availability). Dedicated When the primary site software (the active node) fails, the communications secondary site (which is paschannel and switch sive) takes over automaticalwith constant ly, becoming the active node. communication Usually, if the cluster is configured properly, the secondary node can become active Public network within a minute. The disaster channel and switch used by either the that triggers failover could be primary or secondary application failure, system server/site (depending failure, a power outage, or on which is currently any other hardware or softactive). ware failure. Clustering relies on a shared data device, because the secondary node uses the same data source to continue the work that was being performed by the primary Secondary Server/Site node before it failed. Installation of a Storage Area Figure 1 Continuous Communication Between Primary and Secondary Servers Network (SAN) is part of the setup and configuration for most clustering solutions. The SAN is wired to ware with your data. Two commonly used techthe primary and secondary nodes, making a nologies are electronic vaulting and remote standard cluster installation a good solution for journaling (see the Sidebar “Other Technologies a single location. for Disaster Recovery). However, continuous availability is difficult to implement with clustering if you need to set Third-Party Software Solutions up your secondary site at a remote location. If To bridge the gap between clustering and the you want to set up an offsite location that can degree of availability companies need, a market take over in the event of a major disaster that has developed for third-party solutions for disaffects a large geographic region, you have to aster recovery. The solutions are designed from invest in hardware and software that can over- the ground up to provide instant failover and come this limitation. A secondary cluster must continuous access to applications and data. In be set up and the SAN must send its data con- addition to making sure your critical business tinuously to another SAN at the remote location. applications continue to run locally after a hardThe secondary cluster nodes are wired to the ware or software disaster, you can use the softsecondary SAN and can use its data when that ware to have offsite locations automatically cluster becomes the active node. This can be an replace entire sites that have failed. expensive and complicated solution. To choose a vendor, you can view a demo, Another drawback to clustering is the fact ask for a limited use copy of the application for that a SAN—like any hardware device—is itself a review purposes, or check reviews in profespoint of failure. To guarantee continued avail- sional publications. Look for software that ability, you must have spare hardware and a ensures an automated “time to recovery” that is technology to populate the replacement hard- as close to instantaneous as possible. If need- ed, the software must provide all of its features and functions between your site and a remote site, in addition to operating within your local LAN. The communication between the servers or sites should be on a dedicated network segment, unrelated to the network accessed by users. In addition, both the primary and secondary servers or sites must have access to the public channel, although only one of the sites (the one that is currently active) will be using that channel. Figure 1 shows the communication configuration needed to make sure your disaster recovery software has continuous communication between the primary and secondary servers, and also provides public access to the server that is currently active. Some of the important features and functions to insist on are described in the following sections. configure the disaster recovery software for a series of corrective actions. For example, the application may have been stopped (by user action, which is sometimes inadvertent), and restarting the application may be all that’s needed. If the configured solutions fail, the disaster recovery software should automatically switch the services the application provides to the secondary server. Note: Be sure the software provides the ability to initiate a switchover to the secondary server manually, so you can make sure there’s no interruption of services when you have to perform maintenance tasks on hardware or software. Data Protection Data protection is where a good third-party solution outshines clustering. Rather than relying on a shared storage device, disaster recovery software should continuously replicate all data from the primary server to the secondary server. The data being replicated should include more than the data files produced by applications; the software should reproduce changes in folders (including shares), registry settings, and other important system data. The flow of data from the primary server to the secondary server should be transmitted without impacting the efficiency of the primary server (the user experience should not be impacted by the functions going on in the background). In addition, transfer of data should be filtered to make sure that the data sets on both servers are always synchronized. Data should not be sent from the primary server to the passive server as it is being received on the primary server. Instead, it should be sent as it’s written. Data that isn’t written (due to a disk problem or some other reason) cannot be passed to the secondary server because the data sets must remain identical. In case of a mishap in data exchange, the software should provide an efficient synchronization process. Impact on Users The most important focus for your implementation of a high availability disaster recovery system is to make sure users can continue to connect to data. If the source and location of the data changes because your failover recovery system has taken over, that change should be invisible to users. Uninterrupted user experiences apply to both internal users and external users who are accessing your Web servers or VPN servers. Users should be able to continue to use their applications without any need to close and restart the applications. Good disaster recovery systems should be so efficient and instantaneous that they are seamless to users. Users shouldn’t see an error message about an application having lost contact with the data, nor should the application be impacted enough to generate a “This application needs to close” error message. Protection Levels Disaster recovery software should address all of the functional parts of your system. This means the software monitors the applications, the data, the hardware, the operating system, and the network connections. Also, make sure the software has the capability to provide protection that’s designed specifically for your business-critical software, such as your email and database applications. System Protection Disaster recovery software has to monitor the entire system and apply failover measures if any part of the system is lost. The components of a system are generally enumerated as power, hardware, network connections, and operating system functions. The software should be able to monitor domain controllers, DNS servers, gateways, and the public Application Protection Application protection should include the ability to Other Technologies for Disaster Recovery Redundant Array of Independent Disks (RAID), which provides disk redundancy and fault tolerance for servers, is a popular hardware technology that uses an array of disks to provide failover services. Six RAID levels are available, with each level providing a different method of failover configuration. (RAID-1 and RAID-5 are the most common deployments). RAID is useful for keeping local servers available to users. Disk replication, in which data is written to two different disks (the main server and the backup server) to ensure that two valid copies of the data are always available. Disk replication can be performed locally or between two locations. Two data replication techniques are available: 1. Synchronous (Mirroring). This method uses a disk-to-disk copy, applying changes to the backup server at the same time changes are written to the main server. This method can degrade performance on the main server, and should be implemented only over short physical distances (within the local LAN) where bandwidth will not restrict data transfers between servers. 2. Asynchronous (Shadowing). This method continuously captures data changes in the main server to a log, and writes the log to the backup server. This is the recommended mode for offsite replication. Electronic vaulting, where the server is connected to an electronic vaulting provider to create automatic backups offsite. Data is transmitted to the electronic vault as changes occur on the server between regular automatic backups. The data can be restored to the original server, or another server (which can be in another location). Remote journaling, where transaction logs are transmitted to an offsite location, either continuously or through batch uploads. The logs are used to recover changes that occurred after the last server backup has been restored. connection (the means through which users access the server or the network). If the server is healthy, but user access is blocked, the software can switch over to the secondary server and use its communications channels for public access. The most reliable monitoring paradigm is continuous communication from the primary server to the secondary server in which the software monitors the primary server and continuously sends a message to the secondary server that says “everything is fine”. In the absence of such a message, the secondary server immediately takes control. This creates the shortest “time to recovery,” which is the essence of high availability. prises have to pay attention to the expectation of the public and regulatory agencies for continuous access to data. To properly protect yourself from a devastating loss of data, your planning for business continuity must involve more than computer data recovery through a restore process. To ensure that your business can continue to operate, your disaster recovery plan must focus on maintaining uninterrupted business operations. Kathy Ivens is a senior contributing editor for Windows IT Pro. She has written more than four dozen books and hundreds of magazine articles about various computer subjects. Her latest book is Running QuickBooks in Nonprofits (CPA911 Publishing). Summary Some enterprises have learned from painful experience the catastrophic impact on business that can follow from a lengthy operations outage. All enter- Seamless failover. Always connected. Keeping Users Connected. Keep your application servers zipped up and functional all of the time. Whether a single server or an entire site fails, availability to critical business applications fails, along with the productivity of users company-wide. No matter if you’re a start-up or a Global 100, server downtime will kill your business. With Neverfail, users are kept continuously connected to their applications no matter when, where, or why a failure occurs in the server environment. Neverfail delivers cluster-class disaster recovery, data protection and high availability software solutions to every size company, and at a significantly lower total cost and complexity. With automatic failover response measured in mere seconds rather than minutes, and no user or IT management intervention needed, no one covers your back better than Neverfail. Anything less is a lesser solution. Designed for Windows-based applications, Neverfail’s comprehensive suite of award-winning software solutions will help ensure that your productivity is never interrupted. To make your business a more productive — and profitable — enterprise, visit neverfailgroup.com for your FREE server analysis and take the first step to achieving true high availability. Or better yet, call or email us today to join companies all over the world who have chosen Neverfail for the most effective disaster recovery, data protection and high availability solutions in the industry. Keeping Users Connected. www.neverfailgroup.com info@neverfailgroup.com EXCHANGE • SQL SERVER • FILE SERVER • IIS • SHAREPOINT • BLACKBERRY • ORACLE • LOTUS DOMINO