Oct 02 2008

Best Practices for a Disaster Recovery Plan

Follow these best practices to build disaster recovery into your virtualization plan.

Companies in the small and medium-size business market with good IT disaster recovery plans are in the minority. Industry watchers chalk it up to denial, limited resources and misunderstanding about what makes an effective disaster recovery strategy.

But all that is likely to change with the growing awareness of how virtualization can bring affordable and easy-to-implement disaster recovery to the SMB market.

At Campbell Clinic, an orthopedics health-care provider with four locations in Memphis, Tenn., disaster recovery wasn’t what led its IT department to adopt VMware Infrastructure 3 to virtualize its mission-critical applications; replacing aging servers, consolidation and cost savings were the main drivers.

“However, when I learned how virtualization could benefit us when it came to disaster recovery and backup, I was sold,” says Justin Lauer, Campbell Clinic’s IT manager, who describes the organization’s previous disaster recovery plan as “meager at best.”

Today, with 85 percent of its physical hardware migrated to VMware, the clinic has an enterprise-class disaster recovery and backup solution in place that’s reliable, fast and cost-effective. The company is also reaping the highly touted benefits of virtualization: capital cost-savings, elimination of the physical and geographical constraints of hardware, energy savings, high availability of resources and easier administration and management.

Campbell Clinic has said goodbye to using tape for backup and recovery. That’s a good thing because its daily backups of 100 gigabytes of data represented only about one-fifth of what should have been backed up to tape and taken offsite.  

“We had to pick and choose which data to back up because we couldn’t back it all up,” says Lauer. Now, with the exception of a few programs, all of the health-care center’s applications — such as Exchange 2007, SharePoint, accounting, human resources, payroll, and a core patient-management program —operate in the virtual environment.

Even when there was only a fraction of the organization’s data on tape, there was concern about whether the data could even be recovered in the event of a disaster, as well as the need to first rebuild servers and reinstall the organization’s applications.  

“Before virtualization I hoped I never had to worry about recovering from a disaster. Now I don’t stress about it anymore, and the IT team is free to focus on other things,” says Lauer.

VMware lets Campbell Clinic securely backup and migrate entire virtual environments in the event of unplanned outages.

Today, utilizing storage solutions from EqualLogic, Campbell Clinic has two SANs at its main data center and another at a collocation facility. The shared storage replicates to the SAN at the disaster recovery facility several times a day.

In the event of a major disaster at the main data center, replicated data at the collocation facility could be brought up on a server and made available within hours to workers at the health-care center’s other locations.

IT managers considering virtualization for their company’s disaster recovery plans should follow these best practices:

Harness the power of virtualization. Traditional disaster recovery based on a physical server environment is expensive, requiring the build-out of secondary data centers housed with idle hardware identical to production systems. The recovery process itself can be time consuming and complex.

Virtualization, on the other hand, lays the foundation for a disaster recovery plan that gives the midsize market access to an enterprise-class solution that was otherwise available only to larger organizations with deeper pockets.

To get started, companies should implement a proven virtualization solution such as VMware’s Infrastructure 3, which offers a feature-rich suite with a robust set of tools to transform the IT environment.

A virtualization product partitions physical servers into multiple virtual machines, each representing a complete system with processors, memory, networking, storage and BIOS. Operating systems and their applications are isolated in secure and portable virtual machines.

“Disaster recovery is a service that SMB companies can layer on top of a virtual environment at an affordable price,” says Gary Chen, senior analyst of SMB infrastructure at Yankee Group Research, in Boston. That’s because virtualization encapsulates entire systems into a few files that are easily moved with standard methods.

From an IT perspective, virtualization simplifies management and provisioning of servers through consolidation and reduces costs associated with administration, cooling and power consumption, and the purchase of physical servers. Companies also save by putting newly surplused hardware to use elsewhere.

Half of the 300 distributed servers at Desert Schools Federal Credit Union in Phoenix are virtual. The company’s 64 locations cover three counties in the metro Phoenix area. Chris Kearney, director of professional services at DSFC says the company reaps significant savings on a virtual machine, which costs about $1,000 to $1,500, compared with $5,000 for a standard Windows server and operating system.

But that’s not all. Desert Schools now has a more robust disaster recovery plan for its Tier 2 and Tier 3 applications, such as Microsoft Exchange, Active Directory and file and print functions .

Take advantage of the tools that automate the recovery process. Even in a virtualized IT environment where people and processes are optimized, best practices still demand that companies create a disaster recovery strategy, including processes and methodology.

“Coming up with a disaster recovery plan is the biggest challenge for companies, particularly SMBs because they’re not familiar with creating a playbook,” says Chen.

Among the key elements of any disaster recovery plan: identifying the processes and resources that are truly business critical; developing realistic and necessary recovery objectives; and matching objectives to costs.

A good disaster recovery plan also involves automation. Chen suggests that when planning for disaster recovery in a virtualized environment, IT managers should take advantage of tools that automate the recovery process. “This helps to eliminate human error,” he says, saving both time and money.

Campbell Clinic’s Lauer, for example, is interested in VMware’s Site Recovery Manager for its start-to-finish automation of the disaster recovery process and as tool for centralizing the recovery effort.

Adopt centralized storage. Centralized storage is another best practice of virtualization. Implementing a Storage Attached Network (SAN) allows storage to be allocated as needed to virtual machines running on virtual servers (in fact, some features in VMware’s ESX Server and other products actually require a SAN). SAN storage also improves manageability, flexibility and availability compared with direct-attached storage, which is much more cumbersome to administer. And backup is simpler on centralized storage compared with backing up individual direct-attached storage.

Desert Schools’ Kearney notes that other benefits of server virtualization are improved administration and management using a single console and the ability to store data on a SAN.

“It’s much easier to access and bring back data when it’s stored on a SAN compared with direct-attached storage,” he says. 

Use data replication to take the load off the virtual server. SAN backup and replication is also a must in any worthy disaster recovery plan.

When virtual machine files reside on shared storage, IT managers can use SAN-based imaging or an independent backup server to backup virtual machine files without creating an additional load on the virtual server where the virtual machines normally run, according to VMware.

Replicating the SAN to another SAN at a secondary location protects data against damage or loss and makes it available in the event of a disaster.

Both Kearney and Lauer do SAN replication for disaster recovery. While both note the importance of replication, Kearney explains that the process requires some forethought.

“Data must be staged and positioned on the SAN as well as designed for replication. A comparable virtual infrastructure also has to be set up at the recovery site,” he says.

Prior to virtualization, the disaster recovery plan for Tier 2 and Tier 3 applications at Desert Schools was a bare-metal restore and retrieval of tapes stored at an offsite location. 

“Replication and virtualization significantly improves our restore time, from days to hours, because our data is available on a virtual server at our recovery site,” says Kearney.

Virtual machines are hardware independent and can be booted up on any virtualized x86 server without modifications or changes. 

No more matching up hardware model numbers to backup tapes. “We’ve also eliminated the expense of having raw hardware sitting at a secondary data center,” he says.

Desert Schools has had a well thought out IT disaster recovery plan for at least five years, which is unique for an SMB. As it matured in its understanding of virtualization technology it was a no-brainer to use the infrastructure for disaster recovery.  

“VMware allows us to recover more in less time,” says Kearney, noting that the technology expands the scope of how much data the organization can recover.

Use the testing features built into most virtualization tools. Finally, a key best practice of any disaster recovery plan is testing. In the SMB market, small IT staffs filled with generalists are often the downfall of a robust backup and disaster recovery strategy.

Virtualization simplifies testing a disaster recovery plan. In fact, the VMware Infrastructure is built around a premise that disaster recovery tests should be routinely conducted.

Using cloning and snapshot tools to replicate data on virtual machines partitioned for testing, companies can run different disaster scenarios without affecting the production environment.

In fact, Chen points out that a virtual environment allows IT managers to put unused capacity to work — 10 percent here, 10 percent there — not only for disaster recovery but for testing as well.

“Virtualization makes it easy to test disaster recovery plans.” The bigger challenge, Chen says, lies in having the discipline to test.