Developments such as Web 2.0, mobile computing and wireless hotspots mean that application and system availability requirements become more and more critical. In turn, the processes and tools required to protect those applications have evolved as well.
Today, there are a myriad of technologies offering different approaches to data protection, application availability, high availability and disaster recovery. These technologies typically have at least one thing in common: they are IT-based solutions that are built to protect IT assets. When it comes to business continuity, it is imperative that choosing the right solution is a business decision based on the level of risk and disruption that can be tolerated by the different parts of the business.
For example, email is ubiquitous and preserving access to email through any type of disruption should be a priority, with 100 percent uptime the goal. Database applications such as sales order processing or online collaboration and content management may also require 100 percent uptime as the impact of downtime will be too much of a risk to the business. Other applications, such as purchase order processing, may demand no data loss, but a recovery time in the region of one hour may be acceptable. There may also be applications that are non-critical, where data can be recreated from original sources, or that are low risk and downtime measured in hours, or even days, is acceptable.
No one size fits all
Business continuity requirements will vary according to business type and function. There is unlikely to be a “one size fits all” solution for all applications used in business.
Ultimately, the risk to the business will be the driving factor. Assessing business need requires taking into account multiple factors. Data protection with extended recovery times may be acceptable for some functions, immediate data access for others. Protection through planned maintenance may be vital in some instances, 100 percent availability through disasters for others. Technology selection must address gaps between business expectations and existing IT capability. Closing the business continuity gap ensures IT delivers what business expects.
What are the options?
There are two approaches to business continuity: recovery centric or availability centric. Quite different technology is used to deliver the two approaches.
Today there are two classes of technology which can be adopted in a recovery centric strategy: back-up or replication. Both are typically focused on data protection.
Ranging from legacy tape technology to continuous data protection, there are a complete set of back-up technologies that will protect data. Whether held in tape format or on disk, recovering from a back-up will require rebuilding databases and file systems then reconnecting with applications, which themselves may need rebuilding. Although back-up technology can approach a Recovery Point Objective (RPO) of zero data loss, a Recovery Time Objective (RTO) measured in seconds will not be achievable. This is because of the focus on data protection and the separation (or lack of) application protection. Of course, back-up provides great flexibility for disaster recovery as tapes can easily be protected off site, and shipped to alternative sites on demand, but recovery of the business service will likely take days.
Today, replication is rapidly becoming an alternative approach for availability. Host or storage-based replication allows exact copies of operational data to be taken. Synchronous replication provides for no data loss, but considerations such as performance, cost and bandwidth requirements for off site protection must be taken into account. More widely spread is asynchronous replication, which has much lower operational implications and provides near zero data loss. The only loss would occur from potential transactions in flight at the time a failure occurred.
Why choose replication?
The big attraction of replication is that data recovery is not required. The online copy of data can be used immediately for failover. This is likely to require manual intervention, or significant scripting, and may require applications to be rebuilt. There is also a risk that application datasets may be missing from the replica copy if administrative processes have broken down and application upgrades have failed to be identified to administrators.
Protecting data off site for disaster recovery also requires closer consideration. There will be bandwidth considerations, and remote systems must be available to hold an operational copy of the data.
A recovery centric strategy will, by definition, be disruptive to the business. Recovery centric approaches are applicable to less important applications as business services will stop while recovery takes place. Although the level of disruption will be reduced with a replication/failover solution, it will still not be suitable for delivering an acceptable level of availability for mission critical applications. For such applications, an application or user centric approach is required.