In-Depth

Virtualizing Disaster Recovery

Virtualization can be a boon to business continuity and disaster recovery planning -- provided you understand the risks

Virtualization proponents have been touting a trifecta of virtual advantages: significantly increased density, better overall utilization, and improved manageability.

Increasingly, however, they are also are praising advantages IT pros may find even more compelling: substantially improved resiliency, responsiveness, and business availability. When deploying new applications or workloads is as simple as firing up a new image and bringing it online, why shouldn't redeploying existing applications or workloads -- particularly in the aftermath of a disruption of service (or a full-blown disaster) -- be a similarly trivial exercise?

There's a lot of truth to this, experts say. Virtualization can be a boon to business continuity (BC) and disaster recovery (DR) planning -- as long as adopters understand the risks that go along with such practices. It's a mixed bag, with a lot of good and some bad.

The first and most compelling issue is that many enterprises don't yet conceive of virtualization as a means to enhance their BC and DR plans.

Most are still fixated on virtualization as a panacea -- for server consolidation efforts, as a means to increase utilization while lowering overall power and cooling costs, or as a way to boost manageability and flexibility. It's a compelling option for all three problems, experts say, but its applicability with respect to BC and DR planning shouldn't continue to get such short shrift.

To the extent that customers can consolidate and virtualize their existing workloads, they can also easily redeploy them in the event of a disaster or disruption. Working with providers such as Sungard, they can pursue more sophisticated DR or BC options, such as geographical distribution, enhanced manageability or monitoring services, and established DR and BC best practices (particularly with respect to people and process issues).

"We find that we have to educate customers," comments Matt Carey, product development manager for veteran DR and BC specialist Sungard. Carey, who heads up Sungard's ambitious virtualization practice, notes that "What we're finding is that folks have somewhat fallen into the more glamorous aspects of virtualization, [such as] server consolidation, the general advantages they get around saving data center space, the ability to provision servers faster and leaner -- [as well as] having fewer physical servers to worry about.

"For the last year or two they seem to have been focused on that, and in many instances, though not ignoring, have neglected the focus on availability, so it's [an issue of] educating them."

If customers do embrace virtualization as a means to boost reliability or availability -- or as part of their BC or DR plans -- they're planning tends to be less than ideal. "The folks who have already implemented and who'll tell you that buying off-the-shell virtualization software gives them built-in disaster recovery, they tend not to be too ambitious with it," Carey indicates. "They'll say, ‘If I'm implementing VMWare, I can just VMotion [i.e., redeploy] this machine from the first floor to the third floor of my building and that's my disaster recovery plan.’"

This is not -- and has never been -- the Sungard approach, Carey stresses. "For us, availability and business continuity are really grounded in expertise, monitoring, management, geographical diversity, redundant power -- all of the best practices we're known for [and] that we've developed over the years."

Nevertheless, Carey concedes, Sungard isn't the only vendor touting the benefits of virtualization for DR and BC. Even now, he suggests, other prominent vendors are also aware of this strategy.

"What you will see, if you're not already seeing it, is that some of the leading server virtualization providers are making their big push in '08 and '09 around positioning their solutions for business continuity and disaster recovery," Carey confirms. "Some of these established x86 [players] are looking to … partner with server and storage replication-type providers to do that. Their software again is sort of nimble within a WAN environment, but not over a WAN, so they need outside partners to help them make it work."

Sungard says it isn't concerned, however. As Carey points out, there are many other issues -- particularly with respect to the DR and BC planning process -- that Sungard specializes in, and it hopes to differentiate its own virtualization-related DR and BC offerings from those of upstart competitors.

"One of the issues [of virtualization as a tool for DR or BC] is information availability. Minimizing a footprint at the end of a day does put more eggs in one basket. If you are, in fact, taking three or four small dispersed data centers and consolidating them into one data center, that notion of single point of failure still resonates with people," Carey argues. "There are certainly ways around providing those extra levels of resiliency and availability, and that's where we'll step in and help them mitigate that disadvantage by layering in some of the second-site capabilities we're known for."

There are other issues, including specialization. The rapid ascent of VMWare has placed a premium on VMWare-related skills, Carey says, so much so that VMWare-certified administrative technicians are in short supply and command high salaries. "They really do have some flexibility in terms of where they want to work, and it makes it difficult for companies to attract and maintain that kind of talent. Before [a company] embarks on this, they have to ask themselves: Do we have the capability to do this? Do we have the staff?"

Security, too, can be problematic. "Spinning up new VMs and moving them easily are all great, but it also creates a disadvantage around security," he observes, noting that VM images -- like backup tapes -- can be lost or stolen.

There's also a scenario that isn't necessarily an issue with backup tapes: VMs -- particularly dormant VMs -- might be seriously out of compliance with corporate security policies. "Typically the [VM] monitoring systems … have little vision into dormant VMs, [which] creates security issues when you're patching, so when you want to patch active systems, you can only patch active systems, [and] those dormant ones sort of fly under the radar," he warns.

Must Read Articles