Do Disasters Know A Season?

Disaster recovery was once a one-stop proposition. No more.

An article I read recently asked whether it was “politically correct” for vendors to contextualize their products in terms of disaster preparedness to capitalize on the current seasonal interest in disasters. Are they just trying to leverage fear, uncertainty, and doubt generated by the media with its coverage of earthquakes (the anniversary of the Big One in 1906 San Francisco just passed), tornadoes (a recent onslaught of twisters in the Midwest), and hurricanes (the season opens in about a month to the chagrin of Gulf Coast and Atlantic seaboard companies that remember all too well the vicious 2005 season)?

The writer excluded companies offering products aimed specifically at disaster recovery (DR), such as XOsoft, Neverfail Group, Arsenal Digital, and others. Peddling high availability and resiliency is what they do (see below). But he raised questions about the honesty of vendors (of storage management software, data archive software, content addressable storage, and good old-fashioned disk arrays, just to list a few) who offer wares that seek to address a set of problems not, strictly speaking, DR-related. It seems that a lot of them have recently sought a “DR hook” for their products that would enable them to capitalize on the uptick of interest in disasters.

Political correctness aside, I would argue that even seasonal interest in DR by vendors is better than no interest at all. In fact, recoverability needs to be a key criterion when selecting any technology that an IT decision maker is planning for use in his or her environment. As a veteran DR planner who has helped develop nearly 100 DR plans and written five books on the subject, I believe that when it comes to recovery from any unplanned interruption, the angels are in the architecture.

What I mean by this dictum is simple. Disaster recovery planning needs an overhaul. Current techniques and methods derive from the mainframe era, when recovery amounted to shifting operations to a backup data center where an identical mainframe platform was already installed and ready to serve as surrogate processor of your data. Twenty years ago, DRP was termed “secretary friendly” precisely because such a recovery facility could be had simply by signing a codicil to your mainframe maintenance agreement. Executing the contract subscribed you to a mainframe “hot site” from IBM, Sungard Recovery Services, or any of a half dozen or so service providers. In effect, you bolted on DR to existing infrastructure. No muss, no fuss.

This is no longer so easy to do. With distributed computing has come added complexity. Distributed multi-tier client-server architecture is, in many cases, like the tower of blocks in a Jenga game: ready to topple at any moment. The only cost-effective way to recover many n-tier client-server environments today is to design recoverability right into them.

Given this fact, DR can’t be treated as an afterthought, but must be considered as a design choice. You need to design recoverability directly into your platform—by selecting hardware components that are themselves recoverable, and by making good choices with respect to the middleware you use: message oriented middleware is superior to hard-coded remote procedure calls linked to predefined machine IDs or IP addresses or any other sort of set-in-concrete component identifier. Get it? The angels are in the architecture.

That said, I have to acknowledge the reality of the situation. A lot of technology being used by companies today has not been deployed with recoverability in mind. All things considered, you can’t simply rip and replace everything you have to make a more resilient infrastructure. Some sort of strategy is needed that will buy you resiliency while your organization evolves toward one that has disaster recovery built in.

Here are my top five steps you can take today:

Tip #1. Get educated.

You can’t start building resiliency into your computing architecture until you know what resiliency means and how it is provided. Take advantage of vendor-provided seminars to become familiar with what the industry thinks resiliency means in terms of product features and functions. Steel yourself against the inevitable marketecture. No vendor, however glib, is going to describe the foibles of his product—that’s for you to figure out.

One event that might interest you is a Disaster Recovery and Data Protection Summit, chaired by yours truly, taking place in Tampa, FL from May 31 through June 1 (the official start of hurricane season). It is completely free to businesses and is the media sponsor. You can see the agenda, the speakers, and other details on-line at Be sure to register for the event soon, seating is limited to 450 delegates and registration is strictly first come, first served.

Tip #2: Read everything you can.

Seek out case studies about your peers, describing what products and services work and which don’t. Numerous publications are on-line to facilitate this research. Disaster Recovery Guide is one I like, and other links can be found at (

Tip #3: Deploy storage management software.

There are many products available, including Tek-Tools, Computer Associates BrightStor, and IBM Tivoli (among others). You may have been thinking about deploying one of these but haven’t had the bandwidth to vet them to decide which one is best for you. Do it now. Anything that will tell you about burgeoning problems in your infrastructure before they become a disaster will help avoid preventable events.

Value add: you will quite possibly improve the capacity allocation efficiency of your storage investment as well. So, it’s a double value.

Tip #4. Check your backups.

I use “backup” in the broadest sense of the term. Whether you use tape, disk, or optical media, the only way to protect data is to make a copy and to move that copy out of harm’s way. But you also need to check the process you are using to make a copy to ensure that it can be restored.

Unfortunately, testing backups is not done frequently. Many people find out too late (that is, when they need them to restore their business) that their copies are not restorable. If you lose your data, you lose your business. It’s just that simple. Try to perform a restore from your backup media today.

Tip #5. Start classifying your data.

At a minimum, start analyzing to determine what data belongs to which application, which applications belongs to which business processes, and which business processes are “mission critical” to your company’s operations. Management can usually point you to key processes. You need to perform some analysis to see where the data is that feeds those processes so it can be included in an iron-clad program of data protection.

If you are using Microsoft applications in your distributed infrastructure that are considered mission critical, you might want to consider putting software from companies like Neverfail Group or XOsoft to work for you. These products enable you to establish backup centers within your own company, between branch offices, for example, with redundant failover capability.

I like the Neverfail Group for its simplicity of set up and operation in a pure Windows setting. XOsoft is somewhat more expansive in its coverage for non-Windows software, such as Oracle databases, but also does a nifty job with Windows Exchange Mail and SQL Server. You can’t go wrong with either of these products as nearly as I can tell.

If you prefer to take the back-end approach to data protection, copying just the data but without the high-availability failover of processors, check out the services of Arsenal Digital. The company actually sells its services for backup-over-networks on a surrogate basis—through your local or long-distance telephone company, for example. In some cases, Arsenal’s superb service management and monitoring capabilities are blended together with data de-duplication and compression services from partner Avamar Technologies, which allow you to back up a lot of data with a small amount of bandwidth. Frankly, given the widespread availability of Arsenal Digital services, I can’t make sense of any of the excuses companies find for not doing something about data protection. Go to Arsenal Digital’s web site to learn more about what they offer and who, in your area, offers their services.

From Now On

Going forward, you need to evolve your infrastructure toward greater resiliency. Put the angels in the architecture so that disaster recovery is no longer a “seasonal” concern, but instead a permanent part of effective infrastructure design.

I will address some of the components of a resilient data architecture in a future column.

Until then, your comments are welcomed at Consider bringing your comments and questions with you to the Summit in Tampa Bay. The free, two-day event will feature many of the vendors mentioned here, plus many more. Most importantly, it will provide the opportunity for you to interact with peers, to share what you know, and to learn from the experience of others. Register today at