Preparing for Disaster
Volume Number: 15
Issue Number: 9
Column Tag: Sytems
by Paul Shields
Developing a Disaster Recovery Plan for Your
Organization
What is a disaster? The dictionary defines a disaster as "an event resulting in great
loss and misfortune." For business owners, this phrase translates into: A disaster is
any event that affects the ability of a company to meet financial or contractual
obligations.
Are your systems adequately protected from disaster? What kinds of disasters are you
prepared for? Environmental events, theft, and accidental user errors are all forms of
disasters that can directly impact a company's ability to survive. Most organizations
think too big when they hear the words "disaster recovery" and thus fail to deal with
some of the most basic issues to ensure that they can remain operational in case of a
minor disaster.
Two other factors should influence your network administrator's concern over being
properly prepared. First, the year 2000 is quickly approaching and everyday new
reports of potential problems make their way into the media. If the power grid in your
region were to fail on January 1, 2000, would your company be prepared and be able
to survive? The second issue is the Internet's effect of making 24x7 support for
business transactions mandatory. Customers expect your service to be on-line at all
times and, with a worldwide presence, the middle of the night for you may be prime
time for a customerof yours or a potential customer. Every moment of downtime not
only translates to lost productivity internally, but may also affect your company's
competitive position.
Most business owners make two potentially fatal, assumptions when developing a
disaster recovery plan. First, they assume they are too small to justify the time and
expense of developing a plan. This is a bad assumption because the smaller the business
the more catastrophic the impact of even the smallest disasters. Small businesses are
concentrated at a single location and thus have all their eggs in one basket. A large
multi-national firm, while impacted by the loss of a single office, could survive with
the staff and resources at other locations during the recovery process. The second fatal
assumption is that disaster recovery plans only cover natural disasters like
hurricanes, floods, or terrorist attacks, which many business owners believe are
unlikely to happen. This kind of thinking does not take into account the small-scale
disasters that are just as devastating. How many small businesses have a plan to deal
with a fire that destroys the office or a theft that results in the significant loss of
equipment? Or a daylong regional power failure like the one affecting more than a
million people in San Francisco late last year?A disaster recovery plan should be
comprehensive. Ideally, you should write the plan in such a way that it covers the
recovery process generically, ensuring survivability and recovery, no matter how
large or small the disaster.
Documentation
The most vital thing the network administrator can do is to document everything. This
includes documenting serial numbers and configurations of all computers, hubs,
switches, routers, servers, printers, desktops, installed software, and servers., This
data should be stored in a secure off-site location. Ideally, this data, along with the
disaster recovery plan, should be stored off-site in paper form so that no time is lost
retrieving configuration data and recovery plans from tapes or broken computers.
Multi-site companies may be able to store disaster plans and configuration
information in hard copy form or as a database in another location.
After capturing the information on what to restore, you must develop a plan for
recovery. This plan would be the typical "disaster recovery" plan common to most
businesses. A typical plan should include several components, such as supplier
information, inventory data, assigned roles & responsibilities, and a priority scheme
for restoring specific components and processes. The disaster recovery plan should
also document, in advance, the process used to prepare for disasters, including
backups, inventory control, and change management.
Insurance & Supplier Information
In a major disaster, one of the first contacts is the insurance company. Once funds are
available to replace lost or broken equipment, contact vendors and make arrangements
for equipment purchases or leases depending on the your immediate requirements. Use
the configuration information as a basis for ordering replacement equipment.
Network Diagrams
Document the network layout, including the model and part numbers for all network
devices. If possible, have configuration files from the network devices both in printed
form and saved to electronic media. Most importantly, update these every time there
are changes. That is why a change-management process is so critical.
Server and Software configurations
Servers play as vital a role as network components in most businesses. The servers
may be running your order management system, web services, or acting as data
repositories. Regardless, these servers and their data may need to be back on-line as
quickly as possible. If an Internet hacker deletes the contents of a web server, how
quickly can you rebuild the server and restore your companies web site? If the web
site is the foundation of your business, how much time do you have?
Most desktop and server computers are not of much use without the software that runs
the business. An inventory of server applications in use, including serial numbers or
proof of ownership records should exist. This allows for easy re-installation of
software licenses or acquisition of replacement media from the software vendors.
Building a comprehensive disaster recovery plan can be a challenging task for one
person to complete. For the best results, build a disaster recovery team. Assign one
individual as the disaster recovery prime who handles coordinating the team's