Will You Be Prepared When The Next Disaster Strikes - Whitepaper
1. 1
Whitepaper
WILL YOU BE PREPARED WHEN THE NEXT
DISASTER STRIKES?
In a perfect reality, “application and service availability” would be a
meaningless term. All business services would run as reliably as the planets
orbiting the sun.
In our reality, unfortunately, such is not the case. Organizations know that it’s
not a matter of if operational events or disasters strike, but when — and how
well they’ll respond to mitigate the business impact.
Operational problems such as logical corruption, human error,
misconfigurations or security events, and natural disasters can all cause
unwanted downtime. Of course, unpredictable, catastrophic hardware and
software failure is also possible in any IT infrastructure.
Application and service outages translate not only into substantial business
continuity challenges and lost revenues, but they also affect the organization’s
reputation with corporate stakeholders.
As an example, when Superstorm Sandy hit in October 2012, impacts in
the United States were widespread. At least 650,000 houses were either
damaged or destroyed as a result of the cyclone, and about 8.5 million
customers lost power as a result of Sandy or its remnants, with power out for
weeks, and even months in some areas. Severe damage to small businesses
occurred in New Jersey, with nearly 19,000 businesses sustaining damage of
$250,000 or more, and total business losses estimated at $8.3 billion.1
However, a regional disaster is only one type of event that impacts downtime.
According to a recent IDC study on business continuity2
, the greatest threats
came from power outages, security, and telecommunications failures. In fact,
a near majority of users surveyed said that in the past 12 months, they had to
initiate an application or data recovery, while only 10% indicated they had to
activate a data center recovery and only 6% experienced a facility loss.
When disaster strikes, will your critical applications continue
to run?
IMPROVED BUSINESS CONTINUITY FOR YOUR CRITICAL
APPLICATIONS AND SERVICES
Superstorm Sandy -
October 2012
• 8.5 million customers lost
power
• Power out for weeks,
and even months in
some areas
• Severe damage to small
businesses in New Jersey
• 19,000 NJ businesses
sustaining damage of
$250,000 or more
• Total NJ business losses
estimated at $8.3 billion
Future - More Frequent
Extreme Hurricanes3
• Frequency to increase
10 times in coming
decades
• Chance of Katrina
magnitude hurricanes
have doubled
• Could see a Katrina
level hurricane every
other year
• Storm surges will
become worse and
potentially more
destructive
2. 2
Whitepaper
Time is money — and downtime is lost money. This is why disaster
recovery is an important element in business continuity planning for
organizations of all sizes in all industries.
So the questions are: What do you need to protect when the next
disaster strikes? How will you prioritize, allocate resources, and bring
back services in the sequence that will yield the best business outcome?
And what’s actually involved in the process of recovery?
Following any sort of disaster, most businesses would certainly want to
restore the following:
However, every business has different applications and infrastructure,
different goals, and different priorities. It follows that every business will
also need a custom disaster recovery strategy to restore some or all of
the above elements most effectively, given its particular context.
Best results stem from a tailored disaster recovery strategy
that reflects the organization’s unique business goals and
requirements
• Essential IT applications. E-commerce, business applications,
collaborative platforms such as email, customer relationship
management, enterprise resource planning, and accounting.
• Structured data. Core databases required for applications/
services to function.
• Unstructured data. Word processing documents and
spreadsheets.
• Network services. Responsible for critical business events such
as operations management, collaboration, marketing, sales, credit
card processing, and access to shared or cloud services.
• Security. Identity and access management, firewalls, PCI
compliance, and other industry compliance.
• Voice services. Customer care, call centers, and internal
collaboration.
More than Natural
Disasters
• 100% of organizations
have experienced
application and data loss
over the past year 6
• 78% of lost data was
caused by IT systems
failure 6
• Greatest threats from
power outages, security,
and telecommunications
failures2
3. 3
Whitepaper
In restoring IT services in particular, there are not only different domains
and resources to consider, but also fundamentally different methodologies
that can be used to do it — measured in different ways.
Two common metrics to use in assessing disaster recovery solutions are:
The expected cost of disaster recovery tends to vary based on
performance. As a general rule, then, the shorter the time to recover
from a disaster, the higher the associated costs will be.
To illustrate this point, let’s consider in the abstract four different ways an
organization might go about recovering from a disaster that affects IT
services.
In developing a Disaster Recovery strategy, weigh business
priorities and recovery times against expected costs
Four common methods to restore an IT infrastructure
• Recovery time objective (RTO). How long following a disaster does
it take to restore a service to acceptable performance? According
to an IDC study2
, 43% of firms said their most mission-critical
applications had an RTO of two hours or less.
• Recovery point objective (RPO). The maximum amount of downtime,
potentially resulting in irrecoverable data loss, that can be tolerated
for any given service. The idea is to ensure that the real-world
recovery time is equal to or less than the RPO for the recovery of all
services. According to the same IDC study2
, 43% of firms indicated
their most mission-critical systems had an RPO of no greater than 59
minutes.
Physical colocation
The most rapid recovery would come from completely recreating that
infrastructure — literally building a duplicate of it, and keeping that
duplicate perpetually up and running in an alternate location. If disaster
strikes, the duplicate infrastructure can serve as an immediate failover.
This approach is, for many reasons, the most expensive option. It requires
duplicates, not just of data and software, but also of hardware, such as
physical servers. Prior to the advent of virtualization, physical colocation,
despite its costs, was essentially the only option for organizations that
wanted the fastest possible recovery from an unpredictable disaster.
This option is best suited to organizations that can’t afford even a few
minutes of downtime and are less cost sensitive to the solution.
Recovery Time
DisasterrecoveryCosts
Can You Afford a
Disaster?
• 43% of companies that
experience a major data
loss do not reopen 4
• 80% of companies that do
not rebound from a data
loss within one month are
likely to go out of business
in the near future 5
• 51% of companies are out
of business within two years
of experiencing a major
data loss 7
The shorter the time to recover
from a disaster, the higher the
associated costs.
4. 4
Whitepaper
Continuous data and applications replication
Still less expensive, and arguably the most practical option for many
organizations, is a policy-driven scheme that replicates the organization’s
data and applications on a real-time basis in a virtual environment and can
be rapidly and accurately recreated, in a service provider’s cloud, based on
a pre-configured contingency plan.
Since this failover infrastructure is not already up and running, it does require
some time to create. But the use of automation and virtualization makes the
process relatively quick. New virtual servers based on pre-configured designs
can be created and provisioned in just a few hours.
Further, because it’s entirely driven by software, the sequence of the failover
process can easily be tailored to suit an organization’s business context
and requirements. This means it’s relatively easy not only to align the overall
disaster recovery strategy with an organization’s specific priorities, but also to
keep it in alignment over time, as circumstances change. And the closer the
alignment, the better the business outcome it will deliver.
For organizations that can tolerate up to a four-hour RTO, this may be the
most cost-effective option.
Data backup
Finally, the least expensive option involves simply backing up data. Should
disaster occur, services can be restored as quickly as the organization is able
to bring servers back online and restore network connectivity.
The time required to do all this will be longer than the other options,
but may be the most cost effective, if a variable RTO based on their
own policies is acceptable.
Virtual colocation
Significantly less costly is the virtualized version of the same idea. Here,
too, the infrastructure is duplicated and is perpetually up and running — the
difference is that it’s running via virtual servers, not physical servers.
Typically, these are hosted (the underlying hardware is owned, monitored,
and managed) by a third-party service provider. Essentially the same benefits
of the prior solution are delivered, except that instead of requiring large initial
capital expenditures, all costs are operational, and can therefore be adjusted,
or even eliminated, at will.
This option is also best suited to organizations that want to minimize downtime
and are looking for the most economical solution.
Methods to Restore an
IT Infrastructure
• Physical colocation
• Virtual colocation
• Continuous data and
application replication
• Data backup
5. 5
Whitepaper
EarthLink offers all four of the IT recovery methods, from full hardware
colocation all the way down to relatively simple offsite data backup. This
diversity of options allows you to choose whichever method best fits your
goals, priorities, and budget today, and if your situation changes, to simply
switch to another method. All of these options are hosted in an EarthLink
SSAE 16 compliant data center.
One particularly compelling option you might want to consider is continuous
data and applications replication of IT infrastructure with EarthLink Cloud
Disaster Recovery service. This allows you to recover not just data, but also
applications and operating systems — entire servers. When ordering this
service, you preconfigure all the logical resources you’ll need during failover,
such as CPU and RAM, and you won’t be charged for them until you actually
use them.
IT infrastructure recovery
As you develop a disaster recovery strategy, another important factor to
consider is the practical coordination of the recovery process.
If you work with multiple providers that address different IT domains or business
services, you may have to orchestrate their activity to ensure that stated service
recovery times meet expectations. But if you choose a single trusted partner
with a broad portfolio of disaster recovery solutions and configuration options,
no such orchestration is needed.
EarthLink can be that trusted partner. EarthLink’s suite of recovery capabilities
can be combined and configured to fit the needs of almost any organization,
respond to almost any type of disaster, and restore almost any type of
business service or IT domain.
EarthLink can provide the comprehensive, unified
recovery capabilities you need to restore key services
following a disaster
The best solution for any organization is a balance of IT costs versus
costs of the potential downtime risks. Risks can be measured in terms of
the potential negative business impact, whether that’s measured by lost
revenues, the decline in average customer satisfaction, brand strength, or
in other ways.
Summary of methodsWhat are Your Mission
Critical Systems?
• IT Applications
• Voice Services
• Email
• Databases
• Call Centers
• Online Store
• Order Entry
• Invoicing
• Remote Access
• Firewalls
6. 6
Whitepaper
For most types of data backup, EarthLink Cloud Server Backup is a good
solution. Using a simple, intuitive desktop agent with a small footprint, or the
Web-based interface, you can back up data from all common operating
systems to our data centers.
Cloud Server Backup secures your data with 256-bit AES encryption,
provides extensive reporting and alerts, and tracks the status of all backups,
providing daily email confirmations of successful backups.
No data is as mission-critical as your core databases, and these too can
be easily backed up to EarthLink’s cloud environment. EarthLink supports
Microsoft SQL Server 2012, which includes advanced High Availability
features that are designed to improve the uptime and performance of all
database-driven services.
Using SQL Server, redundancy both within and across data centers is
supported via logical groups and clusters — and failover time to an alternate
copy, should a primary copy become corrupted, is significantly reduced.
EarthLink’s MPLS (Multiprotocol Label Switching) network delivers business
continuity benefits for our clients. For instance, should link failures or network
congestion occur at a given location or network segment, traffic is diverted
via alternate paths to take the shortest route to its final destination.
Additionally, with EarthLink’s broad portfolio of access options, customers
can design their network utilizing cost-effective backup options like ADSL with
Class of Service and Wireless Data — all integrated into one router and
managed by one provider for efficient fault identification and failover.
Data recovery
Database recovery
Network Service Recovery
Failover time is under four hours, and could be less, based on your particular
infrastructure, since data is continuously backed up to EarthLink’s cloud prior
to a disaster rather than just at periodic intervals, you will not lose any data,
and your restored servers will be completely up-to-date.
Post-failover, you have multiple options. You can use EarthLink’s cloud
temporarily until the original infrastructure is fully restored, or you can
continue to use EarthLink’s cloud as a primary IT infrastructure indefinitely.
Disaster Recovery
Solutions
• IT Infrastructure
Recovery
• Data Recovery
• Database Recovery
• Network Service
Recovery
• Security Recovery
• Voice Services
Recovery
7. 7
Whitepaper
This access portfolio is also ideal when implementing backup networks
utilizing separate carriers. The EarthLink blended access portfolio can be used
to provide backup connections at your locations and can take the low-priority
traffic off of your primary MPLS network when the site isn’t in failover mode —
extending the useful life of that network and providing a cost-effective backup
option as well.
EarthLink Secure Remote Access is also directly applicable to disaster
recovery. This offering provides authentication using 256-bit AES encryption,
granting secure access to key applications and resources to IT staff from
alternate locations, and using any computational platform, following a disaster
in which primary workplaces are rendered inaccessible.
How can business services best be secured during a disaster, beyond just
secure access to them? EarthLink’s cloud-based Hosted Network Security
provides firewalls at both network and data-center levels.
With this solution, MPLS networks can be protected against a broad array of
both inbound and outbound threats — all managed in a centralized fashion,
even when there are multiple MPLS networks and geographically separate
sites or team members using them.
EarthLink’s disaster recovery suite also supports the swift and effective
restoration of voice services in a few different ways.
EarthLink Hosted Voice is a full-featured, IP-based PBX solution — this
essentially eliminates any need for an organization to purchase or maintain
a PBX of its own by migrating PBX functionality to EarthLink’s secure, cloud-
based environment. Because the offering is IP-based, it can be accessed
anywhere team members have an Internet connection — perfect for post-
disaster scenarios that might require physical relocation. Further, from the
perspective of outbound call recipients, nothing will have changed; the
solution is completely business-transparent.
EarthLink SIP Trunking and PRI solutions generate new value from an
existing PBX by allowing you to integrate voice traffic from multiple
locations into a central site with a SIP trunk. EarthLink Business provides
options to customers so that they can be prepared if a disaster should
occur. Calls will automatically be made via a secondary route option, and
organizations can obtain instant failover for voice services, configurable with
a variety of routing options.
Security recovery
Voice service recovery
EarthLink Disaster
Recovery Services
• Cloud Disaster
Recovery
• Cloud Server Backup
• Hosted Voice
• SIP Trunking and PRI
• Secure Remote Access
• Hosted Network
Security
• Microsoft SQL Server
2012
• MPLS Networks