David Trossell, managing director of Bridgeworks Ltd. asked; "As I have no axe to grind either way on the D2D verses tape argument I think I can safe ask this question without too many reprisals. How would those users whom rely solely on D2D backup with no offsite replication cope with a disaster like Hemel?"
It's a good question. D2D (disk-to-disk) backup with no off-site capability leaves you vulnerable. I gave him a one word answer: "Badly" and then added a bit more:
"Let's suppose I'm a business with a turnover of £100,000 - £1,000,000 a year. And I'm now frightened. How could I affordably provide disaster recovery for my business? I need to make sure my data is backed up/replicated offsite reliably and regularly. Then I'd also need access to substitute networked servers which could pick up the work and my data if my own data centre was sent to kingdom come."
Dave commented: " I bet its a question going through a lot of people's minds at the moment and should be asked. ... it's the small guys that will really suffer. Personally I see access to the data is the critical thing as this size of company will probably be using Windows or Linux and at a pinch, you could go down to PC world and find the hardware, Carphone warehouse for phones but its that data (that's the key)."
Further: "Why not throw down the challenge to the industry? Describe the problem and throw down the challenge of providing automatic off-site DR for under lets say, £7.5K or 5K even which I guess about what that size of company would go for."
There's a challenge.
Coincidentally I received this message indirectly from Ian Masters, sales director at Sunbelt Software: "Saturdays explosion again reinforces the importance to businesses of having a solid disaster recovery plan in place for such an eventuality the benefits are invaluable. Even if you never have to use the plan, the process of putting it together will by its very nature increase the security of your assets and improve your overall business efficiency. The preparation of a disaster recovery plan will teach you what data is important and will necessitate that you understand how your business works from a decision-making standpoint.
Disaster recovery can be more easily achieved if you follow this simple outline:
· Hold someone accountable for disaster recovery
· Identify mission-critical data
· Organise data on a central repository
· Create procedures for recovering mission-critical servers
· Create knowledge-based decision-making flowcharts
· Backup your data on a regular schedule
· Store your data off-site
· Test your recovery plan
It's good stuff; that can't be denied.
Can a small business afford to pay for disaster recovery facilities?
I talked to a small surveyor, engineer, and builder, with a turnover of up to £250,000 a year. He has a server with RAID'ed disks and Ethernet'ed workstations. He said he backs up his data once a day and his disaster recovery plan is: "A Chubb fire safe, a wing, and a prayer."
He simply hasn't the profit from which to pay for anything else and, a fundamental point: "Tt's insuring against a risk that may never happen. What is the risk of an oil depot catching fire? It's pretty low actually. You assess the likely risk (and then) you have to limit your DR to the size of your budget."
What would he actually do if a disaster in a business next door closed his business down? "Look to the insurance I carry. Sue the business responsible for the disaster for my losses including lost goodwill. Go bankrupt in the last resort I suppose."
Suppose, I asked, you could store complete system images on DVD and do a bare metal restore onto substitute servers and workstations?
His answer was to reject it: "You can't just ghost the software onto a new machine. Software like Windows XP and AutoCAD won't let you. It detects a new machine and wants a re-registration. You used to be able to do it with Windows 95 and 98 but not any more."
Possibly it's different on Linux.
His thought was that businesses with a turnover of over $5 million a year possibly might have the profits from which to pay for better off-site DR facilities including servers and workstations. Businesses with a turnover of less than £1 million a year don't. Businesses in the £1 - 5 million/year turnover area are in a gray area. If they have enough profit and the risk is high enough then maybe. But in any other situation then they, like my surveying, engineering, building contact will put their faith in: "A Chubb fire safe, a wing, and a prayer."