SMB Data Center Disaster Recovery Planning Guide

A Step-by-Step SMB Data Center Disaster Recovery Plan Development Overview

By: Jan Persson – CDP, CBCP -  Persson Associates

Many people faced with the task of developing a small or medium size company server based computer center disaster recovery plan have a number of questions and frequently a number of fears about the project.  “How do I know if I’m covering all the right tasks?”  “Where do I begin and is there an order to the required project steps?”  “Are there any analysis steps that could change the results of the recovery effort?”   “This is all new to me and I really don’t know what the end product should look like.”

The good news is that Disaster Recovery Planning (DRP) is a very logical, straightforward “Process.”  The steps, once presented, fall into a definite sequence of events, analysis points, and development tasks.  Our new product, SMB-IT-DRP-GUIDE, is a step-by-step guide to developing a DRP.  It is geared toward SMB’s. What does that mean? Basically it means that the process is scaled down from the usually massive data collection job to fill in all the information. For example, the typical DRP for a large data center requires 40+ specific data collection and analysis points. For a SMB size data center this can be done in approximately 18.   

In terms of an overview, which is always helpful to start with, the process can be outlined as follows:

• One of the first tasks is to simply identify the business personnel that will be included in the DRP process.  These are usually the people responsible for any local computer Operations, Network, Applications, and a few more (Facilities, Security, and often key vendors).  Usually, a manager or team leader is the better candidate to manage the plan development efforts. 
• Once the team is identified is it always a requirement to make sure the basic precautions and emergency procedures are known and included in the DRP.  This would include emergency evacuation steps, notification procedures, escalation procedures and a process to assess the damage.  These constitute the next set of tasks in defining the DRP.  Safety of personnel is very important, and a good plan includes the necessary procedures. 
• No DRP can be completed without a very thorough and complete inventory of the installed I/T equipment including: Servers, PC’s, printers, office machines, FAX machines, routers, etc.  This inventory step serves to make sure the complete business environment is known and documented.  For Insurance purposes, it is mandatory in order to recoup any loss.  From a recovery standpoint, it is a basis on which to determine exactly what components are required to back up the mission critical applications.  It is in effect a straightforward inventory step with some degree of analysis to determine which applications are critical.
• The following next tasks move on to the somewhat more complex “Network” and “Voice” inventories.  The communications components (phone service, mobiles, email, voice messaging, data circuits, etc) are often viewed as complex and difficult to understand.  In order to make the tasks easier, a set of specific worksheets is required.  They can be discussed with the people that have the network experience (and/or with specific vendors) in order to document what components are in place.  SMB’s should plan on using vendor support to document the recovery plan where possible if resources are tight.
• Based on the above steps, the next logical task is to identify what the “Recovery Environment” will include.  This actually is a list of all components needed to support a recovery effort for the critical business applications. In other words what applications and services must be up and running first.
• Moving along, the next task is to make sure that all of the necessary data is backed up and stored offsite (often at an Offsite Storage Vendor. Iron Mountain for example).  It is often said that any recovery effort becomes impossible without the proper data and software to restore to.  What the task involves is simply to evaluate and audit the current backup process (daily, weekly, monthly, etc.) and make sure copies (usually on tape or cartridges, can also be Cloud based) are sent off for safekeeping. Note: Offsite data backups are often referred to as “Vital Records” for good reason. 
• Once the recovery environment is known (defined in the DRP), the next step is to fit the proper alternate data center facility.  This involves evaluating how closely the alternate site strategy can provide recovery to meet the critical business applications requirements. This is really a match between recovery time objective (aka RTO) and the alternate site capability (such as a Hot Site, or Cloud based service, or simply a site rebuild). 
• After the decisions are made, the alternate site is selected and the actual restoration tasks (Operations Restoration) can be developed.  These are the specific tasks which each team member is expected to carry out at the time a recovery effort is required or during the testing of the DRP.  These can be thought of as a checklist of tasks.
• At this point the DRP is ready for a test. Testing is an absolute requirement. This guide provides a detailed test using the “Table Top Test” approach. This is an accepted method to test plans. The first test can usually be done in an hour or two. It includes a results summary that becomes a part of the history of the plan development process.
• Finally, the process of developing a DRP must include a Maintenance Process.  This is absolutely required or the DRP will fall into obsolescence due to lack of updates.  If the DRP becomes out of date (a year old), the possible chance that it will be effective at a recovery event is in question.  The data and contents simply change too fast. As a general rule, review the DRP document every 3 to 6 months depending on how quickly things change. That can be as simple as asking everyone to update the recovery components they have responsibility for.

This brief DRP development description should set the stage for a smooth plan development process.  In the end, it is a very logical process, one containing a specific set of steps that build on each one in sequence.  Finally, as a visual aid we have included a 1-page chart which shows all the steps in the suggested order that are required to complete a DRP.

To review our new product: SMB-DRP-IT-GUIDE, proceed to our web site at: www.perssonassociates.com. While at our web site review what our customers say about our products.

Author Bio: Mr. Persson has been consulting in the disaster recovery/business continuity area for over 30 years. He is certified (holds a CDP Title) by the Institute for the Certification of Computer Professionals. He is also certified by the Disaster Recovery Institute International (DRII) where he holds a CBCP Title. CBCP: Certified Business Continuity Professional. He can be reached at: jppersson@perssonassociates.com.

1 PAGE SMB DISASTER RECOVERY PLAN DEVELOPMENT

OVERVIEW CHART

NOTE: Steps 4, 5 and 6 can be done at the same time.