Data Centers

Tech Tip: Address antivirus software in your disaster recovery plan

Learn how to address antivirus software in your DR plan.

By Mike Talon

In this day and age, organizations must protect their systems against increasing virus attacks. However, organizations must consider how their antivirus software can impact the viability of their DR plans.

Potential virus attacks eliminate an organization's ability to ignore tape backups and other point-in-time data copies. While real-time replication of any form is a good idea for any business that can afford it, it should never be your only source of DR protection.

The reason is simple: If a virus attacks the primary server systems, it will replicate to the backup systems as well. The only way to prevent a virus that sneaks through your shield from wiping out your entire business is to create point-in-time data copies and store them in a safe place. Then, if a virus does attack, you can still restore from tape (or another point-in-time copy) if the virus manages to propagate to both the primary and backup systems.

In addition, antivirus software itself can impact your organization's disaster recovery strategy in two ways: during normal operation or in the event of a failover.

When systems are in normal operational order, you may employ antivirus software on both the primary and backup systems. On the primary systems, make sure the antivirus software doesn't cause any conflicts with replication tools, backup systems, and point-in-time versioning tools. Most software vendors make sure their software won't interfere with antivirus tools, so this isn't typically a big issue.

On backup systems, however, replication tools may conflict with antivirus software. This isn't the fault of either piece of software; rather, it's a consequence of the normal operation of both.

Replication systems send either block- or byte-level I/O operations to the backup server, which causes the antivirus software to scan the affected file. Since this can literally be a continuous procedure, an amazing amount of scanning can occur on the backup server's file system.

The easiest way to mitigate this issue is to use antivirus software that can exclude directories and files. Since the primary machine scans the files, it's fine if the scanners ignore those files on the backup machine. Another option is to use more powerful servers on the backup side, which could handle the increased activity.

Antivirus software can also impact your organization during a failover situation. When you switch to the backup server systems, you must ensure that the antivirus software switches with everything else during failover.

In many cases, you may not have installed and configured virus scanners on the backup systems, so you may have to perform these actions at failover. In other cases, you may have configured antivirus software to ignore certain directories and files.

To ensure proper protection, you must reenable those areas after failover. In any case, you must be absolutely sure the antivirus software moves along with the live server systems.

Antivirus software can have a substantial impact on a disaster recovery plan. Failure to plan properly for this issue can cause the failure of your DR plan—or worse, it can perpetuate a disaster all by itself.

Mike Talon is an IT consultant and freelance journalist who has worked for both traditional businesses and dot-com startups.

Editor's Picks