Disaster recovery (DR) is a priority issue for all enterprises.� In fact, there are regulatory requirements that necessitate software compliance and a failsafe DR program in many industries today. That’s why most IT professionals are familiar with the key DR planning issues, from secure storage of the encryption keys, to backup of software customizations and the effects - and limits - of virtualization. But ask a company about software licensing in the context of DR, and many IT pros will say, “Of course we’ve backed up the activation keys for restoring our software licenses!”
That’s great, but it only touches the surface. What many organizations, and even third-party hosting sites, overlook are software compliance issues relating to new, or existing, DR systems. Lack of compliance not only exposes the organization to potentially significant fines and penalties, but could also cause partial or total DR system failure. It is imperative to ensure software compliance for all aspects of a DR plan, regardless of whether the DR software is host-based or hardware-based.
DR software compliance issues are usually complex, so let’s review five of the more important aspects of ensuring that a DR plan is reliable:
1: Backup and recovery compliance
Make sure that all software used for backup and recovery is fully licensed for your process. This may seem obvious, but it’s not as simple as it seems. While the software may by lying dormant within your recovery system servers, make certain that licensing needs are reviewed to ensure compliance - both from the standpoint of actual licensing metrics as well as ascertaining that it is the right software. For example, if tape and other point-in-time technologies are being used, separate licenses might be necessary for backup/recovery. Even if there is only one location, the storage servers may require additional tape or flash drive agents. Improper licensing may lead to the malfunctioning of the DR solution during an emergency.
2: Application software compliance
Most enterprise-class systems and other applications typically provide for the use of a DR copy of the software at no additional charge. Others require an individual license for each server with the software installed. The point - applications follow different rules when it comes to DR.
Without proper licensing, during an emergency this could mean that the DR system simply won’t work and will exit with a licensing error, or you may wind up facing fines and other penalties for failure to purchase the appropriate licensing.
3: Standby server licensing requirements
Every vendor, and usually every operating system, has different licensing rules. Mention data recovery or back-up to Oracle, and this particular software vendor will conclude that it’s a standby and should be licensed as such. However, you don’t necessarily need to license a back-up server since it is likely that your Oracle T&C covers testing physical back-up copies (limited to two days per test) up to four times a year. The point - while you should always avoid over-licensing, you also must be able to show licensing for each server that requires it, including those for backup servers, if the manufacturer doesn’t allow for extra DR copies. This may seem like an unnecessary expense, but failure to properly license software can leave your company open to stiff penalties and other legal action if you don’t comply with the appropriate laws and regulations.
4: Periodic testing compliance
An important aspect of all DR plans is (or should be) periodic testing to make sure you are ready for an emergency. Different licensing may be needed when the DR server shifts from standby to full production. Depending on the T&Cs in your licensing contracts, a 30-day temporary disaster recovery license for testing purposes may be required. Another alternative is the purchase of a permanent disaster recovery license, which fits the needs of customers who must perform disaster recovery testing more than twice a year, or for those who want a permanent disaster recovery machine in place with the software installed and ready to go at all times.
5: Remaining compliant
Managing so many different licenses and requirements can be challenging, to say the least - especially when you add remote-access tools and/or Microsoft’s Client Access Licensing (CALs) to the mix. One good solution is to rely on one or two trusted resellers for acquiring and maintaining the correct licensing for the solutions for your needs. Make them your partners so they can get the big picture of your plans and objectives, and also negotiate significant discounts by pricing for the complete solution.
Vendor audits: Bad news/good news
The bad news - Disaster Recovery is a major trigger for vendor audits. Why? Because so many organizations fail to pay attention to the five DR software compliance issues we just reviewed. If your company announces DR plans publicly to reassure investors, it’s a good bet you’ll be hearing from your software vendors soon about an audit.
The good news - DR plan goals are the same as the requirements of vendor software audits: ensuring your company can recover its inventory data, installation media, and proof of ownership. Similarly, the steps needed to keep the DR system updated also apply to ensuring the information required for an audit remains current. In other words, resuming business operations requires that all of your software is operational and properly supported. So it is with ensuring compliance with software licensing. Instituting the DR-related protocols that govern infrastructure changes or software upgrades, for example, can facilitate managing the software inventory. The same thinking that goes into a recovery plan goes into a plan to survive a software audit.
Companies that fail to plan for recovering from a disaster, or for responding to the inevitable software company’s demand letter, are setting themselves up for a very expensive surprise. The cost of recovery or responding includes not only the cost of the software itself, but also the lost wages, time, and productivity of the people involved in the recovery/response effort. However, the more devastating costs associated with a response effort are those that come from the fines for failing to provide the required proof of legal software ownership. Those fines can easily add up to hundreds of thousands of dollars.
Software licensing should not be considered a secondary issue when it comes to DR planning. With thorough planning and careful attention to software compliance, a company can recover quickly from a disaster, and also be fully prepared to survive a software vendor audit with minimal impact.