By Mike Talon
Many organizations view disaster recovery planning as primarily a technology discussion and forget to take human nature into account. One of my clients went so far as to build a plan that relied on paying someone to grab disk drives prior to leaving the building in the event of a disaster. The company obviously left human nature out of its equation, and the entire DR plan was in serious jeopardy because of it.
When planning DR solutions, companies must remember that the technology will only supplement the efforts of humans in one way or another—not replace them. Whether the DR plan will keep systems online for client access (such as Web sites, ATMs, and intranets) or keep back-office solutions online, the main goal is to keep data available for people to use.
Human interaction impacts a DR plan on several different levels, and the IT staff is the most influential part of the DR plan. These are the people who must bring the operations back online during an emergency and keep them running. Never underestimate the role they play, even in automated DR solutions.
Not everything will work smoothly, due to misconfiguration or simple problems. When things go wrong, it will be up to your staff to fix the problems, as quickly as humanly possible.
When creating a DR plan, companies must be realistic, particularly about the people the plan involves. The people who set up the systems may not be available to perform failover operations. They may have left the organization, they may be unable to reach the systems in question, or they may be dead.
As horrible as the thought is, part of planning for disasters is planning for the worst-case scenario. While rare, large-scale disasters such as earthquakes can cause fatalities. You must plan for as many contingencies as you can—and hope that you haven't missed the one that actually happens when the disaster strikes.
Internal end users are another important factor in a DR plan. Bringing data systems back online will be a useless effort if no one can use them. Remember that you're planning for a multitude of possibilities, from power outages to building loss.
Most of these disasters will cause end-user desktops and access points to fail for one reason or another. While you can bring the data systems back online in another facility, you'll also need to find ways to get your end users up and running again.
VPN systems, alternate workspace, and other methodologies can help mitigate this issue, but you must plan for these options and set them up ahead of time. You also need to test them on a regular basis, and this means bringing end users into the testing process. Once again, the human element becomes a huge part of your DR planning.
Finally, don't forget that there's a good chance that the ultimate end users are not internal employees. There could easily be a large portion of data consumers who exist beyond the corporate firewall.
So not only must you set up alternate access for your internal concerns, but you must also be ready to reroute incoming and outgoing Internet connectivity as well. This may require DNS changes, additional connectivity links, and even additional security constructs such as signing certificates.
Nearly every Internet user expects occasional outages, but make sure that even if you can't get the original data center back online in a reasonable amount of time, you have some place for these clients to connect to within a short timeframe.
Never underestimate the impact of the human factor in planning for disaster recovery. Ignoring this element is a sure route to failure, and one that you can avoid by remembering that it still takes a human being to plug in a machine.
Mike Talon is an IT consultant and freelance journalist who has worked for both traditional businesses and dot-com startups.