Tech Tip: Ensure end-user connectivity in an emergency

Learn how you can keep your end users in the loop to get them back to work as soon as possible after a disaster.

By Mike Talon

During a disaster, most IT shops are aware that they must stay in constant communication with their own staff to ensure that all of the disaster recovery planning they've put in place for this moment will actually work. If all goes well, all systems will come back online, and everyone will be ready to work again--or will they?

Ensuring effective communication for end users is another step that will help your organization make sure that all of the systems it's protecting can actually do what it expects them to do. If your users can't connect to the systems, all the DR solutions in the world aren't going to help your organization survive the disaster.

In another article, we discussed keeping the lines of communication open between management and the IT staff charged with the recovery process. Now, let's look at how you can keep your end users in the loop to get them back to work as soon as possible after a disaster.

Internal end users (i.e., employees of your firm) need to connect directly to the systems in question. Many times, end users connect from a corporate LAN and/or WAN, which requires that certain IP addresses and physical links exist. But disasters have a nasty habit of destroying or, at the very least, seriously disrupting those links, leaving your end users with no way to access systems.

If the original office is intact, it's possible to arrange for alternate links so your employees can connect. You can preconfigure VPN systems between sites to keep the same basic IP subnets--as long as you set up all the systems well before the emergency. This solution is definitely a drain on your budget, but it's well worth it if you can't allow for any downtime in the event of a disaster.

If employees are located at other sites, or if the original office is no longer intact, you must arrange for alternate means of communication. In addition, you need some way to get the word out to employees.

VPN systems, remote-access tools such as Terminal Services, and/or a commercial system such as Citrix Systems can help your end users connect from home or another office. However, you'll need to carefully train all users. Otherwise, even if the access exists, no one will use it.

To keep costs down, make sure that only those who require access will actually get it. These systems tend to be rather expensive when applied imprudently.

For external users, bringing the systems up in another location is only the tip of the DR iceberg. After bringing the systems back online, you must deal with the inevitable conclusion that Web users will try to access those systems at the old--and therefore wrong--location.

DNS systems will continue to direct users to the dead servers until you update them. After you make this change, your DNS servers can begin pointing users to the Web sites at the right address.

However, even with the best configuration, keep in mind that it can take up to 72 hours for the change to propagate through the entire DNS system. So while many people will get the immediate change, some noncompliant DNS servers may serve the wrong IP address for a while.

Making sure your end users, both internal and external, can access the resources they need may seem like an auxiliary part of the DR process. Keeping them foremost in your mind, however, will ensure that you don't forget that the main reason you're doing this is for them.

Mike Talon is an IT consultant and freelance journalist who has worked for both traditional businesses and dot-com startups.