Active – Active Geographically Dispersed with Staff is the Rule
by
rograham1
·
about 18 years ago
In reply to Planning for the worst-case scenario
Modern and effective disaster recovery plans for IT embrace the concepts of Active-Active workload management, where the resources at both sites are active and ready to notice and handle capacity losses such as those from losing a site.
Server virtualization makes this topology much more financially feasible and automation rules can assist in load reconfiguration/shedding.
Proper application design also permits full recovery from synchronously logged transactions to allow for the situation of application corruption or storage microcode disasters versus simple site or storage failures.
Most importantly, operations control centers MUST also be geographically dispersed with staff at each location (which do NOT have to be the actual data centers). There are too many disaster scenarios where staff will NOT be available to assist with service restoration at a remote location unless they are already present. Technology can easily combine the sense of a single control center from physically dispersed control operations.
Also keep in mind that it is not possible to build a single, continuously available data center that will be unaffected by various common disaster scenarios. However, it is NOT a requirement that all processing sites in a disaster configuration be the ultimate high-availability configurations…this can significantly mitigate the expense of the multiple sites.
Also consider the remote data management requirements when running in disaster mode without access to the inoperable site. Where will the data be remotely logged or mirrored?
When assessing a disaster response, keep in mind that the world will allow time and penalty concessions if MULTIPLE enterprises within an industry are severely impacted. But if the disaster scope is just your company (e.g. focused attack), there will be no forgiveness by the market or the authorities. If you don’t have a viable disaster recovery plan, at least be sure to back up those vital records so the disaster post-mortem can effectively sell off the remaining assets of your company.
Perhaps one of the more disturbing scenarios is one where an attacker decides to target all sites in the disaster recovery configuration simultaneously.
The subject is very broad even before one considers total business continuity planning (BCP).