In my last post I talked about how it is often difficult for IT and the rest of an organization to formulate a plan for data protection. Below are some simple suggestions on how to get started as an IT professional in having this conversation with the rest of your company.
This isn’t comprehensive – I hope you’ll leave some comments to tell us how you’ve made this interaction work for your organizations.
1. Start with the applications
It sounds really basic, but many organizations don’t have a list of all the applications in their environment. Given that the technology to enable business continuity and disaster recovery may come from one of many different parts of the stack, having an accurate list of applications is critical to picking the right solutions for supporting your BC/DR requirements.
The hard part: Breaking the “Tier One” addiction
Once you have a list of apps, you need to decide what kind of data protection policy gets assigned to each one. Every application owner considers their application to be Tier One; of course – that’s what they do for a living. One of the hardest things about formulating a data protection plan is usually figuring out how to do this part.
2. Define your terms
Make sure the application owners know what you mean when you use terms related to data protection. They might be familiar with RTO and RPO, but, e.g., snapshot, clone, synchronous, and application consistency might not be as clear. You can’t hold them accountable for providing their requirements if they don’t know what to fence in for you.
The hard part: Are you speaking the same language?
(Please visit the site to view this video)(Please visit the site to view this video)
Make sure everyone agrees on what “downtime” means: If an application accessible as read-only, does that count as downtime? What about “failover”?: If you manually reassign IP addresses to certain hosts, is that still automated failover?
3. Understand your options
Educate yourself on all the options you have for data protection today. Your storage platform may have snapshots and replication you are not taking advantage of. Your backup system may integrate with your SAN in a way you don’t do today. Many databases have mirroring capabilities that may be part of your strategy.
The hard part:
For some organizations, it makes more sense to pick one technology and use it for all your DR plans. For others, different applications will need different treatment. Make sure you know what you have to choose from.
4. Know how many zeros are in a solution
In the absence of cost, every application owner is going to say that they require zero downtime to run. So, it is your job to help them understand the orders of magnitude of cost. You don’t have to have budgets and quotes for all the scenarios, but if the stated requirement is “up and running in 30 minutes” you should be able to tell the business if that is a $40,000, $400,000 or $4,000,000 problem.
The hard part: Accuracy
Estimating the cost of a data protection project can be tricky. There might be all kinds of hardware, software, labor, and support costs for multiple products. Explain to your vendors and partners what you are trying to do and let them help you.
I hope some of these suggestions help you get started in your conversations with the rest of your organization. What else has worked for you?