Just like major corporations, small and midsize businesses (SMBs) are increasingly reliant on the critical data stored on their servers. Limited resources and vulnerability to interruptions put small and midsize businesses at higher risk, and relying on tape backup can leave gaps in the disaster recovery plan.
While tape backup on Power Systems servers running IBM® i provides a small measure of protection, periodic backup to tape can leave small businesses vulnerable to data and time loss in quantities they cannot afford. The key to getting back on track quickly is a comprehensive disaster recovery plan, including fast access to an up-to-the-minute copy of your data. This whitepaper provides five tips for an SMB approach to protecting critical data. These tips used in conjunction with MIMIX® DR from Vision Solutions® can help SMBs defend against crippling downtime and data loss.
Depending on Data
It doesn’t matter if you are a billion dollar firm or a twenty-person regional service provider, you depend on your data for day-to-day operations. Events like natural disasters remind us how vulnerable our critical electronic data can be1 – but studies show SMBs aren’t doing much to protect themselves from data loss. According to a Gartner report, SMB management is not typically focused on what might be viewed as “hypothetical disaster scenarios.”
Not only have the risks changed, the culture of doing business has also changed. New factors that increase the impact of lost data include the exponential growth of critical data generated every day, customer expectations that services resume rapidly after a business disruption and the increasing need to access data around the clock.
Today’s data protection challenges pose substantial risks to companies of all sizes, but they pose the greatest risk to small and midsize businesses. SMBs often don’t have the staff or budget for acceptable disaster recovery and there is often no recovery plan, no recovery site, or the recovery site is not far enough away to protect the primary site in case of a natural disaster. SMBs typically have their critical data all on one server. If the server goes down, most offices have to get that server running and fully restored right away, or face costly consequences. SMBs in regulated industries are also subject to the same data availability and data protection requirements as large corporations for regulations such as HIPAA, FDA Part 11, Sarbanes-Oxley and SEC Rule 17 – but without the budgets necessary to meet the requirements.
Is Tape Backup Enough?
Magnetic tape has been a data storage mainstay since the 1970s because it allows you to store large volumes of information at relatively low cost. Since tape cartridges are portable, they are relatively easy to transport and store off-site. Moving critical data elsewhere has been the central requirement of most legislation pertaining to corporate accountability so, apart from serving backup and archival requirements, tape has proven itself useful in instances where regulatory compliance is an issue.
While tape is an enduring and utilitarian technology, it does have shortcomings, particularly in light of modern business datacenter requirements for availability. Businesses relying on magnetic tape for disaster recovery often spend hours and sometimes days preparing for recovery – retrieving tapes from the vault and obtaining a server on which to restore the data.
Another shortcoming with tape backup is that you can only restore data to the point of the last good backup, which was most likely the night before. Any data created since the last good backup will be lost. If the most recent backup was incomplete or corrupted, then you’re forced to use the next most recent backup and lose even more data.
Are You Planning to Succeed?
While an optimistic outlook is an important ingredient in growing a small business, disaster preparedness is one occasion when it pays to be a prepared. In a recent article about business continuity, the United States Small Business Association (SBA) called small businesses ‘the backbone of the nation’s economy.’ They report that small businesses alone account for more than 99% of all companies with employees, employ 50% of all private sector workers and provide nearly 45% of the nation’s payroll. Yet, small to medium businesses are the most vulnerable in the event of an emergency because most have not taken the necessary steps to prepare. While it’s hard to argue with the importance of preparing your business for an emergency, it’s easy to put off planning and implementation due to day-to-day concerns and resource constraints. However, the SBA estimates that 25 to 40% of businesses do not reopen after a disaster or long-term business outage. In the wake of recent natural disasters, the SBA is emphasizing to small businesses that getting back to work after a disaster depends on how well you prepare today.
Some questions small businesses should ask themselves are:
• Are we prepared to relocate temporarily?
• Do we have copies of, and access to, vital business records? (The SBA recommends backup data is stored at an offsite location at least 50 miles away from the main site.)
• Do we have access to vital business applications?
(emergency payroll, accounting, access to suppliers and resources)
• How much data would we lose in a disaster between backups?
• How quickly can we recover from a disaster?
• How long would we be without a connection to our customers?
A Common Risk Scenario
Tuesday 4 p.m. The server crashes at Smith and Johnson law office. Staff can’t access e-mail, the client database, appointment calendar, court schedule, research data or project directories. In a best-case scenario, by Tuesday evening the reseller arrives with parts necessary to repair the server and restores the new server from the Monday night tape backup. By Wednesday morning, users can resume work – but all of Tuesday’s data and hours of productivity have been lost. A more likely scenario is that the reseller doesn’t have all of the parts in stock, or they don’t have a resource available to install them. They call for replacement parts, but they don’t arrive until Wednesday. Wednesday afternoon, the reseller repairs the server and begins the restoration process from the Monday night tape backup. On Thursday morning, users can resume work but the most recent data they can access is from Monday night. Over a day of productivity and data are lost. The worst-case scenario is that the reseller doesn’t have all of the parts in stock. They call for replacement parts, but they don’t arrive until Wednesday.
Wednesday afternoon, the reseller repairs the server and tries to restore from the Monday night backup, but the Monday night backup is bad, so they have to restore from Sunday night’s backup. By Thursday morning, users can resume access to the server applications, but they can’t access data more recent than last weekend.
What can a small or midsize business do to minimize the potentially crippling impact of lost data and downtime? The following five tips can help SMBs more effectively protect their critical data and recover faster from downtime.
Five Tips for Protecting Critical Data
Tip 1 – People, policies and priorities first
Consider having the right people, policies and procedures in place before turning attention to your technology strategy. Designate one individual in the company as the data protection owner who is responsible for getting management buy-in, documenting the processes, investigating the options, and directing testing and training.
The data protection owner should form a group to determine what the most critical information to the business is. This small group should include those individuals whose input will ensure that the most critical business information is protected. In a small business, this may be just the owner or the executive staff. In a midsize business, a manager from each function is probably most appropriate. The data protection owner should identify any relevant regulations that affect the company’s data protection priorities. Next, the group should define the critical applications. Given the limited resources in most small and midsize businesses, initially narrow your focus to the one or two core applications where an inability to access key information can quickly start to cost you money, such as your e-commerce site, customer database or e-mail system. By focusing on protecting just one or two critical applications, your data protection goals will be more attainable.
Tip 2 – Get the data out of the building
It is extremely important to get your data out of the building and out of harm’s way. The ideal offsite location is distant geographically so it remains unaffected by large-scale disasters, such as earthquakes and hurricanes. Consider what the most likely threats are to your place of business.
• Is it local power outages? How far away would you need to store the data to be on a different power grid?
• Is it earthquakes or hurricanes? Keep the backup data at least one state away.
• Is it most likely to be server failures? Think about what could be done for more rapid recovery of the production machine.
Think creatively about how you can cost-effectively protect the data remotely. If your company has multiple sites, perhaps you could send your data to another geographically distant site. Perhaps you could co-locate a backup server at the site of a business partner. If you have neither a remote location nor a second server, utilizing a managed services or cloud hosted offering is a cost-effective option. Numerous businesses offer cloud hosting for IBM i environments, charging a set fee for the storage and processing power you need each month. Using a managed service avoids the capital expense of a second system, and it reduces the administrative burden on your staff by outsourcing the management to your hosting/cloud provider.
Tip 3 – Calculate the costs of downtime
For your peers to appreciate the gravity of the problem, you may need to estimate the downtime costs for employees, suppliers and customers if they can’t access critical information. The following method provides a simple way to estimate the average cost per hour of downtime.
Cost Per Occurrence = (To + Td) x (Hr + Lr)
To = Time / Length of Outage
Td = Time Delta to Data Backup (How long since the last backup?)
Hr = Hourly Rate of Personnel (Calculate by monthly expenditure per department divided by the number of work hours.)
Lr = Lost Revenue per Hour (Applies if the department generates profit. A good rule is to look at profitability over three months and dividing by the number of work hours.)
Next, define the recovery objectives for your applications. The best way to quantify your objectives is with a Recovery Time Objective (RTO) and Recovery Point Objective (RPO) for each application. The RTO for an application is simply the goal for how quickly you need to have that application’s information restored. For example, perhaps 4 hours, 8 hours, or next business day is tolerable for e-mail systems. The RPO for an application is the goal for how much data you can afford to lose since the last backup. Is it 2 minutes worth, 20 minutes or 2 hours? Then estimate the costs to achieve your RTO and RPO for each application.
Finally, get the senior management’s understanding and agreement with your downtime cost estimates and required RTO and RPO goals. Once everyone has agreed on the cost of downtime and the company’s RTO and RPO goals, it’s easier for everyone to agree on the data protection strategy and budget. For example, if you can get the business owner or executive team’s agreement on the company’s downtime costs, they are more likely to agree to an appropriate data protection budget.
Tip 4 – Think beyond tape
Once you have established how quickly you need to recover key applications (RTO), how much data you can afford to lose (RPO) and your budget, you can select the appropriate technology solution. Like many SMBs, you are likely to discover that the traditional practice of using your tape backup procedure for disaster recovery will no longer be adequate to achieve your RTO and RPO goals for critical applications because of the length of time between saves to tape, the propensity for tape related failure, and the long time to recover your data before you can access it again.
For SMBs whose critical applications run at multiple remote locations, the quality and consistency of on-site tape backup is also an issue. Few companies of any size have technical experts in branch locations who can clean and maintain tapes, ensure that they are properly backing up the site data, and execute a recovery when needed.
Small and midsize businesses face a conundrum: tape backup systems are inexpensive and usually necessary for archival purposes, but they offer poor RPO and RTO for critical applications, and they are usually ineffective for saving from or restoring to remote locations. Hardware storage mirroring, which uses remote copy technology to provide sector-based replication between two sites, offers excellent RPO, when used in conjunction with IBM i switchable IASP and local journaling, but is prohibitively expensive for a small or midsize business to buy and manage. Plus, it is less than ideal for backing up remote locations which often have low-bandwidth connections less suitable to the bandwidth requirements of hardware solutions.
Solutions based on software replication also provide excellent RPO for critical applications without the cost and complexity of the hardware mirroring approach. With software-based replication, only the changed data is replicated. When compared with hardware mirroring solutions, this approach offers lower bandwidth requirements, important for replication across low-bandwidth Internet networks. Software-based replication solutions also provide application and server failover to a hot backup server for excellent RTO, so your users can continue working after a failure far more quickly than tape.
Tip 5 – Make sure you really can restore
It’s important to make sure you have thought through how to restore your critical applications quickly – either locally or at a different location. Do you have fast access to all of the components you need to recover? What are the specific steps needed to restore a failed server? What would you do if you had to move the company’s operations and employees to another location?
MIMIX DR maintains a fully operable backup server, so you can failover to that server – without recovery steps. Once your production server has been restored or replaced, you can recover all your data and applications to that new server with no data loss.
MIMIX DR – The Solution for SMBs
MIMIX DR is a very effective way for small and medium-sized businesses to avail themselves of the benefits of software-based replication. MIMIX DR is a complete, entry-level disaster recovery solution based on world-class MIMIX technology.
Real-time replication is at the center of MIMIX DR. Using on the remote journaling capabilities of the IBM i operating system, MIMIX DR replicates your production environment to a backup system – including files, data areas, data queues, IFS, programs, user profiles, device configurations, spool files, triggers, constraints and more. Because only changes are replicated, bandwidth usage is minimized, allowing your backup server to reside on-premises, off-site or in the Cloud. MIMIX DR users benefit from having a fully operational backup server that can assume the role of the production server whenever it is needed. No up-front recovery steps are required, and your mission critical data and applications are all intact up to the point of failure.
Auditing for confident recovery
With MMIX DR, confidence in your recoverability is firmly established with comprehensive audits that compare your production database with the replicated backup copy. Eight regularly scheduled audits of your replicated objects and data, as well as monitoring of the backup server for changes by end users, provide robust coverage. Automatic self-healing technology repairs any out-of-sync condition detected in an audit. With MIMIX DR, you can completely rely on the integrity of your backup dataset in the event of a production server failure, site failure, or natural disaster.
Ease of use
The Vision Solutions Portal (VSP) provides a browser-based graphical user interface for MIMIX DR. Accessible from any device with a browser, you can monitor and manage the status of your MIMX DR environment no matter where you are. Intuitive icons allow you to see status at a glance, while email alerts of conditions requiring your attention enable unattended monitoring when you are away. All in all, with the ease of use built into MIMIX DR, you’ll be able to manage your environment in only minutes a day.
For new technology to be of value to a small or medium-sized business, it must prove its value quickly and continue to do so over the course of its lifecycle. In a very direct sense MIMIX DR delivers fast, proven ROI by reducing the business risks associated with server downtime and data loss. When hosted by a managed services or Cloud provider, it allows a move to real-time replication without the capital investment in a second server.
Based on technology found in MIMIX Availability, Vision Solutions’ world class IBM i high availability solution used by thousands of companies, MIMIX DR provides a growth path to MIMIX Availability as your business’ HA/DR needs grow.
An Alternate Recovery Scenario with MIMIX DR
Now, with MIMIX DR installed on both their production server and on a backup server located elsewhere, the Smith and Johnson law office has a better experience than even the best-case scenario described above.
Tuesday 4 p.m. The server crashes at Smith and Johnson law office. Staff can’t access the client database, appointment calendar, court schedule, research data or project directories. Within an hour or two, the time it takes to manually start the business application on the backup server, production operations can be up and running, with all of the data current up to Tuesday at 4 p.m., the very moment of the production server crash. Users can access all of their applications. On Tuesday evening, the reseller or integrator arrives with parts necessary to repair the original production server.
Afterward, technicians can schedule a time to manually resynchronize the production with the backup server, with all of the data generated since Tuesday intact and with only minor impact to the business. Even in the worst-case scenario where the reseller has to order parts, users can continue to work on the backup server until the production server is restored.
Like major corporations, small and midsize businesses are increasingly reliant on the critical data stored on their servers. However, limited resources and vulnerability to interruptions put small and midsize businesses at higher risk. In the past, small and midsize businesses could only try to cope with this greater level of risk, but no longer. Relying on tape backup for your business server disaster recovery strategy can put your hard-earned success at risk, and statistics show that a large percentage of small businesses who encounter a disaster are not able to reopen. While tape backup for SMBs running IBM i provides a small measure of protection, periodic tape backup can leave you vulnerable to massive amounts of lost data and time in a disastrous event. The key to getting back on track quickly is a comprehensive disaster recovery plan, including fast access to an up-to-the-minute copy of your data. MIMIX DR provides a complete disaster protection and recovery solution at a favorable price for small businesses.