More and more I see companies who are backing up their data in quality ways, using a combination of good equipment, strong processes, and industry recommended best-practices. Make no mistake – I’m happy about this. But I’m also seeing many of these same companies who are considering their backup to be their disaster recovery plan. Unfortunately, no data backup, no matter how good, is a disaster recovery plan. Now, I’m not trying to preach about disaster recovery…well, okay, that’s a lie. I’m planning on doing a little preaching. But truly, there is a difference between a disaster recovery plan and standard data backup plan. Ultimately, disaster recovery is the means to an end with the “end” being business continuity. And everyone likes business continuity, right? So whether you decide to put together a full-blown disaster recovery plan or just stay with your current data backup, knowing the difference can save your business lots of money. Okay, I’m done preaching. Here’s some valuable information about what makes up a good disaster recovery plan, and how to put one together…
Note: A true disaster recovery plan includes phones, facilities, data, and more. I’m just focusing on the data portion of things in this article.
Generally, “disasters” come in three flavors:
- Hardware failure (bad hard drive, motherboard, network card, etc.)
- Software failure (“bluescreen” is a familiar term for a reason)
- Physical failure (flood, fire, etc.)
So let’s keep things simple. Good disaster recovery generally includes a mix of the following components:
- Quality data backup (preferably onsite and offsite)
- Imaging
- Redundancy
Let’s explore each of these in a bit more detail.
Data backup:
- Onsite – use a hard drive backup system (preferably a quality internal/external chassis that has removable drives). In terms of reliability, ability to restore quickly, and length of service, hard drives are simply better than comparable tape systems.
- Offsite – Offsite backup solves a number of security & operational concerns, and is very cost effective these days (about $1 per GB per month is pretty common). Because it’s automated, you don’t need to worry about people remembering to take data offsite and you can control the amount of data that is backed up offsite.
Imaging: Imaging is the process of taking a “snapshot” of an operating system. When applied to server systems, the use of imaging can literally save tens of thousands of dollars in recovery costs. Imaging fails when it comes to restoring data granularly (a single e-mail, a single document, etc.), but for true disaster recovery, imaging can’t be beat.
Redundancy: Creating a network devoid of “single points of failure” is almost always too expensive to employ, but the concept can be used effectively to significantly reduce the chance and effect “failure” can have on your business. Some good uses of redundancy would be:
- Quality server design (multiple hard drives, fans, power supplies, etc.)
- Use of a quality SAN (Storage Area Network) in a virtualized server environment (VMware software is great in these environments)
- Server redundancy (two servers deployed in a fully redundant architecture). Stratus Avance is amazing software that accomplishes this at a price small and medium sized businesses can absorb easily.
- Network switches deployed in a balanced architecture with enough capacity to assume full connectivity should one fail.
The last piece of a good disaster recovery plan is the plan itself. Now that you have all these quality pieces in place, you still need to have a plan in place should a disaster strike. Here are a few good ways to start putting your plan together:
- Know your operational costs (by the day, by the hour, etc.). Granted, this is only half the equation (operational costs don’t include the impact downtime will have on your clients, nor does it include other opportunity costs you may have), but it is an absolutely necessary ingredient for creating your plan.
- Define your tolerance for downtime. Some businesses can handle a day or two of downtime. Others can’t afford an hour of downtime. Determining how your tolerance for downtime will go a long way in putting your disaster recovery plan together
- Define a budget. If you know your operational costs are $25,000 per day (for instance), you then have good information from which you can create an appropriate budget for avoiding downtime.
- Design your network appropriately (data backup, imaging, redundancy, etc.).
- Put it on paper. Just like everything else in business, putting it on paper helps make it happen.
Tags: data backup, disaster recovery, disaster recovery plan, disaster recovery planning, hardware, Information Technology Professionals, phone systems, Virtualiztion
Networking, Technology Mangement, Technology Mangement | Joe Ulm | 
March 3, 2011 5:06 pm | 
Comments (0)
More and more businesses are looking for a good way to protect themselves against the litany of harmful viruses, spyware, and other malware that comes from the web. In my article Web & Spyware Defense I cover some of the technologies that are effective at defending your business from web-based threats. Here, I’d like to focus on the one of the products we believe balances effectiveness with cost, the best.
McAfee SaaS Web Protection is a service provided by McAfee (formerly MX Logic) that effectively “scrubs” incoming and outgoing web traffic to ensure web threats don’t get in or out of your network. It also provides options for limiting access to certain sites and can generate some valuable reports on web activity (by user, device, site, etc.). Additionally, it includes a simple, straight forward user interface and has a price point under $3 per device per month.
How it works
The architecture of the solution is very simple: your company’s Internet/web traffic is routed through McAfee SaaS’ servers and scrubbed for harmful software. Basically, it is a standard, cloud-based solution.
Effectiveness
We have deployed this solution for a number of our clients and it simply works. There is no substitution for seeing how a product or service works in an actual production environment and this is one that lives up to the hype.
Note: Cloud solutions are often incredibly valuable solutions, but like any technology, they aren’t for every business. At ITP we always recommend reviewing technology solutions within the context of your specific business goals, culture, processes and people. Of course, if you need some help with that we’ve got some great people here at ITP that can help.
Integrated communications is, on a very simple level, little more than making sure you can communicate well throughout your organization and to your customers. It’s an important concept to understand because it can often lower your fixed costs and improve your ability to serve your customers. In essence, the simplest definition may be “the ability for businesses to communicate quickly and effectively internally and to customers.” Integrated Communications can include both hardware and software technology such as phone systems, e-mail systems, messaging software, mobile phones, remote access technologies, Internet service, websites, social media, and more. Deployed well, the advantages of Integrated Communications can be very powerful. Here are a few common advantages:
- Creates a platform for developing new processes and efficiencies that drive competitive advantage
- Allows businesses to do business anytime, anywhere
- Enhances collaboration activities and improve organizational productivity
- Creates an environment with multiple communication redundancies
- Enables new service delivery methods by integrating voice, video and data communications
- Enhances mobile workforce communication
- Optimizes your communications and networking environments for cost-effective performance.
For example, at ITP we provide many different ways for our customers to contact us including phone, e-mail, and web access methods. We manage all our client’s issues through a ticketing system that streamlines internal communication between engineers, operations, and our back-office support staff. Doing so has increased our customer’s service experience enormously by allowing them to access ITP’s staff and services in the way that works best for them AND it has ensured our internal communications are efficient and seamless.
A few other examples of where these advantages could be realized would be:
- Deployment of a SharePoint server to allow secure document access and collaboration across multiple sites or between a geographically distant workforce
- Deployment of a VOIP phone system like a Shoretel phone system to save telecommunication costs between sites
- Deployment of MPLS Internet access to deliver secure communications between office locations and reduce hardware expenses.
- Implementation of a social media strategy
Ultimately, any technology initiative should be driven by business need or strategy. However, with the response times customers have come to expect from all businesses today, along with the need for businesses to communicate quickly and efficiently to satisfy those expectations, deploying an integrated communications strategy is almost certainly a quality investment.
Google street view is a handy tool to use when you need to know what that building your looking for should look like from your car. These Google cars traverse the U.S. and 30 countries taking pictures and sending back GPS data about locations around the world. Recently Google has admitted to the F.C.C. that they were in fact in violation of Federal privacy and wiretapping statues when these cars were equipped with WiFi detectors.
Google originally set out only to mark the locations of wifi devices. Recently though, for a yet explained reason, Google cars actually capture Wifi data on unencrypted Wifi connections. Google in the process capture emails, web data and other traffic from thousands of unsuspecting citizens.
Once notified Google did delete the data and reported themselves to the authorities and no further legal action has been taken but privacy watchdogs are not happy with the lack of follow up but the federal government.
For businesses this is a stark reminder of how easy it is to let data outside the network. Wifi is a handy tool but carries with it some risks when not properly configured and monitored. We recommend all our clients with Wifi secure them with at least WPA+ security or higher and all passwords on public facing routers meet complex password policies. Your firewall and routers simply cannot have the same basic passwords they must be complex and include no words in the dictionary.
Most businesses today think with anti virus and a firewall that is sufficient given they don’t have any “private” data or regulatory restrictions. Keep in mind that PCI compliance requires network security and applies to almost every company that takes credit cards.
Do you have reports confirming your networks safety?
At ITP we focus on delivering our services in a manner that rises above our competition. Which got me thinking…the best IT firms do certain things well. Among the most common are:
- They have skilled, experienced engineers
- They explain things clearly to you
- They are efficient and reliable
- They help you drive efficiency through your technology
- They are an asset to your business
I’ve seen many IT firms to some of these things well, but few do all of them well. What are the most important things your IT firm does for you?
There’s no doubt that virtualization is becoming more and more prevalent for small businesses of all sizes. There are lots of reasons for this including:
- Reduced downtime
- Increased performance
- Strong disaster recovery
- Scalability
- Excellent business flexibility
But I find it curious that many companies I meet with are initially confused by the concept. So…here’s my attempt to simplify virtualization.
At its most basic level, virtualization for small businesses generally involves running multiple server operating systems on one physical server. That’s it. Oh sure, more than one physical server can be deployed to create better redundancy, less downtime, etc. But just knowing that simple concept – multiple server systems running on a single piece of hardware (server) – puts you way ahead of many small businesses.
Here at ITP we do not install phone systems. We have, however, been hired to write requests for proposals for companies looking for a communications platforms and as such have a fairly in depth view of the industry while remaining impartial.
My only loyalty note is I myself have done contract work for Cisco system phone division in Seattle at one point and have experience with most the major modern platforms. I also lead an in house project to make a selection for a midsized law firm.
Having established that background– one of the first solutions I evaluated was TDS Metrocom’s ManagedIP product. The offering is compelling for time strapped organizations looking for enterprise class features without the up front cost of purchasing a unified communications platform. Like all products I believe each has their fit. I think managed IP solutions would work well for small 5 and under individual offices who really need the features and don’t have the time to manage their own MAC’s (Indistry term for “Moves, Adds, Changes”. I have never seen a selection make the decision to go managed IP in an office with 10 or more phones from purely a cost standpoint.
Whenever you use a hosted product of this nature your paying to not have pain. In this case to not have to worry about programming your phones or managing additional equipment.
Here is my problem. MAC on new systems are very easy to do through web based interfaces and admin training is always included by the installer. Even an expensive system for this price point on a 3 year lease (often with APR deals to get the business, Cisco, Avaya etc. all have leasing arms) means your saving significant money in years 1-3 and have a nearly free system thereafter. Modern phone systems should last 5 – 8 years. Even if your in a close 5 year cycle I think the numbers are not in ManagedIP’s favor. ManagedIP sellers will say your Cisco system will need constant work and the bills will keep coming. While operating system upgrades are suggested I have seen Cisco platforms run for literally years on end without restart or upgrade. If you do need a new service release find a Cisco provider who will do that update for a flat fee.
Other considerations with hosting your phones is that often your custom software is looking for a TAPI system or something on the LAN itself for phone integration. TDS’s managed IP does have software to look for any HTML formatted numbers like your iphone but may limit your ability to billback clients for calls or use a dialer in a piece of software.
One other note if you are running Windows Small Business Server beware that TDS’s equipment will possibly “accidentally” turn on DHCP to look for phones and when it does your SBS server will shut DHCP down and individuals will slowly lose network connectivity. Make sure they setup their phones on a completely different subnet and VLAN. Meaning if your computers are at 192.168.0.X the phones should be at 192.168.100.X
When selecting a non manged system really analyze how you use the phones. Do not assume that a new system will have the same features as your 25 year old system. Also make sure you involve the big 3, Cisco, Avaya and Shortel. First of all involving them will allow each vendor to drop their price as they all have competitive pricing plans when “X” is in the bidding. It is important to really evaluate the big brands like Cisco and weigh them against newer entrances like Shortel.
If your office is struggling with the decision consider hiring a 3rd party to help you navigate the sales talk and don’t ever buy a phone system from a sales person who says “Oh this phone system does everything”. Hiring a 3rd party can often save you more than their cost for their expertise just in cutting through to the bottom line.
As always find a solution that best fits your needs and long term goals. ManagedIP might be a good bridge but I don’t think its the future. Sorry you spent all that money on broadsoft switches TDS…..
Need to eek out just a little more time out of an old server? Don’t have the time or resources to reconfigure the rest of your server roles?
At ITP we use a neat trick. Vmware Converter. What is Vmware Converter? (http://www.vmware.com/products/converter/)It is a free technology which captures a physical server and backs it up to a couple of files which can be moved to any server or computer and with the use of a free or inexpensive “player” you can get that old server configuration running on reliable hardware. This is a great way to get a few more months out of hardware it is also an excellent disaster recovery option for small to large enterprises. Even if you have never used virtualization this tool can be a great introduction to the technology and a real business saving tool in the case of hardware on the edge.
We at the office have had a rash of rushed server replacements in the last few months. We ourselves are a business who struggle with when it is time to make capital investments like servers and desktops. I just wanted to take the time to pass along some facts about hardware. I am an engineer here at ITP not the sales guy sorry Joe.
When is the right time to replace a server?
The answer which no one likes to hear is: it depends. Like your car you can drive it until it strands you and then get it fixed and get back out on the highway again. Others chose to replace their car or have schedule maintenance on it in order to avoid this down time in their life. The important thing is to realize the difference between a tire blow out which can just be replaced and fixed and a general wearing out. The other car analogy I will throw at you about servers is that your equipment has miles on it. In the industry it is called a MTBF or Mean Time Before Failure or failure rates. It is possible depending on your environment that you have put 100,000 miles on your server in 2 years. Think of servers more like you would your copiers after so many copies it just seems to start jamming more, right? Microsoft.com tells us the research they have done says this is around the 5th year:
The percentage of servers experiencing some form of component failure jumps from 10 percent in year four to 50 percent in year five, according to James Browning, a research vice president at IT analyst firm Gartner Inc.
Microsoft and we at ITP urge you to use a combination of factors the most important of which is the performance of the system and it’s age in combination. I say use both because if you have a 7 year old server even if you feel it’s performing well the risk of complete failure is so high that its not worth the risk. The other factor I consider is manufacture, not that it be Dell or HP or IBM but if it was a “white box” or built server or PC. Part of the process of becoming a Dell or HP server system is intensive research and burn in process which ensures longer more consistently running hardware. If the server we are reviewing was built we tend to assign another year to it’s life at least. ITP has never built PC’s or Servers because we think it is not good business and we would question any company out their still building PC’s.
Risk is really what its all about right? If you replace your servers every 3-4 years on schedule and keep your servers at a cool consistent temperature you will have less issues. Meaning less IT costs, less intermittent and major downtime. I often wonder all the clients who call us when 1 desktop is down because of a virus or MS Office needs to be reinstalled or a corrupt OST file if they realize the effect on their business for email to be down for an entire day or to have no access to your calendar or contacts. You say that will never happen but risk management methodology says we must think about it. For almost all our clients a day of downtime would cost the firm in lost time and money more than the cost of a new server.
Budget for it, the core of the network should not be taken lightly. Make sure you have a solid disaster recovery plan meaning backup, policy and plan to get the business back up and running. Hold off on the new printer or the new laptops but make sure even in this economy you don’t take risks on the machines that carry the core of the business.
Just a friendly reminder to all our clients and loyal viewers that if Internet Explorer updates from 6 to 7 or 7 to 8 because of Windows Updates on your home computer that the activex control used to connect to your machines may get reset. If this happens when you click the connect button a drop down should come down from just below the URL bar to install the activex control. You can also click on the gears in the lower right on IE 8. You may have to five it a second then close your browser and redo the login process completely. Also make sure you have added your RWW address to your trusted sites list in Tools->Internet Options->Security Tab.
RWW is a great economical remote access tool for small to midsize companies. As always feel free to contact us to discuss RWW vs. Logmein vs. Terminal Services or other remote access products.
ITP Engineers
Subscribe