Last week, I toured a slick new facility where businesses can outsource hosting of their private clouds. Only one problem: It plans to, at least initially, use off-site tape for disaster recovery and continuity of operations (DR/COOP). Seriously? The whole point of a private cloud is redundancy, elasticity, and seamless performance, not attributes we associate with tape.
Now, this company has the right idea overall. Private clouds, whether hosted in your data center or at a provider's site, are a smart way to minimize the risk of data loss--if you can extend private cloud principles to often hidebound DR/COOP plans.
There are a few areas to address in making sure a provider can deliver when things go wrong. Start with the basics: Fully redundant data center operations mean a second, geographically segregated facility with adequate WAN capacity and processes to ensure that systems and applications fail over and restore correctly. Drill the provider on the particulars: How soon after loss will data restoration occur? Problems like system failure may be straightforward, but what about when someone accidentally deletes a presentation an hour before the CEO goes on stage? Once restoration is requested, how long will it take? How long will backups be retained? What recovery points can the provider deliver at a price you can afford?
A critical element of any disaster recovery effort is regular and realistic testing. Have your key staff members access mission-critical systems and execute their job functions to make sure everything works. Because companies grow and change, the plan needs to be a living document, reviewed and revised often. But testing is often forgotten (read: no one has the stomach to insist on it) or performed on a limited basis, with mixed results. Sometimes, IT is afraid that testing will cause a service outage. Maybe it will, but that will expose problems better found before an event that disrupts services and it's too late to make fixes. As the saying goes, if you think education is expensive, try ignorance. When staffing a private cloud initiative, carve out a role focused on DR/COOP, and include testing results in performance reviews.
Legacy apps often don't adapt to virtualized private clouds, and rarely do I see a full appreciation of the investment required to protect these clunkers. "Unique" business requirements are often given as reasons for not conforming to the standards necessary to do DR/COOP in the cloud. CIOs must wield an iron fist when it comes to legacy apps, because decentralized budgets and scattered power bases are the enemies of unified business processes. Again, this may not be part of the overall DR/COOP plan, but CIOs who require special approval for retaining legacy apps and are involved in application rationalization will be most successful.
Discouraged? Don't be. While the costs can be high, cloudifying your first-line defense against business interruptions can deliver a more resilient infrastructure, with better physical security and redundant power, telecom, and data links. And it's not as if maintaining a separate DR site, replete with miles of tape shipped to a vault and a "testing strategy" that involves checkboxes in a binder, is all that cheap, either.