Professional Documents
Culture Documents
At first glance, disaster recovery planning may seem as simple as creating a basic summary of how you will
restore data and infrastructure following a disaster.
In reality, however, effective disaster recovery planning requires much more than this. It entails creating
detailed, step-by-step procedures for restoring data and infrastructure. Those plans should detail not just the
steps for setting things back up, but should also specify:
In this guide, we discuss these points and more as we explain best practices for developing a disaster recovery plan.
Identifying the types of disasters that are most likely to affect your infrastructure
is important because the severity, frequency and predictability of disasters varies
depending on type. For example, earthquakes happen with virtually no warning. In contrast, if a major hurricane
is coming up the coast of the United States, you will likely have at least a few days’ warning to prepare for the
event. Power outages may or may not happen suddenly, but it is easy to create a back-up plan for dealing with them.
When you know which disasters you are most likely to face, you can plan accordingly. You could even generate a
statistical model to help predict how often disasters will strike your infrastructure, and what their severity will be.
Remember, too, that employees may need to be able to access things like passwords in order to execute a
disaster recovery plan. Make sure those passwords are accessible even if the main infrastructure fails.
Communication between employees is critical, too. Ensure that you have a plan in place for employees to talk to
each other and share information, even if it is via an old-fashioned phone tree.
In most situations, some departments or processes could be disrupted for longer periods of time than others
without causing critical harm to the business. For example, perhaps your company could survive for a week
or two without functioning payroll operations, since staff are typically paid only once every couple of weeks. In
contrast, if your sales team can’t function for a week because its software is down, that could cost the company
a great deal of money in lost sales and customers.
To determine the business impact of a disaster on different parts of your organization, you’ll have to work
closely with department heads and key personnel. One way to do this is to distribute a questionnaire
asking them how long their departments could operate without functioning IT infrastructure, and what the
consequences would be to the company if the department ceased to operate. If the questionnaire doesn’t yield
enough information, you can perform in-person interviews.
Once you have assessed the impact of a disaster, you can develop RTO and RPO goals for the various
components of your infrastructure and data that will meet each department’s needs.
With RTOs and RPOs established, you know what needs to be recovered and how quickly recovery must
happen following a disaster.
Recovery Strategies
With that information in hand, you’re ready to develop your actual recovery strategies. To do this, you must
assess whether the resources your currently have in place are sufficient for meeting the various RTO and RPO
goals that you have set. Do you have enough personnel ready to respond to a disaster to meet those goals? Do
you have enough backup infrastructure and network bandwidth? Will you be able to acquire new hardware or
software quickly enough, if necessary?
By answering questions like these, you can develop the overall recovery strategies that will form the basis for
your disaster recovery plan. If you discover that you have too few resources to enable the strategies, discuss with
management in order to acquire what you need. Likewise, if you have more resources than necessary for disaster
recovery, this could be an opportunity to reduce this part of your budget (which is always a win with management).
• Develop an overall plan framework that defines the different components of your plan. For example,
perhaps your plan will be broken down into different sub-plans, each of which addresses a different
department in the company or a different data center.
• Identify personnel who will be responsible for executing the plan (or the sub-plans).
• Develop plans for relocating hardware, software or data following a disaster.
• Write out the specific disaster recovery procedures that need to be followed, along with steps for
accessing any special information required to follow the procedures.
• Document manual workarounds for your team to follow in the event that the main disaster recovery plan fails.
• Put the plan together and share it with management to get approval.
Be sure to document the results of these tests and review them in order to identify gaps that need to be fixed
before an actual disaster strikes.
1. Goals
Your plan can begin with a definition of the overall goals of the disaster recovery procedures.
2. Personnel
Create a table that includes the name, position and contact information of all employees who will participate in
disaster recovery, as well as the role they will play.
Your personnel section can also include a calling tree for internal and external contacts that you can use to
share information during a disaster.
This section of the plan includes tables or lists of hardware and software that the plan addresses. Identify which
components are mission-critical and which departments depend on them. In addition, define the RPO and RTO
for each system, and spell out any dependencies between systems.
Obviously, you need to use reason when determining how much detail to include in the procedures. You
probably don’t need to include a step like “Open your laptop” as the first procedure that an employee would
follow in order to log onto a remote system. But you do want to make sure that all non-trivial technical steps
and information are spelled out clearly in the plan. For example, if the plan entails spinning up virtual servers in
the cloud to replace downed physical servers, make sure the manual walks staff through the process of using
the cloud provider’s console or CLI to create a new server instance. You don’t want your personnel to have to
figure these things out on their own during a disaster.
The disaster recovery procedures should also include steps for documenting progress as your team follows the
plan. This information is important in the event that a new group has to take over; it is also useful for auditing
purposes after the event.
If you have multiple sites to support, you may need a sub-plan for each one’s disaster recovery needs.
5. Testing procedures
This section specifies procedures for testing the disaster recovery plan, as well as documenting and reviewing
test results.
MSP360 also provides a turnkey, white-label data protection service to thousands of VARs and MSPs to help
them build their brand in the cloud backup market.
MSP360 Backup offers you fast and simple bare-metal restore process. It allows you to perform image-based
backups to any cloud or local backup destination, restoring image-based backups as VMware virtual machines
or Azure virtual machines.
• File-level backup
• System state backup: only the operating system and configuration
• System image backup: a full copy of the needed computer or server
Free Sign Up
Conclusion
Planning for disaster recovery may seem like something you can always put off until tomorrow. But don’t trick
yourself into thinking that successful disaster recovery can be pulled off on-the-fly in the midst of a serious
disruption. There are too many moving pieces -- in terms of different hardware and software systems, personnel
and business processes -- to make it feasible to “wing” disaster recovery. That’s why it is essential to have a
detailed disaster recovery plan in place well before disaster strikes.
About MSP360
Established in 2011 by a group of experienced IT professionals, MSP360TM provides cloud-based backup and file
management services to small and mid-sized businesses (SMBs). MSP360’s offerings include powerful, easy-to-
use backup management capabilities and military-grade encryption using customer-controlled keys.
Customers can choose to store their backup data with more than 20 online storage providers, including
Amazon S3 and Amazon Glacier. MSP360 also collaborates with thousands of VARs and MSPs to provide them
with turnkey, white-label data protection services. It has been an Amazon Web Services Advanced Technology
Partner since 2012. MSP360 has also achieved Storage Competency Partner status in the AWS Partner Network.
For more information, visit www.MSP360.com. Follow us on Twitter at @MSP360.