Are you part of the 23% that doesn’t test their disaster recovery plan?
You have a disaster recovery (DR) plan, and, so far as you and company management knows, it will work. But if something fails, are you certain that recovery will be quick and painless? Have you tested it to make sure? Because if you aren’t testing regularly, you can’t be sure. And you definitely don’t want to find out in the middle of a true disaster, when the C-Suite is breathing down your neck to get the business back up and running.
We’ve got years of experience at OffsiteDataSync setting up DR plans, testing them and, when needed, executing on full recovery from disaster. Here’s eight steps to follow that will help ensure your organizations is absolutely certain your DR plan will work without a hitch should you need it (and let’s hope you never do!):
Step 1: Define mission-critical VMs. Some applications are absolutely necessary to the functioning of your business, while others won’t harm operations if they’re unavailable for a while. It’s important to create tiers of applications according to their importance, with the top tier including those assets that are absolutely mission critical. That way, you can ensure that the most important parts of the business are restored first.
Step 2: Develop Recovery Point Objectives (RPOs) and Recovery Time Objectives (RTOs). Once you know which assets are most important, establish the RPOs and RTOs that you need to achieve. Your ERP system might require a 15-minute failover while a document folder can be offline for 24 hours without any serious impact. See how OffsiteDataSync and Veeam have helped companies develop and execute on DR plans.
Step 3: Define Necessary Resources and Dependencies. Determine the amount of resources (CPU and RAM) and storage space required to operate mission-critical VMs. As simple as this may sound, it is a question we are often chasing customers for – if you are unsure how much mission critical data you have, we can help.
Additionally, make sure that the plan accounts for all dependencies. A mission-critical application will not run if the other applications and resources it requires are not available. It’s important to restore the workloads on which critical applications depend first and in the right order so you don’t face a nasty surprise in the event of an actual disaster.
Step 4: Establish a disaster recovery checklist. Create a chronological task recovery list, where each recovery step is assigned to specific company personnel. It’s important that everyone knows exactly what to do and in what order. Make sure you have “understudies” to take the place of individuals who may not be available.
Step 5: Document current backup methodologies. Always have backup procedures in place. For example, if a disaster occurred today, your organization should be prepared to rely on a redundant backup. In this step, you would also identify any vulnerabilities, such as intermittent backup procedures or machines not being backed up that should be.
Step 6: Create a schedule for updating the plan. An outdated plan is not much better than no plan at all. DR plans are typically tested semi-annually, but can be tested as often as monthly or quarterly. And DR testing doesn’t have to be costly. There are multiple models to follow, depending on what your organization can feasibly do:
- Plan review: TheDR team walks through the plan looking for missteps, unaddressed scenarios and missing details. This is the least comprehensive method, so if this is what your organization chooses to do, at least conduct periodic testing of backups.
- Tabletop run-through: Instead of performing a recovery simulation offsite or in the cloud, some organizations do a sit-down, scenario-based walkthrough. This involves discussing activities, bringing up potential issues and generally preparing the DR team for a true recovery situation.
- Scenario simulation: Some environments are so complex, a simulation would be too time consuming. In this scenario, pick a test scenario – workload or application-based, location-based or one devised by management – so the DR team can work through the actual steps to bring those parts back.
- Full simulation: This is the real deal, so it’s critical to evaluate your organization’s ability to recover an entire copy of operations before embarking on this path. For smaller entities, it’s about as complex as a simulation scenario as it is for larger organizations.
Step 7: Evaluate: Once you’ve conducted a test, conduct a thorough after-action review to identify problems and determine how to fix them.
Step 8: Update the plan! Make necessary changes to the plan to ensure a smoother disaster recovery test for next time, and compare the test results to internal requirements to see where there needs to be improvement.
Learn more about what you’re forgetting in your disaster recovery plan.
Following a tried-and-true disaster recovery testing plan will ensure you are prepared in a disaster event.
Prepare for the unexpected. Learn more about testing your disaster recovery plan with our free eBook: Putting Disaster Recovery to the Test.