The recent storms affecting many parts of the UK have again highlighted the vulnerability of business systems to the ravages of nature.
Whether threatened by hurricane, flood, fire, acts of terrorism or a member of staff accidentally hitting the delete key, company data is constantly at risk of being permanently wiped out.
As a result, business continuity solutions have risen up IT managers' agendas. Quite simply, extensive downtime and data loss can mean loss of business.
Large corporates have long recognised these potential threats and have invested heavily in systems to keep them in business in the event of most forms of disaster. But what of the humble small or medium-sized enterprise (SME), often blissfully unaware of the threat or operating on a very tight budget?
Dave Birch, operations manager at BT Commsure, laments the plight of the small business.
"SMEs are at risk as much as larger organisations but often remain unprotected," he said. "They need to avoid the trap of seeing business continuity as an IT issue and focus on business drivers and consequences.
"The opportunity exists, therefore, for resellers to offer affordable, tailored solutions, providing continuity services to SMEs as a value-add to their normal offerings.
"Value-added resellers [Vars] should be addressing the board, underlining the importance of protecting assets and providing for continuity during a crisis."
Part of the problem is that business continuity and recovery is viewed as an expensive overhead that may not result in any return on investment.
Selling any form of business continuity system has been very difficult since the Y2K non-event.
The fear tactic employed to get end users to part with serious wads of cash for little return has jaundiced some users' views of catastrophe prevention in general.
According to John Amans, technical director at reseller Byford Computer Systems, it's all a question of priorities.
"You get what you pay for and effective disaster recovery costs [money]," he explained. "Budgets are a matter of priority; we need to help customers put disaster recovery at the top of the list.
"We need to explain that IT is like any other plant used in the business. For example, the loss of a fork-lift truck is a disaster that is easily understood, yet the loss of core IT systems could be far worse. Customers often insist on cutting costs in the worst way."
Companies in the SME arena are largely unconvinced of the cost benefits of disaster recovery. It is hard to justify allocating scarce funds to a contingency that will probably never happen.
However, there are several ways to tackle the problem of business continuity and disaster recovery with appropriate hardware and software products.
"It is generally accepted that data has to be protected away from the primary business location, and in most businesses this is carried out," said Steve Whitby, business manager for civil systems at Cogent DSN, a specialist in network resiliency.
"However, because hardware is considered to require major expenditure, it is seldom given the attention it needs."
There are two ways to achieve this: by backing up systems to media that can be removed from site, or by backing up data to a remote location over suitable communications links.
Historically, magnetic tape has been the preferred media for data back-up, but optical and magnetic discs have recently become more popular.
But this doesn't mean that tape should be ignored, according to Mike Quinn, product marketing manager for EMEA at manufacturer Quantum.
"There are now alternatives to magnetic tape on the market, namely optical and magnetic discs," he said. "While the decision over whether to back up is now clear, the back-up medium may no longer seem an obvious choice.
"The development of alternative technologies has not, however, eradicated the need for tape. In fact, according to Quantum's research, as many as 93 per cent of companies still use tape as their primary data protection technology.
"Interestingly, of the respondents who have taken up disks, more than 75 per cent are still using tape as an additional level of back-up.
"Tape and disc should not be viewed as mutually exclusive. They are complementary parts of a total storage solution.
"Tape continues to provide the most secure, resilient and economical storage medium, both on and off site, and for both short- and long-term storage.
"Disks can be used in conjunction in an on-site location where budget allows, to provide near-online availability for the data most important to business continuity."
Another method to safeguard data is to implement an effective storage area network (San), according to Dominic Heath, EMEA channel marketing manager at Qlogic.
"Until recently this type of solution has been beyond the reach of SMEs," he said. "Now QLogic has introduced products and initiatives to overcome the barriers preventing SMEs introducing a San.
"One example is the San Connectivity Kit 2000, launched at this year's Storage Expo. It is an entry-level 'San solution in a box' and will equip SMEs with an effective method to transfer and store business-critical data."
Coupled with the right sort of software, a San can offer effective disaster recovery. For example, Datacore's Sansymphony product offers several methods for creating and updating known good working images of critical applications at one or more remote contingency sites.
Bharat Kumar, director of marketing communications at DataCore, said: "To leverage the convenience and low cost of existing internet infrastructure, DataCore offers an Asynchronous IP Mirroring [Aim] option."
Aim operates over conventional local area networks (Lans) and wide area networks (Wans) using standard TCP/IP protocols. Secure, encrypted connections such as virtual private networks and trunked or aggregated multi-link circuits can be used to enhance the privacy and speed of transmissions between sites.
"Point-in-time snapshots of remote copies may be triggered periodically or event-driven," said Kumar.
He added that, when it is essential to keep the remote copy in step with the primary image, Sansymphony synchronous network mirroring option is an attractive alternative.
"Separations up to 100km are typically achieved using dedicated high-bandwidth optical routes across metropolitan area networks. The originating and remote sites may use dissimilar storage equipment," he explained.
As storage becomes more widespread, with a variety of devices in use, so the management of complex systems has become critical in disaster recovery.
Howard Rippiner, marketing director for EMEA at Overland Storage, claims that problems associated with ever-increasing use of data storage within even the smallest of companies need to be addressed.
"The fastest-growing category of storage management software is storage resource management [SRM]," he said.
"The need for this has arisen because storage systems have grown so fast that many companies no longer know what sort or amount of data they are storing, or even what storage hardware they own. SRM attempts to fix the problem by helping firms to consolidate storage."
Rippiner added that these days, SMEs are able to have as much control over their data storage as larger organisations because of the increase in the amount of solutions available for this market sector.
New technologies such as storage virtualisation and open storage networking are addressing the issues of complexity and expense.
"Virtualisation seems destined to reduce the costs and complexity traditionally associated with disaster recovery," explained Kumar.
"Virtualisation solutions can offer high-speed replication of data to deliver fast remote data synchronisation across Fibre Channel or IP/iSCSI.
"Methods such as Aim enable companies to safeguard information by replicating it to a safe environment across long distances, for a fraction of the cost of alternative solutions."
Quinn agreed that remote access software has revolutionised the way in which disaster recovery can be implemented.
"More and more remote storage management solutions are being deployed into the SME market," he said. "The SME will have more peace of mind as it will be able to configure storage remotely and easily.
"The remote tools can also report problems with hardware or software that can sometimes be fixed without anyone going on site.
"These features used to be available only for enterprise-class systems, but now they are within the grasp of even the smallest of organisations."
However, not everyone thinks that spreading data across a wide area is the right approach. "I'm sceptical about disaster recovery offerings based on spreading risk across multiple locations," warned Amans.
"I can see the value in terms of high availability requirements and I can come up with metrics in most situations that justify the approach from a cost-benefit point of view if the business criticality is high enough. But to use disaster recovery as the sole argument is, in my opinion, rather weak to say the least."
Nevertheless, there are strong reasons why resellers should get involved in this area of the market.
Andy Shepperd, general manager of networking and storage business units at Computer 2000, said that adding disaster recovery agents to the sale is a good opportunity for resellers, and one they are exploiting.
"The software agents which Computer Associates [CA] and Veritas provide make it very easy to upgrade intelligent back-up into a proper disaster recovery solution," he explained.
He added that SME customers are buying these solutions. They are starting to understand that they must protect data and guard against disasters just like any corporate company.
More importantly, resellers are finding it relatively easy to sell. "Once a reseller buys CA or Veritas disaster recovery software it tends to come back again and again," said Shepperd.
"Customers are usually buying the management software anyway, and the extra cost of the disaster recovery agent is small compared with the benefits and peace of mind it delivers."
He added that there are two main types of customer for disaster recovery. "There are those who understand the need for the solution and will manage back-up and recovery testing themselves, and those who expect resellers to provide the specialist consultancy and active support in a disaster. So there is a services opportunity as well," said Shepperd.
Disaster recovery solutions need to offer versatility, speed, ease of use and reliability. "Not only do you need back-up to be quick, you must be sure it has worked," he said.
"Vars need to initiate a test regime for their customers to ensure the quality of back-ups and make certain that the restore function is reliable and can be done quickly enough in the event of a disaster. Why would you want to back up anything if you can't restore it?"
The ability to recover a system after a disaster is the crux of the matter, and if resellers are to offer customers a complete service they had better be prepared to back their promises up with action.
"Disaster recovery is the epitome of a solution sell," said Amans. "As soon as a salesman talks about disaster recovery without talking consultancy and analysis then all credibility has flown out of the window.
"Get the engineering right and charge the customer for it; if he cannot afford analysis, he cannot afford disaster recovery.
"If the engineering is done right and the customer goes on to implement a plan, the case has been justly made and the customer will be right behind it."
THE 10-POINT DISASTER RECOVERY CHECKLIST
Resellers that wish to sell business continuity solutions need to be fully armed to help their customers implement systems.
One way of achieving this is to provide the customer with a comprehensive checklist for planning a disaster recovery strategy. The following example was provided by Veritas.
1. Determine who needs to be involved in the planning process.
In addition to key IT personnel, the executive board needs to be involved in the business continuity planning. They need to understand and agree the levels of uptime required in order to understand the process and to allocate appropriate budgets. Disaster recovery cannot be left to the IT department.
2. Clearly define and communicate roles and responsibilities.
The plan should define responsibilities of all individuals and ensure clear communication of ownership.
3. Assess the risk and impact.
Put a price on down time for each of your mission critical applications. This aids defining policy, determining the technology and allocating budget.
4. Define the policy.
Define the policy for every application at every location, whether this is managed internally or externally. This needs to include the relevant technology choices.
5. Define budgets.
The budgeting process should be defined as part of the planning process, but needs to remain flexible. There are three elements to consider when setting the budget:
- Assessing the risk and defining the level of uptime needed. This budget needs to include any infrastructure changes or necessary technology investments to make this possible.
- Maintenance of existing systems.
- Business continuity - in other words, relocation of staff.
6. Detail the plan, using policy elements.
This needs to cover two elements:
- General plan. This must cover all IT infrastructure and applications, with details to ensure that getting systems back online is not dependant on the presence of specialist personnel.
- Application specific planning. A separate plan should cover, in detail, the process for recovering a particular application. Again, this needs to be kept simple enough so that it is not dependent on the presence of specialist personnel.
7. Implementing the solutions.
Applications need to be protected in accordance with their importance to the operation of the business, by using appropriate technology. Where systems support more than one application, the level of protection should be determined by the most important application.
8. Publish the plan.
The plan and its location must be published internally with widespread access. Copies must also be held off-site with the location internally published.
9. Ensure ongoing reviews of the plan.
This must be a continual process and is particularly important every time a new application or IT infrastructure is introduced.
10. Test the plan quarterly (at a minimum).
Test the plan and set objectives to ensure that mission critical systems are up and running within an acceptable period of time defined by the organisation.
'Smaller firms may struggle to keep up with Microsoft's innovation with Dynamics' says CEO Stuart Fenton after acquiring assets from Profile Enterprise Solutions
Pete Peterson admits the firm hasn't always been the 'easiest company to do business with'
New chief exec Aaron Painter says 'longer-term strategy' could see firm tackle the Asian market
XMA bosses on becoming a 'performance VAR', pocketing £50m of Misco leftovers, and acquisition near-misses
Lee Hemani and Andy Wright reveal that XMA is aiming to boost net profits to three per cent of revenues as they run through the growth ambitions of the UK's ninth-largest reseller