EMERGENCY - Survival of the fittest
Lightning, software failure, acts of terrorism ... to small companies and large corporates alike, disaster recovery experts are the fourth emergency service.
Keeping corporate IT systems pumping has always been a matter of life and large corporates alike, disaster recovery experts are the fourth emergency service. or death for large systems houses and small resellers alike. But providing back-up for data in the event of a disaster - be it fire, flood or explosion - has been left largely in the hands of specialist disaster recovery or business contingency firms.
Some people may not have even heard of companies such as Comdisco, Safetynet, Guardian, Synstar and SG-RS (the disaster recovery arm of Sema Group), but they are substantial firms working with some of the biggest IT users in the UK and across the globe.
However, with systems becoming more important to all sizes and types of organisation, and a growing awareness of the need to protect systems, some experts believe there is an opportunity for resellers to move into business contingency. A full-blown service might not be affordable or necessary for most customers, but providing some degree of backup and contingency could be worthwhile.
Dave Dignam, international product manager for business continuity at Synstar International, believes there is a place for resellers in servicing the disaster recovery market, but only at entry level. 'How much a company is prepared to invest in disaster recovery depends on what its needs are and what the impact of a disaster would be on its business,' he says. 'Reliance on PCs by even the smallest firms has increased dramatically, and more and more companies are looking to put some sort of contingency plan in place should the unthinkable happen.'
Synstar says it can help resellers exploit what it sees as a growing opportunity to deliver disaster recovery services to companies outside the Times Top 1,000 and outside the City of London. It is about to launch a service called PC-Lite, aimed at smaller network users. The service guarantees to supply and install a file server, 10 PCs and a laser printer at a company's premises within hours of the request. It also offers customers the benefits of a technology refresh, replacing or upgrading desktop PCs every three to four months. The customer is later given the option to buy the equipment at cost.
Dignam says: 'We recognised that many small companies have a need for an affordable disaster recovery or IT continuity service in the event of a disaster or act of God. There is no reason why this type of service cannot be delivered through resellers. There is a market for small companies that are looking for a service-level agreement contract which involves no more than providing a company with a deliver and drop service for replacement hardware.'
However, while all companies may want to protect their systems, resellers must think long and hard about what they are getting into before making any commitment, warns John Moe, systems integration business manager at Cotec Computing Services, consultancy and disaster recovery specialist.
Although the sector might seem attractive, there are a number of pitfalls for resellers.
'A disaster recovery facility is not just replacing the hardware and restoring the customer's backups,' Moe says. 'In many cases, the configurations of the live systems are difficult to replicate exactly - think of the differences in hardware, Bios levels, network devices, internet access, operating system and application software levels, disk formats and names, serial numbers and so on. Can this be exactly reproduced in the time window agreed with the customer - typically 24 hours?'
And if things do go wrong, the service supplier could be placed in a difficult position. 'Although a customer may not be able to easily quantify the cost to its business of a huge disaster, it will almost certainly sue a business recovery provider that fails to deliver a full working alternative service if recovery does not take place speedily. There are significant contractual obligations that resellers need to understand so that they can carry out a proper risk assessment of the opportunity.'
The main problem with business recovery situations is the poor quality of standard backup procedures, resulting in incomplete or unusable backups.
These procedures are rarely tested and it's the recovery specialist that would be blamed for any problems. Resellers must define the minimum standards for backup procedures and storage of the backup media.
Proving that you can do the job can be a massive task in itself, says Michelle Reid, account manager at Telehouse Europe, a City disaster recovery specialist in the Docklands. 'Services need to be checked, diverse routes verified, staff vetted and information services contracted to verify that the site is able to distribute data. The only real measure is a full disaster recovery test.'
Moe says it is always better for resellers to look for a partner with specialist disaster recovery skills, 'to bring on board the expertise to prevent the customer's disaster becoming the reseller's'.
One example is Computacenter, which works with Guardian IT to provide cover for a government GCAT contract. Computacenter does not sell disaster recovery as a service, although it used to have partnerships with Comdisco and Safetynet.
Phil Williams, head of corporate marketing at Computacenter, says that aside from the investment required, there is not enough demand for the service. 'It's a very latent market. Most corporates have not realised the risks. It has the potential to become huge but needs unlocking - customers need to be more aware of the issues. To provide the level of continuity and backup that the customer needs is also very difficult. The investment costs are huge.'
Dignam says there is a limit to what resellers can realistically offer their customers: 'Business continuity is more than just a deliverable disaster recovery service that can be bought off the shelf. It is a management philosophy, some key elements of which can be provided by a supplier.'
He adds: 'It is unlikely that a Var would get involved in supplying true business continuity or disaster recovery systems on a large scale, due to the investment involved in the replacement hardware and the expertise required to define viable service-level agreements, appropriate recovery facilities and risk-related consultancy.'
However, resellers could still find themselves drawn into the market if they work with companies that depend on their systems, says Mark Byatt, marketing director at Morse. 'We are seeing business contingency becoming an audit issue. Companies wanting to get their accounts signed off are asked to show that they have adequate protection.'
Morse has not invested in setting up full-blown disaster recovery facilities itself - it also works with Guardian. 'We provide the clustering and backup technology and Guardian provides the site cover,' Byatt says. 'Guardian is fully equipped and understands business contingency planning, whereas we know how to build reliable and resilient computer systems that span those locations.'
Networking expertise and knowledge of fault tolerance and resilience could give a reseller the ability to participate in providing at least part of the contingency systems for a company. Morse has run a special systems resilience team for more than two years, so it has a fairly high-profile ability to provide this kind of involvement with customers, says Byatt.
Like Computacenter, Morse realises that providing a full service would involve massive investment, so it makes sense to partner with companies that already have the resource, expertise and experience. Synstar, for example, has considerable resources and investment behind it.
Synstar, which also provides support services, was formed through an MBO of the computer services division of Granada in 1997. It floated on the London Stock Exchange this March. Like most disaster recovery specialist firms, it runs a network of recovery centres throughout the UK and Europe.
The centres are empty most of the time, lying in wait for disasters to happen. They are expensive to set up and run because they have to be equipped with all the cabling, connectors, desks, power supplies and phone lines that any of their subscribing customers might need in the event of a disaster striking.
Ultimately, says Reid, disaster recovery is a form of insurance. As with any other insurance policy, customers can pay for basic cover or for a number of additional policies, ready to be used in the event of an emergency.
'The identification of risk is essential to the disaster recovery process.
Risks also need to be prioritised - some might expose a company to a degree of financial loss, others may fatally damage an organisation,' she says.
Disaster recovery is not always outrageously expensive. Different companies offer differing levels of services, but contracts can cost anything from £3,000 a year - which will get you about 10 PC stations in a recovery centre - to more than £1 million for the biggest, most critical environments.
Most contracts fall into the £20,000 to £50,000 range, but that's just for the provision of a recovery service. It doesn't include any of the costs associated with risk assessment, testing and quality control, or setting up a plan in the first place.
Even when specialist help is enlisted, planning is not that expensive.
The experts can run most assessments within a normal working week and draw up a plan within two weeks. Consultancy fees are not dissimilar to normal technical or engineering fees - about £500 a day - so the overall set-up cost need not be more than about £10,000.
However, this may sound like a lot of money to companies that have little exposure to risk or for whom the loss of the IT system would not prove fatal in the first few hours. For them, the installation of power protection on key systems, the strict use of backup and recovery software - perhaps with off-site storage - fault tolerant systems, Raid storage and perhaps even hierarchical storage management and intelligent back-up software can all offer a degree of protection from failure and data loss. In addition, anti-virus software and security packages will also protect systems from harm.
While the use of these technologies is not strictly disaster recovery, for many smaller and medium-sized businesses they will provide an adequate level of protection and, used properly, avoid most potential disasters.
In the end, it all comes down to common sense.
DISASTER IS A SEASONAL BUSINESS
According to Safetynet, it is fairly easy to predict when a disaster is likely to occur. Bank holidays, especially during the summer months, are a favourite time for users to upgrade systems, making them vulnerable.
In addition, during July and August, staffing levels are lower because many people are on holiday and there is more chance of potential problems not being picked up before they develop into difficult situations.
However, winter is when most disasters are declared.
They may be related to office closures during Christmas or due to a lack of care being taken during the build-up to the Christmas season. And, of course, floods and other environment-related incidents are more likely during winter.
Most invocations are not made as a result of natural disasters, fires or floods, but because of hardware and software failures. In the past 14 years, Safetynet has handled 170 disasters, but it claims to have averted 1,375 others. The company says problems are avoided by placing the disaster recovery firm on standby when upgrades are being carried out or special projects are undertaken, so the supplier is on hand to advise and offer support during the danger period.
TIPS FOR PROTECTING LANS
What can dealers without dedicated disaster recovery services do for their customers?
- Ensure password protection procedures are in place
- Ensure anti-virus software is installed on all boxes
- Establish enforceable virus protection methods
- Ensure client destroys unwanted output - paper, tape and disk
- Establish procedure for daily backup Carry out off-site storage practices
- Ensure client restricts access to communications rooms
- Lock machinery cases to help prevent PC chip theft
- Audit flow of data
- Use dial-back for dialup communications links
WHO ARE VENDORS GOING TO CALL?
According to Compaq, the market for business continuity services in the UK is worth in excess of £4 billion. Not surprisingly, IBM, Compaq and Hewlett Packard have placed considerable resources in disaster recovery services and made the right noises about resellers getting involved. But the reality of this market is that unless resellers are prepared to make a massive investment, there is a limit to what they can do.
Both HP and Compaq have partnerships with recovery specialist Safetynet, but Safetynet itself does not seem to have a clear policy of working with resellers. Most disaster recovery firms, it seems, prefer to work more or less alone and the deals with vendors seem to be a way of referring business to the partner.
The deal with Compaq is specific to the City of London. The idea is that Compaq provides an assurance that faulty components are replaced, free of charge, in the event of a disaster, and Safetynet provides a duplicated facility nearby to cover a total shutdown.
Graham Gardiner, business continuity general manager at Compaq, says these are services that many companies find difficult to provide internally.
'They struggle with both the cost and the headache of keeping technology synchronised at two sites, together with the distraction this creates for their IT department.
'By effectively managing technology refresh cycles and enabling customers to focus their IT staff on core activities, a company can expect to reduce the cost of ensuring dealing rooms are fully operational during disaster failure, or system failure, by 20 per cent.'