Arjuna Kodisinghe - stock.adobe.
6 disaster recovery site requirements for businesses
Building a disaster recovery site provides organizations with a high degree of control over the facility. It also makes them responsible for several critical requirements.
In the age of cloud, physical disaster recovery sites might have taken a back seat, but they are far from obsolete.
In the past two decades, cloud technology has become a key alternate resource for traditional DR sites. However, many organizations still opt to use a physical site for recovery, constructing a corporate disaster recovery site specific to their needs and staffed by their own DR personnel.
Disaster recovery site requirements can be complex, but having a site run by the business provides unmatched control over recovery and data protection.
Below are six disaster recovery site requirements to consider: site design, location, power, heating and cooling, physical security, and raised data center floors. There is a mix of operational and financial needs involved, so the decision to build a physical site should be made with input from internal IT and DR personnel as well as upper management.
Disaster recovery personnel differ by organization. While some businesses have a designated DR team, in smaller organizations DR is often the responsibility of IT staff. For the sake of simplicity, this article will refer to any staff who work with technology disaster recovery operations as DR teams.
1. Suitable site design
Before building a DR site, DR teams must determine what its function will be. For example, is the business going to use the site to back up all data and systems for an emergency? Or just a mission-critical subset of the resources the business needs to maintain continuity of operations?
Next, DR teams must determine the recovery metrics. Recovery time objective, or RTO, denotes how long IT resources can be disrupted before the business starts seeing financial or reputational impact. Recovery point objective, or RPO, indicates how long the business can use data before it ages and becomes out of date.
Senior management will likely have to approve any proposals from DR teams on the function and metrics for the site, so communication between the two parties while determining these factors is critical. Once they have reached an agreement, the organization can decide which to use among three types of DR site: hot, warm and cold.
The most expensive option is a hot site, which effectively mirrors an organization's main data center in terms of processing, hardware and software, network services, HVAC, power systems, storage systems, floor space to locate equipment racks, work areas for staff, meeting areas and room for storage cabinets. In short, a hot site has everything needed to rapidly recover and resume operations.
By contrast, a warm site often has the minimum configuration of resources sufficient for specific needs, such as recovery of mission-critical systems. This might result in smaller physical space requirements, but there will still be costs for internal resources, installation and testing.
A cold site is primarily a physical location that has power and telecommunications, but is largely empty until an organization needs to run a recovery out of it. Bringing it into service will require time for the organization to obtain and ship the necessary resources, as well as install and test them. Cold sites are the least costly option, but might not be appropriate in a serious event that necessitates rapid recovery and resumption of the business.
2. Location
The location of a disaster recovery site must be a substantial distance away from the primary site so that a single event, such as a natural disaster, does not affect both locations. If the site requires staff on-site quickly after an incident, the distance should be close enough for employees to reach within a time frame defined by the organization's disaster recovery plan. When choosing the location, factor in traffic and other potential delays. Avoid risks such as flood zones, freight rail tracks and interstate highways that transfer hazardous materials. A risk assessment of potential site locations can help rule out unsuitable areas.
3. Power
Power is an essential disaster recovery site requirement. DR teams should determine the hardware configuration the site will require, along with supporting equipment. To configure hardware, DR teams should determine which applications and supporting hardware they will need to maintain the desired level of operation.
After determining the proper hardware configuration, DR teams should consider preparing an estimate for potential growth. Retain an electrical professional to compute the initial and potential power load requirements. This load estimation will help determine what size of uninterruptible power supply the business needs to back up the site. A UPS is good to have, since it will provide a limited amount of power to keep the system working. If power is out for an extended period of time, the organization might need a larger UPS and possibly standalone generators to sustain a longer period of operation.
When dealing with larger fueled generators, sources of fuel must be available, especially in an emergency. The generator's fuel storage tank should be accessible in all types of weather. Lastly, in addition to ensuring that secure commercial power feeds into the site, it should not be on the same electric grid as the primary data center.
4. Heating and cooling
DR sites need heating and cooling. Today's servers are much more tolerant of temperature swings, but the heat they generate can create hot and cold spots that must be managed using air circulation systems. The DR site's overall HVAC configuration must be able to handle expected and potential operating environments.
5. Physical security
Businesses must ensure they prevent unauthorized access to a DR site. This means entrances, exits and even garages must have mechanisms to control access and generate alarms when access is compromised. This can include door locks, access control using proximity cards or biometric readers, CCTV and motion detectors. Some organizations might use a third-party security firm to monitor the site and track who enters and leaves the facility.
6. Raised floors
Data centers and DR sites typically have a lot of cabling and wiring that is in underfloor spaces, covered by raised flooring tiles. For underfloor wiring, businesses should install water monitors to detect leaks. Depending on how HVAC systems are configured, some businesses might also install air vents to circulate air under the raised floors. This can help keep equipment aisles at a proper temperature and reduce the likelihood of hot spots in aisles.
Paul Kirvan is an independent consultant, IT auditor, technical writer, editor and educator. He has more than 25 years of experience in business continuity, disaster recovery, security, enterprise risk management, telecom and IT auditing.
