One of the least considered benefits of cloud computing in the average small or mid-sized business manager’s mind is the aspect of disaster recovery. Part of the reason for this is that so few small and mid-size businesses have ever contemplated the impact of a major disaster on their IT infrastructure, let alone built a comprehensive disaster recovery plan.
An IT infrastructure disaster can be a nightmare for any organization. The downtime, data loss, and potential damage to your reputation can be catastrophic. However, with the right approach, it is possible to overcome such a disaster. Here are some tips:
- Have a disaster recovery plan in place: This should include a backup strategy, disaster recovery testing, and a business continuity plan.
- Prioritize critical systems: Identify the most critical systems and prioritize their recovery.
- Communicate with stakeholders: Keep all stakeholders informed of the situation and progress made towards recovery.
- Address the root cause: Once the immediate crisis is over, address the root cause of the disaster to prevent it from happening again.
- Learn from the experience: Conduct a post-mortem to learn from the experience and improve your disaster recovery plan.
The good news is that with the technologies available to you today and the significantly lower costs associated with implementing those technologies, disaster recovery and disaster planning are much easier. At Acumatica, the systems that host our customers’ data in our software-as-a-service (SaaS) deployment and licensing model are hosted in the cloud and have regular snapshot backups and sit on fault-tolerant servers with redundant power, network infrastructure and storage systems in bomb-proof, earthquake-proof, physically secure, flood-proof, and fire-proof environments. All this protection is provided at a fraction of what it would cost for a customer to provision and deploy those solutions.
But even if you have chosen to deploy critical systems such as your enterprise resource planning (ERP) software and data in such an environment, there are still other components that you need to consider. For example, how do you manage all your document storage, security infrastructure, and access control, such as the systems provided in your on-premise server deployment?
Stop for a second and consider what would happen if you lost access to all your correspondence with customers and suppliers — not just the financial data but all the letters, emails, and general information that gets exchanged in the course of day to day transacting.
Imagine if someone decided to maliciously damage a server, either physically or via some kind of computer-based mechanism. How long would the business be out of action, and what would be the cost in terms of lost business and also reputational damage? That’s one thing that can take years to recover from, and for many small businesses it can be insurmountable.
So how do you start to plan for this, and what do you need to consider? The first two areas are your recovery time objective, or RTO, and your recovery point objective, or RPO. These are two new three-letter acronyms for you to learn and impress people with at parties.
The recovery time objective is the amount of time and the service level to which a business process must be restored after a disaster (or disruption) to avoid unacceptable consequences associated with a break in business operations. As an example, if a disaster occurs at 10:00 a.m. and the RTO is 8 hours, the DR process would ensure recovery to the acceptable service level by 6:00 p.m.
The recovery point objective is the acceptable amount of data loss measured in time. For example, if the RPO was two hours, after the system was recovered, it would contain all data up to a point in time that is prior to 8:00 a.m. because the disaster occurred at 10:00 a.m.
You need to decide an acceptable RTO and RPO based on the financial impact to the business when your systems are out of commission and plan accordingly. And not just plan accordingly but budget accordingly on what you are willing to spend to achieve that recovery time objective.
To build a truly fault-tolerant system you need to think about the following:
- Facilities to house the required infrastructure, including redundant power and cooling
- Security to ensure the physical protection of assets from fire, theft, flood, or malicious attack
- Suitable capacity to scale the environment to effectively replicate your systems to an acceptable service level
- Support for repairing, replacing, and refreshing the infrastructure
- Agreements with one or more Internet Service Providers (ISPs) to provide redundant Internet connectivity that can sustain bandwidth utilization for the environment under the expected load
- Network infrastructure such as firewalls, routers, switches, and load balancers
- Enough server capacity to run the business-critical services, including storage, for the supporting data and servers to run the core applications and network infrastructure services such as user authentication, Domain Name System (DNS), Dynamic Host Configuration Protocol (DHCP), monitoring, and alerting.
It’s enough to make your head spin. Of course with your data safely housed inside the Acumatica SaaS platforms, you won’t have to give those systems running your ERP software another thought, but it’s well worth thinking about the other mission-critical components of your business infrastructure, including your Internet infrastructure. In a SaaS environment, this can be as simple as ensuring you have a wireless 4G router to provide backup Internet service and a couple of Chromebooks in case you need to relocate your team to run the operations in the event of an emergency.
By Richard Duffy
Richard is a Cloud ERP Evangelist and VP Partner Strategy and Enablement at Acumatica. He has more than 20 years of experience in the ERP business, including SAP, Microsoft, and Dynamics GP.