Every person who has ever been responsible for backing up data has had to ask themselves the same basic questions. They need to know what data has to be backed up, how frequently it changes, where to store the backups, and how quickly the data will have to be restored in case of disaster. The answers to these questions in a large way determine the media used to back up the data and the ultimate storage location for the backup. It seems that every day we read about a hurricane, fire, flood, or other disaster. Couple the natural disasters with the need for 24x7 availability and increasing government regulation and it's easy to understand why the disaster recovery plans of an organization are coming under scrutiny. For years the general pattern was to back up data to tape and store those tapes onsite in a vault or offsite in a secure location. But several recent developments have started people looking at other alternatives.

 Many organizations still prefer tape for long-term data storage. It's especially attractive for data that's unlikely to change and lack of instant access isn't a problem. On the other hand, with the increasing capacity of disk drives and the reduced cost per megabyte for storage backing up to disk makes sense for data that has to be available relatively quickly. This article will look at mirroring some of your most important data to mitigate the effects of a disaster.

Continuance of Operations (COOP)
When disaster strikes the priority is always to get the company "up and running" as quickly as possible. Hopefully you've done your homework beforehand and know what data has to be available for work to continue. The data to be restored can be broken into three tiers: tier-one data is the most important, tier-two data supports tier-one data and makes your operations run smoother, tier-three data is the data that can be restored later. (See Figure 1.) While each business has to decide what data must be available for work to continue, tier-one data will almost always include customer-facing data. This might be data used in a product catalog, user login information, or data used by your order-receiving systems. Tier-two data has to be restored quickly but won't stop your business from making money. Tier-two data might include an inventory control system, Web site personalization data, customer order histories, or accounting information. Finally, tier-three data is data that can be restored later. Tier-three data might include data warehouses, historical data, or reporting data.

For years databases have used mirroring and clustering schemas to reduce or eliminate the time it takes to get data from a more durable media like tape. By applying some of the same concepts you can ensure that operations stay up and minimize the time needed to restore from backup by mirroring tier-one data. In the event of a disaster you have to apply any completed updates to the mirror location and then redirect applications to retrieve their data from the backup location to continue working immediately.

What to Back Up
People say that "disk space is cheap," but it's not free. As you look at the data that you want to mirror you have to prioritize. You want to ensure that the data that's mirrored is the data that's essential for your business to keep on making money. It should be the first data that's restored in your disaster recovery plan. Other supporting data can be restored later. This is your tier-one data and, as mentioned, will probably include data that customers need to order products as well as data that's essential to the company's core competency.

To ensure that the proper data is mirrored and ready for a disaster, a company's IT and business people have to identify what processes are most critical. They should then identify the data that's used in those processes. The applications should be looked at carefully to see if they could work with only partial data. Most applications aren't designed to work with only partial data, but given the increasing number of apps that support occasional network connections and services that retrieve data you might be able to begin using an application before all of the data stores that it relies on are fully restored. Once you know all of the business factors and the data dependencies of your most critical applications you can prioritize the data and come up with a plan for switching over to a mirrored data source or restoring from backup to kick start operations quickly. The plan should be reviewed periodically and any time there's a major change in the business, such as launching a new product line, a merger, or acquisition, or when the business experiences significant growth. You can also use the insight that you've gained into the interdependency of your data to drive development so new applications work well in your recovery plan.

Where to Back Up
Once you've decided what should be mirrored to another site you'll need to decide where that site should be. Obviously the primary and mirror sites should be far enough away from each other that they wouldn't be affected by a single disaster. By separating the sites geographically, you'll also ensure that they're on different power grids. And you need to consider staffing requirements. You'll want to be sure that someone will be there to make sure the mirror site is up and running when you need it. The sites can't logically linked either. The networks and other infrastructure should be able to operate independent of each other.

One other consideration is that the infrastructure be able to handle the expected volume of data. Since very few businesses will have the luxury of maintaining a complete data center strictly for disaster recovery it's likely that your backup site will be the primary site for some data. In the event of disaster at one of the sites, the other one will be the primary site for both sets of data. And as the data center gets used for more and more activities, you'll need to review it periodically and see if there's enough network capacity, storage space, and sufficient cooling to handle both the normal workload and any disaster-created spike in activity at the other site.

It might be easy for large organizations with multiple data centers to pick a pair of data centers that mirror each other's data. Smaller organizations geographically limited to one location or that have only one data center have to be creative in finding a partner to provide an off-site location for their data. By partnering with a company in another location you could store your backup data at their place and they could store their data with you. This would give each company a backup location without the cost of building a new data center. Figure 2 shows a typical arrangement with two sites, each mirroring some of the other's data.

Securing Your Backup Data
Regardless of whether you use a company-owned data center or a trusted partner, you should think about the security of your data. Having that much critical data in one place could be a tempting target for hackers or disgruntled employees. It's also easy to forget about monitoring or securing mirrored data. One way to safeguard the data is to encrypt it on a disk. You'll have to have a PKI infrastructure in place and add the recovery of encryption keys to your disaster plan. Another consideration when deciding whether to encrypt the data on disk is your applications. Most applications can't read encrypted data from disk and use it. You'll need a way to encrypt and decrypt data at the disk or network level so the application doesn't know the data was encrypted.

Other Considerations
As you look at what data you'd like to mirror to a remote location you should consider other technologies that would allow it to be available in the event of a disaster. For some of your data, caching it for a long time might let you keep it available in the event of a disaster and improve the performance of your application. The data that's a good candidate for caching changes infrequently and aren't specific to the person or application accessing it. A product catalog or list of services might be apt for caching for relatively long periods of time.

Throughout this article I've assumed that your tier-one data won't change while you're reading it. If the data could change you'll have to have a plan in place to ensure the changes are reflected in the primary site when you switch back to it.

Conclusion
With some planning you can set up a site for continuance of operations that will store the data most critical for you to function. In a catastrophe you can fall back on a mirrored data and ensure that your business appears to be functioning to the outside world while you buy yourself some time to restore data from your regular backup.