The First Step to Successfully Protecting Information in Distributed Computing Environments

By Roger W. Farnsworth

Information is increasingly recognized as a critical business asset. The protection of information used in today’s corporate environment, either through the use of access control processes or secure storage solutions, has increased in visibility and is becoming a real challenge to information systems managers.
In the past, critical business applications lived in the glass house data center. Sophisticated protection schemes evolved to insure the viability of this important information. Today’s fast paced world of client server computing is driving ever increasing amounts of data processing outside of the glass house; however, the information on distributed systems is no less critical to the organization than that in the data center.
Preparation for the recovery of client server systems should receive the same amount of attention that the recovery of core mainframe business applications has traditionally received - perhaps more, since the task of protecting a distributed computing environment is much more difficult. The geographic dispersion of end users and the anarchistic tendencies of LAN administrators make a disaster recovery plan you design for a distributed environment a nightmare to implement and test.
In order to protect the visibility of any computing environment you must successfully backup and store the information in use in the environment. At the very least, every organization should have a well thought out, documented plan for the backup and storage of all information critical to the health of the company.

The Information Inventory

The first step towards addressing the data protection problem facing your organization is to perform a comprehensive inventory of the systems, applications, and information in use across the enterprise. Don’t underestimate the difficulty presented by this task. It is probable that no single person in your organization can even identify the number and type of network servers and workstations used by your company, let alone the applications and data present on these platforms.
The type of inventory I recommend can be done either internally or by a consultant or company specializing in data backup and protection. Keep in mind that your goal is to create a living document that summarizes the contents of your data processing operations. Periodic update and review of this document will help you plan for the protection of your growing information assets.
Whether you hire a consultant that specializes in this type of project or decide to perform the inventory yourself; you will need to enlist the help of department managers and special software tools in order to be successful. Individual department managers will have the insight necessary to speed the process and make the information more complete. And LAN management tools can help you determine the number and identity of application users and also special attributes of the user files.

Types of Servers and Workstations

First make a list of all servers and workstations in use across the enterprise. The list should include the type of processor and location of the device, the workgroup that uses it, the primary operating system and any network connections. In addition, make sure to note the capacity of the hard drive.
Next, make up a data inventory sheet for each system you have identified. Include entries for each of the items listed above. The inventory sheet could look like Figure A, or you could customize one to meet your individual needs. Each sheet, once completely filled out, will be placed in a master binder with all of the others. This binder will become the focus of your efforts to insure the protection of critical information.
The data inventory sheet should include entries such as: actual disk usage, file systems supported, current backup strategy, current backup time, projected annual growth, network connections, protocols supported, and other information you consider relevant.

Types of Data and Applications

Once the preliminary inventory is complete and you’ve identified the number and type of systems that are involved, use the resulting sheets to gather specific information about the applications and user data that must be backed up. The information gathered during this phase will help you later devise and implement the proper backup strategy for the enterprise.
Your backup plans need to address the different types of information that are in use in the business. Each system you have identified may have several different kinds of data that will need to be backed up. Dissimilar types of data might be addressed in different ways. A few examples of these data types are: application programs which rarely change, periodically updated user files which change regularly but infrequently, and dynamic databases which are constantly changing.
As a further consideration, availability requirements of the data as well as its degree of importance to the business recovery process might influence the way the data is backed up and stored. Use additional informational fields on the inventory pages to gather these attributes. Again, refer to Figure A for suggested entries.

Special Considerations

When gathering the specific characteristics of the workstations and servers, look closely for three particular types of applications because of their unique protection requirements. These applications are: shared individual applications, groupware applications and relational databases. Each of these have issues which will need to be understood, documented and planned for.
Shared individual applications are networked applications which are available to many users, but accessed by individual users. Examples might be server based word processors or spreadsheet applications. When planning for the backup of these programs it is important to remember that while the user files change often, the application programs rarely change. After a disaster, there may be a need to recover a specific version of a user’s output file. Identifying the location and volatility of these user files will help you plan for their adequate protection. While the application programs rarely change, and thus need not be backed up every week, some provision must be made to address them when they do change, for example after a software version upgrade.
Groupware applications share not only the application files but also some data fields as well. Scheduling, calendar and some electronic mail applications fall into this category. The successful restoration of the groupware application may require that the individual user connections be reestablished. Because of this, the backup records may need to include the administrative moves, adds and changes that are performed. Be sure to document this up front.
Database applications have their own set of problems for the backup manager. Identifying the size of the data files, the maker of the database software and the volatility of the database is critical. Another factor to document is the availability requirement for the database application. If there are particular hours during which the application can be shut down and backed up, the backup manager will need to be aware of this.
Something else to consider is the source of the data itself. Some database applications are populated from a separate source such as a mainframe application. Documenting links such as these will help you prepare for the protection of not only the database but also the reestablishment of any required connections to critical sources of data.
If an application or data set has special attributes or special handling instructions that will effect its treatment, be sure to note these on the inventory forms. Examples of these special categories would be unusual security restrictions, lengthy data retention requirements or accessibility requirements. Again, identifying these issues up front ensures the proper preparations can be made when implementing a backup plan.

Summary

The protection of data processing information in today’s distributed computing environments is a daunting task. This information is often critical to the health of the business, and precautions must be taken to insure that the business can recover from unexpected outages. The first step towards protecting the data is a comprehensive inventory of all servers, workstations, applications and user data throughout the enterprise.
Once a comprehensive study of this type is completed, various backup and storage strategies can be evaluated in order to determine which strategy best fits the needs of your business. All of the variables can be weighed against the different types of backup products, management tools and offsite storage solutions.
Remember, your disaster recovery plan is only as good as the information upon which your assumptions, risk analysis and business impact analysis are based. Without a comprehensive information inventory you might be missing some important pieces of the business recovery puzzle.

Roger W. Farnsworth is a National Programs Manager with Network Systems Corporation, in San Ramon, Calif. This article was submitted by Barbara Dicken of the Disaster Recovery Journal Editorial Advisory Board.

Disaster Recovery Worldİ 1999, and Disaster Recovery Journalİ 1999, are copyrighted by Systems Support, Inc. All rights reserved. Reproduction in whole or part is prohibited without the express written permission form Systems Support, Inc.