Spring World 2018

Conference & Exhibit

Attend The #1 BC/DR Event!

Fall Journal

Volume 30, Issue 3

Full Contents Now Available!

Determining the best form of alternative processing for your data center, should it become incapacitated, is a difficult task and, it is never completed. The conditions that influenced yesterday’s alternative processing decision have changed! Is that change sufficient to cause the alternative processing question to be reevaluated? YES!

The first and most important aspect of making the alternative processing decision is that it must be fully documented. Ideally, in some form of a matrix that provides values to each of the factors considered. Then, as new factors are added or the value of original factors require adjustment, it is a smoother (and swifter) process to measure the impact of those changes upon the current strategies.

What ever method you currently utilize or choose to employ, you must be prepared to reevaluate. Many feel that either Hot or Captive sites (see Table 1, Definitions) are the pinnacle. This simply is not the case. While they are the most responsive, several companies have switched from one to the other. Additional organizations have downsized their needs by shifting less critical and non-critical workloads to less responsive (and less costly) alternative processing methods.

Do reciprocal agreements work? The answer to this question is a definite yes--maybe! To see if they will work for you, first ask yourself the bigger question--what do you mean by “work”?

In my conversations with people in a variety of business endeavors, one of the most frequent responses I hear is “We’ve got a reciprocal agreement with another (bank, savings and loan, credit union, business, etc.), we’ve tested it, it works, and it satisfies the regulators, so we’re not interested in a formal disaster recovery or hot-site contract.”

On the other hand, I sometimes hear this response: “Yes, we have a reciprocal agreement but we know that ultimately, it is not our best option for alternative backup.”

The most common method of “testing” in the reciprocal agreement world appears to be transporting a tape(s) to the reciprocal site after hours, loading the database tapes onto the other computer, and determining if they can be read. If so, the “test” is declared a success and recorded as such to “prove” to the regulators that compliance has been achieved. This is a relatively easy and definitely inexpensive answer to the disaster recovery quandary. The harsh reality of this arrangement is that the disaster recovery plan is worth nothing more than an attempt to satisfy regulators and convince ourselves that we do have a plan.

There is a wide variety of companies and software programs providing disaster recovery solutions with a wide range of features and costs. Whatever option a firm chooses, it needs to take into consideration such factors as data communications, personnel, equipment replacement, facility repair or replacement, etc.

If I were a party to a reciprocal agreement and had the privilege of “hosting” my reciprocal partner, I can imagine many uncomfortable feelings that would arise. The idea of having two or three unknown people in my computer facility from eight o’clock in the evening until three in the morning would be very unsettling. And because I would have one of my own people there during that time to assuage my uneasiness, I would have to work shorthanded.

Each night my database of customer files, parameters, and system software would need to be unloaded and reloaded. The additional time required to do this is significant but relatively minor compared to the possibility of something going wrong during the load/unload process. I must back up ALL of my software and files daily to be completely covered.

Another point of vulnerability in a reciprocal agreement is the possibility of my reciprocal partner upgrading his hardware or software, going to another hardware or software vendor, merging with another institution and changing to the acquirer’s system, or even going out of business. If any of this comes to pass, I have to go find another partner and conduct another “test.”

Imagine that I am using the computer during the day and my partner is using it at night. If we have an equipment breakdown, we are both going to be in a very difficult situation. Under normal circumstances, I may be able to work around such a breakdown if an engineer can’t respond quickly. However, with two firms on the system for twenty hours a day, a routine breakdown becomes a crisis. Operating for these extra hours may bring about more equipment failures.  Each partner in a reciprocal agreement will incur some significant costs in the event of a disaster. These include overtime for your staff who sits up with the reciprocating organization, extra personnel costs to cover for those not available because of night work, additional maintenance costs from your hardware vendor because of after-hours operation, and additional utility costs for air conditioning, light, heat, and power.

I can easily envision the disaster situation causing a lot of frayed nerves and short tempers among the staffs of the reciprocal partners as time goes on. Conflicts over time windows, supplies usage, equipment breakdowns, or simply general resentment can all begin to wear as days stretch into weeks.

A disaster recovery center or hot-site location should be able to assist you in avoiding these drawbacks found in a reciprocal agreement. With the possible exception of a multiple disaster, you should have the equipment and facility to yourself. This fact alone should eliminate a great deal of the problems found with the sharing aspect of reciprocal agreements. In some cases, the disaster recovery center may provide assistance by having personnel available to load tapes, change printer paper, etc. This would allow you to operate the disaster recovery center computer remotely from your home city and keep your key data processing personnel at home to help rebuild your data center. This would be very difficult, if not impossible, for a reciprocal partner to provide.

Inexpensive reciprocal agreements are a poor alternative to a dedicated disaster recovery center. As long as the partners are aware of the risks and limitations to such an agreement, they can get by. However, if their goal is a truly effective disaster recovery plan, they need to go further.

It is clearly becoming the trend that regulators and insurance companies are going to demand more from companies. It may very well be that insurance carriers will soon insist on having disaster recovery plans on file in order to obtain business continuation coverage. Regulators will also probably insist on a more significant test than the mere process of reading a tape. Disaster recovery planning is easily pushed down to a low priority when the day to day deadlines draw nigh, but don’t ever believe it will go away!

Richard Snyder is the Director of Marketing at Oklahoma Hotsite, Inc.

This article adapted from Vol. 3 No. 4, p. 54.

The concept of disaster recovery, clearly a topic coming to the forefront of critical issues for enlightened management, is nonetheless a fairly recent phenomenon. As a result, its place in assuring a company’s continued health is often misunderstood. A good example of this misunderstanding is the frequent comparison of hot-sites to insurance policies. While a hot-site subscription is a form of risk management, for many reasons it is not merely an insurance policy. Among the reasons are:

  • Insurance policies are largely passive in nature; hot-site subscriptions are proactive.
  • Insurance policies are fundamentally actuarially-based and function by paying covered losses; hot-site subscriptions have, by definition, a business continuation orientation.
  • Insurance policies may be able to compensate for management’s personal liability exposure/losses, while hot-site participation has, to date, allowed management to avoid the personal liability issue.

Business Continuity is the underlying objective of all Contingency Plans; however, the requirements for Business Continuity vary by application within an organization, as well as from company to company.

Solutions employing electronic technology range from immediate synchronized recovery of “most critical” applications to recovery of “less critical” applications in days or weeks. In all cases, data integrity is the first and foremost concern.

It has long been recognized that recovery begins with corporate data. For most organizations, the vital records program has three key components:

  • Archive Data
  • Operational Data
  • Transaction Data

Off-site tapes provide a basis for recovery to some prior point in time by providing access to Archive and Operational data. On-site transaction “Journals” or “Logs” provide protection in the event of system or disk failure at the primary processing site. Neither, however, provides for the protection of daily transactions in the event of a serious facility outage.

Solutions are being implemented today which employ communications and systems technology to provide data integrity and reduced recovery time.

ELECTRONIC VAULTING, the bulk transfer of backup data over communications facilities, can simplify the backup process and provide more timely offsite “Operational” data protection. This process can be facilitated with a “host-to-host” or “channel extension” connection and typically serves to reduce, but not eliminate the exposure to loss of data.

REMOTE JOURNALING delivers realtime data integrity by capturing and transmitting the Journal and Transaction Log data offsite as it is created. This solution utilizes a software product known as ENET1,which interacts with standard database journal and logging facilities in IMS, CICS, IDMS, CPCS and other DBMSs. Just prior to the writing of the Journal, ENET, utilizing a user exit and Cross Memory Services, copies the Journal record into its own address space and immediately lets the Journal “write” continue. ENET then transmits the Journal data offsite using SNA as a standard VTAM Application. This technique requires a “host-to-host” communications link.

In addition to being the only realtime data protection product available today, Remote Journaling provides the basis for the use of In-place “Forward Recovery” procedures for recovery of Database Shadowing. Additionally, there are no application changes and minimal communications requirements involved with the use of this technology.
Used in conjunction with traditional alternate site recovery programs, Remote Journaling enables a customer to validate the complete recovery process including “Transaction” data recovery without disrupting the user community.

For some companies, data integrity is only the tip of the iceberg. Their requirements include recovery of “most critical” applications in hours or even minutes. Even so, these applications represent a relatively small percentage of the total recovery requirement.

An integrated solution is required to maintain price/performance of the recovery program and adds to the equation:

DATABASE SHADOWING, which reduces recovery time by staging the database restore and roll-forward process, enabling recovery within hours.
STANDBY SERVICES, which provide recovery of most critical applications in a matter of minutes and GUARANTEED access to an alternate processor.

There are two key elements in all cases: all of the Operational and Transaction data is available, and the solutions are integrated into the hot site recovery capability. The Continuous Availability Services enhance and refine the typical disaster recovery process by adding flexibility, data integrity and reduced recovery time to subscribers.

As the business world advances the use of technology for competitive advantage, traditional disaster recovery programs will have to evolve to keep pace. While faster recovery times and automated off-site backup are tempting targets for disaster recovery program enhancements, backup of transaction data represents the biggest exposure for most companies.

David Nolan is the Assistant Vice President of Marketing and Sales at Comdisco Computing Services Corporation.

This article adapted from Vol. 3 No. 3, p. 19.

The evaluation of hot-site backup processing locations, processing and contract terms and conditions is perhaps one of the most crucial aspects of completing a Disaster Recovery plan. Hot-site evaluation and selection often suffers the lowest priority of any of the contingency planning efforts.

Many individuals, groups or teams have spent countless hours identifying the crucial processing requirements of your company. All critical files and programs have been identified and documented. Fail-safe techniques have been implemented. Off site storage of critical files backup have been contracted and utilized. There remains one major task to complete the contingency plan: the selection of an appropriate place to process data and carry on the company business in the event of a major interruption or disaster. This effort may determine the corporate viability (survival) of your company.