The answer to the "how many" question is never simple. And yes, I am going to say it: "It depends." So what does it depend on? The number of data centers that you need for disaster recovery depends on two principal decisions that you must make.
The first decision applies to all IT organizations and is dependent upon the whole business completing a business impact analysis (BIA). The BIA will dictate the recovery time and point objectives that must be met for the business to survive a disaster. A commonly made mistake is that business units within the organization seek aggressive recovery objectives to avoid inconvenience to their daily job routines in the event of a disaster. The goal is not to avoid discomfort, but to ensure survival of the organization.
The second decision applies to those IT organizations that are predominantly e-commerce in nature, where they must ensure their Web services are available to all of their customer locales. The response
Establishing recovery time objectives
Let's look into each of these decisions in more detail. Recovery objectives will drive the decision for redundant data centers or opting to have a reservation at disaster recovery facility. Often time organizations in the manufacturing sector find that their recovery objectives do not require a hot or warm recovery data center with replicated critical data. In these cases they can work with a recovery provider for space to use for recovery in the event that their data center is destroyed. In these cases, recovery time objectives are usually greater than 72 hours. However, for IT organizations that have a BIA dictating more stringent recovery time and point objectives, the decision of how many data centers, and how far apart they should be comes into play.
Recovery point objectives determine facility locations
I've seen two general architectures for more stringent recovery needs. These are differentiated by the recovery point objectives for critical systems. For those that have a recovery point objective of zero (typically financial institutions), two hot data centers located within 100 km of each other for synchronous replication is a must. However there are regions of the world where 100 km is insufficient to protect against certain natural disasters such as hurricanes or typhoons. In these cases, the recovery objectives require defining a second level recovery time and point for these infrequent but widespread disasters. The most common solution has been to allocate a third asynchronously replicated data center that is located 2,000 km or greater away – well outside the path of a ravaging hurricane.
Some have determined that their region of service (their local customers) would be in as much turmoil from a regional disaster that they can rely on extra time involved in recovering from archive tapes to a leased facility. These data centers have more time because their clients are also recovering from the effects of the disaster. For those that do not have a recovery point objective of zero, two hot data centers, asynchronously replicated and located far enough from each other so as to not be effected by the same event is the best way to go. Typically this means that they are located more than 500 km apart.
The predominantly e-commerce focused business has the added requirement of ensuring that their data and services are close to their customers. This requires data centers in a given region to eliminate latency caused by distance and bandwidth demands. Remember the speed-of-light is a finite constant. The solution to this problem typically entails a pair of redundant data centers in each major region around the world; typically three pairs total with one pair in each of North America, Europe-MiddleEast-Africa, and Asia-Pacific. Smaller caching data centers are typically implemented in areas within a major region where latency becomes an issue due to traffic and bandwidth limitations.
Recovery time objectives and service access objectives are key
The bottom line to determining the right number of data centers for disaster recovery includes understanding the recovery objectives coupled with the service access objectives. This will dictate the number of data centers required.
The decision to own recovery facilities versus co-locating recovery facilities boils down to dollars and cents. Often IT organizations have multiple data centers available as a result of merger or acquisition. Many times, leveraging existing properties is less expensive than co-locating. However, the age of existing facilities or a lack of adequate facilities may make co-location the more attractive financial alternative. Regardless, the general trend in the industry has been towards shorter recovery objectives meaning that reservations for recovery centers have been giving way to hot disaster recovery centers.
Let us know what you think about this tip. Was it useful? Email Site Editor, Matt Stansberry.
This was first published in September 2008