Business Continuity, what does it really mean? Frankly, the term has been around forever, since the days the first PC landed and became essential to the health and performance of the business. In recent years, it has meant how companies ensure IT systems remain available and are often linked with Disaster Recovery — creating the acronym BCDR — something all IT pros will undoubtedly know and probably have some experience with over their career. However, in recent years, new terms have outshined good ole BCDR: High Availability, Always-on, Always-Available, Modern Data Protection, and Cloud Data Management, to name a few. While all these terms have different focuses and value propositions, they all pay homage to the OG, Business Continuity.
Importance of Business Continuity
So why am I writing about Business Continuity now? Well, in times of stress and uncertainty, we return to the things we know. The things that comfort us. And Business Continuity plays a significant role here. All businesses have experienced and continue to undergo a change this year. Economic uncertainty, instant remote workforce, and new challenges have meant that our business process may also need to adapt. Business Continuity, keeping the core priority systems of the business available, has also evolved. Maybe I no longer have physical access to my servers or its a challenge to use my normal off-site tape processes. Perhaps it’s that work practices have changed overnight, and systems that were somewhat used, are now critical to the efficiency of the business (like remote collaboration services). In the end, my previous list of core systems and their backup prioritization has probably gone through a set of changes or needs to.
How to create a Business Continuity plan
So, let’s talk about that. Business Continuity is about clear and solid process criticality tiers. Fundamentally approaching your business to rank your business processes and set defined RTO and RPO goals. We all do this in our organizations today, however, that line gets blurred since all data is now becoming a high priority. Right now, we have an opportunity to define this more solidly, to suit our current business environment better, and land stronger RPO and RTO goals. Recently I attended a Gartner webinar on pandemic preparedness, and they used a model which I felt was very understandable by defining business processes into five easy categorizes and assigning RTO and RPO objectives for each one.
Steps for a Successful Business Continuity plan
Let’s run through this.
- Tier 0 is your core infrastructure. In most cases, you are going to use multiple services for DNS, VPN, Active Directly, etc. so you can cope with the downtime of a single instance. Or you may use clustering to ensure a zero RPO for these critical services along with SAN snapshots.
- Tier 1 is Mission Critical. Here you need to focus specifically on the services that are critical for your business to operate. Company commerce sites, collaboration, email, and your main apps for revenue. If anything here is down for more than an hour, your business will suffer financial impact (the average hour of downtime from a high-priority application is estimated to cost $67,651).
- Tier 2 is Business Critical. Systems that are still important to the business, but if they were unavailable for 24 hours, there would not be a critical impact. A great example of this would be your CRM system. Essential for revenue activities, but many organizations can cope with a 12-24 hour unavailable window (if it does not happen frequently!)
- Tier 3 is important apps. To me, this is like our internal sales and marketing sites. They are important for the business, however, if they were unavailable for a few days, the impact could be mitigated through manual practices.
- And finally, tier 4. These would include seasonal planning like GTM and budget planning and training systems. Here it is any system that you could afford the downtime of a week or more if needed.
The biggest lesson here is how to become almost ruthless in thinking about your business processes. You may also have new remote experiences as well that you are dealing with. So a clearly defined business priority list and well-documented RPO/RTO expectations can ensure that the recovery teams can manage the expectations. It also helps with the “help, my app is down” ask when you are trying to juggle so many important activities.
So you now have the list in your mind, and the RTO and RPO needed. What’s next? Well, this is when you rely on modern backup and recovery. Long gone are the days of having to manually work out the infrastructure and backup windows needed to meet your RPO/RTO goals. Let the system do it for you. Take Veeam Availability Suite. By combining Veeam Backup & Replication, and Veeam ONE, you now have a pretty powerful platform that can help plan and optimize your infrastructure for your desired RPO, as well as helping orchestrate your recovery process (to meet your RTO goals).
Final considerations for a successful Business Continuity plan
So when you have your system doing the hard work for you, what about some of the practices you are going to use to meet these RTO and RPO goals?
- Quick application item recovery. Veeam Backup & Replication provides granular recovery of application items. For example, if you are deeming your email systems at Tier 1, losses need to be restored in under an hour. With either Veeam Explorer for Microsoft Exchange or Veeam Backup for Microsoft Office 365, you can restore items in minutes.
- Instant recovery of an entire VM. Imagine there is an online-facing customer application. It literally drives commerce sales for your business, so downtime is catastrophic. You can use Multi-VM Instant Recovery to restore the entire application in just a few minutes.
- Cloud-native recovery. Have your VMs running in AWS or Azure. Then you can utilize Veeam Backup for AWS, or Veeam Backup for Azure, to use cloud-native snapshots for lower RPO and lightning-fast recovery (volume, instance, and file-level).
- Full-site recovery. Every time I write that, I get taken back to the one instance long ago where I had a client’s site fail due to a power issue. Manually restoring physical server to physical server (pre-cloud days!), tape to tape, hoping it would work. I do remember seeing the sunrise on multiple days! To have wished for something like Veeam Availability Orchestrator. A companion that everyone needs, someone to keep your DR plans updated, your entire DR processes tested frequently (and automictically), and when required, can restore with the push of a button.
Ultimately, Business Continuity prioritization, while having a defined pattern for the process, will be different for every business. This may be the perfect time to hone your definition of tiers and the RTO/RPO values that are unique to your organization. And if you haven’t yet tried out the #1 modern data protection platform to see how it can help, you can grab a trial, and take a quick tour of the product here.
This blog was originally written by Michael Leworthy for Veeam Blogs.