News
11/26/2008
09:33 AM
George Crump
George Crump
Commentary
50%
50%

Solving The DR Testing Problem

It seems like almost every time I see a report on disaster recovery plan (DRP) testing, there are typically 50% of the respondents that either don't test their DR plan or don't test it frequently enough for the plan to be worthwhile. How can we solve this?

It seems like almost every time I see a report on disaster recovery plan (DRP) testing, there are typically 50% of the respondents that either don't test their DR plan or don't test it frequently enough for the plan to be worthwhile. How can we solve this?Most IT professionals will readily admit that they know they should test their DR plans, so it's not a matter of convincing. Most IT professionals are stretched too thin and the day-to-day responsibilities of the job don't allow for time away to adequately test the plan. Finally, on the list of things you can't wait to do today, testing your DR Plan typically lands near the bottom. As is always the case when you're asked to do more with less, it's software that should come to the rescue.

The first step is to make the DR testing process easier to start and complete. Most storage systems today can replicate data to a similar system at a remote site. Some, like NetApp, 3PAR, and Compellent, will allow you to leverage writeable snapshots in those DR locations. When the time comes to test the DR readiness, a snapshot of the storage at the replicated site can be taken, and that snapshot can then be mounted to a series of test servers so the tests can begin almost instantly. All the while real replication continues, ensuring the DR site is kept up to date in case a real disaster occurs during testing.

Server virtualization has a role to play as well. Server virtualization lowers the hard costs associated with equipping the DR site and makes it easier to spin up additional servers during the DR function. Products like VMware SRM take this a step further by automating the failover process and reserving resource allocation at the DR site.

Finally, companies like Continuity Software provide real-time auditing of the validity of your DR Infrastructure including storage, databases, servers, and replication configurations. It can warn you of replication inconsistencies, mixed storage types or RAID levels, etc.

An out-of-date DR plan is like having no DR plan at all. Leveraging tools to make sure the right data is being replicated and leveraging systems that speed up the DR testing process are critical components in making sure your DR plan will actually work when you need it.

Join us for our upcoming Webcast on Improving IT Efficiency.

Track us on Twitter: http://twitter.com/storageswiss.

Subscribe to our RSS feed.

George Crump is founder of Storage Switzerland, an analyst firm focused on the virtualization and storage marketplaces. It provides strategic consulting and analysis to storage users, suppliers, and integrators. An industry veteran of more than 25 years, Crump has held engineering and sales positions at various IT industry manufacturers and integrators. Prior to Storage Switzerland, he was CTO at one of the nation's largest integrators.

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Dark Reading Tech Digest, Dec. 19, 2014
Software-defined networking can be a net plus for security. The key: Work with the network team to implement gradually, test as you go, and take the opportunity to overhaul your security strategy.
Flash Poll
10 Recommendations for Outsourcing Security
10 Recommendations for Outsourcing Security
Enterprises today have a wide range of third-party options to help improve their defenses, including MSSPs, auditing and penetration testing, and DDoS protection. But are there situations in which a service provider might actually increase risk?
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-8142
Published: 2014-12-20
Use-after-free vulnerability in the process_nested_data function in ext/standard/var_unserializer.re in PHP before 5.4.36, 5.5.x before 5.5.20, and 5.6.x before 5.6.4 allows remote attackers to execute arbitrary code via a crafted unserialize call that leverages improper handling of duplicate keys w...

CVE-2013-4440
Published: 2014-12-19
Password Generator (aka Pwgen) before 2.07 generates weak non-tty passwords, which makes it easier for context-dependent attackers to guess the password via a brute-force attack.

CVE-2013-4442
Published: 2014-12-19
Password Generator (aka Pwgen) before 2.07 uses weak pseudo generated numbers when /dev/urandom is unavailable, which makes it easier for context-dependent attackers to guess the numbers.

CVE-2013-7401
Published: 2014-12-19
The parse_request function in request.c in c-icap 0.2.x allows remote attackers to cause a denial of service (crash) via a URI without a " " or "?" character in an ICAP request, as demonstrated by use of the OPTIONS method.

CVE-2014-2026
Published: 2014-12-19
Cross-site scripting (XSS) vulnerability in the search functionality in United Planet Intrexx Professional before 5.2 Online Update 0905 and 6.x before 6.0 Online Update 10 allows remote attackers to inject arbitrary web script or HTML via the request parameter.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Join us Wednesday, Dec. 17 at 1 p.m. Eastern Time to hear what employers are really looking for in a chief information security officer -- it may not be what you think.