News
11/26/2008
09:33 AM
George Crump
George Crump
Commentary
50%
50%

Solving The DR Testing Problem

It seems like almost every time I see a report on disaster recovery plan (DRP) testing, there are typically 50% of the respondents that either don't test their DR plan or don't test it frequently enough for the plan to be worthwhile. How can we solve this?

It seems like almost every time I see a report on disaster recovery plan (DRP) testing, there are typically 50% of the respondents that either don't test their DR plan or don't test it frequently enough for the plan to be worthwhile. How can we solve this?Most IT professionals will readily admit that they know they should test their DR plans, so it's not a matter of convincing. Most IT professionals are stretched too thin and the day-to-day responsibilities of the job don't allow for time away to adequately test the plan. Finally, on the list of things you can't wait to do today, testing your DR Plan typically lands near the bottom. As is always the case when you're asked to do more with less, it's software that should come to the rescue.

The first step is to make the DR testing process easier to start and complete. Most storage systems today can replicate data to a similar system at a remote site. Some, like NetApp, 3PAR, and Compellent, will allow you to leverage writeable snapshots in those DR locations. When the time comes to test the DR readiness, a snapshot of the storage at the replicated site can be taken, and that snapshot can then be mounted to a series of test servers so the tests can begin almost instantly. All the while real replication continues, ensuring the DR site is kept up to date in case a real disaster occurs during testing.

Server virtualization has a role to play as well. Server virtualization lowers the hard costs associated with equipping the DR site and makes it easier to spin up additional servers during the DR function. Products like VMware SRM take this a step further by automating the failover process and reserving resource allocation at the DR site.

Finally, companies like Continuity Software provide real-time auditing of the validity of your DR Infrastructure including storage, databases, servers, and replication configurations. It can warn you of replication inconsistencies, mixed storage types or RAID levels, etc.

An out-of-date DR plan is like having no DR plan at all. Leveraging tools to make sure the right data is being replicated and leveraging systems that speed up the DR testing process are critical components in making sure your DR plan will actually work when you need it.

Join us for our upcoming Webcast on Improving IT Efficiency.

Track us on Twitter: http://twitter.com/storageswiss.

Subscribe to our RSS feed.

George Crump is founder of Storage Switzerland, an analyst firm focused on the virtualization and storage marketplaces. It provides strategic consulting and analysis to storage users, suppliers, and integrators. An industry veteran of more than 25 years, Crump has held engineering and sales positions at various IT industry manufacturers and integrators. Prior to Storage Switzerland, he was CTO at one of the nation's largest integrators.

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Dark Reading December Tech Digest
Experts weigh in on the pros and cons of end-user security training.
Flash Poll
10 Recommendations for Outsourcing Security
10 Recommendations for Outsourcing Security
Enterprises today have a wide range of third-party options to help improve their defenses, including MSSPs, auditing and penetration testing, and DDoS protection. But are there situations in which a service provider might actually increase risk?
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-2037
Published: 2014-11-26
Openswan 2.6.40 allows remote attackers to cause a denial of service (NULL pointer dereference and IKE daemon restart) via IKEv2 packets that lack expected payloads. NOTE: this vulnerability exists because of an incomplete fix for CVE 2013-6466.

CVE-2014-6609
Published: 2014-11-26
The res_pjsip_pubsub module in Asterisk Open Source 12.x before 12.5.1 allows remote authenticated users to cause a denial of service (crash) via crafted headers in a SIP SUBSCRIBE request for an event package.

CVE-2014-6610
Published: 2014-11-26
Asterisk Open Source 11.x before 11.12.1 and 12.x before 12.5.1 and Certified Asterisk 11.6 before 11.6-cert6, when using the res_fax_spandsp module, allows remote authenticated users to cause a denial of service (crash) via an out of call message, which is not properly handled in the ReceiveFax dia...

CVE-2014-7141
Published: 2014-11-26
The pinger in Squid 3.x before 3.4.8 allows remote attackers to obtain sensitive information or cause a denial of service (out-of-bounds read and crash) via a crafted type in an (1) ICMP or (2) ICMP6 packet.

CVE-2014-7142
Published: 2014-11-26
The pinger in Squid 3.x before 3.4.8 allows remote attackers to obtain sensitive information or cause a denial of service (crash) via a crafted (1) ICMP or (2) ICMP6 packet size.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Now that the holiday season is about to begin both online and in stores, will this be yet another season of nonstop gifting to cybercriminals?