How far apart should my production and alternate recovery sites be?
As a good consultant, I would have to use the typical answer; it depends. We have a few things to consider here. First, what kind of disaster are you trying to protect yourself (or your organization) from? Second, what is your geography like?
We have a few things to consider here. First, what kind of disaster are you trying to protect yourself (or your organization) from? Second, what is your geography like?
@24673 If you're along the Florida coast, chances are you should be quite far from your production site because of hurricanes. As we saw last year [2005], it was pretty devastating in New Orleans and Alabama and Florida, so 10 or 20 miles will definitely not be sufficient in those areas. Conversely, if you're in Texas and you're trying to protect yourself from tornadoes the distance can be less. What we've seen in recent surveys that were done from a disaster recovery perspective in the industry is an average of about 30 miles.
There was an effort from the SEC to try and impose a standard distance. They quickly abandoned that because of that very specific fact of the geography and what you're really trying to protect your data (or your data center) from.
The distance also depends on criticality and potential losses. If you are at risk of losing millions of dollars because your data is not accessible, then it may be acceptable to be far away and spend that kind of money. It's always a question of balancing your losses with the cost of protecting your assets, so it may not be financially feasible to be very far away (e.g., halfway across the country). We need to measure the losses versus the risk and the value of the data and the cost of the solution.
Another factor to consider also is the latency or rate at which transactions or I/O has to be replicated from one place to another. So, if you're replicating data from a production site to a remote site, you need to make sure that data makes it there on time -- especially if the recovery site is very far away. There may be latency that may not be acceptable to your business.
Once again, there are a lot of factors to consider before a decision like that is made. One size does not fit all. It requires a lot of thinking and planning beyond just an IT perspective. We'd really need to look at the business side of things including business requirements and potentially regulatory compliance requirements as well.
Listen to Pierre's answer to this question or download the entire Disaster recovery FAQ audiocast.
Go to the beginning of the Disaster Recovery FAQ Guide
