Disaster recovery solutions

A good disaster recovery solution is essential - especially if your IT department is one man band.

A good disaster recovery solution is essential - especially if your IT department is one man band.

I am the entire IT department of a small management consultancy. We have an outsourced document exchange server but I do everything else. This works, but is too high risk (what if I have an accident?) and will soon reach capacity. What would you suggest to ensure high quality and low costs?

Build a recovery strategy and keep key people informed

Simon Rudd

MIS Manager, Becton Dickinson

What we are really talking here is disaster recovery. There are several key areas you need to evaluate: criticality of data, (is it the end of the universe if it all vanishes?) acceptable recovery parameters (how old does the information have to be before it is worthless?) data security (consider issues like availability, lockable computer rooms, fire-proof data safes,archiving etc) and back-up strategies (verification, off-site storage etc).

The most successful disaster recovery strategies are the ones that approach the problem holistically - everyone is involved, not just IT. Staff need to take responsibility for data, and part of that means understanding recovery positions and procedures, and contributing. I, too, am a "one-man band", only inside a large corporation. I look after two factories 60 miles apart and have 120 PCs linked via local and wide area networks, so I understand some of your problems. My disaster recovery solution is this:

  • The last known good data back-up is off-site at all times.

  • I back-up all data at both sites every night.

  • I use a 10 tape back-up cycle over a fortnight.

  • All tapes are stored in a fire-proof data safe at both sites.

  • I have two copies of all PC and server software - one copy at home and another in the fireproof safe.

  • In addition, all laptop users are required to keep laptops off site at all times.

    There are also consultants and companies who specialise in disaster recovery. Get in touch and see what they can offer.

    Finally consider this. If you have an accident, key people in your organisation need to know what to do, so involve them, document it, and include it as an overall strategy for the company. An interesting statistic is 70% of businesses that lose their systems for more than three weeks die within 18 months.

    We are developing an e-commerce application and have been approached several times by software suppliers who keep going on about the importance of application testing and the pitfalls ahead should we not test our systems thoroughly before going live. How much of our time should realistically be taken up by testing?

    Don't cut corners in the marketplace until all bugs are found

    Douglas Mellor

    Project services, Perth Airport, Scotland

    To estimate the amount of time required for testing, you first need to predict the number of defects, which will be injected. This is based on the size and complexity of the programme and the maturity of the developing organisation. Studies show that a company that has a low process maturity (CMM level 1) will inject 10 defects/1,000 lines of code whilst a medium process organisation (CMM level 3) will inject six defects/1,000 lines of code

    You will require a strategy with at least nine test methods, including white box and black box testing to ensure all the code is exercised through multiple threads, as well as metrics to track the testing results.

    You stop testing when you have found all the bugs you want to find. Usually for commercial systems this is 95% of the defect population and this occurs when it takes a day to find just one error. For higher reliability systems this criteria is even tighter - typically 99% of defects must be found.

    If you are behind schedule, then this is the one stage where it is a good idea to add more people. Programmers can write more test cases while additional testers and test equipment can search in parallel.

    For a small program (1,000 lines of code), 70% of the time is programming and for an application with a million lines of code of programming constitutes only 18% of the time. Defect detection takes up 35% of the time for a large project. These figures will change with the maturity of the organisation.

    The fault injection rate for tool-based development will be different from that outlined above, but the primary principle of knowing how many defects you have to find is still the top priority.

    It is important not to cut corners in the race to get to the marketplace as this can result in poor product performance and customers deserting in droves. So take the time to carry out proper testing procedures - it is well worth it in the end.

    I'm under pressure from management to facilitate a strategy that reduces users time on personal e-mails. Can you give me practical advice on an IT solution that will strike a balance between user's wants and company rules?

    Remove the attachment option

    Kim Masson

    I agree it is a management issue. But managers turn to IT support for ideas and maybe programs that help run the work environment in an easy and efficient manner. Realistically, you cannot stop personal e-mails unless you stop e-mail altogether which is not an option. You can, however, limit the size of e-mails received.

    We have implemented that in our offices and it prohibits the user from receiving large attachments that could slow the server. This is useful because the user is not tempted to forward files or jokes to others.

    Basically, the user can now send personal e-mails in text. The novelty of using it for fun has worn off and now the users use it if they have something to say rather than placing an attachment and sending it to 50 different people a day.

    Forthcoming questions

  • In my organisation it seems that when a new PC arrives it belongs to our business customers - they won't let IT near to it. Yet when it goes wrong it is all our fault. How can we take control of the whole PC process before this scenario becomes an epidemic

  • I have a top team around me, who quite simply lack any kind of personality, let alone the charisma that some of your writers bang on about - what am I to do? Shall I recruit a new team, or is there any quick-fix I can buy and apply to help them?

  • I am totally confused by the law relating to e-mail monitoring - what should I be doing? I don't understand - it seems to me that the laws of the UK are at odds with the European Human Rights Act. Please help me, as my HR director keeps asking me what is right and what is wrong, and I don't have a clue.

Read more on Business continuity planning