Selecting a Disaster Recovery Center Location

Saturday, June 12, 2010

Bozidar Spirovski

E973b16363b3de77b360563237df7e32

When preparing a Disaster Recovery Center, one of the most important decisions is the location of the location of the Disaster Recovery Center.

Up until the 9/11, a lot of companies held their DR centers in the adjacent building, and right after 9/11, everyone wanted to go as far from the primary data center as possible.

One of the common misconceptions of Disaster Recovery planning is that longer distance ensures better disaster protection.

Of course, increasing the distance between data centers reduces the likelihood that the two centers are affected by the same disaster. But just putting distance between locations may not be sufficient protection.

In reality, the best distance for a DR location is dictated by a multitude of factors:

  • Minimal parameters dictated by regulators - certain businesses, especially telco and finance must maintain regulatory compliance. It is not unusual for regulators to mandate minimal distance between the primary and the Disaster Recovery location. You must comply to these parameters
  • Corporate RTO parameters - the company has decided that the Disaster Recovery Center must be up and running within the time defined as RTO - Recovery Time Objective. This time will include the travel time to Disaster Recovery center and the system activation times. So it is always important to take this parameter into account when choosing a Disaster Recovery site
  • Telecommunications services - larger distance between the primary and DR site means higher telecommunication costs and limits the choice of appropriate remote copy technology. For instance, synchronous replication is still very difficult to achieve past the 40km mark. Choose a location that is sufficiently distant but still manages to deliver the required bandwidth for the chosen replication/remote copy technology
  • Geophysical conditions -In order to avoid a natural disaster, it is not always sufficient to move your Disaster Recovery center to a specific distance from the primary center. Most natural disasters deliver high impact in areas which support their spread by terrain configuration or other geophysical conditions. For instance, a safe hurricane impact distance was considered 150 km. However hurricane Katrina lost strength after over 240 km inland since there was no terrain feature to stop it. Best location should be in a separate flood basin, off a seismic fault line (or at least on a different one) and with a large mountain between the primary and the DR site
  • Means of Transportation - increased distance between primary and DR site may make it difficult for employees to travel to the recovery site. This is especially true in situations of crisis, when roads may be damaged or blocked, or public transport is stopped by strikes. Choose a site that has multiple travel options - railroad, motorway, even river boat
  • Vicinity of Strategic objects - It is never smart to place your Disaster Recovery center in the vicinity of objects of strategic importance to the country. Such locations are prone to terrorist attacks, and attack by opposing forces in a military conflict. Also, even in situations of natural disasters, strategic locations will have strong military presence that may limit access to your Disaster Recovery center. Strategic objects are military bases, airports, refineries and oil depots etc. Choose a safe distance from such locations

There is no such thing as an ideal Disaster Recovery location. The optimal location is the one that minimizes the risks at an acceptable cost and meets the required SLAs and authorities' regulations.
Possibly Related Articles:
17019
Enterprise Security
Disaster Recovery
Post Rating I Like this!
85ac6feb584b665e85664974c546cfec
Ray Tan Great.
Security is comparatively, I totally agree with you on this:
"The optimal location is the one that minimizes the risks at an acceptable cost and meets the required SLAs and authorities' regulations. "
Thank you.
1276748090
4bca2aa331eb7e472d63d97e0798b600
Paul H. Forster While I agree with Mr. Spirovski's idea of greater distance not ensuring better DR, when he talks about ", , , travel time to the DR center, , ," and ", , , increased distance between primary and DR site may make it difficult for employees to travel to the recovery site." he has left DR and is now in the Continuity Of Operations (COOP) world. A true DR instance will either have staff on-site to effect the recovery, or be a "lights-out" operation, requiring NO human intervention.
Users will travel to a COOP site to interact with the system once the DR staff has reconstituted the system, application, and data.
1282143134
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.