CIOs beware: the road to recovery is full of potholes!

I consider the establishment of a disaster recovery (DR) plan as one of the most important tasks of any CIO. It's been an important task for me for some years now, but as it's never graduated into the urgent category, my DR plan remains in the planning stage.

Recently DR planning for my SOHO business became more critical, and not for the usual reason - that is, because there was a disaster. I wanted to build a big shed at home, complete with all the essentials - electricity, heating, water and broadband access. The Boss offered some forceful feedback to my plan, along the lines of there was no way I'd be spending money building something in which to play computer games, watch sport and avoid the family. It was during this tirade I promoted a disaster recovery plan to urgent status, for which an external structure, such as a fully equipped shed, would be essential.

The Boss was sceptical of my sudden DR interest, because she knows me well, so I had to then create a full DR feasibility report to squash her suspicions.

DR planning hinges on answering three questions: how quick, how much, how far. How quickly do I want to be up and running after a disaster, how much of my business do I need to be available and how far away do I want the DR site?

I started with the third question first. The appropriate distance between sites depends on the likely disaster risks. Disregarding meteor strikes and large bombs, the most likely system-down scenarios allow my off-site facility to be safely housed at the far end of the yard. Fire is unlikely to jump from the house to the shed so the major physical risk is access restriction, such as a gas leak, flood or blocked road. There is a laneway out back which was used decades ago by the nightmen, performing sewage nightcart activities (SNA). (It's gratifying we can still make use of that legacy SNA pathway as an alternative communications route.) Admittedly, this is not so much off-site as near-site, but it substantially reduces my network costs and, most importantly, allows me to build my shed.

Only the Essentials . . .

Determining how quickly my business must be up and running is a tricky calculation. We implement DR to protect our business because it's important, but immediate fail-over protection is so expensive that we deem the business not quite important enough to re-establish it immediately. The only way to know where to draw the line is to know what's going to happen in the future, which we don't, so we're left with the feeling we're wasting our money - just like insurance and mobile phone plans. I settled on the warm standby approach: a computer left on, but with nothing (useful) running on it.

The next question of what programs we want to get up and running was fairly easy. We agreed e-mail, Internet, office and CRM software are essential for our business, so they're in. No one cared about the accounting program, but there was a push to include digital photo software. I argued Foxtel was an essential application, without any success, so I've included it under Internet software as the browser Firefox-tel.

Many of the programs I use are licensed for one computer only, so I did the right thing and called the software vendors to request permission to load a second copy for DR purposes. They agreed it's a sensible idea and were very sorry their licensing didn't allow it, but would I like to pay for a second licence? Unsurprisingly, my preference was to hang up and just install the software I have on the DR server.