Did You Feel a Drop?

Remember the panicked manufacturer with a progression of computer problems that recalled the proverbial “perfect storm”? Today I’m going to sort those problems out, and recommend ways to help keep those things from happening to you. To refresh, here’s what went on with that manufacturer:

The installed version of their ERP (Enterprise Resource Planning software) was too old to receive application maintenance and support. They hadn’t wanted to interrupt their workflow, and so hadn’t upgraded the ERP in more than five years.

Now they decided to upgrade, and it failed possibly due to a brownout. No computer on the network would boot. Maybe due to the same power fluctuation, they found a critical flaw in their only back-up (the back-up had been done and stored on-site).

Disruptive As It Is, Keep Your Software Up-To-Date

All software reaches end-of-life (EOL); and often what makes ERP software valuable is its extensibility. In fact the panicked manufacturer told Bryley that the reason for not acting sooner to upgrade the ERP was due to their reliance on extension software from a developer that had gone out of business years ago. But, as can be seen in hindsight, reluctance to adopt new software (to replace the outdated ERP, extension, and OS [an older OS was needed to support the ERP]), created a chain of potential and realized problems, including security vulnerabilities.1

But upgrades are hard on people, since their routines might need to change, and often not for the better. These changes may impact employees’ ability to get things done.

To make the process easier, your management team should develop a technology plan, either internally or with an IT partner like Bryley, through Bryley’s Virtual CTO (Chief Technology Officer) service. For technology planning and implementation, Bryley recommends these steps: define needs and requirements, assess and select solutions, implement and train. Here’s a detailed look at Bryley’s CTO approach [link to https://www.bryley.com/managed-it/virtual-cto/ ]

Brownouts and Blackouts

The manufacturer only had a temporary power outage. For these an Uninterruptible Power Supply (UPS) is a necessity. A UPS continuously monitors the voltage, sensing surges, spikes and outages. When the UPS senses an electrical problem, it switches your critical computer devices to AC power generated by its internal battery. The battery provides enough power to save your work and properly shut down your computer. If you have servers on your premises, it is important the servers communicate with their UPS(s), so the servers can know when they are running on stand-by power, giving each a chance to shut itself down properly.

But, let’s say the brownout had been a blackout that lasted for hours. Lose those hours of customer service and productivity or install an in-line generator? When the power goes out the generator takes over, powering equipment and feeding UPS devices. Bryley, as an example, uses an in-line generator to ensure our data center is operational no matter the power conditions.

And for the worst circumstances, such as human errors [link to https://webcache.googleusercontent.com/search?q=cache:eBK_EvzAvJ0J:https://www.reddit.com/r/cscareerquestions/comments/6ez8ag/accidentally_destroyed_production_database_on/ ], equipment failures, fire, floods, and malicious attacks on data, a disaster-recovery plan should include a failover. A failover is an available back-up in the event that your primary data center becomes unavailable. This will ensure that your data is always accessible, even under some of the worst of conditions.

Recovery Point Objective and Recovery Time Objective

The goal of a Back-Up/Disaster Recovery (BU/DR) plan is to seamlessly as possible get a computer or network running like before the catastrophic event occurred. An analysis needs to be done balancing the cost of downtime and the investment in a BU/DR implementation. In our example, the manufacturer was not sure how the business was going to survive. (Consultancy ITIC, in its annual survey, puts the average cost-of-downtime for a business at over $300,000/hour.2 The downtime cost for your business should be calculated as part of your technology plan.)

You also need to balance back-up methods and their costs with how much data you can let your business lose. Your Recovery Point Objective (RPO) is the maximum time of acceptable data loss. For example if your organization keeps hard copies of contracts, you might have the ability to restore lost data manually.

Given businesses’ reliance on computer systems, there’s a temptation in a technology plan to rate every device on your network with a zero RTO (Recovery Time Objective). But the investment needed to create a thoroughly redundant environment can be too costly. Conversely, like the manufacturer with only an on-site backup in our example, economizing can put your data at risk.

In fact a local back-up is a good first stage of redundancy. But what was the content of the manufacturer’s back-up? When was the last back-up completed? Is company data stored on multiple devices (servers? PCs? tablets? phones?). Or is all data stored on a single server?

In its Business Continuity role, Bryley can guide you through the questions that will help you understand what steps will be workable for your organization to get back up and running normally after a disaster.

Layering: Multiple, Redundant Levels of Protection

Ideally, you want a combination of both the speed and availability of local back-ups and the peace-of-mind of a secured VPN (Virtual Private Network3 )-connected, off-site/cloud back-up. Data back-ups should be encrypted and follow the 3-2-1 rule for reliability: 3 copies of important data, 2 different media types, 1 copy off-site.

With a true back-up you can access previous states of data. With replication, typically a cloud service syncs to a local folder’s contents. In the latter case, if your folder’s contents are accidentally deleted, so too will the sync’s contents be deleted. A true back-up gives you multiple points in time from which you can restore your data.

In disk-to-disk (D2D) back-ups, an additional server or a Storage Area Network (SAN) is installed to store multiple data back-up sets. D2D back-ups are software-automated and complete quickly. In a recovery, administrators can quickly select and restore from several different points in time. Cloud back-up is a branch of D2D, in which a remote server automatically stores data back-up sets. Cloud back-up is hindered by relatively slow bandwidth, compared to a business’ LAN and so usually must do its work in nonbusiness hours.

Bryley’s BU/DR Hybrid Approach

Bryley’s back-up methodology is built around secure, real-time, automated, disk back-up, disk imaging, file-level back-ups, and bare-metal restore points 4 for Microsoft Windows-based servers and workstations. It combines the ease and speed of a D2D back-up with the protection of having encrypted, Cloud-based back-ups at monitored and secured remote sites.

Bryley’s approach provides you mission-critical local back-up for quicker access, and a remote back-up as a final safety net.

Right as Rain

Being proactive is your best defense. If your organization assesses the costs associated with a work disruption and implements an appropriate plan to recover the data, a BU/DR provider will be able to get your operations up and running with minimum downtime. Bryley Systems has been a trusted technology adviser to our clients since 1987. If you would like more information about Bryley’s Virtual CTO role or BU/DR implementation, please contact our team at 978-562-6077 or itexperts@bryley.com

1 Older software is unprotected against bugs and exploitable holes in the code that give hackers access. These holes are even more serious when an update is issued, because the software maker publishes the nature of the holes that it has patched. These vulnerabilities can be exploited to implant malware and/or gain access to your data, which may be collected for sale, held for ransom or destroyed. Malware can stealthily gather business and employee data, including banking and credit card data, or, for criminal purposes, divert your business’ computing power.

2 https://itic-corp.com/blog/2019/05/hourly-downtime-costs-rise-86-of-firms-say-one-hour-of-downtime-costs-300000-34-of-companies-say-one-hour-of-downtime-tops-1million/

3 A Virtual Private Network creates an encrypted, two-way communication tunnel between your network and an off-site server.

4 The backed-up data is robust, containing the appropriate bootable OS, all applications and files. An administrator can choose to restore at the file, disk or hardware level.