In today’s information-driven age, the database is the heart of any organisation. From running applications to processing transactions and storing customer and other mission critical data, without the database businesses simply cannot function. Despite the critical nature of the database, many companies do not have a comprehensive backup and disaster recovery strategy in place and resort to crisis management when their database crashes, often resulting in costly downtime. 

 

There are a few checklist items to consider with backup and disaster recovery, ensuring minimal disruption and most importantly, continuity for the business.

Checklist Item #1: The backup and disaster recovery strategy

Whether organisations run a full disaster recovery environment or simply conduct regular backups, having a plan and processes in place to govern this in the event of an emergency can literally save a business.

 

A backup and disaster recovery strategy is therefore essential for every modern business of any size. This is the most important step in ensuring your database is not a disaster waiting to happen.

 

In order to develop this strategy, organisations firstly need to understand how critical their data is to the business. Not all organisations require a full disaster recovery environment, as these can be costly to implement. Furthermore, not all data is mission critical or will cause the business to fail if lost or takes time to recover. However, at the very least, all data needs to be maintained in some form of working backup environment and these backups need to be conducted in line with business rules.  Business rules govern the backup and recovery strategy, and outline how data should be stored and restored, as well as guide the times required for a restore to take place and more.

 

A full disaster recovery environment is obviously preferable for mission critical databases, as when disaster happens the environment can simply be ‘switched over’ with minimum downtime and disruption. The disaster recovery environment should be in sync with the production environment and should also be regularly tested. If a disaster recovery environment is not in place, backups need to be stored in a minimum of three separate locations to ensure that at least one recovery copy is available for restore.

 

Regardless of the recovery method, the processes involved must be clearly documented.  Listing the order of procedures, steps that need to be taken, the required turnaround times and who is responsible to ensure that all functions are fulfilled is essential. All parties involved should clearly understand their role. The failover processes must be regularly tested to ensure that when a disaster happens, these processes are seamless.  When testing, the failover processes should also generate a log to establish which ones are successful and which ones are not, allowing for the appropriate person to remedy.

Checklist Item #2: Address database security

Building security into the database is important, both from a physical and data perspective. This is addressed in various legislations including Sarbanes Oxley (SoX) and the King III guidelines to mention a few, making database security a compliance requirement. The requirement for database security is also extended to any backup copies of data and disaster recovery environments.

 

Physical security such as access control, intrusion prevention and detection, fire detection and suppression will help to prevent unauthorised persons from accessing the physical storage areas and minimise the impact of disasters such as fire. Data security must also be implemented to prevent unauthorised data access and theft from the corporate network.  This is critical given the rise in cybercrime. It is also important to ensure that the database itself and all backups receive the same protection levels. Without IT security, data can be lost, corrupted or more frequently in today’s world, stolen for sinister purposes. Data must be protected to prevent business downtime, which results in loss of revenue and reputation.

Checklist Item #3: Database administration

Whether you use an internal Database Administrator (DBA) or the services of an outsource provider, it is vital to be 100% comfortable with the DBA and the levels of support that are delivered.  The DBA has access to all company data and therefore must be highly trustworthy.

 

The service levels delivered must also be checked, as bad service both in-house and outsourced can negatively impact database downtime and cost the business. This can be addressed in a solid Service Level Agreement (SLA) and Operations Level Agreement (OLA). However, the DBA or outsource provider should maintain the backup strategy, the frequency of testing processes, the documentation and availability of this documentation as well as all planned failover testing. If these services are not being delivered, an organisation should question the value that the DBA is delivering.

Checklist Item #4: Check your SLAs

SLAs must fit the requirements of the business and should support disaster recovery and restore goals. The infrastructure of the database and recovery environment needs to allow for either a full disaster recovery failover to take place or regular backups which require, amongst other things, enough disk space. SLAs must factor this in and meet the specific disaster recovery needs of the organisation.

 

For example, an online e-Commerce store cannot afford to have any downtime due to the nature of their 24x7x365 business. Therefore, their SLA should include service levels that ensure maximum uptime and fast restore times with disaster recovery. Other businesses, such as a legal firm, may need to have their data restored within a few hours, or a day. This type of business won’t collapse if the data restore is completed within 24 or even 48 hours.  Therefore, the SLA must accommodate these factors and should also be in line with the disaster recovery strategy supported by the business rules and processes. If SLAs do not fall in line with business requirements, they need to be reassessed. However, it is also important to bear in mind that 99.999% uptime and fast recovery comes at a price. The balance of expense, functionality and best possible service levels to meet the business’ needs must be considered when defining an SLA.

 

In addition, the SLA should incorporate regular testing of the disaster recovery plan to ensure that it works, eliminating much frustration in the event of failure. 

Conclusion

Ultimately any disaster recovery solution minimises downtime.  Downtime costs money and this is often more expensive than the implementation of a full disaster recovery environment. If this is not possible, having a strategy in place is critical to ensure that processes are followed. Maintaining a stable database environment is equally important for business continuity.  A checklist that covers these aspects of database backup and recovery will help to mitigate risk, minimise downtime and ensure businesses are up and running in the shortest possible time in the event of a disaster.

How outdated budgeting and forecasting methods are affecting the corporate bottom line

I’ve lost count of the number of companies I’ve seen where a central office, usually the accounts department, dictates to another group of employees what their budget should be – and then acts all surprised when reality at the end of the year doesn’t match their expectations.

Sales people are burdened with targets, with no consideration of their unique circumstances or input, despite the fact that the people in the field in each region have the best “feel” for what may happen in their territory over the next year – which of their big customers are losing market share, which competitors may enter the area, whether the year is going to be tough or prosperous. Providing your team with a budget with a 10% increase slapped onto last year’s sales target is not only unfair, but also unrealistic.

Economic conditions are a very pressing challenge for organisations of all sizes around the world, resulting in squeezed budgets. One such area is IT. As a result, many organisations are turning to outsourcing as a business model, as it offers savings, flexibility, scalability and the ability to access resources on demand rather than having to hire them full time. However, as a result of the unique conditions in South Africa which include a massive skills shortage, and in an effort to further save money, some organisations are turning to temporary staffing solutions to fill critical posts. This can be a costly mistake.

While temporary staffing are often cheaper in the short term than an outsourced provider, and can help to fill gaps in the IT environment, there are certain areas where temps are not the ideal solution, typically mission critical areas such as the database. When it comes to the database, knowing the difference between outsourced and temporary resources and choosing the right one for your business could make all the difference.

In areas such as the database, it is simply not possible to assign a nine to five value for tasks such as database administration. The IT environment does not stop working at five in the evening and over the weekends, like people do, and many organisations do not realise that temporary staff members may not be available after hours. If they are available, they need to be paid after hours rates, which are generally a lot higher than normal rates. In critical areas such as the database, organisations will be left with little choice other than to pay the 'after hours' rates, since the consequences of extended downtime are undesirable. Temporary staff may also call in sick, or even leave the organisation, which means that these staff will have to be replaced – a significant challenge in a skills scarce environment.

An outsourced provider, however, is contracted by a Service Level Agreement (SLA) to deliver a certain level of support, irrespective of the time of day, the day of the week and so on. These providers stake their income and reputation on being able to provide the services organisations need, when they need it, which is a far better option in mission critical environments. Outsourcing also provides a service, as opposed to a staffing solution. This means that even if the usual resource handling an account is unavailable for any reason, the service will still continue as there is a pool of resources for the outsourcer to draw on.

Outsourcers can provide 24/7/365 support for critical IT applications and infrastructure, and their business is built on delivering these services to the highest standards, whereas the loyalty and commitment of temporary staff can be low as they have no incentive otherwise. Furthermore, temporary staff are often not included in company training due to budget pressures. If the employer does not invest in upskilling temporary resources with additional training, there is little opportunity for growth. Their key performance indicators may not necessarily be aligned with those of the business but rather aligned to the temporary contract.

Outsourced resources are highly trained and are exposed to many different environments from which they are able to learn. Their training is kept up to date by the outsourced provider, and certifications are also of the utmost importance, since it is in their best interests to maintain the highest levels of skill. Outsourced providers, through SLAs, will also ensure that the key performance values of the outsourced resources are aligned with the business, since outsourcing at its core is a business service.

When it comes to the IT environment, not all areas are mission critical. Not all aspects of IT require the high levels of service delivered by an outsourced provider. Some areas work well with temporary staff, particularly in areas such as web development where the task at hand is not a 24 hour job. The database is not one of these areas. It is critical to the business and it needs to be secure and maintained. A database administrator must be able to access all of the data contained within a database, which could prove dangerous if this task is handed to someone with no loyalty to the company, as the Wikileaks saga proved.

Database administration requires a trusted, skilled resource who will document processes according to best practice, who has the necessary skills which are kept up to date, and who will be available whenever needed, whether this is after hours, on the weekends or during the course of a normal business day. No single resource will be able to provide this, but an outsourced service provider can.

An organisation would never hire a temporary security guard, as this represents a huge business risk – the guard may not be loyal because he has no job security and he needs to sleep and have days off. Even hiring an additional security guard does not solve this problem, as one guard may get sick, both may leave and so on. Security is not a one person job, it should be a service. The same is applicable to database support, where the modern business is hit hardest if something goes wrong. Business solutions such as outsourced services are critical to keep the database, and the business, up and running optimally at all times.

The database is the heart of the modern organisation, keeping business alive by supplying applications and people with the information and technologies they need to do their jobs, in much the same way as the human heart keeps the body alive by supplying vital organs with blood to keep them functioning. The database, like the heart, needs to be kept healthy and functioning at its best for optimal productivity, and when something goes wrong we often seek expert advice to find out how to fix the problem. When it comes to the database however, organisations may then take this expert advice and try to implement it themselves, which could have negative consequences for the entire business.

In a tough economic climate, where IT budgets are always being squeezed, and in an effort to save money, organisations often opt for an approach of asking database experts for advice and then attempting to implement changes themselves. However, developers are often not highly skilled in database administration and support, and herein lies the problem.

Seeking a second opinion to validate the recommendations of an in-house resource is good business practice, but in order to preserve their own business the experts may not give the developers step by step instructions on how to achieve what they need to achieve. There are also certain industry best practices and guidelines which expert providers will be aware of and well versed in implementing. These may not fall under the scope of recommendations and thus will not be put into practice by your resource trying to implement recommendations. This includes areas such as creating a backup of the database before any changes are made, something which an expert will be aware needs to be done, but which in-house resources may not be aware of or think about at the time.

Getting expert advice and 'running with it' can be detrimental to the database, because of a lack of background understanding of the issue. While organisations typically take this approach in an effort to save money, the long-term cost implications of getting it wrong are far higher than any small savings they may achieve. Database infrastructure does not come cheap, and this investment can amount to millions of rands. Risking this for savings of a few thousand seems illogical, and this is exactly what attempting DIY on the database is – a risk.

The consequences of getting any aspect of the database wrong could be dire. Any downtime on the database causes loss of business and loss of productivity as a result of people being unable to perform their jobs. The data itself can even become corrupt in certain circumstances. This leads to further downtime and requires an external expert resource to come in and address the problem. These issues both add up to additional expenses, as the more things go wrong, the more complicated and expensive they are to fix.

An expert outsourced consultant who handles the project from consulting, to implementation and sign off, will give organisations the assurance that the job will be done correctly the first time, with minimum downtime and disruptions to normal business proceedings. This means that risks are mitigated, which is important for corporate governance, and ensures that any database issues are handled with experience, according to the highest standards and international best practices.

If a person experiences a problem with their heart, this affects the rest of their body and could kill a person. If there is a problem with the database, the entire organisation is affected. However, if a doctor told a patient they needed open heart surgery to fix a medical problem, the patient would hardly attempt to do this themselves. The database should be no different. With critical information and applications at stake, which could kill the business if the database fails, it makes better business sense to leave fixing any problems to the experts. The cost of DIY with the database could well be higher than any money saved by implementing recommendations without help.

Proprietary software has traditionally enjoyed a sound foothold in the database space in particular. However, in recent years we have seen an upsurge in interest for open source database solutions, for a number of reasons. Proprietary solutions are costly, and that is a well known fact. But the biggest cost is not necessarily the initial purchase price, but the lack of integration with third party applications and the tendency towards becoming locked into a single vendor because of the need to create a homogenous environment. This lock-in is particularly undesirable when it comes to data, as data often no longer belongs to the organisation when this type of lock-in occurs. Open source database solutions address all of these challenges, and often offer a viable alternative to costly proprietary systems.

Says Jaroslav Cerny, CEO at RDB Consulting: "One of the reasons for the relatively slow uptake of open source, particularly in the database space, is a result of misunderstanding and miscommunication. This software model used to be called 'free' software, which has created some confusion in the market and also resulted in organisations to either not trust a 'free' solution or to expect that a 'free' offering will deliver the same level of service as a paid for offering. While the code is available for free, the real 'freedom' of open source lies in being able to access the source code."

Adds Muggie van Staden, CEO of Obsidian Systems: "Open source means just what it says – that the source code is open, freely available and public. It is a development model that enables the large open source community to develop, improve and add value to the base source code. Every member of this community, which includes a number of different companies as well as individuals and even hobbyists, works towards improving, developing and delivering better solutions. This is the true value of open source solutions, for the database or any other area,"

Another factor that has inhibited the uptake of open source is a belief that these solutions are sub-standard when compared to proprietary solutions. This myth is becoming increasingly invalid however in light of readily available statistics, including the fact that more than 90% of the world's top 500 supercomputers run on open source operating systems. However, the 'free' versus 'paid for' debate is an ongoing one, as Community Open Source solutions are in fact available for no cost. This has led to the belief that open source solutions are something you download for free, for which there is no support. While the open source development community develops leading edge software with excellent functionality, they are developers and do not provide the support and certifications that businesses need, particularly with regard to the database. For the business environment, there is great benefit in utilising Enterprise Open Source solutions, which deliver the benefits of open source for a fee while providing the necessary support, much like proprietary solutions providers but for a typically lower cost without high software licensing fees.

"The database is the heart of the modern enterprise, and organisations spend millions on infrastructure, storage and solutions. If the software that runs on this expensive infrastructure is not suited or is not correctly supported, the entire stack can break down and cause detrimental damage. In trying to save a few thousand by using Community Open Source solutions, organisations can in fact end up costing themselves a lot more," adds Cerny.

"Ultimately, maintaining the database is critical, and there is a cost involved in this resource. Enterprise Open Source provides the indemnity from this risk that businesses need, because the vendor is being paid to address this business risk and ensure that solutions are implemented correctly and maintained. This ensures that the database benefits from the freedom of open source, while still maintaining the necessary levels of uptime and service," he adds.

If the right type of open source is utilised in the database space, and professional support is ensured by engaging with an Enterprise Open Source database service provider, there are many benefits that can be leveraged. These include the ability to implement cross platform open standards databases that can be deployed in multiple environments rather than only on proprietary platforms and infrastructure, as well as preventing lock in, both in terms of software and hardware. This gives organisations the freedom to change platforms, operating systems, service providers and so on without penalties, ensuring that they can take advantage of the best solution to meet their needs.

"Enterprise Open Source offers the benefits of open source as well as the benefits of an outsourced provider, offering access to a pool of skills for the development of better software as well as for the maintenance and service delivery aspects. The service provider can take care of the mundane tasks such as administration, updates and monitoring so that organisations can use their core skills in areas which will drive business benefit," van Staden adds.

"When it comes to the database, there are many solutions out there, and not all of them will suit the needs of every organisation. Freedom to change operating systems, hardware or even service providers may not be a deciding factor for one business, while it may be critical for another. The most important thing is to make an informed decision, to be aware of the consequences of the decision, and to ensure that any decision taken around the database is in the best interests of the organisation," he concludes.