Business Continuity & Disaster Recovery Expert Lawrence J. Webber

Ensuring your business has a solid disaster recovery and business continuity plan in place isn’t just good practice, it can be a valuable sales tool.  With this in mind, we interviewed Lawrence J. Webber for the latest post in our Data Center Leaders interview series.

Along with Michael Wallace, Webber is one of the co-authors of the acclaimed The Disaster Recovery Handbook: A Step-by-Step Plan to Ensure Business Continuity and Protect Vital Operations, Facilities, and Assets.

Below, we discuss the reasons for your business to develop a disaster recovery and business continuity plan, how to get started, and how to use these plans as sales tool in front of prospects:

Evolving Solutions:
What factors play most heavily in developing a continuity plan, for example, government regulations, client contracts, or something more?

Lawrence J. Webber:
Disaster recovery plans are required for government regulations to protect stockholders from a company’s collapse in the face of a disaster (such as loss of a data center, etc.)  Their goal is to quickly restore essential company activities.  Non-essential activities are restored over time.

Business Continuity plans (actions in case of the failure of a significant component) are usually driven by customer requirements.  A reputation as a reliable supplier is valuable sales tool.

Companies providing Just-In-Time materials must have provisions to ensure that they can reliably deliver the expected goods even in the face of a problem.  This could be a need to set up a second assembly line, a second factory or to provide duplicate equipment for all process bottlenecks.

No matter how low your price – no one will buy if you cannot reliably deliver.

Evolving Solutions:
What are the most common misconceptions in regards to what a business continuity plan should or should not entail?

Lawrence J. Webber:
1.     Business continuity plans belong to the Business Continuity Manager.  Business continuity plans actually belong to the process owners, because if the process fails and the plan does not address the problem, it is that process manager who will under the management spotlight.

Since it is their plan, they must ensure it remains up to date and that team members know their roles.

2.    That the Business Continuity Manager (BCM) will “go write us a plan”.  This person coordinates the authoring of plans by others.  The BCM does not fully understand the processes of the Accounting Dept., the materials management group, the engineering team, etc.  Each group must fully participate in the process.  They often imagine the BCM will trot through their offices and magically write a workable plan for each.

Evolving Solutions:
What tips would you offer for a business as it develops continuity plan for the first time?

Lawrence J. Webber:
Don’t feel overwhelmed.  The plan only addresses restoring the critical business functions – perhaps 20% of the total.  Take it in stages.  ID what is most valuable, write a disaster recovery plan, and then write a business continuity plan.

It costs nothing to gather the basic information into one place:

•    Recall list for all personnel (phone numbers, emails, etc.).  Verify quarterly (preferably by calling them. Roster of all vendors, what they supply, and a 24 hour contact number.
•    List of support contracts (contacted via the vendor roster) along with what they support, hours of support, contract number, etc.
•    Build a calendar for when each contract expires
•    Keys to everything, including network cabinets, closets, passwords to servers, etc.
•    Ensure that ALL data residing on data center storage devices is backed up and then promptly moved off site to a secure storage area.  Verify that these back ups work, know who can recall the data and how to do it.
•    Identify critical IT systems, and the primary and secondary support person for each.
•    Ensure each person is on the recall list
•    Identify the critical components for each (servers, peripherals, etc.)
•    Ensure these items are covered by vendor support agreements

Evolving Solutions:
Susan Snedaker,  Principal Consultant with VirtualTeam and author of Business Continuity & Disaster Recovery Planning For IT Professionals, identified as the three biggest mistakes when developing a continuity plan as “Not Creating A Plan,” “Not Getting Executive Buy-In,” and “Not Getting The Right People In The Room.”  What would you add to this list?

Lawrence J. Webber:
False confidence that once a plan is written, you are safe.  It must be regularly tested (perhaps quarterly) so that everyone knows their roles and that the plan reflects the current processes.  A plan sitting on a shelf is a snapshot in time.

Processes change, so do process tasks and staffing.  The document does not magically change by itself, and often no one bothers to inform the Business Continuity Manager.

Evolving Solutions:
How would you measure the chance of a newly launched company’s success, with or without, a disaster recovery or business continuity plan?

Lawrence J. Webber:
A disaster plan and a business continuity plan are only called into action when something goes wrong.  A new company with potentially excess capacity can disguise a disruption from a customer.  However, a well run company, tightly staffed, cannot disguise a disruption.  At best, they are tempting fate.

Evolving Solutions:
Wild Card: Anything else you’d like to add?

Lawrence J. Webber:
Disaster recovery is all cost.   Like insurance, you pay and pay but usually never need it (ie no disasters strike).

Business Continuity planning provides payback in resilient processes which result in more reliable cost estimates and product/service delivery. Green and Lean initiatives (such as virtualizing servers) also shortens recovery time.

Green IT Expert John Lamb, PhD

Green IT is a subject we have dedicated significant (virtual) ink to on this blog.  In discussing Green IT, we strive to illustrate the link between eco-friendly energy management and significantly lower business costs.

Helping us illustrate this link is John Lamb, PhD, as he contributes his insight to our Data Center Leaders interview series.

Lamb is a Senior Certified IT Architect with IBM Global Services.  He has authored over 50 technical whitepapers and four books including, “The Greening of IT:  How Companies Can Make A Difference For The Environment.”(1)

Below, we discuss the steps needed to make your data center eco-friendly, the cost savings that can be expected, and the future of green IT:

Evolving Solutions:
What tips would you offer for business seeking to reduce data center costs through green initiatives?

John Lamb:
A very straightforward process, and probably the most significant improvement data center management can make, is to use the standard server refresh policy (which is typically every four years) to move to virtual servers.  Virtual data storage would follow.

Of course, the very first step would be to “get the facts” and diagnose where your data center energy is being used. In addition to the diagnose step, four other steps are to measure/manage, cool, virtualize, and build.

Additional steps such as communications/appointing an energy czar, analysis of application efficiency, and making use of rebates and incentives could further help improve the business case for going green.

Improving energy management is an ongoing endeavor. Improving energy efficiency requires focusing on a number of areas: the IT equipment, the data center facility, and the on-going energy management. The five-step process is a way to show a set of actions across all these areas. The idea should be to have continuous improvement.

Evolving Solutions:
Are there inherent dangers in trying to make your data center too cost efficient through green IT?

John Lamb:
There could be the “gold plating” syndrome. An engineer or IT architect can actually try to go too far in reducing energy use. The basic business case with a focus on a good return on investment (ROI) always needs to apply.

Back in the late seventies we designed solar heating for several IBM buildings and actually implemented a few solar heating projects. We could realize a significant reduction in energy use, but if the payback period is 20 years and the life of the solar heating system is only 20 years, then that’s not a good investment.

However, for data centers the cost saving incentives are so great companies have significant motivation from a financial standpoint to go green.

The Greening of IT by John Lamb, PhD

Evolving Solutions:
Your book, The Greening Of IT, describes how IT vendors are touting eco-friendly policies such as carbon-neutral computing in their sales pitches.  With corporations typically driven more by bottom-line factors, do you fear taking the “green” angle may cause sales pitches to fall on deaf ears?

John Lamb:
I believe most companies do feel a corporate responsibility to help the environment.  However, the best motivator to get started – whether it’s a company or an individual – is to show the economic benefits of reducing energy use.

Let’s face it, if a company or individual can be shown methods to cut energy use and save money by following best practices, that’s always a great motivator. If a company can be shown that along with cost savings the company is also helping the environment, then we have a real “win-win” scenario.

So, to answer your question, the primary goal should be to cut costs through energy efficiency.  That goal will automatically lead to the goal of helping the environment.

Evolving Solutions:
Toby Velte, Global Technology Strategies with Microsoft, describes how he helps to ensure Green IT initiatives are funded by always relating projects to the pressures of capitalism, rather than the pressures of altruism.  Do you find this to be true across the board, or have you seen some firms consider start to implement green IT purely from a sense of corporate responsibility?

John Lamb:
I agree with Toby. The first and best motivator to go green is to show the financial benefits from the energy savings.

As mentioned in the response to the previous question, after showing the economic benefits it’s a great idea to also show the benefits to the environment.  Then we have a win-win situation for both the CFO and the executives who want to show corporate responsibility with improvements to the environment.

Evolving Solutions:
How would you recommend selling the idea of green IT to upper management who see it as little more than a fad?

John Lamb:
I’d recommend giving upper management some real life case study examples of the money that can be saved.

A typical US data center of 25,000 square feet will use approximately $2.6 million in energy costs per year at 12 cents per KWH. Improvements in energy management can save up to 50% of those costs.  Over a million dollars in savings is typically a motivator that will drive sufficient interest.

If upper management can be given references along with business case details of other companies that have experienced significant energy cost savings by going green that should do the trick.

All companies will become serious about reducing energy through green IT once they realize the significant cost savings possible even by initially only going after the low hanging fruit.

Evolving Solutions:
Anything else you’d like to add on Green IT or data center cost avoidance?

John Lamb:
Two emerging technology areas for green IT that intrigue me are the use of fuel cells to power data centers and the use of private cloud computing for the ultimate in server and data storage virtualization.

Fuel cells are not new – they powered the space capsules that carried men to the moon. Hydrogen powered fuel cells are very environmentally desirable since the only output, in addition to energy, is water.

The problem is in obtaining the hydrogen.  Currently hydrogen is usually produced through a very energy intensive process using natural gas and immense amounts of electricity.  When technological breakthroughs allow us to produce hydrogen efficiently, then fuel cells for data center energy will be a significant step forward.

Cloud computing allows companies to move to virtualization of all computing systems and to very high levels of utilization. Cloud computing – both public and private – is evolving quickly and is already having an impact on green IT.

(1) Publisher disclaimer: “The Greening of IT: How Companies Can Make a Difference for the Environment” by John Lamb; ISBN 0137150830, published April 2009 by IBM Press (Copyright 2009 by International Business Machines Corporation). To view a sample chapter, please click on “Sample Pages”: www.ibmpressbooks.com/title/0137150830”

VMware & Virtualization Expert Edward L. Haletky

When asked for technologies key towards sustained IT cost reductions, data center leaders commonly cite server virtualization technologies.

Our Data Center Leaders interview series digs deeper into this subject today as we discuss VMware virtualization with AstroArch founder Edward L. Haletky.

Haletky is a leading expert on VMware and virtualization who has authored the books VMware ESX Server in the Enterprise: Planning and Securing Virtualization Servers and the upcoming Virtual Infrastructure Security: Securing ESX and the Virtual Environment.

Haletky shares insight below on virtualization best practices, including how to identify and eliminate security threats common to virtual platforms:

Evolving Solutions:
Your book, VMware ESX Server in the Enterprise: Planning and Securing Virtualization Servers, offers VMware deployment tips and best practices.  What top three tips would you offer to businesses who’ve just implemented server virtualization through VMware?

Edward L. Haletky:
Now that the implementation is complete, it is time to review everything to make sure no changes are necessary. In some cases, these changes could mean a reinstall due to a change in usage or the plan.

You can now gather performance data to see how things are working and adjust the system appropriately.  This is the time to make sure your investment in virtualization succeeds. Verify memory limits, perhaps you have allocated more memory than what is actually used, verify Disk and Network IO, you may need to adjust this as well by adding new LUNs or more pNIC to the vSwitch, etc.

Form a Team that comprises the Security, Storage, Server, Network, and Virtualization Administrators to discuss issues as they come up. Sort of an advisory board of sorts within the company. With virtualization, the traditional siloed approaches do not work very well.

When considering new hardware, always choose something that is on the Hardware Compatibility Lists and nothing off them.

Evolving Solutions:
When asked for technologies designed to reduce costs in larger data centers, Cisco’s Omar Sultan cited virtualization technologies such as VMware and Hyper-V. How soon after implementation of these technologies can businesses expect to see cost savings?

Edward L. Haletky:
That depends on quite a few things, but most companies see an immediate lower consumption in power and possibly even cooling.  Those are always the big savings and immediate ones.  Cost savings also occur when hardware is to be updated as you are updating less hardware but license costs tend to eat into those savings.

Over time more items will be virtualized and a new baseline for cost savings will be created that already includes virtualization.

The real savings will end up being in efficiency.

Evolving Solutions:
Your upcoming book, Virtual Infrastructure Security: Securing ESX and the Virtual Environment promises to help identify and mitigate security related threats in all VMware platforms.  What would you identify as the single largest security threat present in VMware platforms today?

Edward L. Haletky:
This is a tough one, but it can boil down to the fact that currently virtualization security does not encompass the entire virtual environment but concentrates just on virtualization host security.

There is quite a bit more to virtualization than just a hypervisor to consider: there is management, backup, storage, clustering, and virtual networking.

In addition, security is often considered a bolt-on or after thought when it should be considered from the very beginning, when you are architecting and designing your virtual environment.

Evolving Solutions:
In regards to leaving themselves open to security threats, what are the biggest mistakes companies make after implementing a virtualization initiative and how can they be avoided?

Edward L. Haletky:
Many companies bolt on security instead of design/architect it in from the beginning.

That aside, the biggest error I see is the use of a flat network for management, IP storage, and VMotion. These three networks should actually be separate from each other and the normal production networks using firewalls and perhaps separate physical switches.

The other item that comes to mind on virtual networking is the level of trust in VLANs. This is not a security construct but people use it as such.

The other issue that comes up is to overlook aspects of storage security such as how backups are made.

In general, most people feel that they cannot be attacked and that they are safe from attack due to having an external firewall. Until a Penetration Tester comes in and shows how false that is, ignorance is bliss.

Evolving Solutions:
VMware vSphere 4 is bringing virtualization to small businesses. How have small businesses reacted to this opportunity promising to improve data center efficiency?

Edward L. Haletky:
vSphere 4 is not really doing that, it was done when VI 3.x was released as well as when VMware Server and ESXi were offered for free. Yes vSphere 4 builds on this, but the promise was made when ESX v3 was released.

Over the last few years I have seen more and more small organizations like Doctor’s offices turning to virtualization. They do this to cut their electrical costs. The last place a Doctor tends to invest is into IT.

I think vSphere 4 as critical new tools for the Enterprise and some specific SMBs, but in general, they like what was already available. Now that is improved.

Evolving Solutions:.
Wild Card: Anything else you’d like to add?

Edward L. Haletky:
Visit www.astroarch.com/wiki/index.php/VMware_Virtual_Infrastructure_Security for the latest information on my latest book “VMware vSphere(TM) and Virtual Infrastructure Security”, which is now available in a pre-edited version on Rough-Cuts.

Is Green IT The Answer?

Last month, we at Evolving Solutions celebrated Earth Day.

In the spirit of the day, I conducted an online search on Green IT to see how others in the industry are discussing green initiatives, and found the excellent post, “Saving Green by Being Virtually Green,” by Lilac Berniker.

“The focus of IT departments has shifted palpably in the last few months. Until last year, their focus was on becoming more environmentally conscious and making concerted efforts towards ‘greening the datacenters,’” begins Berniker.  ”Today, the entire focus is on cost savings, cost avoidance and cost deferment. Few organizations realize that virtualization can be a critical link to creating a utopian world where IT can lower costs while at the same time be more green.”

So, can data center cost saving strategies, like server and storage virtualization, transform our world into the utopia envisioned by major proponents of a green lifestyle?

The answer is a resounding ‘maybe.’

Despite its name, Green IT’s focus is almost entirely on cost-savings.  However, when someone offers Green IT as a solution, many see this as trusting a vital part of your business to a faddy, green movement.

A business’ fundamental purpose for existing is to be a profitable entity, and part of what’s keeping this entity alive is a robust, efficient IT infrastructure.  While many businesses have implemented green initiatives, these initiatives are secondary, and more philanthropic than fundamental.

The reason why few organizations realize that Green IT, or initiatives like server and storage virtualization, can be beneficial to the environment is because this is not their fundamental purpose for existing.

Hence the revised focus on selling Green IT as a cost saving initiative.

So, will Green IT save costs?

Absolutely.  The idea behind green IT is lower power costs, essentially.

Will Green IT be beneficial to business?

Yes.  Solutions like server and storage virtualization, while using less power, bring with them the added benefit of more efficient IT processes, leading to a more efficient business altogether.

Will Green IT make our world a better place to live?

Likely so.  In using fewer resources, it would not be out of line to suggest that we are collectively reducing our impact on the planet.

When someone mentions Green IT in your organization, realize that while its benefit towards the greater good for our planet remains to be proven beyond a doubt, its benefit to your business is not the least bit in question.

Businesses today are finding themselves on a predatory quest to cut costs now, and in some cases, think about the ramifications to efficiency later.  Remarkably, strategies designed to lower data center costs are simultaneously designed to increase efficiency.

Evolving Solutions has gathered insight from top industry thought leaders designed to help our readers lower data center costs and improve efficiency.  Thought leaders, including Microsoft Global Strategist Toby Velte and FOCUS Consulting President Barb Goldworm, have contributed their insight to the Data Center Leaders interview series.   Below, are 5 data center cost avoidance tips from our thought leaders:

1.    Completely Reevaluate The Management Of Your Data Center: Today’s advances in technology, particularly green IT initiatives, offer tremendous potential to minimize consumption of current resources.  Per Microsoft Global Technology Strategist Toby Velte,  by reevaluating data center needs, including how much storage and speed is truly necessary, companies will become armed with the knowledge necessary to achieve sustained data center cost reduction in future projections.

2.    Server and Storage Virtualization: In the long run, virtualization is best for sustained cost reduction, states Omar Sultan, Senior Solution Manager for Data Center Switching at Cisco.  Virtualization, replacing physical servers with a virtual environment, lowers the total cost of server infrastructure, thereby lowering the total energy costs of a business overall.

3.    Move to Blade Systems: Blade systems, self-contained computer servers designed for high data density, can increase your efficiencies in power and cooling, per Barb Goldworm, President and Chief Analyst at FOCUS Consulting.   The amount of servers common in a data center have oftentimes led to power consumption concerns as these large servers must run in a temperature controlled environment.  By minimizing the heating and cooling costs necessary for a  data center, blade centers minimize the heating and cooling costs for a business as a whole.

4.    Go Green: “Organizations are finding that there simply is no more power available to them unless they pay to build the generation plants necessary to support them,” shares Dan Kusnetzky, ZDNet contributor and founding partner of the Kusnetzky Group. It can be tempting to see the green movement as just another fad, but at the end of the day, it is about saving power costs by utilizing more energy efficient technology, such as virtualization, and little else.

5.    Have a Disaster Backup and Data Recovery Plan: “If your server room imploded, what would you do?” asks Susan Snedaker, Principal Consultant with VirtualTeam.  The likely answer is, you would pay – and pay any amount – to get your critical data back.  Disasters happen, and to recover will cost money. By developing a disaster backup and data recovery plan in advance, however, companies can mitigate much of the desperation costs involved with recovery.

Offered to steer your business in the right direction, the cost avoidance tips provided in our Data Center Thought Leaders interview series illustrate ways your businesses can achieve cost cutting initiatives without sacrificing efficiency or productivity.

If you have more tips to share, we welcome your insight and invite you to share via a comment below.

Neil McAllister at InfoWorld wrote a great piece recently titled “Server Virtualization Under The Hood.”

Beyond offering insight purely on the benefits of server virtualization, McAllister takes the time to define and offer historical perspective on this burgeoning solution.

McCallister begins with an excellent definition that simplifies the idea of server virtualization, stating:

“Virtualization is a solution that basically fools an operating system (and any applications that run on top of it) into thinking the virtual machine is actual hardware. Running multiple virtual machines can fully exploit a physical server’s compute potential – and provide a rapid response to shifting datacenter demands.”

The benefit of virtualization is essentially this:  as a physical server will cost business capital to run, and only have so much computing power, it makes sense from both a financial and technical standpoint to minimize its inherent limitations and enable  virtual servers to shoulder the work.

As McAllister alerts us, the concept behind virtualization is not a new one.

Individual computers have been running multiple instances of operating systems simultaneously as far back as the 1970s.

What is new, however, is the feverish pitch surrounding virtualization as it has made its way into the general business lexicon as a cost-saving and efficiency enhancing solution.

For those seeking more detail on the different types of server virtualization available, McAllister defines the advantages of those most typically in play today:

• Full virtualization – allows nearly any operating system to be virtualized without modification
• Para virtualization – similar to full virtualization, but offering greatly improved response time for virtual servers
• OS-Level virtualization – an architecture that uses a single, standard  operating system across all virtual servers providing even greater speed

If you are considering implementing a server virtualization solution, more important than the different types of solution are the benefits your company will receive from the solution.

To get to the heart of the ultimate benefits of server virtualization, assess your IT solution needs by asking yourself questions like:

• Are you seeking primarily to reduce data center costs?
• What type of response time is necessary to ensure IT efficiency?
• What are your data capacity requirements?
• What is your timeline for implementation of a solution?

In the end, any IT solution, including server virtualization, should be looked at and discussed through the lens of its end-benefit to your business.

This is perhaps the most important idea to keep in mind when looking under the hood of any new solution.