Databases: Prep for Disaster Recovery and Continuity Planning (Part 2)
Technological and managerial strategies to keep your databases up and running no matter what the outside world has in store for them.
Obviously, database administrators are critical to the success of any disaster recovery scenario. There are many key roles that are critical to the success of the database administrator. A server administrator will have to install and set up the server. A system administrator will be needed to install and set up the operating system. A storage administrator will be necessary to duplicate the disks accordingly. Application developers will need to assist with troubleshooting errors detected by the user community. These are some of the people that a database administrator will rely on.
Many, if not all, of these steps can be accomplished prior to any disaster and tested. There can also be problems at the time of failover where some of these areas may need to be revisited. The database administrator may know who to call and work with during normal times, but what happens when a disaster strikes and some primary support personnel are not available? They could be taking care of injured family members or injured themselves. What if your database administrator is not available? Contingencies for these scenarios should be put in place.
It is imperative for employees to know who to call when they have an issue.
One of the best ways to avoid a situation with availability is cross-training employees. An employee that knows more than one job function can become essential and can play a key role during a disruption by knowing more than one area or job function.
Some people may not be able to make it to the recovery site, leaving some areas not covered (Maiwald & Sieglein, 2002, p. 193).The cross-training should not be a complete shift from their normal profession, unless requested by the employee. What is usually better is to have an employee learn a skill that is new, but in the same profession they are currently engaged.
For instance, Oracle database administrators can cross-train as SQL Server database administrators. They are already familiar with the concepts, SQL, structures, etc. of database administration. It should mostly be a matter of learning the different toolsets for the new database software. This can be a win-win for the employee and the organization.
The employee learns a valuable new skill that can enhance their career. The organization gains an employee that has multiple skill sets that can be called upon in times of normalcy and times of crisis.
Requirements for a database will drive the type of backups you make for it. If a database can have several hours of downtime and the last night backup will work sufficiently, then a full backup will be fine. If little to no downtime and/or little to no data loss is acceptable, then full backups will not do the job.
Technologies such as remote mirroring will have to be investigated. In remote mirroring, all changes made to the production system are copied to the disaster recovery site. This is normally considered in an asynchronous context, since most disaster recovery sites are at some distance away from the primary site. "Asynchronous remote mirroring is most often utilized when the remote site is a long distance from the local site." (Staimer, 2005) When a fail over is called for, databases can be recovered with the mirrored data for business continuance.
Data replication is another technology that can keep disaster recovery databases updated. The native settings of the software replicate changes as they occur from production databases to databases at the disaster recovery site. This can be altered so that changes are applied on a schedule, i.e. every four hours. This would be for a data recovery scenario in case a user made an error. The database administrator could use the data from the disaster recovery database to correct the error in production because the changes had been delayed.
Installation of database software should be a fairly routine task for a database administrator. It should also be the same across servers with the same database versions. Installation and setup should be well documented. There is always the possibility that a database administrator will not be available when a fail over is called for. Clear and concise, step by step directions will allow technical professionals from another area the ability to stand in for a missing database administrator and set up the database software.
This being said, each production server is different. Certain things may need to be done to prepare the database. Special scripts will sometimes need to run, or jobs to load or unload data. These steps for individual databases and the order in which they should execute also need to be well documented.
The best way to set up disaster recovery is by having a dedicated site with servers available and application software running so that an immediate fail over can be done when called for. This approach is also very expensive and not always popular. There are ways to implement disaster recovery sites, save money and be practical, all at the same time.
An excellent approach for the dual use of just such a facility is testing of upgrades. All operating systems, applications, and databases require regular maintenance patches, fixes, and upgrades. With environments available as exact duplicates of production systems, these are prime locations to test the maintenance releases.
Patches and fixes can be applied to a disaster recovery system on a regular schedule. An approved test plan can be administered against the environment to check for issues with the maintenance release. If no issues are found, the patches can be left in place and migrated to the test environment on a regular schedule as well. If no problems are found, the patches can then be migrated into production on a regular schedule.
If any issues are found at the disaster recovery site or in the test system, then the patch can be rolled back or tickets can be opened with the vendors if problems are minor. This eliminates the need for a separate laboratory environment, which can also be very costly. No additional hardware, software, licenses, maintenance, administration, or space would be needed for a lab to test maintenance releases.
If you do not currently have a lab for testing patches and fixes for software, then this can be of a substantial benefit in three areas. The money has already been spent on the disaster recovery site, which was a necessity in itself. Secondly, a duplicate environment of your production systems now exists to test software patching, negating the need for a laboratory. Thirdly, less administrative maintenance is spent on systems once they are patched. Keeping software patched and fixed to current levels reduces downtime and the amount of time administrators spend on system repairs.
This approach can be especially helpful for database administrators. Many times a server may be available for database installations, patching and upgrades, but rarely are there complete environments for these tasks. The need for application developers and users is to test the application against the database after the patches have been installed. The database administrator can perform some limited testing, but the true tests come when users put the system through the motions.
Stocking the disaster recovery site with test servers is another great way to get the disaster recovery site up and running quickly and maximize the value of those servers. In most, if not every case, these servers are purchased for every new project that will be migrated into production. Test servers should be purchased with the same specifications, or better, than production. Most test servers will need higher capacity because more databases, application servers, web servers, etc. will be running on them than the production hardware. With test servers in the disaster recovery facility, much of the work of software installation is already done. Disaster recovery instances can be created on test servers and left idle. Application servers, web servers, and databases just wait for the day that a fail over will be alerted.
Using virtualized servers can assist in lower costs for a disaster recovery site. Server virtualization has become less expensive and at the same time, less complex, "... the cost of these technologies continues to fall, allowing small firms to implement solutions once reserved for large companies." (McCarthy, 2007).