2018 SMB Disaster Preparedness Guide

Small to medium-sized businesses face unique challenges when it comes to disaster recovery. They have to deal with a much tighter budget than a larger business, while at the same time having to meet very similar recovery expectations for users. Additionally, the IT staff is often a small, hardworking team of three or four individuals that covers all aspects of the organization’s IT needs. Finally, the team faces a threat vector in 2018 that is much broader than it has ever been, with natural disasters on the rise and cyber-threats more insidious than ever.

Most DR plans, in businesses large and small, are no longer written formal plans. Instead, they are a hodgepodge of best guesses and best efforts that, in the event of a disaster, leaves the IT team scrambling to see if they can put the pieces back together again, all with varying degrees of success.

A DR Plan for SMB

The first step in SMB disaster preparedness is to deal with the reality that IT is already stretched thin and adding something like disaster recovery planning to their plate may be too much. Instead of writing a full-blown disaster recovery plan, these IT professionals should start small and focus on the applications or datasets that are most critical to the organization. Primarily, they should approach the disaster recovery planning process in bite-size chunks, with each chunk being a viable stand-alone plan, while the other parts of the plan are developed and completed.

A DR Strategy for SMBs

Starting small is ideal for SMBs as long as they know where to start. The place to start is with the application that is the most important to the organization. As an example, many organizations will feel that email is a critical application and will want it back online as quickly as possible. For another organization, the email host may be off-site, so another application, perhaps something based on MS-SQL, will be more important to recover. In both cases, the planning process is similar. First, IT planners have to decide what is a viable recovery time for that application. There are two parameters to understand: how much data loss can occur, often called recovery point objective (RPO), and how long will can take to recover the application, often called recovery time objective (RTO).

Limiting data loss requires more frequent data protection events, and more frequent data protection events require more efficient backup tools that minimize data transfer. IT needs a solution that can backup data at a sub-file level, often called changed block tracking (CBT) or block-level incremental (BLI) backup. These techniques enable the organization to copy data quickly while minimizing the amount of time the backup is interfacing with the application and minimizing the amount of network bandwidth required to perform the transfer.

Additionally, IT planners will need their solution to provide a clean interface to those applications deemed critical (Exchange and/or MS-SQL) in order to perform a quality backup while the application remains in production.

Finally, when it comes to recovery, IT planners will need to decide if, based on the RTO parameters, they will be able to reposition data in time to meet the objective. Meeting RTO is a function of how much data has to be moved, how much network bandwidth is available and how efficient the backup software is at moving data. If there is too much data and not enough bandwidth, then IT planners have to look to techniques like recovery-in-place, where the backup volume can present a working set of the data to the application without having to transport data across the network.

Before buying any new software or hardware, it is important that IT go through this process with each of its major applications and datasets, establishing a RPO and RTO for each, and then evaluating how close they can get to the ideal with current data protection investments. They also must understand the gap between current reality and desired future. With that gap acknowledged, IT planners then need to explore solutions that will get them to the desired RPO/RTO futures. Finally, IT needs to present these findings to the organization, explaining that their choices are (1) spending no money and adjusting expectations to meet reality or (2) investing in a solution that will enable them to meet the preferred RPO/RTO targets.

DR Tactics for SMB Data Centers

As part of the DR process, IT planners need to understand what options are available to them. There are a few specific features that they need to be aware of to ensure they are part of the potential new solution.

Virtualize Everything

The first point of consideration is virtualization. SMB IT should attempt to virtualize all applications and datasets. Virtualization simply provides too many advantages to ignore, for SMBs in particular. First, most major hypervisors either have CBT technology built into them or make it easier for the backup software vendor to create their own BLI technique. Second, these hypervisors also make it easier to off-load backups so they don’t have to be performed on each virtual machine (VM). Finally, virtualization makes recovery easier since VMs can be moved from physical server to physical server with relative ease.

Replication vs. Backup

The second point of consideration is whether the organization should leverage backup or replication. The critical differences between the two techniques are frequency of protection and level of retention. Replication provides the most frequent protection and the shortest retention. Most organizations will typically use backup to provide foundation protection across the enterprise and replication for specific applications that need the higher level of protection and recovery.

The problem is that backup and replication have traditionally come from different vendors and thus needed to be managed independently of each other. The need for two separate solutions is particularly frustrating for the SMB, which typically only has one or two applications that can justify the capabilities of replication. Fortunately, some backup software vendors are now combining the two functions into a single product and interface enabling SMB IT to choose the option that makes the most sense for their environment.


Recovery-in-place complements replication. Data is still protected as part of the backup process and is stored within the backup architecture and format. However, with recovery-in-place, the software has the ability to create a volume based on the last known good copy and mount that volume directly on backup storage, which means an application can return to service without having to wait for the transfer of data over the network.

The data protection architecture should also be able to replicate its backup data, as it changes, to a remote site. Recovery-in-place enables organizations to start VMs and point them at backup storage in the remote site so that applications can return to service almost immediately after disaster declaration.

The key difference between backup with recovery-in-place and replication is the frequency of the protection event and the time required to create the virtual volume on the backup storage. For most SMBs, recovery-in-place should be suitable for the majority of their application recovery needs.


Implementing and maintaining a DR strategy is more feasible than ever for SMB data centers. Technologies like virtualization, granular backups, and recovery-in-place drive down the cost of rapid recovery. The challenge facing IT is that their data centers are already “in motion”. Instead of dropping everything to create a full-fledged disaster recovery plan, SMBs should tackle the project in chunks, essentially creating a plan for each application, making sure that phase works, and then moving on to the next application.

Sponsored by NAKIVO


Founded in 2012, NAKIVO is a US corporation dedicated to developing a fast, reliable, and affordable data protection solution for VMware, Hyper-V, and cloud environments. With 20 consecutive quarters of double-digit growth, 5-star online community reviews, 97.3% customer satisfaction with support, and more than 10,000 deployments worldwide including by Honda, Coca-Cola, China Airlines, Microsemi and many others, NAKIVO is one of the fastest-growing data protection software developers in the industry. NAKIVO has a global presence, with over 2,400 channel partners in 124 countries.

Twelve years ago George Crump founded Storage Switzerland with one simple goal; to educate IT professionals about all aspects of data center storage. He is the primary contributor to Storage Switzerland and is a heavily sought after public speaker. With over 25 years of experience designing storage solutions for data centers across the US, he has seen the birth of such technologies as RAID, NAS and SAN, Virtualization, Cloud and Enterprise Flash. Prior to founding Storage Switzerland he was CTO at one of the nation's largest storage integrators where he was in charge of technology testing, integration and product selection.

Tagged with: , , , , , , , , , , , ,
Posted in Article

Enter your email address to follow this blog and receive notifications of new posts by email.

Join 22,234 other followers

Blog Stats
%d bloggers like this: