by Thor Olavsrud

How to Build a Data Protection Plan That Ensures Application Recovery

Jul 10, 20125 mins
Data and Information SecurityDisaster RecoverySecurity

When it comes to data protection, organizations are demanding faster recovery times than ever before. Achieving rapid recovery requires a plan that focuses on applications, not just data and servers.

The availability of services and applications to employees and customers is more critical than ever before, but many organizations still focus their data protection objectives on data and servers rather than applications.

A new survey of more than 200 IT professionals in North America by Quest Software reports that 73 percent of organizations now rank restoring critical applications alongside recovering lost data as their top backup and recovery concern. But 78 percent of organizations are still creating recovery objectives focused on data, servers or a combination of both. Only five percent of respondents said they create their recover objectives based on applications.

“It’s my job to ensure that our clients’ mission-critical systems are protected at all times, and when it comes to backup, almost every organization I work with now has requirements to come up with faster recovery times than ever before,” says John O’Brien, founder and president of J.O’B Consultants. “I tell them unequivocally that if you’re concerned about meeting your recovery objectives, you better have a backup system that enables you to quickly restore your critical applications, recovering the data alone simply isn’t enough anymore.”

Service Level Agreements vs. Service Level Expectations

“Not only have end users become more and more dependent on the services that IT provides, but their expectations for availability and continuity are more demanding than ever before as well,” adds Ken Kearley, corporate applications manager for Florida College. “When a service goes down, today’s end users expect it to be restored immediately, and it’s imperative that we in IT can meet that expectation.”

And there may be a growing gap between user expectation and what IT can deliver. Among organizations that outsource to service providers for applications, Quest found 15 percent of respondents indicated there was a gap between their formal service level agreements (SLAs) and the actual service level expectations (SLEs) of their employees and customers.

“It’s often a perception issue,” says Greg Davoll, senior director of data protection marketing at Quest Software. “The five 9s may be being met for the IT SLA contract, but when the user logged in at 10:30 pm on a Friday night expecting to use the service, it wasn’t available. It may even have been down for scheduled downtime. The end user may not understand that there’s scheduled downtime and it’s part of the contract.”

Those problems can be solved with better planning and better communication, Davoll says. He suggests that organizations define their SLEs before negotiating their SLAs. But when services or applications go down unexpectedly, a plan for recovery that focuses on the applications is even more important.

Why Application Recovery Is Challenging

Application recovery remains a tricky process with many incremental and highly manual steps, Davoll says. He notes there are three factors that make application recovery challenging.

First, he says, not all apps are the same. Some are mission-critical while others are not as essential.

“Organizations have to be strategic about the way they go about setting their application recovery objectives,” he says. “One-size-fits-all recovery simply isn’t an option.”

Second, infrastructure is fluid. With the combination of physical, virtual and cloud environments that is the reality for many organizations today, application assets may not be living together in the same place within the underlying infrastructure.

“Some application assets may reside on a physical server, while some may reside on a virtual machine,” Davoll says. “Some assets may even reside off-premise. If you’re backing up with a traditional server-centric approach, truly restoring the application now requires searching multiple backups, in multiple locations, for all of the necessary components. This can be a time-consuming process, and when it comes to application recovery, time is not your friend.”

Third, most strategies require a two-step and two-person restore.

“In most cases, the backup admin needs to restore the image of the data, and from there, the application administrator needs to reconfigure the underlying application,” he says. “When you’re fighting against the clock to meet stringent user expectations, a two-step, two-person process is never ideal.”

Application Recovery Best Practices

To ensure that your organization can get its applications up and running as rapidly as possible, Davoll suggests following these four best practices:

  1. Understand user expectations. Understand the recovery time and recovery point objectives you’re committed to in your SLAs, and then go a step further and talk with end-users and company leaders about their true service level expectations. Success is about perception and much as results. Make sure your stakeholders know what to expect before building your recovery strategy.
  2. Develop a tiered recovery strategy. If all applications aren’t the same, then the recovery of those assets shouldn’t be the same either. Align your backup and recovery strategy for a given application with the criticality of that application to the business. The more critical the asset, the more quickly you need to be able to restore it.
  3. Backup based on applications, not servers. Group all relevant assets associated with a given application (servers, virtual machines, databases and so on) into an application group for which you can directly set and manage recovery SLAs. This will require data protection technology that allows administrators to organize, schedule, view, and manage backups based on applications rather than servers and infrastructure.
  4. Enable role-based access. Provide application administrators with direct visibility into the recoverability of the specific IT services they are responsible for managing, and give them the capability to leverage specialized data protection tools to perform granular, platform-specific backup and recovery tasks. This will enable you to by-pass the time-consuming, two-step recovery process that makes application recovery so challenging with most traditional backup strategies.

Thor Olavsrud covers IT Security, Big Data, Open Source, Microsoft Tools and Servers for Follow Thor on Twitter @ThorOlavsrud. Follow everything from on Twitter @CIOonline and on Facebook. Email Thor at