SunGard Availability Services’ track record in the area of business continuity looks pretty impressive. The company’s Web site says SunGard does 350,000 hours of business continuity consulting each year, has written 10,000 disaster recovery (DR) plans, and can be credited with more than 1,500 successful recoveries! With 26 years in the information availability business, Wayne, Pa.-based SunGard has developed – and implemented – strategies to deal with disasters of every type. Dave Palermo, SunGard’s vice-president, marketing, shares some of these strategies in this exclusive interview with Warren Lee.
Have approaches, perceptions and strategies on disaster recovery changed significantly over the years? If so, in what way?
On September 11, 2001, very little data was lost. Most of those financial companies had backup centres, or their data backed up in New Jersey, New York or Connecticut, but people couldn’t get out of Manhattan to get to the data. So at its base level, Information Availability is about keeping people and information connected. TextTwenty-six years ago we founded the DR business. At the time, in a nutshell [this is how it went]: if your three computers were no longer available, you would bring your data and applications to our centre. You would have access to three computers that matched or exceeded what you needed. You would rebuild your systems at our place, run your business for a short to medium period of time, and when your building or systems became available, you would move back home.
So at the time DR meant responding to crisis situations as they arose.
Yes. It [was] very much a “break glass in case of emergency” type of operation. In recent years, however, we developed a product called Information Availability. The short definition is “uninterrupted access.” We spent years building these redundant data centres that had diesel generators and uninterrupted power supplies, batteries, redundant and disparate networks (meaning that we have multiple carriers coming into our building) – lots of redundancy. Information availability was the next logical step.
Are there compelling reasons why a company should outsource business continuity operations instead of managing them inhouse?
A company running high-profile, critical applications in a building, has a couple of choices. It can build another building, maybe across the country, maybe on another continent. That’s expensive, but it does give redundancy. If one centre goes down, the other can pick it up. That’s great on day one. But when you add a system to centre number one, you’ve also got to make the same change to centre number two at some point in time. There is about a nine-month lag between upgrades to the primary and the secondary centre. A great theory and concept, but it never seems to become reality.
So you can do it yourself, or you can say: “SunGard has already built this redundancy. I will take my systems and put them on SunGard’s floor. I’m still controlling the application and data. SunGard provides the redundant infrastructure, and now I have the best of both worlds. It’s not outsourcing because I haven’t turned over control of anything, except the physical box, and SunGard has this massive redundancy and global reach.”
In your view what’s the best approach for less critical applications?
For such applications you can still use traditional DR techniques. You’ve got a little bit of time. An inventory system you may need once a month on the 30th of the month, or a payroll system on the 15th and 30th. You have a blended solution of dedicated managed services on our floor, and disaster recovery. And now, for a lot less money than building redundancy in for everything, your systems are always up and running.
The last piece of it – and this one many companies miss – is the people piece. On September 11, 2001, very little data was lost. Most of those financial companies had backup centres, or their data backed up in New Jersey, New York or Connecticut, but people couldn’t get out of Manhattan to get to the data. So at its base level, Information Availability is about keeping people and information connected. That’s the trend that we’ve seen recently — regardless of the system, whether it’s a midrange, a mainframe, or an Intel based system.
How does SunGard help its customers do what you’ve just described…keep people and information connected?
Companies put critical applications in our centres. We then provide the people component, because we’ve got thirty-plus centres in North America with anywhere from a hundred to several hundred workgroup seats connected by the SunGard global network, which ties people back to their processes.Disaster Recovery involves two key things: One, it is about people and information. Two, it’s all about ‘now’.Text
This is exactly what occurred during Hurricane Katrina. We have an Information Availability customer in southern Louisiana. Their critical systems run at our Philadelphia centre. Their people went to Smyrna, Georgia. So they left Louisiana, drove to Georgia, sat down at the ten workstations. We redirected their network from their primary to our Georgia facility and they are now connected right back to their system.
So they physically drove over and could get access to their information?
Yes. They could have set it up so that, using Internet redirect, their critical people could have accessed their system from home. Really, each company says this is what I need and we build it for them.
So this system is being used right now as we speak.
Yes. Now, what that saved them is that they didn’t have to make sure that their tapes were the most up-to-date. They had to retrieve their tapes, go to our centre and rebuild their operating system first, then their applications, then load their data — as soon as they got to the Georgia centre. So after a four-hour drive they’d be right back in operation.
I guess in such instances, the “timeliness” of the DR operation is as important as the operation itself.
Oh, it absolutely is. Disaster Recovery involves two key things: One, it is about people and information. Two, it’s all about “now.” People just don’t want to wait any more. Traditional disaster recovery — whether from us, or IBM, or Hewlett-Packard — is a 48-hour process. For many applications, that’s a long, long time. about the trick is keeping it on all the time, building redundancy into it, but not going broke in the process.
What about small to medium size businesses…is there anything in your product offering that focuses on their needs?
Yes. The bigger a company is, the more likely it is that they’ve got the resources to be doing most of this stuff on their own. Small businesses really benefit from our economies of scale. That’s why we offer the Information Availability Plus bundle — it’s ideal.
Putting servers on our floor gives you the benefit of the million dollar plus generators that, as a small business, you’re not going to buy — plus the backup systems, and the people, and all the rest of it. You also then get the ten workgroup seats. All of our services are available to a small business. We have a program through Dell, for example, where you can buy US$500 – US$1,500 a year disaster recovery from Dell when you buy a Dell server. And that’s squarely aimed at small and medium businesses.Text
Let’s say you’re in Toronto and we’re hosting your systems in either Toronto or Philadelphia or Chicago, and there’s a problem in Toronto