• Solutions
  • By Industry
    • Distribution
    • Financial Services
    • Gaming
    • Government
    • Healthcare
    • Manufacturing
    • Media & Entertainment
    • Travel, Transportation & Logistics
  • By IT Need
    • Proactively Prevent Downtime
    • Protect Data for Compliance
    • Achieve Disaster Resilience
    • Reduce CAPEX & OPEX
    • Provide HA in Remote Locations
  • Small & Medium Business Solutions
  • Windows Business Application Availability
    • BlackBerry HA
    • Exchange HA
    • SharePoint HA
    • SQL HA
    • XenApp HA
    • BlackBerry DR
    • Exchange DR
    • SharePoint DR
    • SQL DR
    • Virtual Server DR
• Products
  • Overview
  • everRun 2G
  • everRun VM for XenServer
  • everRun DR
  • everRun SplitSite
  • everRun HA & FT
  • everRun Advantage
  • Product FAQs
• Services
  • everRun Services Overview
  • Consulting Services
  • Training Services
    • Course Schedule
    • Course Registration
  • Assurance Program
  • Customer Portal
  • Requesting Technical Support
  • Technical Community Login
  • everRun Assist Web Support
• Partners
  • Partners Overview
  • Citrix Alliance
  • Microsoft Alliance
  • Why Resell Marathon
  • Partner Program FAQs
  • Find A Reseller
  • Partner Login
• Resources
  • Resource Center
  • White Papers
  • Webinar Recordings
  • ROI Calculator
  • Collateral
  • Flash Demos
  • Customer Endorsements
  • Success Stories
  • Product Reviews
  • Analyst Opinions
  • Exporting everRun Products
• News & Events
  • Latest News
  • Press Releases
  • In The News
  • Events & Webinars
• About Us
  • Overview
  • Why Marathon
  • Executive Team
  • Board of Directors
  • Awards
  • Careers
    • Current Openings
    • Benefits
  • Corporate Offices
  • Contact Us

Blog

Restlessness and discontent are the first necessities of progress.
-- Thomas A. Edison

“So I hear you’re going to Marathon,” a good friend said to me over the phone just before I started here recently. “I understand they’ve got some really cool technology to prevent downtime. I could probably use it, but I’ve just come to accept regular downtime as a fact of life, especially with applications such as email.”

“What do you do when you're down?” I inquired.

“Not much.” He responded. “As a manager, I rely on email for much of my project-based activities. But the outages seem to last much longer than one would expect. The last one was several hours.”

“That,” I said, “is precisely why I found the Marathon opportunity so interesting. It seems as if everyone is settling for less and that downtime is OK. Where’s the discontent? The angst? Finally, we’re starting to see the frustration level rise. Our world has fundamentally changed and our reliance on technology is a critical element of many things in our lives. When one of the critical apps on my mobile phone isn’t working, I’m down too. Market expectations and reality are misaligned, which creates a great opportunity for Marathon, its customers, and its prospects. That’s incredibly exciting. Plus they have thousands of customers. Those are quite a few proof points.”
 

Over the years, I have been an engineer, an entrepreneur, a systems integrator, a consultant, a channel manager, and a marketer. I built radars, operating systems, computing platforms, embedded systems, data centers, corporate networks, carrier networks, and worldwide internet service providers. In every single project – large or small – my teams and I always had the fundamental challenge: how do we keep the systems running? How do we keep them available? In some instances, lives depended upon uptime.
 

What did we do to address this? We just focused on recovery in the event of failure(s) because we never had a prevention mindset. That’s the Marathon differentiation that I found so appealing. It’s a powerful model. When I heard about customers such as Abercrombie & Fitch running for years without an outage or data loss, I quickly realized that prevention works. Why settle for less?

 

Today's tip comes to us from author Eric Beehler via our friends at Realtime Publishers.

Disaster recovery is somewhat of a buzzword in the IT industry, and IT professionals have all been exposed to their share of great disaster recovery ideas from business managers. These ideas are often based on the industry buzz and seem to only make more work for you with little gain overall. This is usually because the idea is not backed up with a real plan. The actual implementation of disaster recovery is usually a big chore to undertake correctly, but in the end, it is well worth the trouble.

It's important to be ready to recover your data and systems when a disaster strikes, but it is rarely a top priority in the grand scheme of IT projects when crisis has yet to strike close to home. Unless your company has decided to make disaster recovery a high-level objective, it's usually the front-line administrator that will be saddled with the responsibility of implementing some sort of plan to save the day -- but you will likely be short changed on training and resources to get the job done.

There are many ways to deal with a disaster, from having a set of cold standby machines to employing a fully redundant hot data center. In reality, as the administrator, your job doesn't change much based on the scenario for recovery; it has to be up and available to keep your business running. You likely have some kind of plan now, but if you haven't been through the real thing, you really don't know if your plan will hold water. For Windows administrators, there are several problems that seem to expose themselves when it's time to exercise a disaster recovery plan, or worse yet, go through the real thing. Here are some common ways to tell that you are not ready for a disaster.

Plan for an Alternative Site
You are not ready for a disaster if you don't have a place to go, which requires planning for a full on-site disaster in which your site is down or inaccessible. There are several methods to address this issue if you don't have a solution today, from having an alternative site with servers waiting to be loaded up for operation to a warm site that is always ready and waiting to take traffic. These decisions are not usually made by you but by the CIO. All you can often do is consider the solution given to you and how that will impact your ability to recover. A cold site, for example, will allow you to have hardware and connectivity available, but you will need to account for operating systems (OSs), drivers, configuration differences, and data center differences. In a warm site, you have to ensure that changes to configurations and data remain synched across the two sites.

Plan for Downtime
You also have to consider whether the site solution will support the Recovery Time Objective (RTO) required by the applications and business. Simply put, the RTO is the amount of time your users will be without the functions supported by your server, which could be a Web site, a mailbox, or the ability to log on to the domain. You should have this time defined per application or function supported by your server. This, of course, in a bigger effort for disaster recovery, may be defined for you, but don't be surprised if the business people you support have no idea that your server supports the functionality they require. You may need to interject with your personal knowledge of how your server functions in order to get this definition correct.

There are generally accepted categories for RTO that fall into tiers, as Figure 1 shows. Use these as a guideline but feel free to create standards within your own organization to meet your needs. If you have a need to recover applications with 2, 4, and 8 hours, redefine the tiers so that they make sense to your business through an analysis of the business impact of downtime. Just be sure that you can apply the standards as broadly as possible across the organization.
 

Plan Your Tolerance to Data Loss
You are not ready for a disaster if you don't know your tolerance for data loss. Let's start with the basic foundation of the backup. Whether you use simple tape backups or an advanced nearline solution, you have to consider that most solutions are put in place to account for day-to-day operational needs. First, the exercise you went through with RTO must be done for the Recovery Point Objective (RPO), which is the amount of data that can be lost. You have to understand what the business can afford to lose; this value is not necessarily tied to an RTO tier. Take, for example, a point of sale system. If the system is down for 5 hours, the business may be able to recover by entering the orders taken while the system was down, but data loss of 5 hours may mean millions of dollars in lost sales.

The gut reaction for your RPO on some of your systems may be that no data loss is acceptable. In other cases, 24 hours of data loss may be acceptable. The goal is to understand what can be tolerated, not what is desired. Everyone will desire no data loss, but put a realistic perspective to the real value of the data. If you define Tier A RPO as no data loss, then you have to put systems in place that allow for that reliability. This means copying transactions as they happen to a backup site, which is an expensive solution that should be used only on your critical business applications, depending on your budget. If you have Tier B systems as defined in Figure 2, you will need some sort of solution that will be separate from your nightly backups, as you cannot count on having your last nightly tape backup at your recovery site.

Considering the Loss of a Backup
You are not ready for disaster if you rely on your daily backup for a recovery scenario. You may have in your head that you can rely on the last tape backup in the event of a disaster. Whether such is the case depends on a key question: can you get your restore process to work offsite? Don't be so quick to answer this one. If you take advantage of offsite storage either through a vendor or your own in-house process, it is an excellent step, but offsite storage doesn't necessarily guarantee you can restore at your disaster recovery site within the specified RPO and RTO.

Tape drive compatibility, backup software, delivery time, drivers, and OSs are all considerations that you must address prior to saying your solution is ready. This is especially true for a third-party backup site that will provide you with "like" hardware. That equipment will not be your equipment, and even if it is, expect aspects of the infrastructure to be different, such as IP address schemes, firmware (which can be a nightmare when working with SANs), and simple access to the hardware.

You also have the issue of archive requirements and the fact that you likely rely on these tapes for your day-to-day restores. If you perform restores for file recovery and other issues, you likely want to keep those tapes close by. If you ship them away for maximum protection, it's going to cost a pretty penny in order to request tapes from your offsite storage vendor.

You also have to consider how those tapes make it to the recovery site. If you make full backups only once a week and you only do offsite storage once a week, you might only get a restore from 2 weeks prior. Why? Because if you are lucky enough to get your tapes offsite a day or two after the full backup and you get the shipment to your disaster recovery site 4 to 8 hours after they are requested, you can almost bet that Murphy's Law will strike and you will get a bad tape somewhere in the set. Then you have to move back in the chain, and with most full backups run weekly, you might be taking you system back 2 weeks or more if Murphy continues to strike. Now, the RPO of your plan that you expected to meet with your existing backup plan is not being met.

Even if you do recover your servers with no issues, how long will it take to recover them all? Consider the queuing on the tape drives, with multiple servers waiting for those tapes to be loaded. It could take quite a long time before you even get a chance to try a restore to your server depending on the technology present at the recovery site. What can you do? Well, time to restore will be reduced if you can restore large chunks at one time. Consider putting systems with like RPO and RTO requirements in the same backup set.

Better yet, host them on a LUN or set of LUNs on your SAN or other logical storage method in your situation so that a restore can be done all at once. You might even consider booting from the SAN, which might save you from having to restore the local disk of many servers. If you have a blade server solution, this may even be baked into your infrastructure.

Using Disk-Based Backup
Let's also consider disk-based backup. This solution has become increasingly popular because of the low cost of hard disks and the ease of backup and restore. In addition, disks often take minutes to back up and restore what used to take hours. The software supported by these systems even has versioning, much more frequent backups, and nifty utilities that make life much easier on the administrator. This is usually all handled by complex backup management software such as Microsoft System Center Data Protection Manager. When using this kind of solution, consider employing these often-integrated features to support data replication of some sort, although vendors name these types of features differently.

You can even copy your live data to your recovery site using a SAN/NAS vendor's Failure Resistant Disk Solution (FRDS). You should, however, consider the fact that this kind of solution will be much more expensive than tapes because it will require duplicate equipment with data replication happening across a wide area network (WAN).

You should refer to your RTO and RPO tiers to determine whether certain servers and data sets could stand to be away from your disk replication and rely more on a tape solution. You should also consider your disaster site and understand whether it can support this kind of solution. You should treat your server restores as a form of triage. You need to know, based upon RTO and RPO, what you are going to recover first and what can wait.

Considering Configuration
If you can't identify the full configuration of your servers, you are not ready for a disaster. Realistically, can you keep track of 300 shares on a terabyte SAN served by a load-balanced Windows cluster server? Do you know which shares go to which directories on which LUNs? You have to document configurations. This is true whether you have a basic bare metal restore plan or a full redundant data center. The luxuries of a production environment won't be at your disposal. A normal production environment allows you the opportunity to compare configurations when something goes wrong and work through a problem. A disaster affords you no such luxury.

No matter how familiar you are with your systems, you need to have everything documented that can be changed. For any applications, you should have a guide for their installation in your environment. You should have the servers documented with everything from IP addresses and patches to database connections and configuration files. If you run IIS for Web applications, you should have that configuration documented as well. Some sort of context diagram is often useful to determine how your server interacts with other systems.

Utilize configuration management systems, such as SMS, to do some of the heavy lifting for you. Create reports and keep them up to date in an alternative location, either a paper copy offsite or an electronic one. Configuration problems seem to be a killer when recovering because changes sometimes get applied without strict control. What seems like a small change can kill you in a disaster when it hasn't been documented.

Documenting the infrastructure goes beyond your own servers, but is just as important when it's time to troubleshoot. You can bring your file server back and you can bring your application servers back, but if you don't have proper DNS or connectivity, no one will be connecting to those systems you've recovered. If you have dependencies on other systems, you need to identify them. Know what names should be in DNS, what IP addresses and subnet you are on, what systems you interact with such as database servers or other back-end services such as the DMZ or Internet access. When you tell a database administrator that your application is taking SQL errors, you should know what database server, database, port, connection type, and authentication type you are using. You should also know the user name and password being used, if there is one. Does the server break down into pieces? Does it have multiple applications or functions? Document those functions separately.

You can't think of server as a single system if your customers don't see it as a single function. Remember that restoring an infrastructure is many pieces to a whole, and you should not expect any of those pieces to work correctly as you can in a production environment. In fact, when you face an issue in production, it usually has a single root cause, but a disaster recovery will usually experience several major issues at the same time. You need to know where you stand in the ecosystem of your environment to understand how to identify and help fix those issues.

Identifying Single Points of Failure
If you have a single point of failure, you are not ready for a disaster. A single point of failure can ruin your nicely laid out plans. Although not a requirement for a disaster recovery, the ‘N + 1' definition used when considering disaster recovery is many components backed up by a single component. You can still run into problems using N + 1, especially at a cold site where you have not been exercising your disaster recovery equipment to ensure its health. You might consider having additional servers of a similar capacity available above the minimum number required to recover just in case you experience a failure at your recovery site.

An optimal solution will have redundancy built-in to your recovery site the way you have it outfitted at your production site. If you have a failover cluster in one location, you would do the same in the recovery site, even though you could technically get by with a single server, assuming that server functions as expected. You should also consider the interdependencies of your infrastructure, such as network, when you think of this issue. Single switches, routers, domain controllers, and sources of power can also be points of failure.

Single point of failure doesn't stop at the system level. You might have that one guy or gal who knows everything about your environment. When you're at his desk and something goes wrong with the system or a specific application, he always has the answer. This gal is a good person, but when it comes down to it, you can't rely on a single person. When a disaster strikes, the go-to person may not be available during the recovery phase-yourself included. When everyone looks around and throws up their hands because such and such is down, what do you do? You wish you could go back in time and document that ingrained knowledge. This is also true for day-to-day operations, but especially necessary when everything is going wrong because of a disaster. The person who knows it all is not what you need, you need full documentation of the knowledge that person possesses. Your go-to should really be your documentation.

Integrating Disaster Recovery into Daily Life
If you don't integrate disaster recovery into your daily operations, you are not ready for a disaster. Organizations that plan for disaster recovery as a single project with a start and an end will fail. Don't let the hard work go to waste. When you put these plans in motion, get all that documentation done, have recovery solutions in place, and continue to update your documentation and test your systems. If you don't test you disaster recovery process regularly, how do you know it will work? If you don't update your documentation day-to-day when changes are made, your documentation is outdated and may even be detrimental to your recovery efforts. Don't let apathy or a disconnected process of change management get you in the end. Not only does integration help your readiness, it reduces the dedicated time necessary to getting disaster recovery ready. Find a way to make what you use in disaster recovery a part of daily life.

Eric Beehler has been working in the IT industry since the mid-90s and has been playing with computer technology well before that. From Help desk technician to solutions provider, he has been involved at many layers of enterprise solutions from the desktop to the network to the server and the SAN. He currently has certifications from CompTIA (A+, N+, Server+), and Microsoft (MCITP: Enterprise Support Technician and Consumer Support Technician, MCTS: Windows Vista Configuration, MCDBA SQL Server 2000, MCSE+I Windows NT 4.0, MCSE Windows 2000, and MCSE Windows 2003). He also holds a Master’s degree in Business Administration from the University of Colorado at Colorado Springs. His experience includes more than nine years with Hewlett-Packard’s Managed Services division, working with Fortune 500 companies to deliver network and server solutions and, most recently, IT experience in the insurance industry working on highly available solutions and disaster recovery. He has co-authored books, including MCITP: Microsoft Windows Vista Desktop Support Enterprise Study Guide (Sybex/Wiley Publishing), authored several white papers, and co-hosts the "CS Techcast" podcast aimed at IT professionals. He provides consulting and training through Consortio Services, LLC.

For additional information about Disaster Recovery and High Availability topics, be sure to check out Marathon's Resource Center which has an extensive library of white papers, webinars and eBooks availabile for download.

Earlier this week, we hosted a webinar on the topic of “How to Cut Risks and Costs with a Downtime Analysis & Action Plan.” We know from our experience in application availability that many companies avoid these types of assessments – they either don't know where to start or decide that they don’t have the time or experience to conduct an assessment, so they just live with the unknowns and hope that nothing bad happens. (We’ve seen the consequences of downtime at many companies and don’t recommend this method!)

Our VP of Services & Support, Beth Shea, explored this topic in detail and provided a simple framework that companies can use today to uncover their risks and put measures in place to minimize the impact of downtime. To learn more, be sure to watch the 30-minute webinar. You can also check out the Q&A session from the webinar, summarized below.

Q: When looking at the impact of downtime, it is just unplanned downtime, or should you include planned downtime as well?
You absolutely need to plan for both planned and unplanned downtime, as there’s a real cost and business impact to both. They both need to be included in your impact assessment.

Q: What about branch offices – should they be included in a downtime assessment?
According to Forrester Research, about 20% of a company’s business is tied up in branch and remote offices, and IT needs to include these offices in any assessment that they are conducting. You shouldn’t overlook these offices when putting together your downtime and business impact assessments. They have to be factored in.

Q: How often should I conduct a business impact and risk assessment?
What we’ve found with our customers is that conducting an annual assessment is sufficient, or in some cases, twice a year, depending on the type of business. You can then use these as your benchmark going forward to determine the success of the initiative and ensure that you have the key metrics to report to your management team.

Q: How do you determine when to use local high availability vs. a disaster recovery solution?
Fault tolerance, high availability, disaster recovery - all of these different terms can be confusing and they can have different meanings to different people. The way we think of this is that when you’re implementing high availability or fault tolerance this is to ensure that locally you are protected against the everyday, nuisance failures that cause downtime. If you lose a fan or a drive for example, you would automatically route to another server within the same building or local area. Disaster recovery solutions are really for recovery from catastrophes (fire, flood) or other events where you need to failover to a much more distant location. You don’t want to use this type of solution for everyday failures, as it can be very time consuming to failover and failback, and you can potentially lose some data. For local protection, you want high availability/fault tolerant solutions.

Q: What about hosted applications like salesforce.com, how do I account for those in this type of assessment?
In today’s world, so many applications are offered as Software-as-a-Service (SaaS) or sometimes called hosted applications, where they are no longer hosted at your site. However, they are still important to your business and need to be included as part of your overall assessment. Our approach is to conduct the assessment for your SaaS applications as if all they were onsite. Then use your tiered analysis and make sure that your SaaS vendor is meeting your availability requirements for that application, and that they have the necessary protections in place to protect that application to the same level that you would protect if it were in-house.

Q: Does Marathon offer any services to conduct this type of assessment?
Yes – this is a service that we provide for our customers. Most customers are very satisfied with the service, because it usually has an immediate ROI for their business. If you are interested in this type of service, please feel free to us at 978-489-1100.

Q: Does Marathon have any templates available to build a framework for this type of assessment?
Absolutely. From our 16+ years of working with customers on the assessment and prevention of downtime, we’ve put together an extensive list of questions to ask about the business risks and impact of downtime. Please feel free to contact us if you would like more information.

Q: How do you measure or put a price on the intangible impacts of downtime?
This can be tough to nail down, but what we recommend is developing some basic estimates. This isn’t meant to be an exact number, what we are really trying to achieve here is to prioritize applications, put them into the tiers that we discussed and make sure that you are putting the right amount of resources against the right applications. From a productivity perspective, one metric you could use is to look at the cost of employee salaries and how much it would cost in salary costs to have employees not be able to work for a certain amount of time. This is just one example.

Q: Does everRun handle quick switch over to back up site if the main site goes down?
Yes, within seconds.

Q: What are the requirements for the backup site?
The machines at the backup site are in the same pool as the primary site, so the backup machines must meet the requirements to be in the same pool as the primary site machines.

Q: How about regular data sync between main site and backup site?
Since the primary and backup site are running in lockstep mode, the application and the data are always in sync between the primary and backup sites.

Frank Ohlhorst, former Executive Technical Editor for eWeek and award-winning IT expert, was our expert guest speaker this week for the webinar, “Cut Your DR Costs and Get Better Data Protection.” During his presentation, Frank reviewed why he believes that now is the time to rethink traditional approaches to disaster recovery. He explained why the total cost of ownership for disaster recovery solutions is on the rise, and why changing data protection dynamics are making it more economical to focus your time and budget on the prevention of downtime and data loss, rather than recovery.

Below is the summary of the audience questions from the Q&A portion of the webinar.

Q: You talked about how HA can give you a geographic advantage. What do you mean by that?
Frank Ohlhorst: High availability systems are designed to work with multiple servers and there’s no reason why you can’t have those servers located hundreds or thousands of miles apart. You get a geographic advantage because your data centers is in multiple places and regional areas, so if a weather-related or other event occurs, let’s say a blizzard up north with a power outage, your data center down south can pick up the slack without kicking users off the system. The same can be said about a data center located in an area with hurricanes or other natural disasters. The geographic separation gives you added protection.
When high availability is paired with load balancing, it helps to locate the data resources closer to where the users are requesting them. Let’s say you have users in Utah, it’s better performance-wise to have them talk to the data center in Nevada rather than Virginia. It helps on that level also. HA solutions also have the tools for monitoring what is going on with your users and network, to help you plan out how you should assign users to specific data centers for the most efficiency.

Q: I understand how high availability can handle unplanned downtime, but what about planned downtime? Can it help there as well?
Frank Ohlhorst: Yes, the idea there is being as you have multiple active systems to meet the user’s needs, you can take one of those systems down for maintenance and have the users serviced by the active machines while you make the updates and improvements. Then when you are done, just resynchronize with the other systems, move the users over to those systems and update the rest of the servers.
Another great benefit of this is for testing upgrades and changes. So take one system offline and test your upgrades to see if they work properly before you return that system to production.

Q: If I have an HA solution in place, is back-up still necessary?
Frank Ohlhorst: 99% of the time the answer to that question is yes. It depends on what your corporate needs are. There are certain situations where HA might not deal with your catastrophe. Those are usually software-damaging events, like a virus infection, that winds up getting replicated across the system. Of course, that should really be part of your security planning to prevent events like that from even happening. With today’s security technologies, it’s pretty easy to prevent that. But if you did ever have one of those events, you do need something to roll-back to, and that’s where the back-up comes in to play. Ideally though, you should be preventing that type of event, because you also have the potential to lose active data if that happens. When it comes to compliance or auditing, you have to restore data relevant to that time period to meet the needs of e-discovery, compliance, accounting audits and other similar requirements. So you can’t just say, “I have HA in place, so I don’t need to back-up.”

Q: What about data de-duplication technologies, don’t they help solve this problem of managing large volumes of data?
Frank Ohlhorst: They reduce the data footprint for sure, but what we’re talking about here is availability of the data. They can certainly reduce the size of your data footprint, you can use de-dup to speed up backups. At the end of the day though, if the system or application is not accessible to the user, then it’s not available and you haven’t met your objectives. It’s a simple matter of business logic that data de-duplication can improve performance and reduce the size of the footprint, but it doesn’t solve the problem of providing access to users during catastrophic events.

Q: Do you see continuous availability and high availability as the same, and if so, how do you differentiate between the two and the costs?
Frank Ohlhorst: There was a time when those technologies were very, very different. That was way back when we relied on expensive hardware-based solutions or appliances that provided continuous availability. High availability at that time was thought of as a method to switch from one server to another using a manual process in the case of an emergency.

High Availability technology has evolved significantly since then. Now, the two are really one in the same from a planning and software point of view. Today’s HA solutions eliminate that step of manual switchover. What you see with the vendors today is automatic HA technology that really delivers continuous availability. And the cost gap today is pretty much zero, since the technology for continuous availability and high availability has evolved to be almost one in the same.

Q: With an SRDF/S-type solution, how can we get around the fact that being geographically more separated to mitigate regional disruptions can mean slower primary system response times due to the need to remain synchronous?
Frank Ohlhorst: Let’s look at this first from the ideology of what we’re trying to do which is business continuity. So, if you encounter a situation when you lose connectivity to a system and it’s still available at another location, then you’ve met the goal there of providing continuity. And you’re in much better shape than you would be at that point if you had a disaster recovery solution instead of a business continuity solution.

The question you have to ask yourself at that point in time is: Is reduced performance better than no performance at all? For most businesses, the answer is yes. For others, if the performance lag is significant enough it can impact business. In those cases, you’ll have to work out a way to develop geographically dispersed sites can that can provide enough performance to the user sets that need access to the data. You also need to make sure that your connectivity has enough bandwidth to support your BC/HA solutions, which means the ability to replicate the data in real time across the wire. You might have to invest in larger pipes for better connectivity to support that. But again, that depends on your particular business and your needs. There is no one correct answer to this question, but the good news is that there are several solutions today that can help you solve this problem and meet the levels of availability that you need for your business.

Keeping your applications “always-on” for users is no easy task, and can be particularly tricky for branch or remote locations where you probably have little or no IT staff to support your efforts. Forrester Research senior analyst Stephanie Balaouras has been studying this trend and has pulled together the top 5 best practices for supporting application availability at remote and branch locations. She presented these during a webinar last month and we've also summarized them below.

TIP #1 – Don't Overlook Remote Location Availability

While this may seem like an obvious point, it’s actually very common for IT departments to overlook their branch and remote locations when it comes to application availability. You can’t neglect these offices for both high availability (HA) and disaster recovery (DR) plans—you need a holistic approach to protect all of your business applications, no matter where they are located. This also means that you need to factor in these systems when planning your IT budget as well.

According to recent Forrester Research data, IT systems at remote and branch office locations account for more than 20% of your total infrastructure. They are critical to your business process and operations. Today, a lot of these locations don’t have HA or DR, and in some cases, they don’t even have basic back-up. Make sure that these offices and locations aren’t forgotten as part of your HA and DR plans.

TIP #2 – Classify Systems by Criticallity

When developing your strategy for operational HA and DR, best practices include performing a business impact analysis. This doesn’t have to be a lengthy process—you just need to map the dependent systems for each business process, and then create a rough estimate the cost of downtime for each. Once you have that information, you can determine availability rates as well as recovery objectives. As part of that process you should also identify the most probable types of downtime. When you put that all together, you can classify systems by criticality, such as mission critical, business critical, business supporting, etc., and you can then determine the availability rates needed for each of those systems.

TIP #3 – Develop Tiers of Service for Availability

Once you understand your range of recovery objectives, it helps to have an IT availability and service continuity catalog. This catalog defines a range of service tiers. Forrester typically sees four levels: mission critical, business critical, business important and business supporting. Each of these tiers has associated recovery objectives, technology pre-requisites and the costs to deliver that service. This catalog helps to simplify your strategy, by allowing you to assign appropriate tier classifications to new systems quickly and easily.

Another benefit of using this method is that it also helps you to limit the number of point products you are using for HA and DR. The more point products you are using, the more you complicate the sequencing and complexity of preventing a failure or recovering from a failure. Keep it simple. Every time you deploy a new application or system, assign a tier from your catalog, put the appropriate protection in place, and then communicate that to the business.

TIP #4 – Measure Availability from the End-User Perspective

Well-written objectives measure both planned and unplanned downtime and also take into account the timing of downtime. For example, you don’t take your systems down for planned maintenance during peak sales periods or at 1pm on a weekday when your traffic is at its highest level. You select times when users will be least affected. Availability isn’t about the individual IT system, infrastructure or component. Technology uptime is important to track but is not a true measure of availability. True availability has to be measured from the end user perspective. If the application or service is not available for use, even if the individual components are functioning, then that means the service is down. When making decisions about HA and DR strategies, you have to look at availability from a people perspective, not a technology perspective.

TIP #5 – Make Availability Part of Every IT Decision

Availability is no longer an optional practice. It’s essential. It’s something you owe to your employees, your customers, your partners and your investors. Application resiliency has to be part of the planning process right from the start—HA and DR should not be an after-thought. Even in remote and branch locations, these applications are critical to the success of the business, so availability of the systems should be included during the planning phases of the project, rather than an add-on after the project is completed.

Last Thursday’s webinar “Application Availability for Remote & Branch Locations” with Forrester analyst Stephanie Balaouras was packed with useful tips and best practices for protecting remote and branch offices from application service disruption. Stephanie has conducted extensive research in this area and shared her Top 5 Best Practices during the webinar. A recording of the webinar is now available in case you missed the live event.

The summary of the webinar Q&A with Stephanie and Michael Bilancieri, Sr. Director of Products for Marathon, is below.

Q: I like the idea of integrating HA and DR plans. How often should those plans be updated?
A: Stephanie Balaouras, Forrester: The ideal scenario is to update your high availability and disaster recovery plans continuously as part of your change management and configuration management. That’s the ideal scenario. They should be integrated into day-to-day operations and your plans should be updated as a part of that. If that’s not feasible, then at least quarterly updates should be made to the plans. One of the hardest parts of DR is that if you don’t keep the plans updated and you’re not testing regularly you’ll have major configuration drift between your sites. When you have a failure or disaster and have to invoke your DR plan is not the time you want to find out just how far your configurations have drifted and that you can’t recover. One solution for this is the combination of virtualization and replication, which can reduce complexity because in most cases you’re actually replicating the configuration changes as they happen.

Q: On your disaster recovery continuum slide (slide #14), can I think of that as a disaster recovery maturity model?
A: Stephanie Balaouras, Forrester: Not really. When I evaluate a company for disaster recovery maturity, I look at two dimensions – process and technology.

On the process side, I look at things such as: Have you run a business impact analysis? What about a risk assessment? Are preventative measures in place? Do you have documented plans, and are they up to date? How often do you test them?

On the technology side, I look at things like the RTO and RPO that you have defined: Are they matched up with the appropriate technology solution? If RTO is less than 2 hours and RPO is zero then I would expect that you are replicating data and doing rapid system restart with virtualization. If I find that you are using tape in that situation, then that’s a problem. I think when it comes to maturity you have to look at process and technology together. Not only should you match up with the right technology, but you might actually leverage more than one technology depending on your needs.

Q: Traditionally, HA & DR at remote locations has not been a priority. Do you see that attitude changing with clients that you talk to?
A: Stephanie Balaouras, Forrester: I do see things changing. I run an annual survey with the Disaster Recovery Journal. One of the questions we ask is: How critical is it to upgrade disaster recovery at your sites? The answer is always either “high” to “extremely critical”. It doesn’t always get addressed the way we want it to, but the recognition is there.

I see three main drivers for this trend. First, availability and disaster recovery are now considered a fiduciary responsibility. It’s no longer an optional practice. It’s essential. It’s something you owe to your employees, your customers, your partners and your investors. Second is the cost of downtime. Companies are much savvier at calculating this cost and aware of the problems they can avoid by not having downtime. When you understand those costs, you can make the right technology investment choices. The final driver I see is the changing business environment. A lot of companies are operating globally on a near 24x7 basis. Like an online retailer for example. We’re operating close to 24x7 and there is no tolerance for downtime anymore. All three of these – fiduciary responsibility, cost of downtime and a 24x7 business environment are moving the needle quite a bit.

Q: In my environment, our IT staff says they have no way to measure if an application is up or not. They can tell us if a server is up, or if a database is up, but not the application. What solutions have you seen that can tackle that issue?
A: Stephanie Balaouras, Forrester: There’s a couple of ways to address that. There are third party application monitoring tools from the large system vendors. They are great for basic monitoring and telling you if your application is up or down, but they don’t tell you about degradation of performance. The other option is that different HA solutions will be able to detect whether the applications is up or down.

Michael Bilancieri, Sr. Director of Products for Marathon, answered your questions about everRun software.

Q: Does everRun have any kind of alerting capabilities for system problems?
A: Yes, everRun has alerts. You can send notifications back to any location. It will tell you that something has failed – it’s not a downed system because everRun kept it going through redundancy, but it alerts you that it needs attention.

Q: Does everRun require that the two servers to be identical?
A: The servers don’t have to be exactly the same; however, the CPUs should be identical as a best practice. For what we call our Level 2 protection (for component level protection of the network and disk), you can use different RAM and spindle speeds on storage. Level 3 protected workloads require the servers to be alike. You can view a complete list of supported processors on our website.

Q: How much of CPU and IO payload will we have by running the everRun software?
A: It varies depending on the applications and systems and where the load may be. The general range is from 5-10%. We have specific application performance documentation for Exchange 2007 and XenApp that you can download from our website.

Q: I understand from your presentation that everRun doesn’t require a SAN, but does it work with SAN?
A: everRun can support a SAN in multiple ways. everRun can support a SAN where you have a single copy of the data. And both servers will connect to the single copy of the data. everRun also supports a SAN where one of the servers is connected to that SAN and the other server has its own storage and we can mirror between that. A lot of our customers are using that option to provide data protection and fault tolerance at the data level. We can use different types of storage on either side.
A great benefit of everRun is that is has an agnostic approach to storage. Pretty much any type of storage will work. iSCSI, fiber, direct attached, etc.

Q: Does Marathon have a strategy for SAP environments?
A: Applications are transparent to everRun. We protect many types of SQL, Oracle and SAP applications. There are some best practices around that and we can offer you assistance with those. everRun is invisible to the application, so there are no configuration and design issues. You design your application the way you need to for your business and then everRun protects it without needing changes.

Q: What versions of Windows Server does everRun support?
A: everRun supports Windows Server 2003 SP2 Standard and Enterprise Editions, 32-bit and 64-bit, as well as Windows Server 2008 Standard and Enterprise Editions, 64-bit.

Q: The requirement for redundant systems is obvious, one local and one remote, but I am concerned with the return of the repaired server back to the primary server role. Has that issue been also automated in your application?

A: Replacing one of the servers in an everRun configuration is quite simple as well. It is required that the everRun software be installed and the server be physically connected to the remaining everRun system. Once connected and configured to see each other as a pair, there is a ‘re-pairing’ process that is initiated via command which starts the process of creating the redundant OS environment on the new system and mirroring all of the storage to the new system. Once the mirroring is complete, the system is once again fully protected.

We had a fantastic presentation last week from IT expert and author Niel Nickolaisen. Niel shared his proven methods for reducing downtime and improving the alignment of IT resources to better support business goals. If you weren’t able to attend the live event, you can watch the recorded version here.

If you prefer a white paper format, Niel’s strategies and best practices have also been summarized in a brand-new 8-page white paper, “Reduce Downtime by 70% - Without Spending a Dime” which you can download here.

The Q&A session from the live webinar with Niel Nickolaisen and Michael Bilancieri of Marathon has been summarized below:

Q: Can you give some tips on how I can educate my branch offices about my business continuity plan?
Niel Nickolaisen, CIO: At Headwaters, Inc., we have 120 remote sites. We approached this from an SLA perspective. We translated how the SLAs affected the operations at our branch locations. Then we communicated it and got them to buy into the SLAs and the things we were doing and suggested that they followed our lead.

Q: How often should you update your disaster recovery plans?
Niel Nickolaisen, CIO: In our case at Headwaters, Inc., we have Sarbanes-Oxley regulatory requirements. We do an annual formal risk assessment both for our business and for IT. When we’re done with that assessment we update our disaster recovery plans, which are based on the risks. Our disaster plan is designed to mitigate or recover from the risks that we’ve identified.

Q: How does everRun work?
At a high-level, everRun takes your entire Windows environment and protects it as a whole. Most protect from within the OS but we protect from underneath the OS. We clone to a second system for redundancy in a synchronous fashion. A good way to understand how everRun works is to watch our product demos videos and flash demos available on our website.

Q: How does everRun fit into a virtual environment?
everRun allows the ability to create multiple workloads on a single server. Our technology is based on virtualization technology – we’re virtualizing two instances to appear as one. You can create multiple workloads and put them on the same server and protect them. It’s based on Citrix XenServer.

Q: Will this work in conjunction with SAN offhost backups using Vertias Netbackup and FlashSnap option?
We are agnostic to the storage. If you’re using back-up right from the SAN, that’s fine. You can also use a mirrored option, where we can mirror the entire system in a synchronous fashion. That allows you to have SAN on one side and NAS on the other, or direct-attached, or both. It’s your choice, which gives you greater flexibility. You can separate the servers as well between buildings. The other option is a single copy of storage, not mirrored and both systems can connect to that storage, but the SAN device will then have to protect the data.

Q: How can Marathon contribute to companies considering a move to SAP?
everRun can provide availability and fault tolerant protection to that SAP environment. If you’re considering a move to SAP, I would assume you have had some discussions about how to protect that—the SLA, the data, availability and disaster recovery. everRun can protect and provide disaster tolerance disaster recovery, and high availability for that application, as well as data protection. We don’t cause any changes to the application.

Q: Should Marathon be brought in as a consultant before SAP is contracted?
Sometimes it’s a good idea to have a joint discussion with vendors. A lot of times when you look at availability and redundancy or data replication, it’s doing things to the applications and data and can cause interaction issues. Sometimes the application has to be configured in a certain way, so you want to know up front how your high availability solution could affect the data and application. We can certainly do a call with any other software vendors to have that conversation up front.

Q: What version of Windows does everRun support?
everRun supports Windows Server 2003 32-bit and 64-bit and Windows Server 2008 64-bit.

Q: What kind of performance impact does the synchronous lock-step have on the system?
That varies by application, users, data, I/O, and other factors. In general, it can range from 10-20% on your application – we’ve seen less than that and more than that, depending on the system.

Q: Do you recommend WAN optimization to be used?
Our requirements are around bandwidth between the two systems if you want to separate the systems. WAN optimization tools don’t always help. It’s really a latency requirement to maintain good performance.

If you'd like to learn more about Niel's best practices for aligning business and IT resources, be sure to check out his new book, Stand Back and Deliver: Accelerating Business Agility.

As companies become 24x7 “always on” operating environments, they are becoming more and more sensitive to application and system downtime. We recently conducted two surveys to take a look at this trend, specifically for Windows Server applications and environments.

Given the 24x7 nature of business today, we weren’t surprised to find that about half of the IT professionals who responded to the survey reported that 50% or more of their Windows Server applications now require “always on” availability. Whether it’s for email and collaboration tools, manufacturing systems, customer operations, financial transactions, or healthcare records, businesses today are becoming more and more dependent on their Windows-based applications.

More than 20% of survey participants reported that 76 -100% of their Windows Server applications require “always on” availability. An additional 28% of respondents stated that 51 - 75% of their Windows Server applications require “always on” availability or continuous uptime.

The surveys also found that that the number of Windows Server applications that require high availability has increased significantly in the past two years. 76% of the respondents reported that downtime to Microsoft SQL Server and Exchange Server caused the most disruption and were the most important applications that required high availability protection. The surveys also revealed that approximately 60% of participants have either already upgraded to Windows Server 2008 or plan to within the next year.

Thanks again to all who participated in these surveys. For more information and results, see our press release.
 

In recent months, Marathon has put together a series of toolkits with materials on reducing downtime and data loss, including toolkits for Citrix XenApp and Microsoft Exchange 2007.

Our latest toolkit is now available, this time for Microsoft SQL Server. Protecting SQL Server from downtime has become even more critical in recent years, as businesses run more of their critical systems, including electronic commerce, online banking, just-in-time manufacturing and streaming media (just to name a few) on SQL.

This toolkit includes materials on SQL Server high availability in both physical and virtual environments.

White paper: 5 Secrets to SQL Server Availability This paper reviews five proven secrets to affordable SQL high availability that will help IT managers implement a SQL Server environment with little or no downtime - and zero data loss.

White paper: The SSWUG.org Increasing Reliability and Availability in a Virtualized SQL Server Environment white paper, authored by Microsoft SQL Server MVP Stephen Wynkoop, provides IT professionals with best practices and considerations for designing and implementing a virtualized SQL environment including:

• Potential pitfalls to avoid when virtualizing SQL Server
• How to increase reliability and availability of a virtualized SQL Server environment
• A SQL Server virtualization case study (Sullivan Group)

On-Demand Webinar: SQL Availability: Protecting your Database and Applications featuring Microsoft SQL Server MVP Stephen Wynkoop, helps IT administrators understand SQL back-up and restore options. Wynkoop also presents his Concentric Rings of Recovery plan, which covers the four levels of preparedness for local, alternate, off-site and remote locations.

Also, be sure to check out some addtional SQL Server resources, including SQL user groups, SQL Server job boards, SQL MVP blogs and Twitter feeds, and other SQL-related info.
 

Congratulations to Richard Potter of Boeing, the winner of a $50 American Express gift card for participating in our September survey on Windows application high availability. To participate in future Marathon surveys, sign up for Marathon's monthly newsletter: http://www.marathontechnologies.com/news.html (see the right-hand column for sign-up.)

Thanks again to those who joined us for last week’s webinar, "Windows Server 2008 High Availability: Technology Comparison." The on-demand recording of last week's webinar is now available to watch at your convenience (here).

We had a lot of good questions from our attendees during the Q&A portion of the webinar, which are summarized below.

Q: How do you determine when to use an HA solution vs. a DR solution?
When it comes to availability vs. recovery, the most important question to ask is what are your recovery time objectives (RTO)? What is the amount of time your application can afford to be down? If the applications have strict requirements, then you want an availability solution. Disaster recovery is data replication often times with a failover capability, not availability. For critical applications, this may not be sufficient.

Q: If I have an HA solution in place, do I still need a solution for backup?
Availability and backup are two different things. That question comes up a lot, along with the need for disaster recovery. Backup will never likely go away completely. You still need to backup your data to ensure recovery in the future should that be necessary.

Q: Is everRun available for Linux applications?
Yes. We can provide basic failover capabilities for Linux applications today.

Q: How does everRun differ from replication solutions?
everRun 2G is used for availability, both locally and for short-distance geographic separation as well. We have a replication and recovery solution as well that can be used for disaster recovery for long distances. You should determine what your objectives are: do I have to keep my applications up and running or do I just need to recover it if something fails? What’s the recovery time objective for each application? It’s up to your individual applications and what level of protection you need for each. Often times availability is a priority as downtime is not desirable, with DR also a requirement on top of that to ensure recovery in the event of a major outage.

Q: Can everRun be used for planned downtime (i.e. to keep one host running for end-users while the application on the other host is being upgraded)?
Yes, everRun can be used to help facilitate certain system updates to reduce interruptions and mitigate risk.

Q: Can it work between two virtual machines and on x64 based systems?
Yes, we support XenServer and 64-bit hardware and Windows Server environments.

Q: What is the performance impact of using everRun 2G?
That’s variable depending on your application. It can be anywhere from 3-15%. We’ve done some performance testing specifically on XenApp and Exchange. You can download those white papers here:
• Understanding and Characterizing Performance Implications for Running Exchange 2007 with everRun
• XenApp 5.0 High Availability Performance

Q: Does Marathon offer backup solutions for everRun users?
We have methods to backup your systems and we’re working improving on our current offerings to make them quicker, easier and more granular.

Q: Can everRun work with dissimilar hardware? Can everRun work with more than two servers?
From a server standpoint, you just need similar processors; storage does not need to be similar. You can have SAN on one side and NAS on the other or any other combination. On the second question, yes, everRun will work with more than two servers. You can build a pool of servers and protect within that pool.

Q: Does everRun have backward compatibility with older OS?
Yes. It will work with Windows Server 2003, and also Windows Server 2008.

Q: Can everRun run on the Foundation Server Edition of Windows 2008?
It does not. everRun supports the full implementation of Windows Server 2008. everRun runs underneath Windows, it does not install into Windows.

Q: How does everRun handle data stored on NAS?
Storage is transparent to everRun. We look at storage as just a LUN.

Q: What is difference between everRun HA and everRun 2G in Windos Server 2003?
The differences are the ability to create multiple workloads. HA can protect one workload. everRun 2G can protect multiple workloads. There is also a new and improved graphical interface with better reporting and management capabilities.

Q: Does everRun work with XenServer 5.5?
Yes, everRun works with XenServer 5.5.

Q: Are there any changes in WS 2008 & WS 2008 R2 in the way that HA improves?
Yes. You can find an overview of those changes directly from David Hanna of Microsoft in our recent webinar and white paper “The Top 10 Reasons to Upgrade to Windows Server 2008.” You can also read the Q&A with Microsoft from that webinar here.

Q: Is everRun 2G available for Microsoft Hyper-v?
We will provide support for Hyper-v in a future release.

Q: With applications using various DNS names, how does this solution integrate with DNS changes? (failover to remote office for true DR-different IP/network)
everRun availability solutions pairs systems within the same subnet of vLAN, eliminating the need to make any DNS changes.

Q: Question is tied to what permissions are needed to do a recovery. For recovery in active Directory most items need to replicate around that there was a change and we do not want to hand out Admin control over the domain(separation of access)
everRun is designed to not require any changes to Active Directory during or after a failure or recovery.

When it comes to high availability, taking a “one-size fits all” approach is highly inefficient. I recently spoke with Carryl Roy, editor of Virtual Strategy Magazine to discuss the different levels of availability, why these are important and how to select the right level of protection for each application. We also talked about how to set recovery time objectives and how tiered or selectable availability can optimize protection with less resources and at lower costs. I discuss these topics in the video below, which is featured on the Virtual Strategy website.

How many times do you check your email each hour? Recent studies have shown that the average worker checks email once every 15 minutes, with some users checking email as often as 40 times per hour. In addition, growing use of iPhones, BlackBerrys and similar email-enabled mobile devices means that employees have become attached to their email at all times, with some checking their device as soon as each email arrives. Now that email has evolved into a must-have business communications tool, employees have come to expect access to their email 24x7, with very little tolerance for downtime.

Meeting the “always on” expectations of employees creates challenges for the IT administrator. Service-level agreements (SLAs) are increasingly stringent and demanding as users require non-stop access to email and other collaborative features of Microsoft Exchange. Availability of Exchange is paramount, as well as protecting the integrity of your Exchange data. In order to maintain Exchange availability, every component of the Exchange infrastructure needs to be considered. You can protect your mailbox server to the highest degree, but if your DNS server fails, the Exchange server may not be accessible.

To help your company protect its Exchange environment, Marathon has developed a series of steps for achieving optimal Exchange availability. The tips are designed to help identify what availability levels should be designated in order to achieve Exchange SLA commitments with fewer resources and lower costs.

Define Availability Objectives
Creating availability objectives is an important first step in formulating Exchange protection strategies. This is typically done by establishing Recovery Time Objectives (RTO), the time it takes for an application to be running again, and Recovery Point Objective (RPO), the point in time to which the IT professional can recover data in case of a failure, for your Exchange environment.

RTO and RPO baselines establish the SLAs you commit to for the overall company, business units, or specific internal groups. You may even have different Exchange SLAs for different users within your company. For example, you may have an executive group that requires 24x7 email access, while the rest of the company can withstand Exchange downtime of up to one hour. In addition, consideration should be given to what level of protection is needed for the other components of your Exchange infrastructure, such as Active Directory and DNS servers.

Understanding the Levels of Availability
There are multiple levels of availability to consider for different applications and their support infrastructures, starting with basic failover and recovery, moving up to high availability, and all the way to continuous availability for extremely transaction-sensitive applications.

1. The Recovery level is for those applications for which recovery time (RTO) of a day or more is often acceptable. Some downtime is acceptable, and even significant downtime won’t have a detrimental effect on the business. Assurances that recovery will happen is not a requirement.

2. The High Availability level is the home of the majority of applications that run the business, such as email, CRM, financial systems, and databases. These are systems with high downtime costs, and therefore short RTO requirements. These applications require assurances that they will not be down for extended periods should failures occur.

3. The highest level of availability is Continuous Availability in which even brief moments of downtime or a single lost transaction can be extremely detrimental and/or costly to the client or business.

As you establish availability objectives for different groups of Exchange users, you need to consider the protection requirements for your entire Exchange infrastructure, beyond just the mailbox server. You will need to protect all of the components of the Exchange environment, in addition to the different workloads deployed on the mailbox server. Also, don’t forget that the way your company uses Exchange today might change in the future. You may use Exchange today for general correspondence, but within the next year you may plan to use email to process orders. This adds to the need to have multiple levels of availability to assign to the components of the Exchange infrastructure and Exchange user groups. Additionally you’ll need flexibility to change those levels as your business changes.

Assigning Levels of Availability to Exchange Environments
A meaningful exercise to undertake is to apply various levels of protection to your Exchange infrastructure based on your SLA commitments. First look at the users and their requirements for Exchange access. Do you have a single SLA in place for all users, or do you have multiple user groups with different SLAs? If you have a single SLA in place company-wide, you can deploy those users in workloads based on email usage and assign them a single level of protection. However if you have different SLAs for different business groups, you can divide those into multiple workgroups on the mailbox server based on their SLA requirements.

For example, if you have an executive group that needs a 24x7 uptime, then you should consolidate those executives in a dedicated Exchange workload and assign a level of protection that will provide continuous availability. Sales people can often fall into this category as well, requiring non-stop access to email and Exchange collaboration features. Other employees may have less stringent SLAs in place and would require a lower level of protection.

It is also important to keep the components of Exchange, including the DHCP server, DNS server and Active Directory server, up and running. If one or more of these components goes down, requiring the IT administrator to manually intervene could cause excessive downtime for Exchange and exceed your SLAs. Automatic recovery from failures enables you to keep the Exchange environment operating to meet your SLA commitments. Assigning a level of protection to the supporting systems, including the DNS, DHCP, and Active Directory servers, equivalent to that necessary to meet your Exchange SLAs is as important as protecting the actual Exchange servers. Any single point of failure could bring down a well protected Exchange server.

For remote employees and “road warriors”, your company may also have a BlackBerry Enterprise Server (BES) and/or Client Access Server (CAS) implementation, to serve as a secondary or backup method for remote email access. The BES and CAS implementations should be protected to the level you require based on your remote email access strategy and user SLAs.

Establishing RTO and RPO for SLA commitments, determining the right level of availability protection to meet these commitments, and protecting all components necessary to support an Exchange environment will help create n robust and reliable messaging system.

For an even more detailed look at Marathon’s approach to Exchange high availability, download our “Optimizing Exchange High Availability - A New Approach” white paper or our complete Exchange 2007 High Availability Toolkit.
 

Thanks again to those who joined us for last week’s webinar, “How to Get at Least 2x Greater Cost Savings from Server Virtualization.” An on-demand recording is available to watch at your convenience (just click the link.)

We had a lot of good questions from our attendees during the Q&A portion of the webinar, which are summarized below.

How does everRun synchronize and how often?
everRun synchronizes as the data is written to the virtual machine. It’s not done on a time stamp. It is synchronously written to both physical hosts. We do a bit check to make sure both sides are written prior to responding back to the application, stating that it has been written, so that the data is always in a constant state and there is no data loss.

If I already have XenServer installed, can I install everRun on top of it, or do I need to reinstall XenServer?
everRun can be installed into existing XenServer environment. We do have resource pool requirements, so as long as you in a resource pool or can join yourself to a resource pool with a second server, or multiple servers for multiple host pools, we can be installed into an existing XenServer environment.

How does it support local storage? If the server that is hosting the storage goes down, what happens?
We mirror the virtual machine across two servers, so there are two copies of your virtual machine. Where we sit in dom0 (Xen domain zero), we have filter drivers sensing that type of situation. When using Level 2 protection with everRun, if you lose local storage, we leverage the copy of the info on the second server for zero downtime. If you were to lose the entire server, it would failover to the other side and start in Windows services. In Level 3, the same procedure applies to local storage. If you were to lose the entire server with Level 3, everRun allows it to simply continue functioning because we are running active-active.

Have you used this with a building automation system, such as Andover Controls Continuum which runs on a SQL Server?
We have a very large building automation practice here at Marathon and have worked with all flavors of SQL server. We have been working for years with building automation and security companies such as Johnson Controls, Tyco, Andover Controls, Siemens and many others. As long as the building system runs in Windows Server 2003 or 2008, we can provide availability for it with no custom scripts or custom coding.

What's the overhead with regards to CPU, memory, disk space of the host?
Generally in the 3-5% range. We’ve done some performance testing on XenApp and Exchange. You can download the results papers here:
• Understanding and Characterizing Performance Implications for Running Exchange 2007 with everRun
• XenApp 5.0 High Availability Performance

Can everRun be used with homegrown or custom applications?
Yes. everRun is completely transparent to the application and can support any and all Windows applications without any modifications, customizations, or scripting.

Can everRun protect a workload that is physical on one side and virtual on the other?
We do not support P2V today, but we have an ongoing research project on this topic. You can contact your sales rep for more info.

What is the maximum number of workloads that can be run using everRun?
The best way to answer this is to look at your virtualization planning assessment, including power capacity planning and hardware capacity planning. If you can support 10 virtual machines on a server, then you can support 10 virtual machines protected by everRun on that server with no problem. We also require a similar machine as the secondary server running on the same resource pool. It really comes down to how much your hardware capacity can handle.

How to take care of software corruption?
Because we are a synchronously written high availability solution, if there is software corruption on one side, we are going to replicate it to the other side. We sit at an asynchronous block-level filter driver location, so we have no ties to the software. So if it corrupts, it will corrupt on both sides.

Are you currently developing for Exchange 2010?
Yes, everRun will support Exchange 2010.

Does everRun support Small Business Server?
Yes we do. We’ve tested and qualified it for 32-bit and 64-bit versions of Windows Server 2003 Small Business Server Edition.

Does everRun replicate all server data including application data like a SQL database?
Yes. We replicate synchronously at a block level. We sit inside dom0. We then send the info block level to the other side. We do a block check and then we check our bit map to make sure the blocks are synchronously written on ongoing basis.

Can everRun be installed on top of XenServer 5.5 ?
Yes. We will support 5.5 in our next release scheduled for September.

Can we achieve DR?
Marathon offers a couple of options for disaster recovery (DR). Our SplitSite product can be used for metropolitan/campus DR, up to 150 miles apart, depending on your network conditions. We also offer everRun DR, for DR sites that are more than 150 miles apart.

Is the disk mirroring full copy or delta?
Upon initial protection we do a full copy. After you have a failure, such as an iSCSI card failure, we will do a delta copy back over to what’s missing. If you lose the entire RAID set, then we will need to do a full copy again.

Is the price of implementation based on the server capacity?
You need to purchase a license for each server in the pool. In terms of virtual machines (VMs), the license covers as many VMs as you can support in a box.

Douglas Brown of www.dabcc.com recently interviewed Michael Bilancieri, Senior Director of Products and Tom Reed, Senior Systems Engineer. Michael, Tom, and Doug discuss the Marathon everRun high availability solution, what's new, how it works, how it adds value to Citrix XenServer and Microsoft Hyper-V, and much more.

Listen the Show

Our July 30th webinar “Top 10 Reasons to Upgrade to Windows Server 2008 Now” was very well attended, and as expected, generated a lot of good questions. So many questions, in fact, that we weren’t able to answer them all during the live Q&A portion of the webinar.

For your convenience, we’ve captured all of the questions below. Answers have been provided by our speakers, David Hanna, Infrastructure Architect at Microsoft, and Michael Bilancieri, Senior Director of Products at Marathon. The questions are grouped by topic, starting with Windows Server related questions and then Marathon everRun related questions following after.

How seamless is the migration from Windows Server 2003 to 2008?
It really depends on the workload. Active Directory upgrade is similar to the 2000 to 2003 upgrade, and should not be disruptive. Cluster migrations require a rebuild of the cluster. For IIS, many applications can be migrated easily. It’s best to look on Microsoft.com for migration info that is specific to your workload. Simply introducing a Windows Server 2008 server into a 2003 environment should be seamless.

Going from Windows Server 2003 to 2008, do you recommend upgrading or re-installing the operating system?
Microsoft supports an upgrade of the OS only – no applications. Most customers however, choose to reinstall with Windows Server.

What are the hardware requirements for this Windows Server 2008?
Minimum is a 1ghz processor, 512mb of RAM, and 20GB of disk space. Details can be found here: http://www.microsoft.com/windowsserver2008/en/us/system-requirements.aspx

Do you have an actual laboratory so that I can practice Windows Server 2008?
You can find the TechNet Virtual Labs here: http://technet.microsoft.com/en-us/virtuallabs/bb512925.aspx

Any difficulties adding a Windows 2008 Server into a 2003 domain? Anything to watch out for?
Adding Windows Server 2008 Member servers to the domain should not be an issue. There are no special things to watch out for, until you start adding Domain controllers. Note that if you add a 2008 member server, and do not extend the schema, some things will be unavailable, like the enhanced DFS capabilities in 2008.

Where can I get a copy of the Windows Server 2008 trial version?
You can obtain the trial version here: http://www.microsoft.com/windowsserver2008/en/us/try-it.aspx. Starting August 20th, you will be able to get R2 in the same location.

Can I do in-place upgrade AD server 2003R2 to Server 2008 without any problem? Also, can I do that same thing with Exchange 2007 server on SRV2003R2?
Microsoft only supports the upgrade of the Operating System from 2003 to 2008. We do not support the upgrade of Windows Server 2003 with applications, so the Exchange 2007 upgrade would not be supported.

Is it possible to use the same imaging deployment method for Windows 2008 physical and virtual machines (in VMware) for consistent builds?
It is possible to use traditional imaging methods for physical and virtual, however in the virtual environment, most customers tend to use template Virtual Hard disks to deploy systems, as it is faster and more flexible than imaging.

What is the difference between GPO and NAP?
Group policy is a part of Active Directory that allows for management of users and computers. NAP, or network access protection provides endpoint health checking for network clients. This integrates with network components to restrict or allow network access. Client NAP configurations can be controlled by GPO, and some GPO settings can be enforced by NAP.

Does NAP work for VPN connections as well?
Yes. It is integrated with Microsoft VPN as well as some partner solutions.

Does XP pro and 2008 Server talk well together? What’s a better path, upgrade your clients to Win7 then servers to 2008? Or vice versa?
XP will work in a 2008 domain environment, but it won’t be able to take advantage of all of the features of 2008. Vista is designed to complement 2008, and Windows 7 works best with 2008 R2 (or 2008). I would recommend deploying Windows Server 2008 for workloads that will gain the most benefit – this will allow you take advantage of it immediately. Then follow with Windows 7 when you are ready.

Do terminal servers have central management to manage users and applications?
There are a number of tools to centrally manage the environment. R2 adds a connection broker component that will publish apps from multiple servers. However, apps still need to be published on each server, and permissions need to be set that way as well. Citrix provides some great centralized mgmt tools that enhance the native tools.

Will 2008 support XP clients?
Yes. 2008 will support XP for many things including Terminal Services, with RDP 6.1 client, NAP, with XP Sp3, Group policy preferences and many other features. Windows Vista and Windows 7 however, are able to take advantage of more features.

I have two Windows 2008 servers that are going to be setup as a cluster for Exchange 2007. Is there a document for setting up the “heartbeat” connection between the two servers?
There are many documents on technet that will help. When you build the cluster, the validation wizard will check the configuration of the heartbeat network to make sure its configured appropriately. Typically, a 2 node cluster will use a cross-over cable, although a non-routed VLAN on a switch also works. Some docs:

Step-by-step guide for basic 2-node cluster: http://technet.microsoft.com/en-us/library/cc731844(WS.10).aspx
Validating an Exchange 2007 Cluster: http://technet.microsoft.com/en-us/library/bb676379.aspx

Is Server 2008 with Exchange supported on VMware?
Exchange Server 2007 SP1 on Windows 2008 is supported – see here for details: http://www.windowsservercatalog.com/svvp.aspx?svvppage=svvp.htm

Is it possible to run a 2008 DC with 2003 DCs without any sort of hacks or work-arounds?
Yes – it is possible. You’ll need to extend the AD Schema and install a 2008 member server, then promote it to a DC. There are some documents here: https://blogs.msdn.com/canberrapfe/archive/2009/04/08/adding-a-2008-domain-controller-to-your-2003-forest.aspx

Regarding the NAP, once a client is quarantined, is there a policy or rule that the admin must create to get the client healthy? Meaning, is it automatic or does the client sit there until someone checks the quarantined clients and fixes the issues?
NAP can be configured to auto-remediate certain things – turning firewall on, turning on autoupdate, etc. For AV, or patches, users can be directed to a web page with simple instructions or links to update the client.

Has load balancing improved with 2008 and TS?
It has been made simpler. Many customers found NLB to be complicated for what was needed on Terminal Services. TS on 2008 uses DNS round robin for initial connection with the TS Farm, then load balancing across nodes is handled by using RDP session load balancing.

How many CALs are included in the bundle of Windows Server 2008?
There are different bundles with 5, 10, or 25 CALS. http://www.microsoft.com/windowsserver2008/en/us/pricing.aspx

How many machines can run on a single user MS Windows Server 2008, because we want to move to VMware soon.
Microsoft supports up to 192 VMs on Windows Server 2008, and 384 on Windows Server 2008 R2. Typically numbers will not be anywhere near this, as other system resources will bottleneck. Details can be found here: http://www.microsoft.com/windowsserver2008/en/us/hyperv-faq.aspx#HyperVWindowsServer2008Specific

Is MS Windows Server 2008 VMware built-in?
Microsoft’s virtualization solution, Hyper-V, is built in to Windows Server 2008 and R2.

How would Hyper-V handle the VMware over committing resources, for example, is ESX server only have 8GB RAM but it can assign 16GB RAM to the VMs because it holds the memory and only releases it when it is required. The main reason for Exchange on a ESX box is not a good idea.
Hyper-V does not support over-commit of memory resources. To assign 8gb of RAM to a VM, you must have 8gb available. This improves performance and security.

What happens when a file which has been transferred/shared to a branch using Branch Cache is opened in the main office? Will the branch be informed about this and vice versa?
When clients use branch cache, each file is referenced by a hash. When a client tries to retrieve a file from the central office, it checks the hash of the file, then compares it to what is in the local cache. If the file has changed, then the hash would have changed, and the client would retrieve the updated version. The branch is not informed if the central copy is opened, only if it is changed, through the hash mechanism.

What is the maximum supported DFS server in 2008? In 2003 I think it is less than 70GB and that was not enough for me.
The File Replication Service in Windows Server 2003 had trouble with replication when data sizes got too big. Windows Server 2008 uses DFS-R (Distributed File System Replication) for replication – this uses an algorithm call Remote Differential Compression, which compresses files, and replicates only changes. This makes replication more efficient, an able to support large volumes of data. The limits that existed in 2003 for data size are either removed, or raised greatly.

What is the standard vs. reduced footprint for Windows 2008?
Processor requirements for Server Core and full Windows Server 2008 are the same. Minimum memory recommendations of 512mb are also the same. While the system requirements on Microsoft.com don’t list separate requirements for Server Core, it typically requires less disk space than a full installation. Additionally, Server Core has fewer roles to install (only 9), fewer services running, and has no GUI.

Are there any plans to integrate snapshot technology within Hyper-V?
Hyper-V already supports snapshots at two levels. First, it supports snapshots of the Virtual Machine itself, through use of memory copies and differential disks. The other snapshot capability is a snapshot backup, performed by the host Hyper-V system, using Volume Shadowcopy Services to back up the running VMs.

When will Hyper-V R2 be released?
Windows Server 2008 R2 and Hyper-V R2 released to manufacturing on July 22nd. General Availability will be in October. Volume license customers should have access to the code on August 19th. More details are available here: http://blogs.technet.com/windowsserver/archive/2009/07/22/when-to-expect-windows-server-2008-r2-rtm.aspx

Can everRun protect a workload that is physical on one side and virtual on the other?
everRun does not install INTO a Windows system, so it isn’t able to protect a ‘physical’ system in this sense. Many of our customers choose to keep some of their applications isolated to a physical server with no other applications or VMs on that host while protecting them with everRun. This is done by creating a single Windows environment within the everRun environment. Although the capability is there to create multiple, a single is the desired approach.

How does everRun handle data stored on NAS?
everRun can use any product data that resides on any type of storage. everRun sees the storage repository as a disk volume and can mirror between any two.

How many licenses for the operating system do I need for this solution? Do I need two licenses for the application (i.e. Exchange) as well?
Typically two licenses of Windows are required, however the Enterprise edition provides benefits when running in virtual environments. Please check with Microsoft on this and with your application vendors as all vendors have different licensing terms for redundant/high availability systems.

How well does everRun work with dissimilar hardware (i.e. at the DR site using older servers)?
There are some requirements for similar server components. If two supported servers are utilized and one happens to have a slower processor, the application may run at the slower speed, depending on the level of protection chosen within everRun.

Does everRun replicate all server data including application data like SQL databases?
Yes. The entire operating environment and all disks, including the OS, application, and application data are mirrored.

Is everRun effective for small companies? For example, an Exchange environment for less than 200 users?
Absolutely. Many of our customers are smaller to mid-sized businesses who require an availability solution that is simple, effective, and doesn’t require SAN storage or dedicated IT staff to manage.

Does everRun support MS Small Business Server?
Yes. Our everRun solution will work with any version of Windows Server, 64-bit or 32-bit. We work for small scale solutions all the way up to enterprises.

Will everRun support Exchange 2010 DAG location geographically?
We are still researching Exchange 2010 capabilities and how they can best be supported by everRun. At this time we are not yet clear on how DAG will or can be supported.

How are system upgrades handled in the everRun environment?
A single upgrade is performed on the single exposed Windows environment. Both of the redundant systems will be updated automatically by everRun. everRun also offers mechanisms to reduce the risk and associated downtime of system upgrades.

How does the actual SQL server app run in the everRun environment?
Exactly the same as it does in a non-everRun environment. everRun sits below the Windows environment therefore there are no application changes required.

The everRun software sounds great, but it requires two physical servers. Any hope of moving forward to do the same work within a VMware or Hyper-V environment?
Today everRun supports virtualized environments running on Citrix XenServer. We announced a joint development agreement with Microsoft back in early 2009 to provide everRun Fault Tolerance within a future version of Windows/Hyper-V.

How is everRun migrated with Windows 2008 hypervisor?
everRun will support a future Windows/Hyper-V release as part of the joint development effort between Microsoft and Marathon.

What system resources are used by everRun?
A small (varies a bit by the application that is running) bit of CPU and memory overhead is consumed by everRun.
 

If you’ve been thinking about upgrading to Windows Server 2008, be sure to attend our July 30th webinar featuring guest speaker David Hanna, Information Architect at Microsoft. David will review the new Web tools, virtualization technologies, security enhancements, and management utilities available in Windows Server 2008. You’ll also have a chance to ask David any specific questions you have about Windows Server 2008 during the live Q&A portion of the webcast.

In preparation for the webinar, we asked David to answer a few of the common questions that we have been hearing from our customers in recent months.

Q: One of the biggest concerns we hear from our customers and partners is that in this current economy, IT departments are being asked to do a lot more with less people. How can Windows Server 2008 help with this issue?

Across all of my customers, everyone is talking about cutting costs, and getting more out of their current investments. When we start digging into the features of Windows Server 2008, customers are finding tremendous opportunity to optimize their environments. A few of the major areas of cost savings I’m seeing are:

• Reduced deployment time and costs with Windows Deployment Services
• Reduced management cost and effort with PowerShell and Server Manager
• Hardware and Workload Consolidation with Hyper-V
• Licensing consolidation with Enterprise and Datacenter models for virtual environments.

Q: What about the challenge of managing remote and branch office locations?

Branch offices have consistently been a challenge to manage, primarily due to lack of on-site staff. Windows Server 2008 brings some major new components to the picture that will greatly ease branch office management. These features include the Read-Only Domain controller, which makes the remote DC secure, and replaceable, Distributed File System, Windows Remote Management, Server Core (lower surface attack area), and improved Terminal Services for application delivery.

Q: A lot of our customers work in “always-on” industries like manufacturing, healthcare and broadcast media, where server downtime can be very disruptive to their business. How does Windows Server 2008 support these demanding environments?

Windows Server has always addressed high availability with Clustering Services. Windows Server 2008 has brought some huge enhancements to the Cluster Service that will reduce the complexity of clustering, while increasing availability. Failover Clustering in Server 2008 has a new validation wizard that will validate hardware and software configurations, resulting in easier, more reliable cluster deployments. The reliance on a quorum drive has also been removed, so there is no longer a single point of failure in the cluster. Also, Failover Clustering has been enhanced to support multi-site clusters to support organizations that need site-to-site failover. And, as always, when organizations need to take availability to the next level, Microsoft continues to work with partners like Marathon to extend the native capabilities of Windows Server.

***********************************************************************************************

During the webinar, Michael Bilancieri, Sr. Director of Products for Marathon, will discuss how to extend the high availability features of Windows Server 2008 to fault tolerant protection with Marathon’s everRun software and how organizations can now confidently migrate mission critical applications from Unix or proprietary platforms to realize big cost savings.

Registrations for this webinar are limited and we are expecting a large turnout, so be sure to save your spot by registering today.

Stephanie Balaouras, Principal Analyst at Forrester Research, has an interesting blog post this week on ZDnet about the increasing interest in high availability from her clients. In her article “How Do We Measure High Availability?” she makes several key points:

• As companies become 24X7 “always on” operating environments, they are becoming more and more sensitive to application and system downtime.

• HA is no longer an all or nothing discussion about proprietary fault-tolerant systems or high-end clustering solutions. Today there are lower-cost alternatives that provide the required level of availability at a cost justified by the risk and cost of downtime.

• Developing and agreeing upon SLAs is the toughest part of HA planning, but these KPIs are good starting point toward metrics that matter to the business.

Earlier this year, we spoke with Stephanie about the topic of virtualization and high availability. You can read that Q&A here. For additional info on this topic, you can also download Forrester's recent white paper "X86 Server Virtualization For High Availability And Disaster Recovery."

 

Bhumik Patel of Citrix has posted Part II of the Citrix and Marathon demo at SAP on his blog. Part I of Bhumik’s blog series looked at specific details on Citrix Delivery Center and the Disaster Recovery demonstration for SAP NetWeaver.

Part II covers different high availability solutions also demonstrated at SAP. In addition to this blog series, a Reference Architecture document provides all the technical details about Citrix and Marathon solutions implemented for SAP. When looking for an HA solution, various factors such as application criticality and business impact must be considered before choosing a particular solution for an application. A more detailed report on determining availability requirements can be found here.

The following video from Citrix features the Marathon everRun VM Level 3 High Availability solution demonstrated at SAP Co-Innovation Labs in Palo Alto.

Analyst firm The 451 Group has just released some very interesting findings about virtualization and availability in a recent report by Chief Analyst John Abbott. Some of the key take-aways include:

• Virtual infrastructure can form the basis of fully automated availability processes. Availability becomes a default property of the virtual machine.

• ‘Dial up’ levels of availability can be implemented, depending on the requirements of specific applications or departments.

• If a system restore is required after a disaster, it’s usually much easier and much quicker to restore a virtual machine than a physical machine.

• Virtualization infrastructure is already a core component in datacenter automation, unified computing (the bringing together of servers, storage and networking) and cloud computing. Availability services based on top of a virtualization layer will slot right into any of these longer-term initiatives that customers may be working toward.

• Industrial-strength storage networks, currently a best-practice requirement for virtual availability, will lose ground to alternatives, which are maturing.

• The worlds of high availability and disaster recovery are coming together as virtualization is added to the mix.

• Tools more friendly to end users are likely to emerge, reducing the load on enterprise IT support staff, but requiring sophisticated underlay technology.

The 451 Group hosted a webinar a few days ago on this topic, which is available to download for free here: http://www.451group.com/report_view/report_view.php?entity_id=58563