Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Forrester: How Organizations Are Improving Business Resiliency with Continuous IT Availability


Published on

This analyst report describes reasons why adoption of continuous availability is rapidly increasing, citing research on benefits they believe they can realize in their IT environment.

  • Be the first to comment

  • Be the first to like this

Forrester: How Organizations Are Improving Business Resiliency with Continuous IT Availability

  1. 1. A Custom Technology Adoption Profile Commissioned By EMC CorporationHow Organizations Are Improving Business Resiliency WithContinuous IT AvailabilityFebruary 2013Introduction: Business Stakeholders Demand Higher Levels Of IT AvailabilityIn today’s economic environment, organizations must deliver top-notch service 24x7 or suffer financial losses and long-term damage to the organization’s reputation. In the private sector, if your service is down, your customers can move to acompetitor with relative ease; in the public sector, loss of access to critical services can erode citizen confidence ingovernment institutions; and in healthcare, it can endanger patient health. Across all industries, there is less and lesstolerance for any kind of downtime. And in a hyper-connected world, news of downtime spreads rapidly, making it evermore difficult to repair damaged reputations. As a result, key stakeholders in the organization are demanding much higherlevels of IT service availability. In just the past few years, discussions of acceptable downtime and data loss have shiftedfrom hours and minutes to seconds, and for many organizations, the discussion has shifted to continuous availability.There is another shift taking place; your stakeholders no longer care what caused the downtime or even if the downtimewas planned. They no longer make a distinction between incidents that disrupt a portion of IT services such as localizedsoftware failures, hardware failures, and data corruption or incidents that affect the entire data center such as extremeweather and regional power outages. From their perspective (and your clients’ perspective), service is down.This Technology Adoption Profile examines how IT decision-makers’ expectations and approaches are evolving to addressthese increasing demands from their organization and clients.The Risks To Availability Are IncreasingAs business demands for availability are increasing, so too are the risks. Every week there is news of another organizationexperiencing a major disruption. A company’s eCommerce website may be down for a few hours because of human erroror a botched upgrade, or extreme weather like hurricane Sandy or even a severe winter storm can throw an organizationinto chaos. Why are there so many frequent disruptions and outages? In a joint study by Forrester and the DisasterRecovery Journal (DRJ), we asked organizations if they felt the level of risk was increasing, and to identify the top threerisks of greatest concern. An overwhelming majority, 82%, said the level of risk was indeed increasing, and they identified:1) technology dependency; 2) business complexity; and 3) extreme weather as top risks (see Figure 1). Specifically: • Business processes are ever more technology dependent. In today’s digital age, the majority of processes are dependent on technology. From communication to sales to supply chain to customer service, manual procedures that the organization can fall back on when IT services are unavailable no longer exist. For years, organizations have replaced manual procedures and paper records with software and online communication, file sharing and records management. This means that if IT services are unavailable, processes are down. This also means that even planned outages (e.g., upgrades, technology deployments, etc.) can be problematic. In fact, upgrades and deployments are quite common; when Forrester Research asked IT executives and decision-makers to identify their top IT software technology priorities during the next 12 months, 66% reported that upgrading packaged applications was a critical or high priority, and 68% reported that increasing deployment and use of technologies was a critical or top priority.1
  2. 2. Forrester ConsultingHow Organizations Are Improving Business Resiliency With Continuous IT Availability Given that organizations must deliver more and more services 24x7, there is a much shorter maintenance window during which these upgrades and deployments can take place, so any mistakes made during these procedures can extend downtime significantly. For IT operations, because agreed upon IT availability service levels with stakeholders will encompass all downtime (planned and unplanned), so too must the approaches it develops for both local high availability (HA) and disaster recovery (DR). • Business processes are increasingly complex. In the past, there was often a 1:1 relationship between a process and the IT application that enabled it. Today, a typical process (e.g., financial accounting, supply chain management, order fulfillment, customer service, HR, or communication) is a composite of dozens of interdependent IT applications and services, some that IT maintains itself and some that partners (e.g., outsourcers, integrators, or cloud providers) maintain. Because of the complexity of the interdependencies, the unavailability of a seemingly non-critical application can disrupt an entire business process. As a result, IT must categorize more and more applications and systems as mission-critical and business-critical. Moreover, because the availability discussion has shifted from a discussion of hours and days to one of seconds and minutes, it’s no longer enough to provide HA and DR protection for mission-critical applications; IT must extend protection to business-critical applications as well. For most organizations, mission-critical applications can only experience seconds or minutes of downtime (typically 120 minutes or less), while for business-critical applications, it’s minutes to hours (typically 120 minutes to 6 or 8 hours). Extending this protection without breaking the bank with capital expenditures, idle infrastructure, and significant IT overhead becomes a major challenge. • There are more highly probable, high-impact risks. According to joint studies by Forrester and the Disaster Recovery Journal, the most common cause of a major business disruption was extreme weather/natural disasters, followed closely by power outages, IT failures, telecom failures, flood, and fire.2 The increasing frequency of extreme weather events such as Hurricane Sandy is a major cause of concern. Extreme or even severe weather events have the ability to knock out entire data centers and can also create a series of cascading events like power outages, fuel shortages (for backup power generators), or floods that affect data center availability. Due to the growing frequency of extreme weather, the business no longer sees availability efforts as expensive insurance policies for rare events.Figure 1Technology Reliance, Business Complexity, And Extreme Weather Are The Top Risks Base: 246 global business continuity decision-makers and influencers who have conducted or are planning to conduct a risk assessmentSource: Forrester/Disaster Recovery Journal Business Continuity Preparedness Survey, Q4 2011, Forrester Research, Inc.Page 2
  3. 3. Forrester ConsultingHow Organizations Are Improving Business Resiliency With Continuous IT AvailabilityTo Meet Business Demands, Many Organizations Aim For Continuous AvailabilityAt many organizations, DR architectures and processes look the same today as they did 10, 15, and even 20 years ago. IToperations replicate backup images off-site, while cold, warm, or hot sites stand by for failover. In addition, manyorganizations often silo local HA and DR into separate functions with separate approaches — and budgets. However, withbusiness demands for higher availability and the increasing risks to that availability, more IT pros are unifying their HAand DR approaches in order to achieve continuous availability. In a continuous availability approach, IT pros redesigntheir IT architecture in such a way that it can withstand the loss of individual components, or even sites, while continuingto deliver IT services. As small or large failures occur, sites and infrastructure seamlessly pick up where the other left off.Not surprisingly, when Forrester Research asked IT decision-makers and influencers to identify their top IT infrastructurepriorities during the next 12 months, 61% reported that purchasing or upgrading business continuity and disaster recovery(BC/DR) capabilities was a top priority (see Figure 2). This prioritization influences technology adoption and usethroughout IT. For example, 55% of organizations reported that improving BC/DR was very important to their decision toadopt x86 server virtualization (see Figure 3). With server virtualization, IT operations can rapidly restart virtual machines(VMs) on alternate physical hosts, configure VMs in HA or fault-tolerant configurations, or non-disruptively migrate VMsto other hosts — within and across data centers.Figure 2Upgrading BC/DR Is A Top IT Priority Base: 661 US enterprise IT hardware decision-makersSource: Forrsights Hardware Survey, Q3 2012, Forrester Research, Inc.Figure 3Improving BC/DR Drives Adoption Of x86 Server Virtualization Base: 324 US enterprise IT hardware decision-makers who are interested in, planning to, or have adopted x86 virtualizationSource: Forrsights Hardware Survey, Q3 2012, Forrester Research, Inc.Page 3
  4. 4. Forrester ConsultingHow Organizations Are Improving Business Resiliency With Continuous IT AvailabilityActive-Active Data Center Adoption Is StrongTo achieve a higher level of availability without the high cost of an idle recovery data center or data center that IT usessimply to run deferrable workloads, many organizations are moving toward active-active data center architectures. In anactive-active data center architecture, there are production workloads operating at two or more data centers, and IT canfailover or maintain the high availability of these workloads across the data centers. An active-active data centerarchitecture is major first step toward achieving continuous availability. Continuous availability is a further advancementof active-active data centers; it combines HA/DR into a single approach by running a single, stretched instance of anapplication across two production data centers. To do this requires: 1) IT infrastructure and compute capacity distributedacross each site (servers, storage, network, etc.); 2) the ability to provide simultaneous application and data access betweenthe sites in a coherent fashion; 3) a stretched cluster across the sites; and 4) a load balancing mechanism that can routetransactions to the appropriate applications within each data center.In January 2013, EMC Corporation commissioned Forrester Consulting to further explore the consideration and pursuit ofactive-active architecture at large US organizations (1,000 employees and above). Our study found that: • Forty-four percent of organizations surveyed have already adopted active-active data center architecture. Thirty- two percent have applications at production data centers that can act as a failover for the other, while 12% run their applications in HA configurations across two production data centers (see Figure 4). Those in the former category, while not quite achieving continuous availability today, are in a better position to evolve to continuous availability in the future. Even among organizations that architect their data centers in active-passive configurations, 21% of them try to increase the utilization of redundant infrastructure at the recovery site by offloading secondary workloads such as application development and testing. It’s clear that organizations are moving away from active-passive configurations where expensive IT assets remain idle until a disruption. • Twelve percent of organizations have already moved toward a continuous availability service environment. By running applications in an HA configuration across their production data centers, these organizations can achieve continuous availability. If there is a local failure of any component (e.g., IT failure or human error) or an entire site failure (e.g., extreme weather, power outage, flood, or fire), these apps will continue processing. In addition to providing continuous availability, this type of combined HA/DR solution can also improve application performance by load balancing transactions across production data centers.There is a lot of confusion in the marketplace regarding the exact definition of continuous availability (CA), and thatdebate will likely continue. However, it can be helpful to compare and contrast DR, HA, and CA from a service perspectiveas follows. 1) The term itself, “disaster recovery,” implies that after a failure, the organization is down, and IT requiresmanual intervention to restart IT services. Once IT has made the decision to failover, the recovery process may in fact beautomated using technologies such as virtualization, but it still requires that initial human intervention. 2) High availabilityimplies that when a failure occurs, the recovery process is automatic — it does not need human intervention (e.g., VMsarchitected in HA and fault-tolerant configurations). 3) Continuous availability implies that the failure is transparent to theend application. In other words, the application does not see the failure.Page 4
  5. 5. Forrester ConsultingHow Organizations Are Improving Business Resiliency With Continuous IT AvailabilityFigure 4Many Organizations Have Already Adopted Active-Active Data Center Configurations Base: 80 US enterprise decision-makers involved in their organization’s disaster recovery strategySource: A commissioned study conducted by Forrester Consulting on behalf of EMC Corporation, January 2013Active-Active Data Centers Provide Operational And Financial BenefitsWhen Forrester Consulting asked organizations with active-active data centers about the benefits of this architecture, astaggering 89% of respondents agreed or strongly agreed that it had helped them unite HA and DR into a single approach(see Figure 5). This means that IT operations no longer has to invest separately in HA for localized failures and DR for sitefailures (or potentially sacrifice one or the other because of cost); they can have both in a single approach. The unifiedapproach also reduces overall cost because IT operations no longer must test each approach separately or maintaininfrastructure for both. Organizations identified other benefits, including the ability to: • Leverage off-the-shelf technology. Continuous availability solutions no longer require custom technology and complex integration; according to our study, 69% of organizations agreed or strongly agreed that they were able to achieve their combined HA and DR solution using off-the-shelf technology. This is important because it means that organizations not only save money, but they also reduce the complexity by avoiding investment and maintenance of custom technology in their environment. Complexity is a risk to availability, so avoiding unnecessary complexity and standardizing environments where possible is ideal. • Reduce DR capital expenditures. Normally, to achieve both HA and DR as a separate solution requires investment in redundant infrastructure locally for HA and at the production site for DR. With a combined approach that stretches across both sites, you can reduce the necessary capital expenditures on infrastructure. According to our study, 67% of organizations agreed or strongly agreed that they were able to reduce capital expenditures by combining HA and DR. • Reduce the downtime for all IT services and applications. With increasing technology dependence, it’s important that mission-critical, business-critical, and business-supporting applications achieve higher levels of availability. Historically, because of the cost of traditional DR approaches, organizations could only achieve the highest levels of availability for their mission-critical applications. With an active-active data center approach, by leveraging off-the- shelf technologies, reducing capital expenditures, and improving utilization, they can extend HA/DR protection to business-critical applications as well. According to our study, 86% of organizations agreed or strongly agreed that active-active data center reduced downtime for all IT services and apps.Page 5
  6. 6. Forrester ConsultingHow Organizations Are Improving Business Resiliency With Continuous IT AvailabilityFigure 5Continuous Availability Achieves Both Operational And Financial Benefits Base: 36 US enterprise decision-makers involved in their organization’s disaster recovery strategy who designate all data centers as production sitesSource: A commissioned study conducted by Forrester Consulting on behalf of EMC Corporation, January 2013More Organizations Are Ready For Continuous AvailabilityForty-four percent of organizations have already adopted active-active data center architectures today, and many of thoseorganizations without active-active data center architectures are struggling with DR. According to our study, 50% ofrespondents without an active-active data center configuration are not confident that their DR capability is scalable or willachieve their recovery objectives (see Figure 6). And 44% of the respondents agree or strongly agree that they struggle tomaintain an up-to-date DR environment either because of the rate of change in production or a lack of resources.Figure 6Those Without Active-Active Data Centers Are Ready For Continuous Availability Base: 44 US enterprise decision-makers involved in their organization’s disaster recovery strategy who have designated/separate production and recovery data centersSource: A commissioned study conducted by Forrester Consulting on behalf of EMC Corporation, January 2013Page 6
  7. 7. Forrester ConsultingHow Organizations Are Improving Business Resiliency With Continuous IT AvailabilityThese challenges, plus clear business demand for higher levels of availability, are driving many organizations to think abouta continuous availability approach. Implementing active-active data center capabilities is either a reality in manyorganizations or a consideration for the future. Consider that organizations surveyed: • Lack confidence in existing DR solutions. Eighty-two percent of respondents without active-active data center architectures aren’t sure that their DR solution will meet all recovery objectives. This lack of confidence diminishes the value of the recovery solution and defeats its purpose. Because traditional DR failovers are risky and costly, most IT operations teams avoid invoking a DR plan unless it is absolutely necessary, posing a dilemma for IT operations teams. When there is an outage, do you meet your SLAs to the organization by invoking recovery procedures, and risk a greater outage if the recovery fails, or wait it out (e.g., if it’s a power outage or a network or system failure that IT can attempt to remediate)? Unless the scenario is a “smoking hole,” many firms may opt to wait out an outage. • Believe that off-the-shelf continuous availability technology is mature. Overall, 58% of all the survey respondents have either implemented active-active data center architectures or believe that off-the-shelf technologies are mature enough to achieve a combined HA/DR solution — 69% of the active-active data center group use off-the-shelf components for their combined HA/DR solution, and 47% of the non-active-active data center group believe that off-the-shelf technology is mature enough to achieve the combination. • Have already adopted or are ready for continuous availability solutions. Today’s HA solutions are highly automated and provide a near-immediate replacement for losses of components or services without significant human intervention. A DR declaration, on the other hand, is risky, costly, and usually requires C-level concurrence. To improve DR as well eliminate the need to formally “declare” a disaster and invoke a recovery plan, 56% of the study group has already adopted some form of combined HA/DR or continuous availability solution or are considering it — 69% of the active-active data center group has a combined HA/DR solution, and 46% of the non- active-active data center group is interested in pursuing the combination.ConclusionOrganizational demands for higher levels of availability will only increase. It’s not a question of if but how IT operationswill achieve these demands cost effectively. By combining HA/DR in a single approach, organizations can achieve higherlevels of availability, even continuous availability, without the huge capital expenditures and costly overhead of separatesolutions and idle recovery data centers. Moreover, they can actually transform DR, from a shaky capability that IToperations is weary to invoke to an embedded ability to withstand the loss of individual components, or even sites, whilecontinuing to deliver IT services. The evidence is clear: Many organizations are already moving toward continuousavailability, many have already adopted active-active data centers and unified approaches to HA/DR using off-the-shelftechnology, and those that haven’t want to do so and believe that off-the-shelf technology is mature enough to do it.Obviously, moving to an approach like continuous availability does not happen overnight; it is a journey. As with other ITtransformations, organizations can perform a gap analysis using desired future state for continuous availability againstcurrent architecture and infrastructure. Using the gap analysis, they can then develop a road map that outlines both thestrategic and tactical shifts and changes that must occur to IT processes, architecture, and technology adoption, and onethat includes cost-benefit analysis to outline capital expenditures, operating costs, and cost savings and benefits.Page 7
  8. 8. Forrester ConsultingHow Organizations Are Improving Business Resiliency With Continuous IT AvailabilityMethodologyThis Technology Adoption Profile was commissioned by EMC Corporation. To create this profile, Forrester leveraged itsForrester/Disaster Recovery Journal Business Continuity Preparedness Survey, Q4 2011, as well as its Forrsights HardwareSurvey, Q3 2012. Forrester Consulting supplemented this data with custom survey questions asked of 80 US IT decision-makers at organizations with 1,000 or more employees. Respondents were involved in their organization’s disaster recoverystrategy, and their organizations currently use an alternate data center that acts as a failover or recovery site for theirproduction data center(s). Survey questions related to current architecture of their HA/DR capabilities and performance ofthose architectures in practice. The auxiliary custom survey was conducted in January 2013. For more information onForrester’s data panel and Tech Industry Consulting services, visit Source: Forrsights Software Survey, Q4 2012, Forrester Research, Inc.2 Results of the Forrester/Disaster Recovery Journal Business Continuity Preparedness Survey, Q4 2011; 61% of businesscontinuity decision-makers in US enterprises have invoked a business continuity plan (BCP). Of those enterprises, 55% citenatural disasters as the cause of that invocation, more than any other cause. Power outages (49%), IT failures (36%), flood(28%), fire (18%), and telecommunications failures (14%) were also cited as common causes of invoking a BCP.About Forrester ConsultingForrester Consulting provides independent and objective research-based consulting to help leaders succeed in their organizations. Ranging in scopefrom a short strategy session to custom projects, Forrester’s Consulting services connect you directly with research analysts who apply expert insightto your specific business challenges. For more information, visit© 2013, Forrester Research, Inc. All rights reserved. Unauthorized reproduction is strictly prohibited. Information is based on best available resources.Opinions reflect judgment at the time and are subject to change. Forrester®, Technographics®, Forrester Wave, RoleView, TechRadar, and Total EconomicImpact are trademarks of Forrester Research, Inc. All other trademarks are the property of their respective companies. For additional information, go[1-LRZVHP]Page 8