“No I didn’t. Honest… I ran out of gas! I–I had a flat tire! I didn’t have enough money for cab fare! My tux didn’t come back from the cleaners! An old friend came in from out of town! Someone stole my car! There was an earthquake! A terrible flood! Locusts! IT WASN’T MY FAULT, I SWEAR TO GOD!!!”
This is probably one of the most famous quotation of this movie and it represent for me, the drama someone could live during a disaster recovery activity.
This maybe could happen if you won’t plan your DR, properly.
Unfortunately, many of us (IT related consultants), are frequently in a situation where you suggest the correct way but later, someone, cut the costs, removing important pieces of your work, just because they are not mentioned by the law as mandatory.
This time the question is: what is mandatory to be DR compliant? The stuff you have or the service you give?
I googled around to find if workstations in Disaster Recovery are mentioned in DR plans and, unfortunately, I haven’t found anything specific.
There are three basic parts to every workstation that should be considered when thinking about disaster recovery: The operating system, the applications and the personal settings.
So, while Nick’s post is focused on the technical aspect of the workstation you have in DR, I’d like to talk about one of my first sentence in this post: it’s a matter of being compliant or be qualitative efficient?
As far as I’ve read till now, there’s no specific regulation about users workstations. It’s up to you (consider them or not).
But what if you chose not to consider them? As Nick’s post says
Let’s play your plan forward just a bit. A disaster strikes that impacts the customer’s entire building, you swoop in to save the day, execute your disaster plan and you get every bit of the network, servers and data back up and running.
Then the grasshoppers begin to chirp.
Why? Because no one thought to include workstations in the disaster recovery plan so no employees are connecting to said servers and getting any work done.
Your service could be unreachable(or could be returned online), and you don’t even realize…maybe ’cause you have no workstation for monitoring purposes.
I repeat, your infrastructure is fully DR compliance (in a formal way), but your service is not available. Are you still compliance?