View Single Post
  #7   (View Single Post)  
Old 16th May 2009
jggimi's Avatar
jggimi jggimi is offline
More noise than signal
 
Join Date: May 2008
Location: USA
Posts: 7,975
Default

5-10 years ago, when I was consulting in this area of infrastructure, the best practice was to have remote replication distant enough to be on a separate power grid -- and for my customers in earthquake susceptible areas, distant enough to be on a separate tectonic plate, as well.
At the time, there were no specific business continuity standards requiring compliance. As I have been out of this part of the industry for some years, I do not know if standards were developed. More recently I have been involved in U.S. regulatory compliance considerations, and to the best of my knowledge there are no specific remote replication standards to be met in the regulatory acts I've dealt with since 2002. This list includes both general use and industry specific federal regulations over data management such as ITAR, Sarbanes-Oxley, TREAD, and HIPAA.
The remote replication technologies I had expertise in were usually configured with private point-to-point telecom connections; alternatively, we could allow customers to implement a dedicated single-purpose VPN. The latter is not as secure as a private connection for data replication, of course, but by limiting it to single-purpose the possible attack vectors are significantly easier to control.

EDIT: I should point out that one method for managing data latency with remote replication, if done continuously, is to have two tiers: a relatively local facility -- typically on-campus but off-site, for synchronous updates; and a second tier at distance which is replicated from the first tier asynchronously.

Last edited by jggimi; 16th May 2009 at 02:59 AM.
Reply With Quote