Use two data centers, a primary and a backup.
For medium scale businesses that are geographically diverse or highly dependent on information technology and large enterprises that are not geographically diverse, a primary and secondary data center are appropriate in order to assure continuity of operations across facility-related failures without long delays in recovery. Backups are mandatory, but these backups should be reflected in a timely fashion in the backup facility so that recovery and continuity of operations is assured at all times and within time frames that prevent serious negative consequences to the information utility of the company. The backup site should also be populated with adequate personnel to continue operations if the primary fails catastrophically and people cannot be transported to it. Putting all of the enterprise eggs in one basked or allowing single points of failure is irresponsible. A common strategy is to put research and development in one facility and operations in the other. This provides the facilities required to do proper change control and testing on realistic systems and enough computing power for effective R&D. The R&D staff may even be able to operate in an emergency for a limited time.
Use more than two data centers distributed across the regions where the business functions.
For any large enterprise that is geographically distributed or medium scale enterprise with high dependency in information technology and geographic distribution, geographically distributed data centers in major regions of operation should be in place to support critical business functions while also affording higher performance for the local area and retaining appropriate expertise in multiple facilities to continue business operations even if regional disasters or government failures take place. The larger and more distributed the company, the more opportunities there are for geographic distribution and redundancy. Not all data centers must have copies of all content. Rather, distribution of content over data centers and levels of redundancy should be determined by utility of local versions of information combined with business impacts of failures. As in the two data center case, recovery times are important to understanding the design of the redundancy. Infrastructure, and other dependencies should be considered, and personnel redundancy is critical.
In all cases: Backups facilities, backups, and backup and recovery processes should be tested and verified periodically. This is typically done at least once per year as part of business continuity planning efforts. Backups should be verified as they are taken, so that loss of backup data because of media failures should never be at issue for the short run. Redundancy is a complex subject and the exact number of redundant data centers is highly dependent on the criticality of information. Many financial institutions have five or more data centers each capable of running all financial transactions. Many companies are sufficiently diverse that they have limited redundancy for individual systems, but many facilities with data centers holding different capabilities, so that only a small fraction of the business fails if a data center is lost. Less diverse businesses and businesses undergoing data center consolidation for cost savings sometimes end up with inadequate redundancy. Some large enterprises have had complete business failure because of a single point of failure in a business critical system.