Embed Size (px)
DESCRIPTION
Citation preview
PRESENTS
DISASTER RECOVERY & BUSINESS
CONTINUITY IT BEST PRACTICES
DECEMBER 8TH, 2009
House Keeping
• Rest rooms
• Food
• NDA
Objectives For Today
Signature
Technology
Network
Overview
The Business
Aspects of IT
Disaster
Recovery &
Business
Continuity
Technical
Best
Practices
Toys for Tots
The U.S.
Marine Corp
Lunch &
Networking
Opportunity
10 Minutes 75 Minutes 75 Minutes 15 Minutes 60 Minutes
Who is The Signature Group?
Founded in 1997 as an IT Consulting, Strategy Management & Systems Integration Firm
Three Primary Practice AreasEnterpriseSmall & Mid-MarketFederal, State, Local Government
BusinessProgram and Project ManagementStrategic PlanningMergers and AcquisitionsProof of Concept, R&D and StandardsTechnology Process and Change ManagementRegulatory ComplianceDisaster Recovery Planning
Design and ImplementationServer Consolidation and VirtualizationConsolidated/Shared StorageDatacenter Design and ConsolidationLocal and Wide Area NetworksWireless Solutions & NetworksNetwork Security and AuditsVoice over IP solutions (VoIP)Unified MessagingCorporate Messaging (Exchange)Global Directory Services (AD/NDS)
SignatureCare Managed ServicesTurn Key Monitoring and ManagementHelpDeskOver-The-Wire Data ProtectionReal Time Disaster Avoidance/Recovery
Select TSG Clients
What is STN?
Signature Technology Network (STN) is a free membership based group* of Senior IT
Executives in the DC Metro Area from a broad array of industries.
Purpose:
• Social and Peer Networking
• Sharing of Best Practices
• Discuss Technology & Business Solutions
• Access to Independent Industry Experts
• Forum for Ongoing Education
Dedicated Learning Sessions
Panel Discussions
Roundtable Events
Manufacturer and Vendor Presentations
Looking to the Future of IT
Benefits:
• Learn from Success and Failures of Peers
• Understand Do’s, Don’ts and Best Practices
• Learn the Solutions that Your Peers are Using to
Improve the Performance of Their Business
• Hear What Independent Experts Say About
Various Technologies and Business Solutions
• Gain Direct Access to Manufacturers and
Vendors to Understand their Long Term Road
Maps and How These Will Help You Plan And
Invest Wisely For The Future
•NDA’s are required for all participating members
Signature Technology Network
STN 2010 Events Calendar
• Tuesday, January 12, 2010
Windows 7/Server 2008/Active Directory
8:00 am – Noon
The Tower Club
• February 10-12, 2010
Collaboration Technologies & Managed Services Exhibition
Virtualization Business and Technology Best Practices – Educational Track
ASAE Technology Conference
Walter E. Washington Convention Center
• Tuesday, March 9, 2010
Microsoft Exchange 2010 and Collaboration Solutions
8:00 am – Noon
The Tower Club
For Small and Medium Enterprises
Michael Perdue, Chief Executive Officer
The Signature Group, Inc.
Important Thoughts
A Flexible and Fluid Plan is Required to Handle a Broad Range of Situations
“A Failure to Plan is a Plan to Fail”
• Winston Churchill
“No Plan of Battle Ever Survives Contact With the Enemy”
• Credited to Field Marshall Helmuth von Moltke, General George C. Marshall and Napoleon Bonaparte
Interesting Facts & Stats
60-90% of all companies that suffer from a disaster and do not recovery critical systems within 30 days are acquired or out of business in 2 years – International Data Corp
Only 6% of companies suffering from a catastrophic data loss survive, while 43 percent never reopen and 51 percent close within two years – University of Texas Study
Only 35 percent of SMBs have a comprehensive disaster recovery plan in place – Gartner
SMB’s lose an average of $84,000 for every hour of system wide downtime – International Data Corp
The survival rate for companies without a disaster recovery plan is less than 10% – Touche Ross
So What Do We Really Mean By Disaster
The Disaster Spectrum
Extinction Level Event OUT OF SCOPE
Global Thermonuclear War (Too Big)
______________________________________________________
9/11
Flood, Hurricane, Tornado, Blackout
Building Fire
Facilities Issues
Core Switch, Router or Carrier Failure IN SCOPE
Critical Application Outage
______________________________________________________
Non-critical Server Outage
Access layer switch down OUT OF SCOPE
CEO drops Iphone in toilet (Normal Maintenance)
User spills coffee in keyboard
The Typical Disaster
• Fairly Localized- Even 9/11 was an extremely geographically localized event
• Lasts between 1-5 days - Don’t build a plan based on the 100 year earthquake/hurricane unless
the financial or risk impact is so great that the cost is justified
Examples of the Most Common Disasters
Extended Power Outage Extended Carrier Outage
Critical System Failure Facilities Issues
Hurricane Tornado
Earthquake Fire
Pandemic Flood
Define Objectives
RTO and RPO must be balanced against financial and risk requirements
The Solution Spectrum
Recovery Time and Point Objective
Weeks Days Hours Minutes Seconds
Off-Site
Tapes
Data
Vaulting
Asynchronous
Replication
Synchronous
Replication
Geographically
Extended
Clusters or
Virtualized HA
Platforms
Data
Availability
Needs
Amount of
Non-
Reproducible
Data
The RPO Organizational Spectrum
Recovery Point Objective
Days Hours Minutes Seconds
Associations
& Non-
ProfitsProfessional
Services
Firms
Financial
Institutions Non-
Reproducible
Data
Transactions
or Data
Change per
Second
Retail
Online
Transaction
based
Vendors
Should be based on
Financial and Risk Impact
Organization Size Matters
It’s an Issue of Balance
Disaster Solution
Cost to Implement
Cost to Maintain
Risk
Cost of Downtime
and/or Lost Data
Defining your “Objectives”
Inventory all Systems and Applications
• Include System Dependencies
Perform Financial and Risk Analysis for each System
Categorize
• Critical ∙ Nice to have
• Sensitive ∙ Should be dead already
• Vital
Define your RTO and RPO by Category/System
DR Thoughts and Best Practices
Build a Plan Based on Automation, Systems,
Processes, & Documentation
John or Jane may have been affected by the disaster
Align your Plan with your RTO and RPO Requirements
Per System, Service and Application
RTO and RPO should not be globally defined
Every Organization is Different therefore Every Plan should be Different
Tape Backup and Restoration alone is not Traditionally Considered an Effective
Disaster Recovery Option unless RTO and RPO is
Extremely High
.
The Recovery Data Center/Facility
Initial Tendency is Typically too Aggressive
• If you are not NORAD then don’t plan like NORAD
Align Recovery Center Location and Facility with Organizational Requirements
• If all of your employees and/or clients are located in the DC metro area don’t put your redundant data center in Utah/Denver/Kuala Lumpur
• Best Practice for SME is greater than 20 miles but less than 60 miles from your primary facility -- location dependant
• Align geographic location of recovery center with staff that is knowledgeable about your systems
• Use remote offices where practical (if systems, staff, connectivity and facilities can support)
• DON’T COUNT ON TRAINS and PLANES
The Recovery Data Center/Facility
In Major Disasters Long Haul Communications may be Substantially Compromised
Understand the Specifics about Collocation Facilities:
• Carrier• Power• Fire Suppression• Hardened Status• Physical Security• Placement on National Critical Infrastructure List• Green Initiatives/Programs
The Datacenter Facility
Traditional Models
Internal Datacenter
Facility
High Availability and Failover
Between Systems
Redundant Telco Connectivity
Limited Power Redundancy
Offsite Backups or Data Replication
Collocation Datacenter
Facility
High Availability and Failover
Between Systems
Redundant Telco Connectivity
Multiple Levels of Power
Redundancy
Offsite Backups or Data Replication
Internal Datacenter w/ Hot or Standby
Facility
High Availability and Failover
Between Systems and Locations
Redundant Telco Connectivity
Multiple Levels of Power
Redundancy
Replicated Data Between Locations
and Offsite Data Protection
Internal Multi-location
Datacenter Facilities
High Availability and Failover
Between Systems and Locations
Redundant Telco Connectivity
Multiple Levels of Power
Redundancy
Replicated Data Between Locations
and Offsite Data Protection
Cost to Implement & Maintain
Non-Carrier
Neutral
Facilities
Less focus on
Protection
The 9 Step Planning Process
1. Services/System Inventory
2. Critical Vendor Inventory
3. Risk/Financial Analysis & Categorization
4. Identify Possible Solutions
5. Select Solutions
6. Implement Solutions
7. Create Recovery Manual & Documentation
8. Test Recovery (“Soft” and “Hard” testing)
9. Train, Maintain, and Continual Testing
Step 0. Selling Management• Define Legal, Audit, and Regulatory Requirements
- Sarbanes-Oxley
- HIPPA
- SEC
- Contract or Client Specific Requirements
• Perform Financial Analysis - Cost of Downtime or Lost Data
• Perform Risk Analysis- Risk Associated with Downtime or Lost Data
• Avoid FUD Approach (Fear, Uncertainty, and Doubt)
Less of an issue in the post 9/11 and SoX world
Questions & Answers
