Business Continuity and Disaster Recovery Notes

Document Sample
Business Continuity and Disaster Recovery Notes Powered By Docstoc
					Business Continuity and
Disaster Recovery Notes
Objectives

• Toprovide outline options for implementing business
 continuity and disaster recovery
• To     outline possible solution architectures
• Todemonstrate experience and competence in business
 continuity
• To     identify possible next steps




 May 16, 2009                                           2
Agenda

• Understanding      of Requirements
• Business      Continuity and Disaster Recovery Information
         Continuity and Disaster Recovery Options and
• Business
 Technologies
• ServerVirtualisation and Business Continuity and
 Disaster Recovery
• Implementation      Notes




 May 16, 2009                                                  3
Norwich Union Overall Solution Requirements
•   Resilience
      − Reliable underlying hardware and software components
•   Scalable
      − Infrastructure that can grow to meet future requirements without significant
        engineering
•   Business Continuity and Disaster Recovery
      − Solution that provides disaster recovery and business continuity
•   Manageable
      − Solution that is easily manageable
• Secure
• Return on Investment
• Simplicity
      − Few components and vendors to reduce complexity and risk
•   Risk
      − Solution must incorporate proven technologies
    May 16, 2009                                                                       4
Protecting the Business




 May 16, 2009             5
Round Up the Usual Statistics

• 80%           of businesses have no plan
   − “It won’t happen to me”
• 68% of businesses who experience a disaster and don’t
 have a plan go out of business within 2 years
• One  in five organisations will suffer a major IT disaster
 in five years
•A company experiencing a computer outage lasting
 longer than 10 days will never fully recover



 May 16, 2009                                                  6
Round Up the Usual Statistics

•   The loss of IT capacity and telecommunications is seen as the
    worst disruption scenarios for organisations
      − 48% of managers surveyed admit that their businesses have experienced
        one or more interruptions within the past year
      − 57% of business disasters are IT-related
•   About half of small and medium-sized firms now do perform
    some sort of data backup, but not always adequately
      − Large numbers of businesses would be unable to recover business data
        after a server crash or disaster
•   It takes 19 days and costs in excess of €14,000 to re-enter just 20
    MB worth of sales and marketing data
      − Retrieving accounting records is even worse; they require over 21 days of
        work and cost over €15,700 to re-type
•   93% of businesses say that data storage is an extremely important
    part of their organisation but only 20% of those surveyed said
    that there was a high level of understanding of storage and
    storage issues within their companies
    May 16, 2009                                                                    7
Reasons for Data Loss


                Human Error
                   30%                               Hardware
                                                      Failure
                                                       42%




                                                    Hardware
                                                   Destruction
                                                       3%
                 Software
                Corruption                 Theft
                   13%        PC Viruses    5%
                                 7%



 May 16, 2009                                                    8
US Cost of Downtime Survey

• 46%said each hour of downtime would cost their
 companies up to $50k
• 28%said each hour would cost between $51K and
 $250K
• 18%  said each hour would cost between $251K and $1
 million
• 8%said it would cost their companies more than
 $1million per hour



 May 16, 2009                                           9
Survival Risk

• At    what point is the survival of your company at risk?
   − 40% said 72 hours
   − 21% said 48 hours
   − 15% said 24 hours
   − 8% said 8 hours 9% said 4 hours
   − 3% said 1 hour
   − 4% said within the hour




 May 16, 2009                                                 10
Affects of Outage

• Lost          revenue and business interruption
• Possible          litigation
• Lost          competitiveness and lost business
• Loss          of company reputation
• Financial          cost




 May 16, 2009                                       11
Specific Business Continuity and Disaster Recovery Requirements


•   RTO — Recovery Time Objective
      − How quickly should critical services be restored
•   RPO — Recovery Point Objective
      − From what point before system loss should data be available
•   How much data loss can be accommodated
                      RPO (Recovery Point            RTO (Recovery Time
                   Objective) – Time Since Last   Objective) – Time to Recover
                          Good Backup
                                      System Loss/Failure




       Last System Backup/Copy                                         System Restored

                       Overall Recovery Time – From Last Backup to System
    May 16, 2009
                                            Recovery                                     12
Components of Effective Business Continuity and Disaster
Recovery



                 Operational                  Business
                  Disaster                  Continuity and
                  Recovery                     Disaster
                And Business                  Recovery
                 Continuity                    Facility
                    Plan




               Business                        Primary
            Continuity and                  Infrastructure
               Disaster                      Designed for
              Recovery                      Resilience and
            Processes And                   Recoverability
             Procedures

 May 16, 2009                                                13
Components of Effective Business Continuity and Disaster
Recovery

•       An operational Business Continuity/Disaster Recovery
        facility consists of four key components:
        1. Facilities and Infrastructure — the underlying IT infrastructure
           and data must be structured to be resilient and recoverable
        2. Processes and Procedures — Business Continuity/Disaster
           Recovery must be incorporated into standard processes and
           procedures
        3. Operational Business Continuity/Disaster Recovery Plan —
           there must be an operational and tested plan to recover
        4. Business Continuity and Disaster Recovery Facility — there
           should be a facility from which the recovered systems can
           run


    May 16, 2009                                                              14
Stages for Implementing Business Continuity and Disaster
Recovery


                                            Business
                                          Continuity and
                                             Disaster
                                            Recovery


                             Resilience
                             and Fault
                             Tolerance




                   Data
                Backup and
                 Recovery




 May 16, 2009                                              15
Possible Core Architecture (Virtualised)

                                 1.   Core server infrastructure
                                      virtualised for resilience
                                      and fault tolerance
                                 2.   Centralised server
                                      management and backup
                                 3.   SAN for primary data
                                      storage
                                 4.   Backup to disk for speed
                                 5.   Tape backup
                                 6.   Two-way data
                                      replication




 May 16, 2009                                                      16
Resilience

                •   Virtual infrastructure
                    in HA (High
                    Availability) Cluster
                •   Fault tolerant primary
                    infrastructure
                •   Failing virtual servers
                    automatically restarted
                •   Dynamic reallocation
                    of resources
                •   Reduces need to
                    invoke business
                    continuity plan

 May 16, 2009                                 17
Business Continuity and Disaster Recovery

                                    •   Failing servers can
                                        be recovered on
                                        other site
                                    •   Virtualised
                                        infrastructure will
                                        allow critical servers
                                        to run without the
                                        need for physical
                                        servers
                                    •   Virtualisation makes
                                        recovery easier —
                                        removes any
                                        hardware
                                        dependencies
 May 16, 2009                                                    18
Business Continuity and Disaster Recovery Considerations


•   Understand what you are protecting against
      −   Hardware failure or damage
      −   Application and data corruption
      −   Site failure or denial of access
      −   Fires, chemical spillages, sickness/epidemic
•   Define level(s) of service to be provided
•   Define recovery method(s)
•   Understand system and application landscape
•   Understand business requirements and align information
    technology infrastructure to meet them
•   Define cost and benefits of implementing levels of resilience and
    recoverability

    May 16, 2009                                                        19
Sample Highly Resilient Infrastructure




 May 16, 2009                            20
Data Replication Options

• Option          1 — Direct server replication
   − Each server replicates to a backup server in the other site
• Option 2 — Consolidated virtual server backup and
 replication of server images for recovery
   − Copies of virtual servers replicated to other site for recovery
• Option          3 — Data replication
   − Replication of SAN data to other site
• Option          4 — Backup data replication
   − Replication of backup data to other site
• Each          option has advantages and disadvantages

 May 16, 2009                                                          21
WAN Optimised Accelerated Offsite Backup and Replication for
Business Continuity and Disaster Recovery


               Tape                                                                  Storage
                                                                               Tape                 Filers
              Backup                                                          Backup




                                                         WAN

                                        SECONDARY DATA         PRIMARY DATA
                                           CENTRE                 CENTRE
            File
           Servers Mail      Filers                                                                 Mail
                   Servers                                                      File      Web      Servers
                                                                               Servers   Servers
                    Transparent WAN
                    Optimisation Unit


•   LAN-like performance of file sharing from anywhere
•   Cut backup times by 75% or more
•   Use 90% less WAN bandwidth in the process
•   Allows use of lower speed links to saving ongoing costs — for
    example, 2 Mbps becomes 20 Mbps at least
    May 16, 2009                                                                                             22
Server Virtualisation and Disaster Recovery

• Server        virtualisation assists recovery from disaster
   − Enables easier testing
   − Enables successful recovery
   − Simplifies recovery
   − Reduces costs of recovery infrastructure
   − Enables business continuity
• Changing         disaster recovery requirements
   − Higher standards are required
   − More reliability is expected
   − Faster pace of business generates more critical change
   − Intense competitive environment requires high service levels

 May 16, 2009                                                       23
Virtualised Solution RPO and RTO

• Low           RTO and RPO for immediate recovery
         can grow to support additional servers easily
• Solution
 and quickly
                           Systems Available
                             Immediately


                                          RTO
                                                   2
                                    RPO




                                     3         1
                      Last System                      System Loss
                        Replica
 May 16, 2009                                                        24
Business Continuity and Disaster Recovery Implementation
Approach

•     The System Dynamics approach to implementing effective
      Business Continuity consists of two phases:
        1. Solution Design — your Business Continuity/Disaster Recovery
           requirements are identified and documented and a solution and an
           implementation plan are developed
        2. Solution Implementation — the previously defined and agreed solution is
           implemented
                                Solution Design                                    Solution Implementation



                                   Business
                                                    Solution
                                 Requirements                     Implementation
 Project              Risk                           Design                           Solution
                                     and                               Plan                            Testing
Initiation         Assessment                         and                          Implementation
                                    Impact                           Roadmap
                                                  Documentation
                                   Analysis




    May 16, 2009                                                                                                 25
Maintaining Business Continuity and Disaster Recovery


•   Once implemented, effective
    ICT business continuity must                 Exercise,
                                                 Test and        ICT
    be regarded as a continuous                  Maintain
                                                   ICT
                                                              Business
                                                             Continuity
    process                                      Business
                                                Continuity
                                                               Project

                                                   Plan
•   While this imposes an
    overhead it ensures that
    business continuity            Embed ICT
                                                                      Understand
                                                                       the Critical
    implementation will continue    Business
                                   Continuity
                                                                      Systems and
                                                                      Applications
    to meet the requirements of     into ICT

    the business and meet audit
    compliance requirements
•   Good solution design will                    Develop
                                                   ICT
                                                              Develop
                                                              Strategy
    minimise maintenance effort                  Business
                                                Continuity
                                                               for ICT
                                                              Business
    as continuity is embedded                   Plans and
                                                Processes
                                                             Continuity


    May 16, 2009                                                                  26
View of Business Continuity and Disaster Recovery

• Vendor         independence
• Aware         of all solution options
• Aware         of enabling technologies
   − Server virtualisation
   − Hardware and software replication
   − WAN optimisation
• Can design the best and most cost-effective possible
 solution Suits the needs of the organisation rather than
 the vendor
   − Assist in vendor selection and negotiation
• Focus         on entire solution
 May 16, 2009                                               27
Structured Approach to Business Continuity and Disaster Recovery Analysis and
Design

                                                                            ICT
                                                                    Business Continuity
                                                                         Planning


                                                                                                                                   Phase 5 — Draft and
   Phase 1 — Project                   Phase 2 — ICT                   Phase 3 —ICT                       Phase 4 —
                                                                                                                                      Final Report
   Initialisation and                Infrastructure and             Business Continuity                  Information
                                                                                                                                     Production and
     Mobilisation                   Application Analysis                 Options                        Consolidation
                                                                                                                                      Presentation

                                                        Analyse and                    Define and
                                                                                                                   Consolidate Analysis
                                                       Document ICT                   Document ICT                                                       Draft Report
                  Agree Project Scope                                                                                  and Design
                                                     Infrastructure and                 Recovery                                                         Presentation
                                                                                                                      Information
                                                        Applications                  Requirements

                                                    Collect Server and
                                                                                     Define Business
                                                       Application                                                     Define and
                        Agree Project                                                  Continuity                                                        Final Report
                                                      Inventory and                                                 Document Recovery
                         Timescales                                                  Operations and                                                      Presentation
                                                     Resource Usage                                                     Scenarios
                                                                                      Architectures
                                                       Information

                                                                                    Produce Financial
                                                     Business Critical                                              Document Business
                        Agree Project                                                 Analysis and
                                                    Application Owner                                                  Continuity                         Handover
                        Deliverables                                                 Implementation
                                                         Meetings                                                      Operation
                                                                                    Plans for Options


                    Agree Business                                  Define Application
                    Owner Meeting                                       Recovery
                      Schedule                                        Requirements


                                                     Define Detailed
                     Agree Project
                                                     Business Critical
                    Communication
                                                    Recovery Processes




 May 16, 2009                                                                                                                                                           28
Structured Approach to Business Continuity and Disaster Recovery Analysis and
Design


• Structured     approach
   − Phase 1 — Project Initialisation and Mobilisation
   − Phase 2 — ICT Infrastructure and Application Analysis
   − Phase 3 — ICT Business Continuity Options
   − Phase 4 — Information Consolidation
   − Phase 5 — Draft and Final Report Production and Presentation
• Focus is to develop a practical, realistic and cost-
 effective business continuity plan and to identify pre-
 requisite and associated work in order to make business
 continuity more effective
• Detailed      workplan that will address all areas
 May 16, 2009                                                                   29
What Can be Done


• Identify,define and document business continuity and
 disaster recovery requirements
• Design business continuity and disaster recovery
 solution options
      the most appropriate solution, technologies and
• Select
 vendors
• Assist        with development business continuity plan
• Assist        with and manage implementation
• Define total business continuity solution encompassing
 offerings from various vendors
 May 16, 2009                                               30
Benefits of Structured Approach

• Practical     and results-focussed approach
        knowledge of business continuity
• Detailed
 implementation
• Knowledge       and experience of relevant technologies
• Complete       set of relevant skilled personnel in the area
 required
• Vendorindependence and knowledge of likely products
 and vendors



 May 16, 2009                                                    31

				
DOCUMENT INFO
Shared By:
Categories:
Stats:
views:383
posted:5/17/2009
language:English
pages:31
Description: Business Continuity and Disaster Recovery Notes