Drp Bcp Testing Alternatives

2,700
-1

Published on

DRP Testing alternatives, relative costs & benefits.

0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total Views
2,700
On Slideshare
0
From Embeds
0
Number of Embeds
2
Actions
Shares
0
Downloads
0
Comments
0
Likes
1
Embeds 0
No embeds

No notes for slide

Drp Bcp Testing Alternatives

  1. 1. DRP/BCM - Testing Alternatives A Roundtable Discussion April 26, 2009 Gabe Gewurtz
  2. 2. DRP/BCM SIG - Testing Alternatives <ul><li>DR Program Objective: </li></ul><ul><li>Risk management of a disastrous event </li></ul><ul><ul><li>Potential Cost of a disaster outage: recover cost + potential losses in Risk Analysis vs. </li></ul></ul><ul><ul><li>Cost of a program to survive a disaster: mitigation, recovery plans + Testing </li></ul></ul><ul><li>Purpose of DR Program: </li></ul><ul><ul><li>Support recovery of critical business function(s) </li></ul></ul><ul><ul><li>Support BCP of critical business function(s) </li></ul></ul><ul><ul><li>Help the Enterprise survive a disaster event with minimum losses & cost </li></ul></ul><ul><li>Purpose of DR Testing: </li></ul><ul><ul><li>Increase Confidence that business functions Will Survive a Disaster </li></ul></ul><ul><li>Successful DR Testing Requires: </li></ul><ul><ul><li>Well understood & articulated purpose, objectives & scope </li></ul></ul>
  3. 3. DRP/BCM SIG - Testing Alternatives <ul><li>Structure of a DR Plan; relevant for testing </li></ul><ul><ul><li>Assumptions: TECHNOLOGY </li></ul></ul><ul><ul><ul><li>High-level or Planning Assumptions; recovery site, licenses, security certificates </li></ul></ul></ul><ul><ul><ul><li>Detailed or Working Assumptions; FW rules, SW releases, versions </li></ul></ul></ul><ul><ul><ul><li>Are the Assumptions Complete, Valid & Correct </li></ul></ul></ul><ul><ul><li>Recovery Teams: PEOPLE </li></ul></ul><ul><ul><ul><li>Test Participants </li></ul></ul></ul><ul><ul><ul><li>Do Recovery Teams Know their Roles & Responsibilities and can they execute plans with minimal problems </li></ul></ul></ul><ul><ul><li>Detailed Recovery Procedures: PROCESS </li></ul></ul><ul><ul><ul><li>“ The Payload” </li></ul></ul></ul><ul><ul><ul><li>Are the Procedures correct & can be executed within RTO </li></ul></ul></ul><ul><ul><li>DR Testing: Results in </li></ul></ul><ul><ul><ul><li>Confidence that can recover Technology & Support the Business Processes, as expected within RTO at minimum cost & losses </li></ul></ul></ul>
  4. 4. DRP/BCM SIG - Testing Alternatives <ul><li>Types of DR Plans: </li></ul><ul><ul><li>Organization DR Plan: affecting multiple sites; eg. A virus, Y2K </li></ul></ul><ul><ul><li>Site DR Plans: affecting a single site ; eg. A fire </li></ul></ul><ul><ul><li>Infrastructure DR Plans: affecting several LOBs or applications </li></ul></ul><ul><ul><ul><li>Eg. Network, DNS servers, Firewall appliances, antivirus servers </li></ul></ul></ul><ul><ul><li>Shared Services DR Plans: affecting several LOBs, groups </li></ul></ul><ul><ul><ul><li>Enterprise backup/recovery, DBMS “farm”, Exchange server(s), etc. </li></ul></ul></ul><ul><ul><li>Application DR Plans: affecting individual applications </li></ul></ul><ul><ul><li>ALSO: </li></ul></ul><ul><ul><li>Alignment with Site & LOB BCPs </li></ul></ul><ul><ul><li>Alignment with Vendor & Client BCP, where applicable </li></ul></ul>
  5. 5. BCP silos by LOB, Biz Unit & Process DRP silos by System & Application BCP silos by LOB, Biz Unit & Process DRP silos by System & Application External Vendor & Client BCPs DRPs & other Plans ……… . Enterprise-wide, Infrastructure & Shared Services Enterprise Wide DRPs & BCPs Enterprise DR & BC Program interdependencies Site Infrastructure & Shared Services Site Infrastructure & Shared Services External Infrastructure & Shared Services Site 1 Site 2
  6. 6. DRP/BCM SIG - Testing Alternatives <ul><li>Possible Test Objectives </li></ul><ul><li>Are the Planning Assumptions valid; sites , licenses, certificates updated </li></ul><ul><li>Are the Working Assumptions valid ; SW at correct levels, FW rules, etc </li></ul><ul><li>Do the Recovery Teams know what & how to recover; new staff </li></ul><ul><li>Can the Recovery Teams execute the Procedures, skill improvement </li></ul><ul><li>Are the Recovery Procedures correct, as documented; any errors? </li></ul><ul><li>Are the Recovery Procedures complete, as documented; any omissions? </li></ul><ul><li>Can the Recovery Requirements be achieved </li></ul><ul><li>Can the Recovery be completed within the RTO </li></ul><ul><li>Can Recovery procedures be executed by non-designated teams </li></ul><ul><li>Are the Recovery & Results repeatable </li></ul><ul><li>Are Recovery capabilities Robust; can they handle unexpected problems </li></ul>
  7. 7. DRP/BCM SIG - Testing Alternatives <ul><li>Possible Test Scenarios </li></ul><ul><ul><li>Site Outage, including all the hosted infrastructure, servers & software </li></ul></ul><ul><ul><li>Single Application Outage, including all its servers, software & infrastructure </li></ul></ul><ul><ul><li>Short Outage </li></ul></ul><ul><ul><li>Long Outage </li></ul></ul><ul><ul><li>Test / Don’t Test Return-Home Procedures </li></ul></ul><ul><ul><li>Include / Don’t include BCP for Recovery & Support Teams </li></ul></ul><ul><ul><li>Do NOT impact Production: Isolated Test configuration </li></ul></ul><ul><ul><li>Run Production at Recovery site </li></ul></ul><ul><ul><li>Introduce Test Faults (Murphys) </li></ul></ul>
  8. 8. Assess Risk Assessment Business Impact Analysis Inventory and Rank Applications Define High Level Strategy & Requirements Develop Obtain Management Approval Launch DR Project Design and Specification of Recovery Solutions Identify Roles & Responsibilities Cost/Benefit Analysis Maintain and Test Awareness Training Desktop Tests, Configuration Tests Live Tests & Training Mock Disasters Use Change Management Implement Form Teams Ensure Proper/Suitable Backups Develop Recovery and Alternate Processing Plans Arrange/Build Alternate Site(s) Negotiate/Finalize 3ed-Party Contracts Develop / unit test Recovery Plans & Procedures Recovery infrastructure / Facilities Support considerations The Disaster Recovery Planning Process <ul><ul><li>Typical DRP Life-Cycle phases </li></ul></ul><ul><ul><li>Applies to New & Mature systems & their DR Plans </li></ul></ul><ul><ul><li>For New Systems; more effort on Develop & Implement </li></ul></ul><ul><ul><li>For Mature Systems; more effort on Maintain & Test </li></ul></ul>
  9. 9. Assess Risk Assessment Business Impact Analysis Inventory and Rank Business Functions Define High Level Strategy & Requirements Develop Obtain Management Approval Launch BC Project Design and Specification of Recovery Solutions Identify Roles & Responsibilities Cost/Benefit Analysis Maintain and Test Awareness Training Desktop Tests, Configuration Tests Live Tests & Training Mock Disasters Use Change Management Implement Form Teams Ensure Proper/Suitable Backups Develop Recovery and Alternate Processing Plans Arrange/Build Alternate Site(s) Negotiate/Finalize 3ed-Party Contracts Develop/ unit test Recovery Plans & Procedures Recovery infrastructure / Facilities Support considerations The Business Continuity Planning Process <ul><li>BCP Life-Cycle phases; similar to DRP Life-Cycle </li></ul>
  10. 10.
  11. 11. DRP/BCM SIG - Testing Alternatives <ul><li>Types Disaster Recovery Plan Tests: </li></ul><ul><li>DRP Walkthrough: </li></ul><ul><ul><li>Verbal tabletop review by all stakeholders </li></ul></ul><ul><li>Alternate site DR Server (Planning Assumption) Validation Tests: </li></ul><ul><ul><li>Check assumptions that DR HW, SW & applications are correct & ready for activation </li></ul></ul><ul><li>Alternate site DR Infrastructure (Working Assumption) Validation Tests: </li></ul><ul><ul><li>Check assumptions that server intra-connections (FTP and other network connections) are correct & ready for activation </li></ul></ul><ul><li>DR Application Component (Unit) Test: </li></ul><ul><ul><li>Validate the recovery procedures of a single or logical group of applications, as documented in the DRP. </li></ul></ul><ul><ul><ul><li>Eg. Health Checks that the new recovery solutions and procedures being developed are correct </li></ul></ul></ul><ul><li>Configuration changes for DR: </li></ul><ul><ul><li>Health Checks that distributed systems & surviving user locations can access & use the DR alternate HW & SW, as documented in the DRP </li></ul></ul><ul><li>Technology changes to support the BCP </li></ul><ul><ul><li>Changes to systems in the recovery centre to support the BCP of the impacted centre, as documented in the DRP or BCP </li></ul></ul><ul><li>Data Recovery Test </li></ul><ul><ul><li>Test data restoration; the recovery, reconciliation, synchronization of in-flight data, back-out data that is not required or is to be re-captured. </li></ul></ul><ul><li>Full End-to-End Test: </li></ul><ul><ul><li>Simulation tests 4, 5, 6, and 7 above to validate the RTO. Does not interfere with Production. </li></ul></ul><ul><li>Full Production Test: </li></ul><ul><ul><li>Same as 8 above, but run production at alternate site </li></ul></ul><ul><li>Surprise Test: </li></ul><ul><ul><li>Any of the above with no warning </li></ul></ul><ul><li>Return Home Test </li></ul><ul><ul><li>Difficult to Simulate </li></ul></ul><ul><li>Repeatable Tests </li></ul><ul><ul><li>Able to repeat test Results </li></ul></ul><ul><li>Tests with Planned Faults (Murphys) </li></ul><ul><ul><li>Somewhat Resilient to Potential Problems. Eg. I/O errors on backup media at time of data restoration </li></ul></ul>
  12. 12. DRP/BCM SIG - Testing Alternatives <ul><li>Test Concerns: </li></ul><ul><ul><li>Many recovery teams with alternates = Many Test Participants </li></ul></ul><ul><ul><li>Site hosts many applications with separate DR Plans </li></ul></ul><ul><ul><li>Due Diligence & Audit typically requires regular Testing / Validation </li></ul></ul><ul><ul><li>Testing could become unyielding & costly </li></ul></ul>
  13. 13. DRP/BCM SIG - Testing Alternatives <ul><li>Managing DR Testing </li></ul><ul><li>Satisfy: </li></ul><ul><ul><li>Enterprise Standards & Good Practice </li></ul></ul><ul><ul><li>Internal & External Audits </li></ul></ul><ul><ul><li>Business Requirements: support business Processes, user access </li></ul></ul><ul><ul><li>BCP Technology Requirements </li></ul></ul><ul><ul><li>Client Expectation & Contracts </li></ul></ul><ul><ul><li>Confidence that can help the business survive a disaster at minimum cost </li></ul></ul><ul><li>Control: </li></ul><ul><ul><li>Cost </li></ul></ul><ul><ul><li>Potential Losses (Risks) </li></ul></ul><ul><ul><li>Time </li></ul></ul>
  14. 14. DRP/BCM SIG - Testing Alternatives <ul><ul><li>Cost of progressively more complex test types </li></ul></ul><ul><ul><li>Potential Cost of an outage due to progressively more complex test types </li></ul></ul>

×