Your SlideShare is downloading. ×
Achieving enterprise resiliency and corporate certification through the use of industry
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×

Introducing the official SlideShare app

Stunning, full-screen experience for iPhone and Android

Text the download link to your phone

Standard text messaging rates apply

Achieving enterprise resiliency and corporate certification through the use of industry

57
views

Published on

Short White Paper on achieving Enterprise Resiliency and Corporate Certification via Virtualization

Short White Paper on achieving Enterprise Resiliency and Corporate Certification via Virtualization

Published in: Business

0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
57
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
2
Comments
0
Likes
0
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide

Transcript

  • 1. DCAG – Data Center Assistance Group © Thomas Bronack White Paper Achieving Enterprise Resiliency and Corporate Certification through the use of industry “Best Practices” Any computer related downtime, whether it is from a natural or man-made event, will impact your company’s bottom line and damage your company’s reputation. In the past only very rich and large companies could afford to implement business recovery, information security, compliance, and recovery management, but now it is possible for any company to achieve these goals by utilizing the latest technologies and automated tools. You can reduce current costs and improve efficiency by moving your real environment to a virtual environment that takes advantage of replicated production at recovery sites for rapid recovery of production operations by switching from the failing site to the recovery site, restoring data up to the point of failure, and resuming production as normal. This process can be used for Small to Medium Sized Companies as well as for Large Enterprises. We have the Implementing Enterprise Resiliency and Corporate Certification Page: 1
  • 2. DCAG – Data Center Assistance Group © Thomas Bronack White Paper experience and knowledge to help you achieve a safeguarded, efficient, and compliant environment that utilizes industry “Best Practices” and recovers from disaster events within contracted time and service requirements. What do we want to achieve The achievements shown above will allow you to convert your firm from a real server based environment, where each server is dedicated to a specific application(s), to a virtual server environment where each server can support multiple real servers and their workloads in a single physical server. Included in a virtual environment are tools like VMware, vSphere, Cisco Network devices, SAN / NAS storage devises, Virtual Tape Libraries, Data Domains, and Recovery Point Applications (RPA) that synchronize data between production and recovery sites through snapshots and continuous data protection. These tools, and more, can support business operations by supporting maintenance and recovery operation that reduce / eliminate business operations and support client contractual uptime requirements. An example of their operation would be in support of a disaster event, where the recovery site would utilize a vSphere Site Recovery Manager (SRM) replication to restore the failing operation environment, and then synchronize data through RPA snapshots and data synchronization to the point of failure. At that time the users would be switched from accessing the production to accessing the recovery site where current applications and data can support uninterrupted processing. This can even be achieved for High Availability and Continuous Availability services via Failover / Failback, or Flip / Flop recovery operations. Implementing Enterprise Resiliency and Corporate Certification Page: 2
  • 3. DCAG – Data Center Assistance Group © Thomas Bronack White Paper Virtual environments are scalable and can support small to large environments as needed. An overview of the services we provide can be obtained through the abstract provided below. As you can see, implementing Enterprise Resiliency and Corporate Certification is a complicated process, one that management may want to defer to a professional organization with years of experience in the field. We have been optimizing data centers, repairing problems, improving procedures, performing recovery planning, and responding to disaster events for years. Our experience has led us to the field of Enterprise Resiliency to optimize recovery planning and response, while our knowledge of the current laws and regulations have provided us with the background and knowledge needed to implement Corporate Certification. The Goals and Objectives achieved through our services are described below. Implementing Enterprise Resiliency and Corporate Certification Page: 3
  • 4. DCAG – Data Center Assistance Group © Thomas Bronack White Paper Combining the many disciplines associated with Recovery Management and Corporate Compliance into a single organization will result in a more efficient approach to protecting the company against unplanned interruptions and still be able to recovery from disaster events in a rapid manner when they do occur. Implementing Enterprise Resiliency and Corporate Certification will achieve this goal, while providing a common language and tool set to be used by recovery personnel in planning for and reacting to disaster events. The structure of Enterprise Resiliency and Corporate Certification can be represented in the following manner, where its components can be defined and viewed. It is responsible for: combining recovery operations into a single discipline that speaks the same language and utilizes a common set of tools; insuring compliance to the laws and regulations of Implementing Enterprise Resiliency and Corporate Certification Page: 4
  • 5. DCAG – Data Center Assistance Group © Thomas Bronack White Paper countries where business is conducted; and planning, designing, implementing, and integrating recovery and compliance requirements into the everyday functions performed by your staff. The Enterprise Resiliency and Corporate Certification environment protects company assets and assures that the company can continue business operations with a minimum of loss productivity, thereby allowing for the adherence to client service time objectives and safeguarding the company reputation. What makes us different from the other companies providing this service is a Proprietary Recovery Management Dashboard that provides management with instant access to the most current and accurate information associated with Business Continuity Planning and Activation. This information can be accessed by any authorized user from any location (work, home,traveling, or even on vacation), thereby eliminating the need for conference calls that are scheduled when you’re busy. The dashboard utilizes a Red, Amber, Yellow, Green color-code to make it easier to locate deviations from schedule. A Drill-Down process will allow management Implementing Enterprise Resiliency and Corporate Certification Page: 5
  • 6. DCAG – Data Center Assistance Group © Thomas Bronack White Paper to go from overview to detail by simply clicking on links to the actual process being performed, with the name and contact information of the person performing the action. An example of our Recovery Management Dashboard is shown below. Management Dashboard on Recovery Management Completed In Process Not Started Yet Project Status at a glance Phaise I - Management Guidelines and Goals 1 2 Executive Committee Formulation Perform a Needs Analysis to establish Goals and Objectives 3 4 Create a Define Goals Business Plan & Objectives, and Gain then Executive Prioritize Management Approval 5 6 7 8 9 Have Define Receive Obtain Strong Management Stakeholders Create Recovery Approval & Current and create a and Teams and Funding for Future Project Inition Participants, Responsibilities, Development Management Letter stating then review then develop a and Support their Strong Scope, Project Plan Maintenance Support Objectives, and 10 11 12 13 Define Reporting Audience and Time Frame Receive Define Create and Management Reporting Deliver Desired Feed-Back Criteria and Reports as Comments and Format Scheduled Instructions Obtain Provide Define Management Management with Insurance Costs approval for Report and to Repair repairs, Presentation on Reported Flaws controls, and Findings insurance Mitigate / Create a Letter Mediate, or of Attestation Repeat Process Obtain Creation on a Periodic Insurance to Process for Basis cover flaws Management Phase II - Risk Management Goals and Objectives Define Audit Define all Controls and Define Suply Define SLA / Compliance Laws Chain SLR / RTO and Monitoring and Regulatory PKI Methods, Management Needs for Countries Needs Requirements then build you do Business In into plan Report on uncovered Gaps & Exceptions Report on Obstacles that Impede Recovery Operations Perform Workplace Safety and Violence Prevention Review Perform Physical Security and Site Access Controls Calculate Impacts and Repair Costs Phase III - Business Impact Analysis Define Locations and / or Business Units that need a BIA Create Define Business Create Disaster Applications, Recovery Plan Recovery Plan by Priority for Locations for Information (CA, HA, Nonand Business Technology Crital) Units Rate Ability to Define Impact Define Gain RTO / RPO / Define Achieve Goals, Define Gaps & of Gaps, Insurance Costs Management RTC and PKI Obstacles that using Exceptions against Exceptions, and Select Approval to and Vital Impede Quantitative or Compliance Laws and Obstacles Insurance Plan Mitigate / Records Processing Qualitative and Regulations and their that best meets Mediate / Management Operations Methods Repair Costs needs Insure Phase IV - Automated Tool Selection (Locate, Review, Select, Implement, and Train) Define Business Decide upon using Automated Audit and Impact an Automated Risk Tool Selection Controls Tool Analysis (BIA) Assessment Tool Criteria Tool Business Continuity Planning Tool Disaster Recovery Planning Tool Define Application Recovery Certification Tool Select Vendors Select Best Tool to Demonstrate that meets needs Their Tools Obtain & Implement Tools Train Staff on Tools Incorporate Tools into Recovery Planning Process Adhere to Version & Release Management Phase V - Create Recovery Plans Business and Location Recovery Plan Protection, Disaster and Salvage & Application Business Restoration Recovery Plan Recovery Plan Plan Connect Crisis Establish a Recovery Plans Management Recovery Plan to Command Plan Repository Centers Define Contingency Manager Define Team Members Define Initiate Report on Initiation and Recovery Plan Recovery Plan Recovery Team and Monitor Status to CCC Tasks Status and EOC Create Management "Letter of Attestation" Phase VI - Initiate Recovery Plan when Disaster Event Occurs Help Desk Help Desk Identifies Disaster Notifies Event or a Disaster Contingency Event is reported to Recovery Plan Help Desk Coordinator Contingency Failing Site Recovery Team is Called Recovery Coordinator Protection, Disaster Site is Operations are and Recovery Personnel are Declares Salvage, and Evacuated, as Initiated and Tasks Transferred to Disaster and Restoration is needed Conducted for Performed Recovery Site Initiates Plan Initiated Life of Disaster Failing Site is Salvaged and Restored Personnel Return to Original Site and Resume Production Recovery Steps Post Mortem Improvements are added to is Conducted are Testing Process and Incorporated in and Improvement Future Periodicically s Identified Recovery Plans Repeated Phase VII - Community Relations, Communications, and Administration Notify First Responders, Community, and Government Agencies of Disaster Event as needed Coordinate Notify Supply Establish Coordinate with Clients, Chain Financial and Manage with other Building Management Personnel Emergency Government Park Resident, to make Considerations Operations (OSHA, OEM, Community, Deliveries to during Center (EOC) City, etc.) and Personnel Recovery Site Recovery Communicate Declare Manage Post Respond to Disaster Event Manage Recovery Disaster Event Mortem and Encountered Status to Process from Start is Over and Plan Problems and Community and to Finish Production is Enhancement Update Status Media Resumed s Implementing Enterprise Resiliency and Corporate Certification Ensure Recovery Planning is Integrated Ensure Documentation, Training, and Awareness is current Page: 6
  • 7. DCAG – Data Center Assistance Group © Thomas Bronack White Paper Each of the seven phases and thirteen steps per phase can be drilled down into so that you can find specific information whenever you need to view it, either from work or while on the road, without having to call a conference call requiring many people contributing their knowledge and detracting them from performing their assigned tasks. This information can be related to Recovery Planning or Recovery Activation activities. We are presently performing this service for a major manufacturing conglomerate, but our past experience includes banks, brokerage, and a full-range of financial and service companies. Our clients have achieved “LEED” 100% Green compliance, reduced costs, and improved personnel morale, which has resulted in a happier staff and clients that were more easily retained and recruited. Six phase project approach Phases associated with this project included: 1. Creating an inventory of existing real Information Technology resources; 2. Building of regional production data centers (Geographically dispersed); 3. Construction of a single recovery data center under the company’s control; Implementing Enterprise Resiliency and Corporate Certification Page: 7
  • 8. DCAG – Data Center Assistance Group © Thomas Bronack White Paper 4. The transformation of real equipment to virtualized equipment that reduces costs, floor foot print, and supportive infrastructure (electricity, air conditioning,locations, etc.); 5. Transitioning the equipment to their assigned regional production site and eliminating replaced sites, equipment, contracts, and personnel; 6. Validating that the Recovery Data Center can indeed support recovery operations for applications residing in each of the Regional Production Sites through the use of vSphere, Recovery Point Application, and CISCO network services; 7. Providing Enterprise Resiliency services by performing Application Recovery Certification associated with company provided services; 8. Insuring Compliance with the laws and regulations of countries where business is conducted; 9. Integrating all processes into the everyday functions and responsibilities of the staff to insure current and accurate information via Version and Release Management guidelines; 10. Improving the Systems Development and Maintenance Life Cycle, including testing and recovery verification of all current and enhanced services; and 11. Documentation, Training, and Awareness procedures created and delivered. Replicating / Restoring business sites via SRM Implementing Enterprise Resiliency and Corporate Certification Page: 8
  • 9. DCAG – Data Center Assistance Group © Thomas Bronack White Paper Keeping data in sync between production and recovery sites Adhering to Compliance Laws 1. 2. 3. 4. 5. 6. 7. 8. 9. Grahm Leach Bliley - Safeguard Act (was Bank Holding Act). Dodd – Frank – Wall Street Reform and Consumer Protection Act. HIPAA – Healthcare regulations (including: ePHI, HIYECH, and Final Ombudsman Rule). Sarbanes – Oxley Act (sections 302, 404 and 409) on financial assessment and reporting by authorized “Signing Officer”. EPA and Superfund - how it applies to Dumping and Asset Management Disposal. Supply Chain Management- “Laws and Guidelines” described in ISO 27031. Patriots Act – Know your customer, Money Laundering, etc. Workplace Safety and Violence Prevention – via OSHA, OEM, DHS, and governmental regulations (State Workplace Guidelines and Building Requirements). Income Tax and Financial Information Protection – viaOffice of the Comptroller of the Currency (OCC) regulations like:Foreign Corrupt Practices Act, OCC-177; Contingency Recovery Plan, OCC-187; Identifying Financial Records, OCC-229; Access Controls, and OCC-226 End User Computing Implementing Enterprise Resiliency and Corporate Certification Page: 9
  • 10. DCAG – Data Center Assistance Group © Thomas Bronack White Paper As a result of our contract, the client improved their reputation, reduced costs, improved efficiency, insured compliance, and generally improved personnel and client morale. We would love to do the same for you and your company. Please contact Tom Bronack via email at bronackt@dcag.com, or via phone at (917) 673-6992 to discuss your needs. Implementing Enterprise Resiliency and Corporate Certification Page: 10