12.08.09 Event   Mike Perdue Presentation
Upcoming SlideShare
Loading in...5
×
 

12.08.09 Event Mike Perdue Presentation

on

  • 422 views

 

Statistics

Views

Total Views
422
Views on SlideShare
421
Embed Views
1

Actions

Likes
0
Downloads
3
Comments
0

1 Embed 1

http://www.linkedin.com 1

Accessibility

Categories

Upload Details

Uploaded via as Adobe PDF

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

12.08.09 Event   Mike Perdue Presentation 12.08.09 Event Mike Perdue Presentation Presentation Transcript

  • PRESENTS DISASTER RECOVERY & BUSINESS CONTINUITY IT BEST PRACTICES DECEMBER 8TH, 2009
  • House Keeping • Rest rooms • Food • NDA
  • Objectives For Today The Business Aspects of IT Signature Disaster Technical Toys for Tots Lunch & Technology Recovery & Best The U.S. Networking Network Business Practices Marine Corp Opportunity Overview Continuity 10 Minutes 75 Minutes 75 Minutes 15 Minutes 60 Minutes
  • Who is The Signature Group? Business Program and Project Management Strategic Planning Mergers and Acquisitions Proof of Concept, R&D and Standards Technology Process and Change Management Regulatory Compliance Founded in 1997 as an IT Disaster Recovery Planning Consulting, Strategy Management & Systems Design and Implementation Server Consolidation and Virtualization Integration Firm Consolidated/Shared Storage Datacenter Design and Consolidation Local and Wide Area Networks Wireless Solutions & Networks Network Security and Audits Voice over IP solutions (VoIP) Three Primary Practice Areas Unified Messaging Corporate Messaging (Exchange) Enterprise Global Directory Services (AD/NDS) Small & Mid-Market Federal, State, Local Government SignatureCare Managed Services Turn Key Monitoring and Management HelpDesk Over-The-Wire Data Protection Real Time Disaster Avoidance/Recovery
  • Select TSG Clients
  • What is STN? Signature Technology Network (STN) is a free membership based group* of Senior IT Executives in the DC Metro Area from a broad array of industries. Purpose: Benefits: • Social and Peer Networking • Learn from Success and Failures of Peers • Sharing of Best Practices • Understand Do’s, Don’ts and Best Practices • Discuss Technology & Business Solutions • Learn the Solutions that Your Peers are Using to • Access to Independent Industry Experts Improve the Performance of Their Business • Forum for Ongoing Education • Hear What Independent Experts Say About Dedicated Learning Sessions Various Technologies and Business Solutions Panel Discussions • Gain Direct Access to Manufacturers and Roundtable Events Vendors to Understand their Long Term Road Manufacturer and Vendor Presentations Maps and How These Will Help You Plan And Looking to the Future of IT Invest Wisely For The Future •NDA’s are required for all participating members Signature Technology Network
  • STN 2010 Events Calendar • Tuesday, January 12, 2010 Windows 7/Server 2008/Active Directory 8:00 am – Noon The Tower Club • February 10-12, 2010 Collaboration Technologies & Managed Services Exhibition Virtualization Business and Technology Best Practices – Educational Track ASAE Technology Conference Walter E. Washington Convention Center • Tuesday, March 9, 2010 Microsoft Exchange 2010 and Collaboration Solutions 8:00 am – Noon The Tower Club
  • For Small and Medium Enterprises Michael Perdue, Chief Executive Officer The Signature Group, Inc.
  • Important Thoughts “A Failure to Plan is a Plan to Fail” • Winston Churchill “No Plan of Battle Ever Survives Contact With the Enemy” • Credited to Field Marshall Helmuth von Moltke, General George C. Marshall and Napoleon Bonaparte A Flexible and Fluid Plan is Required to Handle a Broad Range of Situations
  • Interesting Facts & Stats 60-90% of all companies that suffer from a disaster and do not recovery critical systems within 30 days are acquired or out of business in 2 years – International Data Corp Only 6% of companies suffering from a catastrophic data loss survive, while 43 percent never reopen and 51 percent close within two years – University of Texas Study Only 35 percent of SMBs have a comprehensive disaster recovery plan in place – Gartner SMB’s lose an average of $84,000 for every hour of system wide downtime – International Data Corp The survival rate for companies without a disaster recovery plan is less than 10% – Touche Ross
  • So What Do We Really Mean By Disaster
  • The Disaster Spectrum Extinction Level Event OUT OF SCOPE Global Thermonuclear War (Too Big) ______________________________________________________ 9/11 Flood, Hurricane, Tornado, Blackout Building Fire Facilities Issues Core Switch, Router or Carrier Failure IN SCOPE Critical Application Outage ______________________________________________________ Non-critical Server Outage Access layer switch down OUT OF SCOPE CEO drops Iphone in toilet (Normal Maintenance) User spills coffee in keyboard
  • The Typical Disaster • Fairly Localized - Even 9/11 was an extremely geographically localized event • Lasts between 1-5 days - Don’t build a plan based on the 100 year earthquake/hurricane unless the financial or risk impact is so great that the cost is justified Examples of the Most Common Disasters Extended Power Outage Extended Carrier Outage Critical System Failure Facilities Issues Hurricane Tornado Earthquake Fire Pandemic Flood
  • Define Objectives RTO and RPO must be balanced against financial and risk requirements
  • The Solution Spectrum Geographically Data Extended Availability Clusters or Needs Synchronous Virtualized HA Replication Platforms Asynchronous Replication Amount of Non- Data Reproducible Vaulting Data Off-Site Tapes Weeks Days Hours Minutes Seconds Recovery Time and Point Objective
  • The RPO Organizational Spectrum Should be based on Financial and Risk Impact Financial Institutions Non- Reproducible Online Data Transaction Retail based Transactions Vendors or Data Associations Change per & Non- Second Professional Profits Organization Size Matters Services Firms Days Hours Minutes Seconds Recovery Point Objective
  • It’s an Issue of Balance Disaster Solution Cost of Downtime Cost to and/or Lost Maintain Data Cost to Risk Implement
  • Defining your “Objectives” Inventory all Systems and Applications • Include System Dependencies Perform Financial and Risk Analysis for each System Categorize • Critical ∙ Nice to have • Sensitive ∙ Should be dead already • Vital Define your RTO and RPO by Category/System
  • DR Thoughts and Best Practices Build a Plan Based on Align your Plan with your Automation, Systems, RTO and RPO Processes, & Requirements Documentation Per System, Service and Application John or Jane may have been RTO and RPO should not be globally affected by the disaster defined . Tape Backup and Restoration Every Organization is alone is not Traditionally Considered an Effective Different therefore Every Disaster Recovery Option Plan should be Different unless RTO and RPO is Extremely High
  • The Recovery Data Center/Facility Initial Tendency is Typically too Aggressive • If you are not NORAD then don’t plan like NORAD Align Recovery Center Location and Facility with Organizational Requirements • If all of your employees and/or clients are located in the DC metro area don’t put your redundant data center in Utah/Denver/Kuala Lumpur • Best Practice for SME is greater than 20 miles but less than 60 miles from your primary facility -- location dependant • Align geographic location of recovery center with staff that is knowledgeable about your systems • Use remote offices where practical (if systems, staff, connectivity and facilities can support) • DON’T COUNT ON TRAINS and PLANES
  • The Recovery Data Center/Facility In Major Disasters Long Haul Communications may be Substantially Compromised Understand the Specifics about Collocation Facilities: • Carrier • Power • Fire Suppression • Hardened Status • Physical Security • Placement on National Critical Infrastructure List • Green Initiatives/Programs
  • The Datacenter Facility Traditional Models Internal Internal Multi- Internal Collocation Datacenter w/ location Datacenter Datacenter Hot or Standby Datacenter Non-Carrier Facility Facility Facility Facilities Neutral Facilities High Availability High Availability High Availability High Availability and Failover and Failover and Failover and Failover Between Systems Between Systems Between Systems Between Systems and Locations and Locations Redundant Telco Redundant Telco Redundant Telco Redundant Telco Connectivity Connectivity Connectivity Connectivity Less focus on Protection Multiple Levels of Multiple Levels of Multiple Levels of Power Power Limited Power Power Redundancy Redundancy Redundancy Redundancy Replicated Data Replicated Data Between Locations Between Locations Offsite Backups or Offsite Backups or and Offsite Data Data Replication Data Replication and Offsite Data Protection Protection Cost to Implement & Maintain
  • The 9 Step Planning Process 1. Services/System Inventory 2. Critical Vendor Inventory 3. Risk/Financial Analysis & Categorization 4. Identify Possible Solutions 5. Select Solutions 6. Implement Solutions 7. Create Recovery Manual & Documentation 8. Test Recovery (“Soft” and “Hard” testing) 9. Train, Maintain, and Continual Testing
  • Step 0. Selling Management • Define Legal, Audit, and Regulatory Requirements - Sarbanes-Oxley - HIPPA - SEC - Contract or Client Specific Requirements • Perform Financial Analysis - Cost of Downtime or Lost Data • Perform Risk Analysis - Risk Associated with Downtime or Lost Data • Avoid FUD Approach (Fear, Uncertainty, and Doubt) Less of an issue in the post 9/11 and SoX world
  • Questions & Answers