How New Data Center Technologies Impact Recoverability


Published on

  • Be the first to comment

  • Be the first to like this

How New Data Center Technologies Impact Recoverability

  1. 1. How New Data Center Technologies Impact Recoverability Presented by: Damian Walch, CISA, CISSP, CBCP
  2. 2. Stressors that Test Your Vulnerability <ul><li>Terrorism </li></ul><ul><li>Cyber Attacks </li></ul><ul><li>Biological Threats </li></ul><ul><li>Employee Sabotage </li></ul><ul><li>Industrial Espionage </li></ul><ul><li>Regulation </li></ul><ul><li>Deregulation </li></ul><ul><li>Incentives </li></ul><ul><li>Legal </li></ul><ul><li>Global Marketplace </li></ul><ul><li>Partners/Suppliers </li></ul><ul><li>Demand Elasticity </li></ul><ul><li>IT Infrastructure </li></ul><ul><li>Technology Adoption </li></ul><ul><li>Innovation and Trends </li></ul><ul><li>24x7 Expectations </li></ul><ul><li>Denial of Service Attack </li></ul><ul><li>Virus </li></ul><ul><li>Natural Disasters </li></ul><ul><li>Workplace Issues </li></ul><ul><li>National Programs </li></ul>Environmental Social Political Economic Technological
  3. 3. The Problem is Viewed “Narrowly” Business & IT Processes Technology Organization Facilities & Security Strategy Applications & Data <ul><li>9/11 Lessons </li></ul><ul><ul><li>Business not linked to IT Strategy </li></ul></ul><ul><ul><li>Roles poorly defined… no ownership </li></ul></ul><ul><ul><li>Outdated, overly complicated processes </li></ul></ul><ul><ul><li>Processes didn’t cross LOBs </li></ul></ul><ul><ul><li>“ Shared Services” forgotten </li></ul></ul><ul><ul><li>Lack of standardization </li></ul></ul><ul><ul><li>No true redundancy </li></ul></ul><ul><ul><li>Supply Chain not covered </li></ul></ul><ul><ul><li>B/U components not maintained </li></ul></ul><ul><ul><li>Little geographic spread </li></ul></ul>
  4. 4. Enterprise Business Continuity Framework Corporate Culture Position the corporate mission and values within the continuity and recovery program to ensure that the EBCP can adapt to business change Technology Solutions Identify and implement technology solutions to support business integration and availability to protect against interruptions and/or outages Governance Provide clarity, definition, and guidance for the EBCP at the Enterprise level to ensure that the initiatives are carried out Enterprise Risk Management Identify, mitigate, and control threats to the business in order to protect the enterprise in a consistent manner Business Integration Integrate all lines of business into the EBCP to provide end-to-end availability and protection of business process across the organization Quantify, track, and communicate the continuity and recovery value to the organization and ensure the EBCP investment is managed Value Assurance Manage the execution of the EBCP to ensure that the program is executing as designed and is providing a consistent approach throughout the enterprise Program Execution
  5. 5. Evolution of Service Delivery Time Productivity/Value Individual Data Centers e-Utility Consolidated Delivery Centers <ul><li>Consolidation </li></ul><ul><li>Economies of Scale </li></ul><ul><li>Common Processes </li></ul><ul><li>H/W & S/W Standards </li></ul>Grid <ul><li>Virtual Consolidation </li></ul><ul><li>Further Economies </li></ul><ul><li>Dynamic Allocation </li></ul><ul><li>Collaboration/Alliances </li></ul><ul><li>Commoditization </li></ul><ul><li>Resource on demand </li></ul><ul><li>Standardize Measures/billing </li></ul><ul><li>Expand ASP Model </li></ul>Resiliency
  6. 6. Evolution of Business Resilience Centralized Computing Distributed Computing <ul><li>'60's - Early 80's </li></ul><ul><ul><li>Mainframe model: centralized control, standardization, batch reporting </li></ul></ul><ul><ul><li>Focus: data center, internal stresses, very localized disruptions </li></ul></ul><ul><ul><li>IT: reactive Business: none </li></ul></ul><ul><ul><li>Recovery Time in weeks </li></ul></ul><ul><ul><li>Mindset: insurance </li></ul></ul>Disaster Recovery <ul><li>Mid - Late 80's </li></ul><ul><ul><li>Midrange & client-server model: departmental computing, creativity, independence </li></ul></ul><ul><ul><li>Focus: satellite hubs, internal stresses, very localized disruptions </li></ul></ul><ul><ul><li>IT: reactive/none Business: reactive </li></ul></ul><ul><ul><li>Recovery Time in days </li></ul></ul><ul><ul><li>Mindset: insurance </li></ul></ul>Business Recovery <ul><li>The '90's - 2000 </li></ul><ul><ul><li>Hybrid model: connectivity, data sharing cross-bu, re-standardization </li></ul></ul><ul><ul><li>Focus: enterprise I/S, internal/external stress, localized disruptions </li></ul></ul><ul><ul><li>IT: reactive Business: reactive </li></ul></ul><ul><ul><li>Recovery time in hours </li></ul></ul><ul><ul><li>Mindset: insurance </li></ul></ul>Business Continuity <ul><li>Year 2001 - today </li></ul><ul><ul><li>Virtualized model: extended supply chain, mobility, direct customer access </li></ul></ul><ul><ul><li>Focus: extended global I/S, internal/external stress, broad disruptions </li></ul></ul><ul><ul><li>IT: proactive Business: proactive </li></ul></ul><ul><ul><li>Always up </li></ul></ul><ul><ul><li>Mindset: survival </li></ul></ul>Business Resiliency Network Centric Computing On-Demand Computing
  7. 7. Service Level Agreement Management <ul><li>Element Monitoring </li></ul><ul><li>Event Detection </li></ul><ul><li>Event Correlation </li></ul><ul><li>Service Level Management </li></ul>Automated Call Dispatch: Apropros Trouble Ticketing Systems: Remedy ARS event root cause reports exceptions event mgmt apps, actions root cause Micromuse Netcool Quallaby Network Performance HP Internet, Firehunter Internet Services Fault/Performance OpenView NNM Network Fault CiscoWorks 2000 OpenView VPO Server Fault event event topology view Micromuse Slam Service Level Agreement Manager Storage Manager (SNMP) Robot Manager (SNMP) Fabric Manager (SNMP) OpenView VPO SPI Application Fault/ Performance event
  8. 8. Emergency Messaging Services <ul><li>EMRS performs multi channel device notification </li></ul><ul><li>Notification messages, directions, and critical information sent to cell phones (SMS), pagers, RIM, alternate email addresses, etc. </li></ul><ul><li>Employees access e-mail from any web browser </li></ul><ul><li>Home, temporary offices, Kinko’s </li></ul><ul><li>Transparent failover to rest of world </li></ul><ul><li>Use original e-mail addresses </li></ul><ul><li>128-bit SSL encrypted </li></ul><ul><li>Users can be authenticated with SecureID or passwords </li></ul>
  9. 9. onDemand or Utility Computing Services Mediation Transaction Management Corporate Finance ERP (e.g. SAP, PeopleSoft) Consolidation Engine 3rd Party Partner Switches Routers Probes Equipment Business Process Applications ERP CRM SFA E-mail Manual Process Automation Tools Reporting Invoicing IT Mediation SingleView Mediation Existing Solution 3rd Party Solutions IT Infrastructure
  10. 10. Grid Computing
  11. 11. Characteristics of a Resilience physical security -- possibly biometrics in place   E-mail recovery or replication solution is in place   SPAM engine storage mirroring established for the highest priority (tier 1) applications automated process for restoring OS footprint on recovery platforms   24x7 monitoring of IDS logs SLA management (SLAM) tool implemented change management process that considers disaster recovery (each checkpoint) knowledge of risks and regulations that are required of functions patch management team disaster recovery process integrated with problem management and help desk processes application design process that is integrated with the business continuity process clear incident response and crisis management procedures tested firewalls, virus protection and intrusion detection is implemented and kept up-to-date all applications are properly assigned a &quot;recovery tier&quot; monitor the backups of all applications and platforms across the enterprise knowledge of which business processes supported by which applications SECURITY AVAILABILITY IT RECOVERY BUSINESS CONTINUITY
  12. 12. 8 Pragmatic Approaches to Resilience <ul><li>Make executives aware of program (and risks) </li></ul><ul><li>Understand the most critical business processes </li></ul><ul><li>Create “commitments” (i.e. policies for corporations) </li></ul><ul><li>Implement call trees and exercises </li></ul><ul><li>Explain objectives for the year and measure results </li></ul><ul><li>Ensure backup and offsite storage - audit </li></ul><ul><li>Backup workstations and laptops </li></ul><ul><li>Conduct desktop exercises for operations staff </li></ul>
  13. 13. Closing Comments <ul><li>“ Resilience” should be our goal and will ultimately be achieved by most organizations, but it’s not here today </li></ul><ul><li>Resilience is the integration of DR, BC, physical security, information security and operational availability…aligned with business processes </li></ul><ul><li>Poor results in the BC industry are our fault for not simplifying messages, measuring results and providing a clear roadmap </li></ul><ul><li>Great strides can be achieved by focusing on 8 to 10 reasonable principles for increasing recovery and “resilience” </li></ul><ul><li>By integrating the disciplines and processes for DR, BC, physical security and information security you can reduce overall effort, increase results and in many cases address regulatory requirements </li></ul>