Business Continuity And Disaster Recovery Notes


Published on

Published in: Technology, Business

Business Continuity And Disaster Recovery Notes

  1. 1. Business Continuity and Disaster Recovery Notes Alan McSweeney
  2. 2. Objectives <ul><li>To provide outline options for implementing business continuity and disaster recovery </li></ul><ul><li>To outline possible solution architectures </li></ul><ul><li>To demonstrate experience and competence in business continuity </li></ul><ul><li>To identify possible next steps </li></ul>
  3. 3. Agenda <ul><li>Understanding of Requirements </li></ul><ul><li>Business Continuity and Disaster Recovery Information </li></ul><ul><li>Business Continuity and Disaster Recovery Options and Technologies </li></ul><ul><li>Server Virtualisation and Business Continuity and Disaster Recovery </li></ul><ul><li>Implementation Notes </li></ul>
  4. 4. Overall Solution Requirements <ul><li>Resilience </li></ul><ul><ul><li>Reliable underlying hardware and software components </li></ul></ul><ul><li>Scalable </li></ul><ul><ul><li>Infrastructure that can grow to meet future requirements without significant engineering </li></ul></ul><ul><li>Business Continuity and Disaster Recovery </li></ul><ul><ul><li>Solution that provides disaster recovery and business continuity </li></ul></ul><ul><li>Manageable </li></ul><ul><ul><li>Solution that is easily manageable </li></ul></ul><ul><li>Secure </li></ul><ul><li>Return on Investment </li></ul><ul><li>Simplicity </li></ul><ul><ul><li>Few components and vendors to reduce complexity and risk </li></ul></ul><ul><li>Risk </li></ul><ul><ul><li>Solution must incorporate proven technologies </li></ul></ul>
  5. 5. Protecting the Business
  6. 6. Round Up the Usual Statistics <ul><li>80% of businesses have no plan </li></ul><ul><ul><li>“ It won’t happen to me” </li></ul></ul><ul><li>68% of businesses who experience a disaster and don’t have a plan go out of business within 2 years </li></ul><ul><li>One in five organisations will suffer a major IT disaster in five years </li></ul><ul><li>A company experiencing a computer outage lasting longer than 10 days will never fully recover </li></ul>
  7. 7. Round Up the Usual Statistics <ul><li>The loss of IT capacity and telecommunications is seen as the worst disruption scenarios for organisations </li></ul><ul><ul><li>48% of managers surveyed admit that their businesses have experienced one or more interruptions within the past year </li></ul></ul><ul><ul><li>57% of business disasters are IT-related </li></ul></ul><ul><li>About half of small and medium-sized firms now do perform some sort of data backup, but not always adequately </li></ul><ul><ul><li>Large numbers of businesses would be unable to recover business data after a server crash or disaster </li></ul></ul><ul><li>It takes 19 days and costs in excess of €14,000 to re-enter just 20 MB worth of sales and marketing data </li></ul><ul><ul><li>Retrieving accounting records is even worse; they require over 21 days of work and cost over €15,700 to re-type </li></ul></ul><ul><li>93% of businesses say that data storage is an extremely important part of their organisation but only 20% of those surveyed said that there was a high level of understanding of storage and storage issues within their companies </li></ul>
  8. 8. Reasons for Data Loss
  9. 9. US Cost of Downtime Survey <ul><li>46% said each hour of downtime would cost their companies up to $50k </li></ul><ul><li>28% said each hour would cost between $51K and $250K </li></ul><ul><li>18% said each hour would cost between $251K and $1 million </li></ul><ul><li>8% said it would cost their companies more than $1million per hour </li></ul>
  10. 10. Survival Risk <ul><li>At what point is the survival of your company at risk? </li></ul><ul><ul><li>40% said 72 hours </li></ul></ul><ul><ul><li>21% said 48 hours </li></ul></ul><ul><ul><li>15% said 24 hours </li></ul></ul><ul><ul><li>8% said 8 hours 9% said 4 hours </li></ul></ul><ul><ul><li>3% said 1 hour </li></ul></ul><ul><ul><li>4% said within the hour </li></ul></ul>
  11. 11. Affects of Outage <ul><li>Lost revenue and business interruption </li></ul><ul><li>Possible litigation </li></ul><ul><li>Lost competitiveness and lost business </li></ul><ul><li>Loss of company reputation </li></ul><ul><li>Financial cost </li></ul>
  12. 12. Specific Business Continuity and Disaster Recovery Requirements <ul><li>RTO – Recovery Time Objective </li></ul><ul><ul><li>How quickly should critical services be restored </li></ul></ul><ul><li>RPO – Recovery Point Objective </li></ul><ul><ul><li>From what point before system loss should data be available </li></ul></ul><ul><li>How much data loss can be accommodated </li></ul>Last System Backup/Copy System Loss/Failure System Restored RPO (Recovery Point Objective) – Time Since Last Good Backup RTO (Recovery Time Objective) – Time to Recover Overall Recovery Time – From Last Backup to System Recovery
  13. 13. Components of Effective Business Continuity and Disaster Recovery Business Continuity and Disaster Recovery Facility Primary Infrastructure Designed for Resilience and Recoverability Operational Disaster Recovery And Business Continuity Plan Business Continuity and Disaster Recovery Processes And Procedures
  14. 14. Components of Effective Business Continuity and Disaster Recovery <ul><li>An operational Business Continuity/Disaster Recovery facility consists of four key components: </li></ul><ul><ul><li>Facilities and Infrastructure – the underlying IT infrastructure and data must be structured to be resilient and recoverable </li></ul></ul><ul><ul><li>Processes and Procedures – Business Continuity/Disaster Recovery must be incorporated into standard processes and procedures </li></ul></ul><ul><ul><li>Operational Business Continuity/Disaster Recovery Plan – there must be an operational and tested plan to recover </li></ul></ul><ul><ul><li>Business Continuity and Disaster Recovery Facility – there should be a facility from which the recovered systems can run </li></ul></ul>
  15. 15. Stages for Implementing Business Continuity and Disaster Recovery Data Backup and Recovery Resilience and Fault Tolerance Business Continuity and Disaster Recovery
  16. 16. Possible Core Architecture (Virtualised) <ul><li>Core server infrastructure virtualised for resilience and fault tolerance </li></ul><ul><li>Centralised server management and backup </li></ul><ul><li>SAN for primary data storage </li></ul><ul><li>Backup to disk for speed </li></ul><ul><li>Tape backup </li></ul><ul><li>Two-way data replication </li></ul>
  17. 17. Resilience <ul><li>Virtual infrastructure in HA (High Availability) Cluster </li></ul><ul><li>Fault tolerant primary infrastructure </li></ul><ul><li>Failing virtual servers automatically restarted </li></ul><ul><li>Dynamic reallocation of resources </li></ul><ul><li>Reduces need to invoke business continuity plan </li></ul>
  18. 18. Business Continuity and Disaster Recovery <ul><li>Failing servers can be recovered on other site </li></ul><ul><li>Virtualised infrastructure will allow critical servers to run without the need for physical servers </li></ul><ul><li>Virtualisation makes recovery easier – removes any hardware dependencies </li></ul>
  19. 19. Business Continuity and Disaster Recovery Considerations <ul><li>Understand what you are protecting against </li></ul><ul><ul><li>Hardware failure or damage </li></ul></ul><ul><ul><li>Application and data corruption </li></ul></ul><ul><ul><li>Site failure or denial of access </li></ul></ul><ul><ul><li>Fires, chemical spillages, sickness/epidemic </li></ul></ul><ul><li>Define level(s) of service to be provided </li></ul><ul><li>Define recovery method(s) </li></ul><ul><li>Understand system and application landscape </li></ul><ul><li>Understand business requirements and align information technology infrastructure to meet them </li></ul><ul><li>Define cost and benefits of implementing levels of resilience and recoverability </li></ul>
  20. 20. Sample Highly Resilient Infrastructure
  21. 21. Data Replication Options <ul><li>Option 1 – Direct server replication </li></ul><ul><ul><li>Each server replicates to a backup server in the other site </li></ul></ul><ul><li>Option 2 – Consolidated virtual server backup and replication of server images for recovery </li></ul><ul><ul><li>Copies of virtual servers replicated to other site for recovery </li></ul></ul><ul><li>Option 3 – Data replication </li></ul><ul><ul><li>Replication of SAN data to other site </li></ul></ul><ul><li>Option 4 – Backup data replication </li></ul><ul><ul><li>Replication of backup data to other site </li></ul></ul><ul><li>Each option has advantages and disadvantages </li></ul>
  22. 22. WAN Optimised Accelerated Offsite Backup and Replication for Business Continuity and Disaster Recovery <ul><li>LAN-like performance of file sharing from anywhere </li></ul><ul><li>Cut backup times by 75% or more </li></ul><ul><li>Use 90% less WAN bandwidth in the process </li></ul><ul><li>Allows use of lower speed links to saving ongoing costs – for example, 2 Mbps becomes 20 Mbps at least </li></ul>File Servers Mail Servers Web Servers Filers Tape Backup Storage WAN File Servers Mail Servers Filers Tape Backup PRIMARY DATA CENTRE SECONDARY DATA CENTRE Transparent WAN Optimisation Unit
  23. 23. Server Virtualisation and Disaster Recovery <ul><li>Server virtualisation assists recovery from disaster </li></ul><ul><ul><li>Enables easier testing </li></ul></ul><ul><ul><li>Enables successful recovery </li></ul></ul><ul><ul><li>Simplifies recovery </li></ul></ul><ul><ul><li>Reduces costs of recovery infrastructure </li></ul></ul><ul><ul><li>Enables business continuity </li></ul></ul><ul><li>Changing disaster recovery requirements </li></ul><ul><ul><li>Higher standards are required </li></ul></ul><ul><ul><li>More reliability is expected </li></ul></ul><ul><ul><li>Faster pace of business generates more critical change </li></ul></ul><ul><ul><li>Intense competitive environment requires high service levels </li></ul></ul>
  24. 24. Virtualised Solution RPO and RTO <ul><li>Low RTO and RPO for immediate recovery </li></ul><ul><li>Solution can grow to support additional servers easily and quickly </li></ul>1 2 RTO Systems Available Immediately System Loss 3 Last System Replica RPO
  25. 25. Business Continuity and Disaster Recovery Implementation Approach <ul><li>The System Dynamics approach to implementing effective Business Continuity consists of two phases: </li></ul><ul><ul><li>Solution Design – your Business Continuity/Disaster Recovery requirements are identified and documented and a solution and an implementation plan are developed </li></ul></ul><ul><ul><li>Solution Implementation – the previously defined and agreed solution is implemented </li></ul></ul>Project Initiation Risk Assessment Business Requirements and Impact Analysis Solution Design and Documentation Implementation Plan Roadmap Solution Implementation Testing Solution Design Solution Implementation
  26. 26. Maintaining Business Continuity and Disaster Recovery <ul><li>Once implemented, effective ICT business continuity must be regarded as a continuous process </li></ul><ul><li>While this imposes an overhead it ensures that business continuity implementation will continue to meet the requirements of the business and meet audit compliance requirements </li></ul><ul><li>Good solution design will minimise maintenance effort as continuity is embedded </li></ul>ICT Business Continuity Project Embed ICT Business Continuity into ICT Exercise, Test and Maintain ICT Business Continuity Plan Develop Strategy for ICT Business Continuity Develop ICT Business Continuity Plans and Processes Understand the Critical Systems and Applications
  27. 27. View of Business Continuity and Disaster Recovery <ul><li>Vendor independence </li></ul><ul><li>Aware of all solution options </li></ul><ul><li>Aware of enabling technologies </li></ul><ul><ul><li>Server virtualisation </li></ul></ul><ul><ul><li>Hardware and software replication </li></ul></ul><ul><ul><li>WAN optimisation </li></ul></ul><ul><li>Can design the best and most cost-effective possible solution Suits the needs of the organisation rather than the vendor </li></ul><ul><ul><li>Assist in vendor selection and negotiation </li></ul></ul><ul><li>Focus on entire solution </li></ul>
  28. 28. Structured Approach to Business Continuity and Disaster Recovery Analysis and Design ICT Business Continuity Planning Phase 1 – Project Initialisation and Mobilisation Phase 2 – ICT Infrastructure and Application Analysis Phase 3 –ICT Business Continuity Options Phase 4 – Information Consolidation Phase 5 – Draft and Final Report Production and Presentation Agree Project Scope Agree Project Timescales Agree Project Deliverables Agree Business Owner Meeting Schedule Agree Project Communication Analyse and Document ICT Infrastructure and Applications Define and Document ICT Recovery Requirements Consolidate Analysis and Design Information Draft Report Presentation Final Report Presentation Collect Server and Application Inventory and Resource Usage Information Business Critical Application Owner Meetings Define Detailed Business Critical Recovery Processes Define Application Recovery Requirements Define Business Continuity Operations and Architectures Produce Financial Analysis and Implementation Plans for Options Define and Document Recovery Scenarios Document Business Continuity Operation Handover
  29. 29. Structured Approach to Business Continuity and Disaster Recovery Analysis and Design <ul><li>Structured approach </li></ul><ul><ul><li>Phase 1 – Project Initialisation and Mobilisation </li></ul></ul><ul><ul><li>Phase 2 – ICT Infrastructure and Application Analysis </li></ul></ul><ul><ul><li>Phase 3 – ICT Business Continuity Options </li></ul></ul><ul><ul><li>Phase 4 – Information Consolidation </li></ul></ul><ul><ul><li>Phase 5 – Draft and Final Report Production and Presentation </li></ul></ul><ul><li>Focus is to develop a practical, realistic and cost-effective business continuity plan and to identify pre-requisite and associated work in order to make business continuity more effective </li></ul><ul><li>Detailed workplan that will address all areas </li></ul>
  30. 30. What Can be Done <ul><li>Identify, define and document business continuity and disaster recovery requirements </li></ul><ul><li>Design business continuity and disaster recovery solution options </li></ul><ul><li>Select the most appropriate solution, technologies and vendors </li></ul><ul><li>Assist with development business continuity plan </li></ul><ul><li>Assist with and manage implementation </li></ul><ul><li>Define total business continuity solution encompassing offerings from various vendors </li></ul>
  31. 31. Benefits of Structured Approach <ul><li>Practical and results-focussed approach </li></ul><ul><li>Detailed knowledge of business continuity implementation </li></ul><ul><li>Knowledge and experience of relevant technologies </li></ul><ul><li>Complete set of relevant skilled personnel in the area required </li></ul><ul><li>Vendor independence and knowledge of likely products and vendors </li></ul>
  32. 32. More Information <ul><ul><ul><li>Alan McSweeney </li></ul></ul></ul><ul><ul><ul><li>[email_address] </li></ul></ul></ul>