Business continuity planning involves creating a logistical plan for how an organization will recover from a disaster in a predetermined time. Disaster recovery planning addresses procedures for recovering critical business functions after an interruption. The document discusses business continuity planning lifecycles, objectives of business continuity and disaster recovery plans, developing and testing plans, differentiating business continuity and disaster recovery plans, types of backups and disaster recovery plans, recovery time objectives and recovery point objectives, threats to organizations, and risk analysis and planning considerations.
This file was presented by me during the study circle meeting at the Mangalore Branch of Southern India Regional Council of the Institute of Chartered Accountants of India.
Successful leaders and managers are always keen to expect the unexpected and plan for it. the More you plan is the less you react, and the less you react, the less you make mistakes.
Disruptions to your business can result in data risk, revenue loss, and Failure to deliver services
That’s why organizations need strong business continuity planning.
Business continuity and disaster recovery are not the same but complement each other. Planning on BCP and DRP is necessary for all business. This slide contains information on how to achieve and maintain them.
Business Continuity Planning PowerPoint Presentation SlidesSlideTeam
Presenting this set of slides with name - Business Continuity Planning PowerPoint Presentation Slides. We bring to you to the point topic specific slides with apt research and understanding. Putting forth our PPT deck comprises of fiftyone slides. Our tailor made Business Continuity Planning PowerPoint Presentation Slides editable presentation deck assists planners to segment and expound the topic with brevity. The advantageous slides on Business Continuity Planning PowerPoint Presentation Slides is braced with multiple charts and graphs, overviews, analysis templates agenda slides etc. to help boost important aspects of your presentation. Highlight all sorts of related usable templates for important considerations. Our deck finds applicability amongst all kinds of professionals, managers, individuals, temporary permanent teams involved in any company organization from any field.
Let’s understand the concepts of business continuity and Disaster Recovery in brief. To know more, visit: www.eccouncil.org/business-continuity-and-disaster-recovery
This handout was provided at the OCNC Business Emergency Preparedness Series workshop hosted by the Orange County Emergency Services and The Chamber on April 11, 2019.
This file was presented by me during the study circle meeting at the Mangalore Branch of Southern India Regional Council of the Institute of Chartered Accountants of India.
Successful leaders and managers are always keen to expect the unexpected and plan for it. the More you plan is the less you react, and the less you react, the less you make mistakes.
Disruptions to your business can result in data risk, revenue loss, and Failure to deliver services
That’s why organizations need strong business continuity planning.
Business continuity and disaster recovery are not the same but complement each other. Planning on BCP and DRP is necessary for all business. This slide contains information on how to achieve and maintain them.
Business Continuity Planning PowerPoint Presentation SlidesSlideTeam
Presenting this set of slides with name - Business Continuity Planning PowerPoint Presentation Slides. We bring to you to the point topic specific slides with apt research and understanding. Putting forth our PPT deck comprises of fiftyone slides. Our tailor made Business Continuity Planning PowerPoint Presentation Slides editable presentation deck assists planners to segment and expound the topic with brevity. The advantageous slides on Business Continuity Planning PowerPoint Presentation Slides is braced with multiple charts and graphs, overviews, analysis templates agenda slides etc. to help boost important aspects of your presentation. Highlight all sorts of related usable templates for important considerations. Our deck finds applicability amongst all kinds of professionals, managers, individuals, temporary permanent teams involved in any company organization from any field.
Let’s understand the concepts of business continuity and Disaster Recovery in brief. To know more, visit: www.eccouncil.org/business-continuity-and-disaster-recovery
This handout was provided at the OCNC Business Emergency Preparedness Series workshop hosted by the Orange County Emergency Services and The Chamber on April 11, 2019.
With cyber-security breaches and hacks more common than ever before we've compiled the key IT-security rules that will help you to protect your business against the most likely threats. While this deck is predominately aimed at SMEs the rules apply broadly to businesses of any size.
In computer security, a vulnerability is a weakness which allows an .pdfanandanand521251
In computer security, a vulnerability is a weakness which allows an attacker to reduce a system\'s
information assurance. Vulnerability is the intersection of three elements: a system susceptibility
or flaw, attacker access to the flaw, and attacker capability to exploit the flaw.[1] To exploit a
vulnerability, an attacker must have at least one applicable tool or technique that can connect to a
system weakness. In this frame, vulnerability is also known as the attack surface.
Vulnerabilities are flaws in computer software that create weaknesses in your computer or
network’s overall security. Vulnerabilities can also be created by improper computer or security
configurations. Threats exploit the weaknesses of vulnerabilities, resulting in potential damage to
the computer or its data.
The impact of a security breach can be very high. The fact that IT managers, or upper
management, can (easily) know that IT systems and applications have vulnerabilities and do not
perform any action to manage the IT risk is seen as a misconduct in most legislations.
Intrusion detection system is an example of a class of systems used to detect attacks. Some sets
of criteria to be satisfied by a computer, its operating system and applications in order to meet a
good security level have been developed: ITSEC and Common criteria are two examples.
Vulnerability falls under security like computer security, network security,etc.
How to mitigate the risk
§ Install Anti-Virus Software.
Ensure that reputable anti-virus software is installed on all computers. This should include all
servers, PCs and laptops. If employees use computers at home for business use or to remotely
access the network, these PCs should also have anti-virus software installed.
§ Ensure that the anti-virus software is up to date.
Everyday new computer viruses are being released and it is essential that businesses are
protected from these viruses by keeping the anti-virus software up to date. If possible, companies
should look at policies whereby computers that do not have the most up to date anti-virus
software installed are not allowed to connect to the network.
§ Employ a firewall to protect networks.
As computer viruses can spread by means other than email, it is important that unwanted traffic
is blocked from entering the network by using a firewall. For users that use computers for
business away from the protection of the company’s network, such as home PCs or laptops, a
personal firewall should be installed to ensure the computer is protected.
§ Filter all email traffic.
All incoming and outgoing email should be filtered for computer viruses. This filter should
ideally be at the perimeter of the network to prevent computer viruses. Emails with certain file
attachments commonly used by computer viruses to spread themselves, such as .EXE, .COM and
.SCR files, should also be prevented from entering the network.
§ Educate all users to be careful of suspicious e-mails.
Ensure that all users know to .
Planning and Deploying an Effective Vulnerability Management ProgramSasha Nunke
This presentation covers the essential components of a successful Vulnerability Management program that allows you proactively identify risk to protect your network and critical business assets.
Key take-aways:
* Integrating the 3 critical factors - people, processes & technology
* Saving time and money via automated tools
* Anticipating and overcoming common Vulnerability Management roadblocks
* Meeting security regulations and compliance requirements with Vulnerability Management
Evolving technologies and business models have led to advanced network security threats that never existed a few years back. Moreover, enterprises are also relying on outdated security solutions to shut out such threats and this is leading to bigger and frequent data breaches. So if your company recognizes the need for a reliable IT security solution, then you should join our webinar to learn the following:
- An overview of the prevalent enterprise security threats
- The evolving security landscape and the obsolete security mechanisms
- What Seqrite does to ensure enterprise security and network compliance
Cyber-Espionage: Understanding the Advanced Threat LandscapeAaron White
Cutting through the APT hype to help businesses prevent, detect and mitigate advanced threats.
Sophisticated cyber-espionage operations aimed at pilfering
trade secrets and other sensitive data from corporate networks currently present the biggest threat to businesses. Advanced threat actors ranging from nation-state adversaries to organized cyber-crime gangs are using zero-day exploits, customized malware toolkits and clever social engineering tricks to break into corporate networks, avoid detection,
and steal valuable information over an extended period
of time.
In this presentation, we will cut through some of the hype
surrounding Advanced Persistent Threats (APTs), explain the
intricacies of these attacks and present recommendations to
help you improve your security posture through prevention,
detection and mitigation.
CompTIA exam study guide presentations by instructor Brian Ferrill, PACE-IT (Progressive, Accelerated Certifications for Employment in Information Technology)
"Funded by the Department of Labor, Employment and Training Administration, Grant #TC-23745-12-60-A-53"
Learn more about the PACE-IT Online program: www.edcc.edu/pace-it
Project Quality-SIPOCSelect a process of your choice and creat.docxwkyra78
Project Quality-SIPOC
Select a process of your choice and create a SIPOC for this process. Explain the utility of a SIPOC in the context of project management.
(
Application security in large enterprises (part 2)
Student Name:
) (
Instructor Name
)
Detailed Description:
Large enterprises of a thousand persons or more often have distinctly distinct data security architectures than lesser businesses. Typically they treat their data security as if they were still little companies.
This paper endeavors to demonstrate that not only do large businesses have an entire ecology of focused programs, specific to large businesses and their needs, but that this software has distinct security implications than buyer or small enterprise software. identifying these dissimilarities, and analyzing the way this can be taken advantage of by an attacker, is the key to both striking and keeping safe a large enterprise.
The Web applications are the important part of your business every day, they help you handle your intellectual property, increase your sales, and keep the trust of your customers. But there's the problem that applications re fast becoming the preferred attack vector of hackers. For this you really need something that makes your application secure.
And, with the persistent condition of today's attacks, applications can easily be get infected when security is not considered and scoped into each phase of the software development life cycle, from design to development to testing and ongoing maintenance of the application. When you take a holistic approach to your application security, you actually enhance your ability to produce and manage stable, secure applications. Applications need training and testing from the leading team of ethical hackers, for this there should be an authentic plan to recover these issues that can help an organization to plan, test, build and run applications smartly and safely.
Large enterprises of a thousand people or even more have distinctly different information security architectures than many other smaller companies. Actually, they treat their information security as if they were still small companies.
We are going to discuss some attempts to demonstrate that not only do large companies have an entire ecology of specialized software, specific to large companies and their needs, but that this software has different security implications than consumer or small business software for the applications. Recognizing these differences, and examining the way this can be taken advantage of by an attacker, is the key to both attacking and defending a large enterprise. It’s really important to cover up the security procedures in the large enterprise.
Key Features:
· Web application security checking from development through output
· Security check web APIs and world wide web services that support your enterprise
· Effortlessly organize, view and share security-test outcomes and histories
· Endow broader lifecycle adoption th ...
Welcome to the Program Your Destiny course. In this course, we will be learning the technology of personal transformation, neuroassociative conditioning (NAC) as pioneered by Tony Robbins. NAC is used to deprogram negative neuroassociations that are causing approach avoidance and instead reprogram yourself with positive neuroassociations that lead to being approach automatic. In doing so, you change your destiny, moving towards unlocking the hypersocial self within, the true self free from fear and operating from a place of personal power and love.
2. Business Continuity Plan
BCP is the creation and
validation of a practical
logistical plan for how an
organization will recover and
restore partially or completely
within a predetermined time
after a disaster has occurred.
4. Need for BCP/DRP
Objectives Goals Areas
Minimize loss by
Minimizing the cost
associated with
disruptions
Identify weaknesses Business
Resumption
Planning
Enable the
Organization to
survive a disaster
Minimize the
duration of a serious
disruption to b/s
operations
Disaster Recovery
Planning
Facilitate effective
co-ordination of
recovery tasks
Crisis Management
Reduce the
complexity of the
recovery effort
5. Developing a BCP
Initiate
Obtain understanding of the existing
and projected systems
Establish a ‘Steering Committee’
Develop a Master Schedule and
milestones
7. Choose Recovery Strategy
Plan Development
• Determine all available
options and strategies
• Business – Logistics,
HR, Accounting
• Technical – IT (Client –
Server, Mainframes,
Databases, Networks
Identify Recovery Strategy
• Recovery plan components
and standards are defined,
developed and
documented
• Define notification
procedures
• Establish Business
recovery teams for each
CBS
8. Test and Validate
•Validate the BCP
•Develop and document contingency test plans
•Prepare and execute tests
•Maintenance
•Update disaster recovery plans and procedures
10. Differentiation of BCP and DRP
Business Continuity Plan:
It is the process of defining arrangements and
procedures that enable an organization to continue
as a viable entity.
It addresses the recovery of a company’s critical
business functions after an interruption
Disaster Recovery Plan:
It involves making preparations for a disaster and
also addresses the procedures to be followed during
and after a loss. It is specific to the information
system function
11. Disaster Recovery & Business Continuity
What is DR and BC?
• Process, policies and procedures related to preparing for recovery
or continuation of technology infrastructure critical to an
organization after a natural or human-induced disaster
• Scope is limited to technology and technology availability
Disaster Recovery (DR)
• Planning out how to stay in business in the event of disaster
• Scope encompasses all critical business operations (sales,
customer support, financial and admin services, etc)
Business Continuity (BC)
While not the same, they are tightly interdependent.
12. Types of Disaster Recovery Plans
Emergency
Plan
Backup Plan Recovery Plan Test Plan
It specifies
actions to be
undertaken
when the
disaster happen
It specifies the type
of backup to be kept,
frequency of backup
to be undertaken,
procedures, location,
personnel, priorities
assigned and a time
frame
It specifies
procedures to
restore full
information system
capabilities
Final Component
Identification of
situations which
requires plan to
be invoked
It needs continuous
updates as changes
occur
Formation of a
recovery committee,
specify
responsibilities and
guidelines for proper
functioning
Identification of
deficiencies in the
emergency, backup
or recovery plans or
tin the preparation of
an organization for
facing a disaster
13. Types of Backup
Full Backup Incremental
Backup
Differential
Backup
Mirror Backup
IT captures all
files on the
disk or within
the folder
selected for
backup
It captures files
that were created
or changed since
the last backup,
regardless the
backup type
It stores files that
have changed
since the last full
backup.
It is identical to a
full backup, with
the exception that
the files are not
compressed in zip
files and they
cannot be
protected with a
password
14. RTO and RPO
Maximum tolerable length of time that a
computer, system, network, or application
can be down after a failure or disaster occurs
Recovery Time Objectives (RTO)
Age of files that must be recovered from
backup storage for normal operations to
resume (i.e, how many hours of work is lost)
Recovery Point Objectives (RPO)
15. RTO – Recovery Time Objective
How quickly should critical services be restored
RPO – Recovery Point Objective
From what point before system loss should data be available
How much data loss can be accommodated
Last System Backup/Copy
System Loss/Failure
System Restored
RPO (Recovery Point
Objective) – Time Since Last
Good Backup
RTO (Recovery Time
Objective) – Time to Recover
Overall Recovery Time – From Last Backup to System Recovery
16. Threats Landscape
Threats from within External Threats
Malicious Intent
If a malicious insider is intent on
compromising systems, there is little
that can be done by traditional
security products to prevent this
form of attack krowten emos elihW .
nac seuqinhcet roivaheb tsoh dna
taerht redisni na yftinedi ot pleh
eb lltis nac redisni suoicilam a ,eussi
lufsseccus.
•To steal information, the
attacker can copy restricted
information onto a thumb drive,
or install a covert key logger on a
keyboard cable disguised as a
ferrite bead .
•To disrupt operation, the
attacker might unplug a critical
system.
There are 4 primary threat vectors
1- Malcode
Malcode comes from programs, scripts, or macros that can execute on user
machines, and are malicious in nature. This category of threat is often
subdivided into Viruses and Trojan horses ro ,dehcatta edoc si suriv A .
a si esroh najorT A .tnemucod ro margorp etamtiigel a nihtiw deniatnoc
suoicilam trevoc sah osla tub ,esoprup elbisiv lanretxe na sah taht margorp
.resu eht ot nwonknu si taht roivahebMalcode can contain many
components, and categorization is subdivided according to the components
purpose (password stealers ,keyboard loggers ,botnets ,droppers )yteirav A .
tuohtiw dellatsni edoclam peek ot deyolped eb nac ygolonhcet htlaets fo
,elpmaxe rof( noticetedrootkits fleS .)-detangised nefto si edoc gntiagaporp
a saworm.
2- Vulnerabilities
Vulnerabilities come from deficiencies in legitimate code that is running
on internal computer systems, or a system misconfiguration that can
lead to an unexpected outcome. Vulnerabilities types such as SQL
injection vulnerabilities are well known for being easily exploited to gain
knowledge of internal database structure and contents. Cross-site
scripting vulnerabilities (XSS edoc tpircs etucexe ot desu netfo era )
seitilibarenluv fo sepyt gnitatsaved tsom eht tuB .sresworb sresu nihtiw
sa detangised esoht eraremote code execution .These vulnerabilities,
when exploited, allow native code execution on the computer containing
the vulnerable code. Perhaps the biggest remote code vectors used to
compromise systems in the past year are vulnerabilities contained in
browsers, or browser based plug-ins. If a user is enticed into visiting a
malicious Web site that hosts a document containing an exploit for a
browser vulnerability, the users machine can be owned.
3- Data leakage
Data leakage often comes from unintentional insiders transferring
restricted information to external systems. But it can also be the result of
malcode installed on the users machines. The problem is detecting and
preventing the transfer of sensitive information from within the
organization to an unauthorized external site.
4- Denial-of-service
Denial-of-service gnikcatta smetsys ro sresu lanretxe morf semoc
noitarepo eht tpursid ot si aedi lareneg ehT .erutcurtsarfni smetsys a
laineD fo smrof suoirav era erehT .metsys eht fo-fo-.skcatta ecivres
lained ytilibarenluv eht si enO-fo-seitilibarenluv era erehT .ecivres
nac tub ,noitucexe edoc etomer tiolpxe ot elba eb ton thgim taht
a gnidnes yb retupmoc a hsarc nac rekcatta nA .metsys eht hsarc
.tsoh elbarenluv eht ot tekcap elgnisMore common are denial-of-
service disruptions that come from generating a volume of traffic
that overwhelms a network, or host computer in the network.DNS
servers are particularly vulnerable when dealing with malformed
DNS requests. If an attacker can find a packet that causes a lot of
cycles to be spent by the host computer, then a flood of these
packets to the host can cause a denial-of-service.Bandwidth denial-
of-service attacks seek to exhaust the network capacity by
flooding the network with traffic. Often these attacks are mounted
from thousands of different host computers (distributed denial-of-
service era gnikcatta era taht sretupmoc eht yllausu dna ,)
tob htiw desimorpmoc-senihcam eht no dellatsni edoclam ten.
Unintentional insider threats
the unintentional compromise of
restricted data by insiders is a big
problem that can, and is addressed by
security systems.
17. Threats and Risk Management
• Lack of Integrity
• Lack of Confidentiality
• Unauthorized Access
• Hostile Software
• Disgruntled Employee“disappointed”
• Hackers and computer crimes
• Terrorism and Industrial espionage
18. Risk Analysis
Determine appetite for downtime
(RTO) for each system
Rank your IT systems by impact
on business operations
Determine impact of data loss
for each system (RPO)
Likely risks like hardware and network
failure should go at the top
Unlikely risks like tornado should go at
the bottom
Rank the risks to that system
by likelihood to occur
Look for projects that address
multiple risks and/or systems and/or
non DR needs (better ROI)
Be sure to identify dependencies
List options to address each
risk, rank their effectiveness,
and estimate cost
This Risk Analysis creates a roadmap to address your DR needs!
Instead,
Perform
a basic
Risk
Analysis
:
Data Recovery for your entire IT Infrastructure is very expensive!
19. Planning
•Must include all executives
•Good DR plans involve more than the IT
department
Corporate buy-in is critical to success
Establish a budget - budget drives your options
•It is more difficult and more costly to design
DR for production systems
Planning should be part of the production
design
Use your Risk Analysis to establish a multi-year project
plan
20. Document, document, document!
•Be sure that your
documentation is available no
matter what the disaster!
Plan your actions – who, what,
where
Test and update regularly – a stale
DR Plan is a useless DR Plan
Virtualization and big bandwidth are
key enablers of DR since 2013
Planning
21. Insurance
•The purpose of insurance is to spread the economic cost
and risk loss from an individual or business to a large
number of people.
• Policies are contracts that obligate the insurer to
indemnify the policyholder from specific risks in exchange
of a premium
• Adequate insurance coverage is a key consideration while
developing a BRP/DRP and performing a risk analysis
22. Activities considered while testing
BRP/DRP plan
• Defining the boundaries
• Scenario
• Test Criteria
• Assumptions
• Briefing Session
• Checklists
• Analysing the test
• Debriefing session
23. Audit of DR/BR plan
• Based on the BIA
• Key employees have participated in the development
• Plan is simple and is realistic in assumptions
• Review the existing DR/BR plan
• Gather background info regarding its preparation
• Does the DR/BR plan include provisions for personnel, building
• Does the BR/DR plan include contact details of suppliers of
essential equipment
• Does the DR/BR plans include provisions for the approval to
expend funds that were not budgeted for the period? Recovery may
be costly
24. Business Continuity and Disaster Recovery Implementation
Approach
The System Dynamics approach to implementing effective
Business Continuity consists of two phases:
1. Solution Design – your Business Continuity/Disaster Recovery
requirements are identified and documented and a solution and an
implementation plan are developed
2. Solution Implementation – the previously defined and agreed solution
is implemented
Project
Initiation
Risk
Assessment
Business
Requirements
and
Impact
Analysis
Solution
Design
and
Documentation
Implementation
Plan
Roadmap
Solution
Implemen
tation
Testing
Solution Design
Solution
Implementation
26. Maintaining Business Continuity and Disaster Recovery
• Once implemented, effective business
continuity must be regarded as a
continuous process
• While this imposes an overhead it
ensures that business continuity
implementation will continue to meet the
requirements of the business and meet
audit compliance requirements
• Good solution design will minimize
maintenance effort as continuity is
embedded
Business
Continuity Project
Understand the
Critical Systems
and Applications
Develop Strategy
for Business
Continuity
Develop Business
Continuity Plans
and Processes
Embed Business
Continuity into
Exercise, Test and
Maintain Business
Continuity Plan
27. DR Site Design Options
Hot Site
Worm
Site
Cold
Site
Mobile
Site
Reciprocal
Agreement
28. DR Site Design Options
Duplicate of the
original site of the
organization, with
full IT systems as
well as near-
complete copies
of user data.
1- Hot Site
Useful when fast
recovery is critical
Organization requires
all the facilities at an
alternative location
It is
expensive
Hot
site
29. Have hardware and
connectivity already
established, though
on a smaller scale
than the original
production site or
even a hot site.
2- Warm Site
DR Site Design Options
Provides
intermediate
level of backup
Organization can
tolerate some
downtime
Organization
requires only
essential facilities
at an alternative
location
Warm
Site
30. Standby site with
no hardware,
established
connectivity, or
backups, but has
adequate facilities
to house IT
infrastructure.
3- Cold Site
DR Site Design Options
It is useful when
the organization
can tolerate some
downtime
Organization requires
minimum facilities at an
alternative location to
run its regular
operations
It is
inexpensive
Cold
site
31. No specific fixed
on the ground
facility
4- Mobile Site A Mobile site is self-
contained, transportable
shelter custom –fitted with
specific telecommunications
and IT equipment
Advantage :
•The organization have
full control over the
equipment.
Disadvantage:
• May offer limited information
processing capacity (as
compared to the primary data
center
• Require advance
coordination, resources may
not be immediately available (
i.e. equipment transport, setup,
and data restoration)
Mobile
site
DR Site Design Options
32. Two or more
organizations might
agree to provide backup
facilities to each other in
the event of one
suffering a disaster
It is relatively cheap
Each participant must
maintain sufficient
capacity to operate
another’s critical
system
Reciprocal
Agreement
DR Site Design Options
No specific fixed on the ground
facility
5- Reciprocal Agreement
33. Minimum Disaster Precautions
Daily backup
strategy with at least
weekly offsite
backups
A strategy for
monitoring and
remediating
problems with your
backups
Antivirus software on
all workstations and
servers with daily
signature updates
Patching on all
workstations and
servers kept up to
date
34. High Availability = Disaster Prevention
typically means that the system is automatically
redundant. Eliminate single points of failure!
High Availability (HA):
Enables very low RTO and RPO objectives
35. Network High Availability
Dual routers
Dual
firewalls
Dual
switches
Dual network
interfaces on
Servers
Router
Router
Firewall
Firewall
Switch
Switch
Server
36. High Availability Connectivity
Dual connections to the Internet
• Difficult and expensive to implement at a corporate level
• Need to use two separate carriers – very little protection if using the same carrier
• Multi-site companies can use another site’s Internet
Dual connections to remote sites
• Use separate carriers
• Use separate last mile media (E1 and Fiber, E1 and Cable)
• Easy and relatively inexpensive using Internet as failover with mesh
VPN technology
37. High Availability Power
Install quality power filtration and lightning arrestors
Use devices with dual power supplies
Where that isn’t possible, use an Automatic Transfer Switch
(ATS)
Note that an ATS creates a single point of failure
Feed devices with two separate power circuits
Better yet, feed from two separate power panels
Protect at least one circuit of each pair with an Uninterruptible
Power Supply (UPS)
Protect the UPS(s) with a generator
38. Virtualization = Server Hardware HA
Virtualization is the
key enabler of
server hardware HA
Divorces server software
from the underlying
hardware running it
Allows a server to
“move” between multiple
physical server
hardware
Enables rapid
replacement or
expansion of
physical hardware
on demand
Enables new backup
techniques that have less
impact on servers and
users, and allows for
much faster restore
times. Bye-bye bare
metal restores!!
Most importantly for
disaster recovery, allows
servers to “move”
between multiple
physical locations
39. Application HA
Virtualization addresses
hardware failures but
doesn’t address
application failures
•Exchange 2010 Database Availability
Groups (DAG)
•Microsoft SQL Clustered Services
•Microsoft SQL Bidirectional
Transactional Replication
•Windows Server 2008 DFS
Native Application HA
implementations are
typically the most effective
way to address HA for
specific apps
Native
Application HA
Schemes ex.
40. Geographic HA
•Typically proprietary
SAN based (LUN to LUN)
• DoubleTake
• Microsoft SQL Replication
• Microsoft Exchange lag database copies
• Microsoft DFS Replication
Server or Application Based
•Veeam Backup and Replication
Virtual snapshot based
All these techniques require high bandwidth
connectivity
Data Replication
Options