Tim Collins, PMP, ITIL firstname.lastname@example.org
(312) 925-0162 mobile
Independent Infrastructure Consultant
Association Management Center
Optimized Data Protection Strategy
Version 1.0 2/21/2010
Page 1 of 6
AMC – Optimized Data Protection Strategy
1. Project Objective
A robust, reliable, manageable, and extensible backup strategy is the core foundation to
building a secure business continuity plan. While equipment and facilities can be replaced the
unique and constantly changing data that exists throughout the IT systems at AMC needs to be
fully protected from unintended modification and destruction.
The purpose of this proposal is to evaluate AMC’s existing data backup strategy then
recommend a data protection solution for implementation that meets their current and future
business continuity requirements. With a focus on creating the greatest return on investment all
effort will be made to fully utilize any existing hardware, software, media, and departmental
procedures that can be re-used in a new, optimized data protection strategy.
2. Project Phases
In order to efficiently define the project scope and achieve the objective of this project the
proposed endeavors will be split across two distinct phases:
2.1 Phase One - Initial assessment, Collect Requirements, Define Project Scope, Develop
This will be a data gathering and assessment exercise to establish the quantity, type,
and location of all system data and configurations that need to be protected. Once
this is collected and the business continuity objectives are establish a proposed solution
will be developed to meet the established requirements.
2.2 Phase Two – Proof of Concept Testing, Acceptance of Proposed Solution, Creation of
Work Plan, Identify Risks, Implementation, Documented Procedures
This will encompass all the work required to plan and implement the proposed solution
as well as the creation of documented procedures to be handed over to AMC IT staff
to guide them in the day-to-day operations and execution of system backups.
3. Initial Assessment
In order to provide AMC with an appropriate and measured solution their existing environment
needs to be properly assessed. This process is to identify key stakeholders, resources, constraints,
risks, required regulatory and organizational compliance, and validate assumptions. Like most
projects this will go through the process of progressive elaboration.
3.1 Assessment Meeting
This will be an informal gathering of key stakeholders with the primary objective to
address current challenges, discuss high level requirements, and review existing system
Page 3 of 6
4. Collect Requirements
This process will quantify all organizational assets that need to be protected, establish business
continuity requirements, and required versioning of system backups. This inventory will be
recorded into the backup requirements matrix to assign the desired business continuity and
versioning objectives for each asset.
4.1 Inventory of all System and Configuration Data
This will collect all assets to be protected and establish an enterprise backup selection
list. They will be organized under the following categories:
4.1.1 Network router and switch configurations
4.1.2 Server system state backups and necessary boot / system volumes
for key systems
4.1.3 Directed attached data volumes
4.1.4 Shared storage data volumes (NAS / SAN)
4.1.5 SQL Databases
4.1.6 Exchange Information Stores
4.2 Business Continuity Requirements - Establish Recovery Point Objective (RPO) or the
point in time a particular set of data needs to be recovered.
4.3 Versioning - Establish versioning requirements for each asset or asset group. All
versioning should conform to AMC’s established electronic document retention policy.
4.4 Backup Requirements Matrix - This table will record all data and system assets that
need to be protected by backup and assign the required business continuity and
5. Define Project Scope
The initial assessment and gathering of requirements will be inputs into defining the detailed
scope of this project. The project scope will serve as a common understanding of the final
product to be produced and will include the following components:
5.1 Product Scope Description - A data protection solution for implementation that
meets AMC’s current and future business continuity requirements. With a focus on
creating the greatest return on investment all effort will be made to fully utilize any
existing hardware, software, media, and departmental procedures that can be re-used
in a new, optimized data protection strategy.
5.2 Product Acceptance criteria – The successful completion of the proof of concept
testing will be presented to AMC for acceptance to then proceed forward in
implementing the proposed solution across the enterprise.
Page 4 of 6
5.3 Project Deliverables:
5.3.1 Backup Requirements Matrix
5.3.2 Proof of Concept Test
5.3.3 Selection and configuration of all backup sources and targets
5.3.4 Setup and configuration of all existing (or new) software and any
5.3.5 Setup and configuration of all existing (or new) hardware
5.3.6 Setup, formatting, and labeling of all new (or re-used) media
5.3.7 Documented Procedures (Runbook)
5.4 Project Exclusions – Offsite data replication and storage procedures to satisfy disaster
recovery and business continuity plans.
5.5 Project Constraints – Capital expenditure budgets, existing investments in hardware,
software, and media, existing backup windows, existing system maintenance windows.
6. Develop Proposed Solution
With a defined project scope established an evaluation of appropriate and measured
hardware and software solutions will be conducted to assemble a new backup strategy for
AMC. The developed solution will provide AMC with a robust, reliable, manageable, and
extensible backup strategy in addition to fulfilling the backup requirements matrix.
7. Proof of Concept Testing
Proof of concept testing is required to ensure that the existing backup strategy is allowed to stay
in place and that no backups (or required versioning) are missed. This proof of concept test will
be applied to a specific backup asset and the process and procedures are to be fully vetted
prior to the setup and configuration of all backup assets. If new software is to be implemented
evaluation versions will be installed to conduct this test.
8. Creation of Work Plan
Once the proposed solution is developed, tested, and accepted by AMC a detailed work plan
organizing the roll out of this new backup strategy across all assets will be created and
distributed to the key stakeholders. This plan will detail all the work required to setup any new
hardware or software resources, re-configure any existing resources, implement any scripting,
create backup selection lists, and prepare (format) all backup targets.
9. Identify Risks
As part of the initial assessment meeting a general level of risk tolerance will be established and
any high level risks will be qualified. The process of identifying risks is an iterative one and its
frequency will be performed at the discretion of the stakeholders.
Page 5 of 6
The work plan will be executed in the implementation step and will address all identified risks
with a special focus to ensure the existing backup strategy is not interrupted in this transition
phase. The goal is to make certain all versioning requirements are maintained through out this
11. Documented Procedures
Once this new data protection strategy is fully implemented a process to transfer these
practices and procedures to the day-to-day operations will begin. The new backup operations
procedures will be documented in a runbook and delivered to the key stakeholders.
12. Key Deliverables
Key outputs of this optimized data protection strategy will be in the form of the following
Backup Requirements Matrix
Project Scope Statement
Proof of Concept Test
Implemented Backup Procedures and Processes
Documented Procedures (Runbook)
It is anticipated that an informal and collaborative relationship will be established between all
parties and key stakeholders that will provide a most productive environment for the execution
of this project. Key stakeholders will receive a summary report at the end of each week which
will include the following details as a minimum; Completion of scheduled tasks and key
deliverables, issues & concerns, and summary of cost and schedule performance.
Page 6 of 6