Construction of a Disaster Recovery Plan with Business Only Broadband
-
Upload
cloudnition-web-development-online-marketing -
Category
Technology
-
view
642 -
download
2
description
Transcript of Construction of a Disaster Recovery Plan with Business Only Broadband
With:
Presents
Discovery (Steps 1-5)
1. Build your team Select the people who understand your system best to help create a DR plan and execute when disaster strikes
2. Analyze what DR technology is already in place You are probably already backing up, but what else?
3. Do a business impact analysis what does downtime cost?
4. Prioritize operations What needs recovering !rst
5. Set goals for recovery How long should recovery take
6. Identify and !ll gaps in technology Are any of your goals impossible with your current infrastructure Implement technology or processes to meet recovery goals
7. Design Recovery or Failover Environment Alternate location facilities, hypervisor, bare-bones machines, etc
8. Design Response protocol Design the actual steps taken to recover downed systems Should employees BYOD? Use cell phones? Relax?
9. Document important information Have at important information at the ready in your DR plan
10. Implement, Test, and Revise Distribute the plan and make sure everyone know their duties Test to make sure there are no holes in your plan, revise to make sure your plan stays up to dates
Action Steps (6-10)
• Spearheaded by an execu/ve
– Leadership – Decision making – Access to necessary resources – Make sure project receives necessary a<en=on
• Designate a DR Coordinator
– In=mate knowledge of IT system
– Creates and updates DR plan – Leads recovery during disaster – Makes execu=ve decisions during disaster
• DR Team
– Employees from a variety of departments
– Help DR coordinator execute recovery – Predetermined responsibili=es for recovery
DR Team
DR Coordinator
Stake Holders C-‐Level
IT manager
IT Opera=ons Facili=es
• Analyze the DR technology that you currently have in place
– Data backup? – Skeleton Servers? – Cloud Services? – Virtualized Machines?
– Ac=ve/Ac=ve geographically diverse systems?
– Uninterrupted Power Supply • Understand the capabili=es and restric=ons of each
Start by conducting a Business Impact Analysis
Availability requirements, such as maximum allowable systems downtime, for an organization form the basis for risk
mitigation and recovery strategies, developed to drive a higher level of business resiliency.
A BIA assesses the risks of various types of threats to determine the potential direct and indirect impacts. These include: • Financial • Regulatory • Operational • Competitive • Reputation
• Halt opera=ons for extended =me – Extended systems down=me could mean the same for your business
• Permanently set the company back – Lost data could undo months of your work
• Bankruptcy – A significant number of companies that experience a major data loss,
will close their doors within 6 months • Regulatory risk of not being in compliance (PCI, SSAE 16, SOX, HIPAA) • Your company could face fines and other penal=es if you
– Lose client data – Have a breach of security in regards to client data – Lose access to client data – Do not no=fy clients of such events
After completing the BIA, it should be clear which processes are most important to your business, thus which should be recovered !rst after a disaster.
Restore Emergency Level of Service
Restore Key Business Processes
Restore to Business as Usual
Understand the IT dependencies for each business process, and what level of IT service is required for that process.
Priori=ze recovery for IT systems and services. Understand what can be recovered as a stand alone service, and what required greater underlying
network support.
• Recovery Time Objec/ve (RTO) – How long a\er a disaster does a business process need to be opera=onal, or
what is the acceptable down=me?
• Recovery Point Objec/ve (RPO) – What point back in =me would you like to recover to? 10 minutes? 1 hour? 1
day before the disaster? This is determined by how o\en you perform backups.
• Recovery Level Objec/ve (RLO) – Recovering from a disaster does not happen all at once. You should set
different recovery =mes for each level of recovery. And possibly a different recovery point for various systems.
Do you have all the proper technologies in place to successfully recover?
Is it possible to recover in a manner that sa=sfies your objec=ves?
There are a mul=tude of hardware, so\ware, and services you can use to meet recovery objec=ves.
Example:
If your RPO is under 15 minutes, you must be performing backups every 15 minutes
Compare recovery goals with the DR technology you are currently utilizing.
Using your goals as a baseline, look at each of your business processes, and analyze the feasibility of restarting the respective IT dependencies within the objective time.
• Daily onsite and remote backups • Bare-metal backups • Cloud based software (SaaS)
– Gmail, Salesforce , Office 365 • Redundant and replicated systems • Virtualized networks, servers, and desktops • Bare-bones machines • VoIP phones • Diverse network service provider
Where do you intend on recovering vital computing resources to?
What if your system would take to long to recover on itself?
What if you don’t have access to your facilities?
What if your facilities have been destroyed?
What if a server fails and it takes weeks to get a similar one?
What if you need to recover a single email or a single mailbox, but you only have image based backups?
File and folder backups
Employees recover data to personal
devices
Employees work from own devices
Bare-‐Metal Recovery
Easily recover data and all system and user configura=ons on same or new
hardware
Employees work from where
network is rebuilt
Hot Sites Replicate backups at an alternate and remote work site
Personnel simply moves to new worksite and resumes work
Cloud Replica=on
Easy and Instant Failover to iden=cal machines and data
Employee work from anywhere with
internet access
Compreh
ensive
Simple
Affo
rdable
Costly
• Call centers • Call rerouting • Soft phones • Virtual Desktop Environment • Virtual Servers • Collocation
• Do your employees know how to respond to a disaster?
– Based on your recovery environment and recovery objec=ves
– Develop a plan for each department to resume opera=ons, star=ng with the most crucial
– Create a wri<en plan that your employees can use to help them get back to work as fast as possible
In your plan for employees
– Address of alternate work sites – Instruc=ons to recover data – Instruc=ons to login to cloud based DR recovery environments
– Calling trees – Important contact informa=on
– Amended responsibili=es
Configure and Schedule Your Backups
It is important to have a well documented response procedure for restoring mission critical systems as efficiently as possible
Instructions for Failover • Document where resources will failover to • Document which resources will failover • Document how to failover resources • Document how to get users on new system • Document how to reroute phone numbers
Instructions to rebuild/repair: • Rebuild Network • Remedy crashed servers • Purchase correct replacement parts • Include estimates of how long it will take to reboot system • Instructions to handle work load in the interim
In the appendix of your DR plan you should include a repository of critical Systems information.
• Make, model, and speci!cations of all hardware • Diagram of network • List of applications used by each and license keys • Location of backups for each machine • Admin handles and passwords • Database owners • Warranty information • Vendor information • IP addresses • VPN information • Setting and Con!gurations • Special Instructions
Once you have constructed your DR plan you must distribute the plan among employees and start work with your DR team.
Your DR plan will not be effective if nobody knows about it.
• Make sure your DR plan has full support
– Execu=ve and C-‐level support – IT support
• Send an email or memo to all employees with the informa=on they need to know
• Distribute hard copies and instruc=ons to access an electronic version
• Run a drill and test
• Test o\en (Every 6 months)
• Only through tes=ng will you uncover everything that is missing from your plan
• Revise a\er tes=ng • Part of your plan will become stale every =me you test it, make sure all the
informa=on is up to date
• Record difficul=es during tes=ng so updates can be made
Contact Cloudni/on: Evan Kouimelis 630.297.4112 Ekouimelis@cloudni=on.com www.Cloudni=on.com
Contact BOB: Thaer Sous 630.590.6293 [email protected] www.bobbroadband.com
For more informa=on: