With:  

Presents  

Discovery (Steps 1-5)

1.  Build your team Select the people who understand your system best to help create a DR plan and execute when disaster strikes

2.  Analyze what DR technology is already in place You are probably already backing up, but what else?

3.  Do a business impact analysis what does downtime cost?

4.  Prioritize operations What needs recovering !rst

5.  Set goals for recovery How long should recovery take

6.  Identify and !ll gaps in technology Are any of your goals impossible with your current infrastructure      Implement  technology  or  processes  to  meet  recovery  goals

7.  Design Recovery or Failover Environment Alternate location facilities, hypervisor, bare-bones machines, etc

8. Design Response protocol Design the actual steps taken to recover downed systems Should employees BYOD? Use cell phones? Relax?

9. Document important information Have at important information at the ready in your DR plan

10. Implement, Test, and Revise Distribute the plan and make sure everyone know their duties Test to make sure there are no holes in your plan, revise to make sure your plan stays up to dates

Action Steps (6-10)  

•  Spearheaded  by  an  execu/ve  

–  Leadership  –  Decision  making  –  Access  to  necessary  resources  –  Make  sure  project  receives  necessary  a<en=on  

•  Designate  a  DR  Coordinator  

–  In=mate  knowledge  of  IT  system  

–  Creates  and  updates  DR  plan  –  Leads  recovery  during  disaster  –  Makes  execu=ve  decisions  during  disaster  

•  DR  Team  

–  Employees  from  a  variety  of  departments  

–  Help  DR  coordinator  execute  recovery  –  Predetermined  responsibili=es  for  recovery  

DR  Team  

DR  Coordinator  

Stake  Holders   C-­‐Level  

IT  manager  

IT     Opera=ons   Facili=es  

•  Analyze  the  DR  technology  that  you  currently  have  in  place  

–  Data  backup?  –  Skeleton  Servers?  –  Cloud  Services?  –  Virtualized  Machines?  

–  Ac=ve/Ac=ve  geographically  diverse  systems?  

–  Uninterrupted  Power  Supply    •  Understand  the  capabili=es  and  restric=ons  of  each  

Start by conducting a Business Impact Analysis

Availability requirements, such as maximum allowable systems downtime, for an organization form the basis for risk

mitigation and recovery strategies, developed to drive a higher level of business resiliency.

A BIA assesses the risks of various types of threats to determine the potential direct and indirect impacts. These include: •  Financial •  Regulatory •  Operational •  Competitive •  Reputation

•  Halt  opera=ons  for  extended  =me  –  Extended  systems  down=me  could  mean  the  same  for  your  business  

•  Permanently  set  the  company  back  –  Lost  data  could  undo  months  of  your  work  

•  Bankruptcy  –  A  significant  number  of  companies  that  experience  a  major  data  loss,  

will  close  their  doors  within  6  months  •  Regulatory  risk  of  not  being  in  compliance  (PCI,  SSAE  16,  SOX,  HIPAA)  •  Your  company  could  face  fines  and  other  penal=es  if  you  

–  Lose  client  data  –  Have  a  breach  of  security  in  regards  to  client  data  –  Lose  access  to  client  data  –  Do  not  no=fy  clients  of  such  events    

After completing the BIA, it should be clear which processes are most important to your business, thus which should be recovered !rst after a disaster.

Restore  Emergency  Level  of  Service  

Restore  Key  Business  Processes  

Restore  to  Business  as  Usual  

Understand  the  IT  dependencies  for  each  business  process,  and  what  level  of  IT  service  is  required  for  that  process.  

Priori=ze  recovery  for  IT  systems  and  services.  Understand  what  can  be  recovered  as  a  stand  alone  service,  and  what  required  greater  underlying  

network  support.  

•  Recovery  Time  Objec/ve  (RTO)  –  How  long  a\er  a  disaster  does  a  business  process  need  to  be  opera=onal,  or  

what  is  the  acceptable  down=me?  

•  Recovery  Point  Objec/ve  (RPO)  –  What  point  back  in  =me  would  you  like  to  recover  to?  10  minutes?  1  hour?  1  

day  before  the  disaster?  This  is  determined  by  how  o\en  you  perform  backups.  

•  Recovery  Level  Objec/ve  (RLO)  –  Recovering  from  a  disaster  does  not  happen  all  at  once.  You  should  set  

different  recovery  =mes  for  each  level  of  recovery.  And  possibly  a  different  recovery  point  for  various  systems.  

Do  you  have  all  the  proper  technologies  in  place  to  successfully  recover?  

Is  it  possible  to  recover  in  a  manner  that  sa=sfies  your  objec=ves?  

There  are  a  mul=tude  of  hardware,  so\ware,  and  services  you  can  use  to  meet  recovery  objec=ves.  

Example:  

If  your  RPO  is  under  15  minutes,  you  must  be  performing  backups  every  15  minutes  

Compare recovery goals with the DR technology you are currently utilizing.

Using your goals as a baseline, look at each of your business processes, and analyze the feasibility of restarting the respective IT dependencies within the objective time.

•  Daily onsite and remote backups •  Bare-metal backups •  Cloud based software (SaaS)

–  Gmail, Salesforce , Office 365 •  Redundant and replicated systems •  Virtualized networks, servers, and desktops •  Bare-bones machines •  VoIP phones •  Diverse network service provider

Where do you intend on recovering vital computing resources to?

What if your system would take to long to recover on itself?

What if you don’t have access to your facilities?

What if your facilities have been destroyed?

What if a server fails and it takes weeks to get a similar one?

What if you need to recover a single email or a single mailbox, but you only have image based backups?

File  and  folder  backups  

Employees  recover  data  to  personal  

devices  

Employees  work  from  own  devices  

Bare-­‐Metal  Recovery  

Easily  recover  data  and  all  system  and  user  configura=ons  on  same  or  new  

hardware  

Employees  work  from  where  

network  is  rebuilt  

Hot  Sites  Replicate  backups  at  an  alternate  and  remote  work  site  

Personnel  simply  moves  to  new  worksite  and  resumes  work  

Cloud  Replica=on  

Easy  and  Instant  Failover  to  iden=cal  machines  and  data  

Employee  work  from  anywhere  with  

internet  access  

Compreh

ensive    

Simple  

Affo

rdable  

Costly  

•  Call centers •  Call rerouting •  Soft phones •  Virtual Desktop Environment •  Virtual Servers •  Collocation

•  Do  your  employees  know  how  to  respond  to  a  disaster?  

–  Based  on  your  recovery  environment  and  recovery  objec=ves  

–  Develop  a  plan  for  each  department  to  resume  opera=ons,  star=ng  with  the  most  crucial  

–  Create  a  wri<en  plan  that  your  employees  can  use  to  help  them  get  back  to  work  as  fast  as  possible  

In  your  plan  for  employees  

–  Address  of  alternate  work  sites  –  Instruc=ons  to  recover  data  –  Instruc=ons  to  login  to  cloud  based  DR  recovery  environments  

–  Calling  trees  –  Important  contact  informa=on  

–  Amended  responsibili=es  

Configure  and  Schedule  Your  Backups  

It is important to have a well documented response procedure for restoring mission critical systems as efficiently as possible

Instructions for Failover •  Document where resources will failover to •  Document which resources will failover •  Document how to failover resources •  Document how to get users on new system •  Document how to reroute phone numbers

Instructions to rebuild/repair: •  Rebuild Network •  Remedy crashed servers •  Purchase correct replacement parts •  Include estimates of how long it will take to reboot system •  Instructions to handle work load in the interim

In the appendix of your DR plan you should include a repository of critical Systems information.

•  Make, model, and speci!cations of all hardware •  Diagram of network •  List of applications used by each and license keys •  Location of backups for each machine •  Admin handles and passwords •  Database owners •  Warranty information •  Vendor information •  IP addresses •  VPN information •  Setting and Con!gurations •  Special Instructions

Once you have constructed your DR plan you must distribute the plan among employees and start work with your DR team.

Your DR plan will not be effective if nobody knows about it.

•  Make  sure  your  DR  plan  has  full  support  

–  Execu=ve  and  C-­‐level  support  –  IT  support  

•  Send  an  email  or  memo  to  all  employees  with  the  informa=on  they  need  to  know  

•  Distribute  hard  copies  and  instruc=ons  to  access  an  electronic  version  

•  Run  a  drill  and  test  

•  Test  o\en  (Every  6  months)  

•  Only  through  tes=ng  will  you  uncover  everything  that  is  missing  from  your  plan  

•  Revise  a\er  tes=ng  •  Part  of  your  plan  will  become  stale  every  =me  you  test  it,  make  sure  all  the  

informa=on  is  up  to  date  

•  Record  difficul=es  during  tes=ng  so  updates  can  be  made  

Contact  Cloudni/on:  Evan  Kouimelis  630.297.4112  Ekouimelis@cloudni=on.com  www.Cloudni=on.com  

Contact  BOB:  Thaer  Sous  630.590.6293  tsous@bobbroadband.com  www.bobbroadband.com  

For  more  informa=on: