Fortifying Network Security with a Defense In Depth Strategy - IDC Romania preso
DR Preso Setup (customer preso) - WordPress.com · IT(Risk(Considerations Network Security Data&...
Transcript of DR Preso Setup (customer preso) - WordPress.com · IT(Risk(Considerations Network Security Data&...
Disaster RecoveryLewan Technology, Zerto, FORTRUST & Faction Inc
Panel
• The Panel:• Scott Pelletier, Lewan Technology, CTO• Rob McClary, SVP & GM, FORTRUST• Rick Vincent, Director Solutions/Product Engineering, Faction Inc• Justin Fields, Lewan BPO• Mike Isaia, Sr. Systems Engineer, Zerto
IT Risk Considerations
NetworkSecurity
Data Protection
Geographic Protection
Employee Productivity
PhysicalSecurity
Compliance
Insurance Protection
Risk Mitigation Techniques
• Risk Acceptance
• Risk Avoidance
• Risk Limitation
• Risk Transference
What are RTOs and RPOs?
• RTO/RPO (these should be vetted with business leadership)
• Recovery Time Objective – maximum time to bring a system back online before severe business impact occurs
• Recovery Point Objective – the amount of data loss a business process/application can sustain before severe business impact occurs
• Ask business questions that yield technology answers
What’s Your Overall IT Risk Reduction Considerations
• Information / Infrastructure Security§ Physical, Social and Technical§ Who in your organization is responsible for security?§ Do you have written security policies and procedures?§ Do you follow them?§ How often are they reviewed?§ How do you train your employees on your security procedures?§ When was the last time you had a security penetration or DR test?§ Do you take security seriously?
• Data Protection Strategies§ Real-‐time§ Point-‐in-‐time§ Long time§ Geographic
Focus on Impacts and Work Backwards
Planning Process
How many eggs in how many baskets
Office Assets:Office SpaceEmployeesEdge networkWirelessDesktop ComputersPhonesPrintersFiles (paper or electronic)Internet*WAN Circuits*Power*Cooling*
Main Office
Branch Offices
Data Center IT Assets:Space for computer roomServersStorageBackup SystemCore NetworkFirewallsPhone SystemInternet*WAN Circuits*Power*Cooling*
*Could be in one or both categories
How many eggs in how many baskets
Office Assets:Office SpaceEmployeesEdge networkWirelessDesktop ComputersPhonesPrintersFiles (paper or electronic)Internet*WAN Circuits*Power*Cooling*
Data Center IT Assets:Space for computer roomServersStorageBackup SystemCore NetworkFirewallsPhone SystemInternet*WAN Circuits*Power*Cooling*
*Could be in one or both categories
Main Office
Branch Offices
Move or Replicate IT Assets to a More Secure Environment
Office Assets:Office SpaceEmployeesEdge networkWirelessDesktop ComputersPhonesPrintersFiles (paper or electronic)Internet*WAN Circuits*Power*Cooling*
Main Office
Branch Offices
Data Center IT Assets:Space for computer roomServersStorageBackup SystemCore NetworkFirewallsPhone SystemInternet*WAN Circuits*Power*Cooling*
Enable Mobile Workforce Strategy
Main Office
Branch Offices
Obtain Mobile Office Space with Needed Assets
Main Office
Data Center IT Assets:Space for computer roomServersStorageBackup SystemCore NetworkFirewallsPhone SystemInternet*WAN Circuits*Power*Cooling*
Office Assets:Office SpaceEmployeesEdge networkWirelessDesktop ComputersPhonesPrintersFiles (paper or electronic)Internet*WAN Circuits*Power*Cooling*
Obtain Mobile Office Space with Needed Assets
Main Office
Data Center IT Assets:Space for computer roomServersStorageBackup SystemCore NetworkFirewallsPhone SystemInternet*WAN Circuits*Power*Cooling*
Office Assets:Office SpaceEmployeesEdge networkWirelessDesktop ComputersPhonesPrintersFiles (paper or electronic)Internet*WAN Circuits*Power*Cooling*
Protect Against Financial and Property Loss as well
GEOGRAPHIC FOOTPRINT
• National Footprint
• Disaster Recovery
• Regional Focus
• Hybrid Cloud Environments
• DATA CENTER / CLOUD LOCATIONS
DATA CENTER AND CLOUD SERVICES
Data Center and Cloud• Lewan’s Primary Colorado
Data Center
• IaaS Environment• Enterprise Class Cloud Nodes
in 10+ Data Centers• 14 Carrier blended Internet• Patent pending layer 2
technology for high performance and tailored VLAN IP schema
• 5 tiers of storage based on performance and archive needs
Customer Sites
WHY HOSTED PRIVATE CLOUD?
• Dynamic and flexible approach to IT infrastructure
• Benefit from cloud economics and agility
• Scalable, flexible and secure
• GREATER AGILITY WHILE DOING MORE WITH LESS
Apps
VSAN
VLAN
Compute
VMware vCD/vDC
Operating System
Virtual Machine
VirtualEnvironment
PhysicalInfrastructure
{{
PUBLIC CLOUD VS. PRIVATE CLOUD
Blended Internet
Public vs. Private
…Multi-tenant less secure infrastructure, shared on-demand computing, bandwidth and storage
Your Resources
Compute
Firewall (H/A Option)
Load Balancer (H/A Option)
… NetApp Utility Storage vSAN (SSD, SAS, SATA)
Dedicated secure infrastructure, dedicated computing, bandwidth and utility storage
InternetYour
Resources
Internet
• Global Data Center Footprint
• SSAE 16 SOC 1 Type 2 (formerly SAS 70 type 2)
• On-‐net with most Tier I and Tier II carriers
HOSTED PRIVATE CLOUD OVERVIEW
HOSTED PRIVATE CLOUD OVERVIEW
• Guaranteed Availability• 99.999% SLA (5 minutes downtime / year)
• Dedicated Technology• Compute sleds – no mixing of resources • Network Access – dedicated traffic path • Storage Volumes – NetApp vSAN, MultiStore
• Ensures Full Compliance• HIPAA, SOX, GLBA, PCI DSS• SSAE 16 SOC 1 Type 2 Compliant
• Leading Edge Technology• VMware vCloud powered
PERFORMANCE AND SCALABILITY
• Performance Delivered Even at the Smallest Scale• Even the smallest environment receives enterprise class performance• Internet is balanced across multiple Carriers • 100% redundant with virtualization • 10Gbps redundancy throughout
• Same-‐Day Scalability • Start Small: No sacrifice in performance with 1TB or 1PB• Add RAM: Same day• Add Compute: Intel or AMD same day• Add Storage: up to 100,000 IOPS – 100GB at a time
• High Efficiency • Purchase storage based upon capacity or performance independently• Build to today’s specs, not 3 year spending cycles
INTERNET AND TRANSPORT
• Inter-‐node Network• Resiliency and performance• Patent pending Layer 2 topology
• Intra-‐node Network• 10GB Layer 2 links between nodes• Internet blend • Extended IP schema
CLOUD ON-‐RAMPS
• Patent-‐pending Layer 2 Topology• Private dedicated on-‐ramps
• From your premise• From your data center • Cloud to cloud• AWS Direct Connect
• 10 GB links accessible from every major metropolitan market• Consistent performance with low latency and high QoS• Ideal for:
• Hybrid environments• High-‐performance applications• Direct storage
IAAS SLAS
• SERVICE LEVEL TARGETS
• A. If Lewan fails to achieve the Service Level Target, and if Customer requests Lewan to do so within twenty (20) Business Days after the target is not met, Lewan will issue to Customer service credits against future periods of service as detailed in the table below.
• B. The monthly recurring charges (“MRC”) used to calculate the Service credits will be the total monthly recurring charges relating to the affected Service.
• C. Service credits issued shall not survive termination of the contract for the Service and are not applicable against other Lewan services.
• D. Performance against Service Level Targets will be reviewed and agreed on a quarterly basis by Lewan account management.
• The Service Level Credits are as follows: Server Availability Total Downtime in a 30 Day Calendar Month MRC Credit Percentage
• 99.9 to less than 100% 1 to 43.2 minutes 5%
• 98 to 99.8% 43.2 minutes to 14 hours 24 minutes 10%
• 95 to 97.9% 14 hours 24 minutes to 36 hours 25%
• 90 to 94.9% 36 hours to 72 hours 50%
• 89.9% or below More than 72 hours 100%
DENVER PRIMARY DATACENTER
• Concurrently Maintainable Infrastructure• Outside the 100 & 500 year floodplains• 49 Feet above the maximum FEMA projected
flood elevation• Located in Seismic Zone 1• All colocation areas are single story on slab• 2 and 4 hour rated fire walls throughout the
facility• UL Listed Lightning Protection System for the
entire facility• Fire department and 1st responder unit on
property• Outside any normal flight paths
How Zerto Revolutionized BC/DR
26
VM
VM
Storage Based Replication
Zerto Hypervisor Based Replication
Replication was in the wrongplace – the physical layer
The first Enterprise-‐class, Software-‐Defined
Replication& Recovery Automation solution
Production Site
Colo / Cloud
VM VM
VM VM
VM VM
VM VM
One Strategic Software Solution
27
3Private Cloud – Any Storage Multi-‐Hypervisor1
LewanCloud
Hybrid Cloud – DRaaS, Intra-‐Cloud & Reverse DRaaS
Small & ScalableVM-‐level replication
Compression, Throttling & Resiliency
Zerto Private Cloud Architecture
28
Production Site
vCenter
VM VM
VM VRA
VM VM
VM VRA
BC/DR Site
SCVMM
VM VM
VM VRA
VM VM
VM VRA>5 Mbps
VM-‐Level Replication
ZVM ZVM
No downtime, no impact installZerto Virtual Replication Appliances (VRA)One per host in source & target cluster
For each vCenter/SCVMMZerto Virtual Manager (ZVM) install in minutesDR Mgmt & VM level integration
Point in time recoveryReplica VM & Recovery Site Journaling
Only 7-‐10% additional space
Enterprise Class Virtual Replication
29
No performance impact No snapshots
Enterprise-‐class protection
Production Site
vCenter
VM VM
VM VRA
VM VM
VM VRA
BC/DR Site
Mgmt
VM VM
VM VRA
VM VM
VM VRAWAN
VM-‐Level Replication
ZVM ZVM
Storage agnosticAny Storage to Any StorageRemoving complexity & lock-‐in
Continuous block-‐level replicationRecovery Point Objective = SecondsMinimize data loss, meet SLAs
Automatic VM Disk & Setting ConversionAny Hypervisor to Any Hypervisor
Migration & Disaster Recovery
Enterprise Class Virtual Replication
30
Virtual Protection Group = Complete Application Protection
Consistent Multi-‐VM application recovery
Meet Application level SLAs & prioritize replication
Protect across any host or storage configuration
Pre-‐seed feature to VMware & Hyper-‐V to reduce initial sync
Virtualization feature support: vMotion, svMotion, HA etc
Production Site
Enterprise Applications
VM VM
VM
VM VM
VM
VM VM
VM VM
VM VM
VM VM
VM
vDisk vDisk
vDisk
vDisk
vDisk vDisk
vDisk
vDisk vDisk
vDisk vDisk
vDisk
CRM, ERP, SharePoint, Exchange, SQL, Oracle
4 secondsRPO VPG 1 VM VM VM VM VM
VM
9 secondsRPO VPG 3 VM VM VM VM VM
6 secondsRPO VPG 2 VM VM VM VM VM
VM
Continuous Data Protection
31
Simply re-‐wind to Any Point in Time
Recovery Site Journaling DVR like functionality
Protection against Logical Failures, not just disasters
Recover from Seconds ago, not the last Backup or Snapshot
Application Consistency and write-‐order fidelity
Recover Multi-‐VM Apps consistently down to the second
Disaster Recovery Automation
32
Automatic VM Recovery, boot orderRecovery Time Objective = Minutes
Re-‐IP & MAC, Scripts & Commit Policy
Production Site
vCenter
VRA
VM VM
VM
VM VM
VM VRA
BC/DR Site
Mgmt
VRA VRAWAN
Recovery
ZVM ZVM
Automated Failback configurationReplication of Only ChangesAWS failback V2V export process
Click to test in isolated bubble networkNon-‐disruptive failover testingNot just for DR & Offsite Clone
VM VM
VM
VM VM
VM
VM VM
VM
VM VM
VM
Failover Test
VM migration automationMigration Time Objective = MinutesSeconds of lag, test before move
VM VM
VM
VM VM
VM
VM VM
VM
VM VM
VM
VM VM
VM
VM VM
VM
MoveFailback
DR Test Reporting
33
Data Loss (RPO)Daily Backups
34
0 6 12 24
0 6 12 24
0 6 12 24
GAP = 24 hours
GAP = 4 hours
GAP = seconds
$273,972.60
$45,662.10
$7,610.35
Snapshot-‐based Replication
Zerto Continuous Replication
Causes of Downtime
35
May 2014 “The State Of Business Technology Resiliency, Q2 2014”
The Impact of Disruption
36
May 2014 “The State Of Business Technology Resiliency, Q2 2014”
Q&A / Panel Discussion