Post on 13-May-2015
Business Continuity and Disaster Recovery Notes
Alan McSweeney
April 12, 2023 2
Objectives
• To provide outline options for implementing business continuity and disaster recovery
• To outline possible solution architectures• To demonstrate experience and competence in
business continuity• To identify possible next steps
April 12, 2023 3
Agenda
• Understanding of Requirements• Business Continuity and Disaster Recovery
Information• Business Continuity and Disaster Recovery
Options and Technologies• Server Virtualisation and Business Continuity
and Disaster Recovery• Implementation Notes
April 12, 2023 4
Overall Solution Requirements
• Resilience− Reliable underlying hardware and software components
• Scalable− Infrastructure that can grow to meet future requirements without
significant engineering
• Business Continuity and Disaster Recovery− Solution that provides disaster recovery and business continuity
• Manageable− Solution that is easily manageable
• Secure• Return on Investment• Simplicity− Few components and vendors to reduce complexity and risk
• Risk− Solution must incorporate proven technologies
April 12, 2023 5
Protecting the Business
April 12, 2023 6
Round Up the Usual Statistics
• 80% of businesses have no plan− “It won’t happen to me”
• 68% of businesses who experience a disaster and don’t have a plan go out of business within 2 years
• One in five organisations will suffer a major IT disaster in five years
• A company experiencing a computer outage lasting longer than 10 days will never fully recover
April 12, 2023 7
Round Up the Usual Statistics
• The loss of IT capacity and telecommunications is seen as the worst disruption scenarios for organisations− 48% of managers surveyed admit that their businesses have
experienced one or more interruptions within the past year− 57% of business disasters are IT-related
• About half of small and medium-sized firms now do perform some sort of data backup, but not always adequately− Large numbers of businesses would be unable to recover
business data after a server crash or disaster• It takes 19 days and costs in excess of €14,000 to re-
enter just 20 MB worth of sales and marketing data− Retrieving accounting records is even worse; they require over 21
days of work and cost over €15,700 to re-type• 93% of businesses say that data storage is an extremely
important part of their organisation but only 20% of those surveyed said that there was a high level of understanding of storage and storage issues within their companies
April 12, 2023 8
Reasons for Data Loss
Human Error30% Hardware
Failure42%
Hardware Destruction
3%
Theft5%PC Viruses
7%
Software Corruption
13%
April 12, 2023 9
US Cost of Downtime Survey
• 46% said each hour of downtime would cost their companies up to $50k
• 28% said each hour would cost between $51K and $250K
• 18% said each hour would cost between $251K and $1 million
• 8% said it would cost their companies more than $1million per hour
April 12, 2023 10
Survival Risk
• At what point is the survival of your company at risk? −40% said 72 hours−21% said 48 hours−15% said 24 hours−8% said 8 hours 9% said 4 hours−3% said 1 hour−4% said within the hour
April 12, 2023 11
Affects of Outage
• Lost revenue and business interruption• Possible litigation• Lost competitiveness and lost business• Loss of company reputation• Financial cost
April 12, 2023 12
Specific Business Continuity and Disaster Recovery Requirements
• RTO – Recovery Time Objective− How quickly should critical services be restored
• RPO – Recovery Point Objective− From what point before system loss should data be available
• How much data loss can be accommodated
Last System Backup/Copy
System Loss/Failure
System Restored
RPO (Recovery Point Objective) – Time Since Last
Good Backup
RTO (Recovery Time Objective) – Time to Recover
Overall Recovery Time – From Last Backup to System Recovery
April 12, 2023 13
Components of Effective Business Continuity and Disaster Recovery
Business Continuity and
Disaster Recovery Facility
Primary InfrastructureDesigned for
Resilience and Recoverability
OperationalDisaster Recovery
And BusinessContinuity
Plan
Business Continuity and
Disaster Recovery
Processes AndProcedures
April 12, 2023 14
Components of Effective Business Continuity and Disaster Recovery
• An operational Business Continuity/Disaster Recovery facility consists of four key components:1. Facilities and Infrastructure – the underlying IT
infrastructure and data must be structured to be resilient and recoverable
2. Processes and Procedures – Business Continuity/Disaster Recovery must be incorporated into standard processes and procedures
3. Operational Business Continuity/Disaster Recovery Plan – there must be an operational and tested plan to recover
4. Business Continuity and Disaster Recovery Facility – there should be a facility from which the recovered systems can run
April 12, 2023 15
Stages for Implementing Business Continuity and Disaster Recovery
Data Backup and Recovery
Resilience and Fault Tolerance
Business Continuity and
Disaster Recovery
April 12, 2023 16
Possible Core Architecture (Virtualised)
1. Core server infrastructure virtualised for resilience and fault tolerance
2. Centralised server management and backup
3. SAN for primary data storage
4. Backup to disk for speed
5. Tape backup
6. Two-way data replication
April 12, 2023 17
Resilience
• Virtual infrastructure in HA (High Availability) Cluster
• Fault tolerant primary infrastructure
• Failing virtual servers automatically restarted
• Dynamic reallocation of resources
• Reduces need to invoke business continuity plan
April 12, 2023 18
Business Continuity and Disaster Recovery
• Failing servers can be recovered on other site
• Virtualised infrastructure will allow critical servers to run without the need for physical servers
• Virtualisation makes recovery easier – removes any hardware dependencies
April 12, 2023 19
Business Continuity and Disaster Recovery Considerations
• Understand what you are protecting against− Hardware failure or damage− Application and data corruption− Site failure or denial of access− Fires, chemical spillages, sickness/epidemic
• Define level(s) of service to be provided• Define recovery method(s)• Understand system and application landscape• Understand business requirements and align
information technology infrastructure to meet them• Define cost and benefits of implementing levels of
resilience and recoverability
April 12, 2023 20
Sample Highly Resilient Infrastructure
April 12, 2023 21
Data Replication Options
• Option 1 – Direct server replication−Each server replicates to a backup server in the other
site
• Option 2 – Consolidated virtual server backup and replication of server images for recovery−Copies of virtual servers replicated to other site for
recovery
• Option 3 – Data replication−Replication of SAN data to other site
• Option 4 – Backup data replication−Replication of backup data to other site
• Each option has advantages and disadvantages
April 12, 2023 22
WAN Optimised Accelerated Offsite Backup and Replication for Business Continuity and Disaster Recovery
• LAN-like performance of file sharing from anywhere• Cut backup times by 75% or more• Use 90% less WAN bandwidth in the process• Allows use of lower speed links to saving ongoing costs
– for example, 2 Mbps becomes 20 Mbps at least
File Servers
Mail ServersWeb
Servers
FilersTapeBackup
Storage
WAN
File ServersMail
ServersFilers
TapeBackup
PRIMARY DATA CENTRE
SECONDARY DATA CENTRE
Transparent WAN Optimisation Unit
April 12, 2023 23
Server Virtualisation and Disaster Recovery
• Server virtualisation assists recovery from disaster−Enables easier testing−Enables successful recovery−Simplifies recovery−Reduces costs of recovery infrastructure−Enables business continuity
• Changing disaster recovery requirements−Higher standards are required−More reliability is expected−Faster pace of business generates more critical change− Intense competitive environment requires high service
levels
April 12, 2023 24
Virtualised Solution RPO and RTO
• Low RTO and RPO for immediate recovery• Solution can grow to support additional servers
easily and quickly
1
2RTO
Systems Available Immediately
System Loss
3
Last System Replica
RPO
April 12, 2023 25
Business Continuity and Disaster Recovery Implementation Approach
• The System Dynamics approach to implementing effective Business Continuity consists of two phases:1. Solution Design – your Business Continuity/Disaster
Recovery requirements are identified and documented and a solution and an implementation plan are developed
2. Solution Implementation – the previously defined and agreed solution is implemented
ProjectInitiation
Risk Assessment
Business Requirements
and Impact Analysis
Solution Design
and Documentation
Implementation Plan
Roadmap
Solution Implementation
Testing
Solution Design
Solution Implementation
April 12, 2023 26
Maintaining Business Continuity and Disaster Recovery
• Once implemented, effective ICT business continuity must be regarded as a continuous process
• While this imposes an overhead it ensures that business continuity implementation will continue to meet the requirements of the business and meet audit compliance requirements
• Good solution design will minimise maintenance effort as continuity is embedded
ICT Business
Continuity Project
Embed ICT Business
Continuity into ICT
Exercise, Test and Maintain
ICT Business
Continuity Plan
Develop Strategy for ICT
Business Continuity
Develop ICT
Business Continuity Plans and Processes
Understand the Critical
Systems and Applications
April 12, 2023 27
View of Business Continuity and Disaster Recovery
• Vendor independence• Aware of all solution options• Aware of enabling technologies−Server virtualisation−Hardware and software replication −WAN optimisation
• Can design the best and most cost-effective possible solution Suits the needs of the organisation rather than the vendor−Assist in vendor selection and negotiation
• Focus on entire solution
April 12, 2023 28
Structured Approach to Business Continuity and Disaster Recovery Analysis and Design
ICTBusiness
ContinuityPlanning
Phase 1 – Project
Initialisation and
Mobilisation
Phase 2 – ICT Infrastructure
and Application Analysis
Phase 3 –ICT Business
Continuity Options
Phase 4 – Information
Consolidation
Phase 5 – Draft and Final Report
Production and Presentation
Agree Project Scope
Agree Project Timescales
Agree Project Deliverables
Agree Business Owner Meeting
Schedule
Agree Project Communication
Analyse and Document ICT Infrastructure
and Applications
Define and Document ICT
Recovery Requirements
Consolidate Analysis and
Design Information
Draft Report Presentation
Final Report Presentation
Collect Server and Application Inventory and
Resource Usage Information
Business Critical
Application Owner Meetings
Define Detailed Business Critical
Recovery Processes
Define Application Recovery
Requirements
Define Business Continuity
Operations and Architectures
Produce Financial
Analysis and Implementation
Plans for Options
Define and Document Recovery Scenarios
Document Business
Continuity Operation
Handover
April 12, 2023 29
Structured Approach to Business Continuity and Disaster Recovery Analysis and Design
• Structured approach−Phase 1 – Project Initialisation and Mobilisation−Phase 2 – ICT Infrastructure and Application Analysis−Phase 3 – ICT Business Continuity Options−Phase 4 – Information Consolidation−Phase 5 – Draft and Final Report Production and
Presentation
• Focus is to develop a practical, realistic and cost-effective business continuity plan and to identify pre-requisite and associated work in order to make business continuity more effective
• Detailed workplan that will address all areas
April 12, 2023 30
What Can be Done
• Identify, define and document business continuity and disaster recovery requirements
• Design business continuity and disaster recovery solution options
• Select the most appropriate solution, technologies and vendors
• Assist with development business continuity plan
• Assist with and manage implementation• Define total business continuity solution
encompassing offerings from various vendors
April 12, 2023 31
Benefits of Structured Approach
• Practical and results-focussed approach• Detailed knowledge of business continuity
implementation• Knowledge and experience of relevant
technologies• Complete set of relevant skilled personnel in
the area required• Vendor independence and knowledge of likely
products and vendors
April 12, 2023 32
More Information
Alan McSweeneyalan@alanmcsweeney.com