Presents  

Discovery (Steps 1-5)

1.  Build your team Select the people who understand your system best to help create a DR plan and execute when disaster strikes

2.  Analyze what DR technology is already in place You are probably already backing up, but what else?

3.  Do a business impact analysis What does downtime cost?

4.  Prioritize operations ID critical apps and data, what needs recovering !rst

5.  Set goals for recovery How long should recovery take

6.  Identify and !ll gaps in technology Are any of your goals impossible with your current infrastructure    Implement  technology  or  processes  to  meet  recovery  goals

7.  Design Recovery or Failover Environment Alternate location facilities, hypervisor, bare-bones machines, etc

8. Create Recovery Manual and Disaster Response Protocol Design the actual steps taken to recover downed systems Should employees BYOD? Use cell phones? Relax?

9. Document important information Have at important information at the ready in your DR plan

10. Implement, Test, and Revise Distribute the plan and make sure everyone know their duties Test to make sure there are no holes in your plan, revise to make sure your plan stays up to dates

Action Steps (6-10)  

•  Spearheaded  by  an  execu/ve  –  Leadership  –  Decision  making  –  Access  to  necessary  resources  –  Make  sure  project  receives  necessary  a<en=on  

•  Designate  a  DR  Coordinator  –  In=mate  knowledge  of  IT  system  –  Creates  and  updates  DR  plan  –  Leads  recovery  during  disaster  –  Makes  execu=ve  decisions  during  disaster  

•  DR  Team  –  Employees  from  a  variety  of  departments  –  Help  DR  coordinator  execute  recovery  –  Predetermined  responsibili=es  for  recovery  

DR  Team  

DR  Coordinator  

Stake  Holders   C-­‐Level  

IT  manager  

IT     Opera=ons   Facili=es  

•  Analyze  the  DR  technology  that  you  currently  have  in  place  –  Data  backup?  –  Skeleton  Servers?  –  Cloud  Services?  –  Virtualized  Machines?  –  Ac=ve/Ac=ve  geographically  diverse  systems?  –  Uninterrupted  Power  Supply    –  SoPware  as  a  Service  Applica=ons  (SaaS)  –  Desktop  as  a  Service  (DaaS)  

•  Understand  the  capabili=es  and  restric=ons  of  each  

 

Start by conducting a Business Impact Analysis

Availability requirements, such as maximum allowable systems downtime, for an organization form the basis for risk

mitigation and recovery strategies, developed to drive a higher level of business resiliency.

 

A BIA assesses the risks of various types of threats to determine the potential direct and indirect impacts. These include: •  Financial •  Regulatory •  Operational •  Competitive •  Reputation

 

•  Halt  opera=ons  for  extended  =me  –  Extended  systems  down=me  could  mean  the  same  for  your  business  

•  Permanently  set  the  company  back  –  Lost  data  could  undo  months  of  your  work  

•  Bankruptcy  –  A  significant  number  of  companies  that  experience  a  major  data  loss,  

will  close  their  doors  within  6  months  •  Regulatory  risk  of  not  being  in  compliance  (PCI,  SSAE  16,  SOX,  HIPAA)  •  Your  company  could  face  fines  and  other  penal=es  if  you  

–  Lose  client  data  –  Have  a  breach  of  security  in  regards  to  client  data  –  Lose  access  to  client  data  –  Do  not  no=fy  clients  of  such  events    

 

After completing the BIA, it should be clear which processes are most important to your business, thus which should be recovered !rst after a disaster.

 Restore  Emergency  Level  of  Service  

Restore  Key  Business  Processes  

Restore  to  Business  as  Usual  

Understand  the  IT  dependencies  for  each  business  process,  and  what  level  of  IT  service  is  required  for  that  process.  

 Priori=ze  recovery  for  IT  systems  and  services.  Understand  what  can  be  recovered  as  a  stand  alone  service,  and  what  required  greater  underlying  

network  support.    

•  Recovery  Time  Objec/ve  (RTO)  –  How  long  aPer  a  disaster  does  a  business  process  need  to  be  opera=onal,  or  

what  is  the  acceptable  down=me?  

•  Recovery  Point  Objec/ve  (RPO)  –  What  point  back  in  =me  would  you  like  to  recover  to?  10  minutes?  1  hour?  1  

day  before  the  disaster?  This  is  determined  by  how  oPen  you  perform  backups.  

•  Recovery  Level  Objec/ve  (RLO)  –  Recovering  from  a  disaster  does  not  happen  all  at  once.  You  should  set  

different  recovery  =mes  for  each  level  of  recovery.  And  possibly  a  different  recovery  point  for  various  systems.  

 

Do  you  have  all  the  proper  technologies  in  place  to  successfully  recover?  Is  it  possible  to  recover  in  a  manner  that  sa=sfies  your  objec=ves?  There  are  a  mul=tude  of  hardware,  soPware,  and  services  you  can  use  to  meet  recovery  objec=ves.    Example:  If  your  RPO  is  under  15  minutes,  you  must  be  performing  backups  every  15  minutes  

Configure  and  Schedule  Your  Backups  

Compare recovery goals with the DR technology you are currently utilizing. Using your goals as a baseline, look at each of your business processes, and analyze the feasibility of restarting the respective IT dependencies within the objective time.

Don't  just  throw  money  at  Disaster  Recovery,  does  not  need  to  be  expensive  

•  Daily onsite and remote backups •  Bare-metal backups •  Cloud based software (SaaS)

–  Gmail, Salesforce , Office 365 •  Redundant and replicated systems •  Virtualized networks, servers, and desktops •  Bare-bones machines •  Diverse network service providers •  Desktop as a Service

Where do you intend on recovering vital computing resources to? What if your system would take too long to recover on itself? What if you don’t have access to your facilities? What if your facilities have been destroyed? What if a server fails and it takes weeks to get a similar one? What if you need to recover a single email or a single mailbox, but you only have image based backups? Can you recover on new or old machines?

File  and  folder  backups  

Employees  recover  data  to  personal  

devices  Employees  work  from  own  devices  

Bare-­‐Metal  Recovery  

Easily  recover  data  and  all  system  and  user  configura=ons  on  same  or  new  

hardware  

Employees  work  from  where  

network  is  rebuilt  

Cloud  Replica=on  

Easy  and  Instant  Failover  to  iden=cal  machines  and  data  

Employee  work  from  anywhere  with  

internet  access  

Hot  Sites  Replicate  backups  at  an  alternate  and  remote  work  site  

Personnel  simply  moves  to  new  worksite  and  resumes  work  Co

mpreh

ensiv

e    

Simple  

Affordable  

Costly  

•  Call centers •  Call rerouting •  Soft phones •  Virtual Desktop Environment •  Virtual Servers •  Collocation •  Rented Space in a datacenter •  Starbucks

Either  have  a  recovery  environment  or  be  prepared  to  work  from  home      

Too  Long  

Too  Expensive  

Create a recovery manual •  Include a well documented response procedure for restoring mission critical

systems as efficiently as possible. •  De!ne triggers to launch the disaster recovery process. •  De!ne the scope of your DR processes. Instructions for Recovery •  Document where resources will recover to •  Document which order to recover resources •  Document how to recover resources •  Document how to get users on new system •  Document how to reroute phone numbers  

Instructions to rebuild/repair: •  Rebuild Network •  Remedy crashed servers •  Purchase correct replacement parts •  Include estimates of how long it will take to reboot system •  Instructions to handle work load in the interim  

In the appendix of your DR plan you should include a repository of critical Systems information. •  Make, model, and speci!cations of all hardware •  Diagram of network •  List of applications used by each and license keys •  Location of backups for each machine •  Admin handles and passwords •  Database owners •  Warranty information •  Vendor information •  IP addresses •  VPN information •  Setting and Con!gurations •  Special Instructions  

•  Do  your  employees  know  how  to  respond  to  a  disaster?  –  Based  on  your  recovery  environment  and  recovery  objec=ves  –  Develop  a  plan  for  each  department  to  resume  opera=ons,  star=ng  with  the  

most  crucial  –  Create  a  wri<en  plan  that  your  employees  can  use  to  help  them  get  back  to  

work  as  fast  as  possible  

In  your  plan  for  employees  –  Address  of  alternate  work  sites  –  Instruc=ons  to  recover  data  –  Instruc=ons  to  login  to  cloud  based  DR  recovery  environments  –  Calling  trees  –  Important  contact  informa=on  –  Amended  responsibili=es  

Once you have constructed your DR plan you must distribute the plan among employees and start work with your DR team.

Your DR plan will not be effective if nobody knows about it.

 

•  Make  sure  your  DR  plan  has  full  support  –  Execu=ve  and  C-­‐level  support  –  IT  support  

•  Send  an  email  or  memo  to  all  employees  with  the  informa=on  they  need  to  know  •  Distribute  hard  copies  and  instruc=ons  to  access  an  electronic  version  •  Run  a  drill  and  test  •  Spend  =me  to  educate  your  workforce.  A  tech  savvy  workforce  with  well  

understood  best  prac=ces  can  be  your  best  weapon  against  disasters.    

•  Test  oPen  (Every  6  months)  •  Only  through  tes=ng  will  you  uncover  everything  that  is  missing  from  your  plan  •  Revise  aPer  tes=ng  •  Part  of  your  plan  will  become  stale  every  =me  you  test  it,  make  sure  all  the  

informa=on  is  up  to  date  •  Record  difficul=es  during  tes=ng  so  updates  can  be  made    

For  help  filling  out  your  free  disaster  recovery  planning  template  contact  your  First  Communica=ons  client  rela=ons  manager.    If  you  don't  know  who  your  client  rela=ons  manager  is    Call:    Dawn  Dimick  330.835.2491    www.Slideshare.net/Firstcomm