Construction of a Disaster Recovery Plan David Godwin, Sr. Sales Engineer March 18, 2014
Objectives Understand What Disaster Recovery is? Why is Disaster Recovery Needed? Effectively assist customers or clients in identifying their goals and needs for a Disaster Recovery Plan Became a trusted advisor related to this solution. Create an experience e that makes the customer remember your expertise for this subject.
What is Business Continuity Business Continuity is defined as the capability of an organization to continue delivery of products and services at acceptable predefined levels following a disruptive incident.
What is Disaster Recovery? Disaster recovery are the processes that are used to restore services after a significant interruption (disaster) in communications systems. Disaster recovery processes usually occur after events such as fires, floods, or earthquakes. However, disaster recovery may also occur after critical equipment failures or information corruption that occurs from software viruses.
Disaster Recovery Plan Is a business plan that describes how work can be quickly and effectively resumed after a disaster. Disaster recovery is a part of business continuity planning. It applies to aspects of the business that rely on IT infrastructure to function.
Discovery (Steps 1-5) 1. Build your team Select the people who understand your system best to help create a DR plan and execute when disaster strikes 2. Analyze what DR technology is already in place You are probably already backing up, but what else? 3. Do a business impact analysis What does downtime cost? 4. Prioritize operations ID critical apps and data, what needs recovering first? 5. Set goals for recovery How long should recovery take?
Action Steps (6-10) 6. Identify and fill gaps in technology Are any of your goals impossible with your current infrastructure Implement technology or processes to meet recovery goals 7. Design Recovery or Failover Environment Alternate location facilities, hypervisor, bare-bones machines, etc 8. Create Recovery Manual and Disaster Response Protocol Design the actual steps taken to recover downed systems Should employees BYOD? Use cell phones? Relax? 9. Document important information Have at important information at the ready in your DR plan 10. Implement, Test, and Revise Distribute the plan and make sure everyone know their duties Test to make sure there are no holes in your plan, revise to make sure your plan stays up to dates
Spearheaded by an executive Leadership Decision making Access to necessary resources Make sure project receives necessary attention Designate a DR Coordinator Intimate knowledge of IT system Creates and updates DR plan Leads recovery during disaster Makes executive decisions during disaster DR Team Employees from a variety of departments Help DR coordinator execute recovery Predetermined responsibilities for recovery
Stake Holders C-Level DR Coordinator IT manager DR Team IT Operations Facilities
Analyze the DR technology that you currently have in place Data backup? Skeleton Servers? Cloud Services? Virtualized Machines? Active/Active geographically diverse systems? Uninterrupted Power Supply Software as a Service Applications (SaaS) Desktop as a Service (DaaS) Access Lists Escalation Plans SOP s Company Directory Understand the capabilities and restrictions of each
Start by conducting a Business Impact Analysis Availability requirements, such as maximum allowable systems downtime, for an organization to form the basis for risk mitigation and recovery strategies, which drive a higher level of business resiliency.
A BIA assesses the risks of various types of threats to determine the potential direct and indirect impacts. These include: Financial Regulatory Operational Competitive Reputation
After completing the BIA, it should be clear which processes are most important to your business, thus which should be recovered first after a disaster. Restore Emergency Level of Service Restore Key Business Processes Restore to Business as Usual
Recovery Time Objective (RTO) How long after a disaster does a business process need to be operational, or what is the acceptable downtime? Recovery Point Objective (RPO) What point back in time would you like to recover to? 10 minutes? 1 hour? 1 day before the disaster? This is determined by how often you perform backups. Recovery Level Objective (RLO) Recovering from a disaster does not happen all at once. You should set different recovery times for each level of recovery. And possibly a different recovery point for various systems.
Do you have all the proper technologies in place to successfully recover? Is it possible to recover in a manner that t satisfies your objectives? There are a multitude of hardware, software, and services you can use to meet recovery objectives. Example: If your RPO is under 15 minutes, you must be performing backups every 15 minutes
Compare recovery goals with the DR technology you are currently utilizing. Using your goals as a baseline, look at each of your business processes, and analyze the feasibility of restarting the respective IT dependencies within the objective time. Don't just throw money at Disaster Recovery, does not need to be expensive
Daily onsite and remote backups Cloud based software (SaaS) S) Web Based email, CRM, ERP systems Redundant and replicated systems Virtualized networks, servers, and desktops Diverse network service providers Desktop as a Service Virtual employee access Remote office access
ble Afforda Sim mple Employees work Remotely Alternate t Site offices Employees recover data to personal devices Easily recover data and all system and user configurations on same or new hardware Employees workfrom own devices Employees work from where network is rebuilt Costly Compreh hensive Cloud Replication Hot Sites Easy and Instant Failover to identical machines and data Replicate backups at an alternate and remote work site Employee work from anywhere with internet access Personnel simply moves to new worksite and resumes work
Too Expensive Too Long
Create a recovery manual Include a well documented d response procedure for restoring mission i critical i systems as efficiently as possible. Define triggers to launch the disaster recovery process. Define the scope of your DR processes. Instructions for Recovery Document where resources will recover to Document which order to recover resources Document how to recover resources Document how to get users on new system Document how to reroute phone numbers
In the appendix of your DR plan you should include a repository of critical Systems information. Make, model, and specifications of all hardware Diagram of network List of applications used by each and license keys Location of backups for each machine Admin handles and passwords Database owners Warranty information Vendor information IP addresses VPN information Setting and Configurations Special Instructions
Do your employees know how to respond to a disaster? Develop a plan so each employee knows their responsibilities and where to go if a disaster occurs Develop a plan for each department to resume operations, starting with the most crucial Create a written plan that your employees can use to help them get back to work as fast as possible
Once you have constructed your DR plan you must distribute the plan among employees and start work with your DR team. Your DR plan will not be effective if nobody knows about it.
Test often (Every 6 months) Only through testing will you uncover everything that is missing from your plan Revise after testingti Part of your plan will become stale every time you test it, make sure all the information is up to date Record difficulties during testing so updates can be made
A Free DR Template Download your free DR Template today at: http://www.firstcomm. com/resources/whitepapers/
Thank you! David Godwin Sr Sales Engineer (312) 334-3297 ext. 339 dgodwin@firstcomm.com