Beyond (or below) Cloud and Data Center Your Local IT Rooms Need You Martin Frevert Too DHL Express Europe
Agenda The Challenge The Approach Five Tasks Summary and Q&A
Agenda The Challenge The Approach Five Tasks Summary and Q&A
The Challenge (1/2) For more than 2.6 million customers One Promise More than 220 countries and territories served ~100,000 employees worldwide de 3 global hubs: Cincinnati, Hong Kong, Leipzig Additional ~4,000 facilities worldwide ~260 dedicated di d aircraft ~29,500 vehicles Connecting ~500 airports around the world Time Definite International Delivery IT needs to ensure smooth operation of the 24/7 business
The Challenge (2/2) Central global data centers but ~4,000 facilities with IT equipment critical for site operations From network equipment only to servers and specialized IT equipment for call centers or cross belt sorters One Global Customer Promise Local IT rooms protected properly following a global standard
Agenda The Challenge The Approach Five Tasks 1. Clarify, what you mean by IT Room Protection 2. Business Alignment I: Develop something that will be accepted 3. Business Alignment II: Develop something that can be used 4. Define a meaningful standard 5. Be smart about closing any gaps Summary and Q& A
IT Room Protection Overall Objective Achieve a common, reduced level of risk of an IT room outage which would lead to a business disruption or significantly impact a country business In Scope Out of Scope What Reduction of most common risk Existing and new rooms Business continuity IT operational procedures Protection against other elemental dangers Where Every IT room in every location Enterprise data centers (follow Key: IT room is relevant for DHL higher, data center focused Express standards)
Limitations Risk of IT Room Outage Most common threats, e.g. Power Cooling Fire Intrusion Other threats * Without IT Room Protection Risk Reduction through IT Room Protection Most common threats Other threats With IT Room Protection None of the risk can be completely eliminated Residual risk to be addressed by Continuity Management * e.g. earth quakes
Recommendation 1 Manage expectations
Agenda The Challenge The Approach Five Tasks 1. Clarify, what you mean by IT Room Protection 2. Business Alignment I: Develop something that will be accepted 3. Business Alignment II: Develop something that can be used 4. Define a meaningful standard 5. Be smart about closing any gaps Summary and Q& A
Business Alignment I Customer Criticality determined from top to bottom Costs for IT Room Protection have to be justified ~4,000 sites = ~4,000 individual cases Need for rationalization Business alignment through classes IT room with different protection levels
Different Classes of IT Rooms Cost Protection IT Room Class Attribute A B C N Baseline: requirements by local authorities, health & safety regulations etc. Driver for protection need: criticality of IT room for the business Not a driver: size of room or number of servers Standby back-up diesel generator Dedicated Cooling System To be defined per attribute for each class Mandatory Strongly recommended Recommended Not needed
Recommendation 2 Introduce different classes of IT rooms for business alignment
Agenda The Challenge The Approach Five Tasks 1. Clarify, what you mean by IT Room Protection 2. Business Alignment I: Develop something that will be accepted 3. Business Alignment II: Develop something that can be used 4. Define a meaningful standard 5. Be smart about closing any gaps Summary and Q& A
Business Alignment II How to determine the different IT room classes and how to classify IT rooms? Simple, pragmatic approach Classification depending on criticality for the business but Business does not appreciate sophisticated, incomprehensible elaborations If you want to apply it globally, only a simple approach will succeed What it means What-if scenario: what, if the IT room is down? Limited scope of business impact analysis Proxy for business impact Complemented by key business impact scenarios Matrix for classification based on multipliers
Business Impact Analysis What, if IT room is down? Impact Economic loss from damaged or destroyed property Regulatory or contractual impact Reputation Economic loss from loss of function How to consider Impossible to standardize Impossible to standardize Impossible to standardize Using a proxy Do not try to determine exact business loss Use revenue that is supported by the IT room in "business-as-usual" (BAU) circumstances as proxy Known within IT function Very powerful and convincing: break down to revenue per day Not equal to revenue loss, but proxy only. Not sufficient to cover complexity of the business.
Impact Scenarios - Example 1 2 3 4 Business, but Business, but No business Business, but shipments low Customer possible at thigher h cost delayed Service quality Customer Visibility Business Impact Very high High Medium None Disruptive Very high High Medium No business possible without the IT room on one or more sites Business still possible without t the IT room Service commitment/ product promise cannot be kept Business still possible without t the IT room Customer Service not able to meet KPIs due to outage of IT room Business still possible without t the IT room Business can only be run at extra costs
Classification Thresholds Classification Matrix Define Thresholds Step 1: Baseline Step 2: Multipliers IT 1 2 3 4 Room Class IT Room Class A B C N What are the revenue thresholds for each combination? 1 x 1.0 Threshold [Revenue] A > 100 B >40 C > 10 N N/A 2 3 4 x 1.5 x 2.0 x 3.0 >40 x 2.0 >80 Use scenario 1 Use multipliers to increase (business disruption) thresholds to reflect lower as baseline due to business impact maximum business more revenue needed to impact justify a certain class
IT Room Classification Step Principle Example 1 Select room Analyze ay eevery eyit room individually Tampa, Florida 2 3 Determine "businessas-usual" (BAU) Use BAU revenue as proxy revenue Determine business impact scenarios Most critical business impact scenarios x EUR p.a. or y EUR per business day Scenario 2: Business possible, but shipments delayed 4 Look up class in matrix 2 BAU revenue Business Impact Scenario Manage classification 1 2 3 4 matrix ti > 100 A 3 IT Room Class > 40 4 B > 10 C D N
Recommendation 3 + 4 3. Define a simple approach for IT room classification 4. Use a tailored, but simple approach to 4. Use a tailored, but simple approach to determine IT room classes for your business
Agenda The Challenge The Approach Five Tasks 1. Clarify, what you mean by IT Room Protection 2. Business Alignment I: Develop something that will be accepted 3. Business Alignment II: Develop something that can be used 4. Define a meaningful standard 5. Be smart about closing any gaps Summary and Q& A
Protection Level per Class Precise specifications Enabling assessment IT Room Class Attribute A B C N Attribute 1 Mandatory Mandatory Strongly Recomme nded Attribute 2 Mandatory Strongly Recomme nded Recomme nded Recomme nded Not needed Expensive attributes managed by class Increasing requirement for higher classes Redundancy levels managed by class Increasing requirement for higher classes Not only equipment, but also responsibilities and procedures
Content of the Standard General Physical Fire HVAC Power Network Security Protection Supply Governance Risk Assessment Other Equipment Policies & Procedures Service & Maintenance Equipment Policies & Procedures Service & Maintenance Equipment Policies & Procedures Service & Maintenance Equipment Policies & Procedures Service & Maintenance General LAN WAN
Recommendation 5 Define the standard precisely and with meaningful differences between the classes
Agenda The Challenge The Approach Five Tasks 1. Clarify, what you mean by IT Room Protection 2. Business Alignment I: Develop something that will be accepted 3. Business Alignment II: Develop something that can be used 4. Define a meaningful standard 5. Be smart about closing any gaps Summary and Q& A
Gap Closure As-Is (no DHL example!) Standard Gap Gap Closure Obvious solution: lift to meet the standard. But: Smartest solution needs to be determined individually!
Generic Gap Closure Improve IT room protection Move to highly protected data center Make IT capabilities recoverable Design resilient IT capabilities i high high high high Impact I I I IT capability overall For an individual component of the IT capability low low high Likelihood Achievable short- /mid-term, but good investment in long-term? low low high L Achievable short- /mid-term Best for critical services, but restrictions to be considered low low high L Reducing impact through quick recovery Achievable midterm, but requiring significant investment low low high L Outage of 1 component doesn't impact the IT capability as a whole making it less likely to fail
Recommendation 6 Think out of the box improving the protection of an individual IT room might not be the smartest solution
Agenda The Challenge The Approach Five Tasks Summary and Q& A
Recommendations Summary 1. Manage expectations 2. Introduce different classes of IT rooms for business alignment 3. Define a simple approach for IT room classification 4. Use a tailored, but simple approach to determine IT room classes for your business 5. Define the standard precisely and with meaningful differences between the classes 6. Think out of the box improving the protection of an individual IT room might not be the smartest solution
Q & A Your questions, please!