Business Continuity and

Disaster Recovery Notes

Alan McSweeney
Objectives

• Toprovide outline options for implementing business

continuity and disaster recovery
• To outline possible solution architectures
• Todemonstrate experience and competence in business
continuity
• To identify possible next steps

November 26, 2009 2

Agenda

• Understanding of Requirements
• Business Continuity and Disaster Recovery Information
• Business
Continuity and Disaster Recovery Options and
Technologies
• ServerVirtualisation and Business Continuity and
Disaster Recovery
• Implementation Notes

November 26, 2009 3

Overall Solution Requirements
• Resilience
− Reliable underlying hardware and software components
• Scalable
− Infrastructure that can grow to meet future requirements without significant
engineering
• Business Continuity and Disaster Recovery
− Solution that provides disaster recovery and business continuity
• Manageable
− Solution that is easily manageable
• Secure
• Return on Investment
• Simplicity
− Few components and vendors to reduce complexity and risk
• Risk
− Solution must incorporate proven technologies
November 26, 2009 4
Protecting the Business

November 26, 2009 5

Round Up the Usual Statistics

• 80% of businesses have no plan

− “It won’t happen to me”
• 68% of businesses who experience a disaster and don’t
have a plan go out of business within 2 years
• One in five organisations will suffer a major IT disaster
in five years
•A company experiencing a computer outage lasting
longer than 10 days will never fully recover

November 26, 2009 6

Round Up the Usual Statistics

• The loss of IT capacity and telecommunications is seen as the

worst disruption scenarios for organisations
− 48% of managers surveyed admit that their businesses have experienced
one or more interruptions within the past year
− 57% of business disasters are IT-related
• About half of small and medium-sized firms now do perform
some sort of data backup, but not always adequately
− Large numbers of businesses would be unable to recover business data
after a server crash or disaster
• It takes 19 days and costs in excess of €14,000 to re-enter just 20
MB worth of sales and marketing data
− Retrieving accounting records is even worse; they require over 21 days of
work and cost over €15,700 to re-type
• 93% of businesses say that data storage is an extremely important
part of their organisation but only 20% of those surveyed said
that there was a high level of understanding of storage and
storage issues within their companies
November 26, 2009 7
Reasons for Data Loss

Human Error
30% Hardware
Failure
42%

Hardware
Destruction
3%
Software
Corruption Theft
13% PC Viruses 5%
7%

November 26, 2009 8

US Cost of Downtime Survey

• 46%said each hour of downtime would cost their

companies up to $50k
• 28%said each hour would cost between $51K and
$250K
• 18% said each hour would cost between $251K and $1
million
• 8%said it would cost their companies more than
$1million per hour

November 26, 2009 9

Survival Risk

• At what point is the survival of your company at risk?

− 40% said 72 hours
− 21% said 48 hours
− 15% said 24 hours
− 8% said 8 hours 9% said 4 hours
− 3% said 1 hour
− 4% said within the hour

November 26, 2009 10

Affects of Outage

• Lost revenue and business interruption

• Possible litigation
• Lost competitiveness and lost business
• Loss of company reputation
• Financial cost

November 26, 2009 11

Specific Business Continuity and Disaster Recovery Requirements

• RTO — Recovery Time Objective

− How quickly should critical services be restored
• RPO — Recovery Point Objective
− From what point before system loss should data be available
• How much data loss can be accommodated
RPO (Recovery Point RTO (Recovery Time
Objective) – Time Since Last Objective) – Time to Recover
Good Backup
System Loss/Failure

Last System Backup/Copy System Restored

Overall Recovery Time – From Last Backup to System

November 26, 2009
Recovery 12
Components of Effective Business Continuity and Disaster
Recovery

Operational Business
Disaster Continuity and
Recovery Disaster
And Business Recovery
Continuity Facility
Plan

Business Primary
Continuity and Infrastructure
Disaster Designed for
Recovery Resilience and
Processes And Recoverability
Procedures

November 26, 2009 13

Components of Effective Business Continuity and Disaster
Recovery

• An operational Business Continuity/Disaster Recovery

facility consists of four key components:
1. Facilities and Infrastructure — the underlying IT infrastructure
and data must be structured to be resilient and recoverable
2. Processes and Procedures — Business Continuity/Disaster
Recovery must be incorporated into standard processes and
procedures
3. Operational Business Continuity/Disaster Recovery Plan —
there must be an operational and tested plan to recover
4. Business Continuity and Disaster Recovery Facility — there
should be a facility from which the recovered systems can
run

November 26, 2009 14

Stages for Implementing Business Continuity and Disaster
Recovery

Business
Continuity and
Disaster
Recovery

Resilience
and Fault
Tolerance

Data
Backup and
Recovery

November 26, 2009 15

Possible Core Architecture (Virtualised)

1. Core server infrastructure

virtualised for resilience
and fault tolerance
2. Centralised server
management and backup
3. SAN for primary data
storage
4. Backup to disk for speed
5. Tape backup
6. Two-way data
replication

November 26, 2009 16

Resilience

• Virtual infrastructure
in HA (High
Availability) Cluster
• Fault tolerant primary
infrastructure
• Failing virtual servers
automatically restarted
• Dynamic reallocation
of resources
• Reduces need to
invoke business
continuity plan

November 26, 2009 17

Business Continuity and Disaster Recovery

• Failing servers can

be recovered on
other site
• Virtualised
infrastructure will
allow critical servers
to run without the
need for physical
servers
• Virtualisation makes
recovery easier —
removes any
hardware
dependencies
November 26, 2009 18
Business Continuity and Disaster Recovery Considerations

• Understand what you are protecting against

− Hardware failure or damage
− Application and data corruption
− Site failure or denial of access
− Fires, chemical spillages, sickness/epidemic
• Define level(s) of service to be provided
• Define recovery method(s)
• Understand system and application landscape
• Understand business requirements and align information
technology infrastructure to meet them
• Define cost and benefits of implementing levels of resilience and
recoverability

November 26, 2009 19

Sample Highly Resilient Infrastructure

November 26, 2009 20

Data Replication Options

• Option 1 — Direct server replication

− Each server replicates to a backup server in the other site
• Option 2 — Consolidated virtual server backup and
replication of server images for recovery
− Copies of virtual servers replicated to other site for recovery
• Option 3 — Data replication
− Replication of SAN data to other site
• Option 4 — Backup data replication
− Replication of backup data to other site
• Each option has advantages and disadvantages

November 26, 2009 21

WAN Optimised Accelerated Offsite Backup and Replication for
Business Continuity and Disaster Recovery

Tape Tape Storage Filers

Backup Backup

WAN

SECONDARY DATA PRIMARY DATA

CENTRE CENTRE
File
Servers Mail Filers Mail
Servers File Web Servers
Servers Servers
Transparent WAN
Optimisation Unit

• LAN-like performance of file sharing from anywhere

• Cut backup times by 75% or more
• Use 90% less WAN bandwidth in the process
• Allows use of lower speed links to saving ongoing costs — for
example, 2 Mbps becomes 20 Mbps at least
November 26, 2009 22
Server Virtualisation and Disaster Recovery

• Server virtualisation assists recovery from disaster

− Enables easier testing
− Enables successful recovery
− Simplifies recovery
− Reduces costs of recovery infrastructure
− Enables business continuity
• Changing disaster recovery requirements
− Higher standards are required
− More reliability is expected
− Faster pace of business generates more critical change
− Intense competitive environment requires high service levels

November 26, 2009 23

Virtualised Solution RPO and RTO

• Low RTO and RPO for immediate recovery

• Solution
can grow to support additional servers easily
and quickly
Systems Available
Immediately

RTO
2
RPO

3 1
Last System System Loss
Replica
November 26, 2009 24
Business Continuity and Disaster Recovery Implementation
Approach

• Approach to implementing effective Business Continuity

consists of two phases:
1. Solution Design — your Business Continuity/Disaster Recovery
requirements are identified and documented and a solution and an
implementation plan are developed
2. Solution Implementation — the previously defined and agreed solution is
implemented
Solution Design Solution Implementation

Business
Solution
Requirements Implementation
Project Risk Design Solution
and Plan Testing
Initiation Assessment and Implementation
Impact Roadmap
Documentation
Analysis

November 26, 2009 25

Maintaining Business Continuity and Disaster Recovery

• Once implemented, effective

ICT business continuity must Exercise,
Test and ICT
be regarded as a continuous Maintain
ICT
Business
Continuity
process Business
Continuity
Project

Plan
• While this imposes an
overhead it ensures that
business continuity Embed ICT
Understand
the Critical
implementation will continue Business
Continuity
Systems and
Applications
to meet the requirements of into ICT

the business and meet audit

compliance requirements
• Good solution design will Develop
ICT
Develop
Strategy
minimise maintenance effort Business
Continuity
for ICT
Business
as continuity is embedded Plans and
Processes
Continuity

November 26, 2009 26

View of Business Continuity and Disaster Recovery

• Vendor independence
• Aware of all solution options
• Aware of enabling technologies
− Server virtualisation
− Hardware and software replication
− WAN optimisation
• Can design the best and most cost-effective possible
solution Suits the needs of the organisation rather than
the vendor
− Assist in vendor selection and negotiation
• Focus on entire solution
November 26, 2009 27
Structured Approach to Business Continuity and Disaster Recovery Analysis and
Design

ICT
Business Continuity
Planning

Phase 5 — Draft and

Phase 1 — Project Phase 2 — ICT Phase 3 —ICT Phase 4 —
Final Report
Initialisation and Infrastructure and Business Continuity Information
Production and
Mobilisation Application Analysis Options Consolidation
Presentation

Analyse and Define and

Consolidate Analysis
Document ICT Document ICT Draft Report
Agree Project Scope and Design
Infrastructure and Recovery Presentation
Information
Applications Requirements

Collect Server and

Define Business
Application Define and
Agree Project Continuity Final Report
Inventory and Document Recovery
Timescales Operations and Presentation
Resource Usage Scenarios
Architectures
Information

Produce Financial
Business Critical Document Business
Agree Project Analysis and
Application Owner Continuity Handover
Deliverables Implementation
Meetings Operation
Plans for Options

Agree Business Define Application

Owner Meeting Recovery
Schedule Requirements

Define Detailed
Agree Project
Business Critical
Communication
Recovery Processes

November 26, 2009 28

Structured Approach to Business Continuity and Disaster Recovery Analysis and
Design

• Structured approach
− Phase 1 — Project Initialisation and Mobilisation
− Phase 2 — ICT Infrastructure and Application Analysis
− Phase 3 — ICT Business Continuity Options
− Phase 4 — Information Consolidation
− Phase 5 — Draft and Final Report Production and Presentation
• Focus is to develop a practical, realistic and cost-
effective business continuity plan and to identify pre-
requisite and associated work in order to make business
continuity more effective
• Detailed workplan that will address all areas
November 26, 2009 29
What Can be Done

• Identify,define and document business continuity and

disaster recovery requirements
• Design business continuity and disaster recovery
solution options
• Select
the most appropriate solution, technologies and
vendors
• Assist with development business continuity plan
• Assist with and manage implementation
• Define total business continuity solution encompassing
offerings from various vendors
November 26, 2009 30
Benefits of Structured Approach

• Practical and results-focussed approach

• Detailed
knowledge of business continuity
implementation
• Knowledge and experience of relevant technologies
• Complete set of relevant skilled personnel in the area
required
• Vendorindependence and knowledge of likely products
and vendors

November 26, 2009 31

More Information

Alan McSweeney
alan@alanmcsweeney.com

November 26, 2009 32