a Disaster Recovery Plan

(1)

(2)

Objectives

• Understand What Disaster Recovery is?

Understand What Disaster Recovery is?

• Why is Disaster Recovery Needed?

• Effectively assist customers or clients in

Effectively assist customers or clients in

identifying their goals and needs for a Disaster

Recovery Plan

y

• Became a trusted advisor related to this solution.

• Create an experience that makes the customer

C eate a e pe e ce t at

a es t e custo e

(3)

What is Business Continuity

• Business Continuity is

Business Continuity is

defined as the capability

of an organization to

continue delivery of

products and services at

acceptable predefined

levels following a

(4)

What is Disaster Recovery?

• Disaster recovery are the

y

processes that are used to restore

services after a significant

interruption (disaster) in

p

(

)

communications systems. Disaster

recovery processes usually occur

after events such as fires, floods, or

earthquakes. However, disaster

recovery may also occur after

critical equipment failures or

(5)

Disaster Recovery Plan

• Is a business plan that describes

p

how work can be quickly and

effectively resumed after a

disaster Disaster recovery is a

disaster. Disaster recovery is a

part of business continuity

planning. It applies to aspects of

the business that rely on IT

(6)

Di

(St

1 Di

(St

1 5)

5)

Discovery (Steps 1

Discovery (Steps 1--5)

5)

1. Build your team

Select the people who understand your system best to help create

a DR plan and execute when disaster strikes

2 Analyze what DR technology is already in place

2. Analyze what DR technology is already in place

You are probably already backing up, but what else?

3. Do a business impact analysis

What does downtime cost?

4. Prioritize operations

ID critical apps and data, what needs recovering first?

5. Set goals for recovery

(7)

Action Steps (6

Action Steps (6--10)

10)

6. Identify and fill gaps in technology

Are any of your goals impossible with your current infrastructure

Action Steps (6

Action Steps (6--10)

10)

Implement technology or processes to meet recovery goals

7. Design Recovery or Failover Environment

Alternate location facilities, hypervisor, bare-bones machines, etc

8. Create Recovery Manual and Disaster Response Protocol

Design the actual steps taken to recover downed systems Should employees BYOD? Use cell phones? Relax?

9. Document important information

Have at important information at the ready in your DR plan

10. Implement, Test, and Revisep

Distribute the plan and make sure everyone know their duties

(8)

• Spearheaded by an executive

– Leadership

– Decision makingDecision making

– Access to necessary resources

– Make sure project receives necessary attention • Designate a DR CoordinatorDesignate a DR Coordinator

– Intimate knowledge of IT system – Creates and updates DR plan – Leads recovery during disaster – Leads recovery during disaster

– Makes executive decisions during disaster • DR Team

– Employees from a variety of departments – Employees from a variety of departments – Help DR coordinator execute recovery

(9)

Stake Holders

C-Level

C Level

DR Coordinator

_manager

IT

DR Team

IT

Operations

Facilities

DR Team

(10)

• Analyze the DR technology that you currently have in place – Data backup? – Skeleton Servers? – Cloud Services? Virtualized Machines? – Virtualized Machines?

– Active/Active geographically diverse systems? – Uninterrupted Power Supply

– Software as a Service Applications (SaaS)Software as a Service Applications (SaaS) – Desktop as a Service (DaaS)

– Access Lists – Escalation Plans – SOP’s

– Company Directory

(11)

Start by conducting a Business Impact Analysis

y

g

p

y

Availability requirements, such as maximum allowable

systems downtime, for an organization to form the basis for

risk mitigation and recovery strategies, which drive a higher

level of business resiliency

.

(12)

A BIA assesses the risks of various types of threats to determine the potential direct and indirect impacts. These include:

(13)

After completing the BIA, it should be clear which

processes are most important to your business, thus which

should be recovered first after a disaster.

(14)

• Recovery Time Objective (RTO)

– How long after a disaster does a business process need to be operational, or what is the acceptable downtime?

• Recovery Point Objective (RPO)

y

j

(

)

– What point back in time would you like to recover to? 10 minutes? 1 hour? 1 day before the disaster? This is determined by how often you perform backups.

• Recovery Level Objective (RLO)

– Recovering from a disaster does not happen all at once. You should set different recovery times for each level of recovery. And possibly a

(15)

(16)

Do you have all the proper technologies in place to successfully recover?

I it ibl t i th t ti fi bj ti ?

Is it possible to recover in a manner that satisfies your objectives?

There are a multitude of hardware, software, and services you can use to meet recovery objectives.

Example:

If your RPO is under 15 minutes, you must be performing backups every 15 minutes

(17)

Compare recovery goals with the DR technology you are currently utilizing. Using your goals as a baseline, look at each of your business processes, and

analyze

the feasibility of restarting the respective IT dependencies within the objective the feasibility of restarting the respective IT dependencies within the objective

time.

(18)

• Daily onsite and remote backups

Cl d b d ft (S S)

• Cloud based software (SaaS)

– Web Based email, CRM , ERP systems • Redundant and replicated systems

Vi t li d t k d d kt

• Virtualized networks, servers, and desktops • Diverse network service providers

• Desktop as a Service Vi t l l

(19)

Employees

work

Employees

work

Employees recover d l Employees work from

m

ple

ble

_work

Remotely

work

Remotely

data to personal devices Employees work from own devices

Alt

t

Alt

t

Easily recover data

Si

m

Af

fo

rd

a

Alternate

Site offices

Alternate

Site offices

and all system and user configurations on same or new hardware Employees work from where network is rebuilt

Cloud

Replication

Cloud

Replication

Easy and Instant Failover to identical machines and data Employee work from anywhere with internet access

h

ensiv

e

Hot Sites

(20)

Too Expensive

(21)

(22)

Create a recovery manual

I l d ll d d d f i i i i i l

• Include a well documented response procedure for restoring mission critical systems as efficiently as possible.

• Define triggers to launch the disaster recovery process. Define the scope of your DR processes

• Define the scope of your DR processes.

Instructions for Recovery

D t h ill t

• Document where resources will recover to • Document which order to recover resources • Document how to recover resources

D t h t t t

(23)

In the appendix of your DR plan you should include a repository of critical Systems information

Systems information.

• Make, model, and specifications of all hardware • Diagram of network

• List of applications used by each and license keys • Location of backups for each machine

• Admin handles and passwords • Database ownersDatabase owners

• Warranty information • Vendor information • IP addresses

VPN i f ti • VPN information

(24)

• Do your employees know how to y p y respond to a disaster?

– Develop a plan so each employee knows their responsibilities and

h t if di t

where to go if a disaster occurs

– Develop a plan for each department to resume operations, starting with the most crucial

the most crucial

– Create a written plan that your

(25)

Once you have constructed your DR plan you must distribute the plan

among employees and start work with your DR team.

(26)

• Test often (Every 6 months)

• Only through testing will you uncover everything that is missing from your plan

R i ft t ti • Revise after testing

• Part of your plan will become stale every time you test it, make sure all the information is up to date

(27)

A Free DR Template

(28)