Cloud Computing and Disaster Recovery

April 22-‡6KHUDWRQ6DQ'LHJR+RWHO 0DULQD

Cloud Computing

and Disaster

Recovery

April 2013

April 22-‡6KHUDWRQ6DQ'LHJR+RWHO 0DULQD

1

Understanding the Cloud Environment

Internet-based data access & exchange

Internet-based access to low cost computing & applications

+

Cloud Environment

=

On-Demand

Self-Service Accessibility Internet Resources Pooled Capacity Elastic

Usage-Based Billing

Cloud Environment

Characteristics:

Cloud Service Models

Software as a Service Business operations over a network Google Docs, Salesforce.com Platform as a Service Deploy customer-created applications to a cloud MS Azure, Amazon Web Services Infrastructure as a Service Rent storage, processing, network and other computing resources Mozy, Rackspace

Cloud Deployment Models

Private Operated for a single organization

Public Available to the general public or large industry group, owned by an organization selling cloud services

Community Shared by several organizations, supporting _{a specific community}

³6DD6´ ³3DD6´ ³,DD6´ April 22-‡6KHUDWRQ6DQ'LHJR+RWHO 0DULQD Infrastructure as a Service Software as a Service Platform as a Service

Less End User Management Less End User Management

Description

Provider applications are accessible through a thin client interface such as a web browser

Provider manages/controls the infrastructure including network, servers, operating systems, storage, or individual application capabilities

E.g., Google Apps, MS Office Live, Netsuite, Salesforce

Provider offers quick deployment of computing resources such as processing, storage, and network

Developers can write applications that run on the cloud

E.g., Amazon.com, Rackspace, Terremark, IBM

Enables customer to deploy onto the cloud infrastructure consumer-created or acquired applications created using programming languages/tools supported by the provider. Consumer does not manage/control cloud infrastructure but has control over deployed applications and possibly application hosting.

E.g., Windows Azure, Force.com, Google App Engine More End User

Control

More End User Control

Understanding the Cloud Service Models

April 22-‡6KHUDWRQ6DQ'LHJR+RWHO 0DULQD

3ULYDWH&ORXG$³FORVHG´HQYLURQPHQWIRUDVLQJOHRUJDQL]DWLRQKRVWHGLQWHUQDOO\RUE\ a third party and can be both on or off premise

Allows an organization to act like a cloud provider internally Provides organization the flexibility to rapidly scale internal IT resources Provides organization with full control over data

Often requires high initial investment but helps reduce long term costs

Public Cloud: Infrastructure is owned by a cloud services provider, which makes it available to the general public or a large industry group

Uses pay-as-you-go, utility pricing Provides high agility and speed-to-market Changes financial model from CAPEX to OPEX Offers less customer control over data and service levels

Provides the opportunity to leverage the leading practices of an industry vertical or functional area

Community Cloud: Infrastructure is shared by several organizations with common

interests²offering potentially the greatest transformational value of any of the Cloud deployment models.

Often defined by industry, supply chains, or geography, supporting the emergence of new business models and working relationships

May be managed by the community or a third party; May exist on or off premise

April 22-‡6KHUDWRQ6DQ'LHJR+RWHO 0DULQD

4

Choosing the appropriate Cloud delivery model begins with developing an overall vision of where and how the new models will be applied. This important step will enable IT leaders to drive the adoption of Cloud throughout the enterprise and prime the organization for success.

SaaS PaaS IaaS Private Public

Target State

Current State

Technical Criteria Financial Criteria Business Criteria Organization Criteria E-Mail CRM BI Data Archiving Service Mgmt Compute Production Infrastructure Security & Regulatory Criteria Service Criteria

Planning for the Adoption of Cloud Delivery Models

Step #1 ± Where to apply Cloud Delivery Models

April 22-‡6KHUDWRQ6DQ'LHJR+RWHO 0DULQD

5

Private, Public, and Hybrid delivery models have different impacts and challenges for Enterprise IT organizations. A Readiness Assessment will prepare an organization to understand these challenges.

Cloud Readiness Assessment

33222200133112112

Process Goals & Objectives 14%30%50%0%0%0%0%0%0%0%30%50%0%0%0%0%0%30% Roles & Responsibilities 14%0%20%0%0%0%0%0%0%0%0%20%0%0%0%0%0%0% Activites 14%0%0%0%0%0%0%0%0%0%0%0%0%0%0%0%0%0% Key Collateral 14%0%20%0%0%0%0%0%0%0%0%20%0%0%0%0%0%0% KPIs / Metrics 14%50%50%0%0%0%0%0%0%0%50%50%0%0%0%0%0%50% Controls 14%0%30%0%0%0%0%0%0%0%0%30%0%0%0%0%0%0% Continual Process Improvement14%0%0%0%0%0%0%0%0%0%0%0%0%0%0%0%0%0%

5%10%0%0%0%0%0%0%0%5%10%0%0%0%0%0%5%

Future State Logical Tools Architecture25%40%30%0%0%0%0%0%0%0%40%30%0%0%0%0%0%40% Tool Functionality 25%20%40%0%0%0%0%0%0%0%20%40%0%0%0%0%0%20% Tool Requirements 25%30%10%0%0%0%0%0%0%0%30%10%0%0%0%0%0%30% Current State of Tools Implementation25%20%30%0%0%0%0%0%0%0%20%30%0%0%0%0%0%20%

3%3%0%0%0%0%0%0%0%3%3%0%0%0%0%0%3%

Management Intent 9%30%0%0%0%0%0%0%0%0%30%0%0%0%0%0%30%0% Management Commitment 9%40%70%0%0%0%0%0%0%0%40%70%0%0%0%0%40%70% Policy Definition 9%0%50%0%0%0%0%0%0%0%0%50%0%0%0%0%0%50% Policy Integration & Adoption 9%60%30%0%0%0%0%0%0%0%60%30%0%0%0%0%60%30% Process Ownership 9%0%0%0%0%0%0%0%0%0%0%0%0%0%0%0%0%0% Scope 9%0%50%0%0%0%0%0%0%0%0%50%0%0%0%0%0%50% Capability to Engineer ITSM Solution9%30%60%0%0%0%0%0%0%0%30%60%0%0%0%0%30%60% ITSM Engineering Resource Availability9%30%10%0%0%0%0%0%0%0%30%10%0%0%0%0%30%10% Adoption 9%10%60%0%0%0%0%0%0%0%10%60%0%0%0%0%10%60% Project Management capabilities 9%40%0%0%0%0%0%0%0%0%40%0%0%0%0%0%40%0%

Technol ogy10% Dimension Score O rgani zat ion 40% Process 40% Dimension Score Evalua tion Suppl ie r M ana gem ent Tran si tion Plan nin g & Suppo rt Change M anageme nt SACMRe lease & D eploy M ana gement Serv ice V alidation & Testin g Service L evel M anagem ent Servic e C atalog M ana ge ment Capa city M ana ge ment Availabilit y M anagem ent ITSCM Info rm ation S ecurity M anage m ent C apabilit y D im ens ions D im ens ional W eight Capability Analysis Elements Elem ent W eight IT Management Capabilities Servic e S tra tegy G eneration Servic e P ortfolio M ana ge ment IT Fi na nc ial M ana ge ment Demand M ana gem ent

Planning for the Adoption of Cloud Delivery Models

Step #2 ± Enterprise Readiness for Cloud Adoption

April 22-‡6KHUDWRQ6DQ'LHJR+RWHO 0DULQD

Enterprise IT organizations that have successfully adopted Cloud delivery models have transformed their IT operating models to focus on integrating their internal and external IT services. This transformation should be holistic, taking into account the required process, organization, and technology elements as well as related risks, services, and financial aspects.

Process ‡ Service provider processes ‡ Service integrator processes Organization ‡ Governance ‡ Organization change management ‡ Role of IT Technology ‡ Technology standards and roadmap ‡ Integration and interoperability ‡ Management tools Risk ‡ Cloud Risks ‡ Mitigation strategy and controls framework Services ‡ Service Definition ‡ Business Services Management Finance ‡ IT Funding Model and chargeback allocation 6HUYLFH3URYLGHU« «6HUYLFH,QWHJUDWRU IIT T GGoovveerrnnaannccee

IT Service Life Cycle

Application & Infrastructure

IITT OOppeerraattiioonnss IIT T SSeerrvviicceess

SSuuppppoorrtt IITT BBuussiinneessss

M Maannaaggeemmeenntt

IITT SSeerrvviicceess DDeelliivveerryy

Strategy Design Implement Operate

SSttrraatteeggiicc IITTSSMMPPllaannnniinngg IITT FFiinnaanncciiaall MMaannaaggeemmeenntt SSMM KKnnoowwlleeddggee MMaannaaggeemmeenntt IITT AAsssseett MMaannaaggeemmeenntt

SSeerrvviiccee VVaalliiddaattiioonn&& TTeessttiinngg CCh haannggee MMaannaaggeemmeenntt RRe elleeaassee && DDeeppllooyyMMaannaaggeemmeenntt CCoonnffiigguurraattiioonn && IInnvv MMaannaaggeemmeenntt

IITT SSeerrvviiccee QQuuaalliittyMMaannaaggeemmeenntty AAcccceessss MMaannaaggeemmeenntt RReeqquueesstt MMaannaaggeemmeenntt IInncciiddeenntt MMaannaaggeemmeenntt SSuupppplliieerr && VVeennddoorr MMaannaaggeemmeenntt

IT Assets Applications & DatabasesMiddlewareDesktopsMainframesServers &NetworksStorage

Plan Build Run

IT ControlsIT ServicesIT PeopleIT Collateral

SSeeccuurriittyy MMaannaaggeemmeenntt

SSeerrvviiccee LLeevveell MMaannaaggeemmeenntt SSeerrvviiccee CCaattaallooggMMaannaaggeemmeenntt CCaappaacciittyy MMaannaaggeemmeenntt IITT CCoonnttiinnuuiittyy MMaannaaggeemmeenntt AAvvaaiillaabbiilliittyy

MMaannaaggeemmeenntt PPrroobblleemm MMaannaaggeemmeenntt EEvveenntt && PPeerrff MMaannaaggeemmeenntt IITT OOppeerraattiioonnss MMaannaaggeemmeenntt DDeemmaanndd MMaannaaggeemmeenntt SSeerrvviiccee PPoorrttffoolliiooMMaannaaggeemmeenntt DDiissaasstteerr RReeccoovveerryyPPllaann && TTeessttiinngg BBuussiinneessss IImmppaaccttMMaannaaggeemmeenntt IITT SSttrraatteeggiicc PPllaann MMaannaaggeemmeenntt

IITT PPrroogg && PPrroojjeecctt MMaannaaggeemmeenntt IITT PPoorrttffoolliioo MMaannaaggmmeenntt IITT RReessoouurrccee MMaannaaggeemmeenntt PPrroocceessss CCoommpplliiaannccee MMggmmtt SSttaannddaarrddss CCo ommpplliiaannccee MMggmmtt Facilities SD & NOC

OPERATING MODEL TRANSFORMATION IT (Service Integrator)

Business

IT Org (Service Provider for Retained Services)

Rackspace Google

Amazon Web Services

Governance

Service Owner Business

Liaison

Vendor Manager

IT Finance Manager

Planning for the Adoption of Cloud Delivery Models

Step #3 ± Transformation to an IT Service Integrator Operating Model

April 22-‡6KHUDWRQ6DQ'LHJR+RWHO 0DULQD

Cloud for Disaster

Recovery

April 22-‡6KHUDWRQ6DQ'LHJR+RWHO 0DULQD

8

Cloud for Disaster Recovery (DR) continues to be a discussion for many of our clients. Cloud-based recovery services offer a way to achieve the recovery capabilities of advanced DR services at a more affordable, subscription-based price. There are concerns over security of the cloud but over time it will be a key component of disaster recovery program. The use of data replication technology continues to increase and Recovery Point Objectives (RPO) continue to lessen as end users tolerance for data loss diminishes

Companies are reevaluating their DR plans for the virtual and cloud environments to address recovery complexity of applications and data spanning multiple architectures

Banks are starting to use cloud computing services to manage disaster recovery Cloud services promise to save banks money and accelerate recovery time for smaller banks Only 3% of financial services companies in a recent Forester survey stated they had plans to implement cloud-based disaster recovery services in the next 12 months

Trends in Cloud BC-DR

April 22-‡6KHUDWRQ6DQ'LHJR+RWHO 0DULQD

9

Synchronous Replication Asynchronous Replication Backup as a Service Remote backup Backup to Tape Hot Site Warm Site Cold Site Seconds Minutes Hours Days Weeks $ $$ $$$ Recov ery Obj ectiv e Cost ‡ Bare Metal Restore ‡ Server virtualization or boot from SAN for rapid restart

‡ High Availability ‡ Clustering for

automatic failover

The graphic depicts the range of traditional IT-DR and Cloud based alternatives available laid out as a function of Recovery Objective and Cost.

Traditional IT DR is still the preferred option if you want to retain full control of your environment and looking for Synchronous or Asynchronous replication

Cloud DR service offerings are more geared towards filling the gaps between having a Hot Site or a Cold Site

Using Cloud as part of your DR strategy should be based on two factors ± Complexity of your IT and Recovery Objective

Remote backup Backup to Tape Warm Site Cold Site ‡ Bare Metal Restore Storage as a Service

Cloud based recovery

services

DR as a Service Application as a Service

,QWHJUDWLQJ&ORXGLQ2UJDQL]DWLRQ¶V'53ODQ

April 22-‡6KHUDWRQ6DQ'LHJR+RWHO 0DULQD

Moving services to the Cloud will have downstream affect to an organization's BIA process Reconstructing business process functions will be more complex as system interdependencies and data flow will change from traditional models

Business Impact Analysis Changes

April 22-‡6KHUDWRQ6DQ'LHJR+RWHO 0DULQD

Service Description Example Service Providers Storage-as-a Service Service provider provides storage in the cloud through

integration with the clients own backup or replication solution.

‡ Amazon S3 ‡ EMC Atmos

‡ Iron Mountain CloudRecovery ‡ Nirvanix

‡ Symantec Protection Network Backup-as-a Service Client data is backed up over the internet to the service

provider. The client endpoints may have the service providers agents or an appliance to facilitate backup.

‡ EMC Mozy Pro ‡ IBM BCRS

‡ Iron Mountain Connected ‡ Iron Mountain LiveVault ‡ i365

‡ SunGard Secure2Disk ‡ Symantec Protection Network DR-as-a-Service (virtual

recovery)

Client servers and data are backed up over the internet

via end point agents or appliances. ‡ CA Instant Recovery ‡ On Demand ‡ I365

‡ SunGard Virtual Server ‡ Replication Application

continuity-as-a-Service

Service providers supports the backup and recovery of

a specific application for the client, typically email ‡ Dell MessageOne ‡ Iron Mountain Total Email Management Suite

6RXUFH³+RZ7KH&ORXG:LOO7UDQVIRUP'LVDVWHU5HFRYHU\6HUYLFHV´- Forrester

April 22-‡6KHUDWRQ6DQ'LHJR+RWHO 0DULQD

12

Organization Size

Cloud Disaster Recovery Options

Storage as a Service Backup as a Service DR as a Service Application as Service

Large Off-site backup and archiving of data

End user desktops Departmental Share Drives

Remote office Application and File servers Physical or virtual recovery of critical applications running on x86 platforms Critical applications (Email, CRM, Payroll) which do not provide a competitive edge to the business

Medium Organization may decide based on need

End user desktops Departmental Share Drives

Remote office Application and File servers Physical or virtual recovery of critical applications running on x86 platforms Critical applications (Email, CRM, Payroll) which do not provide a competitive edge to the business

Small Organization may decide based on need

End user desktops Departmental Share Drives

Remote office Application and File servers Physical or virtual recovery of critical applications running on x86 platforms Critical applications (Email, CRM, Payroll) which do not provide a competitive edge to the business

Illustrative use cases of the Cloud Recovery Services options across organization sizes.

Cloud Recovery Services Options

April 22-‡6KHUDWRQ6DQ'LHJR+RWHO 0DULQD

13

Opportunity Description

Variety of Services Service providers offer many Cloud options that can be used by customers. These include: Storage-as-a-Service, Backup-as-a-Service, DR-as-a-Backup-as-a-Service, Application continuity-as-a-Service. Companies have the choice of selecting the right service driven by business needs.

Distributed deployment Cloud environments inherently provide distributed architecture. These deployment models lower the risk that services are impacted by a site disaster.

Lower RPO / RTO Cloud providers are able to provide lower the thresholds for RPO and RTO objectives through distributed architecture and data replication. Enhanced SLA management Cloud provider SLAs can be leveraged to enhance in-house SLAs.

For mission critical business processes, these can be a significant advantage in the event of a disaster.

Reduced Infrastructure Management

Maintaining duplicate infrastructure can be very costly. Cloud providers have the capacity to adjust resources as they are being consumed.

BCP / DR Cloud Considerations ± Opportunities

April 22-‡6KHUDWRQ6DQ'LHJR+RWHO 0DULQD

Challenge Description

Security Shared infrastructure and potential data leakage are frequently mentioned risks that can negatively impact business objectives. 3rd Party reliance Transitioning key application / processes to 3rd _{parties carries}

significant risks. A disaster that strikes Cloud providers can have significant downstream affect on clients.

Regulatory and Compliance Challenges with various compliance initiatives can arise from Cloud deployments. Data storage and privacy requirements can be challenging to address when data is moved to the Cloud. Application specific versus

process recovery

Transitioning parts of the business can allow for partial recovery; however, the recovery of all business process dependencies can be challenging to address.

Workforce management In the event of a disaster that impacts personnel, IT systems alone do not provide a means to continuity.

BCP / DR Cloud Considerations ±Challenges

April 22-‡6KHUDWRQ6DQ'LHJR+RWHO 0DULQD

‡

Reliance on 3

rd

_{SDUW\VHUYLFHVFDQLPSDFWDQRUJDQL]DWLRQ¶VEXVLQHVVLIWKH&ORXG}

providers experience outages

‡

Service Level Agreements with 3

rd

_{party reduce some of the risk ; however, an}

outage to a critical business function can impact the organization beyond the

outage period

‡

Continuity scenarios for a Cloud outage should be considered by service

consumers

‡

Depending on the criticality of the Cloud service, organizations should develop

Business Continuity plans in the event of a distribution of 3

rd

_{party services}

‡

Infrastructure factors should also be included as the communication between

applications and services will be different than traditional in-house deployments

April 22-‡6KHUDWRQ6DQ'LHJR+RWHO 0DULQD

16

‡

Reliance on 3

rd

_{SDUW\VHUYLFHVFDQLPSDFWDQRUJDQL]DWLRQ¶VEXVLQHVVLIWKH&ORXG}

providers experience outages

‡

Service Level Agreements with 3

rd

_{party reduce some of the risk ; however, an}

outage to a critical business function can impact the organization beyond the

outage period

‡

Continuity scenarios for a Cloud outage should be considered by service

consumers

‡

Depending on the criticality of the Cloud service, organizations should develop

Business Continuity plans in the event of a distribution of 3

rd

_{party services}

‡

Infrastructure factors should also be included as the communication between

applications and services will be different than traditional in-house deployments

Cloud Outage Considerations

April 22-‡6KHUDWRQ6DQ'LHJR+RWHO 0DULQD

17

Thank You!

Greg Bell

Principal

[email protected]