Keep Data at a Distance Disaster Recovery for the "New Realities” Presented by: Damian Walch, CISA, CISSP, MBCI T-Systems, Inc. www.t-systemsus.com
“Internalization” “Although the hot site market is ‘inelastic’ there is a rapidly increasing availability of internal hot site solutions for certain types of customers depending on their size, their needs and the computer equipment that they use.” U.S. District Court Judge Ellen Huvelle, describing the hot site market during Sungard Data Systems’ bid to acquire Comdisco Availability Services
Alternate Site Strategies • Are companies really moving to internal strategies? • Does the internal strategy work? • Is there a specific industry that does it more than another? DRJ Survey May, 2002 – 2,204 respondents
Agenda • Reasons for the Trend • Considerations • Cost-Benefit Approach • Typical Pitfalls • Examples and Approaches
72 hours or MORE! How quickly can we recover our MOST critical systems? What are your recovery time objectives? 24 hours or LESS! Why Only 20% of G2000? Collaboration
Top 5 Reasons for Trend 5. Can’t Keep Up with Our Technology! 4. We’re Too Complex and Interdependent 3. You’re Going to Charge How Much for Technical Support and Floor Space? 2. No Control (all approaches have pitfalls) • First come, first serve • Guaranteed access
#1 Reason for Internal Recovery Time Objectives are shrinking… …and there is enabling technology that assists us in achieving recovery times!
Types of Technology Solutions • Enterprise Storage Solutions • SRDF • GDPS, XRC, PPRC • HXRC • Remote Journaling • Standby Operating System • Standby Database • DatabaseShadowing • Replication Location 2 SBOS Oracle Standby Data Base Oracle Log Apply Location 1 SAP R/3 Oracle DBMS SRDF Links - T1 capacity Synchronous Mode Enabled Symmetrix BCV’s Symmetrix
#1 Reason Nobody Thinks Of • Companies won’t declare disasters for almost 100% of the most common causes of interruptions! • They’re ONLY used for natural disaster and catastrophic events!
Considerations Business continuity strategies MUST address all aspects of IT infrastructure, from basic asset protection and replacement to ensuring application continuity for internal operations and third parties. Process/Application continuation: external Continuity Process/Application: internal Operational recovery Recovery Infrastructure and data protection Asset protection and replacements Protection
Considerations Hot Site Solutions DO have a place, but DO NOT apply them to the wrong business problem (e.g. recovery objective). Process/Application continuation: external Load-Balancing Fail-Over Replication Mirroring Process/Application: internal Operational recovery HOT SITE SOLUTIONS Infrastructure and data protection Asset protection and replacements
Considerations • Determine what recovery of full compliment would cost with a commercial hot-site provider. • Do they have all the equipment in one spot? • What is the most important thing for commercial hot site providers? • People • Test Time - Do you ever get it when you want it? • Floor Space, how much does it cost?
Hosted by Does your company recover “internally” or are you considering an internal recovery strategy? • Yes • No Cross-Tab Label 0/0
When is Internal Obvious? • Do you have two or more data centers? • Are they within 300 miles of each other? • Do you have space available (growth projections)? • Do at least two of your applications require recovery in less than 12 hours? • Do you have a robust wide-area network? • Do you have significant excess capacity for testing and development of applications?
How Close is TOO Close? • Different power grid • Network and carrier diversity • Can you get your staff there? DRJ Survey January, 2002 – 874 respondents
Positives and Negatives Obvious plus and minus to a vendor solution. Positives Negatives Dedicated Shared No Pre-Determined Exit ~ 6 week recovery Easier to Test Scheduling Tests Internal Resources Contact, Follow-Up
Compare the Costs Dedicated Solution Hot-Site Solution
Must pay for perceived “low-value” items like cabinets and floor space. Extra test-time costs money and is difficult to schedule. Acquired new technology and reallocated servers (from test & development). Having more flexibility for testing SHOULD increase the ease and # of tests. Increase in network is required. Work area Recovery is still required; however, other offices could be leveraged. Compare the Costs Hot-Site Solution Dedicated Solution
Typical Pitfalls • All or nothing analysis • Don’t consider evolving the solution • Forget about the business functions • Change management • No Testing • Using it forProduction/LoadBalancing
Network Typical Pitfalls • Don’t include all components of information flow • Login and authentication • Application servers • “Bolt-on” servers • You MUST do the marketing! Application Server Database Server Firewall Web Servers BUSINESS TECHNOLOGY
Debunking Myths • Pulling attention away from “core competencies”. • Why would you want to create “business continuity experts”? • Pace of change in IT – can’t refresh! • You need multiple copies of data.
Reasonable Potential Strategies Allow the strategies to evolve, it DOES NOT have to be all or nothing. Review criticality and then implement the appropriate solution! Mirroringcritical data DirectoryServices VaultingBackups eMailRecovery
Conclusion • It does make sense sometimes! • Don’t be emotional, but logical about decision. • People, procedures, data and network should be the same for either method. • Evolution – implement solutions slowly while still covered by hot site. • Use the resources available to you.