Disaster Recovery

1
Qwest CommunicationsCorporation

• Disaster Recovery
• and COOP
• Best Practices

Laurel Burton Sr. Product Manager Disaster
Recovery
09/2005
2
Qwest Business Protection Services Common IT
Concerns
Source Gartner Research 2002 Survey

• Disaster Recovery (DR) is Risk Management
• Data corruption
• Loss of data processing resource
• Loss of access to the processing resource
• Loss of people to operate the resource

3
Evolution of the DR Model (mid 1990s)
Employees go to the office
Connected to the server through LAN
If disaster strikes???
Take everything and run
To the companys DR facility

• But companies found
• a. Unreasonable to build and maintain a
  separate standby facility just for disaster
  recovery.
• b. Companies did not have a facility in
  second geographical area.
• As a result
• Companies sought vendors to provide disaster
  recovery infrastructure at a reasonable price.
• And disaster recovery vendors / services were
  born.

4
Evolution of the Shared Risk Model (mid 1990s)
Lessons learned from the disaster recovery
vendors a. Disaster recovery vendors did not
have enough infrastructure to accommodate all
customers at the same time.
b. Disaster recovery vendors started reselling
the same infrastructure to multiple customers
c. And introduced a Shared Risk Model.
5
Evolution of the DR Model (late 1990s)

• Trends in the late 1990s
• Users started to work from different locations
  remote access became more popular
• System integrators
• System consolidations
• Application service provider (ASP), Internet
  service provider (ISP) services more popular
• Role of WAN increased dramatically
• Application support often in (a) outsourced
  (MSPs) or (b) relocated overseas
• Customer Implications
• Customers underestimated the complexity and
  requirements of recoveries
• Network management is critical (WAN, remote
  access, remote management)
• 9-11 implications
• Ran out of floor space
• Ran out of equipment capital resources
  (finite)
• Difficulty physically accessing DR centers.
  Long waits for people resources (finite)
• Storage recoveries delayed or degraded
• Application restoration delayed or degraded
• Shared infrastructure could not accommodate
  complexity of environment

Yet the DR models remained the same
6
Recommendations

• 1. Build a solid contingency planning
  environment
• Communication between departments often
  overlooked
• The impact of one department on the other is not
  assessed
• There are interdependencies. Validate these!
• The risk management process should not be
  treated primarily as a technical function carried
  out by the IT experts but as an essential
  management function of the organization.
• NIST SP-800-30 Risk Management guide for
  Information Technology Systems

Finance
IT
Human Resources
7
Recommendations

• 2. Protect your environment
• Concentrate on WAN network recovery first and
  foremost
• WAN elements should be your 1 consideration and
  your vendors core competency
• Ensure vendor tests the network on a daily basis
• Ensure network diversity
• Focus on dedicated infrastructure for your DR
  site
• Reduced capital expenditure
• Less risk
• Ensure youre working with an end-to-end DR
  provider
• WAN network
• Infrastructure
• Applications
• Storage data replication tools, remote backup,
  managed storage

8
Recommendations

• 3. Determine criticality and impact of each
  business function
• If I lost this system what would happen?
• Identify and prioritize the recovery
• of systems that are most critical for
• your business function
• System and data criticality
• System and data sensitivity
• All participants must agree on scope
• Internal vs. external customers
• Corporate perceptions
• Performance metrics
• Loss of life, property, profitability,
  
  reputation, goodwill
• Based on the results, map each
• business function to a recovery strategy

Impact on business function / mission
9
Recommendations
4. Build IT System Recovery Models
1. Identify the appropriate recovery strategy
by business function. 2. Communicate recovery
strategy across multiple business units and with
owners 3. Communicate requirements to
application developers to be used in system
development life cycle. 4. Reduce risk by
ensuring the appropriate recovery strategy is
used for the downtime requirements.
10
Recommendations
5. Build an IT recovery strategy budget template

• 1. Qualify / disqualify recovery strategies
  based on costs (eliminates costly design
  architectures and work sessions for solutions
  that will not be deployed).
• Templates assist contingency planners evaluate
  the cost of vendor-proposed solutions and provide
  leverage during contract negotiations.

11
Business Protection ServicesProtect your
business in the six most critical areas
Business Continuity/Disaster Recovery (BC/DR)
consulting

• Building your plans
• Protecting your IT environment
• Protecting your data
• Protecting your network
• Protecting your phone systems
• and call centers
• Protecting your workplace

Restoration and recovery services, security
services
Data replication, archiving, utility storage
Qwest as your back-up network provider, network
diversity
VoIP, call routing, call center solutions
Mobile recovery units, remote access
12
Business Protection ServicesProduct Portfolio
Building Your Plans
13
Qwest CyberCenter Locations
Protecting Your IT Environment
Minneapolis, MN
Sunnyvale, CA
Sacramento, CA
Chicago, IL
Newark, NJ
Columbus, OH
Sterling, VA
Highlands Ranch, CO
Burbank, CA

• Qwest monitors and manages
• 80 unique
• Applications (Web, mail and enterprise)
• Databases
• Operating systems
• OS-related services

Tampa, FL
SAN Point-in-Time Copy Remote Copy Utility
Storage TAN Managed Tape Backup Remote Backup
Tape Archiving
14
Business Protection ServicesBPS Product Portfolio
Protecting Your IT Environment

• Restoration and Recovery Services
• Subscribe to Qwests Restoration and Recovery
  services.
• Safe, secure, hardened Qwest CyberCenters and
  infrastructure
• Scalable services range from cold to hot to
  multi-location replicated environments
• Connectivity via Qwest iQ Networking
• Qwest restores and recovers your environment at a
  Qwest DR center.
• Physical infrastructure (servers, routers,
  switches, network)
• Data (tape, disk, data replication, etc.)
• Applications (operating systems and applications)
• Failover from your premises, from other data
  centers or from a Qwest CyberCenter facility.

15
Business Protection Services
Protecting Your IT Environment
Restoration and Recovery Services (cont.)
16
Business Protection ServicesSecurity Services
Internet and Hosting
Protecting Your IT Environment
2. Highly available firewalls controlling
internet access
1. Firewalls protecting co-located servers in
hosting center
Web servers
Nokia
Nokia
Corporate WAN
Nokia
Nokia
Nokia
Nokia
Hosted Intranet application
3. Site-to-site secure VPN extending corporate
Intranet to include CyberCenter facility-hosted
servers
Qwest CyberCenter facility

• Intrusion Detection Services provide real-time
  packet examination and suspicious activity
  alerting in order to detect attacks from within
  your organization, policy violations, as well as
  provide security auditing, incident handling and
  security verification.

17
Protecting Your IT Environment
Business Protection Services
Security Services Anti-Virus / Anti-Spam
Customer
Legitimate e-mail
Internet
Legitimate e-mail
e-mail
Online quarantine
Spam/virus
Anti-Virus Anti-Spam Service
18
Business Protection Services Storage Services
Protecting Your Data
Qwest iQ Internet
Remote Tape Backup
Public Edge
Qwest CyberCenter
Remotely back up and store clients critical data
using a full T-1 Premium or Internet Port.
Remote Backup
Library
SAN, TAN, Archiving, Vaulting
Utility (primary) storage, managed dedicated
storage, managed tape backup, non-disruptive
backup, point-in-time copy and archiving, and
restore options
19
Protecting Your Network
Business Protection ServicesBPS Product
Portfolio

• Carrier Diversity
• Definition Splitting corporate network among two
  or more carriers
• Caution There is no way one provider can know
  how another carrier will route the same circuit.
• Carriers negotiate nationwide rights of way
• Along same national railway lines and highway
  systems
• Traversing same bridges, same tunnels, etc.
• - Very strong chance both carriers circuits are
  riding the same routes and sharing the same
  vulnerabilities

20
Protecting Your Network
Business Protection ServicesBPS Product
Portfolio

• Domestic Network Diversity
• Redundant network connection between your data
  networks
• Managed relationship between two or more circuits
  based on your routing needs
• Identified and maintained in the Qwest database
  systems as related primary and diverse circuits
• Designed to increase the probability of
  survivability in case a catastrophic event occurs
  
• Domestic network products available
• Local Access
• QWave
• Private Line
• FR / ATM
• IP services (Internet Port and Private Routed
  Network)

21
Protecting Your Network
Business Protection ServicesBPS Product
Portfolio

• Network Diversity (cont.)
• Domestic network products available
• Local Access
• Available when sold with the transport products
• DS-1, DS-3, OC-3, OC-12, OC-48
• QWave/Private Line
• Private Line 2.5 Gbps, 10 Gbps
• QWave Subject to available network facilities
• Single circuit diversity (Private Line and QWave)
• Route diversity (Private Line and QWave)
• Ring Diversity (Private Line only)
• Frame Relay and ATM
• Frame Relay DS-1, DS-3
• ATM service DS-1, Inverse Multiplexing over ATM
  (IMA) (nxDS-1, up to eight DS-1s), DS-3, OC-3,
  OC-12
• Switch diversity
• Card diversity continued

22
Business Protection ServicesBPS Product Portfolio
Protecting Your Network

• Network Diversity (cont.)
• Domestic network products available
• Qwest iQ Networking (Internet Port, Private Port
  and Enhanced Port)
• DS-1, DS-3, OC-3, OC-12, OC-48 transmission rates
  for Dedicated IP access
• DS-1, DS-3, OC-3, and OC-12 transmission rates
  for Dedicated ATM access
• DS-1 and DS-3 transmission rates for Dedicated
  Frame Relay access
• Card diversity
• Device diversity
• TeraPOP diversity (backhaul)
• Private Routed Networks
• DS-1, fractional DS-1, DS-3
• Card diversity
• Device diversity
• TeraPOP diversity (backhaul)

23
Protecting Your Phone Systems and Call Centers
Business Protection ServicesQ Routing and QWCC

Caller
Network Switches
Q Routing
PSTN
ISDN PRI
VoIP Gateway IP Centrex
Hosted IVR QWCC
PBX or IP-PBX

• Location C
• Agents
• Supervisors
• PBX CPE
• DID line

• Location B
• Agents
• Supervisors
• Softphone using IP-Centrex

• Location A
• Agents
• Supervisors
• Using Centrex
• Using Business Line

Agent status over TCP/IP
Enterprise back-office systems
24
Qwest OneFlex Hosted VoIP and Integrated
Access Products Fit Disaster Recovery Needs
Seamlessly
Protecting Your Phone Systems and Call Centers
VoIP

• Qwest handles 1.9B minutes of VoIP traffic every
  month.
• MPLS technology supports VoIP.
• Extensive network of local and long-distance
  assets and relationships.
• All critical components are redundant, with
  failover capability.
• System can be configured as backup or primary.
• Multiple transit paths exist.

25
Business Protection Services BPS Product
Portfolio
Protecting Your Workplace

• Mobile Recovery Units
• Fully functioning workplace units
• Ideal for customers that
• Want to recover at their own site
• - Are too far from a recovery center
• - Require mobile command center/data center
• - Require temporary space (business capacity
  services)
• Solutions include
• - Ready suite (pictured above)
• - Mobile banking unit
• - Mobile command center
• - Mobile claims center
• On site within 24 hours.
• Recovery for 10 to 1000 with scalable expansion.

(Provided via our relationship with Agility
Recovery Solutions)
26
Thank You!