Contingency Planning The Distributed Computing Challenge by Contingency Now May 12, 2004

1
Contingency PlanningThe Distributed Computing
ChallengebyContingency NowMay 12, 2004
2
Seminar Objectives

• Opening remarks statements
• Definitions
• Statistics risks
• DRP Linux
• Planning objectives
• Benefits
• Summary

3
Where Do You Fit?
App Dev
Testing
Planning
Assessing
Architect
Analyzing
Scripting
Net Eng
PM
DataSecurity
Net Security
4
What is Disaster Recovery?
Disaster Recovery is a set of activities aimed
at reducing the likelihood and limiting the
impact of disaster events on vital and/or
critical business technology.
Source Jon William Toigo, Disaster Recovery
Planning Third Edition
5
What is Business Continuity?

• Business Continuity is the ability to sustain
  mission-critical business processes during an
  unplanned interruption event.
• Of the thousands of businesses who have taken
  the Disaster Readiness Scorecard of best
  practices, 75 are in the Danger Zone, 21 Need
  improvement, and only 4 meet Best Practices.
• Source Prove It" disaster readiness consortium

Source Jon William Toigo, Disaster Recovery
Planning Third Edition
6
Three Ps of Disaster Recovery

• People without them you have nothing
• Property premises, IT systems, telecom
• Priorities who, what, when, where, how

7
Classes of Disaster Recovery(A three layered
business dependent approach)

• Class Three (High) Vital
• A declared disaster has immediate financial
  affects to the business. Zero downtime expected.
  Recovery is Seconds/minutes.
• Class Two (Medium) Critical
• A declared disaster will adversely affect the
  business. Recovery is hours/days.
• Class One (Low) Important
• A declared disaster has no short or long-term
  effects on the business. Recovery is days/weeks.
  

Source Contingency Now BIA Document
8
Most Common Causes of Business Interruption

• 72 Power Outages
• 52 Hardware Problems
• 46 Telecom Failures
• 43 Software Problems
• Source Contingency Planning Management Magazine

9
Cost of Being Unprepared(per Industry Basis)
Source IT Performance Engineering Measurement
Strategies Quantifying Performance Loss, Meta
Group
10
Cost of Downtime
One Hour of Downtime
Source Disaster Recovery Journal Spring 2004,
Volume 17, Issue 2
11
Internal Risks

• Loss or depletion of employee morale
• Loss or decrease in productivity
• Increased employee stress
• Key projects delayed
• Diverted resources
• Goodbye s

12
External Risks

• Loss of customers
• Regulatory scrutiny
• Tainted public image
• Loss of vendors/partners
• Decreased credibility to investors
• Executives personal reputations at risk
• Increased liability to Directors Officers

13
Sarbanes-OxleySection 404 publicHIPAASecurit
y Rule 164.308 Gramm-Leach-Bliley Act (GLBA)
Section 6801 (b)
Three Key Governmental Mandates
14
Open Source - Linux
Note There are dozens of distributions or
kernels on the market. LindowsOS, Mandrake, Sun
Java Desktop, Redhat, Novel/Suse, Debian, Gentoo
Linux, Knoppix, Lycoris, Turbolinux
15
DRP and Linux

• Keep it as simple as possible
• Think data recovery, not data backup
• Document everything (dont be shy)
• Be a budget activist
• You are accountable
• Sell to management
• Share the knowledge

16
DRP and Linux, cont

• Differentiate between vital, critical and
  important applications systems
• Separate apps from the kernel
• Partition
• Separate disk (preferred)
• Develop and test general system setup first,
  applications second

17
DRP and Linux, cont

• Burn copies of kernel, third party apps keep
  offsite and readily available
• Build readme files for all applications what
  they do), date, time, signature (be accountable)
• Build an applications dependencies matrix

18
Think Dependencies Data Recovery
Applications
Products Services
Kernel
19
Planning Objectives

• 1. Safety of all employees
• 2. Identify vital/critical services apps
• 3. Minimize immediate damage or loss
• 4. Ensure business operations continuance

20
Planning Objectives cont

• 5. Minimize down time
• 6. Reduce recovery effort complexity
• 7. Establish management succession
• 8. Facilitate effective recovery coordination

21
Action Plan Deliverables

• Sufficient action plan must meet fundamental
  business needs
• Effective action plan must work reduce
  vulnerabilities risk
• Efficient action plan must eliminate data
  management waste (TCO, ROA)

22
What the Contingency Planner Needs

• What does each application do?
• Where is the application SW?
• Where is the data?
• What is the availability?
• Has the data integrity been validated?

23
Revenue Stream Dependencies
Services/Products
s
Applications
Identify the critical path. Build action plan
here.
Systems
24
Cost vs. Recovery Time(non-linear)
Dollars
Seconds Hours Days
25
Human Capital

• The number one most valuable asset to any
  enterprise is the employee (thats everyone)
• Buy-in with a planning champion at the C-Level
• C-Level mid-management are the leaders
• Planning initiatives require synergy between
  business deliverables technology metrics

26
Benefits

• Governmental mandate(s) compliance
• Up-sell to board, investors, clients, suppliers
• Reduction in operational expenditure
• Increase in customer retention
• Positive increase in public opinion
• Leverage to re-negotiate insurance rates

27
Benefits, cont

• Develop and maintain backup/restore capabilities
  for key revenue generating data and systems
• Protect against un-anticipated threats or hazards
  to the security or integrity of customer
  records/data
• Maintain X level of operational capability
  prior, during and post a business interruption
  event

28
Summary

• Disasters to any business can be natural, human,
  or technical
• Development to implementation requires
  C-Champion, PM communications
• Intent is to mitigate and/or decrease loss of
  revenue while increasing Operational
  effectiveness readiness

29
Summary cont
Contingency Planning

• Key component to business Operations strategy
• Information availability keeping all employees
  connected
• Your business is unique one solution does not
  fit all

30
THANK YOU VERY MUCH FOR YOUR TIME!!
Disaster has no boundaries
START TODAY TO ENSURE TOMORROWS SUCCESS