Disaster Recovery / Strategies
Acknowledgements to Euan Wilson (Staffordshire University)
What is a Disaster ?
• Very similar question to
• How long is a piece of string ?
Dictionary Definitions
• “an occurrence that causes great distress or destruction”
• “a thing, project etc. that fails or has been ruined”
“causes great distress or destruction”
• Has an effect on business functions and the way business operates
• Could define it as a loss of business functionality (or partial loss) for a period of time
• But still doesn’t define what a disaster is
Problems of defining a disaster
• For example– DIY store has a UK network – enabling all stores to view other stores
stock– they can reserve / order stock for their
customers from other stores stock– enabling them to hold less stock at
each store
Stoke Stone
Newport
Telford Derby
HubStafford
So what is a Disaster ? Example One
• The Stafford site has a problem and is no longer connected to the other sites– Therefore it’s a disaster for Stafford– but it is a disaster for the organisation ?
• The company has lost 1/6 of a particular business function
• so is it an annoyance rather than a disaster ?
– But is might be a disaster if business is lost
– or the fault persists for a period of time
– what fall back methods are available• use of the phone / fax• pen and paper
– will these overcome the “disaster” ?– If so, its not a disaster
Systems that need to be in place
• Network– need to have in place a recovery
strategy that gets the network up and functional within an acceptable time period ?
• So what is that time period– 30 minutes, 4 hours, 1 day …… – have to analyse cost of down time
• Telephone– Possible the most important
• Nice easy one !• Have a contract with a mobile telephone
company to provide instant “mobile lines”• Second contract with “land line” company
to provide land lines within 24 hours• or something else!
• Buildings ?– If they are destroyed what happens
• New premises• Portable cabins• Rented• Work from “home”
• Hardware• Needs to up and running before network ?• In-house or bought-in support ?• Depends on allowable downtime
• Software• Same as for hardware• Example
– Oracle DBA at Brussels Airport is allowed to have a non-functional database for 30 minutes each year
Example two
• CREST– Bank of England Electronic Share
Settlement System– System that allows permitted stock
brokers to deal with share on-line– UK wide network– FTSE companies and more
• Each member of CREST has to response to a share dealing with 2 hours of the start of the function.
• So what would be a disaster ?– A loss of the system for more than 1
hour ?• Recovery
– A second identical system
– Expensive • Too expensive, but perhaps necessary
– It was actually mandatory
– But needed• the fines for not completing the
transactions is – barring from the system– loss of image– loss of business– loss of reputation
Example three
• Same network layout as for first example– but
• System for dealing with Police cells– Systems needs to check for
• Outstanding warrants• Bail conditions• Other Forces requirements• etc. etc.
Timeliness?
– When the person is processed the Duty Officer needs to be aware of all possible data available.
– Each area keeps “their own data” I.e. Stafford records data about Stafford residents etc.
• Stone link fails– Disaster ?– Duty Officer is not left with a
complete picture– Fall back plans ?
• Use of telephone / fax etc. ?– System needs to have in-built
redundancy
Creating a Disaster recovery Strategy
• Stage one – Define organisations view of a
disaster• maybe one line
– “loss of business functions for more than …” (a time period)
• maybe series of scenarios
• Stage two– Define disaster scenarios
• Fire, flood, acts of God, ….• Bomb, sabotage, ….• Loss of power etc. etc.• Plane crash• Loss of network, telephone system
– Define all possible solutions
• Stage 3– Recommend solutions
• Fire– New premises– Portable cabins– Shutdown period– etc.
• Stage 4– Implement
• All will have– Cost– Contract
– and review• Conditions and reliance's change