INTRODUCTION
DISASTER RECOVERY
NETWORK LAYOUTS
BACKING UP DATA
BUSINESS CONTINUITY AND IMPACT ANALYSIS
ADAMS & MILES DISASTER RECOVERY
DISASTER SCENARIO
Q & A
58 SLIDES
13 Years Ago •1 office •1 server •No remote access •No paperless procedures •Data Backup done nightly •15 GB of total data on the server
Current •2 offices •4 servers •VPN into office with 2 Citrix servers •95% Paperless •Data backup done nightly, Server snapshots done nightly •Offsite storage of snapshots and tapes •1,160 GB of data and growing by 15GB a month
•An organizations ability to recover from a disaster or unexpected event and resume operations •Plan is generally concerned with IT related infrastructure
A Disaster Recovery Plan outlines how a recovery will be accomplished
•Alternate Site •Communications •Data Recovery •Hardware and Software •Staff and Personnel •Available Power Options •Hard copy material if not digital
Outline functions that need to be recovered What functions and why Time to restore Who will oversee the recovery process
Generally overlooked because they are expensive and provide no immediate return on investment
Comparable to insurance Investing in something you hope you won’t ever have to use
The safety of staff and their families should be the 1st priority
Multiple lines of communication are crucial
Data Backup and Recovery
•Data needs to be backed up and stored off site •Some data is more critical than other data and this should be established in the Business Continuity Plan
No Server Office (Workgroup)
•Similar to a home network •No server exists •Company data is spread out over multiple computers •Users are responsible for their computers
•Data is generally not centralized •Users are responsible for backups
•Involves Hardware •Backup software •Reliance on the user •Where is the company data on the computer •Backup copies off site •Data lost or stolen off site
Hard to manage data Harder to restore all that data
Recommendations for a “No Server” Office
Setup 1 computer on the network that will contain all the data
•no one uses this computer •The machine will perform better •10 users can connect to it
With all the data on 1 computer
•Backups now become easier •Easier to restore data •Backing up is cheaper •Lessens risk of data getting lost or stolen •1 person can be responsible •Only 1 computer is necessary to get back up and running
1 Server Office
•Common for offices with 5-30+ people •Data and Software reside on the server •Backups are performed to removable storage
In addition to nightly backups, server snapshots can also be taken
•Snapshots are like a picture of your server •Stored on external hard drives •Used to restore the whole system •Requires hardware similar to the original hardware
Easy to add storage capacity Server Costs can range from $5,000 to $40,00 depending on the needs
Recommendations for a 1 server Office
•No Data on Computers •An IT person or an outsourced IT company should be used •Built in redundancy is encouraged to prevent downtime
In the event of a Disaster
•Access to backups and snapshots •A duplicate server is required
•requires a tape drive •An experienced IT person is required
•Staff don’t work off servers so computers are also needed •Network switches and cables will be required
Multiple Location Office
•Setup the same way as a 1 server office but may have multiple servers •Servers may exist at both locations •Communication between offices is needed for staff to have access to the servers
•Disaster Recovery Plan may be required for each office •Multiple offices can be used as a working environment in the event of a disaster
Cloud Office
•What is “the cloud” •Virtual office you connect to through the internet •Data, software and automated backups
•Costs vary depending on usage, storage, backup requirements, vendor •Managed by a third party such as an ISP •Requires an internet connection •Used to backup local data via the internet
In the event of a Disaster
•Only a computer and internet connection are needed •No internet = No cloud •Both you and the cloud provider need to be operational •Both you and the cloud need to be functional
The easiest solution is to scan paper to pdf
•Easier to retrieve •Portable •Cuts down on storage costs •Digital pdf’s are not flammable •Easier to maintain a document retention policy •Viewable through multiple devices
•Multiple viewing and sharing
•Helping the environment
The most common ways of backing up data are
•Tape •Removable Hard Drive •Thumb Drive •The Cloud •NAS
Data should be password protected or encrypted when removed from a server or computer
The most common form of backing up company data
•Taken off site •Monthly or yearly archives can be made •Tapes cost between $30-$70 each •Tape drives can cost $500-$5000 dollars •Software is required
Very popular over the last few years
•Inexpensive and large data capacities •Can be used with backup software that comes with Windows •Off site and archives can also be made •Convenient to just copy and paste •Not as durable as tapes
Treated in the same manner as a portable hard drive
•Less capacity then hard drives •More durable then hard drives (no moving parts) •They are easier to loose
NAS (Network Attached Storage)
•Box that contains a number of hard drives •Hard drives are setup in a RAID format •Hard drive failure does not result in lost data •Portable and offers some functionality for copying the contents to another portable device •Cost as little as $500 up to several thousand depending on the needs •Alternative for companies looking to Centralize Data
The cloud is convenient to backup to
•Requires an internet connection •Business class high speed connection may be required •Cloud provider backs up cloud data •Does not work without internet
Fees are usually based on storage capacity required
How do you know the planned procedures will work if they are not tested? A Disaster Recovery Plan involves testing, ongoing maintenance and keeping the plan up to date
•Plans need to be tested and revised as business` change and grow •After hurricane Katrina, 24% of companies said they tested their plan, 50% said they had no intention of doing so
Maintenance includes changes to hardware and software, personnel and the ability to expand capabilities
Unfortunately, a disaster may remove some of the personnel Changes to production must be accounted for Records of employees, hardware, software, vendors and contact lists
Other then IT, what other things need to be considered?
•Business Continuity Planning
•Business Impact Analysis
While a Disaster Recovery Plan focuses on processing and communications, a Business Continuity plan focuses on executing business functions Business Continuity is concerned with the enterprise as a whole
•Staffing •Payroll •Growth •Buying and Selling •Advertising •Manufacturing •Quality Control •Research and development •Location and rent
A Disaster Recovery Plan is a part of the Business Continuity Plan
A Business Impact Analysis is a description of business functions and operations
•Outside Functions
•The impact of losing functions
•The cost to carry out the recovery process
•Can the function be performed elsewhere
A Description of Business Functions and Operations
•Primary business functions
•People, equipment, power needs, computer needs and money
•Lists of vendors, clients and remote office locations
•Tangible objects
Outside Functions the business requires to maintain operation
•Courier and Shipping •Insurance Company •Banking information •IT support •Communication and Internet
The impact of losing some or all of the business functions and data
•Does all of the data and equipment need to exist •Is there an acceptable amount of loss of data •Reduced number of computers •Minimum required
The cost to carry out the recovery process and loss of revenue as a result of downtime
•How much downtime is acceptable •Cost Determination •What functions can be sacrificed
Can the function be performed elsewhere in the event of a disaster
•Sister company •Home as an alternative •Outsourcing
Adams & Miles has 2 offices, 1 in Toronto and 1 in Brampton 95+% of client information is stored digitally Paperless over 10 years ago 4 servers in Toronto Brampton connects through a fiber VPN VOIP through a third party
Servers Backed up nightly to tape drives •Current Tape and Archive is kept off site
Nightly snapshot stored to External Hard Drives •Once a month the snapshot is taken offsite
Snapshots allow the server to be restored to its operating condition at the time it was taken
•Operating System, data, software applications and databases
Tape Backups for individual files Snapshots and tape backups allow for restoration achieved within 12 hours of a disaster
•Less than 1 day data loss
In order to restore the data, a physical backup server is required
•This “blank” server is located at the Brampton office •Similar internals allowing for a restoration of the production server
Staff have the capability to work at full production in the other office
Staff information is kept in digital format offsite
•All staff have alternate email address via 3rd parties Firms Disaster Recovery plan is managed by myself and our Office Manager Updates provided to partners when there are noticeable changes
A disaster hits, the workplace no longer exists, what to do? The list of contacts and employees you kept off site or on your person will come in very valuable at this time Health and safety of employees is #1 concern
•Once taken care of, everybody will be better suited to take care of business •Flexibility for employee working hours •Extended vacation may be required
Contact the insurance company to file a claim
•If the disaster was malicious in nature, the police should be included as one of the 1st steps
If the alternate site is not affected, it is time to get that site up and running
Procedures depend on the type of alternate site
•In house, 3rd Party, Hot, Warm , Cold
Most small to mid size business will have a cold or warm site
•An empty room or a room with some equipment •This may also include someone’s house
Off site data needs to be restored Computers need to be replaced
•Spare company computers or people’s home computers may need to be used
Communications need to be available
•LAN lines, Internet, Cell Phones
•Any or all can be used to communicate with employees, vendors and clients
Lost business equipment needs to be replaced Manufacturing equipment needs to be replaced
•Equipment can be costly or take a long time to arrive •Know where this can be attained quickly from a local source •Know of other local business’ that can lend similar equipment until your new equipment arrives
It’s important to have enough power available to achieve proper recovery procedures
•This should be determined in the Disaster Recovery Plan
Weather big or small, preparing for a disaster or not, every company should have these basic components in place Regular Backups of data
•Data backups kept off site •A means to restore that data •Centralized data
Contact lists of employees, vendors, banking / insurance, clients and emergency contacts
•Kept off site in a manner that is accessible
Some type of emergency plan, weather simple or complex, in the event the workplace is no longer available
Jeff Bondar IT Manager
Adams & Miles LLP 2550 Victoria Park Avenue, Suite 501
Toronto, Ontario M2J 5A9 Phone (416) 502-2201 Fax (416) 502-2210
www.adamsmiles.com