business continuity and disaster recovery chapter 8 part 2 pages 914 to 945
TRANSCRIPT
Business Continuity and Disaster Recovery
Chapter 8Part 2
Pages 914 to 945
Recovery Strategies
• Figure 8-4 on page 916
Recovery Strategies
• Maximum Tolerable Downtime (MTD)• Recovery Time Objective (RTO)– Acceptable downtime to avoid unacceptable
consequences• Work Recovery Time (WRT) – Restoring data, testing, making everything live
• Recovery Point Object (RPO)– Acceptable data loss
Recovery Strategies
• MTD, RTO, WRT, RPO help determine recovery solutions
• The are derived during BIA• “Let’s say a company has determined if it
cannot process order requests for 12 hours, the financial hit will be too large for it to survive.”
Recovery Strategies
• Figure 8-4 on page 916• Recovery Strategy Stages– Table 8-2 on page 917
• List on page 918
Recovery
• Nondisaster – Hard disk failure
• Disaster– Facility is unusable for a day or longer.– Usually requires restoration from offsite copies
• Catastrophe– Destruction of facility
Recovery
• Mean time between failures (MTBF)• Mean time to repair (MTTR)
Facility Recovery
• Hot site – fully configured and ready to run, expensive
• Warm site – Leased or rented, partially configured with infrastructure, but not computers
• Cold site – Leased or rented empty data center
Reciprocal agreement
• Company A and Company B agree to use each other ‘s facilities
• Most environment maxed out• Stress level of two companies sharing facilities• Mutual aid agreement – agree to help each
other in an emergency
Redundant Sites
• Site configure exactly like primary site• Most expensive backup option• If a company could lose a million dollars if it
were out of business for a few hours, the loss would override the cost of this option.
Facility Recovery
• Rolling hot site – back of large truck or trailer• Multiple processing centers– Throughout the world?– Move all processing in a matter of seconds.
Challenges
• Many organizations do not totally understand how their networks are configured
• Will images work on new computers?• Customized software from vendor when not
given source code.– What if vendor goes bankrupt– Software escrow
Documentation
• Recovery procedures need to be documented– How to install images, configure OS and servers,
install software– Who should be contacted
Human Resources
• If offsite facility is 250 miles away, how do we get people there and housed.
• Identify user requirements to carry out their job. Today we are extremely dependent on technology
• Executive Succession Plan– Loss of senior executive does not create
leadership vacuum
Backups
• Full backup – all data is backed up• Differential backup – All files that have
modified since last full backup• Incremental backup – all files that have been
modified since last full or incremental backup
Backups
• Critical data should be backed up and stored both at an onsite area and an offsite area.
• Make sure back ups can be properly restored.
Backup Solutions
• Data shadowing – duplicating hardware and maintaining more than one copy of the information. Maybe more than one disk for the image.
• Data mirroring – Mirrored disk• Multiple reads in parallel
Backup Solutions
• Electronic vaulting – If files are modified, periodically transmit them to an offsite backup. Once a hour, day, week, or month.
• Remote journaling – move transaction logs to offsite facility
Backup Solutions
• Asynchronous replication – Secondary data volumes are synched in seconds, hours or days.
• Synchronous replication – primary and secondary repositories are always in synch.
• Figure 8-7 on page 942
High Availability
• Hosting company’s SLA to get items fixed if it does go down.
• Example: Promise specific turnaround time for service interruption.
High Availability
• Fault tolerance– RAID disks • Parity data to rebuild disks
• Failover capability– Switch over to a working system
• Cluster of servers– Load balancing– Failover capability
Insurance
• Cyber insurance– Losses due to denial-of-service, malware, hackers,
etc.• Business interruption insurance– If the company is out of business for a certain
length of time, the insurance company will pay for specified expenses and lost earnings.