Category Archives: DRP

Recovery Capacity Objective: a new metric for BCP / DRP

Business continuity and disaster recovery planning professionals rely on well-known metrics that are used to drive planning of emergency operations procedures and continuity of operations procedures. These metrics are:

  • Maximum Tolerable Downtime (MTD) – this is an arbitrary time value that represents the greatest period of time that an organization is able to tolerate the outage of a critical process or system without sustaining permanent damage to the organization’s ongoing viability. The units of measure are typically days, but can be smaller (hours, minutes) or larger (weeks, months).
  • Recovery Point Objective (RPO) – this is a time value that represents the maximum potential data loss in a disaster situation. For example, if an organization backs up data for a key business process once per day, the RPO would be 24 hours. This should not be confused with recovery time objective.
  • Recovery Time Objective (RTO) – this is a time value that represents the maximum period of time that a business process or system would be incapacitated in the event of a disaster.  This is largely independent of recovery point objective, which is dependent on facilities that replicate key business data to another location, preserving it in case the primary location suffers a disaster that damages business data.
  • Recovery Consistency Objective (RCO) – expressed as a percentage, this represents the maximum loss of data consistency during a disaster. In complex, distributed systems, it may not be possible to perfectly synchronize all business records. When a disaster occurs, often there is some inconsistency found on a recovery site where some data is “fresher” than other data. Different organizations and industries will have varying tolerances for data consistency in a disaster situation.

In my research on the topic of business continuity planning and disaster recovery planning, I have come across a standard metric that represents the capacity for a recovery system to process business transactions, as compared to the primary system. In professional dealings I have encountered this topic many times.

A new metric is proposed that is used to establish and communicate a recovery objective that represents the capacity of a recovery system:

  • Recovery Capacity Objective (RCapO) – expressed as a percentage, this represents the capacity of a recovery process or system as compared to the primary process or system.

Arguments for this metric:

  • Awareness. The question of recovery system capacity is not consistently addressed within an organization or to the users of a process or system.
  • Consistency. The adoption of a standard metric on recovery system capacity will facilitate adoption of the metric.
  • Planning. The users of a process or system can reasonably anticipate business conditions should a business process or system suffer a disaster that results in the implementation of emergency response procedures.

Cloud based solutions bring disaster recovery within reach of small business

Backup and Data Recovery (BDR) solutions traditionally have been high priced luxuries out of the reach of many small to medium business owners. Tape drives remain very expensive hardware components, and offsite storage services are simply too expensive for many companies to use. But now, cloud based solutions are poised to bring BDR solutions within reach of every business from the sole proprietorship to the multisite enterprise.

Let’s look at what a company needs for BDR. Data must be securely backed up, available in case of need, but safe from any disaster that might strike the company. When all of your data resides only on your fileserver, it is at risk from hardware failures, theft, human error, fire or other catastrophe. Many companies use tapes to back up their systems, but do not use a reliable way to move those tapes off site to a secure storage location. The same fire that cooks your server will melt the tapes in the file cabinet, and so will the summer sun beating down on the car’s boot.

Even the least expensive courier services can cost hundreds of dollars a month, and relying on tapes to store your data means needing redundant hardware to recover your data in an emergency. Tape based solutions are simply out of reach for most SMBs, who choose instead to accept the risk of loss because they don’t have a viable solution. Or rather, they didn’t until BDR met the cloud.

Cloud based BDR solutions use your company’s Internet circuit to make a secure connection to your service provider’s network, and performs data back ups continuously. Typically an agent is installed on each server and workstation you wish to backup, and examines data changes at the block level, replicating data either directly to the cloud service provider, or to a staging appliance in your datacenter that can further compress the data, and stage most recently changed data for rapid restores if necessary.

Rather than investing thousands or tens of thousands of dollars on hardware and software, cloud based BDR solutions typically operate on a monthly subscription basis, with graduated pricing based on total data stored. This means that SMBs can start using the services immediately, and keep their costs manageable. They can select a smaller total data level to start, and raise the level as their needs grow. Because costs are monthly and subscription based, the financial treatment of these costs is frequently very attractive as well, going to operations rather than assets.

Many of the cloud based providers of BDR services offer free trials, which enables the business owner or IT admin to take the service for a test ride, ensuring that they are comfortable with the requirements, performance, and availability of the service. Some services can offer individual users with backup capabilities for their workstations that go hand in hand with server based backups, while others pool team based storage to further enhance the services available.

With your data securely backed up to a cloud provider’s network, you can rest easy knowing that if disaster strikes, your data is not lost. It is safe and secure in the cloud ready for you to pull down at need.

This guest post was written by Casper Manes on behalf of IT Channel Insight, a site for MSPs and Channel partners where you can find other related articles to disaster recovery.

Why Disaster Recovery Requires a Plan

Why Disaster Recovery Requires a Plan

Guest post from Casper Manes on behalf of IT Channel Insight

Whether you are a commercial pilot, an astronaut, a submarine weapons officer, or a Cylon, you know the importance of having a plan. There are certain tasks that, no matter how repetitious they may seem, are so important to get right the first time, and every time, that they have been boiled down to a checklist which any reasonably skilled and trained individual can walk through, step by step, in order, to accomplish the task. They are designed to be easy to follow, to spell out exactly what needs to be done, and the order in which it must be done, to get things going, and to require a minimum of creative thinking. Tasks are performed by rote, and verified each step of the way. That’s the perfect way to approach disaster recovery, and in this article we’ll discuss why you need a disaster recovery plan that is a little more detailed than “don’t panic!”

What is a disaster?

Let’s consider what, in business terms, can constitute a disaster. Sure, things like hurricanes and blizzards come to mind, perhaps even fires in the datacenter, but a disaster is more than just a weather phenomenon or catastrophic loss; it’s anything that significantly disrupts the normal operations of your business. If we limit ourselves to an IT perspective, that can include prolonged Internet outages, a severe flu epidemic that takes out half the staff, a virus that shuts down key servers, or a SAN failure. It can also include HVAC failures, power outages, or hardware failures on critical, but not redundant, systems. Anything that causes a significant and protracted impact to normal operations may be enough to declare a disaster situation, and require that you implement your recovery plan.

Disaster declared, now what?

In the best case disaster, you have experienced a hardware failure that will eventually be corrected by the vendor. But while systems are down, your phone is ringing off the hook, you’re getting pinged on email and IM, and someone is probably sticking their head in your cube every 30 seconds asking if it’ fixed yet. In the worse type of disasters, you and your colleagues are probably more worried about your family and your own property more so than the company’s, and that’s assuming all your team even made it into the office. Hurricanes, blizzards, and other region impacting events can leave you with only a skeleton crew, and most of them are going to be worried about more than just how to get the website back online and email working. That’s why you want to work the plan.

By the numbers

Think back to how this article opened. When failure is not an option and there are countless distractions going on, you want people to have something to anchor themselves with, and to keep the need for creative thinking to a minimum. You also need to make sure that things are done in a certain order, and that nothing is missed, because most things have dependencies. A plan is the guide that your team will use to enable them to focus on specific and discrete tasks, without having to make it up as they go along. Make use of checklist; I mean actual paper documents on clipboards with check marks that each step is complete, so that;

a)     If something distracts you, it is easy to pick up where you left off without missing anything,

b)     You can hand off to someone else and they know exactly where to start

c)     Someone can audit that each step was done.

Paper checklists also have the distinct advantage of not relying on technology. I once saw an organization who kept all their DR procedures online; which looked great until they couldn’t get to them while the datacenter was down!

It’s a journey, not a destination

Disaster recovery planning is an ongoing process. Plans must be tested and revised as the company grows, new systems are brought into the environment, and old systems are deprecated. Real disasters don’t happen on schedule, so training must be thorough and testing must be performed to ensure that whoever is on the clock can handle the early steps of the process until more people can get online. Staffing changes will mean that this must happen frequently, and repeatedly. It’s just a part of the overall process, so accept it. And make sure that at least two people know how to perform any part of the disaster recovery plan since you have no way to know in advance whether everyone will be able to make it into the office when a disaster strikes. Redundancy of equipment is no more important that redundancy of skillsets, and a single point of failure could be the one guy who can’t get into the office because the roads are closed.

This article was written by Casper Manes on behalf of IT Channel Insight, a site for MSPs and Channel partners where you can find other related articles on how to setup a disaster recovery plan.

Ike: this is no time to think about disaster planning

Bookmark This (opens in new window)

Hurricane Ike

Hurricane Ike

Thousands of businesses in Texas from Freeport to Houston are wondering, “How are we going to survive Hurricane Ike and continue business operations afterwards?”

If this is the first time this has crossed your mind, there’s precious little you can do now but kiss your systems and hope that they are still running when you see them again.  The storm surge is supposed to exceed 20 feet, which will prove disastrous to many businesses.

But when you get back to the workplace and things are back to normal (which I hope is not too long), start thinking seriously about disaster recovery planning.  A DR project does not have to be expensive or take a lot of resources, and it’s not just for large businesses.  Organizations of every size need a DR plan: the plan may be large and complex in big organizations, but it will be small and manageable and not be expensive to develop.

Hurricane Ike's Path

Hurricane Ike's Path

Where do you begin?  At the beginning, of course, by identifying your most critical business processes, and all of the resources that those processes depend on.  Then you begin to figure out how you will continue those processes if one or more of those critical resources are not available.  The approach is systematic and simple, and repetitive: you go step by step through each process, identifying critical dependencies, figuring out how to mitigate those dependencies if they go “offline” at a critical time.

IT Disaster Recovery Planning for DummiesOrder yourself a great book that will get you started.  As one reviewer said, “It would be tempting to make all sorts of snide comments about a Dummies book that wants to take a serious look at disaster recovery of your IT area. But this is a Dummies title that you’ll actually go back to a number of times if you’re responsible for making sure your organization survives a disaster… IT Disaster Recovery Planning for Dummies by Peter Gregory. It’s actually the first book on the subject that I found interesting *and* readable to an average computer professional….” read the rest of this review here and here.

Don’t put this off – but strike while the iron is hot and get a copy of this now.  Don’t wait for the next hurricane to catch you off-guard.

I don’t want to see any business unprepared and fail as a result of a natural disaster.  If it were up to me, disaster preparedness would be required by law, but instead it’s a free choice for most business owners.  I just wish that more would choose the path of preparation and survival, but unfortunately many do not.  I wrote IT Disaster Recovery Planning For Dummies to help more people understand the importance of advance disaster recovery planning and how easy the planning process can be.

Press Release: Disaster Recovery Book Available in Electronic Edition

FOR IMMEDIATE RELEASE

CONTACT:  Rebecca Steele

rebecca.steele@ymail.com

Disaster Recovery Book Available in Electronic Edition

Book receiving critical acclaim from experts now available in Amazon Kindle edition

SEATTLE, Wash., September 5, 2008 – Technology author Peter H. Gregory’s 18th published book, IT DISASTER RECOVERY PLANNING FOR DUMMIES (John Wiley & Sons; $29.99; December, 2007), is receiving rave reviews from industry experts and professional reviewers.  The book is now available in electronic form on Amazon’s Kindle book reader.

According to Philip J. Rothstein, an industry expert on business continuity and disaster recovery planning and the owner of Rothstein & Associates, a disaster recovery planning consulting services firm, “Peter Gregory’s book helps to establish a realistic perspective for Disaster Recovery and provides a no-nonsense yet manageable foundation. He has identified many issues, techniques and tips which I found quite useful, despite my 25+ years involvement with business continuity and disaster recovery.”  Mr. Rothstein also wrote the Forward to the book.  According to Thomas Duff, 25-year IT professional and Amazon “Top 100″ reviewer, “It would be tempting to make all sorts of snide comments about a Dummies book that wants to take a serious look at disaster recovery of your IT area.  But this is a Dummies title that you’ll actually go back to a number of times if you’re responsible for making sure your organization survives a disaster…  It’s actually the first book on the subject that I found interesting *and* readable to an average computer professional.”

IT Disaster Recovery Planning For Dummies is now available in Amazon’s Kindle electronic format.  This will enable owners of the popular Amazon Kindle to purchase the book at a reduced price and have an electronic edition of the book (and hundreds of others) readily available.  “Not only will this make the book more convenient for people to read, but having an electronic edition could be especially handy during a disaster or other emergency situation,” cites Peter H. Gregory, author of the book.  “When offices are shuttered or unreachable, this and other important books can be pre-loaded on Kindle readers and available as back-up references for emergency planners and responders,” he adds.

IT Disaster Recovery Planning For Dummies is available in paperback form at local book dealers, and also from online dealers such as Amazon, Barnes & Noble, and Borders.  It is available as an e-book directly from the publisher, John Wiley & Sons, as well as for Amazon Kindle.

ABOUT PETER H. GREGORY:

Peter Gregory, (Graham, WA) CISA, CISSP, is a security and risk manager for a financial services organization and the author of twenty books on security and technology. Peter Gregory is a career security professional with experience in the government, banking, nonprofit, e-commerce, and telecommunications industries.  He serves on two boards of advisors for information security certificate programs for the University of Washington, and on the board of directors for the Evergreen State chapter of InfraGard, a partnership between the U.S. Federal Bureau of Investigation and the private sector.

IT DISASTER RECOVERY PLANNING FOR DUMMIES

Published by John Wiley & Sons, Inc.

Publication date: December 26, 2007

$29.99; Paperback; 360 pages; ISBN: 978-0-470-03973-1

*  *  *

Does your organization need a disaster recovery plan?

Bookmark This (opens in new window)

DisasterMany businesses, particular those that have less than one thousand employees, think that disaster recovery planning is something that is too difficult or too expensive to undertake. Another response is that of the avoider: it won’t happen to me. These assumptions have been perpetuated to the detriment of many businesses that unnecessarily failed.

Disasters come in many forms. Most people think of massive earthquakes and hurricanes. However, there are hundreds of disasters that occur on a regular basis, but they’re too localized and small to make the news. And not all disasters are ‘acts of nature': there are many man-caused disasters that occur on a regular basis that cripple businesses just like acts of nature do.

Disaster Recovery Planning need not be expensive, and most businesses can (and should!) get started right away with even a small amount of planning that could prove highly valuable, in case the unexpected occurs.

Get the book, build the plan!

Disaster recovery isn’t just for dummies

Bookmark This (opens in new window)

Disaster Recovery is not simply about Katrinas nor earthquakes nor 9/11 catastrophes. Sometimes, the focus on these monumental events could intimidate even the most committed IT manager from tackling Disaster Recovery Planning. Disaster Recovery is really about the ability to maintain business as usual – or as close to ‘as usual’ as is feasible and justifiable – whatever gets thrown at IT.

Read entire review

Find out more about the book, IT Disaster Recovery Planning for Dummies