Full Transcript

Disaster Recovery & High Availability Techniques Lecture 3 – DR with BCP Chamara Disanayake Senior lecturer Department of network and Security Flash Back High availability is fault protect...

Disaster Recovery & High Availability Techniques Lecture 3 – DR with BCP Chamara Disanayake Senior lecturer Department of network and Security Flash Back High availability is fault protection against minor outages. Outages which is not exceeding the margins defined in SLAs Mainly discussing the “Redundancy” Disaster recovery is fault protection against major outages. Exceeds the SLA and users aware of the outage. Need to consider how the business can be continued with reference to RTO and RPO Both objectives are two sides of one coin: incidents and problems happen, and we need to cope with them  Business Continuity 2 HA and DR with BC DR HA Improved Business BC 3 BCP vs DRP Scope Objectives https://www.perplexity.ai/search/what-is-the-n.aeK7z.SNqXPcwPlO4dyQ 4 Business Impact Analysis (BIA) – Network Centric General Scenarios Security Breach, Product/Technology Failure, Natural Disaster, Financial Crisis, Workplace Violence, Environmental Crisis Identify how business will be impacted without network The network may be partially operational – Internal network issue Network may be completely down –WAN network issue It may be under attack (DDoS, Network Flooding etc.). Think of all scenarios for the network. 5 Identification of Critical Operation Check the business priorities. Take each scenario and identify how its impact. When it is a temporary failure When a disaster Need to Identify the dependency. Identify how the IT is connected with the applications and operations. 6 Identify the Gravity of Disruption Could be suspended, if necessary for a short period. Could be scaled down, if necessary for short periods of time. Can tolerate very short periods of disruption. Cannot tolerate any disruption. Source: ISO 22313 7 Focuses on managing the IT department and ensuring that technology supports DR and BCP - Responsibilities internal processes and operations. Responsible for IT infrastructure, budgeting, and strategic planning. Typically, more business-focused, with a focus on cost Strategy – Choosing the Solution reduction and efficiency. Focuses on developing and implementing new technologies to drive business growth 8 and innovation. CIO - Responsibilities Developing and Implementing Disaster Recovery Plans Identifying critical IT systems and data to be recovered. Developing procedures for data backup and damage assessment. Establishing incident response times and improving them if necessary Creating Business Continuity Plans Ensuring the organization can continue core business operations after a disaster. Identifying essential business functions and processes. Developing procedures for maintaining contact with key vendors and suppliers 9 CIO - Responsibilities Leadership and Coordination Providing leadership and coordination during disaster recovery and business continuity efforts. Ensuring that all stakeholders are working together effectively to minimize downtime and ensure business continuity Overseeing IT Infrastructure to assure its alignment with the business need and requirements. Developing Budgets and Resource Allocation 10 How to Develop the DR Plan and Implement it? Identify the Business process business process Operational Impact Affordable downtime. Identify the system Components The system component Dependency. Recovery time. 11 Maximum Tolerable Downtime (MTD). System can have an affordable down time. This allow us to act and minimize the impact within the time frame. Mission critical systems needs to operate 24X7 but it can have a downtime. The MTD represents the total amount of time the system owner/authorizing official is willing to accept for a mission/business process outage or disruption and includes all impact considerations. (NIST) 12 Develop Key Recovery Targets(RTO & RPO) Recovery time objective (RTO) Period of time from disaster onset to resumption of business process Recovery point objective (RPO) Maximum period of data loss from onset of disaster counting backwards Amount of work that will have to be done over 13 Identify resource requirements For each scenario Identify its resource requirement to bring back the system to operations. Count all physical tangibles, software, human resources in to account. Additional resource acquiring cost must be consider. For some resources it can be cover with SLA & various contracts. 14 Identify recovery priorities With the data from above ( RTO/RPO ,Resources , cost ,Etc) we can finalize the recovery priorities. List down/rank based on the priorities. Balancing the cost of recovery. 15 Balancing the cost Determine Business Processes and Recovery Criticality 16 Responsibilities Procurement 17 Responsibilities Procurement 18 Make it Work 19 Identify the Preventive Controls/ Contingency Strategies Its better to avoid than face it. Since the scenarios are Identified you may find preventive controls. For critical ones Prevention is better. The backups /stand by sits or equipment/fault tolerance capabilities on critical Core elements. This leads to topic “High Availability”. 20 Develop the DR/BCP Once the priorities are identified, we can come up with relevant strategy. Build the Roles and Responsibility chart. Everyone has a role to play. Identify who will execute what activities in what order. Build the Communication Plan. Clear indication of chain of command. In disasters, everyone goes to panic therefore this is an important task. 21 Responsibility Chart – DR Process Responsibilities of units/professions 22 Communication Plan Provides procedures for disseminating internal and external communications; means to provide critical status information and control rumors. Provides the channels to communicate with personnel and the public; not information system- focused. Crisis Communication Team Senior executives, heads of major divisions, should be identified to serve as the organization’s Crisis Communications Team. CEO will head up the team, with the top public relations executive (or outside agency or consultant) and legal counsel as chief advisers 23 Communication Process Crisis Spokesperson The pool of potential spokespersons/subject matter experts should be identified and trained in advance, even though CEO will make the ultimate decision about who will speak will be made once the crisis breaks. Consider all the different channels of communications, both internal and external, that you may need to cover. Stakeholders Create a complete database of internal and external stakeholders to guarantee that they obtain the exact messages needs them to hear and potentially repeat to other individuals or media outlets. 24 Communication Flow A proper communication flow for internal staff should also be developed to communicate effectively during a crisis which can make a difference in determining whether the company ultimately succeeds or fails. It also can help employees maintain a sense of calm and order by giving them important information they might not have access to otherwise. A high-level manager activates the Call Tree  call tree, calling three front line managers. Each front line manager calls the employees they are responsible for 25 Communication Platforms and Monitoring Set up notification systems to rapidly reach the stakeholders. Employing more than one type of communications platform (email plus text for example) the chances are much greater that the message will go through. Monitoring what’s being said about the incident on traditional and social media can alert you to negative messages that could foment a crisis. Monitoring all stakeholder feedback during a crisis supports logical changes to strategy and tactics. 26 Training and testing The training is a critical part of the process. Practice reduce the time take to think & take actions. All who will be involve must be train. Rest of the staff must be notified about the BCP/DR plan. The DR drills must be done periodically. 6 month is a standard for enterprisers. 27 DR Testing Templates 28

Use Quizgecko on...
Browser
Browser