Posts Tagged ‘disaster recovery’

10 Step Data Center Relocation Methodology

Monday, February 13th, 2012

Following are the ten most critical tasks that any data center relocation must address. Look for a provider who can guarantee all ten of these tasks are meticulously and thoroughly addressed. Otherwise, you are taking a big risk with your most valuable and expensive IT investment.

  1. Take inventory of every component that will be relocated or consolidated.
  2. Address data security and data protection to ensure the business remains un-compromised.
  3. Perform detailed planning to maximize the efficiency and budget of the relocation.
  4. Assess budget to adequately address construction, renovation, site closure, equipment, and staff.
  5. Communicate precisely in RFPs, SOWs and contracts — Vague RFPs create poor SOWs. Partner with a data center relocation specialist right from the start to ensure you have detailed, relevant documentation.
  6. Partner with data center relocation specialists according to your continuum of needs.
  7. Plan the move, move on plan to prepare and engage all components — including staff.
  8. Prepare the new facility, and close the old one to ensure that all data center services are ready, tested and approved.
  9. Back up your data and have a disaster recovery plan and data protection strategy — just in case.
  10. Migrate — the moment when careful planning and competent project management result in a flawless move to a new data center hosting site.

For more information about all that is involved in a data center relocation, what to expect, and how to make it a success, read our white paper: Keys to a Successful Data Center Relocation.

Is your data center ready for a disaster?

Tuesday, September 20th, 2011

If you are like most employees at a medium-large sized business, you assume that your company’s data center is always going to be there and supplying your necessary applications, data and reports on a daily basis.  But what if you decided to peel the layers of the onion back and peek beneath the surface?  What you find might surprise you.  

Recent disasters such as Hurricane Irene, Texas wildfires, Mid-Atlantic earthquakes, tsunami’s, and tornado’s all highlight the need for a comprehensive and tested disaster recovery plan but most  are an “all or nothing” scenario, meaning the entire data center must be unavailable before declaring a disaster. This scenario does not look at individual component failures — the most common problems that escalate into a full blown disaster declaration.

Has your company looked at its data center infrastructure and vulnerabilities to address issues that may prevent a disaster declaration and enhance day-to-day or operational recovery?  In some cases there is nothing you can do to prevent a declaration – A direct hit from a tornado, major flooding, earthquakes, etc.  But in many cases a vulnerability analysis of your data center will uncover specific actions that can be taken to prevent a localized outage from becoming a full blown disaster.

So how do you prepare a data center for a disaster incident?

First – Conduct a Vulnerability Assessment of the data center. Five basic questions to ask are:

  1. Are you storing paper and boxes in the data center?
  2. Are your networking cables labeled?
  3. Have you looked at your data center from a power and capacity standpoint?
  4. Is physical access to the data center limited?
  5. Does the data center have heat, smoke, water sensors?
  6. Are there data security policies and procedures in place?
  7. Is the location of your data center conducive to continued operations or is the data center in a major hazard area?

You definitely need a comprehensive set of procedures for the infrastructure and for the applications. Each component, or group of components, usually has support infrastructure, and generally speaking, there’s a person or group responsible for that. So the servers are going to be under the server group, or the virtualization group, or both. All of these are generally working under an infrastructure group or an operations group, but come a major disruption, there’s a dotted-line relationship for disaster recovery management. And that kind of governance clearly needs to be spelled out, who is in charge, who makes the decision, what you do, and what sequence you do it in.

Of course there is much more to ensuring your data center survives a disaster,  but this should give you a jump start in reviewing your data center vulnerabilities.

Patrick R. Dunn, CBCP, CISSP
Practice Manager – Disaster Recovery & Business Continuity

Five Strategies For Business Survival

Sunday, September 18th, 2011

Business owners invest a tremendous amount of time, money and resources to make their ventures successful, yet emergency planning may get placed on the back burner in the face of more immediate business concerns.

At some point, your business will be disrupted by either a man-made or natural disaster; it’s not a matter of if, but when. Disaster recovery planning is vital to the longevity of the business.

Natural disasters like hurricanes, tornadoes and floods are particularly tricky to plan for because they can strike randomly and sometimes repeatedly in the same geographic location.

So how would a business survive such extreme threats?  Here are a few leading practices and strategies to help:

  1. Awareness:  A critical activity of Business Continuity actually occurs before the crisis. Informing and educating employees about programs, threats, expectations, accepted behaviors and actions will increase the likelihood that the intended response to an emergency will be achieved by making these situations at least a bit more familiar by way of repetition.
  2. Compliance:  Compliance with building code safety and frequent building code inspection checks are imperative to ensuring that your building is as safe as possible. The same method should be applied to information technology. Extreme caution should be taken when it comes to protecting your most valuable business resources.
  3. Redundancy: A variety of sources for accessing information should be available. Emails, website postings, “800” numbers to recorded messages, face-to-face information sessions, newsletters, and texting are viable methods.
  4. Frequency: During crises information changes quickly. Therefore, it is important to update messages frequently. Having a pre-established update schedule will benefit your organization during the business interruption.
  5. Communications: Often times at the beginning of a crisis there is a flurry of information, which then drops off. Crises can last for a while and people need different types of information from stage to stage. Maintaining communications continuity during all stages of a crisis is critical.

Patrick R. Dunn, CBCP, CISSP
Practice Manager – Disaster Recovery & Business Continuity

Business Wake-Up Call: Are You Prepared?

Tuesday, September 6th, 2011

Businesses in the Northeast are still feeling the devastating effects of Tropical Storm Irene.   Just a few weeks prior, a mild earthquake struck the Mid-Atlantic region and caused structural damage; people are still rebuilding.  And then there were the tornados striking the South and Midwest. This is your wake-up call folks! 

Were You Prepared?
How did you fare after the tragic floods resulting from Irene? Were you prepared for questions from your executives when the news came in regarding Hurricane Irene and subsequent 100 year floods?

  • Did you think to reach out to suppliers and employees in the region to begin the situation assessment? Or to stock up on needed resources before the flooding? Were you able to deliver products after the event or were there disruptions in your supply chain?
  • Did you think about engaging procurement and human resources as partners to determine the impact of the disaster and potential exposure?
  • Did you prepare to field questions from customers, business partners, and concerned family members?

Based on my experience watching organizations react to crises and other disruptive events, it’s common to see executives and those assigned Disaster Recovery and Business Continuity activities do the following:

  1. Get caught up as witnesses, watching the drama play out in the news just like everyone else, without always connecting the dots as to how the event may impact the organization’s interests. (This is where having a Disaster Recovery Plan would be of vital importance or having a person on staff whose sole responsibility is Disaster Recovery or Business Continuity Planning.)
  2. Focus (almost exclusively) on the day-to-day planning process, rather than taking an active role in participating in the response, including the situation assessment process.
  3. Fail to reference business impact analysis and risk assessment-related information in a potential crisis in order to judge possible exposure — what may be affected.( Ok – so you may not have this in place, but perhaps enough of a wakeup call has been issued and now your company realizes the time is right to conduct a business impact analysis and risk assessment.)

September is National Preparedness Month.  Now is the time to either create your Disaster Recovery Plan or update your plan if you have not done so recently. Another hurricane and even more tornadoes are currently on the weather radar…don’t wait!

Patrick R. Dunn, CBCP, CISSP
Consonus Practice Manager – Disaster Recovery & Business Continuity

Is your business prepared for hurricane season?

Thursday, May 26th, 2011

With all the recent focus on tornado activity, it’s been all too easy to forget about the other types of natural disasters – specifically hurricanes.

In a presidential proclamation made on May 20, 2011, President Obama declared May 22-28 National Hurricane Preparedness Week. The goal is to highlight the importance of planning ahead to protect families and secure communities and homes prior to the upcoming hurricane season that begins June 1st and spans six months.

The Federal Emergency Management Agency (FEMA) along with the National Oceanic and Atmospheric Administration (NOAA), are working in conjunction with the White House to raise awareness. According to a notice recently issued by NOAA’s Climate Prediction Center, the Atlantic basin is expected to see an above-normal hurricane season this year. NOAA is predicting the following ranges:

  • 12 to 18 named storms (winds of 39 mph or higher), of which:
  • 6 to 10 could become hurricanes (winds of 74 mph or higher), including:
  • 3 to 6 major hurricanes (Category 3, 4 or 5; winds of 111 mph or higher)

Each of these ranges has a seventy percent likelihood, and forecasts activity that will exceed the seasonal average of 11 named storms, six hurricanes and two major hurricanes.

Knowing that this year’s hurricane season is expected to be damaging, having a disaster recovery plan in place is the best approach to ensuring the longevity of your business.  Any size business can benefit from having a plan, and having one can mean the difference between continuing business and closing up shop forever. 

Take a proactive stance and start building your business continuity strategy now – Mother Nature is one woman you don’t want to mess with.

Patrick Dunn

The Difference Between Business Continuity and Disaster Recovery

Thursday, March 24th, 2011

Oftentimes, the terms business continuity and disaster recovery are used interchangeably. However, there is a definitive difference between the two and one cannot exist without the other.

Business Continuity (BC) – Think Proactive
Business Continuity is a proactive strategy to recoverability and has evolved to focus on the people side of a disaster.  Many organizations account for technical recovery but neglect the impact on the people involved. Having your systems available does no good if your people have no place to work, or no manual processes in place to get their job done.  Thus Business Continuity looks at the financial impacts of downtime (Business Impact Analysis), managing the event (Crisis Management) and Business Resumption Plans.

Disaster Recovery (DR) – Think Reactive
Disaster recovery planning, on the other hand, is a more reactive approach to recovery and has evolved to focus on the data center/ information technology aspects of an organization.  In essence it is the technical recovery side of a “disaster” — the recovery of systems and applications that enable the business to continue to operate.  DR is the factor that makes the critical difference between the organizations that can successfully manage crises with minimal cost, effort and maximum speed versus those that are left picking up the pieces for untold lengths of time at whatever cost providers decide to charge. (I.E. Organizations forced to make decision out of desperation.)

Detailed disaster recovery plans can prevent many of the headaches experienced by an organization in times of disaster. By having practiced plans, not only for equipment and network recovery, but plans that precisely outline what steps each person involved in recovery efforts should undertake, an organization can improve recovery time and minimize disruptive downtime.

Today’s best practices dictate that companies establish a Business Continuity Program that encompasses both technical and business recovery programs.  The technical aspect is handled by IT and is called Disaster Recovery.  The business side carries the moniker Business Continuity.  Both are required components of a comprehensive recoverability strategy.

Patrick R. Dunn, CBCP, CISSP
Practice Director – Disaster Recovery & Business Continuity

Employee Spotlight: Solution Architect JD Eller

Friday, March 11th, 2011

A true southern gentleman minus the accent, John “JD” Eller is one of the latest talented IT professionals to join the Consonus team. His role as solution architect has him traveling the Carolina’s with sales reps to consult and advise on the technical components of Consonus IT solutions.
“I was attracted to Consonus because they had a core focus in solution offerings that I felt were the right direction for my skill sets,” says JD. “I wanted to work for an organization that would allow me to enhance my skills and offer the opportunity for stability and growth. Consonus was an ideal fit.”

With an impressive IT background, JD specializes in IT solutions involving storage and disaster recovery. Certifications include Dell Equal Logic, Hitachi Storage, NetApp, and many more.  In addition, he is Gartner Group certified in Total Cost of Ownership (TCO) research, is a Proxim Wireless long range solution specialist, and practiced in virtualization solutions using Citrix.

When not talking “tech speak” with IT execs, JD indulges his inner history buff by creating dioramas of various events from the past. He’s currently working on a diorama of the Battle of the Alamo. Incredible patience and meticulous attention to detail are JD’s strengths and definitely come in handy as he crafts everything by hand. “The Alamo project has taken me four years and I have two more to go,” JD says.

Born in Jackson, Tennessee, JD has traveled all over the world, lived just about everywhere, and visited far too many places to list. His parents are both ordained ministers and while young, he accompanied them on their missionary trips. Out of all the places he’s been to, JD says his favorite is a tossup between Brazil and the Redwood Forest of California.

Returning to his southern roots, he calls Georgia home. The proud father of four children — yes, four children — JD says that being a father is his proudest achievement. “I’m blessed. They are all beautiful. But they certainly keep me on my toes!”
Glad to have you aboard JD!

Don’t Forget Snow and Ice Plans in Your BC/DR Strategy

Thursday, January 13th, 2011

It’s only January and areas of the Northeast have experienced Snowmagedden I and II. And in the Atlanta region, my neck of the woods, we’re currently in the midst of Icemaggadden.  These events, while not considered disasters on the level of major hurricanes or other significant natural disasters, should still be accounted for when developing not only your organizations’ business continuity plan, but personal disaster plans for employees.

From a business perspective does your  BC/DR plan have the following?

  • A dial-in number that employees can call to check on company closures and conditions.
  • An accurate call tree to alert critical team members of their roles and responsibilities during an outage.
  • An updated crisis management plan that deals with unexpected weather conditions. 
  • Plans to deal with business processes when employees are unable to make it to work for extended periods of time due to road conditions.
  • In the South – having appropriate snow and ice removal tools and strategies in place to ensure safety of employees and guests.
  • A travel and expense policy for extended stays at hotels while employees are out of town on company business, unable to return home due to conditions or for employees at work, unable to get home due to road conditions.

From a personal perspective does your personal disaster recovery plan have the following?

  • Shovels, sand, salt to remove snow and ice from walkways and driveways.  Even in the South you need these things as I have discovered this week.  Many homes have steep driveways and unless you have the tools necessary to remove ice and snow, you are at the mercy of Mother Nature.
  • Food and water at home to allow you to stay put for a week.  My family has been ice-bound for five days so far and although we have enough food to make it through the week, we know others who do not.
  • Flashlights and candles to provide light in the event of a power outage. 
  • A maintenance schedule for your fireplace (if you have a wood burning one) to ensure safety.  An out of control chimney fire can destroy a home in a very short period of time. 
  • Cash on hand to pay for food delivery or unexpected expenses when credit cards are not an option.

Take the time now to update your personal and corporate business continuity plans. After all, it’s only January. Who knows what the rest of the winter will bring.

Patrick R. Dunn, CISSP, CBCP
Practice Manager – Disaster Recovery & Business Continuity
President – Association of Contingency Planners – Atlanta Chapter (2011- )
Vice Chairman – Contingency Planning Association of the Carolinas (2010 – )

Aligning IT with Business Goals

Monday, December 20th, 2010

In many organizations, information technology (IT) departments are struggling to align their capabilities to meet business objectives. Meanwhile, in the face of increased market and regulatory pressures and a history of project failures, CFOs, CEOs and other non-IT leaders are questioning both performance and costs associated with IT.

The stakes are high.

IT failures have led to reputation damage, customer and market valuation loss, and an increase in privacy concerns and high-profile lawsuits. In many cases, these have negatively impacted company growth.

Not surprisingly, demands on the CIO are greater and more complex than ever. The role of IT is now to help companies respond to market pressures by focusing on cost savings, return on investment, and growth objectives, and must help the organization operate within acceptable limits of risk while ensuring information and data integrity.

The key to facilitating this alignment is the Business Impact Analysis (BIA). The BIA identifies the critical needs of the organization and properly aligns those needs from an IT standpoint. Because there is almost always some discrepancy between the business requirements and the capabilities of IT, the BIA can be used to help identify conflicts and differences. By assigning a solid dollar value to the loss of that business function or process, the applications identified become the highest priority for IT to recover and allow the business to view resources in the proper perspective. Recovery Time Objectives (RTOs) and recovery Point Objectives (RPOs) are clearly identified as well, further quantifying the critical IT infrastructure.

Understanding business objectives and leveraging enabling technologies can help ensure that your IT solutions meet the current and future needs of your organization. The ideal place to start is with a BIA.

Patrick R. Dunn, CISSP, CBCP
Principal Consultant – Disaster Recovery & Business Continuity
Vice Chairman – Contingency Planning Association of the Carolinas (CPAC)
President – Atlanta Chapter of the Association of Contingency Planners (ACP)

Business Continuity / Disaster Recovery: Where do I start?

Thursday, September 2nd, 2010

Recently, I conducted a presentation on how to develop a successful Business Continuity(BC) / Disaster Recovery (DR) plan. As I was going over attendee feedback afterwards, there was one fundamental question that showed up multiple times — where do I start?

A valid question. It’s easy to get overwhelmed with the thought of implementing a comprehensive business continuity strategy. It’s one thing to know that a BC/DR plan is a “must-have” for your business. But it’s another, completely different thing to implement one. So as you set off on your quest to devise a BC/DR plan, use these guidelines as a starting point and you’ll soon see that a good BC/DR strategy is not only necessary, but doable.  

One: Cultivate an Understanding
Before devising the plan, you must understand the terminology. There are many acronyms and industry buzzwords that mean different things as they pertain to departments and individuals. Once your organization agrees on what it is you are trying to accomplish, only then can you move forward. 

Two: Develop the Business Case
Everyone within the organization has to be on board before you can proceed because a true BC/DR plan encompasses every facet of the business. To ensure cross-departmental involvement, it helps to first establish the business case, or your argument for developing the actual BC/DR plan. Are there specific business drivers or regulatory issues that make a business continuity strategy essential? If so, state your case and get executive support now. This will hopefully help alleviate some of the corporate politics that you may encounter.

Three: Assess the Current Environment
Pinpoint what it is you will be protecting — be specific — and identify all the risks involved. You can accomplish this via a number of ways, by conducting the following: a Business Impact Analysis (BIA) and/or a Risk Analysis. These more formalized processes will help you evaluate existing resources and establish a foundation for your plan. This is an excellent time to bring in an outside consultant; an experienced BC professional can drastically reduce the time and money needed to gather this information.

Four: Prioritize
Know the costs involved and define what absolutely needs to be done now then set priorities accordingly. You don’t have to devise a comprehensive BC/DR plan all at once. Apply a phased approach that models your immediate needs. Take baby steps. But be sure you address the following: Recovery Time Objective (RPO), Recovery Point Objective (RPO), critical applications and associated dependencies.

By taking the time to understand, analyze, and prioritize, you will be better prepared for your next step in creating a comprehensive, holistic BC/DR plan: Developing and Implementing a Business Continuity Management (BCM) Response. More on this in Part Two (coming soon).

Patrick R. Dunn, CISSP, CBCP
Principal Consultant – Disaster Recovery & Business Continuity
Vice Chairman – Contingency Planning Association of the Carolinas (CPAC)