Sponsored by Veeam - Conversational Geek · Sponsored by Veeam Veeam® recognizes the new...
Transcript of Sponsored by Veeam - Conversational Geek · Sponsored by Veeam Veeam® recognizes the new...
SponsoredbyVeeam
Veeam®recognizesthenewchallengescompaniesacrosstheglobefaceinenablingtheAlways-OnEnterprise™,abusinessthatmustoperate24.7.365.Veeamhaspioneeredanew
marketofAvailabilityfortheAlways-OnEnterprise™byhelpingorganizationsmeetrecoverytimeandpointobjectives(RTPO™)oflessthan15minutesforallapplicationsanddata,througha
newsolutionthatdelivershigh-speedrecovery,datalossavoidance,verifiedrecoverability,leverageddataandcomplete
visibility.VeeamAvailabilitySuite™,whichincludesVeeamBackup&Replication™,leveragesvirtualization,storage,andcloudtechnologiesthatenablethemoderndatacentertohelporganizationssavetime,mitigaterisks,anddramaticallyreduce
capitalandoperationalcosts,whilealwayssupportingthecurrentandfuturebusinessgoalsofVeeamcustomers.
Foundedin2006,Veeamcurrentlyhas49,000ProPartnersandmorethan255,000customersworldwide.Veeam'sglobal
headquartersarelocatedinBaar,Switzerland,andthecompanyhasofficesthroughouttheworld.
Tolearnmore,visitwww.veeam.com
ConversationalBusinessContinuityandDisasterRecoveryforHigherEducation
(MiniEdition)byWayneDipchan
©2017ConversationalGeek
ConversationalBusinessContinuityandDisasterRecoveryforHigherEducation(MiniEdition)PublishedbyConversationalGeekInc.www.conversationalgeek.com
Allrightsreserved.Nopartofthisbookshallbereproduced,storedinaretrievalsystem,ortransmittedbyanymeans,electronic,mechanical,photocopying,recording,orotherwise,withoutwrittenpermissionfromthepublisher.Nopatentliabilityisassumedwithrespecttotheuseoftheinformationcontainedherein.Althougheveryprecautionhasbeentakeninthepreparationofthisbook,thepublisherandauthorassumenoresponsibilityforerrorsoromissions.Norisanyliabilityassumedfordamagesresultingfromtheuseoftheinformationcontainedherein.
TrademarksConversationalGeek,theConversationalGeeklogoandJ.theGeekaretrademarksofConversationalGeek®.Alltermsmentionedinthisbookthatareknowntobetrademarksorservicemarkshavebeenappropriatelycapitalized.Wecannotattesttotheaccuracyofthisinformation.Useofaterminthisbookshouldnotberegardedasaffectingthevalidityofanytrademarkorservicemark.
WarningandDisclaimerEveryefforthasbeenmadetomakethisbookascompleteandasaccurateaspossible,butnowarrantyorfitnessisimplied.Theinformationprovidedisonan“asis”basis.Theauthorandthepublishershallhaveneitherliabilitynorresponsibilitytoanypersonorentitywithrespecttoanylossordamagesarisingfromtheinformationcontainedinthisbookorprogramsaccompanyingit.
AdditionalInformationForgeneralinformationonourotherproductsandservices,orhowtocreateacustomConversationalGeekbookforyourbusinessororganization,pleasevisitourwebsiteatConversationalGeek.com
PublisherAcknowledgmentsAllofthefolksresponsibleforthecreationofthisbook:
Author: WayneDipchanProjectEditor: JPeterBruzzeseCopyEditor: JohnRughContentReviewer(s): KarlaReina
The“Conversational”Method
Wehavetwoobjectiveswhenwecreatea“Conversational”book:First,tomakesureit’swritteninaconversationaltonesothatit’sfunandeasytoread.Second,tomakesureyou,thereader,canimmediatelytakewhatyoureadandincludeitintoyourownconversations(personalorbusiness-focused)withconfidence.
“GeekintheMirror”Boxes
Weinfusehumorandinsightintoourbooksthroughbothcartoonsandlightbanterfromtheauthor.Whenyouseeoneoftheseboxesit’stheauthorsteppingoutsidethedialogtospeakdirectlytoyou.Itmightbeananecdote;itmightbeapersonalexperience.
WithintheseboxesIcansharejustaboutanythingonthesubjectathand.Read’em!
BusinessContinuityandDisasterRecoveryforHigherEducation
Keepinganeducationsystem’snetworkenvironmentrunningis,insomeways,moredemandingthaninanyothertypeoforganization.Mostorganizationsneedtosimplymeettheneedsoftheirinternalusers,withasmallersubsetofapplicationsorservicesavailabletotheirexternalcustomerbase.Buteducationenvironmentshave,
bydefinition,theneedtoprovideaccesstodataandapplicationstofaculty,staff,andstudents–eachwithuniqueneeds.Andthis,ofcourse,isanythingbutatraditional9-to-5typebusiness;educationenvironmentsareuniquelycomplex.Nearlyeveryapplication–fromemail,tocollaborativetools,toclassschedulesandgrades,andeverythinginbetween-needstobeaccessiblearoundtheclock,byjustaboutanytypeofclientdeviceimaginable.
Insomeenvironments,it’salmostliketherearenotiersofapplications–everythingiscritical.
AllofthismakeshavingaBusinessContinuityandDisasterRecovery(BCDR)planinplacesoverycrucialtothesuccessoftheeducationalinstitution.
Thinkaboutit–nearlyanylossofservicewillhaveamajorimpactonaschool’sabilitytofunction:registration,on-premlearningmanagementsystems,andtheusualsuspectslikedirectoryservices,email,fileandprintservices,etc.–anoutageofanyofthesewouldbringabigpartoftheeducationalinstitutiontoascreechinghalt.
SothequestionbecomesdoyouhaveaBCDRplaninplace?Ifyouhadtorespondtoamajorlossofservice(whichweall,generally,refertoasthedisaster)today,doyouhaveaplanthatdefinesthetiersofapplicationsandservices,therequiredrecoveryobjectives(moreonthatlater)foreach,listsofsystemdependencies,andtestinginplacetoensureyourplanismorethanjustatheory?
ITispulledinsomanydifferentdirectionsthatstoppingandputtingastrategyandplanofanykindinplace(foranystrategicinitiative,BCDRincluded)istough.Buttheimpactdowntimecanhaveonaneducationalsystemistooseveretorisk.
Thebottomlineis,youneedaBCDRPlan!
ThebadnewsisyourBCDRplancan’tbefocusedonjustonedisaster,asa“disaster”canincludethelossofdata,systems,applications,connectivity,andlocations–aswellasanycombinationoftheselosselements.
Andthenthereareadditionaldisaster-esquescenariosthatcanimpactyourenvironment.Ransomwareinfectionstodayaredesignedtospreadwithinanetwork,whichcanrequiretherebuildingorrestoringofworkstationsandserversaspartoftherecoveryplan.CyberattacksinvolvingcompromisedfacultyorstaffcredentialscanrequirerevertingActiveDirectorybacktoanearlierstate–whichhasfurtherimplicationsontheaccesstonetworkresourcesbystudents,faculty,andstaff.Incompatiblepatches,databreaches,malware,andphishing–justtonameafewmore–allcancausesomedegreeofBCDRtocomeintoplay.
Lastly,rememberthatyourBCDRplanisn’tastaticdocument;it’sasever-changingasthesystemsandtechnologyyourenvironmentuses.Asproductionworkloadschangeovertime,yourbusinesscontinuityplanneedstokeeppacetoensureviability.
Inthisbook,we’llexaminefactorsyouneedtoconsiderwhenputtingtogetheraBCDRplaninaneducationalenvironment.We’llalsoshowhowtoproactivelydevelopyourplan,empoweringITforwhendisasterstrikes.
Let’sbeginbylevel-settingthegoalofBusinessContinuity.
WhatisBusinessContinuity?WhileI’mguessingyouhaveabetter-than-rudimentaryunderstandingoftheterm,let’suseitsmostgeneraldefinition,whereBusinessContinuityreferstoacontinuationofyourcriticalbusinessapplicationsduringadisasteroroutage,and/orchangestothebusiness.
ButdefiningBusinessContinuityinaneducationsettingisabittrickier,asyoureallyneedtofigureoutwhetheryourspecificoperationscanbecategorizedasoneortwodistinctsetsofnetworkoperations.Thereareaspectsofyournetworkthatareclearlydevotedtothedailyoperationsoftheeducationofstudents,whileothersystemsareallabouttheback-endprocessesthatkeepstudentsinseatsyearafteryear.SomeofyoumayuseseparateActiveDirectoryinstances,somemayhaveeverythingstaff-relatedon-premwitheverythingstudent/faculty-relatedinthecloud.It’snotexactlythesameineachcase.
So,aswediscussthestepsnecessaryforBCDR,keepinmindthatyourenvironmentisuniqueandmayrequireyoutodevisetwoseparateplans.
Whetheryouconsidereverythingasoneenvironmentornot,thebest-casescenarioofawell-planned,testedandimplementedBCDRplanisforyourenduserstoneverseeadisruptionintheirservice.But,inreality,thegoalistominimizebothdowntimeanddatalossduringthedowntimeduration–asclosetozeroaspossible.
Achievingthisgoaliseasyinsomecases,asthereareapplicationsthathavehighavailabilityandstayupnomatterwhat.Butforotherapplications,reachingthegoalofzerodisruptionwilltakeabitmorework,asdisastersnormallyequatetoanoutage.
Thebasicstepstoachievethisgoalarethesameforeducationalinstitutionsofvaryingsizesandverticals.It’scrucialthatBCDRinfrastructurebeimplementedatthepointanapplicationisdeployed.IfBCDRisbakedintotheprojectlifecycleandcreatedproactively,goingforward,allapplicationdeploymentswilladheretoyourplan.Havingateamdedicatedtoscalable,process-drivenBCDRplanning,testing,andimprovingiskeytoyoursuccess.
Step1:DefineBCDRElementsandObjectivesBeforeyoueverplan,there’sabitofinvestigationanddiscoverythatneedstotakeplacetodefinethespecificgoalsyouhavefortheplan.Youdon’tjuststartoutplanning“we’llrecoversystemXfirstandthenapplicationY”–youneedtodefinewhen,howandwhatyouwishtorecover.
Yourobjectivesshouldbecomprisedofanumberofelementsthatwillbeassociatedtogetherlaterintheprocess.Theseinclude:
ApplicationCriticality
Agovernancecommittee–composedofmembersofIT’sapplicationandinfrastructureteams,lineofbusinessowners,departmentheads,andevenend-users–needstoconsiderandestablishthecriticalityofeachofyourapplications.Generally,organizationssimplyreferto“applicationtiers”usingsubjectivetermswhereoneapplicationismoreimportantthananother.ButyourBCDRplanneedstohavefarmoreobjectivedefinitionsthatcan’tbemisconstrued.
Becausewe’reultimatelygoingtousedefinedlevelsofcriticalityaspartofarecoveryeffort,thebeststandardistodefineaservicelevelagreements(SLA)foreachapplicationandgroupthemintotiers.DefininganSLAisassimpleasasking“howlongcanweaffordtohavethisapplicationdown?”and“howmuchofthisapplication’sdatacanweaffordtolose?”
Applicationscanbecategorizedintocriticalityclassificationssuchas
• MissionCritical:Businessoperationscometoacompletestopifunavailable.
• Critical:Businessoperationsareimpactedbutnotcompletelydown.
• Essential:Possiblefinancialimpactbutnoimpactonbusinessoperations.
• Non-Essential:Businesscanrunwithouttheseapplicationsforsometimewithoutmajordisruptiontoendusers.Forexample,archivalorhistoricalrecords.
Tohelpyoucategorizeyourapplications,thinkofthemissionessentialfunctions(MEFs)ofyourorganizationandtheapplicationsthatkeepthemgoing.Mapthoseapplicationsanddatatooperationsthatmaycausethefollowing:disruptionofresearch,departureoffacultyandstudents,well-beingofstudents,lossofrevenue,legalharm,impactonbusinesspartnersorotherunits.
RecoveryObjectives
TheseclassificationscanthenbefurtherhoneddownbydefiningspecificRecoveryTimeObjectives
(RTOs)andRecoveryPointObjectives(RPOs)foreachapplication.
AnRTOistheacceptableamountoftimeittakestorecoveragivendataset,system,orapplication,startingfromthetimeadisasterisdeclaredtowhennormalaccessisrestored.
AnRPOisthepointintimetowhichthedata,system,orapplicationisrestored,countingbackwardsfromthetimeofthedisaster.
Toputtheseintoperspective,acriticalinfrastructureservicelikeActiveDirectorymayhaveRTOandRPOmeasuresinsingle-digitminutes(orevenzerominutes),whereasthefilesusedbythemarketingdepartment,fundraisingortrainingmayhaveanRTOandRPOofhoursordays.Basically,theallowabledowntimeforeachapplicationislinkedtohowcriticalisthebusinessunit,whichmustputareassuchasenvironmentalorpublicsuretyontopofyourmindwhenitcomestorecovery.
RecoveryTiers
Oncetheobjectivesaredefinedforallapplications,youwillbegintoseehowsimilarlycritical
applicationshavesimilarorthesamerecoveryobjectives.Thegovernancecommitteeshouldgrouplikeapplicationsintotiers.Anynewapplicationbeingintroducedtotheenvironmentsshouldbeassignedatierbeforebeingdeployed.
Yourtierscouldbedefinedasfollows:
• Tier0withRTO0minutesandRPOof0minutes• Tier1withbothRTOandRPOupto15minutes• Tier2withRTOupto4hoursandRPOupto24Hours• Tier3withRTOupto1weekandRPOupto1week
• Tier4BestEffort
Thegovernancecommitteemustbecarefulwhendecidinginwhichtiertoplacetheapplications.Onthesurface,itfeelslikeeveryapplicationiscriticalandcantolerate0downtime,howeverwhenyouareknee-deepinafulldisasterwithnothingrunning,themostefficientBCDRplanaccountsforasystematicrecoveryofneededservices,on-by-one.
Whileinfrastructureservicessuchasnetworkconnectivity,ActiveDirectory,DNS,DHCP,
etc.allneedtobeaccountedforandassignedatier(likelytier0),becausethesearefoundationalelementsonwhicheveryotherapplicationrelies,youshouldconsiderhavingtheseservicesalreadyreplicatedtoarecoveryenvironment.Thiswillallowfailoverandrecoveryof
impacteddataandapplicationstobequickerandmoreefficient
whenadisasteroccurs..
Dependencies
Manyapplicationshaveinterdependencies.Taketheusecaseofanappdesignedtofacilitatestudentregistrationforcourses.There’safront-endwebapplication,abackendLMS,potentiallytheuseofActiveDirectoryforauthentication.It’sacomplexmixofservicesthat,shouldanyoneofthemnotbeavailable,theentireserviceisdown.So,it’simportanttoconsiderthedependenciesbetweenapplicationswhendecidingwhichtiertheyshouldfallinto.Typically,inter-dependentsystems,services,andapplicationsaregroupedasasuitethatwouldallfallintoonetier.Thesystems,services,andapplicationsthatmakeuptheregistrationfront-endandLMSwouldbegroupedtogetherandtreatedasasinglerecoveryset.
Fullandincrementalbackupspreserveappsandinter-dependentsystems,andshouldbeperformedonaregularbasisforfilesthatareirreplaceable,haveahighreplacementcost,orareconsideredcritical.
Step2:DefineNeededBCDRTechnologyYou’llnotethisstepdoesn’tstartwith“seewhatkindofrecoverabilityyourcurrenttechnologyhas.”Instead,stickwiththedefinitionsofwhattheorganizationneedstoaccomplishduringrecovery,andthenworktoidentifywhatitwilltaketoreachtheBCDRobjectives.
Putsimply,whattechneedstobeinplacetoachieveyourdefinedtierRPO’sandRTO’s?
Whiletherearelotsofoptionstodayfromwhichtochoose,belaserfocusedonthecontinuityneedsfoundinthoserecoveryobjectives,scrutinizingwhetherin-housesolutionsandskillsetswilldoorifnewsolutions,services,infrastructures,andpartnerswillbenecessary.Thesedecisionsmustbebalancedbyconsideringemergingtechnologiesthatmayofferbettersolutions.Useofvirtualizationisagiven,asisleveragingthecloud(whetherforbackupstorage,asarecoverytarget,orboth).
ThisisthepartwhereITmayendupsayinggoodbyetotheothernon-ITmembersofthecommittee,becausetheconversationwillquicklyturnto
technicalargumentslikewhetheratier1applicationshouldsimplyberecoveredusingimage-levelbackups,orifitneedstobereplicatedtoaco-locationdatacenter.
Ifyouarethinkingaboutextendingintothecloud,donotassumethatallcloudproviders
meettheregulatoryrequirementsforhigher
education.Makesuretheyprovidedocumentationonwhatstandardstheymeet.Alsoaskwhathappensifyouwantto
takedataoutofthecloud.Noteingestion/exgestionfees.
Alsoconsideranyregulationsondataretention.Forexample,aTexaslawrequiresitsuniversitiestostoreERPdataonphysicaltape.Yep–tape.So,asyouplanforusingthelatestandgreatesttechtoexecuteyourBCDRstrategy,regulationsmayofferadditionalcolorthatmayaltertheBCDRpath.
Step3:BuildtheActualBCDRPlanNowthatyouhaveacleardefinitionofyourapplicationanddatapeckingorder,thecriteriadefiningwhethercontinuityorrecoveryisachoiceforeach,andanideaofwhattechnologyisneededtofacilitateyourBCDRobjectives,it’stimetobuildoutaplanthatincludesthefollowing:
• Mappingapplicationscriticality,dependingonthecriticalityofthebusinessunits/functions
• Thedefinitionsoftherecoverytierswithobjectives,keepinginmindtheallowabledowntime
• Alistofwhereeachdataset,system,orapplicationsitswithinthesetiers(includingdependencies)
• Documentationaroundanyreplicatedapplicationsorservicesrunninginpreparationforadisaster
• Definitionsofspecificcloud-basedservicestobeused,includingsupportcontactdetails,credentials,andwhichtierswillleverageeachservice
• Lastly,therecoverystepstobetakenforeachdataset,system,orapplication
Buildyourrecoverystepssotheyworkinbothascenariowhereyouarerecoveringeverything,aswellasonewhereyouarerecoveringa
singleapplication
Step4:Test,Test,TestIhearditoncesaid,“myBCDRplanisonlyasgoodasthepaperit’son.”Withouttesting,thisisabsolutelytrue.Onceyouhaveanideaofhowsimpleorcomplexanactualrecoverywillbeforanygivenrecoveryset,defineplanstotesttherecovery,withincreasingfrequencyascriticalityapproachestier0.
TheamountofplanningandstaffinvolvedintheBCDRtestingdependsonthesizeandcomplexityoftheinfrastructurerequired.Somecompaniescanturntheconnectivityofftoaprimarydatacenterandhaveallinfrastructureandapplicationteamssignoffontheirpartoftherecovery.Thiswillhighlightanyinefficiencieswiththeplanoranyunexpectedresultsthatcanberemediatedbeforethenexttest.Ofcourse,thiswillneedtotakeplaceoutsideofregularbusinesshours.
Butifyouhaveapplicationsthatneedtobeavailable24hoursaday,7daysaweek,you’llneedtolooktoarecoveryorchestrationtoolset.ManyofthesetoolsprovidefeaturesthatenableafullBCDR
testofaworkloadormultipleworkloadswhilekeepingtheproductionworkloadrunning.
Thisisaccomplishedbybringingupreplicatedworkloadsinasecondarydatacenterwithinanisolatednetwork.TheisolatednetworkpreventsduplicatenameandIPaddressconflictsontheproductionnetwork.Applicationteamscanconnecttotherecoveredapplicationfromwithintheisolatednetwork,testtheapplicationandeventuallysignoffonthesuccessofthetesting.Someorchestrationtoolsallowyoutotesttheinfrastructurepieceofafailoverwiththepushofonebutton.Reportscanbegeneratedandsenttomanagementforconfirmationoferror-freetesting.Hereagain,ofcourse,anyissuesencounteredneedtobedocumentedandremediatedandthentestedagaininthenextBCDRtestingcycle.
KeyTakeawaysEducationenvironmentshavetheuniqueneedtokeeptwoenvironmentsrunningcontinuously,makingBCDRseemdaunting.Butwithproper(andproactive)planning,implementation,andtesting,BCDRbecomesapartofdailyIToperations,with
staffandtechnologyreadyatamoment’snoticetoensurethehighestlevelsofuninterruptedservices.Withtherightgovernanceinplace,coupledwiththetechnology,youcanhaveconfidencethatyoucanexecuteaBCDRplanthatmeetsyouragreeduponrecoveryobjectivesregardlessofthedisaster.
NOTES