Análisis de datos

Depending on the BIA and high-level strategies for enterprise availability, an organization may choose to use mirrored, hot, warm, or coldsite facilities for disaster recovery. Some measure of facilities, equipment, and data contingency must be in place for an enterprise DRP. Facilities planning is usually a function of business continuity planning, and typically includes the data center and a fully functional employee workspace.

Alternate site selection prepares an organization for a disaster event which renders the production site unusable or irreplaceable for short to long-term periods of time. The overall risk and cost of downtime for IT operations directly

determines the kind of alternate site architecture. Figure 5-4 illustrates the cost and recovery time benefit for the different kinds of alternate site architectures.

Figure 5-4 Cost versus recovery time for various alternate site architectures

There are obvious cost and recovery time differences among the options. The mirrored site is the most expensive choice, because it ensures virtually 100 percent availability. Coldsites are the least expensive to maintain; however, they require substantial time to acquire and install necessary equipment. Partially equipped sites, such as warmsites, fall in the middle of the spectrum. Table 5-1 summarizes the criteria that can be employed to determine which type of alternate site meets the organization's business continuity and BIA requirements.

Table 5-1 Alternate site decision criteria

Comprehensive infrastructure, limited hardware/software for infrastructure, and limited staffing. Manual and electronic vaulting for data using TSM.

Basic facilities, limited infrastructure, manual vaulting using TSM.

Mirrored Site: Near zero or zero data loss: Highly automated takeover on a complex-wide or business-wide basis, using remote disk mirroring, TSM for backup/recovery operations.

Mirror image of production hardware, software, and infrastructure ready at remote site, repetitive data backups, high backup frequency using TSM and electronic vaulting methods. 24x7 staff.

C o s t / C o m p le x it y

Time to Recover

1 Min. 1 Hour 3 Hour 12 Hour 24 Hour Days Weeks

Mirrored

Hot

Warm

36 Hour

Site Type Capital Costs

Hardware/

Software

Networking/

Communications

Setup Time

Mirrored High Full Full Minimal

Hot Medium/High Full Full Hours

Warm Medium Partial Partial or Full Days

Cold Low None None Days/Weeks

We will discuss four main types of alternate sites, which include the use of TSM for storage management and disaster recovery:

򐂰 Mirrored Sites: Mirrored sites are fully redundant facilities with full, real-time information mirroring. Mirrored sites are identical to the production site and provide the highest level of availability, because data is written and stored synchronously at both sites. Mirrored sites are built and maintained at approximately twice the operating costs of the production data center facilities.

In a mirrored site, TSM provides backup, restore, and archive operations and adds additional layers of protection against data corruption. Site to site mirroring is the best way to provide 100% availability, but data corruption and cyber-threats pose a credible risk to even fully redundant operations.

Maintaining functional versions of data in a mirrored site is key to ensuring high availability.

򐂰 Hotsites: Hotsites are equipped with fully functional and prepared servers, storage, network, and software systems. Hotsites are staffed for 24x7 operations, and in some cases share a portion of the production workload as a measure to justify ongoing capital and human costs. Hotsite costs vary according to the scale of operations and recovery requirements.

TSM provides continuous backup and availability of production data to a hot-site operation. Electronic vaulting techniques might be used to move production data backups from site to site. Once the DRP is activated, hotsite personnel immediately begin the restore process in the recovery

environment. In some instances, production data backups may be routinely restored to hotsite systems to minimize the overall time to restore in the event of a disaster. Specific requirements and procedures for data availability can be developed from RTO data for each system.

򐂰 Warmsites: Warmsites provide infrastructure and equipment to restore critical business functions. Generally, all power and environmental services are in place, along with hardware, software, and network components needed for operations. The site is maintained in an operational status with minimal staff.

TSM provides the capacity to vault data to a warm site through manual or automated procedures. Production data backups can be vaulted to a

warmsite TSM environment and restored to recovery systems in the event of a disaster.

򐂰 Coldsites: Coldsites typically consist of a facility with adequate space and infrastructure (electric power, telecommunications, environmental controls) to support the IT data processing environment. The site does not contain IT equipment or office equipment needed for operations. Usually, coldsite facilities are leased through third-party service providers, and the majority of equipment is insured through service level agreements with hardware

vendors or disaster recovery hardware vendors. Organizations such as Sunguard and IBM Business Continuity and Recovery Services specialize in designing these kinds of service contracts for enterprise organizations.

For coldsite operations, TSM can provide offsite copies of data to be stored at or near the cold site. TSMs automated capability to manage offsite tape volumes provides a cost effective and automated method for coldsite data management.

5.6.1 Alternate site cost analysis

Several variables factor into the cost analysis for an alternate site. Facilities can be either owned or leased through commercial vendors. Either way, facilities costs represent a continual capital cost for any alternative site plan.

Infrastructure, telecommunications, and networking costs are usually grouped with facilities costs. Hardware and software is secured via full acquisition, hardware DR vendor contracts, or a mix of the two elements. Travel, labor, and testing costs are site and event dependent, but must factor into the overall operational cost model. Other miscellaneous variables may also affect the cost models. Table 5-2 provides a basic template for alternate site cost analysis and comparison.

Table 5-2 Alternate site cost analysis template

As site costs and architectures are evaluated, primary production site security, management, operational, and technical controls must map adequately to the alternative site design.

5.6.2 Partnering strategies for alternate sites

Two or more organizations with similar or identical IT configurations and backup technologies may enter a formal agreement to serve as alternate sites for each other or to enter a joint contract for an alternate site. Enterprise customers with multiple production sites may also design alternative site policies between locations.

This type of site is set up via a reciprocal agreement or memorandum of

understanding. A reciprocal agreement should be entered into carefully because each site must be able to support the other, in addition to its own workload, in the event of a disaster.

Written agreements for the specific recovery alternatives selected should be prepared, including the following special considerations:

򐂰 Contract duration, extension of service, and termination conditions

򐂰 Testing and maintenance procedures

򐂰 Shared and unshared capital costs

򐂰 Security procedures

򐂰 Change and problem management procedures

򐂰 Hours of operation, availability, and personnel requirements

򐂰 Specific equipment required for recovery

򐂰 Disaster Recovery Plan notification procedures

򐂰 Guarantee of compatibility and service

򐂰 Priorities for system recovery in the event of a multi-site disaster

Multiple party commitments for alternative site provisioning should carefully map business requirements for availability to a joint DR Planning process.

Identification of mutual risks is key to developing a multi-party Disaster Recovery Plan and infrastructure. For both recovery sites, the DR sequence for systems from both organizations needs to be prioritized from a joint perspective. Testing should be conducted at the partnering sites to evaluate the extra processing thresholds, compatible system and backup configurations, sufficient

telecommunications and network connections, and compatible security measures, in addition to the functionality of the recovery strategy.