Linggo, Hulyo 29, 2012

Building a Disaster Recovery site


Disaster Recovery is one thing you hope you never need, but if you do, you’ll be very happy if you have right plan in place. Whether you are outsourcing your Disaster Recovery solution or keeping it in house, the steps required to implement it are somewhat complex, but very important. In this 3 part series, we’ve drafted an outline of how to build a remote DR site for your IT.
disaster recovery
photo credit: comicbookmovie.com
We’ll address each step in more detail:
  1. Determine the business requirements for RTO and RPO
  2. Determining the right location
  3. Determining if the right systems are available at the location
  4. Virtualization of the primary and backup environments/production systems
  5. Moving the data
  6. Keeping the data synced
  7. Building the failover environment
  8. Testing and proving the disaster recovery program works
1. Determine the business requirements:
Your “business requirements” boil down to one thing: figuring out how long you can afford to be without your IT. Is it seconds? American Airlines has a zero second threshold. They lose thousands maybe millions of dollars for each second their system is unavailable. Your business operations may not be so mission critical and are able to skip a heartbeat for minutes, hours, days — without a significant impact on your bottom line.
Ask your executive staff, what can the company financially tolerate in terms of downtime? And just as importantly, what can you withstand in terms of rollback of data in a failure situation? How fresh does your data rollback need to be?
These two measurements are your RTO or Restore Time Objective and RPO or Restore Point Objective.
RTO / Restore Time Objective is: how quickly do we need to be back in business?
RPO / Restore Point Objective is: data should be restored as it was on the last day, hour, minute, or last second even (think about a bank – they can’t afford to miss a single transaction). Then ask yourself, what’s the technology required to achieve those objectives? Your RTO and RPO are going to dictate the options available to you for your disaster recovery program.
2. Determining the right location:
Where do you want to “put” your Disaster Recovery environment? Contrary to common belief, “the cloud” is not up in the air somewhere, it’s in a city near you. If you want your data in “the cloud,” you need to understand where the data center, a.k.a. the cloud is that you’re floating around in.
Why is the cloud location so critical?  Consider events from earlier this month. The Derecho Storm that hit the Washington DC area left the region without power for an extended period of time, and with it took down popular internet sites Netflix, Pinterest and Instagram temporarily. Consumers were off line for an entire week and even big companies were forced off line. Behemoth Amazon’s cloud services were interrupted – because their “cloud” was located in the disaster zone
While no location is completely without risk, the ah-ha moment here is that if you’re going to choose aDisaster Recovery provider, you need to know where their facility is located so you mitigate your risk. You don’t want your cloud provider to be stricken by the same disaster as your primary facility.
Now that we’ve given you something to think about concerning the cloud, your RTO and RPO, we’ll continue our discussion on building a remote Disaster Recovery site in our next article with: determining the right systems, virtualizing the primary and backup data, and finally moving the data. Part three will address synchronization, the failover environment and testing. 

Martes, Hulyo 17, 2012

Developing a Data Retention Policy: What data do you HAVE to backup?

Online Data Backup


In this previous article we outlined a brief history of and comparison of tape backup environments to disc backup environments. Understanding how your data is retained is the first and critical step to designing a data retention policy, but the next steps are a little more murky and complex.Depending on industry in which you trade, your information retention policy could possibly be dictated by legal or business retention requirements. To illustrate, legal retention requirements would come with:

Each state has unique law about long medical records need to be maintained
Every business’ tax records should be kept for about 36 months - but there many exceptions to the rule:You need to keep all employment tax records for not less than Four years right after the date that this tax becomes due or perhaps is paid, whichever is later.

In Texas, Sales and Use Tax records must be retained for 4 years.

Businesses controlled by OSHA regulations have specific requirements on what long their data needs to be retained

Food manufacturers are necessary to track all the ingredients and their location of origin in the unfortunate event of poisoning

Machine shops are required to maintain records on from where the material origin in case there is product failure

The The Massachusetts Society of Cpas has published a great resource on this subject here.In addition to what you are legally needed to do, there are compelling business arguments for retaining your data for time. Ask yourself how long you have to maintain customer or accounting records. Look into the many scenarios that could impact your business, for instance, do you offer any warranty or credits? Will there be any chance for a recall of the manufactured items? What's the general practice in your niche for maintaining business records? Imagin if you were to offer this company, how long of the history would a possible acquirer want?
Start the information you have retention policy by inviting key employees to the brainstorming session and inquire, what happens if we should instead return at some point to retrieve for data for:
A tax records audit

A labor law compliance auditA product or service liability lawsuitA work practices claimA worker tort for example a sexual harassment claimand begin to build your policy around these scenarios. Check it against both the legal data retention requirements and also your own business retention needs.Partially 3 in our series on Developing a successful data retention policy, we’ll offer a checklist that you follow when organizing your business’s data retention policy.

Hurricane Preparation Checklists – the Final 48 Hours

Online Data Backup

Hurricanes are pricey and deadly. Yahoo Finance reports that 7 of the 10 most expensive U. S. weather unfortunate occurances in the past 3 decades were hurricanes. Nevertheless the great news about hurricanes - if there could be “good news” about hurricanes - is really because are actually foreseeable, taking into account clever getting ready before the storm ultimately hits. Given time and adequate planning, individuals and businesses can lessen the exposure to the danger resulting from hurricanes. Global Data Vault helps a number of customers though hurricane planning, and we’ve learned what can be done to attenuate risk and regain quickly.
We’ve put together various hurricane planning checklists that will help as well as your company prepare - even just in the very last hours as a hurricane draws near:

Hurricane Planning Checklist #1: Family
1. Develop a serious event communications plan. In the event family members are separated from one another during floods and other disasters, have a plan for getting back together. Separation is indeed a possibility through the day when adults are at work and children are usually school.


2. Ask an out-of-town relative or friend to be your “family contact.” Your contact should live outside your community. After a disaster, it is simpler to generate a great distance call compared to a local call. Family should call the contact and inform him or her where they may be. Everyone have to know the contact’s name, address, and phone number.


3. Call up your home and casualty agent, it might not be past too far to update limits and add appropriate coverage.


4. Discuss how to handle it if authorities have you evacuate. Make arrangements for a lodging with a friend or relative who lives out of town and/or find out about shelter locations. Review a listing of what you should take when you are required to or maybe if you may evacuate.
5. Unless you prefer to evacuate, check your emergency supplies. Some things you’ll want to have on hand are:


- AA portable, battery-powered radio or television and other batteries.
- Flashlight and other batteries.
- First aid kit and first aid manual.
- Supply of prescription drugs.
- Credit card and money.
- Personal identification.An additional group of car keys.
- Matches in a waterproof container.
- Signal flare.
- Map in the area and phone numbers of places you may choose to go.
- Wrench to turn off household gas and water.
- A week’s availability of water and nonperishable food.

Additional recommendations here
6. Understand escape routes. Depending on the variety of disaster, it could be important to evacuate your house. Plan several escape routes should certain roads are blocked or closed. Remember to keep to the advice of local officials during evacuation situations. They should direct you to the safest route; some roads might be blocked or generate further danger.


7. Protect your financial data and digital memories.
8. Plan taking proper your pets. Pets can sense any time a storm is arriving and can go into hiding or behave erratically from fear. Be sure you time where they are and make certain that the disaster planning includes a safe place for him or her with you or relatives and buddies with water that is clean and plenty of food.


Hurricane Planning Checklist #2: Personal and Business Data (IT)
Don’t put your computer data at an increased risk. You may be an existing customer you aren't, call Global Data Vault at +1-214-363-1900.


1. In case you are already a customer, we can start a final check to make certain your system is ready. There exists a special checklist that we’ll walk through to ask about protection for all your critical data - we're also thrilled to tell you this anytime - not just when disaster is looming.


2. Review and/or decide who is responsible to seal down your IT systems. If we have given a local backup appliance, let's assist you to perform your IT shutdown. Then, for anybody who is evacuating, unplug and grab the appliance with you - or, should there be time, package it very well, and ship it to us.
3. If you aren't already a customer, give us a call anyway. There might very well be period to protect critical data. It could be especially employed to employ a USB drive handy, like the ones you can aquire at Office Depot approximately $100. We’ll protect computer data for 1 month 100 % free or obligation.


Hurricane Planning Checklist #3: General Business
1. Call your home and casualty insurance professional, may possibly not be too far gone to update limits and add appropriate coverage.


2. Review and update employee emergency contact info - ensure all people have the newest information.


3. Review and update vendor emergency details - ensure everybody has up to date information. 


4. Provide alternate information in your customers - or make sure they know in case you expect your main contact techniques to failover and/or to outlive intact.


5. Take a look at emergency communications plan. Throughout an emergency, being able to efficiently talk to staff, customers, authorities and the public can create a big difference regarding how good your organization are able to get over the disaster. To better assure this efficiency, it is advisable to encourage open communication amongst workers prior, during, and following an urgent situation situation. An excellent outline is found in our blog here: http://www.globaldatavault.com/blog/business-continuity-planning-part-10-emergency-communications-plan/


6. Encourage all employees to ready alternative means of transportation for traveling to and from work as soon as the storm if normal modes are interrupted.


7. Decide when to close your offices. Determine who's got the legal right to initiate an evacuation. It is a good option to produce a series of command that allows others to provide the order if the designated person is not available.


8. Specify who definitely are answerable for shutting down critical operations and locking the facility during an evacuation. It is another instance where you should train additional staff in the event the designated person is unavailable.


9. Let your employees are aware that you're planning to help with them after the disaster. Here are some good guidelines and ideas


10. When you setup an isolated IT operation following the event, remember these security precautionsKeep in mind that disaster planning is a great idea even when you aren’t glued to the weather channel watching the hurricane approach. Start thinking of what to do when you're not in a very stressed situation, and don't forget that you're not alone. There are lots of people and resources which can help you, your family members and your business survive and get over the worst of storms

Please visit: http://www.globaldatavault.com/blog/hurricane-preparation-checklists-the-final-48-hours/

Checklist for developing an effective Data Retention Policy


Online Data Backup

Part 3: In our previous two areas of this series, we examined the history of information retention policies and also the business and legal requirements that dictate what underlying issues you face when writing your data retention policy.Partly two, we took a look at the challenges that different industries face with regards to what data to keep and for how long. And even though each company has different requirements, the common thread to every single data retention policy is your info is everywhere . Encompassing all of it may be nearly impossible although this checklist isn't exhaustive, it’s a great foundation to the data retention policy. Combined with a professional data backup system, you’ll relax knowing your important information is protected and simply recoverable.During this final installment, we offer a data checklist and questions to ask when setting your policy.To begin with, assess everything you have. 

Your corporation has lots of categories of data you'll want to consider in your own data retention policy:
Financial data
Databases
Email
Documents
Pictures / videos
Production data
System state information

Furthermore, the location of the data must be considered. You can actually create a different DRP for each one, based on that which you keep where.
Servers - what's stored on the server?

Databases -what is stored there and how do the legal and business requirements dictate what you need to maintain and for how long?

Desktops - do you need to backup files which are saved on desktops? Therefore, how long do you need them? Typically desktop files aren't retained for as long as server data.
Email - The content in the data should be evaluated

What is in the emails? A lot of companies can experience that email is unimportant to core business, but others might use email for being an integral a part of their order processing or customer care functions. Use the case associated with a freight forwarder for example, where every email carries a document attached with key business information. That freight forwarder’s exchange server is, therefore, huge and crucial to copy. In this situation, the freight forwarder could have customers that contact them years later looking for goods that were to be sent to a particular location. On their behalf, email is important to backup. Your company will have a similar communications issue.

Recovery - how can your organization recover its data coming from a potential problem or data loss? How much time could you survive without the information you have before your organization practice will be impacted? Have a reality check of the data retention policy and inquire:

Would it give you the necessary recovery?Will it restore in the time frame and also as you needed? Test that!

Frequency - What is the danger of information loss, should you backup your details more frequently than once per day, and exactly how long can you keep your data?
- An example of the frequency of a retention policy might be:
Retain every daily backup for Ten days
Retain every weekly backup for six weeks
Retain every monthly backup for 14 months
Retain every year-end backup for 7 years

Evaluating the soundness of the data retention policy depends on asking your executive staff, is this right, would it be sufficient, and it is it cost efficient? There's a balance you’ll need to achieve between cost to keep data as well as legal requirements that your clients are subject to. Furthermore, brainstorm the “what-if’s” scenarios and discover what data would be needed to recover properly:

What if we got a partial loss of data of data such as a server failureLet's say we'd a total data loss for instance a premises disasterImagine if we had widespread corruption of data from the virusLet's say we suffered a data loss from deliberate sabotage
What if we accidentally destroyed important dataImagine if we should get back eventually for data for:

A tax audit
A labor law compliance audit
A product liability lawsuitA work practices claim
An employee tort such as a sexual harassment claim
Finally, on your own checklist, make sure there aren't any “islands of data” outside the policy -
Laptops
Desktops

Remote officesThere's no one size fits all for a data retention policy. Each company has its unique needs, cost parameters and legal requirements that can dictate what's essential and mandatory to keep this business if there is a disaster or loss of data. Begin with the checklist above and boost it to suit your individual business and legal requirements.