Hjem

Foreword xix Introduction 1 About This Book 1 How This Book Is Organized 2
Part I: Getting Started with Disaster Recovery 2
Part II: Building Technology Recovery Plans 2
Part III: Managing Recovery Plans 2
Part IV: The
Part of Tens 3 What This Book Is -- and What It Isn''t 3 Assumptions about Disasters 3 Icons Used in This Book 4 Where to Go from Here 4 Write to Us! 5
Part I: Getting Started with Disaster Recovery 7
Chapter 1: Understanding Disaster Recovery 9 Disaster Recovery Needs and Benefits 9 The effects of disasters 10 Minor disasters occur more frequently 11 Recovery isn''t accidental 12 Recovery required by regulation 12 The benefits of disaster recovery planning 13 Beginning a Disaster Recovery Plan 13 Starting with an interim plan 14 Beginning the full DR project 15 Managing the DR Project 18 Conducting a Business Impact Analysis 18 Developing recovery procedures 22 Understanding the Entire DR Lifecycle 25 Changes should include DR reviews 26 Periodic review and testing 26 Training response teams 26
Chapter 2: Bootstrapping the DR Plan Effort 29 Starting at Square One 30 How disaster may affect your organization 30 Understanding the role of prevention 31 Understanding the role of planning 31 Resources to Begin Planning 32 Emergency Operations Planning 33 Preparing an Interim DR Plan 34 Staffing your interim DR plan team 35 Looking at an interim DR plan overview 35 Building the Interim Plan 36 Step 1 -- Build the Emergency Response Team 37 Step 2 -- Define the procedure for declaring a disaster 37 Step 3 -- Invoke the interim DR plan 39 Step 4 -- Maintain communications during a disaster 39 Step 5 -- Identify basic recovery plans 41 Step 6 -- Develop processing alternatives 42 Step 7 -- Enact preventive measures 44 Step 8 -- Document the interim DR plan 46 Step 9 -- Train ERT members 48 Testing Interim DR Plans 48
Chapter 3: Developing and Using a Business Impact Analysis 51 Understanding the Purpose of a BIA 52 Scoping the Effort 53 Conducting a BIA: Taking a Common Approach 54 Gathering information through interviews 55 Using consistent forms and worksheets 56 Capturing Data for the BIA 58 Business processes 59 Information systems 60 Assets 61 Personnel 62 Suppliers 62 Statements of impact 62 Criticality assessment 63 Maximum Tolerable Downtime 64 Recovery Time Objective 64 Recovery Point Objective 65 Introducing Threat Modeling and Risk Analysis 66 Disaster scenarios 67 Identifying potential disasters in your region 68 Performing Threat Modeling and Risk Analysis 68 Identifying Critical Components 69 Processes and systems 70 Suppliers 71 Personnel 71 Determining the Maximum Tolerable Downtime 72 Calculating the Recovery Time Objective 72 Calculating the Recovery Point Objective 73
Part II: Building Technology Recovery Plans 75
Chapter 4: Mapping Business Functions to Infrastructure 77 Finding and Using Inventories 78 Using High-Level Architectures 80 Data flow and data storage diagrams 80 Infrastructure diagrams and schematics 84 Identifying Dependencies 90 Inter-system dependencies 91 External dependencies 95
Chapter 5: Planning User Recovery 97 Managing and Recovering End-User Computing 98 Workstations as Web terminals 99 Workstation access to centralized information 102 Workstations as application clients 104 Workstations as local computers 108 Workstation operating systems 113 Managing and Recovering End-User Communications 119 Voice communications 119 E-mail 121 Fax machines 125 Instant messaging 126
Chapter 6: Planning Facilities Protection and Recovery 129 Protecting Processing Facilities 129 Controlling physical access 130 Getting charged up about electric power 140 Detecting and suppressing fire 141 Chemical hazards 144 Keeping your cool 145 Staying dry: Water/flooding detection and prevention 145 Selecting Alternate Processing Sites 146 Hot, cold, and warm sites 147 Other business locations 149 Data center in a box: Mobile sites 150 Colocation facilities 150 Reciprocal facilities 151
Chapter 7: Planning System and Network Recovery 153 Managing and Recovering Server Computing 154 Determining system readiness 154 Server architecture and configuration 155 Developing the ability to build new servers 157 Distributed server computing considerations 159 Application architecture considerations 160 Server consolidation: The double-edged sword 161 Managing and Recovering Network Infrastructure 163 Implementing Standard Interfaces 166 Implementing Server Clustering 167 Understanding cluster modes 168 Geographically distributed clusters 169 Cluster and storage architecture 170
Chapter 8: Planning Data Recovery 173 Protecting and Recovering Application Data 173 Choosing How and Where to Store Data for Recovery 175 Protecting data through backups 176 Protecting data through resilient storage 179 Protecting data through replication and mirroring 180 Protecting data through electronic vaulting 182 Deciding where to keep your recovery data 182 Protecting data in transit 184 Protecting data while in DR mode 185 Protecting and Recovering Applications 185 Application version 186 Application patches and fixes 186 Application configuration 186 Application users and roles 187 Application interfaces 189 Application customizations 189 Applications dependencies with databases,operating systems, and more 190 Applications and client systems 191 Applications and networks 192 Applications and change management 193 Applications and configuration management 193 Off-Site Media and Records Storage 194
Chapter 9: Writing the Disaster Recovery Plan 197 Determining Plan Contents 198 Disaster declaration procedure 198 Emergency contact lists and trees 200 Emergency leadership and role selection 202 Damage assessment procedures 203 System recovery and restart procedures 205 Transition to normal operations 207 Recovery team 209 Structuring the Plan 210 Enterprise-level structure 210 Document-level structure 211 Managing Plan Development 212 Preserving the Plan 213 Taking the Next Steps 213
Part III: Managing Recovery Plans 215
Chapter 10: Testing the Recovery Plan 217 Testing the DR Plan 217 Why test a DR plan? 218 Developing a test strategy 219 Developing and following test procedures 220 Conducting Paper Tests 221 Conducting Walkthrough Tests 222 Walkthrough test participants 223 Walkthrough test procedure 223 Scenarios 224 Walkthrough results 225 Debriefing 225 Next steps 226 Conducting Simulation Testing 226 Conducting Parallel Testing 227 Parallel testing considerations 228 Next steps 229 Conducting Cutover Testing 230 Cutover test procedure 231 Cutover testing considerations 233 Planning Parallel and Cutover Tests 234 Clustering and replication technologies and cutover tests 235 Next steps 236 Establishing Test Frequency 236 Paper test frequency 237 Walkthrough test frequency 238 Parallel test frequency 239 Cutover test frequency 240
Chapter 11: Keeping DR Plans and Staff Current 241 Understanding the Impact of Changes on DR Plans 241 Technology changes 242 Business changes 243 Personnel changes 245 Market changes 247 External changes 248 Changes -- some final words 249 Incorporating DR into Business Lifecycle Processes 250 Systems and services acquisition 250 Systems development 251 Business process engineering 252 Establishing DR Requirements and Standards 253 A Multi-Tiered DR Standard Case Study 254 Maintaining DR Documentation 256 Managing DR documents 257 Updating DR documents 258 Publishing and distributing documents 260 Training Response Teams 261 Types of training 261 Indoctrinating new trainees 262
Chapter 12: Understanding the Role of Prevention 263 Preventing Facilities-Related Disasters 264 Site selection 265 Preventing fires 270 HVAC failures 272 Power-related failures 272 Protection from civil unrest and war 273 Avoiding industrial hazards 274 Preventing secondary effects of facilities disasters 275 Preventing Technology-Related Disasters 275 Dealing with system failures 276 Minimizing hardware and software failures 276 Pros and cons of a monoculture 277 Building a resilient architecture 278 Preventing People-Related Disasters 279 Preventing Security Issues and Incidents 280 Prevention Begins at Home 283
Chapter 13: Planning for Various Disaster Scenarios 285 Planning for Natura