INTRODUCTION

DISASTER RECOVERY

NETWORK LAYOUTS

BACKING UP DATA

BUSINESS CONTINUITY AND IMPACT ANALYSIS

ADAMS & MILES DISASTER RECOVERY

DISASTER SCENARIO

Q & A

58 SLIDES

13 Years Ago •1 office •1 server •No remote access •No paperless procedures •Data Backup done nightly •15 GB of total data on the server

Current •2 offices •4 servers •VPN into office with 2 Citrix servers •95% Paperless •Data backup done nightly, Server snapshots done nightly •Offsite storage of snapshots and tapes •1,160 GB of data and growing by 15GB a month

•An organizations ability to recover from a disaster or unexpected event and resume operations •Plan is generally concerned with IT related infrastructure

Fire (Propane Explosion Toronto 2008)

Flood (Toronto 2013)

Ice Storm (Eastern N/A 1998)

Power Outage (Eastern N/A, 2003)

Other Examples of Disasters •Theft •Earthquake / Tornado •Computer Virus •Sabotage •Terrorism

A Disaster Recovery Plan outlines how a recovery will be accomplished

•Alternate Site •Communications •Data Recovery •Hardware and Software •Staff and Personnel •Available Power Options •Hard copy material if not digital

Outline functions that need to be recovered What functions and why Time to restore Who will oversee the recovery process

Generally overlooked because they are expensive and provide no immediate return on investment

Comparable to insurance Investing in something you hope you won’t ever have to use

The key to success is to have a plan in place before a disaster strikes

The safety of staff and their families should be the 1st priority

Multiple lines of communication are crucial

Data Backup and Recovery

•Data needs to be backed up and stored off site •Some data is more critical than other data and this should be established in the Business Continuity Plan

Alternative Workspace

In House Third party Cold Site Warm Site Hot Site

No Server Office (Workgroup)

•Similar to a home network •No server exists •Company data is spread out over multiple computers •Users are responsible for their computers

•Data is generally not centralized •Users are responsible for backups

•Involves Hardware •Backup software •Reliance on the user •Where is the company data on the computer •Backup copies off site •Data lost or stolen off site

Hard to manage data Harder to restore all that data

Recommendations for a “No Server” Office

Setup 1 computer on the network that will contain all the data

•no one uses this computer •The machine will perform better •10 users can connect to it

With all the data on 1 computer

•Backups now become easier •Easier to restore data •Backing up is cheaper •Lessens risk of data getting lost or stolen •1 person can be responsible •Only 1 computer is necessary to get back up and running

1 Server Office

•Common for offices with 5-30+ people •Data and Software reside on the server •Backups are performed to removable storage

In addition to nightly backups, server snapshots can also be taken

•Snapshots are like a picture of your server •Stored on external hard drives •Used to restore the whole system •Requires hardware similar to the original hardware

Easy to add storage capacity Server Costs can range from $5,000 to $40,00 depending on the needs

Recommendations for a 1 server Office

•No Data on Computers •An IT person or an outsourced IT company should be used •Built in redundancy is encouraged to prevent downtime

In the event of a Disaster

•Access to backups and snapshots •A duplicate server is required

•requires a tape drive •An experienced IT person is required

•Staff don’t work off servers so computers are also needed •Network switches and cables will be required

Multiple Location Office

•Setup the same way as a 1 server office but may have multiple servers •Servers may exist at both locations •Communication between offices is needed for staff to have access to the servers

•Disaster Recovery Plan may be required for each office •Multiple offices can be used as a working environment in the event of a disaster

Cloud Office

•What is “the cloud” •Virtual office you connect to through the internet •Data, software and automated backups

•Costs vary depending on usage, storage, backup requirements, vendor •Managed by a third party such as an ISP •Requires an internet connection •Used to backup local data via the internet

In the event of a Disaster

•Only a computer and internet connection are needed •No internet = No cloud •Both you and the cloud provider need to be operational •Both you and the cloud need to be functional

What can we do with all the paper?

The easiest solution is to scan paper to pdf

•Easier to retrieve •Portable •Cuts down on storage costs •Digital pdf’s are not flammable •Easier to maintain a document retention policy •Viewable through multiple devices

•Multiple viewing and sharing

•Helping the environment

The most common ways of backing up data are

•Tape •Removable Hard Drive •Thumb Drive •The Cloud •NAS

Data should be password protected or encrypted when removed from a server or computer

The most common form of backing up company data

•Taken off site •Monthly or yearly archives can be made •Tapes cost between $30-$70 each •Tape drives can cost $500-$5000 dollars •Software is required

Very popular over the last few years

•Inexpensive and large data capacities •Can be used with backup software that comes with Windows •Off site and archives can also be made •Convenient to just copy and paste •Not as durable as tapes

Treated in the same manner as a portable hard drive

•Less capacity then hard drives •More durable then hard drives (no moving parts) •They are easier to loose

NAS (Network Attached Storage)

•Box that contains a number of hard drives •Hard drives are setup in a RAID format •Hard drive failure does not result in lost data •Portable and offers some functionality for copying the contents to another portable device •Cost as little as $500 up to several thousand depending on the needs •Alternative for companies looking to Centralize Data

The cloud is convenient to backup to

•Requires an internet connection •Business class high speed connection may be required •Cloud provider backs up cloud data •Does not work without internet

Fees are usually based on storage capacity required

How do you know the planned procedures will work if they are not tested? A Disaster Recovery Plan involves testing, ongoing maintenance and keeping the plan up to date

•Plans need to be tested and revised as business` change and grow •After hurricane Katrina, 24% of companies said they tested their plan, 50% said they had no intention of doing so

Maintenance includes changes to hardware and software, personnel and the ability to expand capabilities

Unfortunately, a disaster may remove some of the personnel Changes to production must be accounted for Records of employees, hardware, software, vendors and contact lists

Other then IT, what other things need to be considered?

•Business Continuity Planning

•Business Impact Analysis

While a Disaster Recovery Plan focuses on processing and communications, a Business Continuity plan focuses on executing business functions Business Continuity is concerned with the enterprise as a whole

•Staffing •Payroll •Growth •Buying and Selling •Advertising •Manufacturing •Quality Control •Research and development •Location and rent

A Disaster Recovery Plan is a part of the Business Continuity Plan

A Business Impact Analysis is a description of business functions and operations

•Outside Functions

•The impact of losing functions

•The cost to carry out the recovery process

•Can the function be performed elsewhere

A Description of Business Functions and Operations

•Primary business functions

•People, equipment, power needs, computer needs and money

•Lists of vendors, clients and remote office locations

•Tangible objects

Outside Functions the business requires to maintain operation

•Courier and Shipping •Insurance Company •Banking information •IT support •Communication and Internet

The impact of losing some or all of the business functions and data

•Does all of the data and equipment need to exist •Is there an acceptable amount of loss of data •Reduced number of computers •Minimum required

The cost to carry out the recovery process and loss of revenue as a result of downtime

•How much downtime is acceptable •Cost Determination •What functions can be sacrificed

Can the function be performed elsewhere in the event of a disaster

•Sister company •Home as an alternative •Outsourcing

Adams & Miles has 2 offices, 1 in Toronto and 1 in Brampton 95+% of client information is stored digitally Paperless over 10 years ago 4 servers in Toronto Brampton connects through a fiber VPN VOIP through a third party

Servers Backed up nightly to tape drives •Current Tape and Archive is kept off site

Nightly snapshot stored to External Hard Drives •Once a month the snapshot is taken offsite

Snapshots allow the server to be restored to its operating condition at the time it was taken

•Operating System, data, software applications and databases

Tape Backups for individual files Snapshots and tape backups allow for restoration achieved within 12 hours of a disaster

•Less than 1 day data loss

In order to restore the data, a physical backup server is required

•This “blank” server is located at the Brampton office •Similar internals allowing for a restoration of the production server

Staff have the capability to work at full production in the other office

Staff information is kept in digital format offsite

•All staff have alternate email address via 3rd parties Firms Disaster Recovery plan is managed by myself and our Office Manager Updates provided to partners when there are noticeable changes

A disaster HITS!!! What to do?!?!

A disaster hits, the workplace no longer exists, what to do? The list of contacts and employees you kept off site or on your person will come in very valuable at this time Health and safety of employees is #1 concern

•Once taken care of, everybody will be better suited to take care of business •Flexibility for employee working hours •Extended vacation may be required

Contact the insurance company to file a claim

•If the disaster was malicious in nature, the police should be included as one of the 1st steps

If the alternate site is not affected, it is time to get that site up and running

Procedures depend on the type of alternate site

•In house, 3rd Party, Hot, Warm , Cold

Most small to mid size business will have a cold or warm site

•An empty room or a room with some equipment •This may also include someone’s house

Off site data needs to be restored Computers need to be replaced

•Spare company computers or people’s home computers may need to be used

Communications need to be available

•LAN lines, Internet, Cell Phones

•Any or all can be used to communicate with employees, vendors and clients

Lost business equipment needs to be replaced Manufacturing equipment needs to be replaced

•Equipment can be costly or take a long time to arrive •Know where this can be attained quickly from a local source •Know of other local business’ that can lend similar equipment until your new equipment arrives

It’s important to have enough power available to achieve proper recovery procedures

•This should be determined in the Disaster Recovery Plan

Weather big or small, preparing for a disaster or not, every company should have these basic components in place Regular Backups of data

•Data backups kept off site •A means to restore that data •Centralized data

Contact lists of employees, vendors, banking / insurance, clients and emergency contacts

•Kept off site in a manner that is accessible

Some type of emergency plan, weather simple or complex, in the event the workplace is no longer available

Jeff Bondar IT Manager

Adams & Miles LLP 2550 Victoria Park Avenue, Suite 501

Toronto, Ontario M2J 5A9 Phone (416) 502-2201 Fax (416) 502-2210

www.adamsmiles.com