Transcription
Business ContinuityPlanning with Bareosand rearGratien D'haeseIT3 Consultantshttp://www.it3.bePage 1
Who am I ? Independent Unix System Engineer since 1996 Unix user since 1986 Linux user since 1991 Open Source contributor:– Upgrade-UX– Relax and Recover (rear)– SIM Installation and Logging (WBEMextras)– Adhoc Copy and Run (adhocr)– Config-to-HTML (cfg2html v6.x)– Make CD-ROM Recovery (mkCDrec)– https://github.com/gdhaPage 2
Buzz WordsPage 3
Types of BusinessInterruptionsData from IBMPage 4
Business ContinuityPlanning Goal minimize service interruption Business continuity (BC) specifies howa company plans to restore corebusiness operations when disastersoccurPage 5
Business ContinuityPlanning ProcessesPreventionRisk ManagementRecoveryRecovery PlanRehearse, maintainand reviewPreparednessBusiness ImpactAnalysisResponseIncident ResponsePage 6
PreventionRisk Management Evaluate Risk– Step 1: identify risks that could impact yourbusiness– Step 2: analyze risks to assess their impacts– Step 3: prioritize risks– Step 4: treat risks to minimize their impact– Step 5: develop and review your riskmanagement planPage 7
PreventionRisk Monitoring As business change the risks changeaccordingly : periodic review required Monitor and review the strategies to managethe risks : update! Why?– Reducing insurance fees– Reducing the time when business is unable tooperate– Reducing loss, damage to equipment in generalPage 8
Preventionis a lot more.Quality controlBack-up of data (incl. off site)Select the proper staffStaff trainingWorkplace health & safetySecurity measurementsMaintenance of HW/SWCloud ComputingEmergency proceduresEvacuation plansRegular drills & testsPage 9
Business ContinuityPlanning ProcessesPreventionRisk ManagementRecoveryRecovery PlanRehearse, maintainand reviewPreparednessBusiness ImpactAnalysisResponseIncident ResponsePage 10
Preparednesswhat can you do? Taking action prior to an incidentoccurring to ensure an effectiveresponse and recovery Proactive and planning are key! It won't happen to me? Right. Business Impact Analysis (BIA)Page 11
PreparednessBusiness Impact Analysis Discover which processes are vital Prioritize and cut scope– False assumptions about criticality– Understand why certain function are morecritical then others– At what cost? Management must decide Requires cross-departmentalcollaborationPage 12
PreparednessBusiness Impact Analysis Executive staff defines mission criticalapplications– Agree upon what is acceptable downtime(Recovery Time Objective or RTO)– Agree upon your recovery point objective(Recovery Point Objective or RPO)– Zero downtime is an utopia and becomesextremely expensive– You need to guide the executivesPage 13
Business Impact AnalysisRPO - RTO RPO: Recovery Point Objective– How much data are we prepared to lose Zero data loss? Weekly, daily, or in between backups? RTO: Recovery Time Objective– How much downtime can we afford?– Lower recovery time higher cost– Focus on critical processesPage 14
Business Impact AnalysisMTOTime Since IncidentMaximum Tolerable Outage ( Business Expectation of cisionMakingProcessRecovery Process(IT Capability RTO)Key ServicesResumedInvoke DisasterRecoveryIncidentInvocation Lead TimeRecovery TimePage 15
Business Impact AnalysisExample BIA Company X is a mail order retailerAlmost all revenue is from on-line salesOnline catalog of 25.000 itemsOnline community message boardOffice in one location, includingwarehouse, IT and call centerPage 16
Business Impact AnalysisPotential Risks Theft (internal & external)Fires, Floods, EarthquakesPower OutageServer Crash (HW or SW)Loss of key personnelDDoS or web site hacked/outageWater pipe burstPage 17
Business Impact AnalysisIdentify Key Processes Pending orderTracking stockOnline assistanceCredit card processingOnline message boardSearch databaseIT maintenancePage 18
Business Impact AnalysisInter-dependencies Pending ordersTracking stockOnline assistanceCredit card proc.Online messageboard Search database Stock refill IT maintenancePublic relationsLegal complianceVendor agreementsServer room clean-upBudgetingEmergency loanFinancial reportingPage 19
Business Impact AnalysisImpact on operations Online store: highCredit card processing: highRebuilding: mediumMessage board: lowProduct search: lowFinancial reporting: lowBased on revenue value!Page 20
Business ContinuityPlanning ProcessesPreventionRisk ManagementRecoveryRecovery PlanRehearse, maintainand reviewPreparednessBusiness ImpactAnalysisResponseIncident ResponsePage 21
Response A response team: experts who are ableto understand and evaluate the specificcrisis– Team leader– Response team– Spokesperson– Others. The crisis should be their only concern!Page 22
Incidence Response Plan Scenario'sContact listCheck listsA 'GO' pack:– Laptop with all docs;Google doc, .– Event logging– Evacuation plan– Authority listPage 23
Activate the responseteam Define the real problem and lay out thestrategy to resolve Act quickly and do not forget tocommunicate (twitter,.) Assume the worst so you are prepared(escalation) Use the Subject Matters ExpertseffectivelyPage 24
Business ContinuityPlanning ProcessesPreventionRisk ManagementRecoveryRecovery PlanRehearse, maintainand reviewPreparednessBusiness ImpactAnalysisResponseIncident ResponsePage 25
Recovery During the incident we concentrate ondisaster recovery– We have a DR plan, right? What about after the crisis?– Damage to property, IT equipment, .– Damage to reputation (do not forgetcommunication)– Insurance is very importantPage 26
Disaster RecoveryDisaster Recovery (DR) is the process,policies and procedures that are relatedto preparing for recovery orcontinuation of technologyinfrastructure which are vital to anorganization after a natural or humaninduced crisisPage 27
Disaster Recovery is not Backup, which is mostly about data lossprevention, DR is about serviceavailability (low RPO and RTO) Data replication to ensure consistencybetween redundant sites DR complements other High Availabilityactivities (dealing with DR prevention),DR is for the times when prevention failsPage 28
Cloud Disaster Recovery Approaches– Do it yourself– DRaaS Techniques– Cold DR– Warm DR– Hot DRSource: The Forrester Wave:DraaS Providers, Q1 2014Page 29
Critical server: backupsystem In DR site the backup server is key Do not forget to create a DR plan forthis backup server (rear) Synchronize the backup data– Disk synchronization– Tapes (vaulting)– Cloud Storage (if size permits)Page 30
Bareos Backup Server Bareos (Backup Archiving REcovery OpenSourced) is a fork of Bacula (2010) URL: http://www.bareos.org/en/ Is an excellent choice as it works with– Tapes, disks, deduplication– Cloud storage– Integration with rearPage 31
Relax-and-Recover (rear) Open Source Bare Metal Restore (DR) URL: http://relax-and-recover.org/ Online: snapshot of running system– Creates bootable image (ISO, PXE, USB)– Creates archive via GNU tar, rsync, or– Integrates with backup software: Bareos, bacula, rbme, duplicity (open source) Commercial backup software (TSM, NBU, DP,GALAXY, NSR, SESAM)Page 32
Rear features Fully automated recovery– On same hardware– Similar hardware P2V, V2V, V2P, migrate storage (SAN) During recovery rear will– Prepare storage (partitioning, file systems, mountpoints)– Restore archive from backup– Install boot loaderPage 33
Rear using bareos Clients system of bareos– BACKUP BAREOS– Rear -v mkrescue Bareos backup server– BACKUP NETFS– BACKUP URL external storage , e.g.NFS, USB, ISO– OUTPUT ISO, USBPage 34
Recover system Recover bareos client with rear– Rear -v recover– Recreates all file systems– Uses bareos to restore all data Recover bareos server with rear– Rear -v recover– Recreates all file systems– Uses external storage to restore data– Restore latest backup via tape(s)Page 35
Business ContinuityBareos &relax-and-recoverRecoveryRecovery PlanPreventionRisk ManagementRehearse, maintainand reviewPreparednessBusiness ImpactAnalysisResponseIncident ResponsePage 36
At your service.htttp://www.it3.be/rear-supportPage 37
Data from IBM. Page 5 Business Continuity . occur. Page 6 Business Continuity Planning Processes Prevention Risk Management Response Incident Response Recovery Recovery Plan Preparedness Business Impact Analysis Rehearse, maintain and review. Page 7 Prevention . Incident Invoke Disaster Recovery Key Services Resumed Invocation Lead Time .
