Rethinking Disaster Prepardness to Leverage Resources in a Cloud and Mobile World: Presentation given at the 2012 Tennessee Higher Education Symposium (THEITS) - In many respects the disaster recovery plans of today are based upon the environments of old where commodity hardware, cloud resources and mobile devices didn’t exist. In November of 2011 the Tennessee Board of Regents office became the first public higher education organization to move its ERP system to the cloud by having it hosted at the state’s new data center. The following January, state auditors came on site to perform a routine biennial audit. The audit process included an information systems and disaster recovery component which led to a complete rethinking of disaster recovery in the new environment. This presentation chronicled the issues of moving mission critical systems to the cloud and how cloud resources from various sources coupled with mobile devices can be incorporated for cost effective disaster recovery planning.
Tech Startup Growth Hacking 101 - Basics on Growth Marketing
Rethinking Disaster Prepardness THEITS12
1. Rethinking Disaster Prepardness
to Leverage Resources
in a Cloud and
Mobile World
Thomas Danford
Jon Calisi
Tennessee Board of Regents
Tennessee Higher Education IT Symposium – April 15, 2012
2. Agenda
Our Goal: Start a discussion on how we might
collectively rethink new DP/DR paradigms
Auditors and CFOs
The landscape and how it has changed
Disaster prepardness challenges
Our new ERP strategy
Hosting (cloud) tangible benefits
Disaster preparedness strategies &
considerations
Discussion and Q&A
2
3.
4. How the Landscape has Changed!
1986 2011
Proprietary Hardware Commodity Hardware
– Expensive & Big – Inexpensive & Small
– Long Lead & Handling – FedEx Overnight
PCs in 16.6% of Homes PCs in >82% of Homes
– Modems/RS-232 – Broadband (70%)
– Text Interface – GUI
– Low Computer Literacy – High Computer Literacy
Brick/Bag Cell Phones Small “Smart” Phones
– Costly & Poor Coverage – Affordable & Ubiquitous
On Premise Data Centers “Cloud” Computing (_aaS)
– Employer Supplied Electronics – Commercialization of IT (BYOD)
– Collaboration in Proximity – Collaboration in the Cloud
4
6. Our New ERP Strategy
Hosted in the cloud at OIR (since October 2011)
– Economies of scale
– Tangible benefits
DR planning still required
– OIR premium DR packages (Platinum, Gold, Silver, etc.)
– A role reversal of data centers approach
6
7. Hosting (Cloud) Tangible Benefits
Physical Plant
• Intruder Security (Guards, Locks, Cameras, etc.) (State Audit concern)
• HVAC & Environmental Controls (Closed system, Redundant, Excess capacity)
• Power (N+1 Redundant, 2 circuits, Independent path, PDU, UPS/Battery)
• Diesel Generator (Redundant, 5 days operation w/o refueling)
• F-4 Tornado Rated Facility, Not on a floodplain
• Fire Detection & Suppression (State Audit concern)
• Bandwidth & Connectivity (Multiple providers, Independent path)
Infrastructure
• Offsite Data Replication (Disaster recovery/Business Continuity)
• Network Management (Firewalls, Load balancing)
• Server Failover
• Enterprise SAN with commodity disk space (fiber vs. SATA)
• Enterprise Backups (Disk 2 Disk 2 Tape, 30 day onsite disk recovery, De-duplication)
• 4 Year Hardware Refresh
• System and Security Monitoring Appliances & Software (HP OpenView, Security)
Service Levels (Represents Increases in Staff Capability Presently Unavailable)
• Deep bench of Technicians (Networking, Server Admin, DBA)
• Network/Servers/Databases monitored 24 X 7
• Patches and upgrades are managed (State Audit concern)
• Strict Change Control Policy is enforced (State Audit concern)
• Help Desk is available 24 X 7
• Disaster Recovery Plan and Testing (State Audit concern)
• Full-time Security Officer & Staff of 30
7
8. Putting Disaster Recovery into Perspective
RTO – Recovery Time
Objective
RPO – Recovery Point $250,000
Objective $200,000
$150,000
The closer to real time $100,000
protection the higher the $50,000
cost $0
Day Day
Picking the insurance 1 2
Day Day
3 4
plan that fits your
organization
8
9. The Realities and the Objectives
Hosting (Cloud) Resources Greatly Reduce Risk
In a Cloud World (most) all Disasters are Local
Higher Ed is not an IT Transactional Business
So the Objectives Should be:
Evaluating “True Risk”
Balancing Costs in Light of Risk
Compliance with Audit Expectations
9
11. Backing up the Cloud
Nightly backups to
central office data
center
Use UC4 to
automatically move
the backups
Prepped VMs ready
for Banner
deployment
The same process for
Banner development
11
12. Central Office Offsite Backup Strategy
Automatic SAN 2
SAN nightly backups
Backups will include:
– Mission critical files
– Vm’s
– Email
12
13. Central Office Disaster Preparedness
Strategies
Telecommuting
Phasing out desktops
Bring your own device (BYOD)
Maximize mobile devices
Virtualization
13
14. Central Office Disaster Preparedness
Resources
Current Operations During a Disaster
Local Exchange server Live.edu
Office face 2 face meetings Google Hangout
Website Communications Facebook
My documents Live.edu SkyDrive
Departmental files Live.edu SkyDrive
14
15. Employees – Communications & Mobile
Chat and text messaging capabilities
E-mail – Outlook Web App
Thomas.danford@tbr.edu = Thomas.danford@live.tbr.edu
Mobile Devices
– iPad/iPhone
– Android
– Windows Mobile
Mobile Apps
– SkyDrive
– OneNote
15
16. Employees – Working with Files and Data
Storage – 25GB/employee
– SkyDrive (drag and drop from desktop)
– Ability to sync
– Ability to share files/directories
Applications – cloud based with desktop integration
– Bing search Engine
– PowerPoint
– OneNote
– Word
– Excel
16
17. Personal Resources (Mobile Apps)
News and weather
Business continuity
Cloud storage
Utilities
Others?
17
18. Discussion and Q&A
What’s happening on your campus?
Ideas & suggestions?
Interest in collaborating?
Thank You!
Thomas Danford Jon Calisi
Tennessee Board of Regents Tennessee Board of Regents
http://www.linkedin.com/in/tdanford
http://twitter.com/tdanford
18