Disaster Recovery Planning (DRP)

Introduction

• Organizations create a Disaster Recovery Plan (DRP) to handle outages or significant problems.
• DRP covers every aspect of how to manage such situations.

Key Technologies in DRP

• Backups: Essential for data recovery.
• Offsite Data Replication: Involves storing data at a separate location.
• Cloud Alternatives: Using cloud-based servers instead of on-site ones.
• Remote Sites: Fully operational locations used as backups.

Third-Party Services

• Temporary Facilities: Provided by third-party contracts.
• Recovery Services: Manage the disaster recovery process.

Important Metrics

• Recovery Time Objective (RTO):

  • Measures how quickly operations can be restored.
  • The goal is to minimize this time (e.g., 1 hour for a web server).

• Recovery Point Objective (RPO):

  • Measures how much data is lost during an outage.
  • The goal is to minimize data loss (e.g., banking data might have a very short RPO).

Timeline Example

• Data Recovery Point: Where data is backed up or replicated.
• Outage: The point where services fail.
• RPO and RTO: Measured from the outage to recovery points.

Estimating Recovery with MTTR and MTBF

• MTTR (Mean Time to Repair): Average time to fix a problem (e.g., replacing a failed router).
• MTBF (Mean Time Between Failures): Expected lifespan before a device fails (e.g., firewall with 20 years MTBF).

Site Resiliency

• Involves moving data centers to temporary facilities during disasters.
• Preparation Steps:
  • Ensure power and hardware are staged at the recovery site.
  • Data transfer processes are in place.

Types of Disaster Recovery Sites

• Cold Site:

  • Empty building with no equipment or data.
  • Requires transporting equipment and personnel.

• Hot Site:

  • Exact replica of the primary data center.
  • Equipped with hardware, applications, and data replication.

• Warm Site:

  • Intermediate setup with some infrastructure and possibly partial hardware.
  • Requires some additional setup and data recovery.

Testing and Exercises

• Tabletop Exercises:

  • Simulated discussions around a conference table.
  • Allows departments to discuss processes and logistics without physical movement.

• Full-Scale Validation Tests:

  • Physical simulation of moving to a disaster recovery site.
  • Can follow specific scenarios (e.g., fire or geographic evacuation).
  • Documentation of processes to improve efficiency and address issues.

Conclusion

• Regular testing and updating of DRPs is crucial to ensure efficiency and readiness.
• Organizations should be prepared for various scenarios and have clear processes documented.