Wednesday, 28 March 2012

BCAW webminars

This are the webminars deployed regarding the Business Continuity Awareness Week, sponsored by BCI.

Adopting Cloud In Your Backup Strategy
BCM Frameworks: From Best Practices to Standards to Overarching Models
Burst out of you own personal silo, Find out who else is interested in disasters
Business Continuity Awareness for Senior Management
Business Continuity in the Supply Chain
Business Continuity Management Systems
CM² Maturity Model
Conscientisation pour la continuité des affaires auprès de la direction
Contact Centre Continuity
Continuity as a Service (CaaS)
Corporate Business Impact Analysis-Why Bother?
Cyber Preparedness-Time is Not on Your Side
Establishing a Governance framework for an effective BCM
Getting Started with BCM
Horizon Scanning - What could Business Continuity look like in 2040
Horizon Scanning, new threats, new skills, new challenges the next 5 years
How to check your Business Continuity Management System?
How to Effectively Use Social Media Before and During Disasters
How to Successfully Implement a Business Continuity Management Program..
Identifying Key Suppliers
Infrastructure Impact Analysis
Integrating Cyber Threat Protection and Business Continuity Planning
ISO 22301 Business Continuity Management Systems
Learning from Earthquakes, Non-Structural Retrofitting and Other Mitigation Meas
Preparing for the 2012 Games- What should you do in the time left?
Preparing for the 2012 Release of ISO 22301
Preparing your Communications Strategies for London 2012
Puzzle Pieces: Are You Seeing the Entire Planning Landscape
Risk Management Strategies for Protecting Enterprise Supply Chains
Why a formal certified BCMS? “Due Diligence”-Talking the Language Management

Thursday, 22 March 2012

Distance Between Datacenters

One of the most common questions when designing a IT service continuity plan is distance between datacenters. Answer is easy: a distance that would be far enough to grant that an event is not going to affect to the principal and the alternate data center, but close enough to ensure that services are going to be delivered in a proper way, specifically in those services in which people are involved.

IT industry maturity has caused that, in most companies, IT service process has a high level of automation or are remotely managed and cloud computing is a clear example of this. This fact has and caused that risk is  considered as the only aspect to take into account when selecting an alternative data center location, so let put the data center far far away.

However there are two issues that affect when determining the distance: Cost and Technology.

Technology

Telecommunications between data center are done using optical fiber in most cases, although depending on applications requirements, different protocols will be used. Basically there are three types of data centers communications:
  • Level 3 interconnections: are used to connect data centers with few latency and transparency requirements. MacroLan by Telefónica, LanLink by Colt or LanExtesion by BT are the typical level 3 operators products .
  • Level 2 interconnections: Are based in link protocols, for example, and over all Ethernet. This kind of connections are more transparent than the lever 3 connections and, with techniques like  FCoE, allow to cover most of connectivity scenarios if applications has not a few latency.
  • Level 1 interconnections: signal transmission through optical fibber multiplexed with DWDM or CWDM that allow interconnection high capacity interconnections (nowadays 40 Gb and up to 100Gb). with a very few latency. It'll be more important the latency due to light transmission.
Most data centers are connected using this technologies, being between 10 and 80 kms the usual distances among them. For longer distances, projects are more complex, because long distance networks has to be used, with, for example, SDH protocol that allow a continuous signal regeneration, although latency are introduced.

Most multinationals have chosen an architecture that offers a lot of technical functionalities with the minimum risk, that is to have two data centers one close to the other (1 to 5 kms) operating in an active-active configuration and the alternative data center for disaster or disruptive events is located hundreds of miles away, even in another continent. For example, Santander bank has in this architecture datacenters in Madrid, Cantabria ( upcoming opening ), London, Sao Paulo (Brasil) and Querétaro (México). The following video shows a virtual tour for the Brazilian datacenter of Santander.


Cost

It's easy to conclude that the longer the distance, the higher the cost. Depending on fiber attenuation interconnections has to be implemented with more or less power lasers. For distances longer than 80kms regeneration or amplification of signal will be required, so more equipment and more cost. Talking about very long distances, like London - Cantabria of Santander bank, international lamdas will be involved and the bill could be very expensive and difficult to justify.

Another fact to take into account is that the longer the distance, the higher probability to be intercepted and confidential information to be disclosed, and thats why cipher technologies has to be used, as I explain in this post in secuirtybydefault blog.
 

Monday, 5 March 2012

Overview of SunGard CMS

As a continuation of my later post Business Continuity Management tools, I'm going to analyse deeply a tool which I've been with and I've some experience.  It's Continuity Management Solution Suite by SunGard Availability Services.

First of all is to speak about Sungard: is an Amercian company with headquarters in Wayne, Pennsylvania, born as a spin-of the IT department of a the oil company SUNOCO (Sun Oil Company), with a high presence in USA. The meaning of SunGard is Sun Guaranteed Access to Recovered Data, what shows the focus of their activity.

Sungard has four divisions: Availability Services, Financial Systems, K-12 Education and Public Sector, being the suit CMS  under SunGard AS division.

SunGard AS has its focus on Continuity, offering a huge portfolio that include workstation, recovery data centers, consultancy services, offices, mobile data centers and BC management software. In Spain the Authorized Represented of SunGard to BCM software is Sistemas Informáticos Abiertos (SIA) , offering also BC consultancy services and BC managed services.

Suite CMS by SunGard AS is on 7 modules, with the intention to include some additional module. All modules are presesented in the following picture:


Modules that are currently part of the suite are the following:

Los módulos que componen actualmente le suite son los siguiente:
  • LDRPS : Living Disaster Recovery Planning System, is the core of the suite. Contain database that are the inventory of whole organization: employees, facilities, applications, technology, etc. Response procedures and plans are defined on this module.
  • BIA Professional: In one of the four assessment modules. It's though to carry out impact analysis through web questionnaires that has to be responded by final users. Responses are stored in the different databases of LDRPS and are the source for plans automations. .
  • Risk Assessment: Other assessment module, focused on risk. Identifys the main risks that affect to the different locations.
  • Work Force Assessment: to evaluate the knowledge and preparedness of the employee.
  • Vendor Assessment: to evaluate the preparedness of suppliers. 
  • Incident Manager: It's a management board to manage crisis and help in the tracking of procedures defined in plans. It also provides alternative communications mechanisms, manage internal and external communications procedures, unique point of contact for coordination, etc..
  • Notifind: completes the suite with communication massive communication features. Information stored in LDRPS is synchronized whit in databases located in operator Varolii in order to grant that communications are going to be carried out and any company resource are not going to be used.