WEBVTT

00:00.140 --> 00:05.560
Sometimes every once in a while really bad incidents take place.

00:05.580 --> 00:07.440
And when I say bad I mean really bad.

00:07.440 --> 00:14.670
Like we're talking hurricanes or acts of war or some type of really bad thing that's going to take place

00:14.970 --> 00:18.470
that is going to massively disrupt your infrastructure.

00:18.660 --> 00:21.840
And that's what contingency planning is all about.

00:21.840 --> 00:25.490
So you really have two things to think about here when you're talking about this.

00:25.530 --> 00:28.710
First of all you're talking about what we call disaster recovery.

00:28.710 --> 00:30.440
We have a hurricane.

00:30.480 --> 00:33.160
I live in Houston Texas we think about this stuff a lot.

00:33.330 --> 00:35.040
We have a hurricane coming in.

00:35.040 --> 00:39.220
We have a disaster it's going to put six feet of water in our offices.

00:39.300 --> 00:42.100
How do we recover from that type of a disaster.

00:42.240 --> 00:46.850
But on the same token I have an obligation to the people I pay rent to.

00:47.030 --> 00:47.930
To make money.

00:48.030 --> 00:51.600
So what do I do to keep my business continuity going.

00:51.600 --> 00:54.480
What do I do to keep everything going.

00:54.480 --> 01:00.330
So these two do work very much together and it's important that we can talk about him at the same time

01:00.540 --> 01:03.560
under we'll just use the term contingency planning.

01:03.560 --> 01:10.560
So the big thing we're going to talk about first is the idea of a disaster coming in let's say a hurricane

01:10.560 --> 01:15.310
does the knock on wood come into the Houston Texas area.

01:15.600 --> 01:18.600
I'm going to have to evacuate my offices.

01:18.690 --> 01:22.490
So what we talk about is the concept of a backup site.

01:22.500 --> 01:25.030
Now there are different levels of backup site.

01:25.110 --> 01:28.020
We call them cold warm and hot.

01:28.020 --> 01:29.730
Let me show you all three of those.

01:29.730 --> 01:33.420
The first type of backup or recovery site is a cold site.

01:33.420 --> 01:37.740
The way to remember a cold side is that it takes weeks to bring it up on line.

01:37.740 --> 01:39.950
So this is going to be a basic office space.

01:40.050 --> 01:45.090
There'll be buildings with air conditioning and chairs and desks but there won't be any operational

01:45.090 --> 01:45.540
equipment.

01:45.540 --> 01:49.290
There may be some equipment on site but it's basically not plugged in.

01:49.290 --> 01:55.550
The big benefit of a cold side is that it's the cheapest of all the different types of recovery sites.

01:55.590 --> 02:01.350
Second is a warm site a warm site will take days to actually bring online.

02:01.410 --> 02:07.470
In this case it's a cold site but it does have operational equipments so all the computers are there.

02:07.590 --> 02:13.290
They probably have their basic software running but they have either very little of your functional

02:13.290 --> 02:15.460
data or no data whatsoever.

02:16.930 --> 02:24.610
The last one is a hot site a hot site can take just hours to bring online many hot sites will have real

02:24.610 --> 02:30.130
time synchronization literally everything happening on our main site is being mirrored over at our Hot

02:30.130 --> 02:30.680
Site.

02:30.880 --> 02:35.120
So almost all the data is ready to go and usually just a quick update.

02:35.170 --> 02:37.870
Get the people over there and we're up and running.

02:37.870 --> 02:41.810
The downside to hot sites is that they are very very expensive.

02:41.860 --> 02:49.740
Simply picking a back up or recovery site just by going by the cold warm hot concept is good but there's

02:49.750 --> 02:55.860
a lot of other things to consider when you're thinking about sites like this for example distance distance

02:55.890 --> 02:58.770
is a really big deal in Texas.

02:58.780 --> 03:01.350
These hurricanes can be really really wide.

03:01.360 --> 03:07.420
So we want to make sure that whatever backup site we're using isn't going to be affected by the same

03:07.420 --> 03:08.230
event.

03:08.230 --> 03:13.180
Luckily for us in Houston we've got Dallas Texas and that's where we go whenever the hurricanes come

03:13.180 --> 03:13.870
along.

03:14.140 --> 03:19.710
Secondly when you're thinking about the location you need to think about some really important stuff

03:19.720 --> 03:20.590
for example.

03:20.590 --> 03:23.860
Pretty much everybody got power and they pretty much everybody has Internet.

03:23.980 --> 03:27.000
But do they have the level of internet connectivity you need.

03:27.130 --> 03:33.700
What internet tear are they connected to or are you way down on some little terrible ISP or are you

03:33.820 --> 03:34.770
in a big pile.

03:34.780 --> 03:35.970
What are your requirements.

03:35.980 --> 03:37.540
You need to think about that.

03:37.600 --> 03:38.680
Other things come into play.

03:38.680 --> 03:40.950
For example if you're going to be there for a while.

03:40.990 --> 03:42.400
What about housing.

03:42.400 --> 03:44.340
What about entertainment for employees.

03:44.350 --> 03:48.300
You need to think about all of these things when you're putting all this together.

03:48.920 --> 03:51.440
Third are going to be legal issues.

03:51.440 --> 03:59.390
For example one big issue we have is different types of data are handled different ways depending on

03:59.390 --> 04:00.880
what country they're in.

04:00.890 --> 04:08.600
So we need to make sure that wherever we are moving to expensive it's a different country that our legal

04:08.600 --> 04:12.190
issues are handled in terms of whatever we need to do with that data.

04:12.350 --> 04:15.890
This can be even more challenging when you get into the cloud itself.

04:15.890 --> 04:22.130
Many countries require depending on your industry what you're doing that the data that you use on a

04:22.490 --> 04:28.370
given daily basis must be within the same country that you're doing business and you really do have

04:28.370 --> 04:32.800
to work very very closely with cloud providers to make sure that that's taking place.

04:33.520 --> 04:39.190
So disasters happen you've got backup sites and everything's there.

04:39.190 --> 04:41.160
You've thought about it and you've established a site.

04:41.170 --> 04:44.650
You've made a decision on what type of site you want.

04:44.650 --> 04:49.510
Keep in mind that business continuity and data recovery go hand-in-hand.

04:49.540 --> 04:56.410
So the hurricane has gone away and the power's back up and we've mopped the floors and we're ready to

04:56.410 --> 04:57.600
come back home.

04:57.820 --> 05:02.230
Now what we have to deal with something that we call the order of restoration.

05:02.230 --> 05:06.880
So what I'm going to do is just give you a sample order of restoration and this is the one we actually

05:06.880 --> 05:09.040
use here in total seminars.

05:09.040 --> 05:11.890
The first thing I'm going to check when we walk in the door is power.

05:11.890 --> 05:14.020
I want to make sure the power is restored.

05:14.140 --> 05:18.970
Now just because the power company says things are restored I want to make sure my outlets are functional

05:19.180 --> 05:25.170
and I'm going to be running around with a tester to make sure I've got good AC power where I need it.

05:25.210 --> 05:30.400
Second I'm going to make sure my wired LAN is up and running and any switches that are interconnecting

05:30.400 --> 05:34.690
all my cable runs is up and good and everybody's happy.

05:34.690 --> 05:39.270
Number three my internet service provider link here total seminars.

05:39.280 --> 05:41.990
We can't get a lot of work done unless we're on the Internet.

05:42.010 --> 05:46.200
So the third thing I'm going to do is make sure that the link is good and the routers are up and running.

05:46.300 --> 05:52.900
And make sure we're in good shape there next any active directory or DNS or D.H. C.P. servers.

05:52.900 --> 05:55.860
So I've got a couple of window boxes that tend to handle all that.

05:55.870 --> 05:59.120
I make sure those are up in cooking next after that.

05:59.140 --> 06:04.870
Are our accounts servers this way if people are calling in to buy things or to have questions or to

06:04.870 --> 06:06.190
place orders.

06:06.250 --> 06:09.200
We have the servers ready to deal with that stuff.

06:09.280 --> 06:14.180
So along with that all my sales folks and account folks are going to have to have their workstations

06:14.200 --> 06:15.140
up and running.

06:15.430 --> 06:19.510
Now once we get the day to day stuff go and then I'm going to go looking back towards production for

06:19.510 --> 06:24.340
example you like my videos Well we need to make sure our video production servers that store all these

06:24.340 --> 06:30.270
videos are up and running and on top of that all my post-production guys need their video post-production

06:30.280 --> 06:32.370
workstations up and running.

06:32.410 --> 06:33.720
Now that's the core stuff.

06:33.730 --> 06:38.770
But from there little things that aren't quite so critical to us for example I'm going to get my wireless

06:38.770 --> 06:43.360
access points up and running at this point for the occasional times when people go wireless as they

06:43.360 --> 06:45.610
come into my office.

06:45.850 --> 06:49.270
And then last on my personal list are what I call peripherals.

06:49.360 --> 06:56.680
So things like printers cameras scanners faxes making sure that these are all up and running contingency

06:56.680 --> 07:01.130
planning without a little practice is just going to get you in trouble.

07:01.150 --> 07:05.940
Don't let your first disaster be the first time you actually put all this in order.

07:05.950 --> 07:11.540
So the big thing that we do more than anything else is we have annual exercises now.

07:11.560 --> 07:14.460
These exercises can manifest in a lot of different ways.

07:14.590 --> 07:19.540
You can do just a little tabletop exercise where your primary people are sitting around a table talking

07:19.540 --> 07:24.520
about how this goes but they go through the order and understand it or you can do more aggressively

07:24.520 --> 07:31.090
than that and actually do a fire drill where people go out and move servers and fire systems up and

07:31.090 --> 07:32.950
get in cars and go places.

07:32.950 --> 07:37.710
Expensive but if your systems are that critical it's not a bad investment.

07:37.750 --> 07:39.730
You need to think about a lot of different things here.

07:39.730 --> 07:42.580
For example the concept of fail over.

07:42.580 --> 07:50.650
It's always nice to talk about these recovery sites but fail over simply means the process of making

07:50.650 --> 07:51.550
that happen.

07:51.610 --> 07:54.110
And that's where people get in trouble with this type of stuff.

07:54.130 --> 08:00.310
They spend zillions of dollars setting up a warm site but they don't actually go to the fail over process

08:00.610 --> 08:02.640
of making all of this happen.

08:02.650 --> 08:08.380
I think it's very important personally to at least one time in every person's career to at least feel

08:08.620 --> 08:09.450
that process.

08:09.460 --> 08:14.650
All my employees have to deal with actually getting in their cars and going places and I like to say

08:14.650 --> 08:17.650
I do it annually but probably not quite that often.

08:17.650 --> 08:22.350
The other thing to think about is stuff like for example alternative processing sites.

08:22.350 --> 08:27.490
Now when we talk about processing sites it's easy for me as a little company like total seminars to

08:27.490 --> 08:32.630
just have this one warm site up in Dallas Texas where we do everything.

08:32.740 --> 08:38.260
But with larger organizations you might have to have different types of processing sites for example

08:38.500 --> 08:43.350
if you've got a big server farm you might be able to have your sales people back up and running.

08:43.360 --> 08:48.140
But what are you going to be doing about whatever type of data that you're dealing with with your infrastructure.

08:48.310 --> 08:53.920
So a lot of times we end up making cross agreements with sometimes even competitors and saying I've

08:53.920 --> 08:58.390
got a farm you've got to farm if one of us gets in trouble we'll just go ahead and use each other's

08:58.390 --> 09:04.630
space and you work out an agreement like that the other big issue that comes into play or alternative

09:04.630 --> 09:10.630
business practices now little things for a company like me become very very important for example.

09:10.690 --> 09:16.120
How do we take credit card information if we're using different types of accounting software.

09:16.120 --> 09:21.090
How is that going to come into play if we are suddenly working in another state here in the United States.

09:21.220 --> 09:26.950
Even sales tax issues come into play and we need to think about these alternative business practices

09:26.980 --> 09:28.580
before it happens.

09:28.810 --> 09:33.580
And the last big one and this one's really important we do this both was exercises and you certainly

09:33.580 --> 09:35.680
do it if the real McCoy never happens.

09:35.800 --> 09:43.510
And that is after action reports a clear and detailed documentation of everything that happened so that

09:43.570 --> 09:50.260
if it ever happens again you'll be ready to handle any form of business contingency planning.