Introduction There's an old expression that goes, "No plan survives first contact with the enemy."
Introduction
There's an old expression that goes, "No plan survives first contact with the enemy."
In our case, no IT DR plan survives reality if it hasn't been tested (and even still you'll have plenty of curve balls tossed at you). The best way to test it is to exercise the plan. Here are three types of exercises you can conduct.Steps (3 total)
1: Table top exercise - Like the name implies, it's people sitting around a conference table, Before the exercise you need to decide what needs to be exercised, and that can be as simple as testing the emergency call list or even how to get backed up data from an off site location (how do I get data back from the cloud or tapes, or whatever). It can also be as complicated as sitting about going over the steps on how to activate a hot/warm/cold site (assuming you've got one), with each team member reading their piece of the plan, and describing what steps they would take. The end result is to have an objective in mind, and at the end of it, determine if that objective was met, and if not, why not. Also, since the Devil is always in the details, it's a simple way to find what doesn't work well, and fix it.
-Things you'll need: A copy of your plan, and objective, someone to keep notes, everyone who needs to be involved, and a conference room. These are easy exercises in they don't disrupt anything, tend to find problems, and are cheap. Shouldn't take much more than hour or two to complete.
2: Functional exercise - This get's a little more complicated, but can be a really good test of your plan. Again, you need to decide what you want to test. Some examples would be: Can we really restore files from a backup, or can we restore a SQL database. How about restoring a complete physical server, a VM, or something like ESXi or Hyper-V. You might also test how to get a switch or router back on line, or any combination of the above. Normally you'd want to do this in a sandbox environment, and you might want to duplicate certain machine in your environment into it (a real plus of virtualization. You can build an environment, blow it up, and put it back together, and never impact production). Or you might have some preselected "dummy" files, databases, or servers already setup, and backed up. That way you're not impacting production. You might also want to couple this exercise with some elements of a Table Top, and test some elements of it alongside with this (like how to get data back from an offsite source, but never actually make that call, or go ahead and make it part of the overall test and actually call for that tape or reach out the cloud and retrieve your data - Warning, might be an expense involved here).
-Things you'll need. Your plan, of course, someone to keep notes, systems and backups and time. Again, the idea is to see if you meet your objective and to record issues encountered along the way which might point to fixes in the plan, or cleaning up information that is vague. Depending on how complicated you make this, it can take an hour to several days to complete.
3: Full Scale - A Full Scale exercise is something that is rarely done because the tend to be disruptive and expensive. A good example here would be something like can we really fail over to the hot site. The objective would be simple, can we actually transfer operations over. Think of this as about as close as you can get to the real McCoy and will definitely show issues that you'll have to work on. These take a huge amount of planning and coordination to achieve.
Conclusion
DR is everybody's business and practice is the best way to achieve confidence in your plan, to identify issues, and to fix them. You should conduct a table top and functional exercise at least twice a year. If you identify issues and fix them, run another test just to make sure you did fix them, and that you didn't open other issues instead.
Not convinced about the value of an exercise yet? I'll leave you with this thought: when do you want to find out it doesn't work, when it's practice or when it's for real.
No comments
Post a Comment