Professional Documents
Culture Documents
1
TABLE OF CONTENTS
S. Atwood 2
Copyright 2002 VERITAS Software Corporation. All rights reserved. VERITAS, VERITAS Software, the VERITAS logo, and all other VERITAS product names and slogans are
trademarks or registered trademarks of VERITAS Software Corporation in the US and/or other countries. Other product names and/or slogans mentioned herein may be trademarks or
registered trademarks of their respective companies. Specifications and product offerings subject to change without notice. June 2002.
CONTINUITY OF OPERATIONS PLANNING
Continuity of Operations (COOP) planning has always been part of the fundamental mission of agencies
throughout the Federal Government. For years, COOP planning had been an individual agency responsibility
primarily in response to emergencies within the confines of the organization. The content and structure of the
COOP plans, operational standards, and interagency coordination, if any, were left to the discretion of the agency.
The changing threat environment post-September 11and recent disasters, including acts of nature, technological
emergencies, military or terrorist related attacks and accidents have shifted awareness to the need for COOP
capabilities that enable agencies to continue their mission-critical functions across a broad spectrum of
emergencies. The objective of the COOP plan includes: ensuring the continuous performance of an agencys
essential functions during an emergency; protecting essential facilities, equipment, records and other assets;
reducing or mitigating disruptions to operations; reducing loss of life, minimizing damage and losses and
achieving a timely and orderly recovery from an emergency and resumption of full service to citizens. Therefore,
a broad COOP strategy was developed in order to ensure that individual departments and agencies are able to
maintain minimum essential functions across a wide range of potential emergencies. There are three key
components that have driven the development of the COOP plan: Presidential Decision Directive 63, Federal
Preparedness Circular 65 and Presidential Decision Directive 67.
The PDD-67 requires that a viable COOP must plan against all hazards that may affect the organization and that
alternate facilities must be ready and available to return to operations within 12 hours after a disaster and that
these operations can be sustained for up to 30 days.
S. Atwood 3
Copyright 2002 VERITAS Software Corporation. All rights reserved. VERITAS, VERITAS Software, the VERITAS logo, and all other VERITAS product names and slogans are
trademarks or registered trademarks of VERITAS Software Corporation in the US and/or other countries. Other product names and/or slogans mentioned herein may be trademarks or
registered trademarks of their respective companies. Specifications and product offerings subject to change without notice. June 2002.
Summary of Presidential Directives as they relate to COOP planning:
Presidential order to strengthen the nations defenses against emerging unconventional threats to the
PDD 63 United States to include those involving terrorist acts, weapons of mass destruction, assaults on our
critical infrastructures and cyber-based attacks.
PDD 67 Presidential order to develop Continuity of Operations Plan for Essential Operations
Provides guidance to Federal Executive Branch departments and agencies for use in developing viable
FPC 65
and executable contingency plans for the Continuity of Operations (COOP)
OMB 130-A Requires continuity of operations planning for every information system
There are many elements associated with delivering a viable COOP within an agency. VERITAS Software can
assist agencies with their COOP by:
1. Identifying mission-critical functions and recommending the appropriate technology to achieve the desired
level of availability based on function
2. Protecting viable records and databases
3. Ensuring the operations of critical functions at alternative facilities
Provide for attaining operational capability within 12 hours
Establish and implement reliable technologies to allow agencies to continue essential functions
and sustain operations for up to 30 days.
4. Provide Disaster Recovery Plans, implementation and testing
Outline a decision process for determining appropriate actions in implementing COOP plans and
procedures
Implement appropriate technology to meet COOP objectives
Test COOP plan
S. Atwood 4
Copyright 2002 VERITAS Software Corporation. All rights reserved. VERITAS, VERITAS Software, the VERITAS logo, and all other VERITAS product names and slogans are
trademarks or registered trademarks of VERITAS Software Corporation in the US and/or other countries. Other product names and/or slogans mentioned herein may be trademarks or
registered trademarks of their respective companies. Specifications and product offerings subject to change without notice. June 2002.
providing data and application availability should a disaster occur. The following section will outline areas within a
COOP plan where VERITAS software can assist agencies in achieving the level of availability necessary to
ensure continued operations.
The first step to prioritizing data types is to understand the time frame allowable for data loss and recoverability of
data. The key measure of disaster recovery technologies is based on recovery point objectives and recovery time
objectives.
Recovery Point Objective (RPO) Point in time to which applications data must be recovered to resume
transactions.
Recovery Time Objective (RTO) Maximum elapsed time allowed before lack of business function severely
impacts an organization.
Once the data is prioritized, understanding which technologies are necessary for particular data types is much
easier to prioritize. A complete disaster recovery plan is not delivered by any one technology, service or vendor
but rather a combination of products that are implemented in order to provide the needed RPO and RTO of an
application. When analyzing a disaster recovery solution many components must be implemented in order to
guarantee data and application availability. VERITAS Disaster Recovery Services assists agencies in determining
their mission-critical requirements and mapping those needs to the recovery point and recovery time objectives.
Determining the appropriate technology based on Recovery Point and Recovery Time Objectives
The diagram shown above outlines software technologies that map to an organizations RPO and RTO
requirements. The burst in the middle represents a disaster. To the left of the burst is the recovery point
objective , which outlines software technologies that provide data recovery based on the organizations needs.
For example, if a particular application can afford a day or more worth of data loss, then a tape backup approach
using VERITAS NetBackup or Backup Exec is sufficient for backup and recovery of that application. However, if
a day or more worth of data loss will cause substantial impact on the operations of the agency, then replication
technologies, such as VERITAS Volume Manager or VERITAS Volume Replicator must be implemented into the
IT environment, in addition to the backup strategy, in order to protect against substantial data loss. VERITAS
Volume Manager and Volume Replicator go beyond the traditional tape backup approach by creating a duplicate
copy of data, in real time, to an alternate facility so that it can be accessed immediately should a complete site
outage occur.
S. Atwood 5
Copyright 2002 VERITAS Software Corporation. All rights reserved. VERITAS, VERITAS Software, the VERITAS logo, and all other VERITAS product names and slogans are
trademarks or registered trademarks of VERITAS Software Corporation in the US and/or other countries. Other product names and/or slogans mentioned herein may be trademarks or
registered trademarks of their respective companies. Specifications and product offerings subject to change without notice. June 2002.
To the right of burst is the recovery time objective. If an agency can afford to take several days or more to
resume normal activity, then manual tape restore via NetBackup or Backup Exec will satisfy their needs.
Organizations can improve on this RTO by using bare metal restore capabilities. In normal restore scenarios,
administrators must completely rebuild a server in order to begin the tape restore process. This includes
acquiring the hardware, rebuilding the operating system and then loading the backup application onto the server.
VERITAS Bare Metal Restore automates this entire process in order to dramatically reduce the amount of time it
takes to get a server up and running so that the tape restore can begin immediately. Additionally, if an agency is
unable to afford several hours or days of mission critical applications or database downtime, clustering
technologies must be implemented. Clustering technologies may be used to automate the application and
database failover process to substantially reduce downtime. VERITAS Cluster Server provides application and
database availability within a local environment to protect against a server outage by automating the process of
failing over the application or database services to an available server within the cluster. In addition, VERITAS
Global Cluster Manager automates the failover of the IT environment to another location with a single click of a
button by managing the applications and replication associated with disaster recovery plans.
The best way to ensure that vital records and databases are protected is by combining backup and replication
technologies. VERITAS Backup Exec and NetBackup can be used to perform regular backups to ensure all data
can be recovered should a disaster occur. In addition, these tape backups need to be sent offsite on a regular
basis to ensure they will be accessible should a disaster occur. VERITAS NetBackup Vault can assist
administrators by automating many of the manual processes associated with vaulting tapes offsite to an alternate
facility in order to ensure the vaulting process is occurring on a regular basis and is tracked by the agency.
S. Atwood 6
Copyright 2002 VERITAS Software Corporation. All rights reserved. VERITAS, VERITAS Software, the VERITAS logo, and all other VERITAS product names and slogans are
trademarks or registered trademarks of VERITAS Software Corporation in the US and/or other countries. Other product names and/or slogans mentioned herein may be trademarks or
registered trademarks of their respective companies. Specifications and product offerings subject to change without notice. June 2002.
For vital records and databases that may need to be accessed during a disaster scenario, VERITAS Volume
Manager and Volume Replicator can be used to replicate the data to the disaster recovery site. This provides the
ability to access the data immediately even during a disaster so that the vital records and database are protected.
In order to achieve maximum database availability VERITAS Cluster Server can be used to automate the process
of failing over applications and databases to an available server if there is a failure within an application,
database, server or network environment. This software technology can dramatically reduce downtime associated
with applications, databases and servers.
There are many site strategies that an organization can use in order to maintain the continuity of operations. The
main site strategies are cold sites and hot sites.
Cold Site
A cold site is just a building available and ready should a disaster occur. In the event of a disaster situation, the
affected agencies would need to acquire the appropriate hardware, software and communications necessary to
conduct operations. Acquiring the appropriate technologies necessary to return to operations may be cost
effective in the short term, as the agency does not have to maintain a duplicate environment. However, if an
outage occurs it may be very expensive and time consuming to acquire the necessary hardware, software and
communications needed in order to begin operations in a new facility. In addition, there may be data security
concerns, as special precautions must be taken to ensure that all data that has been stored or processed on a
system in a secure environment. A cold site strategy may be used if there are not stringent recovery point and
recovery time objectives on the organizations data and applications.
Hot Site
A hot site, or redundant site, is a building already equipped with the processing capability and other services
needed in order to immediately recover from a complete site outage. The site is normally equipped and
configured similar to the primary site. The hot site can be a site that is already owned by the agency or it can be
outsourced to a third party who maintains hot sites for many organizations. Hot sites allow organizations to have
the least amount of data loss and downtime if a disaster occurs. Typically in hot site environments organizations
are backing up their data at the primary site and using clustering technologies to provide application availability at
the primary location. In addition, organizations are replicating the critical data to the secondary location and using
global clustering technologies to allow for immediate failover of the IT environment to the available hot site.
Determining the appropriate location and type of site requires an understanding of the possible disasters that may
occur in the area and fully understanding the essential functions of the agency so that recovery can occur during
the required recovery point and recovery time objectives. VERITAS software solutions such as backup and
S. Atwood 7
Copyright 2002 VERITAS Software Corporation. All rights reserved. VERITAS, VERITAS Software, the VERITAS logo, and all other VERITAS product names and slogans are
trademarks or registered trademarks of VERITAS Software Corporation in the US and/or other countries. Other product names and/or slogans mentioned herein may be trademarks or
registered trademarks of their respective companies. Specifications and product offerings subject to change without notice. June 2002.
restore technologies can be used in a cold site strategy. For a hot site strategy, replication and clustering can be
implemented in addition to backup and restore. Whatever technology is chosen, VERITAS Software can provide
agencies the ability to sustain essential functions at the alternate location in order to meet the COOP
requirements. VERITAS Disaster Recovery Services can help agencies in planning and locating alternative sites
for disaster recovery and determining the appropriate technologies based on the site strategy.
VERITAS Disaster Recovery Services can provide expertise to help organizations define and deliver on disaster
recovery strategies as they relate to COOP plans. The VERITAS Disaster Recovery Services leading Disaster
Recovery certified professionals will work with the IT staff to determine the appropriate strategy to be deployed
within the agency. In addition, VERITAS Disaster Recovery Services can develop plans and testing scenarios to
help agencies understand the operational aspects of their Disaster Recovery strategy. After designing a COOP
plan, VERITAS Disaster Recovery professionals will provide product implementation and test of the solution while
providing the IT department hands-on knowledge transfer. Finally, after the solution has been implemented,
VERITAS Disaster Recovery professionals can perform periodic audits of the COOP plan and provide on-going
solutions management to ensure the VERITAS solution is meeting the COOP requirements.
S. Atwood 8
Copyright 2002 VERITAS Software Corporation. All rights reserved. VERITAS, VERITAS Software, the VERITAS logo, and all other VERITAS product names and slogans are
trademarks or registered trademarks of VERITAS Software Corporation in the US and/or other countries. Other product names and/or slogans mentioned herein may be trademarks or
registered trademarks of their respective companies. Specifications and product offerings subject to change without notice. June 2002.