Porte aperte alla tecnologia: Creare una strategia di Disaster Recovery

Alessio L.R. [email protected]

Porte aperte all’innovazione!Villafranca, 21 Settembre 2010

Business Continuity Disaster Recovery

l'infrastruttura adatta permette di correre meno rischi

mailto:[email protected]


BC/DR [email protected]

$ whois mayhem

Board of Directors:CLUSIT, Associazione Informatici Professionisti,

Associazione Italiana Professionisti Sicurezza Informatica, Italian Linux Society, OpenBSD Italian User Group,

Hacker’s Profiling Project

2

Security Evangelist @



http://www.alba.st/

http://www.alba.st/

http://www.alba.st/

http://www.alba.st/

http://www.alba.st/

http://www.alba.st/

http://www.alba.st/

http://www.alba.st/

http://www.alba.st/

http://www.alba.st/

http://www.alba.st/

http://www.alba.st/

http://www.alba.st/

http://www.alba.st/

http://www.alba.st/

http://www.alba.st/

http://www.alba.st/

http://www.alba.st/

http://www.alba.st/

http://www.alba.st/

http://www.alba.st/

http://www.alba.st/

http://www.alba.st/

http://www.alba.st/

http://www.alba.st/

http://www.alba.st/

http://www.alba.st/

http://www.alba.st/

http://www.alba.st/

http://www.alba.st/

http://www.alba.st/

http://www.alba.st/

http://www.alba.st/

http://www.alba.st/

http://www.alba.st/

http://www.alba.st/

http://www.alba.st/

http://www.alba.st/

http://www.alba.st/

http://www.alba.st/

http://www.alba.st/

http://www.alba.st/

http://www.alba.st/

http://www.alba.st/

http://www.alba.st/

http://www.alba.st/

http://www.alba.st/

http://www.alba.st/

http://www.alba.st/

http://www.alba.st/

http://www.alba.st/

http://www.alba.st/

http://www.alba.st/

http://www.alba.st/

http://www.alba.st/

http://www.alba.st/

http://www.alba.st/

http://www.alba.st/

http://www.alba.st/

http://www.alba.st/

http://www.alba.st/

http://www.alba.st/

http://www.alba.st/

http://www.alba.st/

http://www.alba.st/

http://www.alba.st/

http://www.alba.st/

http://www.alba.st/

http://www.alba.st/

http://www.alba.st/

http://www.alba.st/

http://www.alba.st/

http://www.alba.st/

http://www.alba.st/

http://www.alba.st/

http://www.alba.st/

http://www.alba.st/

http://www.alba.st/

http://www.alba.st/

http://www.alba.st/

http://www.alba.st/

http://www.alba.st/

http://www.alba.st/

http://www.alba.st/

http://www.alba.st/

http://www.alba.st/

http://www.alba.st/

http://www.alba.st/

http://www.alba.st/

http://www.alba.st/

http://www.alba.st/

http://www.alba.st/

http://www.alba.st/

http://www.alba.st/

http://www.alba.st/

http://www.alba.st/

http://www.alba.st/

http://www.alba.st/

http://www.alba.st/

http://www.alba.st/

http://www.alba.st/

http://www.alba.st/

http://www.alba.st/

http://www.alba.st/

http://www.alba.st/

Strategia


BC/DR

Un buon piano utilizza la tecnologia

come supporto di una strategia

4




Cosa ottenere?

Classificare

le informazioni ed i servizi

per criticità

5




Disservizio accettabile

RPO, Recovery Point Objective the acceptable latency of data that will be recovered

RTO, Recovery Time Objective the acceptable amount of time to restore the function

MTDL: The RPO must ensure that the Maximum Tolerable Data Loss for each activity is not

exceeded.

MTPD: The RTO must ensure that the Maximum Tolerable Period of Disruption for each activity is

not exceeded.

6



http://en.wikipedia.org/wiki/Recovery_Point_Objective

http://en.wikipedia.org/wiki/Recovery_Point_Objective

http://en.wikipedia.org/wiki/Recovery_Time_Objective

http://en.wikipedia.org/wiki/Recovery_Time_Objective

http://en.wikipedia.org/wiki/Maximum_Tolerable_Period_of_Disruption





Rischi

Elencare i rischi dai quali ci si vuole proteggere

Classificarli per frequenza e gravità

guasti, perdite d’acqua, incendi, terremoti

7




Quanto denaro investire

Definire il costo di ogni disservizio

Definire un budget da dedicare alle contromisure per i diversi rischi

costo(incidente) > costo(contromisure) ?

8




Balance effectiveness

9




Crisi / tempo

10

0

12.5

25

37.5

50

Untitled 4 2008 2010 Untitled 2

Crisi Gestione

Tempo

Gravità




Effetto Domino

11




Gestione pervasiva

12



Soluzioni

BC/DR [email protected] 14




Cluster / Array

Ridondare le risorse (HW/SW)

aiuta la Business Continuity

non preserva dalla perdita di dati

ma aiuta a prevenirla

15




Backup

Nastro? Disco? Storage?

Criptato? Off-Site?

Tempi di ripristino?

Windows Backup, ArcServe, BackupExec

16




Replica di dati

Utilizzo di banda?

Se fosse il server a non essere disponibile?

Vision, QuickEDD, rsync, SyncBack

17




Replica di VM

Necessari banda e spazi adeguati

Basata su servizi di terze parti

Vizioncore, Veem, Trilead

18




Replica di Storage

Ogni vendor ha la sua tecnologia

Grande resa a fronte di costi non banali

19




Documentazione

Indispensabile averla

Deve essere aggiornata

Richiede un impegno in termini di tempo e denaro

20




Test

Un piano non testato

non funzionerà quando necessario

21




Come accedere ai dati?

Ho un sito di Disaster Recovery remoto

In caso di terremoto i miei dati saranno ancora disponibili

Come faranno gli utenti ad accedere?

Terminal Server, View, Citrix, Thin Client

22



Conclusioni


Gestione = Processo

24




Un buon piano di BC/DR

può minimizzare l’impatto di un “danno”

sia in termini di tempo che di denaro

anche con investimenti “banali”

25




Standard

ISO/IEC 27001:2005 (formerly BS 7799-2:2002) Information Security Management System

ISO/IEC 27002:2005 (remunerated ISO17999:2005) Information Security Management - Code of Practice

ISO/IEC 22399:2007 Guideline for incident preparedness and operational continuity

management

ISO/IEC 24762:2008 Guidelines for information and communications technology disaster

recovery services

26




http://en.wikipedia.org/wiki/Risk_analysis_%28Business%29http://en.wikipedia.org/wiki/Risk_managementhttp://en.wikipedia.org/wiki/Optimism_biashttp://en.wikipedia.org/wiki/List_of_cognitive_biaseshttp://en.wikipedia.org/wiki/Business_continuityhttp://en.wikipedia.org/wiki/Business_continuity_planninghttp://en.wikipedia.org/wiki/Seven_tiers_of_disaster_recoveryhttp://en.wikipedia.org/wiki/Data_deduplicationhttp://en.wikipedia.org/wiki/Disaster_recoveryhttp://en.wikipedia.org/wiki/Continuous_data_protectionhttp://en.wikipedia.org/wiki/Cluster_%28computing%29

Web-o-grafia

27



http://en.wikipedia.org/wiki/Risk_analysis_%28Business%29

http://en.wikipedia.org/wiki/Risk_analysis_%28Business%29

http://en.wikipedia.org/wiki/Risk_management

http://en.wikipedia.org/wiki/Risk_management

http://en.wikipedia.org/wiki/Optimism_bias

http://en.wikipedia.org/wiki/Optimism_bias

http://en.wikipedia.org/wiki/List_of_cognitive_biases

http://en.wikipedia.org/wiki/List_of_cognitive_biases

http://en.wikipedia.org/wiki/Business_continuity

http://en.wikipedia.org/wiki/Business_continuity

http://en.wikipedia.org/wiki/Business_continuity_planning

http://en.wikipedia.org/wiki/Business_continuity_planning

http://en.wikipedia.org/wiki/Seven_tiers_of_disaster_recovery

http://en.wikipedia.org/wiki/Seven_tiers_of_disaster_recovery

http://en.wikipedia.org/wiki/Data_deduplication

http://en.wikipedia.org/wiki/Data_deduplication

http://en.wikipedia.org/wiki/Disaster_recovery

http://en.wikipedia.org/wiki/Disaster_recovery

http://en.wikipedia.org/wiki/Continuous_data_protection

http://en.wikipedia.org/wiki/Continuous_data_protection

http://en.wikipedia.org/wiki/Cluster_%28computing%29

http://en.wikipedia.org/wiki/Cluster_%28computing%29

Alessio L.R. [email protected]

Porte aperte all’innovazione!Villafranca, 21 Settembre 2010

Fermatemi durante l’aperitivose avete domande...

These slides are written by Alessio L.R. Pennasilico aka mayhem. They are subjected to Creative Commons Attribution-ShareAlike 2.5 version; you can copy, modify or sell them. “Please” cite your source and use the same licence :)

Grazie per l’attenzione!



Porte aperte alla tecnologia: Creare una strategia di Disaster Recovery

Technology

Transcript of Porte aperte alla tecnologia: Creare una strategia di Disaster Recovery