IT SERVICES CONTINUITY: A MICROSOFT CENTRIC SME SPOTLIGHT

IT SERVICES CONTINUITY: A MICROSOFT CENTRIC SME SPOTLIGHT

PART I

This article scratches the surface, beaming spotlight on Microsoft tools and technology that can assist an SME with its IT Service Continuity Management focusing on Reducing Operational Risk through Business Continuity Management.

The essence, need for and how to for continued organisation’s operation can be seen in ISO 22301 (Societal Security), ISO/IEC 24762 (Guidelines for ICT Disaster Recovery Services), and PAS 77 (IT Service Continuity) as well as ISO 27001.

From Technet’s article on SharePoint 2013, Business continuity management focuses on creating and maintaining a business continuity plan, which is a roadmap for continuing operations when normal business operations are interrupted by adverse conditions (www.technet.microsoft.com/en-us/library/jj715263.aspx). These conditions can be natural, system trigger, man-made, or a combination.

The ability of an organisation to continue to provide a pre-determined and agreed level of IT Services to support the minimum business requirements defines its IT Service Continuity. This is further entrenched when an organisation moves away from traditional data centre centric to IT as a service such as in highly virtualised and consolidated data centre but more especially in cloud services.

The key drivers for cloud as seen from Microsoft’s Private Cloud are “Agility, Focus and Economy” whilst inhibitors are “Security, Compliance and Compatibility”

These underpinning drivers more than ever before bring to spotlight the need for continuous availability of IT services. More so, the third leg of information security CIA is Availability.

The constituent of an IT continuity plan includes:

  • A business impact analysis
  • Definition of the impact scenarios, Threat and Risk Analysis,
  • IT Continuity Policy and Strategy
  • IT Continuity Incident, Response and Management Team
  • A set of documented recovery requirements
  • The IT Continuity Plan
  • IT Continuity Implementation Plan

The result is a strategy approach, identified options and/or solution design, an implementation plan, a testing and organization acceptance plan, and a maintenance plan or schedule.


PART II

Business Impact Analysis (BIA):

The BIA is the first stage in Business Continuity Management that helps you to identify the critical functions of your organisation and encourages you to identify strategies to cope with any potential disruption so that you can maintain these critical activities.

Whilst there are no particular Microsoft tools that are geared towards BIA, a number of assessment and approach might assist.

Gaining some prior understanding of LOB and IT infrastructure landscape before and during interviewing BU leader helps to hone mapping of key ICT systems to critical business functions.

Thus, it might be a good idea to leverage on the following:

-          Cloud Computing Assessment Tool: www.cloudassessmenttool.com

-          The Business Risk Profile questionnaire of the Microsoft Security Assessment Tool

-          Organization that already deployed Microsoft Dynamics, can leverage its business insight capability

-          Manchester City Council’s BIA template - www.manchester.gov.uk/site/scripts/download_info.php?fileID=5589

-          DPM Server Business Application Data Protection Goals Job Aid

Business Application

Application Owner

Data Loss Tolerance

Retention Range

Speed of Data Recovery

End-User Recovery

Disaster Recovery

<app name>

<app owner’s name>

<X mins/hrs/days>

<X years>

<X minutes>

<Yes or No>

<Offsite>

 

 

 

 

 

 

 

 

 

 

 

 

 

 

It might be a good idea to start running the Microsoft Assessment and Planning Toolkit (MAP) - http://technet.microsoft.com/en-us/security/jj657553 . The MAP toolkit though intended for Migration enhancement, it is a powerful inventory, assessment and reporting tool that can securely assess IT environments gaining understanding your organization’s IT state.

Threat and Risk Analysis:

Risk Assessment and Analysis assist a great deal in identifying threat source and mapping remediation for continuing operations against interruptions. The risk assessment process is an important part of disaster recovery planning.

Microsoft tools identified to assist include the following:

-          The Microsoft Security Assessment Tool

-          Microsoft Baseline Security Analyser (with Visio connector)

-          Microsoft Security Intelligent Report - www.microsoft.com/security/sir/default.aspx 

-          Microsoft Security Compliance Manager Tool (SCM) - http://technet.microsoft.com/en-us/security/jj653750

-          Microsoft Assessment and Planning Toolkit - www.microsoft.com/en-us/download/details.aspx?&id=7826


Microsoft also has a versatile tool to document your finding (although designed for a slightly different purpose, can easily be used for Risk Assessment).

-          Excel Spreadsheet, Pivot table, SharePoint Foundation and/or

-          Microsoft Threat Analysis & Modeling (MS TAM)  - www.microsoft.com/en-us/download/details.aspx?id=14719

In the absence of other tools that match your Risk assessment methodology to the letter, the MS TAM controls the process and follows the mindset of risks, threats and impact )albeit for application. To further enhance MS TAM reporting capability, use Shortinfosec’s custom report for MS TAM 2.1 which can be downloaded from https://sites.google.com/site/spirovskib/risk_report.xslt


PART III

IT Continuity Policy and Strategy:

A key challenge IT professional faces is limiting disaster recovering to data (and system) backup and recovering. However, DR is only a key component of IT continuity.

In a Windows Server 2012 and System Centre SP1 environment, two strategies to IT Continuity are: IT Resilience and Recovery

IT Resilience:

-          Effective Infrastructure Planning (IPD) and secure Application development (SDL)

-          High Availability: HVAC, Hardware, Network, Link, Cluster, CSV fault tolerance, Hot failover

-          Virtualisation, Live Migration, Cloud

-          Load Balancing: HLB, DNS LB, DNS Round Robin, Continuously Available Scale-Out File Server

-          Networking: Logical Networking and isolation, multi-tenant isolation

-          Messaging: database availability group (DAG)

-          Storage management: SMI-S, SMP, SMB Multi-channel, Transparent failover, SMB Scale-out

-          Service Level: SCSM, Orchestrator

-          Private Cloud: Computing Abstraction, Delegation and Self-service

Recovery:

-          Hot site, Warm site, Cold site: Hyper-V, multi-site recovery, VMM

-          Link: dual connectivity, NIC teaming

-          High Density: Virtualisation, Hyper-V Replica, P2V

-          Hardware: redundant power, hot swap ICT infrastructure

-          Storage: SANs integrated Multipath I/O (MPIO), SMB 3.0 share

-          DPM integration with Windows Azure Online Backup

-          Automated Deployment and bare-metal Hyper-V: VMM, WDS, MDT, SCCM

-          Automated Recovery: VMM, Orchestrator, SCSM, SCOM

-          Services Auto Restart: SCOM Monitor

-          Item-level Recovery: Hyper-V, VSS writer, DPM

-          Reciprocal Agreement: Usage-based cloud, hosted cloud provider

-          Recovery Time Objective (RTO): VMM, Hyper-V, SCSM, SCOM

-          Recovery Point Objective (RPO): VMM, DPM, (Orchestrator runbook)

-          Recovery level objective (RLO): Private Cloud

-          Monitoring availability health: VMM, SCOM, App Controller, Global Monitoring Service

-          Performance: DPM Express Full backups, Parallel backups, SMB VSS, ODX

-          Flexibility: Hyper-V over SMB

-          Data Classification: Grouping of Data via DPM protected data

-          Data Rotation: Storage tier classification, D2D, D2T, Tape Rotation

 

Until you have a better product, use the one that is readily available!

Leave a Comment
  • Please add 5 and 1 and type the answer here:
  • Post
Wiki - Revision Comment List(Revision Comment)
Wikis - Comment List
Sort by: Published Date | Most Recent | Most Useful
Posting comments is temporarily disabled until 10:00am PST on Saturday, December 14th. Thank you for your patience.
Comments
  • I like the way this article this article provide a holistic approach IT Services Continuity. This is a must read for such people as IT Managers, Network Administrators, consultants, small business owners!

Page 1 of 1 (1 items)