Planning for Survivable Networks

Priscilla Oppenheimer writes "Annlee A. Hines' book Planning for Survivable Networks, is quite a page-turner. Yes, that's surprising for a technical book, but I found it to be true. I was fascinated by the stories of real companies (Lehman Brothers, the Wall Street Journal, and others) that survived the 9/11 attack and resumed business quickly. There are also stories from other disasters, both man-made and natural, and information on companies that were not able to quickly resume business. The author summarizes the stories with explanations of what went right and what went wrong, with advice on developing your own disaster recovery plan." Read on for the rest of her review. Planning for Survivable Networks author Annlee A. Hines pages 320 publisher Wiley Publishing, Inc. rating 10 reviewer Priscilla Oppenheimer ISBN 047123284X summary Designing networks that can recover from natural and unnatural disasters
As Hines explains, Lehman Brothers had headquarters in Tower 1, as well as in 1,2,3 World Financial Center (across the street from the WTC towers). Lehman moved to a backup recovery location and performed cash-management functions the same day as the attack. The company was online trading fixed-income securities by the next day. They had 400 traders online when the NYSE reopened Monday, 9/17.

The Wall Street Journal (WSJ) published the story of its own recovery and Hines used that as source material for her book. WSJ had an extensive disaster recovery plan, based on lessons learned in the 1990 power blackouts in New York. After the blackouts and a subsequent fire in the emergency generator room, WSJ decided that it would never again depend on just one location being operational. WSJ opened other offices that could perform some of the necessary tasks to bring out a paper. Geographical diversity of resources seems to be a key to success.

When the 9/11 terrorists attacked the buildings across the street from WSJ's main offices, senior managers called for an evacuation, knowing that they could still produce the paper. The Wall Street Journal managed to publish a full newspaper with eyewitness accounts of the tragedy the next day.

Hines' writing is easy to follow. Although she delves into some technical details, with the requisite IP and TCP header depictions that you will find in so many networking books, the book can easily be read by managers and business people. Planning for Survivable Networks has many factual tidbits about disasters of all sorts, and although these are interesting, the primary benefit of reading the book is to gain an understanding of the characteristics of companies that sustained business after a disaster compared to companies that did not.

As Hines says, the companies that survived disasters all had disaster recovery plans in place. The plans were activated by decisive managers, who also promptly got their people out of harm's way. (If people don't survive, it won't matter much if systems survive.) Another point she makes is that the managers had to be adaptable. Not everything went according to plan, and it shouldn't be expected that it will.

The book opens with the author being rocked by a terrorist-caused explosion herself. She wasn't present for the 9/11 attackers. Rather, the bombing she survived occurred at Ramstein Air Base in Germany, 20 years before. A retired Air Force officer, she has dealt with threats all over the world for many years. Her direct command and control experience has taught her many lesson, which she shares with the reader in Planning for Survivable Networks.

Probably one of the most useful chapters, Chapter 11, "The Business Case," offers advice on presenting to management a case for a network continuity plan. According to the back cover, Hines has taught economics at a community college, and I would say that experience helped her explain the many costs involved in having a disaster recovery plan, including fixed, variable, direct, and indirect costs. She also explains the expected value of having a plan and how to sell that to management.

I recommend this book as an informative discussion of how companies can ensure business and technology continuity in a world with hackers, terrorists, natural disasters, and human error. It's a practical book, but also a surprisingly uplifting book, considering its technical content. I truly enjoyed reading about the adaptable human spirit that enabled managers and workers to keep their businesses going after the 9/11 attacks.

You can purchase the Planning for Survivable Networks from bn.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

The irony

[teamhasnoi]

of this book being on /. is enormous.

My book on this subject is one page long.

Page 1: Don't let Slashdot link to you.

Re:The irony

[realdpk]

Er.. how about:

Don't put up dynamicly generated content without adding protections that automatically replace dynamic content with updated-once-per-minute static content when traffic becomes prohibatively high.

Re:The irony

<?php
if (preg_match ("/slashdot.org/i", $_SERVER['HTTP_REFERER'])) {
exit;
}
?>

Re:The irony

[Lennie]

This sounds like a bit of a time-critical section. :-) You shouldn't be using a perl-compatible regular expression for that (quietly slow string comparison) or if you do, you should make it fast:

"/^http:\/\/slashdot.org/"

(starts with), but best is ofcourse:

if (strtolower(substr ($_SERVER['HTTP_REFERER'], 0, 16)) == 'http://slashdot.org') {
exit ();
}

Well, just for completeness.

I’m planning on dying in the disaster…

â¦as I would prefer death to running a network these days.

Re:I’m planning on dying in the disaster…

[JohnnySkidmarks]

You sir are a coward and would not deserve to die alongside a noble thing like a Network. If you are flamebait why question my fire?

speaking of irony...

[ed.han]

from the article:

"probably one of the most useful chapters, chapter 11, "the business case," offers advice on presenting to management a case for..."

in light of the current economy, i find this particular chapter arrangement particularly funny.

ed

Re:speaking of irony...

[teamhasnoi]

Speaking of more irony, I just posted that before I read your comment.

Now people can say, "RTF Comments!!" ;)

re:speaking of irony...

[ed.han]

ah, i'm glad that finally happened in reverse... :D

ed

Re:first post!!!

You're wasting moderator points. Don't.

Well, at least you have the guts to not post as AC (unless you forgot to check the "Post Anonymously" butto, which I did.. hehe)

What a stupid idea

"Disaster recovery" is the biggest load of shit. If I had been a 9/11 survivor, the LAST thing on my mind would have been getting my projects back on track!

People need to get their damned priorities straight. If you lose your job because you'd rather spend time with family or just enjoy life, so be it. Jobs can be replaced. Time cannot.

No mention of slashdot in the book?

[Prince_Ali]

Why didn't they mention the survival of slashdot in the face of countless disasters. The great troll strike of 2002 comes to mind! The revival of beowulf jokes, the lawsuit from Nat Portman and the hot grits famine that followed were all destructive but /. survived. Slashdot is able to survive just about any disaster whether in Soviet Russia or at home, and for that it should be commended!

Re:No mention of slashdot in the book?

Troll strike of 2002? What lawsuit from Nat Portman? Any references appreciated. Or have I been trolled?

Re:No mention of slashdot in the book?

[Kredal]

trolled.

The strike is obviously over.

Oh boy

I can't wait for the comments on this one. Someone will try to be all cool and enlightened, in order to achieve a +5, Insightful. That will be the highlight of their day. And then someone will spend ten minutes thinking of some wisecrack or pun to get them a Funny. They'll then show it to everyone else and wonder aloud if they could take Leno's job. Someone else will Google around for a minute, grab the first semi-relevant link, and post it hoping to get an Informative. Then someone will spin a fake yarn about their disaster, and get pegged for Interesting.

I post pretty often here on Slashdot, usually not as an AC. But sometimes you just see the futility in it all.

Worst Chapter Name Ever

[teamhasnoi]

Chapter 11, "The Business Case"

Seems like that chapter is required reading these days.

Re:Worst Chapter Name Ever

[afidel]

Unless your business is directly producing I.T. services then chances are that I.T. is a cost center and not a profit center so expensive things in it will always need to be justified, but many businesses are so reliant on their infrastructure that they cannot function without it. If that is the case then the numbers should be aparant and the business case should be easy to make if you have taken any business classes. If you haven't then there is probably a reason that you are not an I.T. manager.

Re:Worst Chapter Name Ever

[nacturation]

Try reading the parent post again. Clearly, you just didn't get it.

other survival books...

[TWX]

"Surviving Slashdot" by Oliver Clozoff

"Surviving Slashdot" Illstrates how to build a corporate network that accepts large numbers of incoming connections from stories posted at Slashdot.org, while still allowing employees to make network connections that they need. Techniques covered include round-robin DNS with different servers in different geographical locations, multiple HTTP servers with load balancing, and smooth transition over to a volume web host. like Conxion or cNet at a moment's notice without significant downtime. Other Anti-Slashdotting tactics also discussed.

Re:I've made my own list of disaster lessons

Good advice, except for the BLATANT RACISM.

What about a natural outbreak scenario?

[zptdooda]

"Planning for Survivable Networks has many factual tidbits about disasters of all sorts..."

I wonder if that's included.

When SARS hit earlier this year our disaster recovery planning team was faced with a situation they hadnâ(TM)t anticipated: potential quarantining of large numbers of staff with critical business-continuity functions.

The building and computer systems would be physically secure, but staff would not allowed into the workplace.

So there was a scramble to survey everyoneâ(TM)s job function and set up broadband and VPN access from home if needed.

Re:What about a natural outbreak scenario?

[khallow]

IS your organization large enough to consider putting together a group that could stay isolated for some time. Ie, they don't have contact with other people and the outside world for a considerable length of time, hence don't need to be quarantined?

Re:What about a natural outbreak scenario?

[bobbozzo]

group that could stay isolated for some time. Ie, they don't have contact with other people and the outside world for a considerable length of time

You mean like programmers?

Re:What about a natural outbreak scenario?

[khallow]

Yea. Stick them in a bunker somewhere for six months at a time. :-) Seriously, I was thinking of some sort of support staff that could handle telecommuting network problems if the main group had to be quarantined...

Re:What about a natural outbreak scenario?

[zptdooda]

Not sure if I understand.

Our team's initial concern in this case was staff being quarantined individually in their homes under a health department edict, as potential SARS carriers. But the setup is robust enough for other purposes.

This is as opposed to having a group of people in a single off-site command center.

My own disaster plan

In case of disaster:

1) Start a riot, and punch people trying to stop you from looting.

2) Run in the street without wearing any pants.

3) Have sex with a mare.

4) ???

5) Profit!

Re:My own disaster plan

[shis-ka-bob]

??? = sell the looted goods -- finally, one even I can figure out

Lehman Brothers

[gorbachev]

Their trading floor might've been up in no time, but speaking as someone who worked with the Lehman Brothers in WTC on 9/11, I can say some of their other divisions weren't as lucky.

The team I was on lost 2 months worth of work, because it wasn't backed up on a remote site. The version control servers were at WTC.

If it wasn't for a single developer, who had made an unauthorized copy of the project on a floppy, we would've lost much more than just 2 months.

Proletariat of the world, unite to kill terrorism

Re:Lehman Brothers

[stevey]

Just to be clear it was more than two months of work, yet it fitted on a Floppy?

Wow!

I guess thinking about it I could believe it .. but at first glance that sounds a bit fishy.

Re:Lehman Brothers

Well, here's an easy reference to the 'project on a floppy' thought:

Go to Freshmeat, download the source code to BitTorrent.

-rw-r--r-- 1 noone arrr 144420 Mar 29 18:37 BitTorrent-3.2.1b.tar.gz

Extract it, check the directory size:

noone@arrr:~$ du -sh BitTorrent-3.2.1b
708K BitTorrent-3.2.1b

That is nearly a 5:1 compression ratio. Seeing as a floppy is 1.44 MB, you could get over 5 megs of compressed sourcecode onto one single disk.

5 Megs of source code is a *lot* of work, even for a team of programmers. So the numbers sound ok to me.

(User & computer names changed to protect the guilty)

Re:Lehman Brothers

[Sloppy]

After reading this, just for kicks, I decided to "zip" up the source code for an accounting system that I maintain, parts of which goes back about 20 years. I'm not sure how many man-years of work this really is (it's not like I spend all day, every day, adding to this product) but I'm sure it's a "few" (being vague here because I know that no one wants to look at numbers that I've pulled out of my ass). Anyway, the entire source "zip -9r"ed into a .. [drumroll] .. 764428 byte file.

Re:I've made my own list of disaster lessons

[I8TheWorm]

I've been involved with disaster recovery plans since 1993 in Houston (hurricane seasons, a propensity for flooding). Most reputable companies down here have viable plans including offsite call centers, daily backups to servers/db's offsite, etc..
I have to relate a funny story though. I wrote code for a large bank with a few offices in downtown Houston. As tropical storm Allison approached (you may have seen pictures of the aftermath), we started sending people home. Unfortunately, the shortsighted management had placed two offsite databases IN HOUSTON for data and call center recovery. The last I saw of our particular network administrator was him loading the physical DB server into his truck in hopes that he could get it home and upstairs. The two DR sites both flooded and we lost those servers. Needless to say, that manager is no longer employed with .

Re:I've made my own list of disaster lessons

[kc0dxh]

Ha! I love the political incorrectness. Seriously, isn't the whole idea planning and an second location? Really, when disaster hits, whether external (terrorism) or internal (hard disk failure), is the person responsible for these systems in a frame of mind to create a plan?

I've watched my 24/7 server choke and die. I had a fever and still got things up and running in less than 8 hours. Why? A plan. I knew where it was and where all my manuals and documentation were.

Just because a server is small and easy to set up doesn't mean it should be treated any less than a mainframe should. Let me say that again, because this is why this is a topic of discussion: treat your servers like mainframes were treated 20 years ago.

Rammstein bombing

[chiph]

Rather, the bombing she survived occurred at Ramstein Air Base in Germany, 20 years before.

I happened to be at Rammstein the day after the bombing mentioned. The transmission from the car got blown over the top of a four-story building (other parts didn't quite make it through the building). Quite a powerful bomb that killed and hurt many people. I think it eventually got pinned on the Red Army Faction.

The fun part was I was returning a Siemens teletype to the maintenance depot there, and the other guy in the VW pickup with me had forgotten his military ID (he had left it in his field jacket back at our base). So here we are pulling up to the main gate with this huge wooden crate in the back, and only one of us has any ID. We were lucky they didn't strip search us on the spot.

Chip H.

Hey!

Unban me from the chatroom, dweebs.

And I'm guessing your pathetic moderators will just mod me down. Your moderators have the identification number (ID) of 10-T. (aka ID-10-T = idiot)

Re:I've made my own list of disaster lessons

Its not racism.

Its not racism to say "Africans have darker skin".

Simply a fact.

Its not racism to say "Asians are usually smaller".

Simply a fact.

Don't confuse facts with racism. Racism is like "Arabs smell". That's simply an insult. It would be more correct to say "The arabs would be okay except for that wacky religion with Allah".

our current plan in full

if it can't be recovered from the on-site week+ old backup, then we close the doors (if the doors are still there) and file for chapter (7, 11, 13, whatever the lawyer suggests)

Re:our current plan in full

the sad part is i'm not really kidding. our current backup is reaching a month old, its in a fireproof safe in the bosses office. we lost the key to the safe, so the safe has been left unlocked for i forgot how long, and if fire hits us, the hopefully the safe stays upright, because if it falls over it will probably open (no latch other then the lock)

(the same AC again)

Re:our current plan in full

"our current plan in full: then we close the doors (if the doors are still there) and file for bankrupcy"

sounds a little like our plan: If you're not at work when it happens, don't bother coming in again, ever. If you are at work, you'll be dead anyway so don't worry.

Anonymous Coward in a building on IRA target lists.

Re:I've made my own list of disaster lessons

[Daniel+Boisvert]

You need your own column on /. This is one of the funniest posts I've read in a very long time...

Re:Applause!

Thanks, it was intended for adequacy, but the bastards never gave any feedback to me, or posted it. I hope they got their pants sued off them.

Re:I've made my own list of disaster lessons

[LostCluster]

And at this hour, the parent post is modded 80% Funny and 20% troll, with a bonus point for coming from a high-karma user. Good work mods, I'm glad nobody's mistaking it for insightful or informative.

Sorry, as much as you try to sugar coat it, this advice is too smart for its own good. Being a racist in your hiring practices is illegal, and keeping a gun or two in the server room is more likely to get you blamed for contributing to a death when a workplace fight gets out of hand than ever being shot at a terrorist. There is such a thing as being too secure for your own good.

Some common-sense preperations are needed, but too many become wasteful, and many bring their own daily problems. Remember, when disasters by definition are rare. Balance your risk tolerance with your tolerance for annoyance in your daily operations... far too many people forget to do that.

Re:I've made my own list of disaster lessons

[SuiteSisterMary]

That, my friend, is one of the funniest damn things I've read in a long time. That's getting printed and going onto a wall somewhere.

take a page from a bank

[Archfeld]

They are the best prepared for a disaster, by the virtue of being required to be open on the fourth day. Ever since the stock market crash, banks have exactly 3 day to recover from ANY disaster and open the doors or the federal government will step in and take over. The fines for failing to uphold any of the fed reg's is ENORMOUS. Both BofA and WellsFargo have used their plans successfully in the past. BofA in both SF during the quake, and in LA during the riots, and Welss Fargo's main headquarters burned. A good Contingency Operations Program is VERY EXPENSIVE, and requires many things beyond the obvious. Do your sales people have all their numbers in a rolodex on their desk, will they be able to function without it ?

Re:I've made my own list of disaster lessons

[afidel]

1)Absolutely, and I would go even farther, in prep for Y2K a friend of mines father had a worst case cenario drill during off hours, they disconnected all incoming WAN links simulating all other datacenters or the telco failing to catch a critical error resulting in total loss of conectivity, some of his collegues found out that their systems had interdependencies that they had not accounted for that could have resulted in problems had there been an actual disruption.
1a)or if you can afford it have offsite backups AND offsite replication
1b)You may not need to have them already purchased there are companies like on of my former employers (then G.E. Capital I.T. Solutions now just G.E. I.T.S) that will sign contracts to have a certain number of each of your machine types available along with either space or mobile trailers to house them.
2)Duh =)
3) Ummm, whatever
4) again duh =)
4a) already standard practice most places unfortunatly
4b) I leave civil defense to the goverment, it's one of the few things they should do.
4c) I forsee this as being a bad thing the next time layoffs happen.

Re:Remember!

[Zigg]

Yeah, okay. Some people died, so let's make sure the people that didn't are also out of work. Great strategy.

That developer

[Faust7]

If it wasn't for a single developer, who had made an unauthorized copy of the project on a floppy,

I ask this question only half-jokingly:

Was s/he fired?

Re:That developer

[gorbachev]

As far as I know, no, he wasn't.

Re:That developer

[dvk]

Probably, considering Lehman's firing a buncg of people in IT and replacing them with outsouring companies from India.

Disaster recovery, what 911 taught me

Run down on what I learned from 9-11.
Were constantly under attack on some front, hey I knew this in my Marine corps days, some attacks are just worse than others.

What YOU should have learned from 9-11.
Dont take life for granted, your a freaking SysAdmin, A programmer, a Techie or god forbid some kind of manager that can be replaced. Work when your at work, back shit up and when you leave work, leave work, dont take it with you if your gone tomorrow, someone will notice, in a week there will be a new face in the crowd to replace you.
You never really know when your gonna be part of some F-ed up shit that is going to happen. Go surfing, get a Girlfriend, get a life outside of work.

The most important disaster you should be planning for is your own, is this mentioned in the book?

Re:Disaster recovery, what 911 taught me

[MonkeyCookie]

A slashdotter trying to get a girlfriend? That's *really* going to require a disaster recovery plan.

Who cares ?

corporations don't spend on disaster recovery anymore. They blew it on Y2K, its been all down-hill since.

disgruntled IT schlub.

"would you like fries with that ?"

Oh really?

And the phrase "camel jockey" is not perjorative? Where I live, this kind of invective can potentially be "racial hatred". Incitement to racial hatred is a criminal offence

Leaving aside the blatant racism, I don't get why so many people think this post is funny; it seems very lame to me.

Re:Oh really?

I agree. One should not use the phrase "camel jockey." It is offensive. "Rug pilot" and "towelhead" are much more appropiate.

Re:Oh really?

But where you live is a third world shithole full of sanctimonious eurotrash wannabes.

The eurotrash are worse than the islamo-fascists because at least the islamo-fascists have the guts to act on their hatred of their American betters. The eurotrash would LOVE to ram passenger jets into American buildings, but are too much of pussies to carry their desires out.

The sanctimonious eurotrash wannabes are even worse than the eurotrash because they actually ASPIRE to be eurotrash.

Re:Oh really?

It isn't racism if he makes fun of all races/ethnicities. Because he never makes fun of Aussies and New Zealanders, one can only assume he was making fun of them by failing to include them as important enough, or that he is a racist Aussie.

Re:critical omission!

[Tumbleweed]

I mentioned this just the other day - don't forget the Emergency Pants!

You can learn a lot from Sluggy Freelance.

Lessson Number One: +1 , Patiotic

Don't trust President George W. Bush et al.

Cheers,
W00t

But whatever you do,

[EvanED]

...when disaster strikes, don't forget your towel.

*a* floppy?!

[erik1474]

Everything backed up to *a* floppy?? What do you guys do all day anyway?

Re:*a* floppy?!

[gorbachev]

Read /. :)

Compression does wonders to text files such as source code, btw.

Re:*a* floppy?!

As an assembly programmer who is paid to keep the file sizes as small as possible, my projects better fit on a floppy.

Re:I've made my own list of disaster lessons

I'm struggling to understand; assuming you didn't find the racist bits funny, which bits exactly are "the funniest things you've ever read". Seriously - I just can't see it.

Re:I've made my own list of disaster lessons

You love the racism? Are you really sure you mean that?

Re:Applause!

They didn't give you feedback because it's so lame, quite apart from the offensiveness.

Disaster Recovery != Survivable Network

[sczimme]

The Survivable Network Technology program at the Software Engineering Institute (part of Carnegie Mellon University) describes in detail what "survivable network" actually means. The author [of the book in the /. review] seems to have missed some key points. Nutshell version: a survivable network keeps going despite disasters, etc; moving to a different network to continue business does not mean you have a survivable network.

In fact, a quick google on "survivable network" turns up several hits (on the first page) from the SEI.

(Disclaimer: I used to work at the SEI, but in a different area.)

Re:Disaster Recovery != Survivable Network

[villy]

The editor probably thought "Survivable Network" had a more sexy yet ambiguous (profitable) connotation then "Survivable IT Infrastructure". My $.02.

Re:Disaster Recovery != Survivable Network

[khallow]

Nutshell version: a survivable network keeps going despite disasters, etc; moving to a different network to continue business does not mean you have a survivable network.

What if it's cheaper to move your functions to a new network than maintain the old one after a disaster? Ie, if the new network appears exactly the same to the user as the old network did, then the network has "survived" whether or not it is the same network as before.

Re:Disaster Recovery != Survivable Network

Yes, and in fact they've changed the name to Survivable Systems Analysis to reflect the more general connotation. So they're still trying to find acceptable terminology.

Anybody who practices in this field knows that this stuff is about somewhat more than choosing a politically acceptable terminology. Criticisms about "moving to a different network" not meeting the test of network survivability badly miss the point.

Re:Disaster Recovery != Survivable Network

[blibbleblobble]

"What if it's cheaper to move your functions to a new network than maintain the old one after a disaster? Ie, if the new network appears exactly the same to the user as the old network did, then the network has "survived" whether or not it is the same network as before."

"This is the axe of my ancestors. Sometimes the head wears out and has to be replaced. Sometimes the handle wears out and has to be replaced. But this is the axe of my ancestors."

Re:I've made my own list of disaster lessons

[kc0dxh]

I don't love racism. Don't be silly. I love the humor of the comments.

Sharing knowledge in a digital age.

Hey! Great book. Anyone have a BitTorrent link?

Price

[jdehnert]

$40 at Barnes and Noble
$28 at Amazon

Re:I've made my own list of disaster lessons

[The+Clockwork+Troll]

Please tell us your age, sex, race and circumstances of your upbringing, and we in the know will explain to you a) why it's funny; b) why you don't "see it".

Error-proof networks != Attack-proof networks

[rfischer]

There was an interesting article in Nature a while back... said that networks like the Internet, which are very tolerant of faults in links and nodes, are not so tolerant of intentional attacks on nodes with high connectivity.

here's the ref. for the curious:
Albert A, Jeong H, Barabasi AL, Error and attack tolerance of complex networks Nature 406:378-382, 2000

They should

[geekoid]

have interviewed the slashdot crew on how they handled there system when everybody in the world was hitting them during 9/11. Sure, its a secondary effect of the actually event, but some news agencies SAs could use this for future events.

Re:I've made my own list of disaster lessons

[khallow]

You're as ignorant a fuck as the poster if you find such racism amusing.

You need to exercise that brain some more. The sarcasm in the original post wasn't that subtle.

Shouldn't that be...

...Planning to Survive Your Network?

Wow

[t0ny]

Wow. Its both informative AND trollishly racist, all while maintaining a certain level of humor.

Good post- kudos!

And I would add..

[dogfart]

You disaster recovery site is no doubt a very stable climate controlled facility, with even temperature and humidity. Just the place to start a wine cellar! Consider keeping a few bottles of treasured Bordeaux first growths, German Auslese, and California Chardonnay.

When a disaster actually occurs, and your well thought out and tested disaster plan makes the whole operation a sucess, celebrate with a fine vintage.

Don't forget to keep a redundant backup copy of a corkscrew as well

Re:And I would add..

[wagemonkey]

Consider keeping a few bottles of treasured Bordeaux first growths, German Auslese, and California Chardonnay.

Spaetlese or Eiswein, not Auslese - do it properly! The Bordeaux is OK, of course but I'm not at all sure about Californian Chardonnay.
Vintage Champagne, vintage Port (and lots of both), Amontillado, Bual, Barolo, Pouilly Fume, Chablis, Chateau d'Yquem... the list could go on for ages. I have a weakness for Rioja and for Australian sparkling Reds (think Shiraz/Cabernet Savignon made method champagnoiose) so I'll have some of that too - oh dear, not enough room for the DLT drives so get rid of the tapes and bring in some Stilton, Yarg, Brie - you get the idea.

I'm not an alcoholic, I have lots of full bottles at my place - well , some of the spirits may not be full any more but they aren't empty yet. The idea of an emrgency wine cellar in a DR site appeals to me but I may end up celebrating the disaster and not recovering from it! Hmmm, is there space in the server room for a bottle of Lagavullin, must check...

get it at bookpool

[TrafficGeek]

you can get it at www.bookpool.com for $21.95 + shipping

Re:I've made my own list of disaster lessons

Let me put it this way. Racist humor is both funny and unfunny. It's funny in the way it mocks stereotypes, but it's unfunny in that it perpetuates them.

The article had enough non-racist humor at the beginning and the end, that one could tell the author wasn't attempting to foment some racist agenda, he was just trying to be funny at the expense of possibly being non-PC.

Off site backup

[MooseBoy]

Thanks to VERITAS Software's NetBackup http://www.veritas.com may companies were saved in the Towers coming down.

Re:Off site backup

[nurbman]

Has anyone out there tested the Disaster Recovery options of Veritas/Arcserve/Legato etc. in an MS environment? (no sneers please)

I'm kind of skeptical of them. It seems that you need the open files agent (costing $$$) on all your servers in addition to the D/R option. Even that may not be enough to work, since you will likely be restoring to different hardware than the one that was destroyed. (unless you get lucky on Ebay)

The only other option that I can see would be to image the hard drives with Imagecast or Ghost etc. This will work with a hardware RAID array but not a software one. If you took an image for safety and then a second image after running Sysprep, you would likely be able to restore to different hardware (chipsets/video/other drivers). You would then backup/restore the data using a regular full backup.

Any thoughts?

Re:Off site backup

[slyxter]

Use Veritas to back up all of your data (databases etc.) to tapes. Back up the OSs/applications using sysprep. Sysprep is quite useful for transferring a server to different hardware. Ghost is what I use to copy my sysprep images.

Re: Programming Satan's Computer

[plcurechax]

Ross Anderson, professor at Cambridge University has some works on this including Programming Satan's Computer (PDF) which looks at cryptographic protocols being attacked by being deployed on hostile system. Such as Satellite TV decoders which rely on smartcards which are in the posession of the attacker / customer.

The Tamper Lab is pretty impressive too.

Making your system realible in the present of the hostile attacker or on a hostile system is very hard, well nearly impossible.

Lehman Brothers Headquaters

[dvk]

#1: OK, small nitpick: Lehman's HQ was in WFC3, NOT in WTC1. However, it did have presence in all 4 buildings mentioned.

#2: While thoretically Lehman was migrated more-or-less OK (we did have off-site backups, backup datacenter, etc...), in practice the only thing that saved them was the working-to-death of IT people in the next week.

Many of backups were made on the same-site servers. Restores were difficult, obviously. (read: almost impossible in some cases).

Many servers didn't have decent failover h/w in the backup datacenter. Hint: the datacenter was increased by over 100% in 4 days, based on my visual estimates while carrying servers up there).

FYI, I was "blessed" with starting off with a 24-hour shift, and then pulling 12-hour night shifts for over a week. Considering the fact that 9/12/01 was my 1-month wedding anniversary and that both Mrs. and myself were in WTC1 when the plane flew into it, one can see how I was a bit upset at the management, ESPECIALLY since my own application failed over with no problems - i'd rather have spent more time with her.
What did I get for all that effort? Yay! A plaque, with an image of WTC. Nice gesture, Mr. CEO! :(

-DVK

Re:Lehman Brothers Headquaters

[davidstrauss]

ESPECIALLY since my own application failed over with no problems - i'd rather have spent more time with her.

You'd rather spend time with your application than your wife?

Exercises in constructive paranoia

[alizard]

Try my disaster preparation page for sys/netadmins at this page.

It's more oriented towards small businesses and ISPs without the resources to build complete backup sites a few thousand miles away.

Earthquakes and other disasters

[billstewart]

There are a whole range of things that can go wrong with networks, and part of Business Continuity Planning is being paranoid about the right problems. Too many East Coast companies got surprised by 9/11 - here on the West Coast we have buildings fall over every decade or so, though fortunately the loss of life has been kept low by good building technology. You do have to spend a lot of time looking at what your critical resources are, including your people, your computers, your data, your telecomm networks, your phone system, etc.

On the other hand, we're not so good at planning for the "ice storm kept everybody home" problem. I have once had a meeting cancelled because of snow in Silicon Valley - the critical customer lived in Santa Cruz, and there were six inches of snow on the mountain top, on a road which is unpredictable in good weather.

too bad I don't have my mod points today...

[alizard]

I would have modded you down to zero for encouraging an irrational fear of guns... you expect brownie points for political correctness on slashdot?

Re:too bad I had already posted in this

[LostCluster]

No, but I do exepect something that over-paranoid admins are gonna mistake for advice get modded something a little less than a 4... The parent post seems to have attracted a few Flamebait and Troll mod points since I posted. :)

A few things to keep in mind about Disaster Plans

[Dolemite_the_Wiz]

1) Just because you have a disaster plan doesn't put your company in the clear. You've got to put it into action and make sure that this plan will be ready to go at a moment's notice.

2) You've got to test the plan/Backups pierodically.

3) During 9/11 in NYC, the only portable communication devices that worked in the Twin Towers were Blackberry devices.

4) A Remote, out of state, location for a backup datacenter is a good thing.

5) If you need justification for Management for putting together a disaster plan, say this "Which will cost more, putting together a Disaster Plan or repairing a companies reputation as a result for not having one?

Dolemite
_______________________

Re:I've made my own list of disaster lessons

[wagemonkey]

the locals work cheap, the state governments are willing, and the locals aren't sophisticated to know what to do with 4mm dat tapes

How smart do they need to be to throw them in the landfill?
If you're DR plan is relying on DAT tapes, well then you don't have a DR plan, you're relying on Lady Fortune, and she's a mighty fickle helper.

Re:A few things to keep in mind about Disaster Pla

"2) You've got to test the Backups pierodically."

Dammit, backups aren't there to be used. They're there for our ISO-9000 certification! Whaddya mean you want to retrieve data?

Oops, best become AC again...

Re:critical omission!

[blibbleblobble]

"I mentioned this just the other day - don't forget the Emergency Pants!"

Coffee machine on a UPS