I agree with the RTO statement, which is supposed to be specified in the BCP/DR plan after the BIA is completed. This will let you know how much and how quickly things need to be brought back. Again we all know we aren't told about these things, until something goes down and it gets painful for the business and they come back and ask why it isn't HA configuration and you go spend a ton of money making everything and its brother HA, at costs that probably aren't justified in some cases.
Thanks for the refresher discussion I gotta keep this stuff in my head for 2 more days till my CISA exam on Saturday... Z Edward E. Ziots, CISSP, Security +, Network + Security Engineer Lifespan Organization ezi...@lifespan.org -----Original Message----- From: Jim Holmgren [mailto:jholmg...@xlhealth.com] Sent: Thursday, December 06, 2012 11:20 AM To: NT System Admin Issues Subject: RE: File Services Clustering in Server 2012 Valid point Z, but I think you also have to consider loss of productivity/revenue and RTO. Suppose I have a mission critical system that fails due to ... let's say a corrupt OS file. If it takes 1 hour to recover a single-instance server (Physical or VM) vs. 2 minutes to fail over to a secondary node in a cluster, that's 58 minutes of avoidable downtime to my employees. Further suppose that the business unit that relies on this system generates approximately $50,000 in revenue per hour. That is about $48,000 in lost revenue. I realize this is simplifying the issue a bit, but to me, in this case, it is worth the extra effort to avoid that additional downtime. I think it really boils down to what is acceptable risk to the business on a particular system - there is no real cut-and-dried answer. Jim Jim Holmgren Director of Technology Infrastructure XLHealth Corporation The Warehouse at Camden Yards 351 West Camden Street, Suite 100 Baltimore, MD 21201 410.625.2200 (main) 443.524.8573 (direct) 443-506.2400 (cell) www.xlhealth.com -----Original Message----- From: Ziots, Edward [mailto:ezi...@lifespan.org] Sent: Thursday, December 06, 2012 10:50 AM To: NT System Admin Issues Subject: RE: File Services Clustering in Server 2012 This is a valid case, but how many times in a year does this happen. ( ALE= SLE X ARO). So it's a 300,000 event that say happens 5 times a year .005 300,000 X .013 (5/365)=3,900 dollars you can afford to spend to fix the issue and the cost of the control is in line with the Annual Lost Expectancy of the event factored over the year. I am sure a cluster and hardware costs more than 3,900, therefore cost of control is higher than the expected loss, you usually don't implement that control. Z Edward E. Ziots, CISSP, Security +, Network + Security Engineer Lifespan Organization ezi...@lifespan.org -----Original Message----- From: Joseph L. Casale [mailto:jcas...@activenetwerx.com] Sent: Thursday, December 06, 2012 10:29 AM To: NT System Admin Issues Subject: RE: File Services Clustering in Server 2012 > Yep setting up a cluster just to protect against a service dying is overkill. I think that statement might be a bit to general. What if that service doesn't simply "restart" and 2500 people have their work impacted for 4 hours while its resolved? 2500*$30*4=$300,000.00 as an example... Does that "application" cluster investment still sound unrealistic? ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin CONFIDENTIALITY NOTICE: This email, including attachments, is for the sole use of the intended recipient(s) and may contain confidential and/or protected health information. Under the Federal Law (HIPAA), the intended recipient is obligated to keep this information secure and confidential. Any disclosure to third parties without authorization from the affiliate or as permitted by law is prohibited and punishable under Federal Law. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message. NOTA DE CONFIDENCIALIDAD: Este facsÃmile, incluyendo lo adjunto, es para el uso exclusivo del destinatario(s) y puede contener información confidencial y/o información protegida de salud. En virtud de la Ley Federal (HIPAA), el destinatario tiene la obligación de mantener esta información segura y confidencial. Cualquier divulgación a terceros sin la autorización de los miembros de lo permitido por la ley está prohibido y penado en virtud de la Ley Federal. Si usted no es el destinatario, por favor, póngase en contacto con el remitente por teléfono y destruir todas las copias del mensaje original ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin