DRJ Fall 2019

Conference & Exhibit

Attend The #1 BC/DR Event!

Fall Journal

Volume 32, Issue 3

Full Contents Now Available!

Industry Hot News

Industry Hot News (61)

National Preparedness Month (NPM), is recognized each September to promote family and community disaster and emergency planning now and throughout the year. The 2019 theme is Prepared, Not Scared. Be Ready for Disasters   

2019 Weekly Themes

  • Week 1: Sept 1-7                      Save Early for Disaster Costs

  • Week 2: Sept 8-14                    Make a Plan to Prepare for Disasters

  • Week 3: Sept 15-21                  Teach Youth to Prepare for Disasters

  • Week 4: Sept 22-30                  Get Involved in Your Community’s Preparedness


  • #NatlPrep
  • #PrepareNow
  • #FloodSmart
  • #YouthPrep
  • #ReadyKids

Graphics, Videos, and Related links

For more engaging content, attach graphics that are sized appropriately for specific social media posts (i.e., Twitter & Facebook). 

National Preparedness Month Congressional Co-Chairs

Social Media Content

Week 1:  Save Early for Disaster Costs  

Web Resources

Social Media Posts

Week 2: Make a Plan

Web Resources

Social Media Posts

  • Be Prepared. Make an emergency plan today & practice it: www.ready.gov/plan #PrepareNow #NatlPrep

  • Preparing your family for an emergency is as simple as a conversation over dinner. Get started with tips from @Readygov: ready.gov/plan #PrepareNow #NatlPrep

  • It’s important to include kids in the disaster planning process. Review your family emergency plan together so that they know what to do even if you are not there: ready.gov/kids #YouthPrep #PrepareNow #NatlPrep

  • Practice your fire escape plan by having a home fire drill at least twice a year with everyone in the home. #PrepareNow #NatlPrep

  • Download a group texting app so your entire circle of family and friends can keep in touch before, during & after an emergency. #NatlPrep #PrepareNow

  • Practice evacuating in the car with your animals, so they’re more familiar if you need to evacuate in an emergency. #NatlPrep #PrepareNow

  • Be prepared. Get the @fema app with weather alerts for up to 5 locations, plus disaster resources and safety tips: fema.gov/mobile-app #NatlPrep #PrepareNow.

  • Contact your water and power companies to get on a “priority reconnection service” list of power-dependent customers if you rely on electrical medical equipment. #PrepareNow

  • Learn how to turn off utilities like natural gas in your home. ready.gov/safety-skills #PrepareNow #NatlPrep

  • Be prepared for a power outage by having enough food, water, & meds to last for at least 72 hours: ready.gov/kit #PrepareNow

Week 3: Youth Preparedness

Web Resources

Social Media Posts

  • Teach children what to do in an emergency if they are at home or away from home. ready.gov/kids#PrepareNow #NatlPrep #YouthPrep

  • Help your kids know how to communicate during an emergency. Review these topics with them: Sending text message; Emergency contact numbers; Dialing 9-1-1 for help ready.gov/kids #PrepareNow #NatlPrep #YouthPrep

  • Update school records and discuss emergency contact numbers with kids before they go: ready.gov/make-a-plan  #BackToSchool #YouthPrep

  • Add your kids’ school’s social media info to the family communication plan: ready.gov/kids/make-a-plan#YouthPrep #ReadyKids

  • Review your family emergency communications plan with kids at your next household meeting. #YouthPrep #ReadyKids

  • Include your child's medication or supplies in your family’s emergency kit. More tips visit: ready.gov/kit#YouthPrep #ReadyKids

  • Include your child's favorite stuffed animals, board games, books or music in their emergency kit to comfort them in a disaster. #YouthPrep

  • Get the kids involved in building their own emergency kit: www.ready.gov/kids/build-a-kit  #YouthPrep #ReadyKids

  • Kids can #BeAForce... by playing the online emergency preparedness "Build a Kit" game: www.ready.gov/kids/games #YouthPrep #ReadyKids

  • Speak Up! Ask your child’s teacher about the plans the school has in place for emergencies. #BacktoSchool #YouthPrep www.healthychildren.org/English/safety-prevention/all-around/Pages/Actions-Schools-Are-Taking-to-Make-Themselves-Safer.aspx

  • Your kids can become Disaster Masters with this @Readygov preparedness game: www.ready.gov/kids/games #YouthPrep

  • Are your students prepared for an emergency? Download curriculum for grades 1-12 for your classroom: www.ready.gov/kids/educators #YouthPrep

Week 4: Get Involved in Your Community’s Preparedness

Web Resources

Social Media Posts

  • Community Emergency Response Teams (CERTs) trains volunteers to prepare for the types of disasters that their community may face. Find your local CERT: https://community.fema.gov/Register/Register_Search_Programs #NatlPrep
  • Learn about the hazards most likely to affect your community and their appropriate responses. #NatlPrep #PrepareNow
  • Every community has voluntary organizations that work during disasters. Visit https://www.nvoad.org to see what organizations are active in your community. #NatlPrep
  • Encourage students to join Teen CERT so they can respond during emergencies. Learn more: www.fema.gov/media-library/assets/documents/28048 #YouthPrep
  • Your community needs YOU! Find youth volunteer and training opportunities to help your community here: www.ready.gov/youth-preparedness #YouthPrep #NatlPrep
  • Finding support from friends, family, and community organizations can help kids cope with #disasters. #YouthPrep
  • Take classes in lifesaving skills, such as CPR/AED and first aid, or in emergency response, such as CERT. #PrepareNow #NatlPrep
  • Check in with neighbors to see how you can help each other out before and after a storm #HurricanePrep
  • If you have a disability, plan ahead for accessible transportation that you may need for evacuation or getting to a medical clinic. Work with local services, public transportation or paratransit to identify accessible transportation options. ready.gov/individuals-access-functional-needs #NatlPrep

  • If you have a disability contact your city or county government’s emergency management agency or office. Many keep lists of people with disabilities so they can be helped quickly in a sudden emergency. ready.gov/individuals-access-functional-needs #NatlPrep

Tuesday, 06 August 2019 15:58

Update on 2019 National Preparedness Month

By Dave Bermingham, Technical Evangelist at SIOS Technology

High availability and disaster recovery protections both require redundant resources configured to minimize or eliminate single points of failure. Because failures sometimes occur on a large scale, a best practice is to put some geographical distance between some of these resources. Amazon Web Services meets this need by offering multiple Availability Zones and Regions to facilitate business continuity during all likely failures—from a single server crashing to a widespread natural disaster.

This article provides practical guidance to help database and system administrators tasked with protecting SQL Server databases running in the AWS cloud. The high availability (HA) and disaster recovery (DR) provisions available with the AWS cloud and the SQL Server software are covered first in separate sections. This is followed by a third section outlining how these provisions can be used in a cost-effective configuration that combines HA and DR protections in a failover cluster spanning multiple AWS Availability Zones and Regions.

Multiple Availability-Zones and Regions in the AWS Cloud

Fully protecting applications, including those with SQL Server databases, from all possible outages requires recognizing the differences between “failures” and “disasters” because those differences determine the different provisions needed for HA and DR. Failures are short in duration and small in scale, affecting a server, rack, or the power or cooling in a datacenter. Disasters have more widespread and enduring impacts, affecting multiple facilities, including offices and datacenters alike, in ways that preclude rapid localized recovery.

The most consequential difference involves the location of the redundant resources (systems, software and data), which can be local—on a Local Area Network—for recovering from a localized failure. By contrast, the redundant resources required to recover from a widespread disaster must span a Wide Area Network. For database applications that require high transactional throughput performance, the ability to replicate the active instance’s data synchronously across the LAN enables the standby instance to be “hot” and ready to take over immediately and automatically in the event of a failure. Such rapid response should be the goal of all HA provisions.

Because latency inherent in the WAN would adversely impact on the throughput performance in the active instance when using synchronous replication, data is usually replicated asynchronously in DR configurations. This means that updates being made to the standby instance always lag behind updates being made to the active instance, which makes the standby instance “warm” and results in an unavoidable delay during the manual recovery process.

AWS Availability Zones (AZs) offer the best of both by combining the synchronous replication available on a LAN with some geographical separation previously possible only in the WAN. AZs connect multiple datacenters within an AWS region via a low latency, high throughput network that facilitates synchronous commit with negligible impact on database performance. In many regions, the latency across AZs is less than one millisecond, which has made the use of multi-zone configurations a new best practice for HA failover clusters.

For additional protection against major disasters that could affect multiple Availability Zones, AWS operates multiple Regions throughout the world. Amazon employs encrypted Virtual Private Cloud (VPC) peering among Regions to deliver highly reliable and secure communications. As expected, replicating data across AWS Regions will need to be done asynchronously for SQL Server databases, and to ensure minimal or no data loss, the recovery will need to be performed manually. The resulting delay in DR provisions is tolerable, however, because Region-wide disasters are rare.

SQL Server’s Always On Availability Groups and Failover Cluster Instances

SQL Server offers two of its own options for HA and DR protections: Failover Cluster Instances (FCIs) and Always On Availability Groups. FCIs have two notable advantages: The feature is included in the less expensive Standard Edition; and they protect the entire SQL Server instance, including user and system databases. A major disadvantage is the requirement Windows Server Failover Clustering (WSFC) has for shared storage, such as a storage area network (SAN), as a means to replicate (or actually share) data between the active and standby instances. The problem is: Shared storage has not historically been available in the AWS cloud, or in any other public cloud.

The lack of shared storage in the cloud was addressed in the Datacenter Edition of Windows Server 2016 with Storage Spaces Direct (S2D), which also received concurrent support in SQL Server 2016. S2D is software-defined storage that creates a virtual SAN, enabling data to be shared between multiple instances. S2D requires that the servers reside within a single datacenter, however, making it incompatible with Availability Zones. For this reason, using FCI for HA and/or DR protections across multiple AWS AZs and Regions requires using a third-party solution for data replication.

The other SQL Server option is Always On Availability Groups. This option is more capable than FCIs for both HA and DR, and it possesses some other notable advantages, such as readable secondaries (with appropriate licensing) and no restrictions on the size of databases. But it requires licensing the more expensive Enterprise Edition, and that makes this option cost-prohibitive for many database applications. Another limitation is that only the user database is replicated, creating the need for separate provisions to protect the entire SQL Server instance.

Using an application-specific HA/DR solution like Always On Availability Groups has another disadvantage: Separate HA and/or DR provisions will be needed to protect all other applications, including those using a different database. Having multiple HA/DR solutions can substantially increase complexity and costs for licensing, training, implementation and ongoing operations. This is yet another reason why both database and system administrators increasingly prefer to use general-purpose failover clustering solutions.

Consolidating HA and DR Protections in a SANless Failover Cluster

The lack of shared storage in the cloud has long been addressed by third-party failover clustering solutions purpose-built for HA and DR protections in private, public and hybrid cloud environments. These solutions are implemented entirely in software to enable creating, as their designation implies, a cluster of servers and storage—sans SANs—and with rapid, automatic failover to assure high availability at the application level.

Versions for Windows Server are designed to work seamlessly with WSFC by providing real-time block-level data replication both on-premises and in a cloud-based SANless environment. A major advantage with SQL Server is support for FCIs without imposing any need to compromise availability or performance. These solutions usually overcome another limitation, this one imposed by the Standard Edition of SQL Server, of being able to configure only two FCI nodes in a failover cluster. As will be shown in the example below, the ability to have a two-node cluster spanning Availability Zones, along with a third instance in a different Region, affords mission-critical HA/DR protections in a single configuration.

Versions for Linux, which lacks a fundamental clustering capability equivalent to WSFC, must provide a total HA/DR solution that includes data replication, continuous application-level monitoring and configurable failover/failback recovery policies. Linux is becoming increasingly popular for SQL Server databases and other enterprise applications, and third-party failover clustering solutions now make configuring HA/DR protections nearly as easy as it is for Windows Server. Without such a solution, administrators would be forced to struggle making open source software work dependably in full, application-specific HA/DR stacks. It is for this reason that only the very largest organizations have the wherewithal (skill set and staffing) needed to even consider taking on such ongoing efforts.

While specific to the operating system, most failover clustering software is application-agnostic, enabling administrators to have a single, universal HA/DR solution. Most such solutions also offer a variety of value-added capabilities. Examples include data compression and other forms of WAN optimization to reduce bandwidth utilization in multi-region clusters, minimalist “warm” standby configurations that also reduce costs, and manual switchover of active and standby instances to facilitate planned maintenance and routine backups with minimal disruption to the applications.

“Undersizing” standby instances can afford considerable savings. Because the standby instance rarely runs a production workload, it is possible to reduce costs by allocating minimal resources (e.g. CPU, memory and network bandwidth) while it functions in its normal standby mode. The tradeoff is that, in the event a failover, the allocation will need to be resized before the instance can become the active node. This extra step adds to the recovery time because it requires a reboot. There are other factors to consider, as well, such as I/O requirements and the storage limitations of smaller instance types. But when viable, the cost saving can be significant.

Additional savings is afforded by compressing the data that transverses the WAN, especially in hybrid cloud configurations. The higher the compression, the higher the CPU utilization, so some tweaking is usually needed to achieve the optimal balance.

The diagram shows a popular AWS configuration that provides both HA and DR protections in a VPC that distributes three SQL Server instances across multiple Availability Zones and Regions. For clusters spanning multiple Availability Zones within a single AWS Region, the data replication is synchronous, enabling rapid automatic failovers from all localized failures. For clusters spanning multiple AWS Regions, the data replication must be asynchronous to avoid adversely impacting on throughput performance, and failovers will need to employ manual processes to minimize the potential for data loss.

SIOS AWS Multi ZoneRegion 190726

This popular SANless failover cluster configuration consists of a two-node HA cluster spanning two AWS Availability Zones, along with a third instance deployed in a separate AWS Region to facilitate a full recovery after a widespread disaster.

It is also possible to have two- and three-node configurations in a hybrid cloud environment for HA and/or DR purposes. One such three-node configuration is a two-node HA cluster located in an enterprise datacenter with a third instance located in the AWS cloud for DR protection—or vice versa.

Confidence in the AWS Cloud

As of this writing, AWS has 61 Availability Zones deployed in 20 Regions, making the AWS Global Infrastructure eminently capable of providing carrier-class HA/DR protection for SQL Server databases. But with a purpose-built failover clustering solution, such carrier-class high availability need not mean paying a carrier-like high cost. Because SANless failover clustering software makes effective and efficient use of all AWS compute, storage and networking resources, while also being easy to implement and operate, these solutions minimize ongoing costs, resulting in robust HA and DR protections being more affordable than ever before.

The security, agility, scalability and high availability made possible by overlaying SANless failover clusters atop multiple, geographically-dispersed Availability Zones and Regions should give even the most risk-adverse administrators the confidence needed to migrate mission-critical SQL Server databases and other applications to the AWS cloud.

About the Author

David Bermingham is Technical Evangelist at SIOS Technology. He is recognized within the technology community as a high-availability expert and has been honored to be elected a Microsoft MVP for the past 8 years: 6 years as a Cluster MVP and 2 years as a Cloud and Datacenter Management MVP. David holds numerous technical certifications and has more than thirty years of IT experience, including in finance, healthcare and education.


When a business faces technological disruptions or natural disasters such as floods, earthquakes, fires and tornadoes, no one anticipates it. These types of events occur when least expected and can result in either a major loss of personnel, workplaces, dependencies, revenue or potentially all. For instance, let’s consider a huge fire that endangers the workplace inflicting structural damage to all nearby buildings. If employees are traveling to the affected worksites during this time, it may not be safe for them. So where can the employees go if the affected worksite(s) are unavailable due to the structural damage caused by the disaster? How can employees continue to perform there day to day activities and minimizing downtime?

In the event of a disaster, it is important for employers to be prepared and employees to be made aware of the potential dangers and, provided with instructions on where to work from if their worksite(s) are unavailable. It is ultimately the responsibility of leadership to ensure the safety of their employees and their ability to continue to run their business. 

In today’s world, earthquakes, floods, and civil unrest matters occur more frequently and create havoc for businesses, costing them millions of dollars in revenue and in some worst-case scenarios leading them to go out of business. Following a disaster, almost 90% of smaller companies fail within a year unless they can resume within 5 days. To minimize the severity of impact, 20% of larger companies will spend over 10 days per month on their continuity plans. (FEMA) 

Develop A Business Continuity Program

By designing a Business Continuity (BC) Program, you can increase the chances of your business surviving unforeseen disruptions. There are best practices and standards (DRJ & ISO22301) to help establish and outline the criteria for a Business Continuity, Disaster Recovery and Emergency Management program. These standards are meant to guide organizations and promote a shared understanding of the fundamentals of Business Resiliency. 

Before developing a BCP, there are preliminary steps to be considered. Seeking professional Business Continuity consulting is a good start to obtain the best results for the program. A Business Continuity consultant should be able to walk a client step by step through how to design the right program for their business. They should also be able to provide the framework, tools and training for the program to be successful. A Business Continuity program should be consistent with the organization’s mission, management policy, financial commitments, and be assessed and improved on an annual basis.

What Your Business Continuity Plans Should Look Like

Once the Business Continuity Program is up and running, the end goal is to have well documented and tested Business Continuity plans. This will ensure your employees understand their roles during a disruptive event and the business can quickly become operational again. The plans should include an outline of recovery strategies and who should be responsible for specific tasks to assist in implementation when the disruptive event takes place. The Business Continuity Plan should be assessed regularly to meet compliance requirements by conducting periodic reviews, testing, and evaluating post-incident reports and overall improving the program.

Your Business Continuity Plan should include the following

  • Appropriate recovery strategies for a variety of loss scenarios
  • Mitigation plan that establishes interim and long-term actions to minimize downtime during recovery
  • Short-term and long-term strategies that address processes, staff, and acceptable time frames for the restoration of services, facilities, programs, and technology.
  • Documented critical and time-sensitive applications recovery procedures, vital records, processes, and functions that have a critical impact to your business if unavailable.
  • Call tree or notification procedure to activate the plan
  • List of recovery team members with detailed contact information who can carry out specific tasks during recovery

Be Prepared

All businesses are subject to unplanned and inevitable disasters that pose potential threats. Having a well-documented & exercised Business Continuity Program can mean the difference between a business that is resilient and a business that fails when disaster strikes. Be prepared by reviewing your business continuity plan now.

OscarMunozOscar Munoz is a Business Continuity Consultant at Virtual Corporation who has a combination of 6 years in IT, Business Continuity, Vendor Management & Business Analytics. He brings a deep understanding of IT and Business Resiliency and carries a broad set of skills that crosses technical, business risk, program, and vendor management. Oscar can conduct Business Impact Analysis, Business Continuity Planning and exercise validation on processes & regulations on all layers of an organization, including analyzing & implementing solutions to meet regulatory requirements and management of disasters that lead to business disruptions.

Interested in learning more about how to construct or revise your business continuity plans? Contact Virtual Corporation today for business continuity and organizational resilience solutions.
Tuesday, 23 July 2019 19:58

The Value of a BC Program

Originally appeared on the DCIG blog.



As more organizations embrace a cloud-first model, everything in their IT infrastructure comes under scrutiny, to include backup and recovery. A critical examination of this component of their infrastructure often prompts them to identify their primary objectives for recovery. In this area, they ultimately want simplified application recoveries that meet their recovery point and time objectives. To deliver this improved recovery experience, organizations may now turn to a new generation of disaster-recovery-as-a-service (DRaaS) offerings.

A Laundry List of DRaaS’ Past Shortcomings

DRaaS may not be the first solution that comes to mind to improve their recovery experience. They may not even believe DRaaS solutions can address their recovery challenges. Instead, DRaaS may imply that organizations must first:

  1. Figure out how to pay for it
  2. Accept there is no certainty of success
  3. Do an in-depth evaluation of their IT infrastructure and applications
  4. Re-create their environment at a DR site
  5. Perform time consuming tests to prove DRaaS works
  6. Dedicate IT staff for days or weeks to gather information and perform DR tests

This perception about DRaaS may have held true at some level in the past. However, any organizations that still adhere to this view need to take a fresh view of how DRaaS providers now deliver their solutions.

The Evolution of DRaaS Providers

DRaaS providers have evolved in four principal ways to take the pain out of DRaaS and deliver the simplified recovery experiences that organizations seek.

1. They recognize recovery experiences are not all or nothing events.

In other words, DRaaS providers now make provisions in their solutions to do partial on-premises recoveries. In the past, organizations may have only called upon DRaaS providers when they needed a complete off-site DR of all applications. While some DRaaS providers still operate that way, that no longer applies to all of them.

Now organizations may call upon a DRaaS provider to help with recoveries even when they experience just a partial outage. This application recovery may occur on an on-premises backup appliance provided by the DRaaS provider as part of its offering.

2. They use clouds to host recoveries.

Some DRaaS providers may still make physical hosts available for some application recoveries. However, most make use of purpose-built or general-purpose clouds for application recoveries. DRaaS providers use these cloud resources to host an organization’s applications to perform DR testing or a real DR. Once completed, they can re-purpose the cloud resources for DR and DR testing for other organizations.

3. They gather the needed information for recovery and build out the templates needed for recovery.

Knowing what information to gather and then using that data to recreate a DR site can be a painstaking and lengthy process. While DRaaS providers have not eliminated this task, they shorten the time and effort required to do it. They know the right questions to ask and data to gather to ensure they can recover your environment at their site. Using this data, they build templates that they can use to programmatically recreate your IT environment in their cloud.

4. They can perform most or all the DR on your behalf.

When a disaster strikes, the stress meter for IT staff goes straight through the roof. This stems from, in part, few, if any of them have ever been called upon to do a DR. As a result, they have no practical experience in performing one.

In response to this common shortfall, a growing number of DRaaS providers perform the entire DR, or minimally assist with it. Once they have recovered the applications, they turn control of the applications over to the company. At that point, the company may resume its production operations running in the DRaaS provider’s site.

DRaaS Providers Come of Age

Organizations should have a healthy fear of disasters and the challenge that they present for recovery. To pretend that disasters never happen ignores the realities that those in Southern California and Louisiana may face right now. Disasters do occur and organizations must prepare to respond.

DRaaS providers now provide a means for organizations to implement viable DR plans. They provide organizations with the means to recover on-premises or off-site and can do the DR on their behalf. Currently, small and midsize organizations remain the best fit for today’s DRaaS providers. However, today’s DRaaS solutions foreshadow what should become available in the next 5-10 years for large enterprises as well.

Thursday, 11 July 2019 21:22

DRaaS Providers Come of Age

Cyber threats are simply a business reality in the modern age, but with the right knowledge and tools, we can protect our businesses, employees and customers. Davis Malm’s Robert Munnelly outlines five actions companies can take to maximize long-term cyber safety.

Decades of experience in the age of broadband and security breaches has taught us important lessons about the steps companies should take to protect themselves, employees and customers from cybersecurity threats. Every company should make an effort to adopt specific action items so as to maximize opportunities for long-term cyber safety in this increasingly interconnected world.

Following are five actions companies must take to prepare.




Senior Vice President, Direct Sales and Business Development, Inmarsat Government Inc.

Seeing a disaster unfold on television or online triggers many emotions. It can, on occasions, be very difficult to watch the images being broadcast. Yet to arrive in a devastated region in-person as a first responder? The impact can be beyond description. They are surrounded by victims who need medical attention, need food and water, and are desperate to find and connect with their loved ones.

In providing relief, first responders must focus on these victims, without worrying about whether they are able to communicate with commanders at another site or send damage-related video and data to them. Nor should they be expected to have a detailed mastery of how a communication system works. The mission is about assistance and relief, not connectivity set-up. However, in any disaster, reliable communications is of critical importance.

In normal circumstances, we consider cell phone coverage as ubiquitous – a given. Yet, that is not always the case at a disaster scene, where commercial networks may be overloaded or sustain damage. Access to reliable, easy-to-install-and-operate communications amid such circumstances can, on first examination, appear very difficult to achieve.

But FirstNet, America’s dedicated public safety broadband communications platform, is changing that. It’s being built with AT&T in a public-private partnership with the First Responder Network Authority – an independent government authority. Since its launch, FirstNet has been reliably supporting public safety’s response of emergency and everyday situations. Public safety agencies used FirstNet during last year’s wildfires and hurricanes as well as tornadoes and flooding events this year. And FirstNet has stood up to the challenge, keeping first responders connected and enabling them to communicate when other systems went down.

Satellite communications (SATCOM) are a critical part of the FirstNet communications portfolio, helping to deliver the capabilities that “First In/Last Out” responders depend upon in hard-hit disaster areas. Inmarsat Government is proud to be part of the core team AT&T selected to help deliver the FirstNet communication ecosystem, bringing resilient, highly secure SATCOM capabilities for our country’s first responders.

The FirstNet ecosystem strengthens public safety communications, enabling coordination more quickly and effectively in disasters and emergencies. FirstNet users can leverage narrowband and wideband SATCOM solutions, which have been a trusted, reliable choice for public safety agencies’ mission-critical communication needs for nearly half a century and should be part of any disaster response/Continuity of Operations (COOP) planning. Unlike traditional wireline or cellular wireless systems, SATCOM uses satellites to “bounce” voice or data signals to or from a remote user through the sky and back to one or more geographically resilient downlink facilities (“earth stations”), which are connected to the global communication backbone networks. This resiliency enables communications virtually anywhere, as users have a “line-of-sight” path through the air to the satellite.

Through SATCOM solutions, users acquire instant voice, data and video services, using equipment that is often as simple and easy to use as a cell phone, and small and light enough to store in a backpack. These solutions are often embedded in communication systems. SATCOM solutions have proven themselves – over and over again – as irreplaceable in delivering the following, unique capabilities anywhere in the world:

Augmented, constant connectivity. In assessing damage and casualties, responders must connect to the command and control center as well as restore communications for the local community. This requires high bandwidth availability for seamless voice, data, image and video transmissions for a variety of applications. With SATCOM, those running the command and control center operations, for example, can dynamically allocate voice and data resources to where they are needed and to do so in real time. They transfer live video streams from affected areas back to the center so that the command and control center can observe and advise.

SATCOM offers a sound option to first responders. It is a dependable – and often the only option – that augments “terrestrial” (LTE cellular or wireline) communications for enhanced, robust connectivity.

Highly reliable coverage. SATCOM offers ubiquitous satellite coverage no matter where first responders go. SATCOM services use satellites to reach any location on the planet. As such, satellite-based connectivity is unaffected by disasters/emergencies which may destroy local tower infrastructure and is accessible in the most remote or rural areas.

Flexible solutions. Solutions available to FirstNet users range from satellite phones for individual users to portable or vehicle-mounted solutions and fixed satellite capabilities. These fulfill a variety of public safety use case scenarios for SATCOM in remote areas, such as providing law enforcement officers, firefighters or emergency medical technicians (EMT) who operate in remote areas with a satellite phone for highly reliable voice services for emergencies. In addition, the solutions can equip first responder vehicles with dual LTE/SATCOM terminals to maintain constant or on-demand voice/data communications in rural areas. Boats or other maritime craft can be equipped with SATCOM units for operations offshore or over bodies of water where cellular coverage does not exist.

Easy setup/deployment. As indicated, public safety organizations and “First In/Last Out” responder units must focus on the mission at hand. SATCOM allows them to meet their immediate, key objectives through capabilities which involve minimum installation time; users are up and running within a few minutes. For example, first responders in disaster-prone areas often depend upon rapidly deployable “SATCOM go kits,” using satellite phones and/or SATCOM broadband terminals they can easily set up. They can deploy these man-portable or broadband voice/data satellite kits in under 10 minutes, to establish incident command outposts in remote areas for voice, video conferencing and data. By default, the kits link to LTE/cellular networks to create hotspots. Yet, they automatically switchover to satellite global broadband networks anytime local networks are unavailable. This means first responders stay connected during floods, power outages, forest fires and more, regardless of their location and situation.

On-the-move and on-the-pause responders depend upon Vehicular Network Solutions (VNS) which combine LTE and satellite for true “go anywhere” vehicle connectivity. Built specifically for FirstNet users, VNS utilizes cellular or satellite backhaul for in-vehicle communications and/or extend a Wi-Fi “bubble” of connectivity to a small number of users outside the vehicle. It combines an off-the-shelf In-Vehicle Router system with multiple communication input capability and the ability to intelligently select among connectivity paths.

This brings uninterrupted voice and data capability during the “first 60 minutes” after a disaster strikes, which could stretch to days and even weeks as recovery efforts continue, enabling essential communications and information sharing. This is when first responders turn to very small aperture terminals (VSAT), such as Inmarsat Global Xpress, to meet the expanding and increasing needs of their mission. Global Xpress is the first and only end-to-end commercial Ka-band network from a single operator available today. Only a Global Xpress terminal and standard monthly subscription are required to connect anywhere in the world at any time, and then transmit and receive large data, such as that from high-speed internet and video streaming. From the moment the transit case is opened, connectivity can be established in under seven minutes with minimal operator interaction. Once online, committed information rates with 99.5% availability pave the way for mission success. Customers also have single-source access to a U.S.-based network operations center that is certified and cleared and available 24/7/365 with just one phone call.

From the arrival of the first responders within hours of the crisis and then up to days later once the emergency response and relief mission expand, SATCOM has proven to be there when commercial infrastructure and mobile phone networks may be overloaded, damaged or non-existent. It helps ensure a “First In/Last Out” presence delivering immediate access that is easy-to-install and operate, with “anytime/anywhere” connectivity – until the mission is completed. Via FirstNet, SATCOM allows them to meet their immediate, key objectives through capabilities that help ensure connectivity no matter where they are, or what circumstances they face. Because these capabilities are highly secure and easy to set up – with readily available support at all times – responders may now perceive of high-bandwidth communication access as a given. With this, they can focus entirely on the task at hand, in providing support to the victims and communities they serve.

Staying ahead can feel impossible, but understanding that perfection is impossible can free you to make decisions about managing risk.

Every few years, there is a significant and often unexpected shift in the tactics that online criminals use to exploit us for profit. In the early 2000s, criminals ran roughshod through people's computers by exploiting simple buffer overflows and scripting flaws in email clients and using SQL injection attacks. That evolved into drive-by downloads through flaws in browsers and their clunky plug-ins. Late in the decade, criminals began employing social components, initially offering up fake antivirus products and then impersonating law enforcement agencies to trick us into paying imaginary fines and tickets. In 2013, someone got the bright idea to recycle an old trick at mass scale: ransomware.



When the only certainty is uncertainty, the IEC and ISO ‘risk management toolbox’ helps organizations to keep ahead of threats that could be detrimental to their success. 

All businesses face threats on an ongoing basis, ranging from unpredictable political landscapes to rapidly evolving technology and competitive disruption. IEC and ISO have developed a toolbox of risk management standards to help businesses prepare, respond and recover more efficiently. It includes a newly updated standard on risk assessment techniques.

IEC 31010, Risk management — Risk assessment techniques, features a range of techniques to identify and understand risk. It has been updated to expand its range of applications and to add more detail than ever before. It complements ISO 31000, Risk management.



Archived data great for training and planning

By Glen Denny, Baron Services, Inc.

public safety historical weather dataHistorical weather conditions can be used for a variety of purposes, including simulation exercises for staff training; proactive emergency weather planning; and proving (or disproving) hazardous conditions for insurance claims. Baron Historical Weather Data, an optional collection of archived weather data for Baron Threat Net, lets users extract and view weather data from up to 8 years of archived radar, hail and tornado detection, and flooding data. Depending upon the user’s needs, the weather data can be configured with access to a window of either 30 days or 365 days of historical access. Other available options for historical data have disadvantages, including difficulty in collecting the data, inability to display data or point query a static image, and issues with using the data to make a meteorological analysis.

Using data for simulation exercises for staff training

Historical weather data is a great tool to use for conducting realistic severe weather simulations during drills and training exercises. For example, using historical lightning information may assist in training school personnel on what conditions look like when it is time to enact their lightning safety plan.

Reenactments of severe weather and lightning events are beneficial for school staff to understand how and when actions should have been taken and what to do the next time a similar weather event happens. It takes time to move people to safety at sporting events and stadiums. Examining historical events helps decision makers formulate better plans for safer execution in live weather events.

Post-event analysis for training and better decision making is key to keeping people safe. A stadium filled with fans for a major sporting event with severe weather and lightning can be extremely deadly. Running a post-event exercise with school staff can be extremely beneficial to building plans that keep everyone safe for future events.

Historical data key to proactive emergency planning

School personnel can use historical data as part of advance proactive planning that would allow personnel to take precautionary measures. For example, if an event in the past year caused an issue, like flooding of an athletic field or facility, officials can look back to that day in the archive at the Baron Threat Net total accumulation product, and then compare that forecast precipitation accumulation from the Baron weather model to see if the upcoming weather is of comparable scale to the event that caused the issue. Similarly, users could look at historical road condition data and compare it to the road conditions forecast.

The data can also be used for making the difficult call to cancel school. The forecast road weather lets officials look at problem areas 24 hours before the weather happens. The historical road weather helps school and transportation officials examine problem areas after the event and make contingency plans based on forecast and actual conditions.

Insurance claims process improved with use of historical data

Should a weather-related accident occur, viewing the historical conditions can be useful in supporting accurate claim validation for insurance and funding purposes. In addition, if an insurance claim needs to be made for damage to school property, school personnel can use the lightning, hail path, damaging wind path, or critical weather indicators to see precisely where and when the damage was likely to have occurred. 

Similarly, if a claim is made against a school system due to a person falling on an icy sidewalk on school property, temperature from the Baron current conditions product and road condition data may be of assistance in verifying the claim.

Underneath the hood

The optional Baron Historical Weather Data addition to the standard Baron Threat Net subscription includes a wide variety of data products, including high-resolution radar, standard radar, infrared satellite, damaging wind, road conditions, and hail path, as well as 24-hour rainfall accumulation, current weather, and current threats.

Offering up to 8 years of data, users can select a specific product and review up to 72 hours of data at one time, or review a specific time for a specific date. Information is available for any given area in the U.S., and historical products can be layered, for example, hail swath and radar data. Packages are available in 7-day, 30-day, or 1-year increments.

Other available options for historical weather data are lacking

There are several ways school and campus safety officials can gain access to historical data, but many have disadvantages, including difficulty in collecting the data, inability to display the data, and the inability to point query a static image. Also, officials may not have the knowledge needed to use the data for making a meteorological analysis. In some cases, including road conditions, there is no available archived data source.

For instance, radar data may be obtained from the National Centers for Environmental Information (NCEI), but the process is not straightforward, making it time consuming. Users may have radar data, but lack the knowledge base to be able to interpret it. By contrast, with Baron Threat Net Historical Data, radar imagery can be displayed, with critical weather indicators overlaid, taking the guesswork out of the equation.

There is no straightforward path to obtaining historical weather conditions for specific school districts. The local office of the National Weather Service may be of some help but their sources are limited. By contrast, Baron historical data brings together many sources of weather and lightning data for post-event analysis and validation. Baron Threat Net is the only online tool in the public safety space with a collection of live observations, forecast tools, and historical data access.



By Bob Farkas, PMP, AMBCI, SCRA

One of the most useful, insightful, and entertaining business continuity activities is table top exercises. These are generally well known to Business Continuity practitioners as an important step in emergency preparedness and disaster recovery planning. Table top exercises often involve key personnel discussing simulated scenarios, where their roles play a part, and how to respond in emergency situations. In this article, I will present a real example that can illustrate the type of useful information that can be obtained from an exercise. Moreover, an exercise scenario does not have to be complicated to provide value. To quote Leonardo Da Vinci, “Simplicity is the ultimate sophistication.”

Setting the Stage 

Recently, a West coast high tech firm requested assistance from Virtual Corporation with implementing a business resiliency program throughout the enterprise. Each department that was deemed in-scope completed a Business Impact Analysis (BIA) and developed its initial Business Continuity Plan. If the department Recovery Time Objective (RTO) was 24 hours or less, it would conclude its business continuity planning activities with a table top exercise.

One of the firm’s divisions located in the United Kingdom fell into the category that needed to complete a table top exercise. The exercise included participants from three critical departments which provide security monitoring services and support for their commercial clients. The local business continuity lead determined a building fire would be the appropriate scenario for the exercise.

The Dilemma

Once the exercise began, participants described their initial actions in responding to the building evacuation announcement. They pointed out that the company’s safety and evacuation procedures require that laptops be left behind at the employees’ work areas to facilitate and ensure everyone’s swift and safe evacuation from the building during a potential fire or other disruptive event.  The scenario was advanced to where the fire had been extinguished and the Fire Marshal declared the building unsafe to occupy. At this point, the participants in the exercise indicated management would instruct employees to go home. A major issue quickly became apparent. They would be unable to work remotely since their laptops remained in the building that they could no longer access. The short-term solution was to use their mobile phones to hand off work to other locations and manage work as best as possible with their mobile phones until their laptops were replaced.

During the discussions that followed, the question arose as to how quickly replacement laptops could be provisioned. Not soon enough it turned out; the company did not have a local (UK) IT service center. Laptops are supplied from the company’s facility in Dublin, Ireland. This led to a list of other issues and questions that needed to be addressed such as machine inventory, availability of pre-imaged machines, prioritization of need, expedited delivery and identifying alternate, local sources. The real magnitude and impact to these departments’ abilities to continue work was not fully considered until this exercise brought these issues to the forefront.

Exercises also challenge common assumptions and beliefs. In the building fire exercise scenario, virtually everyone’s initial reaction to not being able to work from their impacted location was that they would work remotely/from home without carefully considering the implications of that decision. In the building fire scenario described above, no one thought they’d be without a laptop until reminded that their laptops could not be retrieved. Raising such issues during the exercise, and thus one of the benefits of an exercise, is to force people to consider the situation more carefully and think through other alternative recovery options such as relocating to another facility (with available computers) or mitigations such as having a local laptop supplier.


Much can be learned from table top exercises as illustrated by this example. It is a valuable training and planning tool to improve responsiveness and organizational resiliency. However, such benefits can only be realized if exercises are done regularly and the lessons learned are applied. Similar to how regular physical exercise can benefit one’s personal well-being, table top and other business continuity exercises can also benefit an enterprise’s resiliency well-being. Therefore, exercise often.

About the Writer

Bob Farkas, PMP, AMBCI, SCRA
Manager, Project Management Office/Project Manager

Bob has been with Virtual Corporation since 2001 during which he has led many Business Impact Analysis (BIA), Business Continuity Planning, and Risk Assessments projects across health care, manufacturing, government, technology and other services industries. In addition, he has been instrumental in building and refining Virtual’s processes and toolkit bringing new approaches and insights to client engagements. His career spans materials engineering, programming, telecom marketing research, IT outsourcing and business continuity. Bob holds PMP, AMBCI and SCRA certifications and has a Master’s in Chemical Engineering from the New Jersey Institute of Technology and Bachelor’s in Metallurgical Engineering from McMaster University (Hamilton, Ontario.)

Monday, 01 July 2019 15:32

Table Top Exercise Revelations