Business Continuity

Business continuity is primarily concerned with the processes, policies, and methods that an organization takes to minimize the impact of a system failure, network failure, or the failure of any key component needed for operation. Essentially, whatever it takes to ensure that the business continues. Contingency and disaster recovery planning comprises a significant part of business continuity. This is a key part of the infrastructure of a secure network.

Utilities, high availability environments, and disaster recovery are all parts of business continuity. In the following section, we will look at them and examine the roles they play.

Utilities

Utilities such as electricity, water, and transportation are key aspects of business continuity. In most cases, electricity and water are restored—at least on an emergency basis—fairly rapidly. The damage created by blizzards, tornadoes, and other natural disasters is managed and repaired by utility companies and government agencies. Disasters, such as a major earthquake, can overwhelm these agencies, and services may be interrupted for quite a while. When these types of events occur, critical infrastructure may be unavailable for days, weeks, or even months.

When the earthquake of 1989 occurred in San Francisco, California, portions of the city were without electricity, natural gas, and water for several months. Entire buildings were left unoccupied, not because of the earthquake, but because the infrastructure was badly damaged. This damage effectively prevented many businesses whose information systems departments were located in those buildings from returning to operation for several weeks. Most of the larger organizations were able to shift the processing loads to other companies or divisions.

When you evaluate your business' sustainability, learn from these examples. If possible, build infrastructures that do not have single points of failure or connections. During the September 11, 2001, New York City World Trade Center collapse, several ISPs and other companies became nonfunctional because the WTC housed centralized communications systems and computer departments.

Consider the impact of weather on your contingency plans. What if you needed to relocate your facility to another region of the country? How would you get personnel there? What personnel would be relocated? How they would be housed and fed during the time of the crisis? You should consider these possibilities in advance. While the likelihood that a crippling disaster will occur is relatively small, you still need to evaluate the risk.

High Availability

High availability refers to the process of keeping services and systems operational during a time of outage. In short, the goal is to provide all services to all users, where they need it and when they need it. With high availability, the goal is to have key services available 99.999 percent of the time (also known as five nines availability).

There are several ways to accomplish this including implementing redundant technology, backup communications channels, and fault tolerant systems. The following sections address these topics in more detail.

Redundancy

Redundancy refers to systems that are either duplicated or that fail-over to other systems in the event of a malfunction. Fail-over refers to the process of reconstructing a system or switching over to other systems when a failure is detected. In the case of a server, the server switches to a redundant server when a fault is detected. This allows service to continue uninterrupted until the primary server can be restored. In the case of a network, processing switches to another network path in the event of a network failure in the primary path. Fail-over systems can be very expensive to implement. In a large corporate network or e-commerce environment, a fail-over might entail switching all processing to a remote location that is operational until your primary facility is operational. The primary site and the remote site would continue to synchronize data in order to ensure that information is as up-to-date as possible.

Many newer operating systems, such as Linux, Windows 2000 Advanced Server, and Novell NetWare 6, are capable of clustering to provide fail-over capabilities. Clustering involves multiple systems connected together cooperatively and networked in such a way that if any of the systems fail, the other systems take up the slack and continue to operate. This may mean the overall capability of the server cluster may decrease, but the network or service will remain operational. Figure 9.1 shows the clustering process in a network. In this cluster, each system has its own data storage and data processing capabilities. The system that is connected to the network has the additional task of managing communication between the cluster and its users. Many clustering systems allow all of the systems in the cluster to share a single disk system. In either case, reliability is improved when clustering technologies are incorporated in key systems.

Figure 9.1: Server clustering in a networked environment

Most ISPs and network providers have extensive internal fail-over capability to provide high availability to clients. Business clients and employees who are unable to access information or services tend to lose confidence. The tradeoff for reliability and trustworthiness, of course, is cost. Fail-over systems become prohibitively expensive. You will need to carefully study your needs to determine whether your system needs this capability.

For example, if your environment requires a high level of availability, you will want your servers to be clustered. This will allow the other servers in this network to take up the load if one of the servers in the cluster fails.

Fault Tolerance

Fault tolerance is primarily the ability of a system to sustain operations in the event of a component failure. Fault-tolerant systems have the ability to continue operation even though a critical component, such as a disk drive, has failed. This capability involves over-engineering systems by adding redundant components and subsystems.

Fault tolerance can be built into a server by adding a second power supply, a second CPU, and other key components. Several manufacturers (such as HP, UNISYS, IBM, and Dell) offer fault tolerant servers. These servers typically have multiple processors that automatically fail-over if a malfunction occurs.

Redundant Arrays of Independent Disks

Redundant Arrays of Independent Disks (RAID) is a technology that uses multiple disks to provide fault tolerance. There are several designations from RAID levels. The most commonly implemented are RAID 0, 1, 3, and 5.

Note

You are not required to know the current RAID capabilities for the Security+ exam. They are presented here primarily for your knowledge. They are commonly used in highly reliable systems.

RAID Level 0 RAID 0 is disk striping. It uses multiple drives and maps them together as a single physical drive. This is done primarily for performance, not for fault tolerance. If any drive in a RAID 0 array fails, the entire logical drive becomes unusable.

RAID Level 1 RAID 1 is disk mirroring. Disk mirroring simply provides 100 percent redundancy because everything is stored on multiple disks. If one disk fails, another disk continues to operate. The failed disk can be replaced, and the RAID 1 array can be regenerated. This system offers the advantage of 100 percent data redundancy at the expense of doubling the storage requirements. Each drive keeps an exact copy of all information. This reduces the effective storage capabilities to 50 percent of the overall storage. Some implementations of disk mirroring are called disk duplexing. Duplexing is a less commonly used term.

RAID Level 3 RAID 3 is disk striping with a parity disk. RAID 3 arrays implement fault tolerance by implementing striping (RAID 0) in conjunction with a separate disk used for storing parity information. Parity information is a value based on the value of the data stored in each disk location. This system ensures that the data can be recovered in the event of a failure. The process of generating parity information uses the arithmetic value of the binary. This allows any single disk in the array to fail while the system continues to operate. The failed disk is removed, a new disk is installed, and the new drive is then regenerated using the parity information. RAID 3 is common in older systems, and it is supported by most UNIX systems.

RAID Level 5 RAID 5 is disk striping with parity. Disk striping with parity operates similarly to disk striping, as in RAID 0. In this process, an additional area on the disk is used for parity. The parity information is spread across all of the disks in the array, instead of being limited to a single disk, as in RAID 3.

RAID levels 0, 1, 3, and 5 are the most commonly implemented in servers today. RAID 5 has largely replaced RAID 3 in newer systems. RAID levels are implemented either in software on the host computer or implemented in the disk controller hardware. The four types of RAID drives, or arrays, are illustrated in Figure 9.2. A RAID hardware-device implementation will generally run faster than a software-oriented RAID implementation. This occurs because the software implementation uses the system CPU and system resources. Hardware RAID devices generally have their own processors, and they appear to the operating system as a single device.

Figure 9.2: The four primary RAID technologies used in systems

Disaster Recovery

Disaster recovery is the ability to recover system operations after a disaster. One of the key aspects of disaster recovery planning is designing a comprehensive backup plan. This includes backup storage, procedures, and maintenance. Many options are available to implement disaster recovery. This section discusses backups and the disaster recovery plan.

Backups

Backups are duplicate copies of key information, typically stored in a location other than the one where the information is currently stored. Backups include both paper and computer records. Computer records are usually backed up using a backup program, backup systems, and procedures. The primary starting point for disaster recovery involves keeping current backup copies of key data files, databases, applications, and paper records available for use. Your organization must develop a solid set of procedures to manage this process and ensure that all key information is protected.

A security professional can do several things in conjunction with systems administrators and business managers to protect this information. It is important to think of this problem as an issue that is larger than a single department. Key paper records that should be archived include:

• Corporate papers

• Incorporation documents

• Tax records

• Personnel information

• Financial statements

• Board minutes

• Board resolutions

• Loan documents

• Critical contracts

This list, while not comprehensive, gives you a place to start when you evaluate your archival requirements.

Most of these documents can be easily converted into electronic documents. Keeping paper copies of them is strongly recommended. Some government agencies do not accept electronic documentation as an alternative to paper documentation. Computer files and applications should be backed up on a regular basis. Critical files that should be backed up include:

• Operating systems

• Applications

• Utilities

• Database files

• Financial data

• User information

• User files

• E-mail correspondence

• Appointment files

• Audit files

• Transaction files

• Customer lists

• Prospect lists

Again, this list is not all-inclusive. However, it does provide a place to start. In most environments, the volume of information that needs to be stored is growing at a tremendous pace. Simply tracking this massive growth can create significant problems.

Note

An unscrupulous attacker can glean as much critical information from copies as he can from the original files. Make sure that your storage facilities are secure.

Information may need to be restored from backup copies for any number of reasons. Some of the more common reasons include:

• Natural disasters

• Physical attacks

• Workstation failure

• Accidental deletion

• Virus infection

• Server failure

• Applications errors

The information you back up must be immediately available for use when needed. If a user loses a critical file, they will not want to wait for several days while data files are sent from a remote storage facility. Several different types of storage mechanisms are available for data storage:

Working Copies Working copy backups are partial or full backups that are kept at the computer center for immediate recovery purposes. Working copies are frequently the most recent backups that have been made. Typically, working copies are intended for immediate use. These copies are typically updated on a frequent basis.

Note

Working copies are not usually intended to serve as long-term copies. In a busy environment, they may be created every few hours.

Onsite Storage Onsite storage usually refers to a location on the site of the computer center that is used to store information locally. Onsite storage containers are available that allow computer cartridges, tapes, and other backup media to be stored in a reasonably protected environment in the building.

Onsite storage containers are designed and rated for fire, moisture, and pressure resistance. These containers are not fireproof in most situations, but they are fire-rated. A fireproof container should be guaranteed to withstand damage regardless of the type of fire or temperatures. Fire ratings specify that a container can protect the contents for a specific amount of time in a given situation. Containers are usually also waterproof and impact resistant.

Note

General-purpose storage safes are not usually suitable for storing electronic media. The fire ratings used for safes usually refer to paper contents in the safe. Electronic media is usually ruined well before paper documents are ruined in a fire.

If you choose to depend entirely on onsite storage, make sure that the containers you acquire can withstand the worst-case environmental catastrophes could happen at your location.

Offsite Storage Offsite storage refers to a location away from the computer center where paper copies and backups media are kept. Offsite storage can involve something as simple as keeping a copy of backup media at a remote office, or it can be as complicated as a nuclear-hardened high- security storage facility. The storage facility should be bonded, insured, and inspected on a regular basis to ensure that all storage procedures are being followed.

Determining which storage mechanism to use should be based on the needs of the organization, the availability of storage facilities, and the budget available. Most offsite storage facilities charge based on the amount of space you require and the frequency of access you need to the stored information.

Disaster Recovery Plan

A disaster recovery plan is a plan that helps an organization respond effectively when a disaster occurs. Disasters may include system failure, network failure, infrastructure failure, and natural disaster. The primary emphasis of this plan is the reestablishment of services and the minimization of losses.

In a smaller organization, a disaster recovery plan may be relatively simple and straightforward. In a larger organization, it may involve multiple facilities, corporate strategic plans, and entire departments. In either case, the purpose is clearly to develop the means and methods to restore services as quickly as possible. In either case, the purpose is the same: to protect the organization from unacceptable losses in the event of a disaster. This section identifies the key elements of a disaster recovery plan.

A major component of a disaster recovery plan involves the access and storage of information. Your backup plan for data is an integral part of this process.

The following sections address backup plan issues and backup types. They also discuss developing a backup plan, recovering a system, and using alternative sites. These are key components of a disaster recovery plan. They form the heart of how an organization will be able to respond when a critical failure or disaster occurs.

Backup Plan Issues

When a backup plan for the organization is developed, being clear about the value of the information in the organization is necessary. A backup plan identifies which information is to be stored, how it will be stored, and for what duration it will be stored. To do this, you must look at the relative value of the information you retain. To some extent, the types of systems you use, and the applications that you support, dictate the structure of your plan.

Let's look at those different systems and applications:

Database Systems Most modern database systems (such as Oracle and Microsoft SQL) provide the ability to globally back up data or certain sections of the database without difficulty. Larger scale database systems also provide transaction auditing and data recovery capabilities.

For example, you can configure your database to record in a separate file each addition, update, deletion, or change of information that occurs in the database. These transaction or audit files can be stored directly on archival media, such as magnetic tape cartridges.

In the event of system outage or data loss, the audit file can be used to roll back the database and update it to the last transactions made in the database. Figure 9.3 illustrates the auditing process in further detail. In this situation, the audit file is directly written to a DAT tape that is used to store a record of changes. If an outage occurs, the audit or transaction files can be rolled forward to bring the database back to its most current state. This recovery process brings the database current to within the last few transactions. Although this process does not ensure that all of the transactions that were in process will be recovered, it will reduce potential losses to the few that were in process when the system failed.

Figure 9.3: Database transaction auditing process

Most database systems contain very large files that have only a relatively few records updated, in relation to the number of records stored. A large customer database may have literally millions of records stored in it— however, only a few hundred may be undergoing modification at any given time.

User Files Word processing documents, spreadsheets, and other user files are extremely valuable to an organization. Fortunately, while the number of files that people retain is usually quite large, the actual number of files that change is relatively small. By doing a regular backup on user systems, you will be able to protect these documents and ensure that they are recoverable in the event of a loss. In a large organization, backing up user files can be an enormous task. Fortunately, most operating systems date stamp files when they are modified. If backups that store only the changed files are created, keeping user files safe becomes a relatively less-painful process for an organization.

Note

Many organizations have taken the position that backing up user files is the user's responsibility. This policy decision, while saving administrative time, is not a good idea. Most users do not back up their files on a regular basis—if at all.

Applications Applications such as word processors, transaction systems, and other programs usually do not change on a frequent basis. When a change or upgrade to an application is made, it is usually accomplished across an entire organization. You would not necessarily need to keep a copy of the word processing applications for each user, but you should keep a single up-to-date version that is available for download and reinstallation.

Note

Some newer commercial applications, like Microsoft Office XP, require each copy of the software to be registered with a centralized license server. This may present a problem if you attempt to use a centralized recovery procedure for applications. Each machine may require its own copy of the applications for a recovery to be successful.

Backup Types

Three backup methods exist to back up information on most systems. They are full backup, incremental backup, and differential backup. When these backup methods are used in conjunction with each other, the risk of loss can be greatly reduced. It is important to remember that all data on the disk drives that are being backed up are files, and most backup systems treat them the same as any other data on the drive.

The three primary backup methods are as follows:

Full Backup A full backup is a complete backup of all files on a disk or server. This backup is complete, and comprehensive. The full backup is current only at the time it is performed. Once a full backup is made, you have a complete archival of the system at that point in time. A system should not be in use while it undergoes a full backup because some files may not get backed up. Once the system goes back into operation, this backup is no longer current. A full backup can be a very time-consuming process on a large system.

Incremental Backup An incremental backup is a partial backup that stores only the information that has been changed since the last full or incremental backup. If a full backup were performed on a Sunday night, an incremental backup done on Monday night would contain only the information that changed since Sunday night. This backup would typically be considerably smaller than a full backup. The backup done on Tuesday would contain only the files that were altered on Tuesday. This backup system requires that each incremental backup be retained until a full backup can be performed. Incremental backups are usually the fastest backup to perform on most systems. Each incremental tape will be relatively small.

Differential Backup A differential backup is similar in function to an incremental backup, but it backs up any files that have been altered since the last full backup. A differential backup would make duplicate copies of files that have not changed since the last differential backup. If a full backup were performed on Sunday night, a differential backup performed on Monday night would capture the information that was changed on Monday. A differential backup completed on Tuesday night would record the changes in any files from Monday and any changes in files on Tuesday. As you can see, during the week each differential backup would become larger, and likely by Friday or Saturday night, be nearly as large as a full backup. This means that the backups in the earliest part of the weekly cycle will be very fast, and each one will be successively slower.

These three backup options form the primary tools you can utilize to provide the protection that backups offer. One of the major factors in determining which combination of these three methods should be used is time. Ideally, a full backup would be performed everyday.

Several commercial backup programs support these three backup methods. You need to evaluate your organizational needs when choosing which tools you use to accomplish backups.

Developing a Backup Plan

Several common models are used in designing backup plans. Each has its own advantages and disadvantages. Numerous methods have been developed to deal with backup archival—most of them are evolutions of the three models discussed here:

Grandfather, Father, Son Method This method is based on the philosophy that a full backup should occur at regular intervals, such as monthly or weekly. This method assumes that the most recent backup after the full backup is the son. As newer backups are made, the son becomes the father and the father, in turn, becomes the grandfather. At the end of each month, a full backup is performed on all systems. This backup is stored in an offsite facility for a period of one year. Each monthly backup replaces the monthly backup from the previous year. Weekly or daily incremental backups are performed and stored until the next full backup occurs. This full backup is then stored offsite, and the weekly or daily backup tapes are reused. The January 1st incremental backup is used on February 1st, etc.

This method ensures that in the event of a loss, the full backup from the end of the last month and the daily backups can be used to restore information to the last day. Figure 9.4 illustrates this concept. The last backup of the month becomes the archived backup for that month. The last backup of the year becomes the annual backup for the year. Annual backups for several years are usually archived to provide multiple year archiving. The annual backup would be referred to as the grandfather, the monthly backup is the father, and the weekly backup is the son. This allows an organization to have backups available for several years and minimizes the likelihood of data loss. It is a common practice for an organization to keep a minimum of seven years in archives.

Figure 9.4: Grandfather, Father, Son backup method

The last full backup of the year is permanently retained. This ensures that previous year's information can be recovered if it is needed for some reason. Many organizations keep the annual backup for a minimum of five years.

The major difficulty with this process is that a large number of tapes are constantly flowing between the storage facility and the computer center. In addition, cataloging daily and weekly backups can become very complicated. It can become extremely difficult to determine which files have been backed up and where they are stored.

Full Archival Method The Full Archival method works on the assumption that any information created on any system is stored forever. All backups are kept indefinitely using some form of backup media. In short, all full backups, all incremental backups, and any other backups are permanently kept somewhere.

This method effectively eliminates the potential for loss of data. Everything that is created on any computer is backed up forever. Figure 9.5 illustrates this method. As you can see, the number of copies of the backup media can quickly overwhelm your storage capabilities. Some organizations that have tried to do this have needed entire warehouses to contain archival backups.

Figure 9.5: Full Archival backup method

Think about the number of files that your organization has. How much storage media would be required to accomplish this in your organization? The other major problems involve keeping records of what information has been kept and the sheer amount of media. Many larger companies do not find this to be an acceptable method of keeping backups.

Backup Server Method The costs of disk storage and servers have fallen tremendously over the past few years. Lower prices have made it easier for organizations to use dedicated servers for backup. A server with large amounts of disk space whose sole purpose is to back up data can be established. With the right software, a dedicated server can examine and copy all of the files that have been altered every day. Figure 9.6 illustrates the use of backup servers. In this instance, the files on the backup server contain copies of all of the information and data on the APPS, ACCTG, and DB servers. The files on the three servers would be copied to the backup server on a regular basis. Over time, the storage requirements of this server can become enormous. The advantage to this method is that all backed-up data is available online for immediate access.

Figure 9.6: A backup server archiving server files

This server can then be backed up on a regular basis, and those backups can be kept for a specified period. These servers do not have to have overly large processors; however, they must have large disk and other long-term storage media capabilities. If a system or server malfunctions, the backup server can be accessed to restore information from the last backups performed on that system.

Several software manufacturers take backup servers one additional step and create hierarchies of files. Over time, if a file is not accessed, the file is moved to slower media and may eventually be stored offline. This helps reduce the disk storage requirements, yet it still keeps the files that are most likely to be needed for recovery readily available.

Many organizations utilize two or more of these methods to back up systems. The issue really becomes one of storage requirements and retention requirements. In establishing a backup plan, you must ask users and managers how much backup is really needed and how long it will be needed.

Note

Make sure you obtain input from anybody dealing with governmental or regulatory agencies. Each agency may have different archival requirements. Compliance violations can be very expensive.

Recovering a System

When a system does fail, you will be unable to reestablish operation without regenerating all of the components of the system. This includes making sure that hardware is functioning, restoring or installing the operating systems, restoring or installing applications, and restoring data files. This process can take several days on a large system. With a little forethought, you may be able to simplify this process and make it an easily manageable one.

When you install a new system, make a full backup of the system before any data files are created. If stored onsite, this backup will be readily available for use. If you have standardized your systems, you may need just one copy of a base system that contains all of the common applications that you use. The base system can usually be quickly restored. This allows for reconnection to the network for restoration of other software. Many newer operating systems now provide this capability, and system restores are very fast. Figure 9.7 demonstrates this in further depth. Notice that the installation CDs are being used for the base O/S and applications. The data files would be restored from backup media once the system has been regenerated.

Figure 9.7: System regeneration process for a workstation or server

Once the base system has been restored, the data files and any other needed files can be restored from the last full backup and any incremental or differential backups that have been performed. The last full backup should contain most of the data on the system; the incremental backup or differential backups contain the data that has changed since the full backup.

Many newer operating systems, such as Windows 2000, allow you to create a model system as a disk image on a server that is downloaded and installed when a failure occurs. This method makes it easier for administrators to restore a system than it would be to do it manually.

Alternate Sites

Another key aspect of a disaster recovery plan is to provide for the restoration of business functions in the event of a large-scale loss of service. You can lease or purchase a facility that is available on short notice for the purposes of restoring network or systems operations. These sites are referred to as "alternative" or "backup" sites.

Note

Another term for alternative site is an alternate site. The CompTIA objectives refer to this as an alternate site.

If the power in your local area were disrupted for several days, how would you reestablish service at an alternative site until primary services are restored? Several options exist to do this; they will be briefly presented here. None of these solutions are ideal, but they may get your organization back on its feet until permanent service is available. These sites include hot sites, warm sites, and cold sites:

Hot Sites A hot site is a location that can provide operations within hours of a failure. This type of site would have servers, networks, and telecommunications in place to reestablish service in a very short amount of time. Hot sites provide network connectivity, systems, and preconfigured software to meet the needs of an organization. Some hot sites can be connected into your network, and databases can be kept up-to-date using network connections. These types of facilities are very expensive, and they are primarily suitable for short-term situations. A hot site may also double as an offsite storage facility, providing immediate access to archives and backup media.

Many hot sites also provide office facilities and other services so that a business can relocate a small number of employees to sustain operations.

Warm Sites A warm site provides some of the capabilities of a hot site, but it requires the customer to do more work to become operational. Warm sites provide computer systems and compatible media capabilities. If a warm site is used, administrators and other staff will need to install and configure systems to resume operations. For most organizations, a warm site could be a remote office, a leased facility, or another organization that has a reciprocal agreement with the organization. Warm sites may be for your exclusive use, but they do not have to be. A warm site requires more advanced planning, testing, and access to media for systems recovery. Warm sites are usually a good compromise between a hot site, which is very expensive, and a cold site, which is not preconfigured.

Note

The agreement between two companies to provide services in the event of an emergency is a reciprocal agreement. Usually, these agreements are made on a best effort basis. There is no guarantee that services will be available if the site is needed. Make sure that your agreement is with an organization that is outside your geographic area. If both sites are affected by the same disaster, the agreement is worthless.

Cold Site A cold site is a facility that is not immediately ready to use. The organization using it must bring its equipment and network with it. A cold site may provide network capability, but this is not usually the case. A cold site provides a place for operations to resume, but it does not provide the infrastructure to support it. Cold sites work well when an extended outage is anticipated. The major challenge is that the customer must provide all of the capabilities, and they must do all of the work to get back into operation. Cold sites are usually the least expensive to put into place, but they require the most advanced planning, testing, and resources to become operational.

Herein lies the problem. The likelihood that you will actually need any of these facilities is very low. Most organizations will never need to use these types of facilities. The costs are usually based on subscription or other contracted relationships. It is very difficult for most organizations to justify these expenses. Planning, testing, and maintaining these facilities is hard to do. It does very little good to use any of these services if they don't work and aren't available when you need them.

Management must view the disaster recovery plan as an integral part of its business continuity planning. Management must also provide the resources needed to implement and maintain one of these sites after the decision has been made to contract for the facilities.

Real World Scenario: Some Protection Is Better Than None—Or Is It?

You have been tasked with the responsibility of developing a recovery plan for your company in the event of a critical infrastructure failure. Your CEO is concerned about the budget and does not want to invest many resources into a full-blown hot site.

You have several options available to you in this situation. You need to evaluate the feasibility of a warm site, cold site, and a reciprocal agreement with another company. The warm site and cold site options will cost less than a hot site, but they will require a great deal of work in the event of a failure. A reciprocal site may be a good alternative to both, if a suitable partner organization can be found. You may want to discuss this with some of your larger vendors or other companies that may have excess computer capacity. No matter which direction you recommend, you will want to test and develop procedures to manage the transition from your "primary site" to an offsite facility.