Business continuity and disaster recovery overview

Business continuity and disaster recovery (BCDR) is important for all cloud-based applications, and it is all the more critical for the kind of regulated workloads that the IBM Cloud for Financial Services is intended to host. In the event of a disaster, consumers depend on service being restored quickly without loss of data. Using the VPC reference architecture and following the controls of the IBM Cloud Framework for Financial Services help you achieve that goal. When building a BCDR solution in IBM Cloud, you need to consider your workloads that run in virtual servers or Red Hat OpenShift on IBM Cloud and the BCDR characteristics of all of the other IBM Cloud services your solution depends on.

Requirements

The following sections describe some of the requirements that you must follow for BCDR of your workloads.

Alternative storage site

You must establish and configure an alternative storage site in at least one geographically separate IBM Cloud multizone region. So, if the storage in one region becomes unavailable, you can use storage from another region.

Information system backup

As the provider, you must:

Conduct backups of user-level information contained in the information system
Conduct backups of system-level information contained in the information system
Conduct backups of information system documentation, including security-related documentation
Protect the confidentiality, integrity, and availability of backup information at storage locations

The different levels of information are defined as follows:

User-level information - Consumer/consumer-managed data
System-level information - Data you manage that is necessary to meet your service's Recovery Point Objective (RPO). For example, system-state information, operating system and application software, licenses, and so on.
System documentation - External documentation, internal architecture documentation, run books, and so on.

Other requirements:

Backups must be at least incremental daily and full weekly.
Backups must be monitored. Failed backups must be investigated and corrective action that is documented as necessary to maintain the service's RPO.
Backups and backup logs should be accessible only to authorized individuals who need access to do their jobs.
Transaction-based systems must implement transaction recovery. Transaction-based systems include database management systems and transaction processing systems. Mechanisms supporting transaction recovery include transaction rollback and transaction journaling.

Information system recovery and reconstitution

You should enable recovery and reconstitution of the system to a known state after a disruption, compromise, or failure. Contingency plans must include procedures for validating successful recovery and reconstitution. Recovery and reconstitution activities include resuming operational capabilities at the original location.

Backup and disaster recovery for the reference architectures

See the following resources depending on which reference architecture you are using:

Backup and disaster recovery for IBM Cloud services

In addition to backing up your workloads and having the capability to restore service in the face of a disaster, your BCDR strategy needs to consider all of the IBM Cloud services in your deployment. The following table provides references to additional information regarding BCDR for each service in the reference architecture.

The following table provides references for more information about BCDR for each service in the reference architecture.

Table 1. Backup and disaster recovery information for IBM Cloud services in the reference architectures
Category	VPC reference architecture	Satellite reference architecture	Optional for both
Core	VPC infrastructure services ^[1]	Satellite
Containers	Red Hat OpenShift on IBM Cloud Container Registry	Red Hat OpenShift on IBM Cloud ^[2] Container Registry
Networking	VPC infrastructure services Direct Link Transit Gateway
Storage	Block Storage for VPC Object Storage	Object Storage
Security	Hyper Protect Crypto Services	Hyper Protect Crypto Services	App ID
Logging and monitoring	Activity Tracker Event Routing Security and Compliance Center Flow Logs for VPC	Activity Tracker Event Routing Security and Compliance Center
Integration			Event Streams

In addition to the Financial Services Validated services in the reference architecture, see the following references for other important information:

How IBM Cloud ensures high availability and disaster recovery
High availability in the VPC reference architecture
Responsibilities for operating services in your deployment of the VPC reference architecture

Table 2. Related controls in IBM Cloud Framework for Financial Services
Family	Control
Contingency Planning (CP)	CP-2 Contingency Plan CP-6 Alternate Storage Site CP-7 Alternate Processing Site CP-9 Information System Backup CP-10 Information System Recovery and Reconstitution CP-10 (2) System Recovery and Reconstitution \| Transaction Recovery

Next steps

Development processes and software integrity

Includes VPC, Dedicated hosts for VPC, Auto Scale for VPC, Application Load Balancer for VPC, VPN for VPC, DNS Services, and VPE for VPC. ↩︎
Satellite-enabled service which runs in your Satellite location. ↩︎