Alexander Shkurko, Technical Advisor at Atwix talks on
‘Disaster Recovery Plan for E-commerce Solutions based on Magento’ Magento Meetup Online on November 17th.
Alex listed the basic steps that should be taken into account by agencies, business owners, and developers to minimize risks and transform the lose-lose situation into a win-win for businesses and clients.
✔ Magecom: https://magecom.net/
✔ Facebook: https://www.facebook.com/magecomcompany/
✔ LinkedIn: https://www.linkedin.com/company/mage...
✔ Instagram: https://www.instagram.com/magecomcomp...
✔ Twitter: https://twitter.com/magecomcompany/
3. tli
Magento
-
Meetup
#12-
For whom: developers, managers,
product owners and business owners.
Priority: high priority
Business value: high
Benefits: a lot of benefits in long term
Complexity: medium
Disaster Recovery Plan
7. tli
Magento
-
Meetup
#12-
🌿 Natural
- Hurricanes
- Draw
- Earthquake
- Pandemic*
Types of disasters that MAY affect E-commerce
Technological
- Explosion
- Factory fire
- Failed
deployment*
👀 Security
- Password leak
- DDOS
- Fraud transactions
- Human factor*
👨💼 Management
- Overpressure
- Wrong assumption
- Toxic team
- Not defined
responsibilities*
⚔️ WAR
8. tli
Magento
-
Meetup
#12-
🌿 Pandemic
- Employes are sick
- Market downside
- Closed borders - no
shipping
- Public restrictions
*
Failed deployment
- The site is down
- Data missed
(transactions)
- Damaged SEO /
user experience
👀 Human Factor
- Password leak
- Destroy
infrastructure
- Inject malware
👨💼 Not defined
responsibilities
- Solutions take to
long in case of
disaster
10. tli
Magento
-
Meetup
#12-
Imagine that you have 100 transactions per
hour, with $100 per each. In sum, it is $10.000.
You invested tons of hours to be prepared for
the high season: development, marketing,
testing, again testing and again regression
testing.
And Black Friday is going to start in 3…2…1
GO!
Happiness!
11. tli
Magento
-
Meetup
#12-
It is not working for 2 hours.
Your sales managers are overloaded.
The dev team is going to switch you to
another provider soon but they will need
1 hour plus because they didn’t expect
to be in such a case.
Payment provider keep silence.
You loose :(
Your payment provider is down
13. tli
Magento
-
Meetup
#12- Wait! Wait! Wait!
Before we will start preparing a plan you should understand that the E-
commerce is mostly about processes and their automation through
technologies.
Business loves process, documents, creativity and patience. This is why we
have so many best practises and other standards.
14. tli
Magento
-
Meetup
#12-
What benefits of having Disaster Recovery Plan?
🏭🏦 Business
- Reduce the downtime of
normal business operations
- Reduce reputation risks
- Minimise user retention
- Minimise data loses
🚀 Solution providers
- Easy to plan resource
- Sophisticated service
- Competitive offer through
guaranties
- Reputation
Every minute is valuable!
15. tli
Magento
-
Meetup
#12-
What do you need to do to create a DRP?
Define stakeholders that are responsible for:
- Business solutions from the client & agency side: COO, CEO, CTO etc.
from the C level and different domains
- Set up a workshop where you as a DRP maintainer define the goals of
the DRP:
- possible disasters in your physical area and area of
interests
- what you all want to achieve in case of the disaster recovery
action
- Define RTO & RPO
- Define Communication plan in case of disaster
- Define sensitive data
- Define accountable and responsible for DRP
16. tli
Magento
-
Meetup
#12-
RTO
RTO is Recovery Time Objective
It is a period in which businesses should return to the ordinary operation
process in case of disaster to prevent unacceptable losses.
Failed deployment
- return to normal state in 1hr
🌿 Earthquake destroyed servers
- migrate your infrastructure to another instance in a day
👀 Password leak
- change passwords and make a security scan in 1hr
17. tli
Magento
-
Meetup
#12-
RPO
RPO is Recovery Point Objective
It is the amount of data that the business identifies as applicable loose since
the disaster happens.
For example, the business decided that 4 hours of sales is the RPO. In that
case, backups SHOULD be done each 4 hours.
And backups SHOULD be stored safely to not depend on the infrastructure
where project is running.
18. tli
Magento
-
Meetup
#12-
Magento 2 Disaster recovery plan & preparation
👨💼 Management
- Sign in the SLA agreement:
- when and how will the team recover the project
- who is responsible for what
- what hosting provider can do, and what is the team's area of
responsibility
- Define the disaster recovery team
- Do a workshop with the team where the SLA and DRP should be
explained and reviewed
- Book a training hour for the DRP and maintenance
- Having a common language with the business: is crucial!
- Find a reliable contact with the hosting provider
- Improve your communication skills
19. tli
Magento
-
Meetup
#12-
Magento 2 Disaster recovery plan & preparation
👩🔧🔧⚙️🚀 Engineering part#1
- Follow best practices
- code quality
- security (for example, OWASP)
- profile your application (if project is down because of load() in
foreach it is a disaster ;) )
- Set up the project backup system:
- codebase
- media (use AWS S3, for example)
- database (replication!)
- Use monitoring tools such as Newrelic, CloudWatch
- Use password managers
- Have an alternative energy supply and internet provider
- Keep the work-life balance: if you burn out this is a disaster
20. tli
Magento
-
Meetup
#12-
Magento 2 Disaster recovery plan & preparation
👩🔧🔧⚙️🚀 Engineering part #2
- Have a “private packagist” in case of vendors issues - this will save time
- Build your team: teamwork is a key to success in all cases
- Commit every day: epic feature on your laptop that was destroyed by the
hurricane? It is a disaster!
- Try to upgrade the core when it is possible and no risks of BIC
- Have a backup plan for the payment and shipping providers
- Use health check tools: it is better to be notified about errors by the 3rd
party system than be the hundred of customer calls
21. tli
Magento
-
Meetup
#12-
Magento 2 Disaster recovery plan & preparation
🏄🏄🏄 People management
- Have a phone base of employees
- Have an emergency contact list of contacts for employees
- Empathy! If you know your team and feel it, you are ready for any tornado
or hurricane
- Prepare an evacuation plan with a clear vision of what to do and how:
directions, transport etc.
- Have a Plan B for the office setup
- Have a plan for blocking/saving IT equipment
22. tli
Magento
-
Meetup
#12-
Magento 2 Disaster recovery plan & preparation
👨💼📈💵💰Business
- Trust your team
- Have Plan B for shipping and payment providers
- Control your team through the professional relationship and reporting
- Have a good infrastructure architecture - it costs but it rocks
- Be ready for losses - define RPO & RTO. Help your team to reach their
goal
- Keep your eye on the Magento 2 Open Source & Adobe Commerce Trends
25. tli
Magento
-
Meetup
#12-
The list of recovery plans
Council Of Foundations
IBM Disaster Recovery Plan
Evolve IP
Adobe Commerce (Cloud) recommendations